FreeBSD 10.4-STABLE Release Notes

The FreeBSD Project

FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.

Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the ® symbol.

Last modified on 2017-09-14 22:19:56 by gjb.

The release notes for FreeBSD 10.4-STABLE contain a summary of the changes made to the FreeBSD base system on the 10.4-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

[ Split HTML / Single HTML ]

Table of Contents
1. Introduction
2. Upgrading from Previous Releases of FreeBSD
3. Security and Errata
3.1. Security Advisories
3.2. Errata Notices
4. Userland
4.1. Userland Configuration Changes
4.2. Userland Application Changes
4.3. Contributed Software
4.4. Installation and Configuration Tools
4.5. /etc/rc.d Scripts
4.6. /etc/periodic Scripts
4.7. Runtime Libraries and API
4.8. ABI Compatibility
4.9. Userland Debugging
5. Kernel
5.1. Miscellaneous Kernel Changes
5.2. Kernel Bug Fixes
5.3. Kernel Configuration
5.4. System Tuning and Controls
6. Devices and Drivers
6.1. Device Drivers
6.2. Storage Drivers
6.3. Network Drivers
7. Hardware Support
7.1. Hardware Support
7.2. Virtualization Support
7.3. ARM Support
8. Storage
8.1. General Storage
8.2. Networked Storage
8.3. ZFS
8.4. geom(4)
9. Boot Loader Changes
9.1. Boot Loader Changes
9.2. Boot Menu Changes
10. Networking
10.1. General Networking Changes
10.2. Network Protocols
11. Ports Collection and Package Infrastructure
11.1. Infrastructure Changes
11.2. Packaging Changes
12. Documentation
12.1. Documentation Source Changes
12.2. Documentation Toolchain Changes
13. Release Engineering and Integration
13.1. Integration Changes

1. Introduction

This document contains the release notes for FreeBSD 10.4-STABLE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The snapshot distribution to which these release notes apply represents a point along the 10.4-STABLE development branch between 10.4-RELEASE and the future 10.4-STABLE. Information regarding pre-built, binary snapshot distributions along this branch can be found at

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.4-STABLE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 10.4-RELEASE.

Typical release note items document recent security advisories issued after 10.4-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

2. Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.


Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

3. Security and Errata

This section lists the various Security Advisories and Errata Notices since 10.4-RELEASE.

3.1. Security Advisories

FreeBSD-SA-17:06.openssh10 August 2017

Denial of Service vulnerability

FreeBSD-SA-17:07.wpa16 October 2017

WPA2 protocol vulnerability

FreeBSD-SA-17:08.ptrace15 November 2017

Kernel data leak via ptrace(PT_LWPINFO)

