FreeNAS 11.2-U2

  15 minute read

February 18, 2019

The FreeNAS development team is pleased to announce the availability of the second update to FreeNAS 11.2. This bug fix release addresses the following security vulnerabilities:

  • ZFS vnode reclaim deadlock
  • Insufficient bounds checking in bhyve(8) device model
  • sqlite update
  • Timezone database information update
  • kqueue race condition and kernel panic
  • System call kernel data register leak
  • OpenSSL security update (CVE-2018-5407)
  • curl has been updated to 7.62.0 to address several security CVEs.
  • Samba has been updated to 4.9.4 which is the current stable release receiving new features. This version bump provides significant performance improvements as well as improved Time Machine over SMB support.

The Enable SMB1 support checkbox has been added to Services ‣ SMB. However, users are cautioned to not use SMB1.

The new web UI has received many bug fixes.

Due to the many security fixes and UI improvements, users of 11.2 systems are encouraged to update to 11.2-U2 using the instructions in the Guide.

Known Impacts

If you receive a “UnboundLocalError: local variable ‘bridge_cmd’ referenced before assignment” error when installing a plugin, click ADVANCED PLUGIN INSTALLATION in the installation screen and select “auto” for the VNET option. To resolve this error when starting a plugin or jail or when installing a jail, click the 3 button menu for that jail, click Edit, click Network Properties, and change the vnet_default_interface property to “auto”. If that does not resolve the issue, try checking and unchecking the DHCP box.

Known Issues

Some users are not able to create iSCSI device extents in the new UI. As a workaround, use the legacy UI to create device extents until the cause is diagnosed and the issue is resolved.

Some SMB sharing edge cases, particularly those using Unix permissions, may become inaccessible with this update. If your SMB share works in RELEASE-U1 but not in U2, enable the ixnas VFS Object for that share in Sharing ‣ Windows (SMB) Shares.

