FreeBSD 12.1-RELEASE Release Notes

The FreeBSD Project

FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.

Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the ® symbol.

Last modified on 2019-11-05 17:06:33 by gjb.
Abstract

The release notes for FreeBSD 12.1-RELEASE contain a summary of the changes made to the FreeBSD base system on the 12-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.


Table of Contents
1. Introduction
2. Upgrading from Previous Releases of FreeBSD
3. Security and Errata
3.1. Security Advisories
3.2. Errata Notices
4. Userland
4.1. Userland Configuration Changes
4.2. Userland Application Changes
4.3. Contributed Software
4.4. Deprecated Applications
4.5. Runtime Libraries and API
5. Kernel
5.1. General Kernel Changes
6. Devices and Drivers
6.1. Device Drivers
7. Storage
7.1. General Storage
8. Boot Loader Changes
8.1. Boot Loader Changes
9. Networking
9.1. General Network
10. Ports Collection and Package Infrastructure
10.1. Packaging Changes
11. General Notes Regarding Future FreeBSD Releases
11.1. Default CPUTYPE Change

1. Introduction

This document contains the release notes for FreeBSD 12.1-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The release distribution to which these release notes apply represents the latest point along the 12-STABLE development branch since 12-STABLE was created. Information regarding pre-built, binary release distributions along this branch can be found at https://www.FreeBSD.org/releases/.

The release distribution to which these release notes apply represents a point along the 12-STABLE development branch between 12.0-RELEASE and the future 12.2-RELEASE. Information regarding pre-built, binary release distributions along this branch can be found at https://www.FreeBSD.org/releases/.

This distribution of FreeBSD 12.1-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD appendix to the FreeBSD Handbook.

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 12.1-RELEASE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 12.0-RELEASE. In general, changes described here are unique to the 12-STABLE branch unless specifically marked as MERGED features.

Typical release note items document recent security advisories issued after 12.0-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

2. Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.

Important:

Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

3. Security and Errata

This section lists the various Security Advisories and Errata Notices since 12.0-RELEASE.

3.1. Security Advisories

AdvisoryDateTopic
FreeBSD-SA-18:15.bootpd19 December 2018

Buffer overflow

FreeBSD-SA-19:01.syscall5 February 2019

Kernel data register leak

FreeBSD-SA-19:02.fd5 February 2019

File description reference count leak

FreeBSD-SA-19:03.wpa14 May 2019

Multiple vulnerabilities

FreeBSD-SA-19:04.ntp14 May 2019

Authenticated denial of service in ntpd(8)

FreeBSD-SA-19:05.pf14 May 2019

IPv6 fragment reassembly panic in pf(4)

FreeBSD-SA-19:06.pf14 May 2019

ICMP/ICMP6 packet filter bypass in pf(4)

FreeBSD-SA-19:07.mds14 May 2019

Microarchitectural Data Sampling

FreeBSD-SA-19:08.rack19 June 2019

Resource exhaustion in non-default RACK TCP stack

FreeBSD-SA-19:09.iconv2 July 2019

iconv(3) buffer overflow

FreeBSD-SA-19:10.ufs2 July 2019

Kernel stack disclosure

FreeBSD-SA-19:11.cd_ioctl2 July 2019

Privilege escalation in cd(4)

