Index: releng/11.2/release/doc/en_US.ISO8859-1/errata/article.xml
===================================================================
--- releng/11.2/release/doc/en_US.ISO8859-1/errata/article.xml (revision 335498)
+++ releng/11.2/release/doc/en_US.ISO8859-1/errata/article.xml (revision 335499)
@@ -1,167 +1,184 @@
%release;
%sponsor;
%vendor;
]>
&os; &release; ErrataThe &os; Project$FreeBSD$2018The &os; Documentation
Project
&tm-attrib.freebsd;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
This document lists errata items for &os; &release;,
containing significant information discovered after the
release or too late in the release cycle to be otherwise
included in the release documentation. This information
includes security advisories, as well as news relating to the
software or documentation that could affect its operation or
usability. An up-to-date version of this document should
always be consulted before installing this version of
&os;.This errata document for &os; &release; will be maintained
until the release of &os; &release.next;.IntroductionThis errata document contains late-breaking
- news about &os; &release; Before installing this
+ news about &os; &release;. Before installing this
version, it is important to consult this document to learn about
any post-release discoveries or problems that may already have
been found and fixed.Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution) will be
out of date by definition, but other copies are kept updated on
the Internet and should be consulted as the current
errata for this release. These other copies of the
errata are located at , plus any
sites which keep up-to-date mirrors of this location.Source and binary snapshots of &os; &release.branch; also
contain up-to-date copies of this document (as of the time of
the snapshot).For a list of all &os; CERT security advisories, see .Security Advisories
&security;
Errata Notices
&errata;
Open Issues&os;/&arch.i386; installed on ZFS may crash during boot
when the ZFS pool mount is attempted while booting an
unmodified GENERIC kernel.A system tunable has been added as of revision
r286584 to make the
kern.kstack_pages tunable configurable
without recompiling the kernel.To mitigate system crashes with such configurations,
choose Escape to loader prompt in the
boot menu and enter the following lines from &man.loader.8;
prompt, after an OK:set kern.kstack_pages=4
bootAdd this line to
/boot/loader.conf for the change to
persist across reboots:kern.kstack_pages=4[2017-07-25] &os;/&arch.arm64; currently lacks
EFI real-time clock
(RTC) support, which may cause the system
to boot with the wrong time set.As a workaround, either enable &man.ntpdate.8; or
include ntpd_sync_on_start="YES" in
&man.rc.conf.5;.[2017-07-25] A late issue was discovered with
&os;/&arch.arm64; and "root on
ZFS" installations where the root
ZFS pool would fail to be located.There currently is no workaround.[2017-11-06] An issue with &os; virtual machines with
vagrant was discovered that
affects the VirtualBox where the
virtual machine will not start on the initial boot invoked
with vagrant up.The issue is due to the virtual machine
MAC being unset, as &os; does not provide
a default Vagrantfile.It has been observed, however, that a subsequent
invocation of vagrant up will allow the
virtual machine to successfully boot, allowing access via
vagrant ssh.
+
+
+
+ [2018-06-21] An issue had been discovered late in the
+ release cycle where removing ZFS vdevs
+ from a pool under certain conditions would cause a system
+ crash when &man.zfsd.8; is enabled in
+ &man.rc.conf.5;.
+
+ At present, it is believed to be limited to removal of
+ a mirror vdev from a pool consisting of
+ multiple mirror vdevs.
+
+ See PR 228750
+ for more information and updates as the issue is
+ investigated.Late-Breaking NewsNo news.