FreeBSD-SA-17:09.shm15 November 2017

POSIX shm allows jails to access global namespace

FreeBSD-SA-17:10.kldstat15 November 2017

Information leak

FreeBSD-SA-17:11.openssl29 November 2017

Multiple vulnerabilities

FreeBSD-SA-17:12.openssl09 December 2017

Multiple vulnerabilities

FreeBSD-SA-18:01.ipsec07 March 2018

Fix IPSEC validation and use-after-free

FreeBSD-SA-18:02.ntp07 March 2018

Multiple vulnerabilities

FreeBSD-SA-18:04.vt04 April 2018

Fix vt(4) console memory disclosure

FreeBSD-SA-18:05.ipsec04 April 2018

Fix denial of service

FreeBSD-SA-18:06.debugreg08 May 2018

Mishandling of x86 debug exceptions

FreeBSD-SA-18:08.tcp06 August 2018

Resource exhaustion in TCP reassembly

FreeBSD-SA-18:09.l1tf14 August 2018

L1 Terminal Fault (L1TF) Kernel Information Disclosure

FreeBSD-SA-18:10.ip14 August 2018

Resource exhaustion in IP fragment reassembly

FreeBSD-SA-18:11.hostapd14 August 2018

Unauthenticated EAPOL-Key Decryption Vulnerability

FreeBSD-SA-18:12.elf12 September 2018

Improper ELF header parsing

3.2. Errata Notices

FreeBSD-EN-17:09.tzdata2 November 2017

Timezone database information update

FreeBSD-EN-18:01.tzdata07 March 2018

Timezone database information update

FreeBSD-EN-18:02.file07 March 2018

Stack-based buffer overflow

FreeBSD-EN-18:03.tzdata04 April 2018

Update timezone database information

FreeBSD-EN-18:04.mem04 April 2018

Multiple small kernel memory disclosures

FreeBSD-EN-18:05.mem08 May 2018

Multiple small kernel memory disclosures

FreeBSD-EN-18:06.tzdata08 May 2018

Update timezone database information

FreeBSD-EN-18:11.listen27 September 2018

Denial of service in listen system call

FreeBSD-EN-18:12.mem27 September 2018

Small kernel memory disclosures in two system calls

4. Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

4.1. Userland Configuration Changes

The inetd(8) utility is now built without libwrap support when WITHOUT_TCP_WRAPPERS is set in src.conf(5). [r313206]

The libthr(3) library and related files are now evaluated and removed by the delete-old-libs target when upgrading the system if WITHOUT_LIBTHR is set in src.conf(5). [r316046]

The WITH_RPCBIND_WARMSTART_SUPPORT src.conf(5) knob has been added, which when enabled allows building rpcbind(8) with warmstart support. [r319243]

4.2. Userland Application Changes

The truss(1) utility has been updated to include the -H flag, which logs the thread ID of a thread invoking a system call. [r298427]

The zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options for zfsboot(8). [r308915]

The pw(8) utility has been updated to properly respect pw.conf(5), if present. [r316348]

The cxgbetool(8) utility has been added, providing command-line access to features and debugging facilities of cxgbe(4) devices. [r319390]

The rcp(1), rlogin(1), rsh(1), rlogind(8), and rshd(8) utilities have been marked as deprecated, and planned for removal in FreeBSD 12.0-RELEASE. [r320646]

The syslogd(8) utility has been updated to restart logging a subprocess that had restarted unexpectedly. [r320772]

The gdb(1) and kgdb(1) utilities have been marked as deprecated, and planned for removal from the base system in the future. A newer version is available in the devel/gdb port. [r320824]

The cron(8) utility has been updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by default. [r321242]

The syslogd(8) utility has been updated to add the include keyword which allows specifying a directory containing configuration files to be included in addition to syslog.conf(5). The default syslog.conf(5) has been updated to include /etc/syslog.d and /usr/local/etc/syslog.d by default. [r321234]

The newsyslog(8) utility has been updated to support logging to syslogd(8) in a format compliant with RFC5424. For more details, see the description for the T flag in newsyslog.conf(5). [r321263]

4.3. Contributed Software

Subversion has been updated to version 1.9.5. [r309512]

file(1) has been updated to version 5.29. [r309848]

The amd(8) utility has been updated to version 6.2. [r310490]

xz(1) has been updated to version 5.2.3. [r312516]

zlib(3) has been updated to version 1.2.11. [r313796]

ntpd(8) has been updated to version 4.2.8p10. [r316069]

Timezone data files have been updated to version 2017b. [r316350]

tcsh(1) has been updated to version 6.20.00. [r316958]

libarchive(3) has been updated to version 3.3.2. [r321304]

bmake has been updated to version 20170720. [r321964]

pci_vendors has been updated to version 2017.07.27. [r322244]

4.4. Installation and Configuration Tools

The default EFI partition created by bsdinstall(8) has been increased from 800KB to 200MB. [r321202] (Sponsored by The FreeBSD Foundation)

4.5. /etc/rc.d Scripts


4.6. /etc/periodic Scripts


4.7. Runtime Libraries and API

The kvm_close(3) function has been updated to return the accumulated error from previous close(2) calls. [r316040]

The syslog(3) function has been updated to be more resilent to thread cancellation occurring in supported deferred mode, eliminating possible lockups in multi-threaded applications that often create and cancel threads using the function, such as net/mpd5. [r320312]

The stdio(3) function has been updated to be deferred cancel-safe, eliminating possible lockups in multi-threaded applications using functions such as funopen(3), fropen(3), and fwopen(3). [r321074]

4.8. ABI Compatibility

The type max_align_t is now defined for C11 compliance. [r309258]

4.9. Userland Debugging

ptrace(2) now supports events for thread creation and destruction, permitting more reliable debugging of threaded processes. [r304017]

ptrace(2) now supports events for vfork(2), permitting reliable debugging across vfork(2) invocations. [r304499]