FreeBSD-SA-19:12.telnet24 July 2019

Multiple vulnerabilities

FreeBSD-SA-19:13.pts24 July 2019

Write-after-free vulnerability

FreeBSD-SA-19:15.mqueuefs24 July 2019

Reference count overflow

FreeBSD-SA-19:16.bhyve24 July 2019

xhci(4) out-of-bounds read

FreeBSD-SA-19:17.fd24 July 2019

Reference count leak

FreeBSD-SA-19:18.bzip26 August 2019

Multiple vulnerabilities

FreeBSD-SA-19:19.mldv26 August 2019

Out-of-bounds memory access

FreeBSD-SA-19:20.bsnmp6 August 2019

Insufficient message length validation

FreeBSD-SA-19:21.bhyve6 August 2019

Insufficient validation of guest-supplied data

FreeBSD-SA-19:22.mbuf20 August 2019

IPv6 remove denial-of-service

FreeBSD-SA-19:23.midi20 August 2019

Kernel memory disclosure

FreeBSD-SA-19:24.mqueuefs20 August 2019

Reference count overflow

3.2. Errata Notices

ErrataDateTopic
FreeBSD-EN-19:01.cc_cubic9 January 2019

Connection stalls with CUBIC congestion control

FreeBSD-EN-19:02.tcp9 January 2019

TCP connections may stall and eventually fail in case of packet loss

FreeBSD-EN-19:03.sqlite9 January 2019

sqlite update

FreeBSD-EN-19:04.tzdata9 January 2019

Timezone database information update

FreeBSD-EN-19:06.dtrace5 February 2019

DTrace incompatibility with SMAP-enabled systems

FreeBSD-EN-19:07.lle5 February 2019

LLE table lookup code race condition

FreeBSD-EN-19:08.tzdata14 May 2019

Timezone database information update

FreeBSD-EN-19:09.xinstall14 May 2019

install(1) broken with partially matching relative paths

FreeBSD-EN-19:10.scp14 May 2019

Insufficient filename validation in scp(1) client

FreeBSD-EN-19:11.net19 June 2019

Incorrect locking in networking stack

FreeBSD-EN-19:12.tzdata2 July 2019

Timezone database information update

FreeBSD-EN-19:13.mds24 July 2019

System crash from Intel CPU vulnerability mitigation

FreeBSD-EN-19:14.epoch6 August 2019

Incorrect locking

FreeBSD-EN-19:15.libunwind6 August 2019

Incorrect exception handling

FreeBSD-EN-19:16.bhyve20 August 2019

Instruction emulation improvements

FreeBSD-EN-19:17.ipfw20 August 2019

"jail" keyword fix

4. Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

4.1. Userland Configuration Changes

The gcc -Werror flag has been turned off by default. [r352094]

4.2. Userland Application Changes

The lockf(1) utility has been updated to return EX_UNAVAILABLE if the -n flag is used and the lock file does not exist. [r345569]

The ktrdump(8) utility has been updated to include the -l flag which enables "live" mode when specified. [r342705]

The gzip(1) utility has been updated to add -l support for xz(1) files. [r343250]

The trim(8) utility has been added, which deletes content for blocks on flash-based storage devices that use wear-leveling algorithms. [r344688]

The sh(1) utility has been updated to include a new pipefail option, which when set, changes the exit status of a pipeline to the last non-zero exit status of any command in the pipeline. [r345487]

The mlx5tool(8) utility has been updated to implement firmware update capability for ConnectX-4®, ConnectX-5®, and ConnectX-6®. [r347752] (Sponsored by Mellanox Technologies)

The posixshmcontrol(1) utility has been added. [r348426]

The swapon(8) utility has been updated to invoke BIO_DELETE to trim swap devices if either the -E flag is used on the command line, or if the trimonce option is included in fstab(5). [r349930]

The nvmecontrol(8) utility has been updated to add a new subcommand, resv, which is used to handle NVMe reservations. [r350952]

The camcontrol(8) utility has been updated to support block descriptors when using the modepage subcommand. [r351530] (Sponsored by iXsystems)

The freebsd-update(8) utility has been updated to include two new commands, updatesready and showconfig. [r352774]

The zfs(8) utility has been updated to support the -v, -n, and -P flags together with the send subcommand for bookmarks. [r352901]

4.3. Contributed Software

BearSSL has been imported to the base system. [r343281]

The ntpd(8) suite of utilities have been updated to version 4.2.8p13. [r344884]

The tcpdump(1) utility has been updated to disable capsicum(4) support when the -E flag is used. [r346986]

The bsnmpd(1) utility has been updated to include IPv6 transport support. [r346987]

The libarchive(3) library has been updated to version 3.4.0. [r349523]

The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1. [r350256]

The lld linker has been enabled by default for i386. [r350297] (Sponsored by The FreeBSD Foundation)

The bzip2recover utility has been added. [r350634]

The bzip2(1) utility has been updated to version 1.0.8. [r351007]

Warnings have been added for Kerberos GSS algorithms deprecated in RFC8221 and RFC8429. [r351243]

The mandoc(1) utility has been updated to the 2019-07-23 snapshot. [r351390]

The WPA utilities have been updated to version 2.9. [r351611]

