FreeBSD The Power to Serve

FreeBSD 10.2-RELEASE Release Notes

Abstract

The release notes for FreeBSD 10.2-RELEASE contain a summary of the changes made to the FreeBSD base system on the 10.2-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

Introduction

This document contains the release notes for FreeBSD 10.2-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

This distribution of FreeBSD 10.2-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD' appendix to the FreeBSD Handbook.

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.2-RELEASE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 10.1-RELEASE.

Typical release note items document recent security advisories issued after 10.1-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.

Important:
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

Security and Errata

This section lists the various Security Advisories and Errata Notices since 10.1-RELEASE.

Security Advisories

Advisory Date Topic

FreeBSD-SA-14:27.stdio

10 December 2014

Buffer overflow in stdio

FreeBSD-SA-14:28.file

10 December 2014

Multiple vulnerabilities in file(1) and libmagic(3)

FreeBSD-SA-14:30.unbound

17 December 2014

Remote denial of service vulnerability

FreeBSD-SA-14:31.ntp

23 December 2014

Multiple vulnerabilities in NTP suite

FreeBSD-SA-15:01.openssl

14 January 2015

Multiple vulnerabilities in OpenSSL

FreeBSD-SA-15:02.kmem

27 January 2015

SCTP kernel memory corruption and disclosure vulnerability

FreeBSD-SA-15:03.sctp

27 January 2015

SCTP stream reset vulnerability

FreeBSD-SA-15:04.igmp

25 February 2015

Integer overflow in IGMP protocol

FreeBSD-SA-15:06.openssl

19 March 2015

Multiple vulnerabilities

FreeBSD-SA-15:07.ntp

7 April 2015

Multiple vulnerabilities

FreeBSD-SA-15:08.bsdinstall

7 April 2015

Insecure default GELI key file permissions

FreeBSD-SA-15:09.ipv6

7 April 2015

Router advertisement Denial of Service

FreeBSD-SA-15:10.openssl

16 June 2015

Multiple vulnerabilities

FreeBSD-SA-15:12.openssl

9 July 2015

OpenSSL alternate chains certificate forgery vulnerability (Note: This does not affect FreeBSD 10.1-RELEASE)

FreeBSD-SA-15:13.tcp

21 July 2015

resource exhaustion due to sessions stuck in LAST_ACK state.

FreeBSD-SA-15:14.bsdpatch

28 July 2015

Shell injection vulnerability

FreeBSD-SA-15:15.tcp

28 July 2015

resource exhaustion in TCP reassembly

FreeBSD-SA-15:16.openssh

28 July 2015

Multiple vulnerabilities

FreeBSD-SA-15:18.bsdpatch

5 August 2015

Shell injection vulnerability

FreeBSD-SA-15:19.routed

5 August 2015

Remote denial of service vulnerability

Errata Notices

Errata Date Topic

FreeBSD-EN-14:13.freebsd-update

23 December 2014

Fixed directory deletion issue in freebsd-update(8)

FreeBSD-EN-15:01.vt

25 February 2015

vt(4) crash with improper ioctl parameters

FreeBSD-EN-15:02.openssl

25 February 2015

OpenSSL update

FreeBSD-EN-15:03.freebsd-update

25 February 2015

freebsd-update(8) updates libraries in suboptimal order

FreeBSD-EN-15:04.freebsd-update

13 May 2015

freebsd-update(8) does not ensure the previous upgrade has completed

FreeBSD-EN-15:05.ufs

13 May 2015

Deadlock on reboot with UFS tuned with SU+J

FreeBSD-EN-15:06.file

9 June 2015

Multiple denial of service issues

FreeBSD-EN-15:07.zfs

9 June 2015

ZFS reliability improvements

FreeBSD-EN-15:08.sendmail

30 June 2015 (revised)

Sendmail TLS/DH interoperability improvement

FreeBSD-EN-15:09.xlocale

30 June 2015

Fix inconsistency between locale and rune locale states

FreeBSD-EN-15:10.iconv

30 June 2015

Improved iconv(3) UTF-7 support

Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

Userland Configuration Changes

The termcap(5) file is installed as-is from sources, instead of reordering, creating /etc/termcap.db by default, providing a performance improvements to applications that use the termcap(5) database, such as vi(1) and ncurses(3). (r276991)