Process core dumps now include the process ID (PID) and command line arguments. [r306786]

5. Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

5.1. Miscellaneous Kernel Changes

The vt(4) driver has been updated, increasing the maximum framebuffer size. [r321198]

5.2. Kernel Bug Fixes

The ipf(4) packet filter has been updated to prevent keep state from incorrectly implying keep frags, matching the behavior documented in ipf(5). [r317434]

The geom(4) JOURNAL class has been updated to fix flush_queue handling. [r322793]

5.3. Kernel Configuration


5.4. System Tuning and Controls

The kern.features.linux and kern.features.linux64 flags have been added to the kern.features sysctl(8), which when set to 1, indicate the kernel is configured with compatibility for 32-bit and/or 64-bit linux binaries, respectively. [r321024]

6. Devices and Drivers

This section covers changes and additions to devices and device drivers since 10.4-RELEASE.

6.1. Device Drivers

devctl(8) now supports a "clear driver" command as a complement to "set driver". [r306533] (Sponsored by Chelsio)

6.2. Storage Drivers

The mpr(4) driver has been updated to support tri-mode (SAS/SATA/PCIe) Broadcom® storage adapters. [r319436]

The arcmsr(4) driver has been updated to version, adding support for ARC-1884 SATA controllers. [r321067]

6.3. Network Drivers

The cxgbev(4) driver has been added, providing support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. [r309447] (Sponsored by Chelsio)

The cxgbe(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. [r309560] (Sponsored by Chelsio)

The cxgbe(4) driver now supports devices using T6-based adapters which support 10, 25, 40, and 100 Gbps. [r309560] (Sponsored by Chelsio)

The alc(4) driver has been updated to provide support for Atheros® Killer E2400™ Gigabit ethernet cards. [r312359]

The alc(4) driver has been updated to provide support for Atheros® Killer E2500™ Gigabit ethernet cards. [r314019] (Sponsored by Microsoft)

The qlnxe(4) driver has been added, providing support for Cavium® Qlogic™ 45000 Series adapters. [r316485]

The cxgbe(4) driver has been updated to firmware version for T4, T5, and T6 cards. [r319270] (Sponsored by Chelsio)

7. Hardware Support

This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.

7.1. Hardware Support


7.2. Virtualization Support

PCI passthrough with bhyve(4) resets functions via FLR when a virtual machine is started and stopped. [r306520] (Sponsored by Chelsio)

PCI passthrough with bhyve(4) supports more dynamic configurations permitting devices to be marked for passthrough or host use at runtime. [r306472] (Sponsored by Chelsio)

7.3. ARM Support


8. Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

8.1. General Storage


8.2. Networked Storage

The NFS client now properly handles NFS4ERR_BAD_SESSION errors received from an NFS server. Additionally, the kernel RPC client has been updated to prevent creating new TCP connections when ERESTART is received from sosend(9). [r318675]

The NFS client has been updated to support pNFS commit through the DS. [r321031]

8.3. ZFS

8.4. geom(4)


9. Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

9.1. Boot Loader Changes


9.2. Boot Menu Changes


10. Networking

This section describes changes that affect networking in FreeBSD.

10.1. General Networking Changes

The network stack has been modified to fix incorrect or invalid IP addresses if multiple threads emit a UDP log_in_vain message concurrently. [r313558] (Sponsored by Dell EMC)

The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing. [r317375] (Sponsored by Multiplay)

10.2. Network Protocols

Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. [r301772]

Support for GARP (gratuitous ARP) retransmit has been added. A new sysctl(8),, has been added, which sets the maximum number of retransmissions when set to a non-zero value. [r309340] (Sponsored by Dell EMC)

11. Ports Collection and Package Infrastructure

This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.

11.1. Infrastructure Changes


11.2. Packaging Changes


12. Documentation

This section covers changes to the FreeBSD Documentation Project sources and toolchain.

12.1. Documentation Source Changes


12.2. Documentation Toolchain Changes


13. Release Engineering and Integration

This section convers changes that are specific to the FreeBSD Release Engineering processes.

13.1. Integration Changes


This file, and other release-related documents, can be downloaded from

For questions about FreeBSD, read the documentation before contacting <>.

All users of FreeBSD 10.4-STABLE should subscribe to the <> mailing list.

For questions about this documentation, e-mail <>.