FreeBSD The Power to Serve

FreeBSD 10.4-RELEASE Release Notes

Abstract

The release notes for FreeBSD 10.4-RELEASE contain a summary of the changes made to the FreeBSD base system on the 10.4-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

Introduction

This document contains the release notes for FreeBSD 10.4-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The snapshot distribution to which these release notes apply represents a point along the 10.4-STABLE development branch between 10.3-RELEASE and the future 10.4-STABLE. Information regarding pre-built, binary snapshot distributions along this branch can be found at https://www.FreeBSD.org/releases/.

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.3-RELEASE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 10.3-RELEASE.

Typical release note items document recent security advisories issued after 10.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.

Important:
Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

Security and Errata

This section lists the various Security Advisories and Errata Notices since 10.3-RELEASE.

Security Advisories

Advisory Date Topic

FreeBSD-SA-16:09.ntp

29 April 2016

Multiple ntp vulnerabilities.

FreeBSD-SA-16:17.openssl

29 April 2016

Multiple OpenSSL vulnerabilities.

FreeBSD-SA-16:18.atkbd

17 May 2016

Keyboard driver buffer overflow

FreeBSD-SA-16:19.sendmsg

17 May 2016

Incorrect argument handling in sendmsg(2)

FreeBSD-SA-16:20.linux

31 May 2016

Kernel stack disclosure in Linux compatibility layer

FreeBSD-SA-16:21.43bsd

31 May 2016

Kernel stack disclosure in 4.3BSD compatibility layer

FreeBSD-SA-16:22.libarchive

31 May 2016

Absolute path traversal vulnerability

FreeBSD-SA-16:23.libarchive

31 May 2016

Absolute path traversal vulnerability

FreeBSD-SA-16:24.ntp

3 June 2016

Multiple ntp vulnerabilties

FreeBSD-SA-16:25.bspatch

25 July 2016

heap overflow vulnerability

FreeBSD-SA-16:26.openssl

23 September 2016

Multiple vulnerabilities

FreeBSD-SA-16:27.openssl

26 September 2016

Regression in OpenSSL suite

FreeBSD-SA-16:29.bspatch

10 October 2016

Heap overflow vulnerability

FreeBSD-SA-16:30.portsnap

10 October 2016

Multiple vulnerabilities

FreeBSD-SA-16:31.libarchive

10 October 2016

Multiple vulnerabilities

FreeBSD-SA-16:33.openssh

2 November 2016

Remote Denial of Service vulnerability

FreeBSD-SA-16:35.openssl

2 November 2016

Remote Denial of Service vulnerability

FreeBSD-SA-16:36.telnetd

6 December 2016

Possible login(1) argument injection

FreeBSD-SA-16:37.libc

6 December 2016

link_ntoa(3) buffer overflow

FreeBSD-SA-16:38.bhyve

6 December 2016

Possible escape from bhyve(8) virtual machine

FreeBSD-SA-16:39.ntp

22 December 2016

Multiple vulnerabilities

FreeBSD-SA-17:01.openssh

10 January 2017

Multiple vulnerabilities

FreeBSD-SA-17:02.openssl

23 February 2017

Fix OpenSSL RC4_MD5 cipher vulnerability

FreeBSD-SA-17:03.ntp

12 April 2017

Multiple vulnerabilities

FreeBSD-SA-17:04.ipfilter

27 April 2017

Fix fragment handling panic

FreeBSD-SA-17:05.heimdal

12 July 2017

Fix KDC-REP service name validation vulnerability

Errata Notices

Errata Date Topic

FreeBSD-EN-16:06.libc

4 May 2016

Performance regression in libc hash(3)

FreeBSD-EN-16:07.ipi

4 May 2016

Excessive latency in x86 IPI delivery

FreeBSD-EN-16:08.zfs

4 May 2016

Memory leak in ZFS

FreeBSD-EN-16:09.freebsd-update

25 July 2016

Fix freebsd-update(8) support of FreeBSD 11.0-RELEASE

FreeBSD-EN-16:10.dhclient

11 August 2016

Better handle unknown options received from aDHCP server

FreeBSD-EN-16:11.vmbus

11 August 2016

Avoid using spin locks for channel message locks

FreeBSD-EN-16:12.hv_storvsc

11 August 2016

Enable INQUIRY result check only on Windows 10 host systems

FreeBSD-EN-16:13.vmbus

11 August 2016

Register time counter early enough for TSC freq calibration

FreeBSD-EN-16:14.hv_storvsc

11 August 2016

Disable incorrect callout in hv_storvsc(4)

