--- title: "FreeBSD 12.1-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 12.1-RELEASE :releaseBranch: 12-STABLE :releasePrev: 12.0-RELEASE :releaseNext: 12.2-RELEASE :releaseType: release include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes == Abstract The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. == Table of Contents [[intro]] == Introduction This document contains the release notes for FreeBSD RELEASE.CURRENT. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The RELEASE.TYPE distribution to which these release notes apply represents the latest point along the RELEASE.BRANCH development branch since RELEASE.BRANCH was created. Information regarding pre-built, binary RELEASE.TYPE distributions along this branch can be found at . The RELEASE.TYPE distribution to which these release notes apply represents a point along the RELEASE.BRANCH development branch between RELEASE.PREV and the future RELEASE.NEXT. Information regarding pre-built, binary RELEASE.TYPE distributions along this branch can be found at . This distribution of FreeBSD RELEASE.CURRENT is a RELEASE.TYPE distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) RELEASE.TYPE distributions of FreeBSD can be found in the link:{handbook}#mirrors[Obtaining FreeBSD' appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD RELEASE.CURRENT can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since RELEASE.PREV. In general, changes described here are unique to the RELEASE.BRANCH branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after RELEASE.PREV, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the {{< manpage "freebsd-update" "8">}} utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The {{< manpage "freebsd-update" "8">}} utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in `/usr/src/UPDATING`. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since RELEASE.PREV. [[security]] === Security Advisories [width="100%",cols="40%,30%,30%",options="header",] |=== |Advisory |Date |Topic |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc[FreeBSD-SA-18:15.bootpd] |19 December 2018 |Buffer overflow |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:01.syscall.asc[FreeBSD-SA-19:01.syscall] |5 February 2019 |Kernel data register leak |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:02.fd.asc[FreeBSD-SA-19:02.fd] |5 February 2019 |File description reference count leak |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:03.wpa.asc[FreeBSD-SA-19:03.wpa] |14 May 2019 |Multiple vulnerabilities |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:04.ntp.asc[FreeBSD-SA-19:04.ntp] |14 May 2019 |Authenticated denial of service in {{< manpage "ntpd" "8">}} |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:05.pf.asc[FreeBSD-SA-19:05.pf] |14 May 2019 |IPv6 fragment reassembly panic in {{< manpage "pf" "4">}} |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:06.pf.asc[FreeBSD-SA-19:06.pf] |14 May 2019 |ICMP/ICMP6 packet filter bypass in {{< manpage "pf" "4">}} |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:07.mds.asc[FreeBSD-SA-19:07.mds] |14 May 2019 |Microarchitectural Data Sampling |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:08.rack.asc[FreeBSD-SA-19:08.rack] |19 June 2019 |Resource exhaustion in non-default RACK TCP stack |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:09.iconv.asc[FreeBSD-SA-19:09.iconv] |2 July 2019 |{{< manpage "iconv" "3">}} buffer overflow |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:10.ufs.asc[FreeBSD-SA-19:10.ufs] |2 July 2019 |Kernel stack disclosure |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc[FreeBSD-SA-19:11.cd_ioctl] |2 July 2019 |Privilege escalation in {{< manpage "cd" "4">}} |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:12.telnet.asc[FreeBSD-SA-19:12.telnet] |24 July 2019 |Multiple vulnerabilities |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:13.pts.asc[FreeBSD-SA-19:13.pts] |24 July 2019 |Write-after-free vulnerability |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc[FreeBSD-SA-19:15.mqueuefs] |24 July 2019 |Reference count overflow |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc[FreeBSD-SA-19:16.bhyve] |24 