From nobody Mon Sep 16 18:49:44 2024 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X6v9502c8z5WhNQ for ; Mon, 16 Sep 2024 18:49:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X6v946K4Pz4hdW; Mon, 16 Sep 2024 18:49:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726512584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vcrogdJzd1j1KSdqIYEr7UDtPZA/WNvk5h8wUj4Tgqw=; b=w29pnqLmRr3JdSa1HXj9DtNTIiRsLyFyWfPe6/eTrPlNgmjj2S+mNGR4IGrmnqvVxeRCL8 +9dHy9P/nkB8x313v/qfxg6Cu4wR9800iO5x6MmeHTbHhHSoYE6xPyteQWV9BvSpuEg5mF r5zzxHLozTdBpsWPeJehwfUKnx9Hd0G5Yvd56h21aN3dLXqy6Lsw1VkLCL3FfLRxfFp6uc TDg0bZrep8mCQQ/vdeSaPXXPzeaEHQQpDu7nMc/eJZMnbIDxK0NLOjgz79ze/ewH3oDM0p Qid99uGklMKwQZWOl/CnUWC2EANhPorS0id6nd60hBhUfhdT+6LFFyZEmw0ESA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726512584; a=rsa-sha256; cv=none; b=kiiYNKc/dBgqjlHU1mnWiEUub1yXTNMhJTw0cU6aRtVuYydjj8jPTlCnIfw/lccnPjuKcQ KBtwm4xw+CcjyxowG4ZcF/DnfcYeUlLLxHBKpuG5t5YvYc3r4pxeAbkmGPFzhSDksBVI9Q MIgoEB6uR4NWzpQbewFFonlo9neETPsRbDrNti6FdZcyjFP96Qfc30SPDvJSS0nnkliQ0D dpYwzzYXL98ATOyTeRqp/5R0iZnV2Kej5x4gCsWr9K+7AuK+VDTl7vfN7rz8YHN12E0Vmt ac/Qv4JgyMaplEP5D9QdCO/VPkXO8y+z2T9IPhO972bXSk4jZLu7M2wZFMAV4Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726512584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vcrogdJzd1j1KSdqIYEr7UDtPZA/WNvk5h8wUj4Tgqw=; b=rVEpWTfug1IM1YcrKISObgWiCF2MqLRI0uajnTZSEYxNINJiWfmvaa9eT2eiyB8lOT+v9p fW8hAR1qRcPl7yJJVHwS4f7QwmvjfLZRsWvqSamoS9k+1675OQ5qlHd1XWcM0zlTcIQzqy zOsr1itjE7EEr6ZxlCyViSM+mU3aWGdJdOA/D+dy7Fzxckfqjgki0/PW80RtbF93oBduTs USpz+8H5oRuv8np1MdvSNyQXhGHZMrHlqEQRV3o7YIuswCP8+0MPUZngyCXzUsR/lQGL8V 963beiqXlZ92GS5WQHdFw/1/kaVLpTP//VP5//587iaWRnBE1qhG+1Pj8aAHGQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X6v945wLkz15vw; Mon, 16 Sep 2024 18:49:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48GIniNl098102; Mon, 16 Sep 2024 18:49:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48GInibV098099; Mon, 16 Sep 2024 18:49:44 GMT (envelope-from git) Date: Mon, 16 Sep 2024 18:49:44 GMT Message-Id: <202409161849.48GInibV098099@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Muhammad Moinur Rahman Subject: git: c85c466e90 - main - 13.4R/relnotes: Update release notes List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-doc-all@freebsd.org Sender: owner-dev-commits-doc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bofh X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c85c466e9069d4ddc95454caa9ac4b303493949e Auto-Submitted: auto-generated The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/doc/commit/?id=c85c466e9069d4ddc95454caa9ac4b303493949e commit c85c466e9069d4ddc95454caa9ac4b303493949e Author: Muhammad Moinur Rahman AuthorDate: 2024-09-16 18:46:50 +0000 Commit: Muhammad Moinur Rahman CommitDate: 2024-09-16 18:46:50 +0000 13.4R/relnotes: Update release notes - Add SA [1] - Add Erratas - Remove unnecessary parts - Minor tweaks and typos fixes [1] - Linted with vale Reported by: grahamperrin@gmail.com Approved by: re (blanket) --- website/content/en/releases/13.4R/relnotes.adoc | 181 +++++++++++++++++------- 1 file changed, 130 insertions(+), 51 deletions(-) diff --git a/website/content/en/releases/13.4R/relnotes.adoc b/website/content/en/releases/13.4R/relnotes.adoc index becc0be5b8..d7844f29ba 100644 --- a/website/content/en/releases/13.4R/relnotes.adoc +++ b/website/content/en/releases/13.4R/relnotes.adoc @@ -68,14 +68,130 @@ Source-based upgrades (those based on recompiling the FreeBSD base system from s Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== +[[security-errata]] +== Security and Errata + +This section lists the various Security Advisories and Errata Notices since {releasePrev}. + +[[security]] +=== Security Advisories + +[.informaltable] +[cols="1,1,1", frame="none", options="header"] +|=== +| Advisory +| Date +| Topic + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:03.unbound.asc[FreeBSD-SA-24:03.unbound] +|28 