1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
---
title: "FreeBSD 11.2-RELEASE Errata"
sidenav: download
---
include::shared/en/urls.adoc[]
= FreeBSD 11.2-RELEASE Errata
== Abstract
This document lists errata items for FreeBSD 11.2-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.
This errata document for FreeBSD 11.2-RELEASE will be maintained until the release of FreeBSD 11.2-RELEASE.
=== Table of Contents
* <<intro,Introduction>>
* <<security,Security Advisories>>
* <<errata,Errata Notices>>
* <<open-issues,Open Issues>>
* <<late-news,Late-Breaking News>>
[[intro]]
== Introduction
This errata document contains "late-breaking news" about FreeBSD 11.2-RELEASE. Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.
Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the "current errata" for this release. These other copies of the errata are located at https://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.
Source and binary snapshots of FreeBSD 11.2-STABLE also contain up-to-date copies of this document (as of the time of the snapshot).
For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/.
[[security]]
== Security Advisories
[width="100%",cols="40%,30%,30%",options="header",]
|===
|Advisory |Date |Topic
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:08.tcp.asc[FreeBSD-SA-18:08.tcp] |06 August 2018 |Resource exhaustion in TCP reassembly
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:09.l1tf.asc[FreeBSD-SA-18:09.l1tf] |14 August 2018 |L1 Terminal Fault (L1TF) Kernel Information Disclosure
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:10.ip.asc[FreeBSD-SA-18:10.ip] |14 August 2018 |Resource exhaustion in IP fragment reassembly
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:11.hostapd.asc[FreeBSD-SA-18:11.hostapd] |14 August 2018 |Unauthenticated EAPOL-Key Decryption Vulnerability
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:12.elf.asc[FreeBSD-SA-18:12.elf] |12 September 2018 |Improper ELF header parsing
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:13.nfs.asc[FreeBSD-SA-18:13.nfs] |27 November 2018 |Multiple vulnerabilities
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:14.bhyve.asc[FreeBSD-SA-18:14.bhyve] |4 December 2018 |Insufficient bounds checking
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc[FreeBSD-SA-18:15.bootpd] |19 December 2018 |Buffer overflow
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:01.syscall.asc[FreeBSD-SA-19:01.syscall] |5 February 2019 |Kernel data register leak
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:02.fd.asc[FreeBSD-SA-19:02.fd] |5 February 2019 |File description reference count leak
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:03.wpa.asc[FreeBSD-SA-19:03.wpa] |14 May 2019 |Multiple vulnerabilities
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:04.ntp.asc[FreeBSD-SA-19:04.ntp] |14 May 2019 |Authenticated denial of service in https://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8&manpath=freebsd-release-ports[ntpd(8)]
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:05.pf.asc[FreeBSD-SA-19:05.pf] |14 May 2019 |IPv6 fragment reassembly panic in https://www.FreeBSD.org/cgi/man.cgi?query=pf&sektion=4&manpath=freebsd-release-ports[pf(4)]
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:06.pf.asc[FreeBSD-SA-19:06.pf] |14 May 2019 |ICMP/ICMP6 packet filter bypass in https://www.FreeBSD.org/cgi/man.cgi?query=pf&sektion=4&manpath=freebsd-release-ports[pf(4)]
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:07.mds.asc[FreeBSD-SA-19:07.mds] |14 May 2019 |Microarchitectural Data Sampling
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:09.iconv.asc[FreeBSD-SA-19:09.iconv] |2 July 2019 |https://www.FreeBSD.org/cgi/man.cgi?query=iconv&sektion=3&manpath=freebsd-release-ports[iconv(3)] buffer overflow
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:10.ufs.asc[FreeBSD-SA-19:10.ufs] |2 July 2019 |Kernel stack disclosure
|https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc[FreeBSD-SA-19:11.cd_ioctl] |2 July 2019 |Privilege escalation in https://www.FreeBSD.org/cgi/man.cgi?query=cd&sektion=4&manpath=freebsd-release-ports[cd(4)]