Index: releng/11.2/release/doc/en_US.ISO8859-1/installation/article.xml
===================================================================
--- releng/11.2/release/doc/en_US.ISO8859-1/installation/article.xml (revision 335498)
+++ releng/11.2/release/doc/en_US.ISO8859-1/installation/article.xml (revision 335499)
@@ -1,129 +1,129 @@
%release;
]>
&os; &release.current; Installation
InstructionsThe &os; Project$FreeBSD$2018The &os; Documentation
Project
&tm-attrib.freebsd;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
This article gives some brief instructions on installing
&os; &release.current; and upgrading the systems running
earlier releases.Installing &os;The Installing
&os; chapter of the &os; Handbook
provides more in-depth information about the installation
program itself, including a guided walk-through with
screenshots.Upgrading &os;If you are upgrading from a previous release of &os;, please
read upgrading
section in the Release Notes for notable
incompatibilities carefully.Upgrading from SourceThe procedure for doing a source code based update is
described in and
.For SVN use the releng/&local.rel;
branch which will be where any upcoming Security Advisories or
Errata Notices will be applied.Upgrading Using &os; UpdateThe &man.freebsd-update.8; utility supports binary
upgrades of &arch.i386; and &arch.amd64; systems running
earlier FreeBSD releases. Systems running
- 10.3-RELEASE,
- 11.0-RELEASE can upgrade as follows:
+ 10.4-RELEASE or
+ 11.1-RELEASE can upgrade as follows:
&prompt.root; freebsd-update fetch
&prompt.root; freebsd-update installNow the &man.freebsd-update.8; utility can fetch bits
belonging to &release.current;. During this process
&man.freebsd-update.8; will ask for help in merging
configuration files.&prompt.root; freebsd-update upgrade -r &local.rel;-RELEASE&prompt.root; freebsd-update installThe system must now be rebooted with the newly installed
kernel before the non-kernel components are updated.&prompt.root; shutdown -r nowAfter rebooting, &man.freebsd-update.8; needs to be run
again to install the new userland components:&prompt.root; freebsd-update installAt this point, users of systems being upgraded from
earlier &os; releases will be prompted by
&man.freebsd-update.8; to rebuild all third-party applications
(e.g., ports installed from the ports tree) due to updates in
system libraries.After updating installed third-party applications (and
again, only if &man.freebsd-update.8; printed a message
indicating that this was necessary), run
&man.freebsd-update.8; again so that it can delete the old (no
longer used) system libraries:&prompt.root; freebsd-update installFinally, reboot into &release.current;&prompt.root; shutdown -r now
Index: releng/11.2/release/doc/en_US.ISO8859-1/relnotes/article.xml
===================================================================
--- releng/11.2/release/doc/en_US.ISO8859-1/relnotes/article.xml (revision 335498)
+++ releng/11.2/release/doc/en_US.ISO8859-1/relnotes/article.xml (revision 335499)
@@ -1,707 +1,700 @@
%release;
%sponsor;
%vendor;
]>
&os; &release.current; Release NotesThe &os; Project$FreeBSD$2018The &os; Documentation
Project
&tm-attrib.freebsd;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
The release notes for &os; &release.current; contain
a summary of the changes made to the &os; base system on the
&release.branch; development line. This document lists
applicable security advisories that were issued since the last
release, as well as significant changes to the &os; kernel and
userland. Some brief remarks on upgrading are also
presented.IntroductionThis document contains the release notes for &os;
&release.current;. It describes recently added, changed, or
deleted features of &os;. It also provides some notes on
upgrading from previous versions of &os;.The &release.type; distribution to
which these release notes apply represents the latest point
along the &release.branch; development branch since
&release.branch; was created. Information regarding pre-built,
binary &release.type; distributions along this branch can be
found at &release.url;.The &release.type; distribution to
which these release notes apply represents a point along the
&release.branch; development branch between &release.prev; and
the future &release.next;. Information regarding pre-built,
binary &release.type; distributions along this branch can be
found at &release.url;.This distribution of &os;
&release.current; is a &release.type; distribution. It can be
found at &release.url; or
any of its mirrors. More information on obtaining this (or
other) &release.type; distributions of &os; can be found in the
Obtaining
&os; appendix to the &os;
Handbook.All users are encouraged to consult the release errata
before installing &os;. The errata document is updated with
late-breaking information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections
to documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.This document describes the most user-visible new or changed
features in &os; since &release.prev;. In general, changes
described here are unique to the &release.branch; branch unless
specifically marked as &merged; features.Typical release note items document recent security
advisories issued after &release.prev;, new drivers or hardware
support, new commands or options, major bug fixes, or
contributed software upgrades. They may also list changes to
major ports/packages or release engineering practices. Clearly
the release notes cannot list every single change made to &os;
between releases; this document focuses primarily on security
advisories, user-visible changes, and major architectural
improvements.Upgrading from Previous Releases of &os;Binary upgrades between RELEASE versions