Changelog

  • 23958 Bug Clarify Guide entry for UPS Port field when SNMP is selected
  • 25705 Bug Use HTTPS for updates
  • 25938 Feature Mimic Windows-style ACLs for NFSv4
  • 27735 Feature Use FreeBSD file flags to store Samba DOS modes
  • 28578 Bug Add Configuring Persistent NFS-Shared Volumes section to Guide
  • 29074 Bug Clarify meaning of cloud sync times
  • 30495 Feature Adjust help text formatting and add ability to pin help text window to screen
  • 32793 Bug Report actual physical (compressed) L2ARC size
  • 33141 Bug Disable broken collectd ipmi plugin
  • 35305 Bug Correct the use of MSDOS in Import Disk section of Guide
  • 40596 Feature Update NFS Share section of Guide
  • 42419 Feature Update AFP section of Guide
  • 42659 Bug Add tip to Guide about configuring AD with two FreeNAS systems
  • 43437 Bug Limit the number of GSS request retries to prevent NFS from hanging
  • 43558 Bug Relax the TCP reassembly queue length limit to improve performance
  • 45156 Feature Move strings from Network section typescript files into helptext files
  • 45167 Feature Move strings from Storage section typescript files into helptext files
  • 45189 Feature Move strings from Sharing section typescript files into helptext files
  • 45211 Feature Move strings from Services section typescript files into helptext files
  • 45244 Feature Move strings from VM section typescript files into helptext files
  • 45398 Feature Add alert if syslog-ng is not running
  • 46168 Bug Use Pool Export/Disconnect instead of Detach in new UI
  • 47092 Bug Update openssh-portable port to 7.9.p1_1,1
  • 50321 Feature Display NAA for Extents in new UI
  • 52182 Bug Fix trailing zeros charts on dashboard of new UI
  • 52532 Feature Add “TiB” as a choice when setting dataset quota/reservation in the new UI
  • 52607 Bug Allow user to select from remote filesystems available to Cloud Sync Task in new UI
  • 53334 Bug Correctly add bpf to devfs rules
  • 53404 Bug Add error handler to get_activated_pool call in new UI
  • 53622 Bug Prevent user from reclicking Submit when reporting a bug using Support page of new UI
  • 53629 Bug Fix percentage status for Import Disk in new UI
  • 53638 Bug Set background color of pool in new UI based on its status
  • 55728 Bug Remove listen queue limit and avoid some DNS requests in mountd
  • 56013 Feature Add “Enable SMB1 support” checkbox to Services -> SMB of new UI
  • 56112 Bug Make Services -> S3 -> Disks a required field
  • 56211 Bug Make iocage import more robust for jails with _1 in their names
  • 56241 Bug Prevent Cloud Sync Tasks from overflowing /mnt
  • 56250 Bug Clarify “Full disk encryption” in Guide
  • 56265 Bug Fix panic with lagg and vlan
  • 56340 Bug Add ability to allocate iocage TUN devices in new UI
  • 56364 Bug Improve error messages that display when the iocage defaults.json file is missing or corrupt
  • 56538 Bug Update swap description in Guide
  • 56556 Bug Use default gateway for iocage mac_prefix or generate one
  • 56607 Bug Do not log space usage statistics for snapshots accessed over .zfs
  • 56610 Bug Mention User Guide location in Support Resources of Guide
  • 56754 Bug Provide read-only access to edit settings page when jail is running
  • 56994 Bug Display the current state of the password show/hide icon
  • 57393 Bug Update vnet_mac entries for networking options of iocage jails in Guide
  • 57492 Bug Fix incorrect middleware usage when editing a jail’s properties in the new UI
  • 57519 Bug Fix APIv1 bug that prevented deletion of a cloned zvol
  • 57543 Feature Add sysutils/kiconvtool to the base system
  • 57555 Bug Do not allow changing UUID of iocage plugin jail
  • 57564 Feature Add ID or Name identifiers to entity-table actions of new UI
  • 57780 Bug Add warning to new UI when changing dataset aclmode from Windows to Unix
  • 57861 Bug Add enumeration to internal sorting for iocage releases
  • 57870 Bug Fix iocage — get -r
  • 57876 Bug Set iocage templates to read/write for json writing then back to readonly
  • 57888 Bug Fix ACL metadata corruption on zfs send/recv
  • 57924 Feature Add “Enable SMB1 support” checkbox to Services -> SMB of legacy UI
  • 58083 Bug Clarify TLS and SSL descriptions in Guide
  • 58158 Bug Correctly return true/false for jail.activate call
