FreeBSD 10.4-RELEASE Release Notes
Abstract
The release notes for FreeBSD 10.4-RELEASE contain a summary of the changes made to the FreeBSD base system on the 10.4-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
Table of Contents
Introduction
This document contains the release notes for FreeBSD 10.4-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
The snapshot distribution to which these release notes apply
represents a point along the 10.4-STABLE development branch between
10.3-RELEASE and the future 10.4-STABLE. Information regarding
pre-built, binary snapshot distributions along this branch can be
found at https://www.FreeBSD.org/releases/.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 10.3-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 10.3-RELEASE.
Typical release note items document recent security advisories issued after 10.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Upgrading from Previous Releases of FreeBSD
[amd64,i386] Binary upgrades between RELEASE versions (and
snapshots of the various security branches) are supported using the
freebsd-update(8) utility. The binary upgrade procedure will
update unmodified userland utilities, as well as unmodified
GENERIC kernel distributed as a part of an official
FreeBSD release. The
freebsd-update(8) utility requires that the host being upgraded
have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are supported,
according to the instructions in /usr/src/UPDATING.
Important:
Upgrading FreeBSD should only be attempted after backing up
all data and configuration files.
Security and Errata
This section lists the various Security Advisories and Errata Notices since 10.3-RELEASE.
Security Advisories
| Advisory | Date | Topic |
|---|---|---|
|
29 April 2016 |
Multiple ntp vulnerabilities. |
|
|
29 April 2016 |
Multiple OpenSSL vulnerabilities. |
|
|
17 May 2016 |
Keyboard driver buffer overflow |
|
|
17 May 2016 |
Incorrect argument handling in sendmsg(2) |
|
|
31 May 2016 |
Kernel stack disclosure in Linux compatibility layer |
|
|
31 May 2016 |
Kernel stack disclosure in 4.3BSD compatibility layer |
|
|
31 May 2016 |
Absolute path traversal vulnerability |
|
|
31 May 2016 |
Absolute path traversal vulnerability |
|
|
3 June 2016 |
Multiple ntp vulnerabilties |
|
|
25 July 2016 |
heap overflow vulnerability |
|
|
23 September 2016 |
Multiple vulnerabilities |
|
|
26 September 2016 |
Regression in OpenSSL suite |
|
|
10 October 2016 |
Heap overflow vulnerability |
|
|
10 October 2016 |
Multiple vulnerabilities |
|
|
10 October 2016 |
Multiple vulnerabilities |
|
|
2 November 2016 |
Remote Denial of Service vulnerability |
|
|
2 November 2016 |
Remote Denial of Service vulnerability |
|
|
6 December 2016 |
Possible login(1) argument injection |
|
|
6 December 2016 |
link_ntoa(3) buffer overflow |
|
|
6 December 2016 |
Possible escape from bhyve(8) virtual machine |
|
|
22 December 2016 |
Multiple vulnerabilities |
|
|
10 January 2017 |
Multiple vulnerabilities |
|
|
23 February 2017 |
Fix OpenSSL RC4_MD5 cipher vulnerability |
|
|
12 April 2017 |
Multiple vulnerabilities |
|
|
27 April 2017 |
Fix fragment handling panic |
|
|
12 July 2017 |
Fix KDC-REP service name validation vulnerability |
Errata Notices
| Errata | Date | Topic |
|---|---|---|
|
4 May 2016 |
Performance regression in libc hash(3) |
|
|
4 May 2016 |
Excessive latency in x86 IPI delivery |
|
|
4 May 2016 |
Memory leak in ZFS |
|
|
25 July 2016 |
Fix freebsd-update(8) support of FreeBSD 11.0-RELEASE |
|
|
11 August 2016 |
Better handle unknown options received from aDHCP server |
|
|
11 August 2016 |
Avoid using spin locks for channel message locks |
|
|
11 August 2016 |
Enable INQUIRY result check only on Windows 10 host systems |
|
|
11 August 2016 |
Register time counter early enough for TSC freq calibration |
|
|
11 August 2016 |
Disable incorrect callout in hv_storvsc(4) |
|
|
11 August 2016 |
Better handle the GPADL setup failure in Hyper-V |
|
|
11 August 2016 |
Fix SCSI INQUIRY checks and error handling |
|
|
25 October 2016 |
Several virtual memory issues |
|
|
6 December 2016 |
Fix warnings about invalid timezone abbreviations |
|
|
6 December 2016 |
Update timezone database information |
|
|
23 February 2017 |
Xen migration enhancements |
|
|
12 July 2017 |
Boot compatibility improvements with Azure virtual machines |
Userland
This section covers changes and additions to userland applications, contributed software, and system utilities.
Userland Configuration Changes
The
inetd(8) utility is now built without libwrap
support when WITHOUT_TCP_WRAPPERS is set in
src.conf(5).
(r313206)
The
libthr(3) library and related files are now evaluated and
removed by the delete-old-libs target when upgrading
the system if WITHOUT_LIBTHR is set in
src.conf(5).