(and snapshots of the various security branches) are supported
using the &man.freebsd-update.8; utility. The binary upgrade
procedure will update unmodified userland utilities, as well as
unmodified GENERIC kernels distributed as a part of an official
&os; release. The &man.freebsd-update.8; utility requires that
the host being upgraded have Internet connectivity.Source-based upgrades (those based on recompiling the &os;
base system from source code) from previous versions are
supported, according to the instructions in
/usr/src/UPDATING.Upgrading &os; should only be attempted after backing up
all data and configuration files.Security and ErrataThis section lists the various Security Advisories and
Errata Notices since &release.prev;.Security Advisories
&security;
Errata Notices
&errata;
UserlandThis section covers changes and additions to userland
applications, contributed software, and system utilities.Userland Application ChangesThe &man.ln.1; utility has been updated
to correct the behavior of the -F flag by
unlinking an existing directory before creating a symbolic
link.The &man.crontab.1; utility has been
updated to include a new flag, -f, which
forces &man.crontab.5; removal when -r is
used non-interactively.The &man.newsyslog.8; utility has been
updated to support RFC5424-compliant
messages when rotating system logs.The
&man.sesutil.8; utility has been updated to include
&man.libxo.3; support in output.The &man.diskinfo.8; utility has been
updated to include two new flags, -s which
displays the disk identity (usually the serial number), and
-p which displays the physical path to the
disk in a storage controller. The -s and
-p flags are mutually exclusive, and cannot
be used with any other flags.The &man.diskinfo.8; utility has also
been updated to include device model when the
-s flag is used.The &man.top.1; utility has been updated
to allow filtering on multiple user names when the
-U flag is used.The &man.bsdgrep.1; utility has been
updated to include a rgrep hard link to
&man.grep.1;, which when used is equivalent to
grep -r.The &man.bsdgrep.1; utility has been
updated to address various issues with pattern matching
behavior.The &man.umount.8; utility has been
updated to include a new flag, -N, which
is used to forcefully unmount an NFS
mounted filesystem.The &man.pw.8; utility has been updated
to properly handle empty secondary group lists as an argument
to the -G flag when using the
usermod subcommand.The &man.getconf.1; utility has been
updated to include a new flag, -a, which
prints the name and value of all system or path configuration
values to &man.stdout.4; or optionally a file as an argument
to -a.The &man.ps.1; utility has been updated
to reflect realtime and idle priorities in state flags.The &man.ps.1; utility has been updated
to display if a process is running with &man.capsicum.4;
capability mode, indicated by C.The &man.cpucontrol.8; utility has been
updated to include a new flag, -n, that
disables the default microcode update search path when
used.The &man.fsck.ffs.8; utility has been
updated to prevent a filesystem from being reported as
modified when only the timestamp in the superblock is
updated.The &man.diskinfo.8; utility has been
updated to display disk rotation rate and if
TRIM/UNMAP is supported
by the disk.The &man.rsh.1; utility has been updated
to include a new flag, -N, which disables
shutdown of a socket sending path when used.The &man.pfctl.8; utility has been
updated to allow route-to to properly
handle network interfaces with multiple IP
addresses.The &man.camcontrol.8; utility has
been updated to include ZAC (Zoned-device
ATA command set) information when the
identify subcommand is used.The &man.pw.8; utility has been updated
to correct handling of account expiration periods.The &man.mdmfs.8; utility has been
updated to support &man.tmpfs.5;.The &man.lint.1; utility is not longer
built by default. The WITH_LINT
&man.src.conf.5; option has been added to enable building and
installing the utility.The &man.cpucontrol.8; utility has been
updated to include a new flag, -e, which is
used to re-evaluate reported CPU features
after applying firmware updates.The &man.cpucontrol.8; -e flag should
only be used after microcode update have been applied to all
CPUs in the system, otherwise system
instability may be experienced if processor features are not
identical across the system.The &man.indent.1; utility has been
updated to respect the SIMPLE_BACKUP_SUFFIX
environment variable if set.The &man.du.1; utility has been updated
to include the --si long option, which is
used to display output in "human-readable" output in
powers of 1000.The &man.df.1; utility has been updated
to include the --si long option, which is
an alias to -H.The &man.service.8; utility has been
updated to include a new flag, -j, which is
used to interact with services running within a &man.jail.8;.
The argument to -j can be either the name
or numeric jail ID.The &man.fsck.ffs.8; utility has been
updated to exit with a non-zero status when the filesystem is
not repaired.The &man.nvmecontrol.8; utility has been
updated to print the full 128 bit value for
SMART data, instead of the hexadecimal
value.The &man.nvmecontrol.8; utility has been
updated to include control options for Western Digital®
HGST drives. The new options are cap-diag,
get-crash-dump,
drive-log, purge, and
purge-monitor.The &man.dhclient.8; utility has been
updated to be more compliant with RFC2131
by setting the source address field in the
IP header to 0 when
sending a DHCPREQUEST message to attempt to
obtain a previously-assigned IP
address.The &man.pw.8; utility has been updated to
allow the @ and !