  • 58176 Bug Fix race condition in swap pager
  • 58293 Bug Add percentage status to Cloud Sync Tasks in new UI
  • 58371 Bug Properly encode ZFS properties
  • 58695 Bug Rename NextCloud plugin to Nextcloud
  • 58878 Bug Fix orphan VM devices
  • 59121 Bug Store workgroup discovered via LDAP in configuration database
  • 59202 Bug Use UTF by default in iocage exec and console
  • 59226 Bug Properly update reporting graph colors in new UI
  • 59397 Bug Do not require password when making edits to Active Directory form in new UI
  • 59445 Bug Include VLAN parent as possible choice when assigning a NIC to a VM
  • 59481 Bug Avoid dozens of recurring mDNS syscalls
  • 59490 Bug Make invalid fields more visible in new UI
  • 59544 Feature Add lagg support to VMs
  • 59598 Bug Parse devd messages that use “=” as a separator
  • 59625 Bug Fix using synchronous middleware client in asynchronous middleware code
  • 59634 Bug Fix bug in legacy UI wizard that prevented creation of iSCSI targets
  • 59706 Feature Update “Save Config” dialog in new UI
  • 59715 Bug Interpret error message as text strings in new UI
  • 59973 Feature Add reboot option to Manual Update screen of new UI
  • 60057 Bug Fix issue with saved value not being populated in cron permissions component of new UI
  • 60192 Bug Increase 50% capacity recommendation in Guide for a pool hosting iSCSI LUNs
  • 60219 Bug Allow middleware to control swap mirroring on boot disks
  • 60480 Bug Fix hostname in iocage rc.conf and /etc/hosts generation
  • 60543 Bug Destroy leftover snapshot for iocage thick jail creation
  • 60561 Bug Reduce logging verbosity in freenasldap.py
  • 60660 Bug Bump copyright year in motd to 2019
  • 60705 Feature Display downloading progress when creating iocage jail or plugin
  • 60723 Bug Fix memory size reset bug in VM wizard of new UI
  • 60777 Bug Fix mat-option hover and focus having same styles in new UI
  • 60792 Bug Add ability to remove certificate from Active Directory form of new UI
  • 60930 Bug Replace links in tooltips that still point to internal User Guide
  • 60936 Bug Fix bug in Init/Shutdown scripts create and edit modes
  • 61107 Bug Allow promotion of datasets and zvols in new UI
  • 61116 Bug Do not monitor disabled directory services
  • 61188 Bug Add instructions for adding spare devices to an encrypted pool to Guide
  • 61299 Bug Remove mention of dd mode for Rufus in Guide
  • 61323 Bug Update “Replacing an Encrypted Disk” section of Guide
  • 61404 Bug Ensure filesystem tree view is sorted by alphabetical order in new UI
  • 61623 Bug Remove input restrictions on hosts allow and deny on SMB shares
  • 61641 Bug Align pool data tree in new UI
  • 61866 Bug Correct label and tooltip in VM Wizard
  • 62001 Bug Fix bug in Import Disk when a pool is locked
  • 62019 Bug Fix bhyve CVE-2018-17160
  • 62028 Bug Set correct values for quotas in edit mode of new UI
  • 62055 Bug Fix bad sendmail and host_hostname default for new iocage jails
  • 62109 Bug Fix legend analytics causing endless loop if no data
  • 62298 Bug Add support for externally signed certificates to FTP and S3 services
  • 62334 Bug Massive refactor of iocage fstab
  • 62343 Bug Address iocage fstab issues
  • 62361 Bug Migrate users to ‘auto’ with iocage vnet_default_interface
  • 62469 Bug Do not allow changing UUID of iocage plugin jail in new UI
  • 62478 Bug Do not raise SSL invalid alert when SSL is not in use
  • 62550 Bug Position and size tooltips in new UI to stay within margins
  • 62574 Bug Accurately display certificate validity period
  • 62604 Bug Fix iocage restart
  • 62628 Bug Fix ffmpeg issue that prevented transcoding with Emby and Plex plugins
  • 62712 Bug Improve description for VNC Wait to Boot field
  • 62790 Bug Add overflow to content div on confirm dialogs within new UI
  • 62880 Bug Allow devices to be viewed when VM is running in new UI
  • 62892 Bug Disallow import or creation of certificates with key lengths less than 1024
  • 62910 Bug Bug fix for nginx configuration file
  • 62991 Bug Fix ownership of Sonnar and raddar paths to allow these plugins to update
  • 63108 Bug Improve krb5.conf generation and fix some bugs for edge cases
  • 63144 Bug Do not traceback when cloning a VM and snapshot does not exist
