--- title: "FreeBSD 11.0-RELEASE Errata" sidenav: download --- = FreeBSD 11.0-RELEASE Errata == Abstract This document lists errata items for FreeBSD 11.0-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD. This errata document for FreeBSD 11.0-RELEASE will be maintained until the release of FreeBSD 11.0-RELEASE. === Table of Contents * <> * <> * <> * <> * <> [[intro]] == Introduction This errata document contains "late-breaking news" about FreeBSD 11.0-RELEASE Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed. Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the "current errata" for this release. These other copies of the errata are located at https://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location. Source and binary snapshots of FreeBSD 11.0-STABLE also contain up-to-date copies of this document (as of the time of the snapshot). For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/. [[security]] == Security Advisories [width="100%",cols="40%,30%,30%",options="header",] |=== |Advisory |Date |Topic |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc[FreeBSD-SA-16:32.bhyve] |25 October 2016 |Privilege escalation vulnerability |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-16:33.openssh.asc[FreeBSD-SA-16:33.openssh] |2 November 2016 |Remote Denial of Service vulnerability |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc[FreeBSD-SA-16:36.telnetd] |6 December 2016 |Possible http://www.FreeBSD.org/cgi/man.cgi?query=login&sektion=1&manpath=freebsd-release-ports[login(1)] argument injection |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-16:37.libc.asc[FreeBSD-SA-16:37.libc] |6 December 2016 |http://www.FreeBSD.org/cgi/man.cgi?query=link_ntoa&sektion=3&manpath=freebsd-release-ports[link_ntoa(3)] buffer overflow |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-16:38.bhyve.asc[FreeBSD-SA-16:38.bhyve] |6 December 2016 |Possible escape from http://www.FreeBSD.org/cgi/man.cgi?query=bhyve&sektion=8&manpath=freebsd-release-ports[bhyve(8)] virtual machine |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-16:39.ntp.asc[FreeBSD-SA-16:39.ntp] |22 December 2016 |Multiple vulnerabilities |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-17:01.openssh.asc[FreeBSD-SA-17:01.openssh] |10 January 2017 |Multiple vulnerabilities |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-17:02.openssl.asc[FreeBSD-SA-17:02.openssl] |23 February 2017 |Multiple vulnerabilities |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-17:03.ntp.asc[FreeBSD-SA-17:03.ntp] |12 April 2017 |Multiple vulnerabilities |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc[FreeBSD-SA-17:04.ipfilter] |27 April 2017 |Fix fragment handling panic |https://www.FreeBSD.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc[FreeBSD-SA-17:05.heimdal] |12 July 2017 |Fix KDC-REP service name validation vulnerability |=== [[errata]] == Errata Notices [width="100%",cols="40%,30%,30%",options="header",] |=== |Errata |Date |Topic |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-16:18.loader.asc[FreeBSD-EN-16:18.loader] |25 October 2016 |Loader may hang during boot |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-16:19.tzcode.asc[FreeBSD-EN-16:19.tzcode] |6 December 2016 |Fix warnings about invalid timezone abbreviations |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-16:20.tzdata.asc[FreeBSD-EN-16:20.tzdata] |6 December 2016 |Update timezone database information |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-16:21.localedef.asc[FreeBSD-EN-16:21.localedef] |6 December 2016 |Fix incorrectly defined unicode characters |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-17:01.pcie.asc[FreeBSD-EN-17:01.pcie] |23 February 2017 |Fix system hang when booting when PCI-express HotPlug is enabled |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-17:02.yp.asc[FreeBSD-EN-17:02.yp] |23 February 2017 |Fix NIS master updates are not pushed to an NIS slave |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-17:03.hyperv.asc[FreeBSD-EN-17:03.hyperv] |23 February 2017 |Fix compatibility with Hyper-V/storage after KB3172614 or KB3179574 |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-17:04.mandoc.asc[FreeBSD-EN-17:04.mandoc] |23 February 2017 |Make http://www.FreeBSD.org/cgi/man.cgi?query=makewhatis&sektion=1&manpath=freebsd-release-ports[makewhatis(1)] output reproducible |https://www.FreeBSD.org/security/advisories/FreeBSD-EN-17:05.xen.asc[FreeBSD-EN-17:05.xen] |23 February 2017 |Xen migration enhancements |=== [[open-issues]] == Open Issues * An issue was discovered with Amazon EC2™ images which would cause the virtual machine to hang during boot when upgrading from previous FreeBSD versions. New EC2™ installations are not affected, but existing installations running earlier releases are advised to wait until the issue is resolved in an Errata Notice before upgrading. An Errata Notice to address this is planned following the release. * FreeBSD/i386 installed on ZFS may crash during boot when the