FreeBSD Downgrades i386 Architecture to Secondary Support

The FreeBSD Developers announced the translation of the i386 architecture (32-bit x86 ) to the second level of platform support ( Tier 2 ). The changes will take effect with the release of FreeBSD 13.0. For FreeBSD 11.x and 12.x, the i386 platform will remain at tier 1. The second level of support for i386 systems implies the continuation of the formation of installation assemblies, binary updates and ready-made packages, but does not guarantee the solution of specific problems.

Formally, the second level is not supported by the teams responsible for fixing vulnerabilities, preparing releases and maintaining ports, but for the i386 architecture, taking into account the remaining installation base, in the FreeBSD 13.x branch they will make an exception and provide the proper level of support by the Release Engineering Team and the Security Team, and will also provide ABI immutability support for the user environment.
At the same time, problems that appear only on i386 systems will not be dealt with. FreeBSD 14.x is not guaranteed to keep the exceptions provided.

Among the reasons for the decline in support for the i386 architecture is the dominance of x86 64-bit systems and the decline in popularity of 32-bit systems, the number of users of which has decreased to the level of other second-level architectures. At the first level only the amd64 architecture will remain . In addition to i386, ARM, RISC-V, PowerPC and MIPS platforms are at the secondary level. RISC-V architecture will be moved from the third to the second level, SPARCv9 – from the second to the fourth, and ARMv4 / 5 from the third to the fourth.

Additionally, three vulnerabilities in FreeBSD have been eliminated:

  • CVE-2020-25578, CVE-2020-25579 – leaks stack contents in tmpfs, smbfs, autofs, and mqueuefs file system implementations, which can expose sensitive information stored on the kernel stack. To exploit vulnerabilities, the file system must be mounted, and the user must have the right to read directories in the file system.
  • CVE-2020-29568 is a vulnerability in the Xen hypervisor that allows the user to the guest system to cause out of memory conditions in the backend (OOM, Out Of Memory).

In addition, non-security bugs were fixed in zfs , extattr , vnet and libcompiler_rt which can lead to malfunction, crashes or build problems. The ZFS issue is specific to FreeBSD 12.2, caused by regressive changes in this release, and crashes when attempting to delete snapshots on a remote system from a ZFS send command. On backup and replication systems, the issue can cause storage overflow.

/Media reports.