  • 63225 Bug Fix installer recommended RAM message
  • 63234 Bug Add Advanced Plugin Installation button to new UI
  • 63306 Bug Destroy network related setup on iocage installation failure
  • 63357 Bug Display disk size in boot pool attach screen of new UI
  • 63360 Bug Make use of new middleware reporting of train descriptions in new UI
  • 63378 Bug Fix MSDOSFS import bug
  • 63402 Bug Use new CTL statistics API for iSCSI reporting graph
  • 63468 Bug Fix AWS S3 Cloud Sync hostname resolving to s3.None.amazonaws.com
  • 63477 Feature Add support for two new checkboxes for S3 Cloud Sync credentials to middleware
  • 63483 Feature Add two new checkboxes for S3 Cloud Sync credentials to new UI
  • 63513 Bug Test for None with iocage r[n]in filters
  • 63522 Bug Catch iocage subprocess exception
  • 63630 Bug Optimize background image in login screen of new UI
  • 63636 Bug Delay initial check for updates til necessary values are filled in new UI
  • 63639 Bug Fix traceback on alertservice.update
  • 63693 Bug Use Added isReady to display pre-populated Jail Edit fields for iOS
  • 63816 Bug Update base OpenSSL to 1.0.2q
  • 63837 Bug Fix handling of LDAP error messages in Directory Service wizard
  • 64005 Bug Use root-level dataset available size value instead of raw size in new UI
  • 64071 Bug Update curl to 7.62.0
  • 64080 Bug Fix ‘iocage fetch’ sorting
  • 64089 Bug Clarify Start on Boot option in Guide
  • 64215 Bug Fix trusted domain users/groups error message in legacy UI
  • 64251 Bug Speed up pool.query for hundreds of datasets
  • 64323 Bug Do not capitalize iocage fetch RELEASE for local directories or custom mirrors
  • 64341 Bug Fix bug when creating additional iocage epair devices
  • 64350 Bug Properly set MTU on all iocage vnet interfaces
  • 64482 Bug Allow for spaces in snapshot names
  • 64530 Bug Fix traceback when updating dataset in new UI
  • 64557 Bug Clarify in Guide how plugins and jails are updated or upgraded from the CLI
  • 64563 Bug Allow zvol creation in new UI without specifying the Block Size
  • 64575 Bug Handle traceback when pool not found
  • 64599 Bug Generate SMART config on manual service start
  • 64647 Bug Fix mismatching RELEASEs being fetched and a couple other iocage bugs
  • 64656 Bug Fix traceback when stopping a VM
  • 64716 Bug Suppress default Netdata RAM usage warning
  • 64728 Bug Correctly display available and used space for datasets in new UI
  • 64764 Bug Clean up IPv4 field in legacy UI when DHCP is checked
  • 64935 Bug Fix download link in Guide
  • 65052 Bug Use correct permissions for /var/log/netdata/debug.log
  • 65139 Bug Display VM’s VNC port number in new UI
  • 65187 Bug Fix FreeBSD-EN-18:18.zfs
  • 65205 Bug Accurately display ZFS vdev statistics in UI
  • 65220 Bug Update plugins example in Guide so that it matches screenshot
  • 65247 Feature Add “Date Created” column to Storage –> Snapshots of new UI
  • 65376 Bug Allow middleware startup on low-performance boot devices
  • 65544 Bug Do not start S3 service at boot if ‘Start Automatically’ is not checked
  • 65949 Bug Allow Windows 10 and Server 2019 to pass security check during SMB connect
  • 66033 Bug Add warning when using Manual Setup in legacy UI for volume creation
  • 66048 Bug Improve validation error message for allowed iSCSI target name
  • 66214 Bug Add visual row separation to pool list in new UI
  • 66367 Bug Clean up bulk edit disk actions in new UI
  • 66385 Bug New UI improvements for Safari
  • 66709 Bug Use midclt to get alerts for freenas-debug
  • 66880 Bug Fix dhclient network device flapping
  • 66925 Bug Update Private Key tooltips in new UI
  • 66981 Bug Prevent shell text from overflowing in new UI
  • 66999 Bug Display applicable middleware error messages in new UI when adding or editing VM devices
  • 67071 Bug Escape single quotes in media description of installer
  • 67420 Bug Use entity-table for VM landing page
  • 67510 Bug Do not require plugin name to exactly match MANIFEST name
  • 67602 Bug Fix bug that prevented S3 service from starting
  • 67618 Bug Only allow ASCII for email password
  • 67701 Bug Return less verbose error if middleware is not running
  • 67728 Feature Update to Samba 4.9.4
  • 67762 Bug Fix rysnc validation bug
