FreeBSD 11.1-STABLE Release Notes

The FreeBSD Project

FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.

Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the ® symbol.

Last modified on 2018-04-19 17:19:12 by gjb.

The release notes for FreeBSD 11.1-STABLE contain a summary of the changes made to the FreeBSD base system on the 11.1-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

[ Split HTML / Single HTML ]

Table of Contents
1. Introduction
2. Upgrading from Previous Releases of FreeBSD
3. Security and Errata
3.1. Security Advisories
3.2. Errata Notices
4. Userland
4.1. Userland Configuration Changes
4.2. Userland Application Changes
4.3. Contributed Software
4.4. Installation and Configuration Tools
4.5. /etc/rc.d Scripts
4.6. /etc/periodic Scripts
4.7. Runtime Libraries and API
4.8. ABI Compatibility
4.9. Userland Debugging
5. Kernel
5.1. General Kernel Changes
5.2. Kernel Bug Fixes
5.3. Kernel Configuration
5.4. Kernel Modules
5.5. System Tuning and Controls
6. Devices and Drivers
6.1. Device Drivers
6.2. Storage Drivers
6.3. Network Drivers
7. Hardware Support
7.1. Hardware Support
7.2. Virtualization Support
7.3. ARM Support
8. Storage
8.1. General Storage
8.2. Networked Storage
8.3. ZFS
8.4. geom(4)
9. Boot Loader Changes
9.1. Boot Loader Changes
9.2. Boot Menu Changes
10. Networking
10.1. General Network Changes
10.2. Network Protocols
11. Ports Collection and Package Infrastructure
11.1. Infrastructure Changes
11.2. Packaging Changes
12. Documentation
12.1. Documentation Source Changes
12.2. Documentation Toolchain Changes
13. Release Engineering and Integration
13.1. Integration Changes

1. Introduction

This document contains the release notes for FreeBSD 11.1-STABLE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The snapshot distribution to which these release notes apply represents a point along the 11.1-STABLE development branch between 11.1-RELEASE and the future 11.2-RELEASE. Information regarding pre-built, binary snapshot distributions along this branch can be found at

All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.1-STABLE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed features in FreeBSD since 11.1-RELEASE. In general, changes described here are unique to the 11.1-STABLE branch unless specifically marked as MERGED features.

Typical release note items document recent security advisories issued after 11.1-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

2. Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the freebsd-update(8) utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The freebsd-update(8) utility requires that the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.


Upgrading FreeBSD should only be attempted after backing up all data and configuration files.

3. Security and Errata

This section lists the various Security Advisories and Errata Notices since 11.1-RELEASE.

3.1. Security Advisories

FreeBSD-SA-17:06.openssh10 August 2017

Denial of Service vulnerability

FreeBSD-SA-17:07.wpa16 October 2017

WPA2 protocol vulnerability

FreeBSD-SA-17:08.ptrace15 November 2017

Kernel data leak via ptrace(PT_LWPINFO)

FreeBSD-SA-17:10.kldstat15 November 2017

Information leak

FreeBSD-SA-17:11.openssl29 November 2017

Multiple vulnerabilities

FreeBSD-SA-17:12.openssl09 December 2017

Multiple vulnerabilities

FreeBSD-SA-18:01.ipsec07 March 2018

Fix IPSEC validation and use-after-free

FreeBSD-SA-18:02.ntp07 March 2018

Multiple vulnerabilities

FreeBSD-SA-18:03.speculative_execution14 March 2018

Speculative Execution Vulnerabilities


This advisory addresses the most significant issues for FreeBSD 11.1 on amd64 CPUs. We expect to update this advisory to include 10.x for amd64 CPUs. Future FreeBSD releases will address this issue on i386 and other CPUs.