March 2024 +|Multiple vulnerabilities in Unbound + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh] +|01 July 2024 +|OpenSSH pre-authentication remote code execution + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf] +|07 August 2024 +|pf incorrectly matches different ICMPv6 states in the state table + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace] +|07 August 2024 +|man:ktrace[2] fails to detach when executing a setuid binary + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient] +|07 August 2024 +|NFS client accepts file names containing path separators + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh] +|07 August 2024 +|OpenSSH pre-authentication async signal safety issue + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv] +|04 September 2024 +|Multiple vulnerabilities in libnv + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve] +|04 September 2024 +|man:bhyve[8] privileged guest escape via TPM device passthrough + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] +|04 September 2024 +|Multiple issues in man:ctl[4] CAM Target Layer + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] +|04 September 2024 +|man:bhyve[8] privileged guest escape via USB controller + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] +|04 September 2024 +|Possible DoS in X.509 name checks in OpenSSL + +|https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] +|04 September 2024 +|umtx Kernel panic or Use-After-Free +|=== + +[[errata]] +=== Errata Notices + +[.informaltable] +[cols="1,1,1", frame="none", options="header"] +|=== +| Errata +| Date +| Topic + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:05.tty.asc[FreeBSD-EN-24:05.tty] +|28 March 2024 +|TTY Kernel panic + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:06.wireguard.asc[FreeBSD-EN-24:06.wireguard] +|28 March 2024 +|Insufficient barriers in WireGuard man:if_wg[4] + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:07.clang.asc[FreeBSD-EN-24:07.clang] +|28 March 2024 +|Clang crash when certain optimization is enabled + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:08.kerberos.asc[FreeBSD-EN-24:08.kerberos] +|28 March 2024 +|Kerberos segfaults when using weak crypto + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:09.zfs.asc[FreeBSD-EN-24:09.zfs] +|24 April 2024 +|High CPU usage by kernel threads related to ZFS + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSD-EN-24:10.zfs] +|19 June 2024 +|Kernel memory leak in ZFS + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11.ldns] +|19 June 2024 +|LDNS uses nameserver commented out in resolv.conf + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12.killpg] +|19 June 2024 +|Lock order reversal in killpg causing livelock + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libcpass:[++].asc[FreeBSD-EN-24:13.libc++] +|19 June 2024 +|Incorrect size passed to heap allocated std::string delete + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14.ifconfig] +|07 August 2024 +|Incorrect ifconfig netmask assignment + +|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar] +|04 September 2024 +|man:cron[8] / man:periodic[8] session login +|=== + [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. -[[userland-config]] -=== Userland Configuration Changes - [[userland-programs]] === Userland Application Changes @@ -101,20 +217,6 @@ LLVM and the `clang` compiler have been upgraded to version 18.1.5. `capsicum-test` has been updated to snapshot eab7a83b. -[[userland-deprecated-programs]] -=== Deprecated Applications - -[[userland-libraries]] -=== Runtime Libraries and API - -[[kernel]] -== Kernel - -This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. - -[[kernel-general]] -=== General Kernel Changes - [[drivers]] == Devices and Drivers @@ -129,35 +231,14 @@ The man:ice[4] driver has been updated. Support for SIM7600G