Copyright © 2017 The FreeBSD Documentation Project
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol.
The release notes for FreeBSD 10.4-STABLE contain a summary of the changes made to the FreeBSD base system on the 10.4-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 10.4-STABLE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
The snapshot distribution to
which these release notes apply represents a point along the
10.4-STABLE development branch between 10.4-RELEASE and
the future 10.4-STABLE. Information regarding pre-built,
binary snapshot distributions along this branch can be
found at https://www.FreeBSD.org/snapshots/.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.4-STABLE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 10.4-RELEASE.
Typical release note items document recent security advisories issued after 10.4-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
[amd64,i386] Binary upgrades between RELEASE versions
(and snapshots of the various security branches) are supported
using the freebsd-update(8) utility. The binary upgrade
procedure will update unmodified userland utilities, as well as
unmodified GENERIC kernel distributed as
a part of an official FreeBSD release. The freebsd-update(8)
utility requires that the host being upgraded have Internet
connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are
supported, according to the instructions in
/usr/src/UPDATING.
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.
This section lists the various Security Advisories and Errata Notices since 10.4-RELEASE.
| Advisory | Date | Topic |
|---|---|---|
| FreeBSD-SA-17:06.openssh | 10 August 2017 | Denial of Service vulnerability |
| FreeBSD-SA-17:07.wpa | 16 October 2017 | WPA2 protocol vulnerability |
| FreeBSD-SA-17:08.ptrace | 15 November 2017 | Kernel data leak via
|
| FreeBSD-SA-17:09.shm | 15 November 2017 | POSIX shm allows jails to access global namespace |
| FreeBSD-SA-17:10.kldstat | 15 November 2017 | Information leak |
| FreeBSD-SA-17:11.openssl | 29 November 2017 | Multiple vulnerabilities |
| FreeBSD-SA-17:12.openssl | 09 December 2017 | Multiple vulnerabilities |
| FreeBSD-SA-18:01.ipsec | 07 March 2018 | Fix IPSEC validation and use-after-free |
| FreeBSD-SA-18:02.ntp | 07 March 2018 | Multiple vulnerabilities |
| FreeBSD-SA-18:04.vt | 04 April 2018 | Fix vt(4) console memory disclosure |
| FreeBSD-SA-18:05.ipsec | 04 April 2018 | Fix denial of service |
| FreeBSD-SA-18:06.debugreg | 08 May 2018 | Mishandling of x86 debug exceptions |
| FreeBSD-SA-18:08.tcp | 06 August 2018 | Resource exhaustion in TCP reassembly |
| FreeBSD-SA-18:09.l1tf | 14 August 2018 | L1 Terminal Fault (L1TF) Kernel Information Disclosure |
| FreeBSD-SA-18:10.ip | 14 August 2018 | Resource exhaustion in IP fragment reassembly |
| FreeBSD-SA-18:11.hostapd | 14 August 2018 | Unauthenticated EAPOL-Key Decryption Vulnerability |
| Errata | Date | Topic |
|---|---|---|
| FreeBSD-EN-17:09.tzdata | 2 November 2017 | Timezone database information update |
| FreeBSD-EN-18:01.tzdata | 07 March 2018 | Timezone database information update |
| FreeBSD-EN-18:02.file | 07 March 2018 | Stack-based buffer overflow |
| FreeBSD-EN-18:03.tzdata | 04 April 2018 | Update timezone database information |
| FreeBSD-EN-18:04.mem | 04 April 2018 | Multiple small kernel memory disclosures |
| FreeBSD-EN-18:05.mem | 08 May 2018 | Multiple small kernel memory disclosures |
| FreeBSD-EN-18:06.tzdata | 08 May 2018 | Update timezone database information |
This section covers changes and additions to userland applications, contributed software, and system utilities.
