The &os; Project $FreeBSD$ 2020 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at &release.url;. The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at &release.url;. This distribution of &os; &release.current; is a &release.type; distribution. It can be found at &release.url; or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This document describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should only be attempted after backing up all data and configuration files. This section lists the various Security Advisories and Errata Notices since &release.prev;. Advisory Date Topic FreeBSD-SA-19:25.mcepce 12 November 2019 Machine Check Exception on Page Size Change FreeBSD-SA-19:26.mcu 12 November 2019 Intel CPU Microcode Update FreeBSD-SA-20:01.libfetch 28 January 2020 &man.fetch.3; buffer overflow FreeBSD-SA-20:03.thrmisc 28 January 2020 Kernel stack data disclosure FreeBSD-SA-20:04.tcp 18 March 2020 TCP IPv6 SYN cache kernel information disclosure FreeBSD-SA-20:05.if_oce_ioctl 18 March 2020 Insufficient &man.ioctl.2; privilege checking FreeBSD-SA-20:06.if_ixl_ioctl 18 March 2020 Insufficient &man.ioctl.2; privilege checking FreeBSD-SA-20:07.epair 18 March 2020 Incorrect user-controlled pointer use FreeBSD-SA-20:08.jail 18 March 2020 Kernel memory disclosure with nested jails FreeBSD-SA-20:09.ntp 18 March 2020 Multiple denial of service FreeBSD-SA-20:10.ipfw 21 April 2020 Invalid &man.mbuf.9; handling FreeBSD-SA-20:11.openssl 21 April 2020 Remote denial of service FreeBSD-SA-20:12.libalias 12 May 2020 Insufficient packet length validation FreeBSD-SA-20:13.libalias 12 May 2020 Memory disclosure vulnerability FreeBSD-SA-20:15.cryptodev 12 May 2020 Use-after-free condition FreeBSD-SA-20:16.cryptodev 12 May 2020 Insufficient MAC key length check FreeBSD-SA-20:17.usb 9 June 2020 HID descriptor parsing error FreeBSD-SA-20:19.unbound 8 July 2020 Multiple vulnerabilities FreeBSD-SA-20:20.ipv6 8 July 2020 Race condition and use-after-free FreeBSD-SA-20:21.usb_net 5 August 2020 Memory corruption FreeBSD-SA-20:22.sqlite 5 August 2020 Multiple vulnerabilities FreeBSD-SA-20:23.sendmsg 5 August 2020 Privilege escalation FreeBSD-SA-20:25.sctp 2 September 2020 Use-after-free bug FreeBSD-SA-20:26.dhclient 2 September 2020 Heap overflow FreeBSD-SA-20:27.ure 15 September 2020 Packet-in-packet attack FreeBSD-SA-20:28.bhyve_vmcs 15 September 2020 Privilege escalation via VMCS FreeBSD-SA-20:29.bhyve_svm 15 September 2020 SVM guest escape FreeBSD-SA-20:30.ftpd 15 September 2020 Privilege escalation Errata Date Topic FreeBSD-EN-19:19.loader 12 November 2019 UEFI Loader Memory Fragmentation FreeBSD-EN-20:01.ssp 28 January 2020 Imprecise orderring of canary initialization FreeBSD-EN-20:03.sshd 18 March 2020 Misleading log messages upon successful login FreeBSD-EN-20:05.mlx5en 18 March 2020 Fix packet forwarding performance FreeBSD-EN-20:06.ipv6 18 March 2020 Incorrect checksum calculations FreeBSD-EN-20:07.quotad 21 April 2020 Regression with certain NFS servers FreeBSD-EN-20:08.tzdata 12 May 2020 Timezone database update FreeBSD-EN-20:09.igb 12 May 2020 Fix failure to switch to inactive state FreeBSD-EN-20:10.build 12 May 2020 Incorrect build host clang version detection FreeBSD-EN-20:11.ena 9 June 2020 Stability issues in &man.ena.4; FreeBSD-EN-20:12.iflib 9 June 2020 Watchdog timeout resetting idle queues FreeBSD-EN-20:13.bhyve 8 July 2020 Crash with PCI device passthrough FreeBSD-EN-20:14.linuxkpi 8 July 2020 Kernel panic FreeBSD-EN-20:15.mps 8 July 2020 Kernel panic FreeBSD-EN-20:16.vmx 5 August 2020 Packet loss and degraded performance FreeBSD-EN-20:17.linuxthread 2 September 2020 Kernel panic This section covers changes and additions to userland applications, contributed software, and system utilities. A new &man.rc.conf.5; variable has been added, linux_mounts_enable, which controls if &linux;-specific filesystems are mounted in /compat/linux if linux_enable is set to YES. The &man.devd.8; utility has been updated to change the default &man.syslogd.8; notification for resume from kern to kernel. The &man.cron.8; utility has been updated to support two new flags in &man.crontab.5;, -n and -q, which suppress mail on successful runs and suppress logging of command execution, respectively. The &man.dd.1; utility has been updated to include new operands: conv=fsync conf=fdatasync oflag=fsync oflag=sync iflag=fullblock See &man.dd.1; for usage details. The &man.fsck.msdosfs.8; utility has been updated to include a variety of enhancements, including reducing the memory footprint, a new flag, -M, which disables the use of &man.mmap.2;, and others. The &man.showmount.8; utility has been updated to implement support for long options. The &man.certctl.8; utility has been added. The &man.syslogd.8; utility has been updated to add property-based filters. The &man.mountd.8; utility has been updated to fix incorrect group listing under certain conditions when -maproot or -mapall is used for exports. The &man.sed.1; utility has been updated to read commands from &man.stdin.4; when -f - is specified. The &man.hostapd.8; and &man.wpa.supplicant.8; utilities have been updated to support 802.11n, 802.11w, 802.11ac, and 802.11ax. The &man.sesutil.8; utility has been updated to include a show subcommand to print output