FreeBSD 11.0-RELEASE Errata
Abstract
This document lists errata items for FreeBSD 11.0-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.
This errata document for FreeBSD 11.0-RELEASE will be maintained until the release of FreeBSD 11.0-RELEASE.
Table of Contents
Introduction
This errata document contains "late-breaking news" about FreeBSD 11.0-RELEASE Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.
Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the "current errata" for this release. These other copies of the errata are located at https://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.
Source and binary snapshots of FreeBSD 11.0-STABLE also contain up-to-date copies of this document (as of the time of the snapshot).
For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/.
Security Advisories
Advisory | Date | Topic |
---|---|---|
25 October 2016 |
Privilege escalation vulnerability |
|
2 November 2016 |
Remote Denial of Service vulnerability |
|
6 December 2016 |
Possible login(1) argument injection |
|
6 December 2016 |
link_ntoa(3) buffer overflow |
|
6 December 2016 |
Possible escape from bhyve(8) virtual machine |
|
22 December 2016 |
Multiple vulnerabilities |
|
10 January 2017 |
Multiple vulnerabilities |
|
23 February 2017 |
Multiple vulnerabilities |
|
12 April 2017 |
Multiple vulnerabilities |
|
27 April 2017 |
Fix fragment handling panic |
|
12 July 2017 |
Fix KDC-REP service name validation vulnerability |
Errata Notices
Errata | Date | Topic |
---|---|---|
25 October 2016 |
Loader may hang during boot |
|
6 December 2016 |
Fix warnings about invalid timezone abbreviations |
|
6 December 2016 |
Update timezone database information |
|
6 December 2016 |
Fix incorrectly defined unicode characters |
|
23 February 2017 |
Fix system hang when booting when PCI-express HotPlug is enabled |
|
23 February 2017 |
Fix NIS master updates are not pushed to an NIS slave |
|
23 February 2017 |
Fix compatibility with Hyper-V/storage after KB3172614 or KB3179574 |
|
23 February 2017 |
Make makewhatis(1) output reproducible |
|
23 February 2017 |
Xen migration enhancements |
Open Issues
-
An issue was discovered with Amazon EC2™ images which would cause the virtual machine to hang during boot when upgrading from previous FreeBSD versions. New EC2™ installations are not affected, but existing installations running earlier releases are advised to wait until the issue is resolved in an Errata Notice before upgrading. An Errata Notice to address this is planned following the release.
-
FreeBSD/i386 installed on ZFS may crash during boot when the ZFS pool mount is attempted while booting an unmodified
GENERIC
kernel.A system tunable has been added as of revision
r286584
to make thekern.kstack_pages
tunable configurable without recompiling the kernel.To mitigate system crashes with such configurations, chose
Escape to loader prompt
in the boot menu and enter the following lines from loader(8) prompt, after anOK
:set kern.kstack_pages=4 boot
Add this line to
/boot/loader.conf
for the change to persist across reboots:kern.kstack_pages=4
-
A bug was diagnosed in interaction of the
pmap_activate()
function and TLB shootdown IPI handler on amd64 systems which have PCID features but do not implement the INVPCID instruction. On such machines, such as SandyBridge™ and IvyBridge™ microarchitectures, set the loader tunablevm.pmap.pcid_enabled=0
during boot:set vm.pmap.pcid_enabled=0 boot
Add this line to
/boot/loader.conf
for the change to persist across reboots:To check if the system is affected, check dmesg(8) for PCID listed in the "Features2", and absence of INVPCID in the "Structured Extended Features". If the PCID feature is not present, or INVPCID is present, system is not affected.
vm.pmap.pcid_enabled=0
-
The Release Notes erroneously states the
WITH_SYSTEM_COMPILER
src.conf(5) option is enabled by default, however this was disabled prior to the final release build. -
The release announcement stated "Wireless support for 802.11n has been added." This was intended to state "Wireless support for 802.11n has been added for additional wireless network drivers."
-
Some release notes pertaining to the Cavium ThunderX platform (the FreeBSD/arm64 reference platform) were omitted:
-
[2016-10-20] Several recent Dell systems fail to find a bootable disk when the system boots in Legacy/BIOS/CSM mode, the boot disk is partitioned with GPT, and the Active flag in the Protective MBR is not set. To work around this issue, either configure the system to boot in UEFI mode, or choose the "GPT + Active" scheme. [r293860]
-
[2016-10-21] Support for
sha512
andskein
checksumming has been added to the ZFS filesystem. This was not mentioned in the release notes.Systems being upgraded from earlier FreeBSD releases with ZFS will see a message in
zpool status
output noting the pool is not at the latest version, and some features may not be enabled. Additional instructions on how to update ZFS pools to the latest version and update the boot blocks for all boot drives in the pool will also be provided in the output.This information is also documented in
/usr/src/UPDATING
, which is included if thesrc
component is selected during installation. -
[2016-10-21] The size of the GPT enabled ZFS boot blocks (
/boot/gptzfsboot
) has increased past 64K. Systems upgraded from older releases may experience a problem where the size of the existing "freebsd-boot" partition is too small to hold the newgptzfsboot
.Systems where the boot partition is immediately followed by the swap partition, such as those installed via bsdinstall(8), can resize the swap partition slightly using the gpart(8)
resize
command, so space can be reclaimed to increase the size of the freebsd-boot partition. -
[2016-10-21] Due to a bug in earlier versions of clang(1) that is difficult to work around in the upgrade process, to upgrade the system from sources via buildworld to -CURRENT or 11.0-RELEASE, it is necessary to upgrade machines running 9.x to at least revision r286035, or machines running 10.x to revision r286033. Source-based upgrades from 10.3-RELEASE are not affected. This differs from the historical situation where one could generally upgrade from anywhere on earlier stable branches, so caution should be exercised.
Late-Breaking News
No news.