ZFS pool mount is attempted while booting an unmodified `GENERIC` kernel. + A system tunable has been added as of revision `r286584` to make the `kern.kstack_pages` tunable configurable without recompiling the kernel. + To mitigate system crashes with such configurations, chose `Escape to loader prompt` in the boot menu and enter the following lines from http://www.FreeBSD.org/cgi/man.cgi?query=loader&sektion=8&manpath=freebsd-release-ports[loader(8)] prompt, after an `OK`: + [.screen] ---- set kern.kstack_pages=4 boot ---- + Add this line to `/boot/loader.conf` for the change to persist across reboots: + [.programlisting] ---- kern.kstack_pages=4 ---- * A bug was diagnosed in interaction of the `pmap_activate()` function and TLB shootdown IPI handler on amd64 systems which have PCID features but do not implement the INVPCID instruction. On such machines, such as SandyBridge™ and IvyBridge™ microarchitectures, set the loader tunable `vm.pmap.pcid_enabled=0` during boot: + [.screen] ---- set vm.pmap.pcid_enabled=0 boot ---- + Add this line to `/boot/loader.conf` for the change to persist across reboots: + To check if the system is affected, check http://www.FreeBSD.org/cgi/man.cgi?query=dmesg&sektion=8&manpath=freebsd-release-ports[dmesg(8)] for PCID listed in the "Features2", and absence of INVPCID in the "Structured Extended Features". If the PCID feature is not present, or INVPCID is present, system is not affected. + [.programlisting] ---- vm.pmap.pcid_enabled=0 ---- * The Release Notes erroneously states the `WITH_SYSTEM_COMPILER` http://www.FreeBSD.org/cgi/man.cgi?query=src.conf&sektion=5&manpath=freebsd-release-ports[src.conf(5)] option is enabled by default, however this was disabled prior to the final release build. * The release announcement stated "Wireless support for 802.11n has been added." This was intended to state "Wireless support for 802.11n has been added for additional wireless network drivers." * Some release notes pertaining to the Cavium ThunderX platform (the FreeBSD/arm64 reference platform) were omitted: + ** Support for the Cavium Virtualized NIC ethernet driver has been added. http://svn.freebsd.org/viewvc/base?view=revision&revision=289550[(r289550)] [.contrib]#(Sponsored by Cavium)# ** Support for the GICv3 and ITS device drivers has been added. http://svn.freebsd.org/viewvc/base?view=revision&revision=286919[(r286919)] [.contrib]#(Sponsored by Cavium)# ** Support for PCI Enhanced Allocation support has been added. http://svn.freebsd.org/viewvc/base?view=revision&revision=296308[(r296308)] [.contrib]#(Sponsored by Cavium)# * [2016-10-20] Several recent Dell systems fail to find a bootable disk when the system boots in Legacy/BIOS/CSM mode, the boot disk is partitioned with GPT, and the Active flag in the Protective MBR is not set. To work around this issue, either configure the system to boot in UEFI mode, or choose the "GPT + Active" scheme. http://svn.freebsd.org/viewvc/base?view=revision&revision=293860[[r293860]] * [2016-10-21] Support for `sha512` and `skein` checksumming has been added to the ZFS filesystem. This was not mentioned in the release notes. + Systems being upgraded from earlier FreeBSD releases with ZFS will see a message in `zpool status` output noting the pool is not at the latest version, and some features may not be enabled. Additional instructions on how to update ZFS pools to the latest version and update the boot blocks for all boot drives in the pool will also be provided in the output. + This information is also documented in `/usr/src/UPDATING`, which is included if the `src` component is selected during installation. * [2016-10-21] The size of the GPT enabled ZFS boot blocks (`/boot/gptzfsboot`) has increased past 64K. Systems upgraded from older releases may experience a problem where the size of the existing "freebsd-boot" partition is too small to hold the new `gptzfsboot`. + Systems where the boot partition is immediately followed by the swap partition, such as those installed via http://www.FreeBSD.org/cgi/man.cgi?query=bsdinstall&sektion=8&manpath=freebsd-release-ports[bsdinstall(8)], can resize the swap partition slightly using the http://www.FreeBSD.org/cgi/man.cgi?query=gpart&sektion=8&manpath=freebsd-release-ports[gpart(8)] `resize` command, so space can be reclaimed to increase the size of the freebsd-boot partition. * [2016-10-21] Due to a bug in earlier versions of http://www.FreeBSD.org/cgi/man.cgi?query=clang&sektion=1&manpath=freebsd-release-ports[clang(1)] that is difficult to work around in the upgrade process, to upgrade the system from sources via buildworld to -CURRENT or 11.0-RELEASE, it is necessary to upgrade machines running 9.x to at least revision r286035, or machines running 10.x to revision r286033. Source-based upgrades from 10.3-RELEASE are not affected. This differs from the historical situation where one could generally upgrade from anywhere on earlier stable branches, so caution should be exercised. [[late-news]] == Late-Breaking News No news.