July 2019 |{{< manpage "xhci" "4">}} out-of-bounds read |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:17.fd.asc[FreeBSD-SA-19:17.fd] |24 July 2019 |Reference count leak |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc[FreeBSD-SA-19:18.bzip2] |6 August 2019 |Multiple vulnerabilities |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:19.mldv2.asc[FreeBSD-SA-19:19.mldv2] |6 August 2019 |Out-of-bounds memory access |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:20.bsnmp.asc[FreeBSD-SA-19:20.bsnmp] |6 August 2019 |Insufficient message length validation |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc[FreeBSD-SA-19:21.bhyve] |6 August 2019 |Insufficient validation of guest-supplied data |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc[FreeBSD-SA-19:22.mbuf] |20 August 2019 |IPv6 remove denial-of-service |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:23.midi.asc[FreeBSD-SA-19:23.midi] |20 August 2019 |Kernel memory disclosure |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-19:24.mqueuefs.asc[FreeBSD-SA-19:24.mqueuefs] |20 August 2019 |Reference count overflow |=== [[errata]] === Errata Notices [width="100%",cols="40%,30%,30%",options="header",] |=== |Errata |Date |Topic |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:01.cc_cubic.asc[FreeBSD-EN-19:01.cc_cubic] |9 January 2019 |Connection stalls with CUBIC congestion control |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:02.tcp.asc[FreeBSD-EN-19:02.tcp] |9 January 2019 |TCP connections may stall and eventually fail in case of packet loss |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc[FreeBSD-EN-19:03.sqlite] |9 January 2019 |sqlite update |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:04.tzdata.asc[FreeBSD-EN-19:04.tzdata] |9 January 2019 |Timezone database information update |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:06.dtrace.asc[FreeBSD-EN-19:06.dtrace] |5 February 2019 |DTrace incompatibility with SMAP-enabled systems |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:07.lle.asc[FreeBSD-EN-19:07.lle] |5 February 2019 |LLE table lookup code race condition |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:08.tzdata.asc[FreeBSD-EN-19:08.tzdata] |14 May 2019 |Timezone database information update |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:09.xinstall.asc[FreeBSD-EN-19:09.xinstall] |14 May 2019 |{{< manpage "install" "1">}} broken with partially matching relative paths |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:10.scp.asc[FreeBSD-EN-19:10.scp] |14 May 2019 |Insufficient filename validation in {{< manpage "scp" "1">}} client |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:11.net.asc[FreeBSD-EN-19:11.net] |19 June 2019 |Incorrect locking in networking stack |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:12.tzdata.asc[FreeBSD-EN-19:12.tzdata] |2 July 2019 |Timezone database information update |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:13.mds.asc[FreeBSD-EN-19:13.mds] |24 July 2019 |System crash from Intel CPU vulnerability mitigation |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:14.epoch.asc[FreeBSD-EN-19:14.epoch] |6 August 2019 |Incorrect locking |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:15.libunwind.asc[FreeBSD-EN-19:15.libunwind] |6 August 2019 |Incorrect exception handling |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:16.bhyve.asc[FreeBSD-EN-19:16.bhyve] |20 August 2019 |Instruction emulation improvements |link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-19:17.ipfw.asc[FreeBSD-EN-19:17.ipfw] |20 August 2019 |"jail" keyword fix |=== == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes The gcc `-Werror` flag has been turned off by default. {{< revision "352094" >}} [[userland-programs]] === Userland Application Changes The {{< manpage "lockf" "1">}} utility has been updated to return `EX_UNAVAILABLE` if the `-n` flag is used and the lock file does not exist. {{< revision "345569" >}} The {{< manpage "ktrdump" "8">}} utility has been updated to include the `-l` flag which enables "live" mode when specified. {{< revision "342705" >}} The {{< manpage "gzip" "1">}} utility has been updated to add `-l` support for {{< manpage "xz" "1">}} files. {{< revision "343250" >}} The {{< manpage "trim" "8">}} utility has been added, which deletes content for blocks on flash-based storage devices that use wear-leveling algorithms. {{< revision "344688" >}} The {{< manpage "sh" "1">}} utility has been updated to include a new `pipefail` option, which when set, changes the exit status of a pipeline to the last non-zero exit status of any command in the pipeline. {{< revision "345487" >}} The {{< manpage "mlx5tool" "8">}} utility has been updated to implement firmware update capability for ConnectX-4(R), ConnectX-5(R), and ConnectX-6(R). {{< revision "347752" >}} {{< sponsored "Mellanox Technologies" >}} The {{< manpage "posixshmcontrol" "1">}} utility has been added. {{< revision "348426" >}} The {{< manpage "swapon" "8">}} utility has been updated to invoke `BIO_DELETE` to trim swap devices if either the `-E` flag is used on the command line, or if the `trimonce` option is included in {{< manpage "fstab" "5">}}. {{< revision "349930" >}} The {{< manpage "nvmecontrol" "8">}} utility has been updated to add a new subcommand, `resv`, which is used to handle NVMe reservations. {{< revision "350952" >}} The {{< manpage "camcontrol" "8">}} utility has been updated to support block descriptors when using the `modepage` subcommand. {{< revision "351530" >}} {{< sponsored "iXsystems" >}} The {{< manpage "freebsd-update" "8">}} utility has been updated to include two new commands, `updatesready` and `showconfig`. {{< revision "352774" >}} The {{< manpage "zfs" "8">}} utility has been updated to support the `-v`, `-n`, and `-P` flags together with the `send` subcommand for bookmarks. {{< revision "352901" >}} [[userland-contrib]] === Contributed Software BearSSL has been imported to the base system. {{< revision "343281" >}} The {{< manpage "ntpd" "8">}} suite of utilities have been updated to version 4.2.8p13. {{< revision "344884" >}} The {{< manpage "tcpdump" "1">}} utility has been updated to disable {{< manpage "capsicum" "4">}} support when the `-E` flag is used. {{< revision "346986" >}} The {{< manpage "bsnmpd" "1">}} utility has been updated to include IPv6 transport support. {{< revision "346987" >}} The {{< manpage "libarchive" "3">}} library has been updated to version 3.4.0. {{< revision "349523" >}} The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 8.0.1. {{< revision "350256" >}} The lld linker has been enabled by default for i386. {{< revision "350297" >}} {{< sponsored "The FreeBSD Foundation" >}} The bzip2recover utility has been added. {{< revision "350634" >}} The {{< manpage "bzip2" "1">}} utility has been updated to version 1.0.8. {{< revision "351007" >}} Warnings have been added for Kerberos GSS algorithms deprecated in RFC8221 and RFC8429. {{< revision "351243" >}} The {{< manpage "mandoc" "1">}} utility has been updated to the 2019-07-23 snapshot. {{< revision "351390" >}} The WPA utilities have been updated to version 2.9. {{< revision "351611" >}} OpenSSL has been updated to version 1.1.1d. {{< revision "352192" >}} The timezone database files have been updated to version 2019c. {{< revision "352353" >}} [[userland-deprecated-programs]] === Deprecated Applications The {{< manpage "ctm" "1">}} utility has been marked as deprecated, and has been removed in FreeBSD 13.0. {{< revision "340444" >}} The {{< manpage "timed" "8">}} utility has been marked as deprecated, and has been removed in FreeBSD 13.0. {{< revision "343940" >}} [[userland-libraries]] === Runtime Libraries and API The `libomp` library has been added. == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes The kernel will now log the {{< manpage "jail" "8">}} ID when logging a process exit. The {{< manpage "jail" "8">}} ID `0` represents processes that are not jailed. {{< revision "343083" >}} {{< sponsored "Modirum MDPay" >}} The `pci_vendors` list has been updated to version 2019.01.29. {{< revision "343735" >}} [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since RELEASE.PREV. [[drivers-device]] === Device Drivers The {{< manpage "ichwd" "4">}} driver has been updated to include support