--- title: "FreeBSD 12.2-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 12.2-RELEASE :releaseBranch: 12-STABLE :releasePrev: 12.1-RELEASE :releaseNext: 12.3-RELEASE :releaseType: release include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/] or any of its mirrors. More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-SA-19:25.mcepsc.asc[FreeBSD-SA-19:25.mcepce] |12 November 2019 |Machine Check Exception on Page Size Change |https://www.freebsd.org/security/advisories/FreeBSD-SA-19:26.mcu.asc[FreeBSD-SA-19:26.mcu] |12 November 2019 |Intel CPU Microcode Update |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc[FreeBSD-SA-20:01.libfetch] |28 January 2020 |man:fetch[3] buffer overflow |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc[FreeBSD-SA-20:03.thrmisc] |28 January 2020 |Kernel stack data disclosure |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:04.tcp.asc[FreeBSD-SA-20:04.tcp] |18 March 2020 |TCP IPv6 SYN cache kernel information disclosure |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc[FreeBSD-SA-20:05.if_oce_ioctl] |18 March 2020 |Insufficient man:ioctl[2] privilege checking |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc[FreeBSD-SA-20:06.if_ixl_ioctl] |18 March 2020 |Insufficient man:ioctl[2] privilege checking |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc[FreeBSD-SA-20:07.epair] |18 March 2020 |Incorrect user-controlled pointer use |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc[FreeBSD-SA-20:08.jail] |18 March 2020 |Kernel memory disclosure with nested jails |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:09.ntp.asc[FreeBSD-SA-20:09.ntp] |18 March 2020 |Multiple denial of service |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:10.ipfw.asc[FreeBSD-SA-20:10.ipfw] |21 April 2020 |Invalid man:mbuf[9] handling |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:11.openssl.asc[FreeBSD-SA-20:11.openssl] |21 April 2020 |Remote denial of service |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:12.libalias.asc[FreeBSD-SA-20:12.libalias] |12 May 2020 |Insufficient packet length validation |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:13.libalias.asc[FreeBSD-SA-20:13.libalias] |12 May 2020 |Memory disclosure vulnerability |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:15.cryptodev.asc[FreeBSD-SA-20:15.cryptodev] |12 May 2020 |Use-after-free condition |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:16.cryptodev.asc[FreeBSD-SA-20:16.cryptodev] |12 May 2020 |Insufficient MAC key length check |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc[FreeBSD-SA-20:17.usb] |9 June 2020 |HID descriptor parsing error |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:19.unbound.asc[FreeBSD-SA-20:19.unbound] |8 July 2020 |Multiple vulnerabilities |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:20.ipv6.asc[FreeBSD-SA-20:20.ipv6] |8 July 2020 |Race condition and use-after-free |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc[FreeBSD-SA-20:21.usb_net] |5 August 2020 |Memory corruption |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:22.sqlite.asc[FreeBSD-SA-20:22.sqlite] |5 August 2020 |Multiple vulnerabilities |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:23.sendmsg.asc[FreeBSD-SA-20:23.sendmsg] |5 August 2020 |Privilege escalation |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:25.sctp.asc[FreeBSD-SA-20:25.sctp] |2 September 2020 |Use-after-free bug |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc[FreeBSD-SA-20:26.dhclient] |2 September 2020 |Heap overflow |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:27.ure.asc[FreeBSD-SA-20:27.ure] |15 September 2020 |Packet-in-packet attack |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc[FreeBSD-SA-20:28.bhyve_vmcs] |15 September 2020 |Privilege escalation via VMCS |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc[FreeBSD-SA-20:29.bhyve_svm] |15 September 2020 |SVM guest escape |https://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc[FreeBSD-SA-20:30.ftpd] |15 September 2020 |Privilege escalation |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-EN-19:19.loader.asc[FreeBSD-EN-19:19.loader] |12 November 2019 |UEFI Loader Memory Fragmentation |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:01.ssp.asc[FreeBSD-EN-20:01.ssp] |28 January 2020 |Imprecise orderring of canary initialization |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:03.sshd.asc[FreeBSD-EN-20:03.sshd] |18 March 2020 |Misleading log messages upon successful login |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:05.mlx5en.asc[FreeBSD-EN-20:05.mlx5en] |18 March 2020 |Fix packet forwarding performance |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:06.ipv6.asc[FreeBSD-EN-20:06.ipv6] |18 March 2020 |Incorrect checksum calculations |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:07.quotad.asc[FreeBSD-EN-20:07.quotad] |21 April 2020 |Regression with certain NFS servers |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:08.tzdata.asc[FreeBSD-EN-20:08.tzdata] |12 May 2020 |Timezone database update |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:09.igb.asc[FreeBSD-EN-20:09.igb] |12 May 2020 |Fix failure to switch to inactive state |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:10.build.asc[FreeBSD-EN-20:10.build] |12 May 2020 |Incorrect build host clang version detection |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:11.ena.asc[FreeBSD-EN-20:11.ena] |9 June 2020 |Stability issues in man:ena[4] |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:12.iflib.asc[FreeBSD-EN-20:12.iflib] |9 June 2020 |Watchdog timeout resetting idle queues |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:13.bhyve.asc[FreeBSD-EN-20:13.bhyve] |8 July 2020 |Crash with PCI device passthrough |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:14.linuxkpi.asc[FreeBSD-EN-20:14.linuxkpi] |8 July 2020 |Kernel panic |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:15.mps.asc[FreeBSD-EN-20:15.mps] |8 July 2020 |Kernel panic |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:16.vmx.asc[FreeBSD-EN-20:16.vmx] |5 August 2020 |Packet loss and degraded performance |https://www.freebsd.org/security/advisories/FreeBSD-EN-20:17.linuxthread.asc[FreeBSD-EN-20:17.linuxthread] |2 September 2020 |Kernel panic |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`. {{< revision "364883" >}} (Sponsored by The FreeBSD Foundation) The man:devd[8] utility has been updated to change the default man:syslogd[8] notification for resume from `kern` to `kernel`. {{< revision "365540" >}} [[userland-programs]] === Userland Application Changes The man:cron[8] utility has been updated to support two new flags in man:crontab[5], `-n` and `-q`, which suppress mail on successful runs and suppress logging of command execution, respectively. {{< revision "353134" >}} The man:dd[1] utility has been updated to include new operands: {{< revision "355520" >}} * `conv=fsync` * `conf=fdatasync` * `oflag=fsync` * `oflag=sync` * `iflag=fullblock` See man:dd[1] for usage details. The man:fsck_msdosfs[8] utility has been updated to include a variety of enhancements, including reducing the memory footprint, a new flag, `-M`, which disables the use of man:mmap[2], and others. {{< revision "357568" >}} The man:showmount[8] utility has been updated to implement support for long options. {{< revision "357078" >}} The man:certctl.8; utility has been added. {{< revision "357082" >}} The man:syslogd[8] utility has been updated to add property-based filters. {{< revision "359739" >}} The man:mountd[8] utility has been updated to fix incorrect group listing under certain conditions when `-maproot` or `-mapall` is used for exports. {{< revision "362602" >}} The man:sed[1] utility has been updated to read commands from man:stdin[4] when "`-f -`" is specified. {{< revision "362687" >}} The man:hostapd[8] and man:wpa_supplicant[8] utilities have been updated to support 802.11n, 802.11w, 802.11ac, and 802.11ax. {{< revision "363441" >}} The man:sesutil[8] utility has been updated to include a `show` subcommand to print output in a user-friendly way. {{< revision "364115" >}} The man:bhyve[8] utility has been updated to support setting additional AHCI controller parameters. {{< revision "364334" >}} The man:jail[8] utility has been updated to allow running Linux(R) in a jailed environment. [[userland-contrib]] === Contributed Software The man:tcsh[1] utility has been updated to version 6.21.00. {{< revision "354191" >}} (Sponsored by DARPA, AFRL) The man:less[1] utility has been updated to version v551. {{< revision "355503" >}} The man:libbsdxml[3] library has been updated to version 2.2.9. {{< revision "355603" >}} The man:resolvconf[8] utility has been updated to version 3.9.2. {{< revision "355745" >}} The man:pcap[3] library has been updated to version 1.9.1. {{< revision "356340" >}} The man:tcpdump[1] utility has been updated to version 4.9.3. {{< revision "356340" >}} The man:mtree[8] utility has been updated to address an issue with `-f` not considering type changes, fix username logic with `-c` when man:getlogin[2] fails, and to fix `-O` not descending when a hash collision occurs. {{< revision "356532" >}} The Elf Tool Chain has been updated to upstream revision r3769. {{< revision "358779" >}} (Sponsored by The FreeBSD Foundation) The man:xz[1] utility has been updated to version 5.2.5. {{< revision "359635" >}} OpenSSH has been updated to version 7.9p1. {{< revision "360313" >}} (Sponsored by The FreeBSD Foundation) The timezone database files have been updated to version 2020a. {{< revision "360361" >}} The man:unbound[8] utility has been updated to version 1.10.1. {{< revision "361435" >}} The man:libarchive[3] library has been updated to version 3.4.3. {{< revision "362132" >}} The private apr library has been updated to version 1.7.0. {{< revision "362180" >}} The svn{,lite} utility has been updated to version 1.14.0 LTS. {{< revision "362180" >}} The man:ntpd[8] suite of utilities have been updated to version 4.2.8p15. {{< revision "362716" >}} The man:file[1] utility has been updated