The inetd(8) utility is now built
without libwrap support when
WITHOUT_TCP_WRAPPERS is set in
src.conf(5). [r313206]
The libthr(3) library and related
files are now evaluated and removed by the
delete-old-libs target when upgrading the
system if WITHOUT_LIBTHR is
set in src.conf(5). [r316046]
The
WITH_RPCBIND_WARMSTART_SUPPORT
src.conf(5) knob has been added, which when enabled
allows building rpcbind(8) with
warmstart support. [r319243]
The truss(1) utility has been
updated to include the -H flag, which logs
the thread ID of a thread invoking a system call. [r298427]
The zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options for zfsboot(8). [r308915]
The pw(8) utility has been updated to properly respect pw.conf(5), if present. [r316348]
The cxgbetool(8) utility has been added, providing command-line access to features and debugging facilities of cxgbe(4) devices. [r319390]
The rcp(1), rlogin(1), rsh(1), rlogind(8), and rshd(8) utilities have been marked as deprecated, and planned for removal in FreeBSD 12.0-RELEASE. [r320646]
The syslogd(8) utility has been updated to restart logging a subprocess that had restarted unexpectedly. [r320772]
The gdb(1) and kgdb(1)
utilities have been marked as deprecated, and planned for
removal from the base system in the future. A newer version
is available in the devel/gdb port. [r320824]
The cron(8) utility has been
updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by
default. [r321242]
The syslogd(8) utility has been
updated to add the include keyword which
allows specifying a directory containing configuration files
to be included in addition to syslog.conf(5). The
default syslog.conf(5) has been updated to include
/etc/syslog.d and
/usr/local/etc/syslog.d
by default. [r321234]
The newsyslog(8) utility has been
updated to support logging to syslogd(8) in a format
compliant with RFC5424. For more details, see the description
for the T flag in
newsyslog.conf(5). [r321263]
Subversion has been updated to version 1.9.5. [r309512]
file(1) has been updated to version 5.29. [r309848]
The amd(8) utility has been updated to version 6.2. [r310490]
xz(1) has been updated to version 5.2.3. [r312516]
zlib(3) has been updated to version 1.2.11. [r313796]
ntpd(8) has been updated to version 4.2.8p10. [r316069]
Timezone data files have been updated to version 2017b. [r316350]
tcsh(1) has been updated to version 6.20.00. [r316958]
libarchive(3) has been updated to version 3.3.2. [r321304]
bmake has been updated to version 20170720. [r321964]
pci_vendors has
been updated to version 2017.07.27. [r322244]
The default EFI partition created by bsdinstall(8) has been increased from 800KB to 200MB. [r321202] (Sponsored by The FreeBSD Foundation)
The kvm_close(3) function has been updated to return the accumulated error from previous close(2) calls. [r316040]
The syslog(3) function has been
updated to be more resilent to thread cancellation occurring
in supported deferred mode, eliminating possible lockups in
multi-threaded applications that often create and cancel
threads using the function, such as net/mpd5. [r320312]
The stdio(3) function has been updated to be deferred cancel-safe, eliminating possible lockups in multi-threaded applications using functions such as funopen(3), fropen(3), and fwopen(3). [r321074]
The type max_align_t
is now defined for C11 compliance. [r309258]
ptrace(2) now supports events for thread creation and destruction, permitting more reliable debugging of threaded processes. [r304017]
ptrace(2) now supports events for vfork(2), permitting reliable debugging across vfork(2) invocations. [r304499]
Process core dumps now include the process ID (PID) and command line arguments. [r306786]
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
This section covers changes and additions to devices and device drivers since 10.4-RELEASE.
devctl(8) now supports a "clear driver" command as a complement to "set driver". [r306533] (Sponsored by Chelsio)
The mpr(4) driver has been updated to support tri-mode (SAS/SATA/PCIe) Broadcom® storage adapters. [r319436]
The arcmsr(4) driver has been updated to version 1.40.00.00, adding support for ARC-1884 SATA controllers. [r321067]
The cxgbev(4) driver has been added, providing support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. [r309447] (Sponsored by Chelsio)
The cxgbe(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. [r309560] (Sponsored by Chelsio)
The cxgbe(4) driver now supports devices using T6-based adapters which support 10, 25, 40, and 100 Gbps. [r309560] (Sponsored by Chelsio)
The alc(4) driver has been updated to provide support for Atheros® Killer E2400™ Gigabit ethernet cards. [r312359]
The alc(4) driver has been updated to provide support for Atheros® Killer E2500™ Gigabit ethernet cards. [r314019] (Sponsored by Microsoft)
The qlnxe(4) driver has been added, providing support for Cavium® Qlogic™ 45000 Series adapters. [r316485]
The cxgbe(4) driver has been updated to firmware version 1.16.45.0 for T4, T5, and T6 cards. [r319270] (Sponsored by Chelsio)
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
PCI passthrough with bhyve(4) resets functions via FLR when a virtual machine is started and stopped. [r306520] (Sponsored by Chelsio)
PCI passthrough with bhyve(4) supports more dynamic configurations permitting devices to be marked for passthrough or host use at runtime. [r306472] (Sponsored by Chelsio)
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
The NFS client now
properly handles NFS4ERR_BAD_SESSION errors
received from an NFS server. Additionally,
the kernel RPC client has been updated to
prevent creating new TCP connections when
ERESTART is received from
sosend(9). [r318675]
The NFS client has
been updated to support pNFS
commit through the
DS. [r321031]
This section covers the boot loader, boot menu, and other boot-related changes.
This section describes changes that affect networking in FreeBSD.
The network stack has been modified to fix
incorrect or invalid IP addresses if
multiple threads emit a UDP
log_in_vain message concurrently. [r313558]
(Sponsored by
Dell EMC)
The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing. [r317375] (Sponsored by Multiplay)
Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. [r301772]
Support for GARP
(gratuitous ARP) retransmit has been added.
A new sysctl(8),
net.link.ether.inet.garp_rexmit_count, has
been added, which sets the maximum number of retransmissions
when set to a non-zero value. [r309340]
(Sponsored by
Dell EMC)
This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.
This section covers changes to the FreeBSD Documentation Project sources and toolchain.
This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/snapshots/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
All users of FreeBSD 10.4-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.
For questions about this documentation, e-mail <doc@FreeBSD.org>.