FreeBSD-EN-16:15.vmbus

11 August 2016

Better handle the GPADL setup failure in Hyper-V

FreeBSD-EN-16:16.hv_storvsc

11 August 2016

Fix SCSI INQUIRY checks and error handling

FreeBSD-EN-16:17.vm

25 October 2016

Several virtual memory issues

FreeBSD-EN-16:19.tzcode

6 December 2016

Fix warnings about invalid timezone abbreviations

FreeBSD-EN-16:20.tzdata

6 December 2016

Update timezone database information

FreeBSD-EN-17:05.xen

23 February 2017

Xen migration enhancements

FreeBSD-EN-17:06.hyperv

12 July 2017

Boot compatibility improvements with Azure virtual machines

Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

Userland Configuration Changes

The inetd(8) utility is now built without libwrap support when WITHOUT_TCP_WRAPPERS is set in src.conf(5). (r313206)

The libthr(3) library and related files are now evaluated and removed by the delete-old-libs target when upgrading the system if WITHOUT_LIBTHR is set in src.conf(5). (r316046)

The WITH_RPCBIND_WARMSTART_SUPPORT src.conf(5) knob has been added, which when enabled allows building rpcbind(8) with warmstart support. (r319243)

Userland Application Changes

The truss(1) utility has been updated to include the -H flag, which logs the thread ID of a thread invoking a system call. (r298427)

The zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options for zfsboot(8). (r308915)

The pw(8) utility has been updated to properly respect pw.conf(5), if present. (r316348)

The cxgbetool(8) utility has been added, providing command-line access to features and debugging facilities of cxgbe(4) devices. (r319390)

The ifconfig(8) utility has been updated to show MAC addresses persistently stored by network drivers. This provides a mechanism through which the original MAC address can be retrieved if, for example, an interface is added to a lagg(4) and the MAC is overridden in rc.conf(5). (r318430)

The rcp(1), rlogin(1), rsh(1), rlogind(8), and rshd(8) utilities have been marked as deprecated, and planned for removal in FreeBSD 12.0-RELEASE. (r320646)

The syslogd(8) utility has been updated to restart logging a subprocess that had restarted unexpectedly. (r320772)

The gdb(1) and kgdb(1) utilities have been marked as deprecated, and planned for removal from the base system in the future. A newer version is available in the devel/gdb port. (r320824)

The cron(8) utility has been updated to add support for including files within /etc/cron.d and /usr/local/etc/cron.d by default. (r321242)

The syslogd(8) utility has been updated to add the include keyword which allows specifying a directory containing configuration files to be included in addition to syslog.conf(5). The default syslog.conf(5) has been updated to include /etc/syslog.d and /usr/local/etc/syslog.d by default. (r321234)

The newsyslog(8) utility has been updated to support logging to syslogd(8) in a format compliant with RFC5424. For more details, see the description for the T flag in newsyslog.conf(5). (r321263)

The pw(8) utility has been updated to support empty secondary groups being passed with the -G flag, ensuring the target user does not have any secondary group memberships. (r323333)

Contributed Software

Subversion has been updated to version 1.9.5. (r309512)

file(1) has been updated to version 5.29. (r309848)

The amd(8) utility has been updated to version 6.2. (r310490)

xz(1) has been updated to version 5.2.3. (r312516)

zlib(3) has been updated to version 1.2.11. (r313796)

ntpd(8) has been updated to version 4.2.8p10. (r316069)

Timezone data files have been updated to version 2017b. (r316350)

tcsh(1) has been updated to version 6.20.00. (r316958)

libarchive(3) has been updated to version 3.3.2. (r321304)

bmake has been updated to version 20170720. (r321964)

pci_vendors has been updated to version 2017.07.27. (r322244)

Installation and Configuration Tools

The bsdinstall(8) utility has been updated to ensure newly-created partitions are properly aligned at 4096 byte boundaries. (r313433)

The default EFI partition created by bsdinstall(8) has been increased from 800KB to 200MB. (r321202) (Sponsored by The FreeBSD Foundation)