to version 5.39. {{< revision "362842" >}} The man:bc[1] utility has been updated to version 3.1.1. {{< revision "362987" >}} The private sqlite3 utility has been updated to version 3.32.3. {{< revision "363179" >}} The BSD man:make[1] utility has been updated to version 20200719. {{< revision "363352" >}} The Sendmail utility has been updated to version 8.16.1. {{< revision "363465" >}} The man:nc[1] utility has been updated to include a new `--sctp` flag. {{< revision "363474" >}} The clang, llvm, lld, lldb, compiler-rt utilities and libc++ have been updated to version 10.0.1. {{< revision "363494" >}} OpenSSL has been updated to version 1.1.1h. {{< revision "366177" >}} [[userland-deprecated-programs]] === Deprecated Applications The man:amd[8] utility has been marked as deprecated, and targeted for removal in FreeBSD 13.0. {{< revision "355075" >}} [[userland-libraries]] === Runtime Libraries and API The `ifconfig` library has been updated to report the status of a man:bridge[4] interface, similarly to man:lagg[4]. {{< revision "363037" >}} [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes The man:read[2] system call has been changed to disable `read()` calls on directories by default. A new man:sysctl[8] has been added, `security.bsd.allow_read_dir`, which when set to `1` will restore the previous behavior. {{< revision "363017" >}} The man:ixl[4] driver has now been enabled by default for FreeBSD/powerpc64. {{< revision "363712" >}} The `machdep.kdb_on_nmi` man:sysctl[8] has been removed. The `machdep.panic_on_nmi` man:sysctl[8] tunable has changed to directly enter the debugger. {{< revision "364002" >}} Support for APEI (ACPI Platform Error Interfaces) has been added. {{< revision "364003" >}} (Sponsored by iXsystems) [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers The man:ubsec[4] driver has been marked as deprecated, and will be removed in FreeBSD 13.0. {{< revision "361044" >}} The man:ufm[4] driver has been marked as deprecated, and will be removed in FreeBSD 13.0. {{< revision "364431" >}} The man:apm[4] driver has been marked as deprecated, and will be removed in FreeBSD 13.0. {{< revision "365542" >}} The man:ctau[4] and man:cx[4] drivers have been marked as deprecated, and will be removed in FreeBSD 13.0. {{< revision "365542" >}} (Sponsored by The FreeBSD Foundation) [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage The man:mps[4] driver has been removed from the 32-bit [.filename]#GENERIC# kernel configuration. {{< revision "352741" >}} The man:virtio_blk[4] driver has been updated to support TRIM. {{< revision "365702" >}} (Sponsored by Klara Systems) The ZFS file system has been updated to include read/write `kstat` output per dataset. {{< revision "365917" >}} (Sponsored by Klara Systems) [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes The console is now displayed within the boot loader, allowing to toggle between available console devices. {{< revision "366691" >}} [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network The man:tap[4] and man:tun[4] devices have been updated to create [.filename]#/dev# aliases when they are renamed. {{< revision "354060" >}} The man:ipfw[4] driver has been updated to support RFC6598/Carrier Grade NAT subnets. {{< revision "359694" >}} The man:ng_nat[4] driver has been updated to allow attaching to an ethernet interface. {{< revision "359697" >}} The man:ixl[4] driver has been updated to version 1.11.29. {{< revision "363876" >}} (Sponsored by Intel Corporation) The man:ena[4] driver has been updated to version 2.2.0. {{< revision "365381" >}} (Sponsored by Amazon, Inc.) Updates to the wireless networking stack and various drivers have been introduced to provide better 802.11n and 802.11ac support. {{< revision "365670" >}} (Sponsored by Rubicon Communications, LLC (Netgate)) The `ice(4)` driver has been added, supporting Intel(R) 100Gb ethernet cards. {{< revision "365733" >}} (Sponsored by Intel Corporation) The man:cxgbe[4] driver has been updated to version 1.25.0.0. {{< revision "365961" >}} (Sponsored by Chelsio Communications) [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes The man:pkg[8] utility has been updated to version 1.15.10. [[future-releases]] == General Notes Regarding Future FreeBSD Releases [[future-releases-cputype]] === Default `CPUTYPE` Change Starting with FreeBSD-13.0, the default `CPUTYPE` for the i386 architecture will change from `486` to `686`. This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. FreeBSD 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support. As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically. There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception. As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the `COMPAT_FREEBSD32` option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux(R) distributions have been doing for quite some time. This is expected to be the final bump of the default `CPUTYPE` in i386. [IMPORTANT] ==== This change does not affect the FreeBSD 12.x or 11.x series of releases. ====