FreeBSD-SA-18:04.vt04 April 2018

Fix vt(4) console memory disclosure

FreeBSD-SA-18:05.ipsec04 April 2018

Fix denial of service

3.2. Errata Notices

FreeBSD-EN-17:07.vnet10 August 2017

VNET kernel panic with asynchronous I/O

FreeBSD-EN-17:08.pf10 August 2017

pf(4) housekeeping thread causes kernel panic

FreeBSD-EN-17:09.tzdata2 November 2017

Timezone database information update

FreeBSD-EN-18:01.tzdata07 March 2018

Timezone database information update

FreeBSD-EN-18:02.file07 March 2018

Stack-based buffer overflow

FreeBSD-EN-18:03.tzdata04 April 2018

Update timezone database information

FreeBSD-EN-18:04.mem04 April 2018

Multiple small kernel memory disclosures

4. Userland

This section covers changes and additions to userland applications, contributed software, and system utilities.

4.1. Userland Configuration Changes


4.2. Userland Application Changes

The ln(1) utility has been updated to correct the behavior of the -F flag by unlinking an existing directory before creating a symbolic link. [r321092]

The crontab(1) utility has been updated to include a new flag, -f, which forces crontab(5) removal when -r is used non-interactively. [r321241]

The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs. [r321262]

The sesutil(8) utility has been updated to include libxo(3) support in output. [r321287] (Sponsored by

The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller. The -s and -p flags are mutually exclusive, and cannot be used with any other flags. [r321927]

The diskinfo(8) utility has also been updated to include device model when the -s flag is used. [r321929]

The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem. [r322910]

The pw(8) utility has been updated to properly handle empty secondary group lists as an argument to the -G flag when using the usermod subcommand. [r322919]

The ps(1) utility has been updated to reflect realtime and idle priorities in state flags. [r324270]

The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by C. [r324271]

The cpucontrol(8) utility has been updated to include a new flag, -n, that disables the default microcode update search path when used. [r324380]

The fsck_ffs(8) utility has been updated to prevent a filesystem from being reported as modified when only the timestamp in the superblock is updated. [r324674]

The diskinfo(8) utility has been updated to display disk rotation rate and if TRIM/UNMAP is supported by the disk. [r325003] (Sponsored by Spectra Logic)

The rsh(1) utility has been updated to include a new flag, -N, which disables shutdown of a socket sending path when used. [r325473]

The pfctl(8) utility has been updated to allow route-to to properly handle network interfaces with multiple IP addresses. [r326413]

The camcontrol(8) utility has been updated to include ZAC (Zoned-device ATA command set) information when the identify subcommand is used. [r326778] (Sponsored by Spectra Logic)

The pw(8) utility has been updated to correct handling of account expiration periods. [r326848]

The mdmfs(8) utility has been updated to support tmpfs(5). [r327592]

The cpucontrol(8) utility has been updated to include a new flag, -e, which is used to re-evaluate reported CPU features after applying firmware updates. [r327871]


The cpucontrol(8) -e flag should only be used after microcode update have been applied to all CPUs in the system, otherwise system instability may be experienced if processor features are not identical across the system.

The df(1) utility has been updated to include the --si long option, which is an alias to -H. [r328140]

The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID. [r328599]

The fsck_ffs(8) utility has been updated to exit with a non-zero status when the filesystem is not repaired. [r328604] (Sponsored by Dell EMC)

The nvmecontrol(8) utility has been updated to print the full 128 bit value for SMART data, instead of the hexadecimal value. [r328668]

The nvmecontrol(8) utility has been updated to include control options for Western Digital® HGST drives. The new options are cap-diag, get-crash-dump, drive-log, purge, and purge-monitor. [r328716]

The dhclient(8) utility has been updated to be more compliant with RFC2131 by setting the source address field in the IP header to 0 when sending a DHCPREQUEST message to attempt to obtain a previously-assigned IP address. [r330692] (Sponsored by Dell EMC)

The pw(8) utility has been updated to allow the @ and ! characters in the GECOS field. [r330694] (Sponsored by Dell EMC)

The ps(1) utility has been updated to include a jail keyword, which when used will list the name of a jail(8) instead of the numeric ID. [r331471]