(r316046)
The WITH_RPCBIND_WARMSTART_SUPPORT
src.conf(5) knob has been added, which when enabled allows
building
rpcbind(8) with warmstart support.
(r319243)
Userland Application Changes
The
truss(1) utility has been updated to include the
-H flag, which logs the thread ID of a thread invoking
a system call.
(r298427)
The zfsbootcfg(8) utility has been added, providing one-time boot.config(5)-style options for zfsboot(8). (r308915)
The pw(8) utility has been updated to properly respect pw.conf(5), if present. (r316348)
The cxgbetool(8) utility has been added, providing command-line access to features and debugging facilities of cxgbe(4) devices. (r319390)
The
ifconfig(8) utility has been updated to show MAC addresses
persistently stored by network drivers. This provides a mechanism
through which the original MAC address can be retrieved if, for
example, an interface is added to a
lagg(4) and the MAC is overridden in
rc.conf(5).
(r318430)
The rcp(1), rlogin(1), rsh(1), rlogind(8), and rshd(8) utilities have been marked as deprecated, and planned for removal in FreeBSD 12.0-RELEASE. (r320646)
The syslogd(8) utility has been updated to restart logging a subprocess that had restarted unexpectedly. (r320772)
The
gdb(1) and
kgdb(1) utilities have been marked as deprecated, and planned
for removal from the base system in the future. A newer version is
available in the devel/gdb port.
(r320824)
The
cron(8) utility has been updated to add support for including
files within /etc/cron.d and
/usr/local/etc/cron.d by default.
(r321242)
The
syslogd(8) utility has been updated to add the
include keyword which allows specifying a directory
containing configuration files to be included in addition to
syslog.conf(5). The default
syslog.conf(5) has been updated to include
/etc/syslog.d and /usr/local/etc/syslog.d
by default.
(r321234)
The
newsyslog(8) utility has been updated to support logging to
syslogd(8) in a format compliant with RFC5424. For more
details, see the description for the T flag in
newsyslog.conf(5).
(r321263)
Contributed Software
Installation and Configuration Tools
The bsdinstall(8) utility has been updated to ensure newly-created partitions are properly aligned at 4096 byte boundaries. (r313433)
The default EFI partition created by bsdinstall(8) has been increased from 800KB to 200MB. (r321202) (Sponsored by The FreeBSD Foundation)
Runtime Libraries and API
The kvm_close(3) function has been updated to return the accumulated error from previous close(2) calls. (r316040)
The
syslog(3) function has been updated to be more resilent to
thread cancellation occurring in supported deferred mode,
eliminating possible lockups in multi-threaded applications that
often create and cancel threads using the function, such as
net/mpd5.
(r320312)
The stdio(3) function has been updated to be deferred cancel-safe, eliminating possible lockups in multi-threaded applications using functions such as funopen(3), fropen(3), and fwopen(3). (r321074)
ABI Compatibility
The type max_align_t is now defined for C11
compliance.
(r309258)
Userland Debugging
ptrace(2) now supports events for thread creation and destruction, permitting more reliable debugging of threaded processes. (r304017)
ptrace(2) now supports events for vfork(2), permitting reliable debugging across vfork(2) invocations. (r304499)
Process core dumps now include the process ID (PID) and command line arguments. (r306786)
Kernel
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
Miscellaneous Kernel Changes
Kernel Bug Fixes
System Tuning and Controls
Devices and Drivers
This section covers changes and additions to devices and device drivers since 10.3-RELEASE.
Device Drivers
Storage Drivers
Network Drivers
The cxgbev(4) driver has been added, providing support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters. (r309447) (Sponsored by Chelsio)
The cxgbe(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T6 adapters. (r309560) (Sponsored by Chelsio)
The cxgbe(4) driver now supports devices using T6-based adapters which support 10, 25, 40, and 100 Gbps. (r309560) (Sponsored by Chelsio)
The alc(4) driver has been updated to provide support for Atheros Killer E2400™ Gigabit ethernet cards. (r312359)
The alc(4) driver has been updated to provide support for Atheros Killer E2500™ Gigabit ethernet cards. (r314019) (Sponsored by Microsoft)
Hardware Support
This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.
Virtualization Support
Storage
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
Networked Storage
The NFS client now properly handles
NFS4ERR_BAD_SESSION errors received from an NFS
server. Additionally, the kernel RPC client has been updated to
prevent creating new TCP connections when ERESTART is
received from
sosend(9).
(r318675)
The NFS client has been updated to support pNFS
commit through the DS.
(r321031)
Networking
This section describes changes that affect networking in FreeBSD.
General Networking Changes
The network stack has been modified to fix incorrect or invalid
IP addresses if multiple threads emit a UDP
log_in_vain message concurrently.
(r313558) (Sponsored by Dell
EMC)
The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing. (r317375) (Sponsored by Multiplay)
Network Protocols
Dummynet AQM, an independent implementation of CoDel and FQ-CoDel for ipfw/dummynet has been imported to the base system. (r301772]
Ports Collection and Package Infrastructure
This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.
Packaging Changes
The pkg(8) utility has been updated to version 1.10.1.