git: c85c466e90 - main - 13.4R/relnotes: Update release notes
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Sep 2024 18:49:44 UTC
The branch main has been updated by bofh:
URL: https://cgit.FreeBSD.org/doc/commit/?id=c85c466e9069d4ddc95454caa9ac4b303493949e
commit c85c466e9069d4ddc95454caa9ac4b303493949e
Author: Muhammad Moinur Rahman <bofh@FreeBSD.org>
AuthorDate: 2024-09-16 18:46:50 +0000
Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org>
CommitDate: 2024-09-16 18:46:50 +0000
13.4R/relnotes: Update release notes
- Add SA [1]
- Add Erratas
- Remove unnecessary parts
- Minor tweaks and typos fixes [1]
- Linted with vale
Reported by: grahamperrin@gmail.com
Approved by: re (blanket)
---
website/content/en/releases/13.4R/relnotes.adoc | 181 +++++++++++++++++-------
1 file changed, 130 insertions(+), 51 deletions(-)
diff --git a/website/content/en/releases/13.4R/relnotes.adoc b/website/content/en/releases/13.4R/relnotes.adoc
index becc0be5b8..d7844f29ba 100644
--- a/website/content/en/releases/13.4R/relnotes.adoc
+++ b/website/content/en/releases/13.4R/relnotes.adoc
@@ -68,14 +68,130 @@ Source-based upgrades (those based on recompiling the FreeBSD base system from s
Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files.
====
+[[security-errata]]
+== Security and Errata
+
+This section lists the various Security Advisories and Errata Notices since {releasePrev}.
+
+[[security]]
+=== Security Advisories
+
+[.informaltable]
+[cols="1,1,1", frame="none", options="header"]
+|===
+| Advisory
+| Date
+| Topic
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:03.unbound.asc[FreeBSD-SA-24:03.unbound]
+|28 March 2024
+|Multiple vulnerabilities in Unbound
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh]
+|01 July 2024
+|OpenSSH pre-authentication remote code execution
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf]
+|07 August 2024
+|pf incorrectly matches different ICMPv6 states in the state table
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace]
+|07 August 2024
+|man:ktrace[2] fails to detach when executing a setuid binary
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient]
+|07 August 2024
+|NFS client accepts file names containing path separators
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh]
+|07 August 2024
+|OpenSSH pre-authentication async signal safety issue
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv]
+|04 September 2024
+|Multiple vulnerabilities in libnv
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve]
+|04 September 2024
+|man:bhyve[8] privileged guest escape via TPM device passthrough
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl]
+|04 September 2024
+|Multiple issues in man:ctl[4] CAM Target Layer
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve]
+|04 September 2024
+|man:bhyve[8] privileged guest escape via USB controller
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl]
+|04 September 2024
+|Possible DoS in X.509 name checks in OpenSSL
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx]
+|04 September 2024
+|umtx Kernel panic or Use-After-Free
+|===
+
+[[errata]]
+=== Errata Notices
+
+[.informaltable]
+[cols="1,1,1", frame="none", options="header"]
+|===
+| Errata
+| Date
+| Topic
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:05.tty.asc[FreeBSD-EN-24:05.tty]
+|28 March 2024
+|TTY Kernel panic
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:06.wireguard.asc[FreeBSD-EN-24:06.wireguard]
+|28 March 2024
+|Insufficient barriers in WireGuard man:if_wg[4]
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:07.clang.asc[FreeBSD-EN-24:07.clang]
+|28 March 2024
+|Clang crash when certain optimization is enabled
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:08.kerberos.asc[FreeBSD-EN-24:08.kerberos]
+|28 March 2024
+|Kerberos segfaults when using weak crypto
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:09.zfs.asc[FreeBSD-EN-24:09.zfs]
+|24 April 2024
+|High CPU usage by kernel threads related to ZFS
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSD-EN-24:10.zfs]
+|19 June 2024
+|Kernel memory leak in ZFS
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11.ldns]
+|19 June 2024
+|LDNS uses nameserver commented out in resolv.conf
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12.killpg]
+|19 June 2024
+|Lock order reversal in killpg causing livelock
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libcpass:[++].asc[FreeBSD-EN-24:13.libc++]
+|19 June 2024
+|Incorrect size passed to heap allocated std::string delete
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14.ifconfig]
+|07 August 2024
+|Incorrect ifconfig netmask assignment
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar]
+|04 September 2024
+|man:cron[8] / man:periodic[8] session login
+|===
+
[[userland]]
== Userland
This section covers changes and additions to userland applications, contributed software, and system utilities.