in a user-friendly way. The &man.bhyve.8; utility has been updated to support setting additional AHCI controller parameters. The &man.jail.8; utility has been updated to allow running &linux; in a jailed environment. The &man.tcsh.1; utility has been updated to version 6.21.00. The &man.less.1; utility has been updated to version v551. The &man.libbsdxml.3; library has been updated to version 2.2.9. The &man.resolvconf.8; utility has been updated to version 3.9.2. The &man.pcap.3; library has been updated to version 1.9.1. The &man.tcpdump.1; utility has been updated to version 4.9.3. The &man.mtree.8; utility has been updated to address an issue with -f not considering type changes, fix username logic with -c when &man.getlogin.2; fails, and to fix -O not descending when a hash collision occurs. The Elf Tool Chain has been updated to upstream revision r3769. The &man.xz.1; utility has been updated to version 5.2.5. OpenSSH has been updated to version 7.9p1. The timezone database files have been updated to version 2020a. The &man.unbound.8; utility has been updated to version 1.10.1. The &man.libarchive.3; library has been updated to version 3.4.3. The private apr library has been updated to version 1.7.0. The svn{,lite} utility has been updated to version 1.14.0 LTS. The &man.ntpd.8; suite of utilities have been updated to version 4.2.8p15. The &man.file.1; utility has been updated to version 5.39. The &man.bc.1; utility has been updated to version 3.1.1. The private sqlite3 utility has been updated to version 3.32.3. The BSD &man.make.1; utility has been updated to version 20200719. The Sendmail utility has been updated to version 8.16.1. The &man.nc.1; utility has been updated to include a new --sctp flag. The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 10.0.1. OpenSSL has been updated to version 1.1.1h. The &man.amd.8; utility has been marked as deprecated, and targeted for removal in &os; 13.0. The ifconfig library has been updated to report the status of a &man.bridge.4; interface, similarly to &man.lagg.4;. This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. The &man.read.2; system call has been changed to disable read() calls on directories by default. A new &man.sysctl.8; has been added, security.bsd.allow_read_dir, which when set to 1 will restore the previous behavior. The &man.ixl.4; driver has now been enabled by default for &os;/&arch.powerpc64;. The machdep.kdb_on_nmi &man.sysctl.8; has been removed. The machdep.panic_on_nmi &man.sysctl.8; tunable has changed to directly enter the debugger. Support for APEI (ACPI Platform Error Interfaces) has been added. This section covers changes and additions to devices and device drivers since &release.prev;. The &man.ubsec.4; driver has been marked as deprecated, and will be removed in &os; 13.0. The &man.ufm.4; driver has been marked as deprecated, and will be removed in &os; 13.0. The &man.apm.4; driver has been marked as deprecated, and will be removed in &os; 13.0. The &man.ctau.4; and &man.cx.4; drivers have been marked as deprecated, and will be removed in &os; 13.0. This section covers changes and additions to file systems and other storage subsystems, both local and networked. The &man.mps.4; driver has been removed from the 32-bit GENERIC kernel configuration. The &man.virtio.blk.4; driver has been updated to support TRIM. The ZFS file system has been updated to include read/write kstat output per dataset. This section covers the boot loader, boot menu, and other boot-related changes. The console is now displayed within the boot loader, allowing to toggle between available console devices. This section describes changes that affect networking in &os;. The &man.tap.4; and &man.tun.4; devices have been updated to create /dev aliases when they are renamed. The &man.ipfw.4; driver has been updated to support RFC6598/Carrier Grade NAT subnets. The &man.ng.nat.4; driver has been updated to allow attaching to an ethernet interface. The &man.ixl.4; driver has been updated to version 1.11.29. The &man.ena.4; driver has been updated to version 2.2.0. Updates to the wireless networking stack and various drivers have been introduced to provide better 802.11n and 802.11ac support. The ice(4) driver has been added, supporting &intel; 100Gb ethernet cards. The &man.cxgbe.4; driver has been updated to version 1.25.0.0. This section covers changes to the &os; Ports Collection, package infrastructure, and package maintenance and installation tools. The &man.pkg.8; utility has been updated to version 1.15.10. Starting with &os;-13.0, the default CPUTYPE for the &arch.i386; architecture will change from 486 to 686. This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the &os; Release Engineering team. &os; 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support. As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically. There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception. As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the COMPAT_FREEBSD32 option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of &linux; distributions have been doing for quite some time. This is expected to be the final bump of the default CPUTYPE in &arch.i386;. This change does not affect the &os; 12.x or 11.x series of releases.