|===
[[errata]]
== Errata Notices
[width="100%",cols="40%,30%,30%",options="header",]
|===
|Errata |Date |Topic
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:08.lazyfpu.asc[FreeBSD-EN-18:08.lazyfpu] |12 September 2018 |Regression in Lazy FPU remediation
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:09.ip.asc[FreeBSD-EN-18:09.ip] |27 September 2018 |IP fragment remediation causes IPv6 reassembly failure
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:10.syscall.asc[FreeBSD-EN-18:10.syscall] |27 September 2018 |Null pointer dereference in `freebsd4_getfsstat` system call
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:11.listen.asc[FreeBSD-EN-18:11.listen] |27 September 2018 |Denial of service in `listen` system call
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:12.mem.asc[FreeBSD-EN-18:12.mem] |27 September 2018 |Small kernel memory disclosures in two system calls
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:13.icmp.asc[FreeBSD-EN-18:13.icmp] |27 November 2018 |ICMP buffer underwrite
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:14.tzdata.asc[FreeBSD-EN-18:14.tzdata] |27 November 2018 |Timezone database information update
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:15.loader.asc[FreeBSD-EN-18:15.loader] |27 November 2018 |Deferred kernel loading breaks loader password
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:16.ptrace.asc[FreeBSD-EN-18:16.ptrace] |19 December 2018 |Kernel panic when attaching to stopped process
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:17.vm.asc[FreeBSD-EN-18:17.vm] |19 December 2018 |Kernel panic under load on Intel(R) Skylake(TM) CPUs
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-18:18.zfs.asc[FreeBSD-EN-18:18.zfs] |19 December 2018 |ZFS vnode reclaim deadlock
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc[FreeBSD-EN-19:03.sqlite] |9 January 2019 |sqlite update
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:04.tzdata.asc[FreeBSD-EN-19:04.tzdata] |9 January 2019 |Timezone database information update
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:05.kqueue.asc[FreeBSD-EN-19:05.kqueue] |9 January 2019 |kqueue race condition and kernel panic
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:08.tzdata.asc[FreeBSD-EN-19:08.tzdata] |14 May 2019 |Timezone database information update
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:09.xinstall.asc[FreeBSD-EN-19:09.xinstall] |14 May 2019 |https://www.FreeBSD.org/cgi/man.cgi?query=install&sektion=1&manpath=freebsd-release-ports[install(1)] broken with partially matching relative paths
|https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:12.tzdata.asc[FreeBSD-EN-19:12.tzdata] |2 July 2019 |Timezone database information update
|===
[[open-issues]]
== Open Issues
* FreeBSD/i386 installed on ZFS may crash during boot when the ZFS pool mount is attempted while booting an unmodified `GENERIC` kernel.
+
A system tunable has been added as of revision `r286584` to make the `kern.kstack_pages` tunable configurable without recompiling the kernel.
+
To mitigate system crashes with such configurations, choose `Escape to loader prompt` in the boot menu and enter the following lines from https://www.FreeBSD.org/cgi/man.cgi?query=loader&sektion=8&manpath=freebsd-release-ports[loader(8)] prompt, after an `OK`:
+
[.screen]
----
set kern.kstack_pages=4
boot
----
+
Add this line to `/boot/loader.conf` for the change to persist across reboots:
+
[.programlisting]
----
kern.kstack_pages=4
----
* [2017-07-25] FreeBSD/arm64 currently lacks EFI real-time clock (RTC) support, which may cause the system to boot with the wrong time set.
+
As a workaround, either enable https://www.FreeBSD.org/cgi/man.cgi?query=ntpdate&sektion=8&manpath=freebsd-release-ports[ntpdate(8)] or include `ntpd_sync_on_start="YES"` in https://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&sektion=5&manpath=freebsd-release-ports[rc.conf(5)].
* [2017-07-25] A late issue was discovered with FreeBSD/arm64 and "root on ZFS" installations where the root ZFS pool would fail to be located.