has been added to man:u3g[4]. -There have been many stability fixes to native and LinuxKPI-based wireless drivers. (Sponsored by The FreeBSD Foundation) - -[[drivers-removals]] -=== Deprecated and Removed Drivers - -[[storage]] -== Storage - -This section covers changes and additions to file systems and other storage subsystems, both local and networked. - -[[storage-general]] -=== General Storage - -[[boot]] -== Boot Loader Changes - -This section covers the boot loader, boot menu, and other boot-related changes. - -[[boot-loader]] -=== Boot Loader Changes +There have been many stability fixes to native and LinuxKPI-based wireless drivers. +(Sponsored by The FreeBSD Foundation) [[network]] == Networking This section describes changes that affect networking in FreeBSD. -[[network-general]] -=== General Network - [[network-protocols]] == Network Protocols @@ -178,9 +259,6 @@ Added support for AMD Ryzen 7 "Phoenix" processors (family 0x19, model 0x70-0x7f This enables temperature readings of these CPUs via sysctl. The sensors function identically to those for the "Raphael" processors (model 0x60-0x6f); only the PCI device ID differs. -[[hardware-virtualization]] -=== Virtualization Support - [[documentation]] == Documentation @@ -189,7 +267,8 @@ This section covers changes to manual (man:man[1]) pages and other documentation [[man-pages]] === Man Pages -References to the legacy `disklabel` utility have been removed in favour of gpart. Future FreeBSD releases will remove this tool entirely." +References to the legacy `disklabel` utility have been removed in favour of gpart. +Future FreeBSD releases will remove this tool entirely. [[ports]] == Ports Collection and Package Infrastructure @@ -199,10 +278,10 @@ This section covers changes to the FreeBSD Ports Collection, package infrastruct [[ports-packages]] === Packaging Changes -DVD package set has been modernized. +The DVD package set has been modernized. package:archivers/unzip[] has been removed as it is in base now. -package:emulators/linux_base-c7[] has been removed as it is unlikely to be useful without other linux packages being installed. +package:emulators/linux_base-c7[] has been removed as it is unlikely to be useful without other Linux packages being installed. package:ports-mgmt/portmaster[] has been removed as it has been discouraged in favour of using pkg and binary packages. @@ -210,7 +289,7 @@ package:x11-drivers/xf86-video-vmware[] has been removed as it is no longer usef package:devel/git[] has been replaced with package:devel/git@lite[] as this is sufficient for most purposes. -package:sysutils/seatd[] and package:x11-wm/sway[] has been added for wayland support. +package:sysutils/seatd[] and package:x11-wm/sway[] have been added for Wayland support. [[future-releases]] == General Notes Regarding Future FreeBSD Releases @@ -219,9 +298,9 @@ FreeBSD 15.0 is not expected to include support for 32-bit platforms other than The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. -We expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. -However, we also anticipate that armv7 may be removed in FreeBSD 16.0. -We will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. +The project expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. +However, the project also anticipate that armv7 may be removed in FreeBSD 16.0. +The project will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. @@ -233,7 +312,7 @@ The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel an Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. -With the current support schedule, stable/14 will reach end of life (EOL) 5 years after the release of FreeBSD {releasePrev}. +With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD {releasePrev}. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of {releasePrev} in November 2023, support for deprecated 32-bit platforms will end in November 2028.