FreeBSD The Power to Serve

FreeBSD 11.0-RELEASE Errata

Abstract

This document lists errata items for FreeBSD 11.0-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.

This errata document for FreeBSD 11.0-RELEASE will be maintained until the release of FreeBSD 11.0-RELEASE.

Introduction

This errata document contains "late-breaking news" about FreeBSD 11.0-RELEASE Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.

Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the "current errata" for this release. These other copies of the errata are located at https://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.

Source and binary snapshots of FreeBSD 11.0-STABLE also contain up-to-date copies of this document (as of the time of the snapshot).

For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/.

Security Advisories

Advisory Date Topic

FreeBSD-SA-16:32.bhyve

25 October 2016

Privilege escalation vulnerability

FreeBSD-SA-16:33.openssh

2 November 2016

Remote Denial of Service vulnerability

FreeBSD-SA-16:36.telnetd

6 December 2016

Possible login(1) argument injection

FreeBSD-SA-16:37.libc

6 December 2016

link_ntoa(3) buffer overflow

FreeBSD-SA-16:38.bhyve

6 December 2016

Possible escape from bhyve(8) virtual machine

FreeBSD-SA-16:39.ntp

22 December 2016

Multiple vulnerabilities

FreeBSD-SA-17:01.openssh

10 January 2017

Multiple vulnerabilities

FreeBSD-SA-17:02.openssl

23 February 2017

Multiple vulnerabilities

FreeBSD-SA-17:03.ntp

12 April 2017

Multiple vulnerabilities

FreeBSD-SA-17:04.ipfilter

27 April 2017

Fix fragment handling panic

FreeBSD-SA-17:05.heimdal

12 July 2017

Fix KDC-REP service name validation vulnerability

Errata Notices

Errata Date Topic

FreeBSD-EN-16:18.loader

25 October 2016

Loader may hang during boot

FreeBSD-EN-16:19.tzcode

6 December 2016

Fix warnings about invalid timezone abbreviations

FreeBSD-EN-16:20.tzdata

6 December 2016

Update timezone database information

FreeBSD-EN-16:21.localedef

6 December 2016

Fix incorrectly defined unicode characters

FreeBSD-EN-17:01.pcie

23 February 2017

Fix system hang when booting when PCI-express HotPlug is enabled

FreeBSD-EN-17:02.yp

23 February 2017

Fix NIS master updates are not pushed to an NIS slave

FreeBSD-EN-17:03.hyperv

23 February 2017

Fix compatibility with Hyper-V/storage after KB3172614 or KB3179574

FreeBSD-EN-17:04.mandoc

23 February 2017

Make makewhatis(1) output reproducible

FreeBSD-EN-17:05.xen

23 February 2017

Xen migration enhancements

Open Issues

  • An issue was discovered with Amazon EC2™ images which would cause the virtual machine to hang during boot when upgrading from previous FreeBSD versions. New EC2™ installations are not affected, but existing installations running earlier releases are advised to wait until the issue is resolved in an Errata Notice before upgrading. An Errata Notice to address this is planned following the release.

  • FreeBSD/i386 installed on ZFS may crash during boot when the ZFS pool mount is attempted while booting an unmodified GENERIC kernel.

    A system tunable has been added as of revision r286584 to make the kern.kstack_pages tunable configurable without recompiling the kernel.

    To mitigate system crashes with such configurations, chose Escape to loader prompt in the boot menu and enter the following lines from loader(8) prompt, after an OK:

    set kern.kstack_pages=4
    boot

    Add this line to /boot/loader.conf for the change to persist across reboots:

    kern.kstack_pages=4
  • A bug was diagnosed in interaction of the pmap_activate() function and TLB shootdown IPI handler on amd64 systems which have PCID features but do not implement the INVPCID instruction. On such machines, such as SandyBridge™ and IvyBridge™ microarchitectures, set the loader tunable vm.pmap.pcid_enabled=0 during boot:

    set vm.pmap.pcid_enabled=0
    boot

    Add this line to /boot/loader.conf for the change to persist across reboots:

    To check if the system is affected, check dmesg(8) for PCID listed in the "Features2", and absence of INVPCID in the "Structured Extended Features". If the PCID feature is not present, or INVPCID is present, system is not affected.

    vm.pmap.pcid_enabled=0
  • The Release Notes erroneously states the WITH_SYSTEM_COMPILER src.conf(5) option is enabled by default, however this was disabled prior to the final release build.

  • The release announcement stated "Wireless support for 802.11n has been added." This was intended to state "Wireless support for 802.11n has been added for additional wireless network drivers."

  • Some release notes pertaining to the Cavium ThunderX platform (the FreeBSD/arm64 reference platform) were omitted:

    • Support for the Cavium Virtualized NIC ethernet driver has been added. (r289550) (Sponsored by Cavium)

    • Support for the GICv3 and ITS device drivers has been added. (r286919) (Sponsored by Cavium)

    • Support for PCI Enhanced Allocation support has been added. (r296308) (Sponsored by Cavium)

  • [2016-10-20] Several recent Dell systems fail to find a bootable disk when the system boots in Legacy/BIOS/CSM mode, the boot disk is partitioned with GPT, and the Active flag in the Protective MBR is not set. To work around this issue, either configure the system to boot in UEFI mode, or choose the "GPT + Active" scheme. [r293860]

  • [2016-10-21] Support for sha512 and skein checksumming has been added to the ZFS filesystem. This was not mentioned in the release notes.

    Systems being upgraded from earlier FreeBSD releases with ZFS will see a message in zpool status output noting the pool is not at the latest version, and some features may not be enabled. Additional instructions on how to update ZFS pools to the latest version and update the boot blocks for all boot drives in the pool will also be provided in the output.

    This information is also documented in /usr/src/UPDATING, which is included if the src component is selected during installation.

  • [2016-10-21] The size of the GPT enabled ZFS boot blocks (/boot/gptzfsboot) has increased past 64K. Systems upgraded from older releases may experience a problem where the size of the existing "freebsd-boot" partition is too small to hold the new gptzfsboot.

    Systems where the boot partition is immediately followed by the swap partition, such as those installed via bsdinstall(8), can resize the swap partition slightly using the gpart(8) resize command, so space can be reclaimed to increase the size of the freebsd-boot partition.

  • [2016-10-21] Due to a bug in earlier versions of clang(1) that is difficult to work around in the upgrade process, to upgrade the system from sources via buildworld to -CURRENT or 11.0-RELEASE, it is necessary to upgrade machines running 9.x to at least revision r286035, or machines running 10.x to revision r286033. Source-based upgrades from 10.3-RELEASE are not affected. This differs from the historical situation where one could generally upgrade from anywhere on earlier stable branches, so caution should be exercised.

Late-Breaking News

No news.


Last modified on: January 26, 2021 by Sergio Carlavilla Delgado