+
There currently is no workaround.
* [2017-11-06] An issue with FreeBSD virtual machines with [.application]#vagrant# was discovered that affects the [.application]#VirtualBox# where the virtual machine will not start on the initial boot invoked with `vagrant up`.
+
The issue is due to the virtual machine MAC being unset, as FreeBSD does not provide a default `Vagrantfile`.
+
It has been observed, however, that a subsequent invocation of `vagrant up` will allow the virtual machine to successfully boot, allowing access via `vagrant ssh`.
* [2018-06-21] An issue had been discovered late in the release cycle where removing ZFS vdevs from a pool under certain conditions would cause a system crash when https://www.FreeBSD.org/cgi/man.cgi?query=zfsd&sektion=8&manpath=freebsd-release-ports[zfsd(8)] is enabled in https://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&sektion=5&manpath=freebsd-release-ports[rc.conf(5)].
+
At present, it is believed to be limited to removal of a `mirror` vdev from a pool consisting of multiple `mirror` vdevs.
+
See PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228750[228750] for more information and updates as the issue is investigated.
* [2018-06-26] An issue had been discovered late in the release cycle where a system crash could occur after installing `emulators/virtualbox-ose-kmod` from upstream package mirrors via https://www.FreeBSD.org/cgi/man.cgi?query=pkg&sektion=8&manpath=freebsd-release-ports[pkg(8)].
+
Building `emulators/virtualbox-ose-kmod` from the https://www.FreeBSD.org/cgi/man.cgi?query=ports&sektion=7&manpath=freebsd-release-ports[ports(7)] collection has been observed to work around the crash.
+
See PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228535[228535] for more information.
* [2018-06-26] It was discovered after the `releng/11.2` branch was tagged for FreeBSD 11.2-RELEASE that a few device drivers were missing from the link:../hardware/[hardware] page. The missing drivers, https://www.FreeBSD.org/cgi/man.cgi?query=alc&sektion=4&manpath=freebsd-release-ports[alc(4)], https://www.FreeBSD.org/cgi/man.cgi?query=cxgbev&sektion=4&manpath=freebsd-release-ports[cxgbev(4)], https://www.FreeBSD.org/cgi/man.cgi?query=liquidio&sektion=4&manpath=freebsd-release-ports[liquidio(4)], and https://www.FreeBSD.org/cgi/man.cgi?query=mos&sektion=4&manpath=freebsd-release-ports[mos(4)] were added to the 11-STABLE link:../support/[hardware page].
* [2018-06-26] The URL to the instructions for source-based upgrades in `UPDATING` incorrectly points to a page that no longer exists. The correct URL is link:{handbook}#makeworld[https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html].
* [2018-06-27] The announcement email for FreeBSD 11.2 incorrectly states the `ocs_fw(4)` driver had been added; this should have stated https://www.FreeBSD.org/cgi/man.cgi?query=ocs_fc&sektion=4&manpath=freebsd-release-ports[ocs_fc(4)].
* [2018-06-28] An issue had been reported after the release of FreeBSD 11.2 with `x11/nvidia-driver` installed from the upstream package mirrors via https://www.FreeBSD.org/cgi/man.cgi?query=pkg&sektion=8&manpath=freebsd-release-ports[pkg(8)].
+
Building `x11/nvidia-driver` from the https://www.FreeBSD.org/cgi/man.cgi?query=ports&sektion=7&manpath=freebsd-release-ports[ports(7)] collection has been reported to resolve the issue.
+
See PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228536[228536] for more information.
* [2018-10-18] A FreeBSD system with a custom kernel configuration excluding NFS on 10.x did not explicitly require the `krpc` option to be included when booting via ZFS-on-root and, for example, setting `MODULES_OVERRIDE="zfs opensolaris"` in the kernel configuration.
+
In 11.x, however, `krpc` is explicitly required if the kernel configuration excludes `NFS`.
[[late-news]]
== Late-Breaking News
No news.
|