Userland Application Changes

A new utility, dpv(1), has been added to the base system, providing a dialog(1)-style progress view from one or more input streams. A corresponding library, dpv(3), has also been added. (r275040)

The elfdump(1) utility has been updated to support capability mode provided by capsicum(4). (r275945)

The fstyp(8) utility has been added, which is used to determine the filesystem on a specified device. (r277434) (Sponsored by The FreeBSD Foundation)

The mkimg(1) utility has been updated to support the MBR EFI partition type. (r278968) (Sponsored by The FreeBSD Foundation)

A regression in the libarchive(3) library that would prevent a directory from being included in the archive when --one-file-system is used has been fixed. (r281044)

The netstat(8) utility has been updated to include a new flag, -R, which is used to dump RSS/flow information. (r281161) (Sponsored by Limelight Networks)

The ar(1) utility has been updated to set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT to disallow directory traversal when extracting an archive, similar to tar(1). (r281936) (Sponsored by The FreeBSD Foundation)

A race condition in wc(1) that would cause final results to be sent to stderr(4) when receiving the SIGINFO signal has been fixed. (r282278)

The freebsd-update(8) utility has been updated to prevent fetching updated binary patches when a previous upgrade has not been thoroughly completed. (r282870) (Sponsored by ScaleEngine, Inc.)

The uefisign(8) utility has been added. (r282974) (Sponsored by The FreeBSD Foundation)

The chflags(1), chgrp(1), chmod(1), and chown(8) utilities now affect symbolic links when the -R flag is specified, as documented in symlink(7). (r283875) (Sponsored by Multiplay)

The date(1) utility has been updated to print the modification time of the file passed as an argument to the -r flag, improving compatibility with the GNU date(1) utility behavior. (r283258)

The mkimg(1) utility has been updated to include a new flag, -c, which allows specifying the capacity of the target disk image. (r284523)

The pw(8) utility has been updated with a new flag, -R, that sets the root directory within which the utility will operate. (r285092)

Contributed Software

The resolvconf(8) utility has been updated to version 3.7.0. (r282746) (Sponsored by The FreeBSD Foundation)

The nc(1) utility has been updated to the OpenBSD 5.7 version. (r283270)

Timezone data files have been updated to version 2015e. (r284398)

The acpi(4) subsystem has been updated to version 20150515. (r284460)

The file(1) utility has been updated to version 5.23. (r284778)

The unbound(8) utility has been updated to version 1.5.3. (r285206)

The sendmail utility has been updated to version 8.15.2. (r285305)

OpenSSL has been updated to version 1.0.1p. (r285330)

The ntp suite has been updated to version 4.2.8p3. (r285612)

The ssh(1) utility has been updated to re-implement hostname canonicalization before locating the host in known_hosts. (r285750) (Sponsored by Dell, Inc.)

The tar(1) utility has been updated to fix an issue that would prevent compressing sparse files. (r286084)

Installation and Configuration Tools

Support for detecting and implementing a workaround for various laptops and motherboards that do not boot properly from GPT-partitioned disks has been added to bsdinstall(8). Additionally, the active flag will be set on the partition when needed. (r285769) (Sponsored by ScaleEngine, Inc.)

Support for detecting and implementing aligning partitions on 1Mb boundaries has been added to bsdinstall(8). (r285721) (Sponsored by ScaleEngine, Inc.)

Support for selecting the partitioning scheme when installing on the UFS filesystem has been added to bsdinstall(8). (r285769) (Sponsored by ScaleEngine, Inc.)

