BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD 12.0-RELEASE Now Available

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                       FreeBSD 12.0-RELEASE Announcement

   The FreeBSD Release Engineering Team is pleased to announce the
   availability of FreeBSD 12.0-RELEASE. This is the first release of the
   stable/12 branch.

   Some of the highlights:

     * OpenSSL has been updated to version 1.1.1a (LTS).

     * Unbound has been updated to version 1.8.1, and DANE-TA has been
       enabled by default.

     * OpenSSH has been updated to version 7.8p1.

     * Additonal capsicum(4) support has been added to sshd(8).

     * Clang, LLVM, LLD, LLDB, compiler-rt and libc++ has been updated to
       version 6.0.1.

     * The vt(4) Terminus BSD Console font has been update to version 4.46.

     * The bsdinstall(8) utility now supports UEFI+GELI as an installation
       option.

     * The VIMAGE kernel configuration option has been enabled by default.

     * The NUMA option has been enabled by default in the amd64 GENERIC and
       MINIMAL kernel configurations.

     * The netdump(4) driver has been added, providing a facility through
       which kernel crash dumps can be transmitted to a remote host after a
       system panic.

     * The vt(4) driver has been updated with performance improvements,
       drawing text at rates ranging from 2- to 6-times faster.

     * Various improvements to graphics support for current generation
       hardware.

     * Support for capsicum(4) has been enabled on armv6 and armv7 by
       default.

     * The UFS/FFS filesystem has been updated to consolidate
       TRIM/BIO_DELETE commands, reducing read/write requests due to fewer
       TRIM messages being sent simultaneously.

     * The NFS version 4.1 server has been updated to include pNFS server
       support.

     * The pf(4) packet filter is now usable within a jail(8) using vnet(9).

     * The bhyve(8) utility has been updated to add NVMe device emulation.

     * The bhyve(8) utility is now able to be run withing a jail(8).

     * Various Lua loader(8) improvements.

     * KDE has been updated to version 5.12.5.

     * And more...

   For a complete list of new features and known problems, please see the
   online release notes and errata list, available at:

     * https://www.FreeBSD.org/releases/12.0R/relnotes.html

     * https://www.FreeBSD.org/releases/12.0R/errata.html

   For more information about FreeBSD release engineering activities, please
   see:

     * https://www.FreeBSD.org/releng/

Availability

   FreeBSD 12.0-RELEASE is now available for the amd64, i386, powerpc,
   powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures.

   FreeBSD 12.0-RELEASE can be installed from bootable ISO images or over
   the network. Some architectures also support installing from a USB memory
   stick. The required files can be downloaded as described in the section
   below.

   SHA512 and SHA256 hashes for the release ISO, memory stick, and SD card
   images are included at the bottom of this message.

   PGP-signed checksums for the release images are also available at:

     * https://www.FreeBSD.org/releases/12.0R/signatures.html

   A PGP-signed version of this announcement is available at:

     * https://www.FreeBSD.org/releases/12.0R/announce.asc

   The purpose of the images provided as part of the release are as follows:

   dvd1

           This contains everything necessary to install the base FreeBSD
           operating system, the documentation, debugging distribution sets,
           and a small set of pre-built packages aimed at getting a
           graphical workstation up and running. It also supports booting
           into a "livefs" based rescue mode. This should be all you need if
           you can burn and use DVD-sized media.

           Additionally, this can be written to an USB memory stick (flash
           drive) for the amd64 architecture and used to do an install on
           machines capable of booting off USB drives. It also supports
           booting into a "livefs" based rescue mode.

           As one example of how to use the memstick image, assuming the USB
           drive appears as /dev/da0 on your machine something like this
           should work:

           # dd if=FreeBSD-12.0-RELEASE-amd64-dvd1.iso \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   disc1

           This contains the base FreeBSD operating system. It also supports
           booting into a "livefs" based rescue mode. There are no pre-built
           packages.

           Additionally, this can be written to an USB memory stick (flash
           drive) for the amd64 architecture and used to do an install on
           machines capable of booting off USB drives. It also supports
           booting into a "livefs" based rescue mode. There are no pre-built
           packages.

           As one example of how to use the memstick image, assuming the USB
           drive appears as /dev/da0 on your machine something like this
           should work:

           # dd if=FreeBSD-12.0-RELEASE-amd64-disc1.iso \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   bootonly

           This supports booting a machine using the CDROM drive but does
           not contain the installation distribution sets for installing
           FreeBSD from the CD itself. You would need to perform a network
           based install (e.g., from an HTTP or FTP server) after booting
           from the CD.

           Additionally, this can be written to an USB memory stick (flash
           drive) for the amd64 architecture and used to do an install on
           machines capable of booting off USB drives. It also supports
           booting into a "livefs" based rescue mode. There are no pre-built
           packages.