Runtime Libraries and API

The kvm_close(3) function has been updated to return the accumulated error from previous close(2) calls. (r316040)

The syslog(3) function has been updated to be more resilent to thread cancellation occurring in supported deferred mode, eliminating possible lockups in multi-threaded applications that often create and cancel threads using the function, such as net/mpd5. (r320312)

The stdio(3) function has been updated to be deferred cancel-safe, eliminating possible lockups in multi-threaded applications using functions such as funopen(3), fropen(3), and fwopen(3). (r321074)

ABI Compatibility

The type max_align_t is now defined for C11 compliance. (r309258)

Userland Debugging

ptrace(2) now supports events for thread creation and destruction, permitting more reliable debugging of threaded processes. (r304017)

ptrace(2) now supports events for vfork(2), permitting reliable debugging across vfork(2) invocations. (r304499)

Process core dumps now include the process ID (PID) and command line arguments. (r306786)

Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

Miscellaneous Kernel Changes

The vt(4) driver has been updated, increasing the maximum framebuffer size. (r321198)

Kernel Bug Fixes

The ipf(4) packet filter has been updated to prevent keep state from incorrectly implying keep frags, matching the behavior documented in ipf(5). (r317434)

The geom(4) JOURNAL class has been updated to fix flush_queue handling. (r322793)

System Tuning and Controls

The kern.features.linux and kern.features.linux64 flags have been added to the kern.features sysctl(8), which when set to 1, indicate the kernel is configured with compatibility for 32-bit and/or 64-bit linux binaries, respectively. (r321024)

Devices and Drivers

This section covers changes and additions to devices and device drivers since 10.3-RELEASE.

Device Drivers

devctl(8) now supports a "clear driver" command as a complement to "set driver". (r306533) (Sponsored by Chelsio)

Storage Drivers

The mpr(4) driver has been updated to support tri-mode (SAS/SATA/PCIe) Broadcom storage adapters. (r319436)

The arcmsr(4) driver has been updated to version 1.40.00.00, adding support for ARC-1884 SATA controllers. (r321067)

Network Drivers

The cxgbev(4) driver has been added, providing support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. (r309447) (Sponsored by Chelsio)

The cxgbe(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. (r309560) (Sponsored by Chelsio)

The cxgbe(4) driver now supports devices using T6-based adapters which support 10, 25, 40, and 100 Gbps. (r309560) (Sponsored by Chelsio)

The alc(4) driver has been updated to provide support for Atheros Killer E2400™ Gigabit ethernet cards. (r312359)

The alc(4) driver has been updated to provide support for Atheros Killer E2500™ Gigabit ethernet cards. (r314019) (Sponsored by Microsoft)

The qlnxe(4) driver has been added, providing support for Cavium Qlogic™ 45000 Series adapters. (r316485)

The cxgbe(4) driver has been updated to firmware version 1.16.45.0 for T4, T5, and T6 cards. (r319270) (Sponsored by Chelsio)

Hardware Support

This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.

Virtualization Support

PCI passthrough with bhyve(4) resets functions via FLR when a virtual machine is started and stopped. (r306520) (Sponsored by Chelsio)

PCI passthrough with bhyve(4) supports more dynamic configurations permitting devices to be marked for passthrough or host use at runtime. (r306472) (Sponsored by Chelsio)

Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

Networked Storage

The NFS client now properly handles NFS4ERR_BAD_SESSION errors received from an NFS server. Additionally, the kernel RPC client has been updated to prevent creating new TCP connections when ERESTART is received from sosend(9). (r318675)

The NFS client has been updated to support pNFS commit through the DS. (r321031)

Networking

This section describes changes that affect networking in FreeBSD.

General Networking Changes

The network stack has been modified to fix incorrect or invalid IP addresses if multiple threads emit a UDP log_in_vain message concurrently. (r313558) (Sponsored by Dell EMC)

The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing. (r317375) (Sponsored by Multiplay)

Network Protocols

Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. (r301772]

Support for GARP (gratuitous ARP) retransmit has been added. A new sysctl(8), net.link.ether.inet.garp_rexmit_count, has been added, which sets the maximum number of retransmissions when set to a non-zero value. (r309340] (Sponsored by Dell EMC)

Ports Collection and Package Infrastructure

This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.

Packaging Changes

The pkg(8) utility has been updated to version 1.10.1.