characters in the GECOS field.The &man.zfsd.8; utility has been
updated to work with any type of GEOM
provider, including &man.md.4;, &man.geli.8;, &man.glabel.8;,
and &man.gstripe.8;.The &man.ps.1; utility has been updated
to include a jail keyword, which when used
will list the name of a &man.jail.8; instead of the numeric
ID.The &man.mlx5tool.8; utility has been
added, which is used to manage Connect-X 4 and
Connect-X 5 devices supported by &man.mlx5io.4;.The &man.sysctl.8; utility has been
updated to support setting an array of values to nodes. Prior
to this change, &man.sysctl.8; could only set one value to
a node that may return multiple values when queried.The &man.ifconfig.8; utility has been
updated to include a random option, which
when used with the ether option, generates
a random MAC address for an
interface.The &man.efibootmgr.8; utility has been
added, which is used to manipulate the EFI
boot manager.The &man.etdump.1; utility has been
added, which is used to view El Torito boot catalog
information.The &man.mount.8; utility has been
updated to allow fallback to mount media read-only if an
attempt to mount write-protected media read-write fails. This
behavior is disabled by default, and can be requested with the
new autoro option.The
&man.makefs.8; utility has been updated to default the block
and fragment sizes to match that of &man.newfs.8;, 32K and 4K,
respectively.The
&man.pwd.mkdb.8; utility has been updated to emit a notice
that legacy database support will be removed effective
&os; 12 when the -l flag is
used.The &man.dhclient.8; utility has been
updated to allow the interface-mtu option
to be overridden with a supersede entry in
&man.dhclient.conf.5;.Contributed SoftwareThe &man.libarchive.3; library has been
updated to version 3.3.2.Subversion
has been updated to version 1.9.7.The &man.dtc.1; utility has been updated
to upstream commit 9ce35ff8.The &man.file.1; utility has been
updated to version 5.32.OpenSSH has
been updated to version 7.5p1.The &man.mandoc.1; utility has been
updated to version 1.14.3.The &man.tcpdump.1; utility has been
updated to version 4.9.2.The NTP utilities
have been updated to version 4.2.8p11.The &man.less.1; utility has been
updated to upstream version v530.The bmake
utility has been updated to upstream version 20180222.The BSD-licensed
&man.diff.1; utility has been imported from OpenBSD, which is
installed if WITHOUT_GNU_DIFF is set in
&man.src.conf.5;, and otherwise not installed by
default.OpenSSL has
been updated to version 1.0.2o.The clang,
llvm,
lld,
lldb, and
compiler-rt utilities as well as
libc++ have been updated to upstream
version 6.0.0.Timezone data files have been updated to
version 2018e.The &man.libxo.3; library has been
updated to version 0.9.0.Installation and Configuration ToolsThe &man.bsdinstall.8; installer has been
updated to default to UEFI-only
boot.
-
-
- /etc/rc.d
- Scripts
-
-
- KernelThis section covers changes to kernel configurations, system
tuning, and system control parameters that are not otherwise
categorized.General Kernel ChangesThe &man.linux.4; ABI
compaibility layer has been updated to include support for
musl consumers.The &man.fdescfs.5; filesystem has been
updated to support &linux;-specific &man.fd.4;
/dev/fd and
/proc/self/fd behavior.Support for multiple realtime clocks has
been added.Kernel Bug FixesThe &man.ng.iface.4; driver has been
updated to prevent a possible system crash.The &man.ipfw.4; packet filter has been
updated to identify layer-2 and layer-3 packets, fixing
&man.dummynet.4; AQM packet marking.An issue causing boot issues with
&intel; Apollo Lake™ CPUs has been
fixed.Kernel ConfigurationThe &man.watchdog.4; facility has been
updated to make SW_WATCHDOG dynamic,
enabling the software &man.watchdogd.8; option whenever
a hardware watchdog is not present.System Tuning and ControlsThe
p1003_1b.aio_listio_max &man.sysctl.8; has
been changed to a runtime-configurable tunable.Devices and DriversThis section covers changes and additions to devices and
device drivers since &release.prev;.Device DriversThe &man.cxgbe.4; driver has been updated
to firmware version 1.16.63.0 for T4, T5, and T6 network
adapters.The &man.ng.pppoe.4; driver has been
updated to add support for user-supplied
Host-Uniq tags.Support for the TAIO
USB multi-protocol adapter
(TUMPA) has been added.The &man.mlx5io.4; driver has been added,
providing an interface to manage supported Connect-X 4
and Connect-X 5 network adapters.The &man.cm.4; and &man.fpa.4; drivers