           As one example of how to use the memstick image, assuming the USB
           drive appears as /dev/da0 on your machine something like this
           should work:

           # dd if=FreeBSD-12.0-RELEASE-amd64-bootonly.iso \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   memstick

           This can be written to an USB memory stick (flash drive) and used
           to do an install on machines capable of booting off USB drives.
           It also supports booting into a "livefs" based rescue mode. There
           are no pre-built packages.

           As one example of how to use the memstick image, assuming the USB
           drive appears as /dev/da0 on your machine something like this
           should work:

           # dd if=FreeBSD-12.0-RELEASE-amd64-memstick.img \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   mini-memstick

           This can be written to an USB memory stick (flash drive) and used
           to boot a machine, but does not contain the installation
           distribution sets on the medium itself, similar to the bootonly
           image. It also supports booting into a "livefs" based rescue
           mode. There are no pre-built packages.

           As one example of how to use the mini-memstick image, assuming
           the USB drive appears as /dev/da0 on your machine something like
           this should work:

           # dd if=FreeBSD-12.0-RELEASE-amd64-mini-memstick.img \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   FreeBSD/arm SD card images

           These can be written to an SD card and used to boot the supported
           arm system. The SD card image contains the full FreeBSD
           installation, and can be installed onto SD cards as small as
           512Mb.

           For convenience for those without console access to the system, a
           freebsd user with a password of freebsd is available by default
           for ssh(1) access. Additionally, the root user password is set to
           root, which it is strongly recommended to change the password for
           both users after gaining access to the system.

           To write the FreeBSD/arm image to an SD card, use the dd(1)
           utility, replacing KERNEL with the appropriate kernel
           configuration name for the system.

           # dd if=FreeBSD-12.0-RELEASE-arm-armv7-KERNEL.img \
             of=/dev/da0 bs=1m conv=sync

           Be careful to make sure you get the target (of=) correct.

   FreeBSD 12.0-RELEASE can also be purchased on CD-ROM or DVD from several
   vendors. One of the vendors that will be offering FreeBSD 12.0-based
   products is:

     * FreeBSD Mall, Inc. https://www.freebsdmall.com

   Pre-installed virtual machine images are also available for the amd64
   (x86_64), i386 (x86_32), and AArch64 (arm64) architectures in QCOW2, VHD,
   and VMDK disk image formats, as well as raw (unformatted) images.

   FreeBSD 12.0-RELEASE amd64 is also available on these cloud hosting
   platforms:

     * Amazon(R) EC2(TM):
       AMIs are available in the following regions:

         ap-south-1 region: ami-024f703d85c3b1012
         eu-west-3 region: ami-04243f83cbdff155e
         eu-west-2 region: ami-019ecda9be40c3dc1
         eu-west-1 region: ami-01fe4421da59ecb30
         ap-northeast-2 region: ami-00714e1048e4f0d07
         ap-northeast-1 region: ami-07b604cf5a1d2d2e8
         sa-east-1 region: ami-05dd76ac6637fb42d
         ca-central-1 region: ami-03bb92c67ff9aaf90
         ap-southeast-1 region: ami-09f5032f4642114c0
         ap-southeast-2 region: ami-0e0c8be22c4801d9b
         eu-central-1 region: ami-01b35a0a834759fc1
         us-east-1 region: ami-03b0f822e17669866
         us-east-2 region: ami-0842e35b91bf08aa5
         us-west-1 region: ami-0519471b49bca30b3
         us-west-2 region: ami-04331586c79df8e01

       AMIs are also available in the Amazon(R) Marketplace at:
       https://aws.amazon.com/marketplace/pp/B07L6QV354/

     * Google(R) Compute Engine(TM):
       Instances can be deployed using the gcloud utility:

           % gcloud compute instances create INSTANCE \
             --image freebsd-12-0-release-amd64 \
             --image-project=freebsd-org-cloud-dev
           % gcloud compute ssh INSTANCE

       Replace INSTANCE with the name of the Google Compute Engine instance.

       FreeBSD 12.0-RELEASE will also available in the
       Google Compute Engine(TM) Marketplace once they have completed
       third-party specific validation at:
       https://console.cloud.google.com/launcher/browse?filter=category:os&filter=price:free

     * Hashicorp/Atlas(R) Vagrant(TM):
       Instances can be deployed using the vagrant utility:

           % vagrant init freebsd/FreeBSD-12.0-RELEASE
           % vagrant up

Download

   FreeBSD 12.0-RELEASE may be downloaded via https from the following site:

     * https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.0/

   FreeBSD 12.0-RELEASE virtual machine images may be downloaded