BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD 10.4-RELEASE Now Available

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

                       FreeBSD 10.4-RELEASE Announcement

   The FreeBSD Release Engineering Team is pleased to announce availability
   of FreeBSD 10.4-RELEASE. This is the fifth release of the stable/10
   branch, building upon the stability and reliability of 10.3-RELEASE and
   introducing new features.

   Some of the highlights:

     * 10.4-RELEASE is the first FreeBSD release to feature full support for
       eMMC storage, including eMMC partitions, TRIM and bus speed modes up
       to HS400. Please note, though, that availability of especially the
       DDR52, HS200 and HS400 modes requires support in the actual sdhci(4)
       front-end as well as by the hardware used. Also note, that the SDHCI
       controller part of Intel(R) Apollo Lake chipsets is affected by
       several severe silicon bugs. Apparently, it depends on the particular
       Apollo Lake platform whether the workarounds in place so far are
       sufficient to avoid timeouts on attaching sdhci(4) there.

     * Also in case a GPT disk label is used, the fsck_ffs(8) utility now is
       able to find alternate superblocks.

     * The aesni(4) driver now no longer shares a single FPU context across
       multiple sessions in multiple threads, addressing problems seen when
       employing aesni(4) for accelerating ipsec(4).

     * Support for the Kaby Lake generation of Intel(R) i219(4)/ i219(5)
       devices has been added to the em(4) driver.

     * The em(4) driver is now capable of enabling Wake On LAN (WOL) also
       for Intel(R) i217, i218 and i219 chips. Note that stale interface
       configurations from previous unsuccessful attempts to enable WOL for
       these devices now will actually take effect. For example, an
       `ifconfig em0 wol` activates all WOL variants including wol_mcast,
       which might be undesirable.

     * Support for WOL has been added to the igb(4) driver, which was not
       able to activate this feature on any device before. The same remark
       regarding stale WOL configurations as for the em(4) driver applies.

     * Userland coredumps can now trigger events such as generating a human
       readable crash report via devd(8). This feature is off by default.

     * The firmware shipping with the qlxgbe(4) driver has been updated to
       version 5.4.66. Additionally, this driver has received some TSO and
       locking fixes, performance optimizations as well as SYSCTLs providing
       MAC, RX and TX statistics.

     * Mellanox(R) ConnectX-4 series adapters are now supported by the newly
       added mlx5ib(4) driver.

     * OpenSSH received an update to version 7.3p1.

     * GNOME has been updated to version 3.18.

     * Xorg-Server has been updated to version 1.18.4.

     * And much more ...

   For a complete list of new features and known problems, please see the
   online release notes and errata list, available at:

     * https://www.FreeBSD.org/releases/10.4R/relnotes.html

     * https://www.FreeBSD.org/releases/10.4R/errata.html

   For more information about FreeBSD release engineering activities, please
   see:

     * https://www.FreeBSD.org/releng/

Dedication

   The FreeBSD Project dedicates the FreeBSD 10.4-RELEASE to the memory of
   Andrey A. Chernov.

Availability

   FreeBSD 10.4-RELEASE is now available for the amd64, i386, ia64, powerpc,
   powerpc64, sparc64, and armv6 architectures.

   FreeBSD 10.4-RELEASE can be installed from bootable ISO images or over
   the network. Some architectures also support installing from a USB memory
   stick. The required files can be downloaded as described in the section
   below.

   SHA512 and SHA256 hashes for the release ISO, memory stick, and SD card
   images are included at the bottom of this message.

   PGP-signed checksums for the release images are also available at:

     * https://www.FreeBSD.org/releases/10.4R/signatures.html

   A PGP-signed version of this announcement is available at:

     * https://www.FreeBSD.org/releases/10.4R/announce.asc

   Additional UEFI-capable images are available for the amd64 (x86_64)
   architecture.

   The purpose of the images provided as part of the release are as follows:

   dvd1

           This contains everything necessary to install the base FreeBSD
           operating system, the documentation, and a small set of pre-built
           packages aimed at getting a graphical workstation up and running.
           It also supports booting into a "livefs" based rescue mode. This
           should be all you need if you can burn and use DVD-sized media.

   disc1

           This contains the base FreeBSD operating system. It also supports
           booting into a "livefs" based rescue mode. There are no pre-built
           packages.

   bootonly

           This supports booting a machine using the CDROM drive but does
           not contain the installation distribution sets for installing
           FreeBSD from the CD itself. You would need to perform a network
           based install (e.g., from an HTTP or FTP server) after booting
           from the CD.

   memstick

           This can be written to an USB memory stick (flash drive) and used
           to do an install on machines capable of booting off USB drives.
           It also supports booting into a "livefs" based rescue mode. There
           are no pre-built packages.