for TCO watchdog timers in the Lewisburg PCH (C620) chipset. {{< revision "340190" >}} {{< sponsored " Panzura" >}} The {{< manpage "amdsmn" "4">}} and {{< manpage "amdtemp" "4">}} drivers have been updated to support Ryzen(TM) 2 host bridges. {{< revision "340446" >}} The {{< manpage "amdtemp" "4">}} driver has been updated to correct temperature reporting for the AMD(R) 2990WX. {{< revision "340447" >}} The {{< manpage "rtwn_pci" "4">}} driver has been added for the RTL8188EE chipset. {{< revision "342835" >}} The {{< manpage "crypto" "4">}} driver has been updated to print warnings for deprecated algorithms. {{< revision "351246" >}} The {{< manpage "ntb_hw_amd" "4">}} driver has been added, providing support for the AMD(R) Non-Transparent Bridge. {{< revision "351536" >}} The {{< manpage "nvme" "4">}} driver has been updated to support suspend/resume for PCI attachment. {{< revision "351914" >}} The {{< manpage "cdceem" "4">}} driver has been added, supporting virtual USB network cards provided by iLO 5, found in new HPE(R) Proliant(TM) servers. {{< revision "351942" >}} {{< sponsored " Hewlett Packard Enterprise" >}} The {{< manpage "fusefs" "5">}} driver has been overhauled, implementing new features and performance improvements. {{< revision "352351" >}} {{< sponsored "The FreeBSD Foundation" >}} The {{< manpage "mpr" "4">}} and {{< manpage "mps" "4">}} drivers have been updated with stability fixes. {{< revision "352761" >}} As result of converting {{< manpage "mps" "4">}} to use `atomic_swap_64`, it is now disabled on 32-bit powerpc and mips. {{< revision "352761" >}} == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage The {{< manpage "camcontrol" "8">}} utility has been updated to add ATA power mode support. {{< revision "347384" >}} {{< sponsored "Multiplay" >}} Deprecation warnings have been added for weaker algorithms when creating {{< manpage "geli" "8">}} providers. {{< revision "348587" >}} The {{< manpage "cam" "4">}} subsystem has been updated to improve AHCI enclosure management and SES interoperation. {{< revision "349832" >}} [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes The {{< manpage "loader" "8">}} has been update to allow booting from ZFS datasets with the `large_dnode` feature flag enabled. {{< revision "342683" >}} The {{< manpage "loader" "8">}} has been updated to support the `com.delphix:removing` ZFS {{< manpage "zpool-features" "7">}} flag. {{< revision "351384" >}} [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network The {{< manpage "ipfw" "8">}} utility has been updated to fix showing headers outside of "all" when executing `ipfw table list`. {{< revision "344667" >}} Support for NAT64 CLAT has been added, as defined in RFC6877. {{< revision "346200" >}} {{< sponsored "Yandex LLC" >}} The `net.inet.tcp.rexmit_initial` {{< manpage "sysctl" "8">}} has been added, used for setting `RTO.Initial`, used by TCP. {{< revision "347110" >}} {{< sponsored "Netflix" >}} Support for GRE-in-UDP encapsulation has been added, as defined in RFC8086. {{< revision "348233" >}} [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes The {{< manpage "pkg" "8">}} utility has been updated to version 1.12.0. The GNOME desktop environment has been updated to version 3.28. The KDE desktop environment has been updated to version 5.16.5.19.08.1. [[future-releases]] == General Notes Regarding Future FreeBSD Releases [[future-releases-cputype]] === Default `CPUTYPE` Change Starting with FreeBSD-13.0, the default `CPUTYPE` for the i386 architecture will change from `486` to `686`. This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. FreeBSD 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support. As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically. There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception. As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the `COMPAT_FREEBSD32` option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux(R) distributions have been doing for quite some time. This is expected to be the final bump of the default `CPUTYPE` in i386. [IMPORTANT] ==== This change does not affect the FreeBSD 12.x series of releases. ====