/etc/rc.d Scripts

A new rc(8) script, growfs, has been added, which will resize the root filesystem on boot if /firstboot exists. (r284009)

/etc/periodic Scripts

A new periodic(8) script, 510.status-world-kernel, has been added, which evaluates the running userland and kernel versions from the uname(1) -U and -K arguments, and prints an error if the system userland and kernel are not in sync. (r277520) (Sponsored by The FreeBSD Foundation)

Runtime Libraries and API

A new file configuration library, figpar(3), has been added to the base system. (r275040)

The procctl(2) system call has been updated to include a facility for non init(8) processes to be declared as the reaper of child processes and their decendants. (r276686) (Sponsored by The FreeBSD Foundation)

The setmode(3) function has been updated to consistently set errno on failure. (r280392)

ABI Compatibility

The Linux® compatibility version has been updated to 2.6.18. The compat.linux.osrelease sysctl(8) is evaluated when building the emulators/linux-c6 and related ports. (r275807)

Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

Kernel Bug Fixes

A kernel panic triggered when destroying a vnet(9) jail(8) configured with gif(4) has been fixed. (r276068)

A kernel panic triggered when destroying a vnet(9) jail(8) configured with gre(4) has been fixed. (r284018)

Kernel Configuration

The PAE_TABLES kernel configuration option has been added for FreeBSD/i386, which instructs pmap(9) to use PAE format for page tables while maintaining a 32-bit physical address size elsewhere in the kernel. The use of this option can enhance application-level security by enabling the creation of "no execute" mappings on modern i386 processors. Unlike the PAE option, PAE_TABLES preserves kernel binary interface (KBI) compatibility with non-PAE kernels, allowing non-PAE kernel modules and drivers to work with a PAE_TABLES-enabled kernel. Additionally, system limits are tuned for 4GB maximum RAM, avoiding kernel virtual address space (KVA) exhaustion. (r282065) (Sponsored by The FreeBSD Foundation)

The SIFTR kernel configuration has been added, allowing building siftr(4) statically into the kernel. (r282826)

[amd64,i386] The nvd(4) and nvme(4) drivers are now included in the GENERIC kernel configuration by default. (r283076) (Sponsored by Intel Corporation)

A new kernel configuration option, EM_MULTIQUEUE, has been added which enables multi-queue support in the em(4) driver. (r284522) (Sponsored by Limelight Networks)

Note:
Multi-queue support in the em(4) driver is not officially supported by Intel®.

System Tuning and Controls

Throttling via ACPI and P4TCC via device.hints(5) have been turned off by default. (r276986)

The hwpmc(4) default and maximum callchain depths have been increased. The default has been increased from 16 to 32, and the maximum increased from 32 to 128. (r278982) (Sponsored by The FreeBSD Foundation)

The devfs(5) device filesystem has been changed to update timestamps for read/write operations using seconds precision. A new sysctl(8), vfs.devfs.dotimes has been added, which when set to a non-zero value, enables default precision timestamps for these operations. (r281255) (Sponsored by iXsystems, The FreeBSD Foundation)

The kern.osrelease and kern.osreldate are now configurable jail(8) parameters. (r280632)

A new sysctl(8), kern.racct.enable, has been added, which when set to a non-zero value allows using rctl(8) with the GENERIC kernel. A new kernel configuration option, RACCT_DISABLED has also been added. (r284665) (Sponsored by The FreeBSD Foundation)

The GENERIC kernel configuration now includes RACCT and RCTL by default. (r284665) (Sponsored by The FreeBSD Foundation)

Note:
To enable RACCT and RCTL on a system using the GENERIC kernel configuration, add kern.racct.enable=1 to loader.conf(5), and reboot the system.

Devices and Drivers

This section covers changes and additions to devices and device drivers since 10.1-RELEASE.