           As one example of how to use the memstick image, assuming the USB
           drive appears as /dev/da0 on your machine something like this
           should work:

           # dd if=FreeBSD-10.4-RELEASE-amd64-memstick.img \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   mini-memstick

           This can be written to an USB memory stick (flash drive) and used
           to boot a machine, but does not contain the installation
           distribution sets on the medium itself, similar to the bootonly
           image. It also supports booting into a "livefs" based rescue
           mode. There are no pre-built packages.

           As one example of how to use the mini-memstick image, assuming
           the USB drive appears as /dev/da0 on your machine something like
           this should work:

           # dd if=FreeBSD-10.4-RELEASE-amd64-mini-memstick.img \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   FreeBSD/arm SD card images

           These can be written to an SD card and used to boot the supported
           arm system. The SD card image contains the full FreeBSD
           installation, and can be installed onto SD cards as small as
           512Mb.

           For convenience for those without console access to the system, a
           freebsd user with a password of freebsd is available by default
           for ssh(1) access. Additionally, the root user password is set to
           root, which it is strongly recommended to change the password for
           both users after gaining access to the system.

           To write the FreeBSD/arm image to an SD card, use the dd(1)
           utility, replacing KERNEL with the appropriate kernel
           configuration name for the system.

           # dd if=FreeBSD-10.4-RELEASE-arm-armv6-KERNEL.img \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   FreeBSD 10.4-RELEASE can also be purchased on CD-ROM or DVD from several
   vendors. One of the vendors that will be offering FreeBSD 10.4-based
   products is:

     * FreeBSD Mall, Inc. https://www.freebsdmall.com

   Pre-installed virtual machine images are also available for the amd64
   (x86_64) and i386 (x86_32) architectures in QCOW2, VHD, and VMDK disk
   image formats, as well as raw (unformatted) images.

   FreeBSD 10.4-RELEASE amd64 is also available on these cloud hosting
   platforms:

     * Amazon(R) EC2(TM):
       AMIs are available in the following regions:

         ap-south-1 region: ami-2a87c645
         eu-west-2 region: ami-07445663
         eu-west-1 region: ami-acac66d5
         ap-northeast-2 region: ami-8bc51fe5
         ap-northeast-1 region: ami-af2efac9
         sa-east-1 region: ami-eeef9382
         ca-central-1 region: ami-e366df87
         ap-southeast-1 region: ami-b88af8db
         ap-southeast-2 region: ami-61e70703
         eu-central-1 region: ami-ac60d3c3
         us-east-1 region: ami-6f758815
         us-east-2 region: ami-a93815cc
         us-west-1 region: ami-e32b1b83
         us-west-2 region: ami-f3e9118b


       AMIs will also available in the Amazon(R) Marketplace once they have
       completed third-party specific validation at:
       https://aws.amazon.com/marketplace/pp/B00KSS55FY/

     * Google(R) Compute Engine(TM):
       Instances can be deployed using the gcloud utility:

           % gcloud compute instances create INSTANCE \
             --image freebsd-10-4-release-amd64 \
             --image-project=freebsd-org-cloud-dev
           % gcloud compute ssh INSTANCE

       Replace INSTANCE with the name of the Google Compute Engine instance.

     * Hashicorp/Atlas(R) Vagrant(TM):
       Instances can be deployed using the vagrant utility:

           % vagrant init freebsd/FreeBSD-10.4-RELEASE
           % vagrant up

     * Microsoft(R) Azure(TM):
       FreeBSD virtual machine images will be available once they have
       completed third-party specific validation at:
       https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.FreeBSD104?tab=Overview

Download

   FreeBSD 10.4-RELEASE may be downloaded via https from the following site:

     * https://download.freebsd.org/ftp/releases/ISO-IMAGES/10.4/

   FreeBSD 10.4-RELEASE virtual machine images may be downloaded