  • 67827 Bug Remove spurious ws4py errors from debug log
  • 67879 Bug Do not limit Replication Tasks listing in new UI
  • 67944 Bug Make sure the required directory structure exists when creating a VM
  • 68115 Bug Adjust color in Cron Jobs page of new UI
  • 68187 Bug Grab entire contents of post-installation message when installing a plugin
  • 68214 Bug Add support for Active Directory users to NFS mapall and maproot fields of new UI
  • 68239 Bug Allow Active Directory users to pass NFS mapall or maproot validation
  • 68277 Bug Report actual physical (compressed) L2ARC size in new UI
  • 68293 Bug Prevent sharesec_reset from incorrectly adding owner and group entries to the ACLs of an SMB share
  • 68430 Feature Add Time Machine over SMB support to new UI
  • 68473 Feature Update ifconfig to display started virtual machine names in tap descriptions
  • 68493 Bug Have middleware use description from trains.txt
  • 68716 Bug Fix bug in Pool Manager filter disks action of new UI
  • 68754 Bug Add IPv6 support to network.general.summary in middleware
  • 68815 Bug Do not display error when changing from NFSv4 to NFSv3
  • 68835 Feature Add support for Time Machine over SMB
  • 68923 Bug Implement VM clone feature in new UI
  • 69022 Bug Fix FreeBSD security advisories 19:03 through 19:05
  • 69159 Bug Increase SQLite retry timeout to prevent locking on slow USB devices
  • 69168 Bug Store zvol size value for use by new UI
  • 69195 Bug Use host_hostname for jail hostname in new UI
  • 69204 Bug Use default value of auto for vnet_default_interface in new UI
  • 69339 Bug Add a semaphore for calls within the same connection
  • 69409 Bug Enable rrdcached
  • 69465 Bug Hide passwords from middleware core.get_jobs output
  • 69501 Bug Fix bug that prevented attaching a disk to the boot pool using the new UI
  • 69598 Bug Remove Microsoft Download Tool from Guide
  • 69733 Bug Fix bug that prevented SMART tests scheduled at midnight from running
  • 69744 Bug Update translation files with current strings
  • 69771 Bug Do not have middleware require password or key file for SFTP Cloud Credential
  • 69787 Bug Fix UPS shutdown logic
  • 69814 Bug Fix condition where new UI column headers fail to load on page refresh of entity tables
  • 69823 Bug Prevent invalid train changes in middleware update plugin
  • 69825 Bug Fix TFTP listen host option
  • 70606 Bug Fix remaining issues with listing snapshots in new UI
  • 70624 Bug Handle VM errors gracefully in new UI
  • 70626 Bug Fix traceback and delay of mDNS advertisement
  • 70678 Bug Remove unnecessary vm.query calls to middleware
  • 70896 Bug Prevent ZFSException from breaking jail API calls
  • 71022 Bug Allow rollback of any snapshot but warn that rolling back an older snapshot removes all newer snapshots
  • 71337 Bug Use a split instead of a regex to find the poolname for zvol blocksize
  • 71435 Bug Do not traceback when size of locked pool is unknown
  • 71699 Bug Document new plugin_schema key in Guide
  • 71785 Bug Address Samba listen queue overflows and issues found in vfs_ixnas
  • 72225 Bug Make rrdcached report rrdc_update failures as warnings
  • 72433 Bug Firefox fix to prevent some click actions in new UI from causing a logout
  • 72459 Bug Add two new checkboxes for S3 Cloud Sync credentials to legacy UI
  • 72475 Bug Fix “Size” typo in Reporting ->ZFS section of new UI
  • 72499 Bug Add filters to negate middlewared startswith and endswith filters
  • 72777 Bug Bump copyright year in new UI to 2019
  • 72795 Bug Create a default directory and give correct permission to Syncthing plugin
  • 72984 Bug Fix SSSD ldb error
  • 73110 Bug Fix integer math overflow in UMA hash_alloc() that prevented ARC from growing above 512GB
  • 73155 Bug Fix traceback in new UI when editing dataset with reservation or quota containing a decimal
  • 73191 Bug Bug fix for Dynamic DNS
  • 73335 Bug Pull in FreeBSD fixes so that ESXi 6.7 does not force NFSv4 datastores to mount read-only
  • 73792 Bug Merge FreeBSD-SA-19:01.syscall fix
  • 73819 Bug Fix OpenSSL path
  • 73975 Bug Improve exception handling for iocage listing
  • 74199 Bug Add mlx5ib(4) driver to the build as module

Tickets can be viewed at https://redmine.ixsystems.com/issues/