diff --git a/website/content/en/releases/14.0R/relnotes.adoc b/website/content/en/releases/14.0R/relnotes.adoc --- a/website/content/en/releases/14.0R/relnotes.adoc +++ b/website/content/en/releases/14.0R/relnotes.adoc @@ -46,6 +46,22 @@ Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. +Note for systems that boot from a ZFS root filesystem via EFI, using either binary or source upgrades: +There are one or more copies of the boot loader on the MS-DOS EFI System Partition (ESP), used by the firmware to boot the kernel, and which must be able to support reading from the ZFS boot file system. +After a system upgrade, but before doing a `zpool upgrade`, the boot loader on the ESP must be updated, or the system may become unbootable. +The ESP is not always mounted, but a `noauto` entry is placed in the man:fstab[5] file; this allows the command `mount /boot/efi` to mount the file system. +The location of the boot loader in use can be determined using the command `efibootmgr -v`. +The value displayed for `BootCurrent` should be the number of the current boot configuration used to boot the system. +The corresponding line of the output should begin with a `+` sign, such as + +`+Boot0000* FreeBSD HD(1,GPT,f859c46d-19ee-4e40-8975-3ad1ab00ac09,0x800,0x82000)/File(\EFI\freebsd\loader.efi)` +`                      nda0p1:/EFI/freebsd/loader.efi (null)` + +The value in the `File` field, `\EFI\freebsd\loader.efi` in this case, is the MS-DOS name for the boot loader in use on the ESP. +If the mount point is `/boot/efi`, that file will translate to `/boot/efi/efi/freebsd/loader.efi`. +Another common value for File would be `\EFI\boot/bootXXX.efi`, where `XXX` is `x64` for amd64, `aa64` for aarch64, or `riscv64` for riscv64; this is the default bootstrap if none is configured. +Both the configured and default boot loaders should be updated by copying from [.filename]#/boot/loader.efi#. + [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. @@ -110,6 +126,9 @@ The `mta_start_script` configuration variable has been retired in man:rc.conf[5], along with the `othermta` startup script. gitref:616f32ea6da7[repository=src] +man:jail[8] now supports `.include` directives in man:jail.conf[5] files, with support for filename globbing. +gitref:e82a62943529[repository=src] + The one-time password facility OPIE, man:opie[4], has been removed from the base system. If you still wish to use it, install the `security/opie` port. Otherwise, make sure to remove or comment out any mention of `pam_opie` and `pam_opieaccess` from your PAM policies. @@ -136,6 +155,9 @@ [.filename]#/usr/bin/cpuset# is now a symbolic link. gitref:f05948d4e98d[repository=src] +The man:date[1] utility now has a `-z` option to do timezone conversion. +gitref:31edf56b1571[repository=src] + The deprecated man:fmtree[8] utility has been removed. gitref:e4d63c5d5ff8[repository=src] @@ -174,6 +196,9 @@ The default symbolic link for [.filename]#/home#, referencing [.filename]#/usr/home#, is no longer created. gitref:bbb2d2ce4220[repository=src] +The man:sleep[1] utility now accepts units other than seconds, and accepts multiple delay values. +gitref:34978f7edd15[repository=src] gitref:be038c3afcae[repository=src] + The man:sockstat[1] utility is now run in a sandbox with capsicum. gitref:94dc57159532[repository=src] gitref:c5a2d8c5f517[repository=src] @@ -195,6 +220,7 @@ Compressed debug sections in binaries are enabled by default on little-endian targets. gitref:47363e99d3d3[repository=src] (Sponsored by The FreeBSD Foundation) +//XXX this was in 13.1; remove/place in MERGED section? Binaries for 64-bit architectures are now built with Position Independent Executables (PIE) enabled. gitref:9a227a2fd642[repository=src] (Sponsored by Stormshield) @@ -219,7 +245,7 @@ The man:llvm-objdump[1] utility is now always installed as man:objdump[1]. gitref:86edb11e7491[repository=src] (Sponsored by The FreeBSD Foundation) -`OpenSSH` has been upgraded to version 9.4p1. +`OpenSSH` has been upgraded to version 9.5p1. Full release notes are at https://www.openssh.com/txt/release-9.4[]. gitref:535af610a4fd[repository=src] (Sponsored by The FreeBSD Foundation) @@ -243,7 +269,7 @@ The `VersionAddendum` option has been removed from the man:ssh[1] client. gitref:bffe60ead024[repository=src] (Sponsored by The FreeBSD Foundation) -`OpenSSL` has been upgraded to version 3.0.10. +`OpenSSL` has been upgraded to version 3.0.11. This is a major upgrade from version 1.1.1, which is nearing its end of life. Many components of the base system use a backward-compatible API, but will be migrated