OpenSSL has been updated to version 1.1.1d. [r352192]

The timezone database files have been updated to version 2019c. [r352353]

4.4. Deprecated Applications

The ctm(1) utility has been marked as deprecated, and has been removed in FreeBSD 13.0. [r340444]

The timed(8) utility has been marked as deprecated, and has been removed in FreeBSD 13.0. [r343940]

4.5. Runtime Libraries and API

The libomp library has been added. [r346331]

5. Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

5.1. General Kernel Changes

The kernel will now log the jail(8) ID when logging a process exit. The jail(8) ID 0 represents processes that are not jailed. [r343083] (Sponsored by Modirum MDPay)

The pci_vendors list has been updated to version 2019.01.29. [r343735]

6. Devices and Drivers

This section covers changes and additions to devices and device drivers since 12.0-RELEASE.

6.1. Device Drivers

The ichwd(4) driver has been updated to include support for TCO watchdog timers in the Lewisburg PCH (C620) chipset. [r340190] (Sponsored by Panzura)

The amdsmn(4) and amdtemp(4) drivers have been updated to support Ryzen™ 2 host bridges. [r340446]

The amdtemp(4) driver has been updated to correct temperature reporting for the AMD® 2990WX. [r340447]

The rtwn_pci(4) driver has been added for the RTL8188EE chipset. [r342835]

The crypto(4) driver has been updated to print warnings for deprecated algorithms. [r351246]

The ntb_hw_amd(4) driver has been added, providing support for the AMD® Non-Transparent Bridge. [r351536]

The nvme(4) driver has been updated to support suspend/resume for PCI attachment. [r351914]

The cdceem(4) driver has been added, supporting virtual USB network cards provided by iLO 5, found in new HPE® Proliant™ servers. [r351942] (Sponsored by Hewlett Packard Enterprise)

The fusefs(5) driver has been overhauled, implementing new features and performance improvements. [r352351] (Sponsored by The FreeBSD Foundation)

The mpr(4) and mps(4) drivers have been updated with stability fixes. [r352761]

As result of converting mps(4) to use atomic_swap_64, it is now disabled on 32-bit powerpc and mips. [r352761]

7. Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

7.1. General Storage

The camcontrol(8) utility has been updated to add ATA power mode support. [r347384] (Sponsored by Multiplay)

Deprecation warnings have been added for weaker algorithms when creating geli(8) providers. [r348587]

The cam(4) subsystem has been updated to improve AHCI enclosure management and SES interoperation. [rr349832]

8. Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

8.1. Boot Loader Changes

The loader(8) has been update to allow booting from ZFS datasets with the large_dnode feature flag enabled. [r342683]

The loader(8) has been updated to support the com.delphix:removing ZFS zpool-features(7) flag. [r351384]

9. Networking

This section describes changes that affect networking in FreeBSD.

9.1. General Network

The ipfw(8) utility has been updated to fix showing headers outside of "all" when executing ipfw table list. [r344667]

Support for NAT64 CLAT has been added, as defined in RFC6877. [r346200] (Sponsored by Yandex LLC)

The net.inet.tcp.rexmit_initial sysctl(8) has been added, used for setting RTO.Initial, used by TCP. [r347110] (Sponsored by Netflix)

Support for GRE-in-UDP encapsulation has been added, as defined in RFC8086. [r348233]

10. Ports Collection and Package Infrastructure

This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.

10.1. Packaging Changes

The pkg(8) utility has been updated to version 1.12.0.

The GNOME desktop environment has been updated to version 3.28.

The KDE desktop environment has been updated to version 5.16.5.19.08.1.

11. General Notes Regarding Future FreeBSD Releases

11.1. Default CPUTYPE Change

Starting with FreeBSD-13.0, the default CPUTYPE for the i386 architecture will change from 486 to 686.

This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. FreeBSD 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support.

As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically.

There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception.

As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the COMPAT_FREEBSD32 option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux® distributions have been doing for quite some time.

This is expected to be the final bump of the default CPUTYPE in i386.

Important:

This change does not affect the FreeBSD 12.x series of releases.

This file, and other release-related documents, can be downloaded from https://www.FreeBSD.org/releases/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.

All users of FreeBSD 12-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.

For questions about this documentation, e-mail <doc@FreeBSD.org>.