The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4). [r331586] (Sponsored by Mellanox Technologies)

The sysctl(8) utility has been updated to support setting an array of values to nodes. Prior to this change, sysctl(8) could only set one value to a node that may return multiple values when queried. [r331603] (Sponsored by Chelsio Communications)

The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface. [r331729]

The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager. [r332126] (Sponsored by Netflix)

4.3. Contributed Software

The libarchive(3) library has been updated to version 3.3.2. [r321303]

The libxo(3) library has been updated to version 0.8.4. [r322172]

Subversion has been updated to version 1.9.7. [r322442]

The file(1) utility has been updated to version 5.32. [r328874]

OpenSSH has been updated to version 7.5p1. [r323136]

The mandoc(1) utility has been updated to version 1.14.3. [r324581]

The tcpdump(1) utility has been updated to version 4.9.2. [r327234]

The NTP utilities have been updated to version 4.2.8p11. [r330106]

The less(1) utility has been updated to upstream version v530. [r330570]

The bmake utility has been updated to upstream version 20180222. [r331246]

OpenSSL has been updated to version 1.0.2o. [r331638]

Timezone data files have been updated to version 2018d. [r331662]

The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 6.0.0. [r331838]

4.4. Installation and Configuration Tools

[arm64] The bsdinstall(8) installer has been updated to default to UEFI-only boot. [r322254] (Sponsored by The FreeBSD Foundation)

4.5. /etc/rc.d Scripts


4.6. /etc/periodic Scripts


4.7. Runtime Libraries and API


4.8. ABI Compatibility


4.9. Userland Debugging


5. Kernel

This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.

5.1. General Kernel Changes


5.2. Kernel Bug Fixes


5.3. Kernel Configuration


5.4. Kernel Modules


5.5. System Tuning and Controls


6. Devices and Drivers

This section covers changes and additions to devices and device drivers since 11.1-RELEASE.

6.1. Device Drivers

The mlx5io(4) driver has been added, providing an interface to manage supported Connect-X 4 and Connect-X 5 network adapters. [r331586] (Sponsored by Mellanox Technologies)

The cxgbe(4) driver has been updated to firmware version for T4, T5, and T6 network adapters. [r330307] (Sponsored by Chelsio Communications)

6.2. Storage Drivers


6.3. Network Drivers


7. Hardware Support

This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document.

7.1. Hardware Support

Support for the TAIO USB multi-protocol adapter (TUMPA) has been added. [r331500]

7.2. Virtualization Support

Support for virtio_console(4) has been added to bhyve(4). [r321413]

7.3. ARM Support


8. Storage

This section covers changes and additions to file systems and other storage subsystems, both local and networked.

8.1. General Storage


8.2. Networked Storage


8.3. ZFS


8.4. geom(4)


9. Boot Loader Changes

This section covers the boot loader, boot menu, and other boot-related changes.

9.1. Boot Loader Changes

The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior. [r329114]

9.2. Boot Menu Changes


10. Networking

This section describes changes that affect networking in FreeBSD.

10.1. General Network Changes


10.2. Network Protocols


11. Ports Collection and Package Infrastructure

This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.

11.1. Infrastructure Changes


11.2. Packaging Changes


12. Documentation

This section covers changes to the FreeBSD Documentation Project sources and toolchain.

12.1. Documentation Source Changes


12.2. Documentation Toolchain Changes


13. Release Engineering and Integration

This section convers changes that are specific to the FreeBSD Release Engineering processes.

13.1. Integration Changes

Amazon® EC2™ instances now keep their clocks synchronized using the Amazon Time Sync Service, the NTP service internal to the EC2™ infrastructure. [r326892]

This file, and other release-related documents, can be downloaded from

For questions about FreeBSD, read the documentation before contacting <>.

All users of FreeBSD 11.1-STABLE should subscribe to the <> mailing list.

For questions about this documentation, e-mail <>.