Device Drivers

The drm code has been updated to match Linux® version 3.8.13. (r282199)

The psm(4) driver has been updated to include improved support for newer Synaptics® touchpads and the ClickPad® mouse on newer Lenovo™ laptops. (r281708)

Storage Drivers

The mpr(4) driver has been updated to version 9.255.01.00-fbsd. (r283990)

The hpt27xx(4) driver has been updated to version 1.2.7. (r284879)

The hptnr(4) driver has been updated to version 1.1.4. (r284935)

Network Drivers

The pf(4) interface default hash has been changed from Jenkins to Murmur3, providing a 3-percent performance increase in packets-per-second. (r274486)

The ral(4) driver has been updated to support the RT5390 and RT5392 chipsets. (r279157)

The gre(4) driver has been significantly overhauled, and has been split into two separate modules, gre(4) and me(4). (r284066) (Sponsored by Yandex LLC)

The vxlan(4) driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The vxlan(4) driver is analogous to vlan(4), but is designed to be better suited for large, multiple-tenant datacenter environments. (r284365)

The cdce(4) driver has been updated to include support for the RTL8153 chipset. (r284499)

The sfxge(4) driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets. (r284555) (Sponsored by Solarflare Communications, Inc.)

Hardware Support

This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.

Hardware Support

The uart(4) driver has been updated to include support for the AMT serial interface found on the Lenovo® ThinkPad™ T61. (r278407)

The uart(4) driver has been updated to include support for the AMT serial interface found on the Lenovo® ThinkPad™ T400. (r279924)

The snd_hda(4) driver has been updated to support the Lenovo® ThinkPad™ X1 20BS model. (r281963)

Virtualization Support

The virtio_console(4) driver has been added, which provides an interface to VirtIO console devices through a tty(4) device. (r275273)

The bhyve(8) hypervisor has been updated to support AMD® processors with SVM and AMD-V hardware extensions. (r276403)

The bhyve(8) hypervisor has been updated to support DSM TRIM commands for virtual AHCI disks. (r280370)

The Hyper-V™ drivers have been updated with several enhancements: (r283280) (Sponsored by Microsoft Open Source Technology Center)

  • The hv_vmbus(4) driver now has multi-channel support.

  • The hv_storvsc(4) driver now has scatter/gather support, in addition to performance improvements.

  • The hv_kvp(4) driver has received several bug fixes.

The hv_netvsc(4) driver has been updated to support checksum offloading and TSO. (r285236) (Sponsored by Microsoft Open Source Technology Center)

ARM Support

Support to turn off the BeagleBone Black system with the shutdown(8) -p flag or by invoking poweroff(8) has been added. (r278079)

Support for the Exynos 5420 Octa system has been added. (r278599)

The SMP option has been enabled for all Exynos 5 systems supported by FreeBSD. (r278599)

The bcm2835_cpufreq driver has been added, which supports CPU frequency and voltage control on the Raspberry Pi SOC. (r278608)

Support for the Toradex Apalis i.MX6 development board has been added. (r283500)

Audio transmission drivers have been added for Digital Audio Multiplexer (AUDMUXM), Smart Direct Memory Access Controller (SDMA), and Syncronous Serial Interface (SSI). (r283500)

Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

General Storage

The ctl(4) LUN mapping has been rewritten, replacing iSCSI-specific mapping mechanisms with a new mechanism that works for any port. (r279002) (Sponsored by iXsystems)

The ctld(8) utility has been updated to allow controlling non-iSCSI ctl(4) ports. (r279055) (Sponsored by iXsystems)

The autofs(5) subsystem has been updated to include a new auto_master(5) map, -media, which allows automatically mounting removable media, such as CD drives or USB flash drives. (r283223) (Sponsored by The FreeBSD Foundation)

The autofs(5) subsystem has been updated to include a new auto_master(5) map, -noauto, which handles fstab(5) entries set to noauto. (r283242) (Sponsored by The FreeBSD Foundation)

Networked Storage

The ctld(8) utility has been updated to include support for registering iSCSI targets and portals on iSNS servers. This provides a mechanism which allows iSCSI initiators to find targets and portals without requiring active discovery. (r274939) (Sponsored by iXsystems)

The mount_nfs(8) utility has been updated to include support for the timeo, actimeo, noac, and proto options. (r275249) (Sponsored by The FreeBSD Foundation)