have been marked as deprecated, and will be removed in
&os; 12.The &man.ocs.fc.4; driver has been added,
supporting Emulex 16/8G FC GEN 5
HBAs LPe15004 and LPe160XX, and
Emulex 32/16G FC GEN 6
HBAs LPe3100X and LPe3200X.The &man.ixgb.4; driver has been marked
as deprecated, and will be removed in &os; 12.The &man.ixl.4; driver has been updated
to version 1.9.9-k.The &man.nxge.4; driver has been marked
as deprecated, and will be removed in &os; 12.The
&man.lmc.4; driver has been marked as deprecated, and will be
removed in &os; 12.The &man.smartpqi.4; driver has been
added, providing support for Microsemi®
SCSI controllers.The &man.vxge.4; driver has been marked
as deprecated, and will be removed in &os; 12.Hardware SupportThis section covers general hardware support for physical
machines, hypervisors, and virtualization environments, as well
as hardware changes and updates that do not otherwise fit in
other sections of this document.Virtualization SupportSupport for &man.virtio.console.4; has
been added to &man.bhyve.4;.StorageThis section covers changes and additions to file systems
and other storage subsystems, both local and networked.geom(4)The geom_aes,
geom_bsd, geom_mbr,
geom_sunlabel &man.geom.4; classes have
been marked as deprecated. They have been replaced by the
geom_part class in &os; 7, and removed
from the GENERIC kernel configurations in
&os; 8, and will be removed in &os; 12.Boot Loader ChangesThis section covers the boot loader, boot menu, and other
boot-related changes.Boot Loader ChangesThe boot code and &man.loader.8; have
been updated to check for unsupported ZFS
feature flags. If unsupported features are active, the pool
is not considered as a bootable pool, and a diagnostic message
is printed to the console.The &man.loader.8; has been updated to
improve quotation parsing, distinguishing between single- and
double-quotes, and check for terminating quotes.The length of GELI
passphrases entered when booting a system with encrypted disks
is now hidden by default. See the configuration options in
&man.geli.8; to restore the previous behavior.NetworkingThis section describes changes that affect networking in
&os;.General Network ChangesThe &man.icmp6.4; protocol has been
updated to fix ICMPv6 redirects.Ports Collection and Package InfrastructureThis section covers changes to the &os; Ports
Collection, package infrastructure, and package maintenance and
installation tools.Packaging ChangesThe &man.pkg.8; utility has been updated to version
1.10.5.Release Engineering and IntegrationThis section convers changes that are specific to the
&os; Release Engineering processes.Integration ChangesAmazon® EC2™ instances now
keep their clocks synchronized using the Amazon Time Sync
Service, the NTP service internal to the
EC2™ infrastructure.The
&arch.i386; memory stick image installers have been changed
to use the MBR partitioning scheme, which
addresses a boot issue from a GPT partition
scheme in non-UEFI mode.The
&arch.amd64; memory stick image installers have been changed
to use the MBR partitioning scheme, which
addresses a boot issue from a GPT partition
scheme in non-UEFI mode.
Index: releng/11.2/release/doc/share/xml/security.xml
===================================================================
--- releng/11.2/release/doc/share/xml/security.xml (revision 335498)
+++ releng/11.2/release/doc/share/xml/security.xml (revision 335499)
@@ -1,118 +1,126 @@
AdvisoryDateTopicFreeBSD-SA-17:06.openssh10 August 2017Denial of Service vulnerabilityFreeBSD-SA-17:07.wpa16 October 2017WPA2 protocol vulnerabilityFreeBSD-SA-17:08.ptrace15 November 2017Kernel data leak via
ptrace(PT_LWPINFO)FreeBSD-SA-17:10.kldstat15 November 2017Information leakFreeBSD-SA-17:11.openssl29 November 2017Multiple vulnerabilitiesFreeBSD-SA-17:12.openssl09 December 2017Multiple vulnerabilitiesFreeBSD-SA-18:01.ipsec07 March 2018Fix IPSEC validation and
use-after-freeFreeBSD-SA-18:02.ntp07 March 2018Multiple vulnerabilitiesFreeBSD-SA-18:03.speculative_execution14 March 2018Speculative Execution VulnerabilitiesThis advisory addresses the most significant issues
for &os; 11.x on &arch.amd64; CPUs. We expect to
update this advisory to include &arch.i386; and other
CPUs.FreeBSD-SA-18:04.vt04 April 2018Fix &man.vt.4; console memory
disclosureFreeBSD-SA-18:05.ipsec04 April 2018Fix denial of serviceFreeBSD-SA-18:06.debugreg08 May 2018Mishandling of x86 debug
exceptions
+
+
+ FreeBSD-SA-18:07.lazyfpu
+ 21 June 2018
+ Fix Lazy FPU information
+ disclosure
+