later. gitref:aa7957345732[repository=src] gitref:b077aed33b7b[repository=src] (Sponsored by The FreeBSD Foundation) @@ -278,6 +304,17 @@ This provides armv7 32-bit-compatible libraries and header files for arm64 systems for building and running most armv7 32-bit binaries. gitref:f1d5183124d3[repository=src] gitref:d5d97bed4ab6[repository=src] gitref:a1b675731301[repository=src] +[[cloud]] +== Cloud Support + +This section covers changes in support for cloud environments. + +FreeBSD now provides experimental ZFS-root EC2 AMIs on AWS. +(Sponsored by https://www.patreon.com/cperciva[]) + +FreeBSD now provides experimental cloud-init EC2 AMIs on AWS. +See the `net/cloud-init` port for information. +(Sponsored by https://www.patreon.com/cperciva[]) [[kernel]] == Kernel @@ -335,6 +372,9 @@ Support for asymmetric cryptographic operations has been removed from the kernel open cryptographic framework (OCF), as they are not used by modern OpenSSL versions. gitref:76681661be28[repository=src] +In the course of debugging and resolving a problem with vnode recycling in the generic file system code, sysctls for vnode-related statistics have been grouped under `vfs.vnode` for greater visibility. +gitref:d3e647891243[repository=src] + [[drivers]] == Devices and Drivers @@ -367,9 +407,18 @@ A fix has been implemented for frame buffer addressing that affects framebuffers mapped above 4 GB physical on i386 and Book-E powerpc. gitref:a78bb831a17f[repository=src] +//XXX this was in 13.2; remove/place in MERGED section? The man:igc[4] driver for the Intel I225 Ethernet controller is included, supporting 2.5 Gbps operation. gitref:517904de5cca[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate")) +The man:iwlwifi[4] driver for Intel wireless interfaces has been updated to the latest version, supporting the chipsets shipping as of release time. +(Sponsored by The FreeBSD Foundation) + +The man:rtw88[4] driver for several Realtek wireless PCI interfaces was updated to a recent version. + +There were stability fixes and enhancements to the KPI for support of Linux device drivers and the net80211 layer for wireless drivers. +(Sponsored by The FreeBSD Foundation) + The Microsoft Azure Network Adapter(MANA) VF (virtual function) is now supported. gitref:ce110ea12fce[repository=src] (Sponsored by Microsoft) @@ -432,9 +481,6 @@ This can be useful for making tentative changes to the disk, such as file system repairs or software upgrades, and then either committing or reverting them. gitref:c7996ddf8000[repository=src] -ZFS has been enabled on 32-bit `powerpc`/`powerpcspe`. -gitref:63715498ac6b[repository=src] - [[storage-nfs]] === NFS Changes @@ -472,6 +518,28 @@ It was handled by a fallback in the past, but is now supported directly. gitref:330aa8acdec7[repository=src] gitref:ff2f1f691cdb[repository=src] +[[storage-zfs]] +=== ZFS Changes + +OpenZFS has been upgraded to version 2.2. +New features include: + +* block cloning, which is now enabled by default, and which allows shallow copies of blocks in file copies +* scrub error log (`zpool scrub -e`) +* BLAKE3 checksums, which are fast, and are now the recommended secure checksums +* corrective `zfs receive` can heal corrupted data +* vdev and zpool user properties, similar to dataset user properties + +Performance improvements include: + +* fully adaptive ARC, a unified ARC that minimizes the need for manual tuning +* zstd early abort, improving efficiency with uncompressible data +* I/O prefetch improvements +* general optimization + +ZFS has been enabled on 32-bit `powerpc`/`powerpcspe`. +gitref:63715498ac6b[repository=src] + [[boot-loader]] === Boot Loader Changes @@ -506,6 +574,14 @@ The deprecated `NgATM` (netgraph ATM support) and remaining ATM support have been removed. +The man:pf[4] packet filter now supports scrubbing with OpenBSD syntax and behavior; if there are no FreeBSD scrub rules a global flag `set reassemble yes | no [no-df]` determines if packet reassembly happens. +Scrubbing, like setting tos, ttl, etc, can be done in match and pass rules, which also makes it stateful. +Match rules are now fully supported, as on OpenBSD, not only for dummynet queues. +gitref:39282ef356db[repository=src] (Sponsored by InnoGames GmbH) + +man:pfsync[4] can now use IPv6 transport. +gitref:6fc7fc2dbb2b[repository=src] (Sponsored by InnoGames GmbH) (Sponsored by The FreeBSD Foundation) + WiFi 6 support has been added to wpa (man:wpa_supplicant[8] and man:hostapd[8]). gitref:c1d255d3ffdb[repository=src] gitref:3968b47cd974[repository=src] gitref:bd452dcbede6[repository=src]