-[[userland-config]]
-=== Userland Configuration Changes
-
[[userland-programs]]
=== Userland Application Changes
@@ -101,20 +217,6 @@ LLVM and the `clang` compiler have been upgraded to version 18.1.5.
`capsicum-test` has been updated to snapshot eab7a83b.
-[[userland-deprecated-programs]]
-=== Deprecated Applications
-
-[[userland-libraries]]
-=== Runtime Libraries and API
-
-[[kernel]]
-== Kernel
-
-This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
-
-[[kernel-general]]
-=== General Kernel Changes
-
[[drivers]]
== Devices and Drivers
@@ -129,35 +231,14 @@ The man:ice[4] driver has been updated.
Support for SIM7600G has been added to man:u3g[4].
-There have been many stability fixes to native and LinuxKPI-based wireless drivers. (Sponsored by The FreeBSD Foundation)
-
-[[drivers-removals]]
-=== Deprecated and Removed Drivers
-
-[[storage]]
-== Storage
-
-This section covers changes and additions to file systems and other storage subsystems, both local and networked.
-
-[[storage-general]]
-=== General Storage
-
-[[boot]]
-== Boot Loader Changes
-
-This section covers the boot loader, boot menu, and other boot-related changes.
-
-[[boot-loader]]
-=== Boot Loader Changes
+There have been many stability fixes to native and LinuxKPI-based wireless drivers.
+(Sponsored by The FreeBSD Foundation)
[[network]]
== Networking
This section describes changes that affect networking in FreeBSD.
-[[network-general]]
-=== General Network
-
[[network-protocols]]
== Network Protocols
@@ -178,9 +259,6 @@ Added support for AMD Ryzen 7 "Phoenix" processors (family 0x19, model 0x70-0x7f
This enables temperature readings of these CPUs via sysctl.
The sensors function identically to those for the "Raphael" processors (model 0x60-0x6f); only the PCI device ID differs.
-[[hardware-virtualization]]
-=== Virtualization Support
-
[[documentation]]
== Documentation
@@ -189,7 +267,8 @@ This section covers changes to manual (man:man[1]) pages and other documentation
[[man-pages]]
=== Man Pages
-References to the legacy `disklabel` utility have been removed in favour of gpart. Future FreeBSD releases will remove this tool entirely."
+References to the legacy `disklabel` utility have been removed in favour of gpart.
+Future FreeBSD releases will remove this tool entirely.
[[ports]]
== Ports Collection and Package Infrastructure
@@ -199,10 +278,10 @@ This section covers changes to the FreeBSD Ports Collection, package infrastruct
[[ports-packages]]
=== Packaging Changes
-DVD package set has been modernized.
+The DVD package set has been modernized.
package:archivers/unzip[] has been removed as it is in base now.
-package:emulators/linux_base-c7[] has been removed as it is unlikely to be useful without other linux packages being installed.
+package:emulators/linux_base-c7[] has been removed as it is unlikely to be useful without other Linux packages being installed.
package:ports-mgmt/portmaster[] has been removed as it has been discouraged in favour of using pkg and binary packages.
@@ -210,7 +289,7 @@ package:x11-drivers/xf86-video-vmware[] has been removed as it is no longer usef
package:devel/git[] has been replaced with package:devel/git@lite[] as this is sufficient for most purposes.
-package:sysutils/seatd[] and package:x11-wm/sway[] has been added for wayland support.
+package:sysutils/seatd[] and package:x11-wm/sway[] have been added for Wayland support.
[[future-releases]]
== General Notes Regarding Future FreeBSD Releases
@@ -219,9 +298,9 @@ FreeBSD 15.0 is not expected to include support for 32-bit platforms other than
The armv6, i386, and powerpc platforms are deprecated and will be removed.
64-bit systems will still be able to run older 32-bit binaries.
-We expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15.
-However, we also anticipate that armv7 may be removed in FreeBSD 16.0.
-We will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release.
+The project expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15.
+However, the project also anticipate that armv7 may be removed in FreeBSD 16.0.
+The project will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release.
Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches.
Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#.
@@ -233,7 +312,7 @@ The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel an
Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system.
However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms.
-With the current support schedule, stable/14 will reach end of life (EOL) 5 years after the release of FreeBSD {releasePrev}.
+With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD {releasePrev}.
The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports.
With the release of {releasePrev} in November 2023, support for deprecated 32-bit platforms will end in November 2028.