ZFS

A new tunable, vfs.zfs.spa_slop_shift, has been added, which controls how much space is reserved by default. (r275490)

The arc_meta_limit statistics are now visible through the kstat sysctl(8). As a result of this change, the vfs.zfs.arc_meta_used sysctl(8) has been removed, and replaced with the kstat.zfs.misc.arcstats.arc_meta_used sysctl(8). (r277583)

GEOM

The ctl(4) subsystem has been updated, increasing the ports limit from 128 to 256, and LUN limit from 256 to 1024. (r275891) (Sponsored by iXsystems)

The gpart(8) utility has been updated to include support for the apple-boot, apple-hfs, and apple-ufs MBR partitioning schemes. (r282861)

Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

Boot Loader Changes

Support for bzipfs has been added to the EFI loader. (r281323)

The boot loader has been updated to support entering the GELI passphrase before loading the kernel. To enable this behavior, add geom_eli_passphrase_prompt="YES" to loader.conf(5). (r281843)

The memory test run at boot time on FreeBSD/amd64 platforms has been disabled by default. (r283262) (Sponsored by The FreeBSD Foundation)

A new ttys(5) class, 3wire, has been added. This is similar to the existing terminal classes, but does not have a defined baudrate. (r283972)

[arm] The ttys(5) file for FreeBSD/arm has been updated to enable ttyu1, ttyu2, and ttyu3 by default, if the callin port is an active console port. (r284775) (Sponsored by The FreeBSD Foundation)

Networking

This section describes changes that affect networking in FreeBSD.

Network Protocols

Support for PLPMTUD blackhole detection (RFC 4821) has been added to the tcp(4) stack, disabled by default. New control tunables have been added: (r273838) (Sponsored by Limelight Networks)

Tunable Description

net.inet.tcp.pmtud_blackhole_detection

Enables or disables PLPMTUD blackhole detection

net.inet.tcp.pmtud_blackhole_mss

MSS to try for IPv4

net.inet.tcp.v6pmtud_blackhole_mss

MSS to try for IPv6

New monitoring sysctl(8)s haven been added:

Tunable Description

net.inet.tcp.pmtud_blackhole_activated

Number of times the code was activated to attempt downshifting the MSS

net.inet.tcp.pmtud_blackhole_min_activated

Number of times the blackhole MSS was used in an attempt to downshift

net.inet.tcp.pmtud_blackhole_failed

Number of times that the blackhole failed to connect after downshifting the MSS

Ports Collection and Package Infrastructure

This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.

Ports and Package Versions

The ports-mgmt/pkg package has been updated to version 1.5.4 in the quarterly branch, and version 1.5.5 in the head branch.

The x11-servers/xorg-server package for FreeBSD 10.2-RELEASE has been updated to version 1.14.7_5.

The x11/xorg package for FreeBSD 10.2-RELEASE has been updated to version 7.7_2.

The x11/gnome3 package for FreeBSD 10.2-RELEASE has been updated to version 3.14.2.

The x11/kde4 package for FreeBSD 10.2-RELEASE has been updated to version 4.14.3.

Release Engineering and Integration

This section convers changes that are specific to the FreeBSD Release Engineering processes.

Integration Changes

The Release Engineering build tools have been updated to support building FreeBSD/arm images without external utilities for supported boards where a corresponding u-boot port exists in the Ports Collection. (r283161) (Sponsored by The FreeBSD Foundation)

The FreeBSD/i386 memory stick installation images are now created using the mkimg(1) utility, matching the way the FreeBSD/amd64 images are created. (r283548) (Sponsored by The FreeBSD Foundation)

The default pkg(8) repository set in /etc/pkg/FreeBSD.conf now defaults to the quarterly package set. To use the latest branch (as was the previous default), the comment at the top of /etc/pkg/FreeBSD.conf explains how to disable the default repository and specify an alternative repository. (r285830) (Sponsored by The FreeBSD Foundation)