diff --git a/website/content/en/releases/14.4R/readme.adoc b/website/content/en/releases/14.4R/readme.adoc index 53a45a9391..70c76cbf84 100644 --- a/website/content/en/releases/14.4R/readme.adoc +++ b/website/content/en/releases/14.4R/readme.adoc @@ -1,157 +1,157 @@ --- title: "FreeBSD 14.4-RELEASE README" sidenav: download --- :releaseCurrent: 14.4-RELEASE :releaseType: release :releaseBranch: 14-STABLE :releasePrevStable: X.Y-RELEASE -:releasePrev: X.Y-RELEASE +:releasePrev: 14.3-RELEASE include::shared/releases.adoc[] include::shared/en/urls.adoc[] include::shared/en/mailing-lists.adoc[] = FreeBSD {releaseCurrent} README == Abstract This document gives a brief introduction to FreeBSD {releaseCurrent}. It includes some information on how to obtain FreeBSD, a listing of various ways to contact the FreeBSD Project, and pointers to some other sources of information. == Table of Contents * <> * <> * <> * <> * <> [[intro]] == Introduction This distribution is a {releaseType} of FreeBSD {releaseCurrent}, the latest point along the {releaseBranch} branch. [[about]] == About FreeBSD FreeBSD is an open source operating system derived from 4.4 BSD Lite2 for 64-bit x86-based PC hardware (amd64), 32-bit x86-based PC hardware (i386), 64-bit Arm(R) ARMv8-A AArch64 systems (aarch64), 32-bit Arm(R) ARMv6/7 systems (armv6/7), PowerPC(R) systems (powerpc, powerpc64), and RISC-V (riscv64) systems. FreeBSD works with a wide variety of peripherals and configurations and can be used for everything from software development to games to Internet Service Provision. This release of FreeBSD contains everything you need to run such a system, including full source code for the kernel and all utilities in the base distribution. With the source distribution installed, you can literally recompile the entire system from scratch with one command, making it ideal for students, researchers, or users who simply want to see how it all works. A large collection of third-party ported software (the Ports Collection) is also provided to make it easy to obtain and install all your favorite traditional UNIX(R) utilities for FreeBSD. Each port consists of a set of scripts to retrieve, configure, build, and install a piece of software, with a single command. Over {numports} ports, from editors to programming languages to graphical applications, make FreeBSD a powerful and comprehensive operating environment that extends far beyond what's provided by many commercial versions of UNIX(R). Most ports are also available as pre-compiled packages, which can be quickly installed via the {{< manpage "pkg" "8">}} utility. [[audience]] == Target Audience This {releaseType} of FreeBSD is suitable for all users. It has undergone a period of testing and quality assurance to ensure the highest reliability and dependability. [[obtain]] == Obtaining FreeBSD FreeBSD may be obtained in a variety of ways. The most convenient way is to download a release image. Links to images for recent releases can be found on the FreeBSD Web site link:../../../where/[download page]. This page includes information about the different types of images available as well as other ways to obtain a copy of FreeBSD. [[contacting]] == Contacting the FreeBSD Project [[emailmailinglists]] === Email and Mailing Lists For general questions or technical support, please address the {freebsd-questions}. If you track the `{releaseBranch}` branch: you must subscribe to the {freebsd-stable}, to keep abreast of developments and changes that may affect your use and maintainance of the system. Being a largely volunteer effort, the Project is always happy to have extra hands willing to help -- there are far more desired enhancements than there is time to implement them. To contact the developers on technical matters, or with offers of help, please address the {freebsd-hackers}. These lists above can experience significant amounts of traffic. If you have slow or expensive email access, or if you are only interested in major announcements, you may prefer subscription to the {freebsd-announce}. All public mailing lists can be joined by anyone wishing to do so. More than a hundred lists are public; https://lists.freebsd.org/[] shows them all, and provides information about browsing the archives, subscribing, and unsubscribing. [[pr]] === Submitting Problem Reports Suggestions, bug reports and contributions of code are always valued. Please do not hesitate to report any problems you may find. Bug reports with attached fixes are of course even more welcome. The preferred method to submit bug reports from a machine with Internet connectivity is to use the link:https://bugs.freebsd.org[Bugzilla bug tracker]. Problem Reports (PRs) submitted in this way will be filed and their progress tracked; the FreeBSD developers will do their best to respond to all reported bugs as soon as possible. link:https://bugs.freebsd.org/search/[A list of all active PRs] is available on the FreeBSD Web site; this list is useful to see what potential problems other users have encountered. For more information, link:{problem-reports}["Writing FreeBSD Problem Reports"], available on the FreeBSD Web site, has a number of helpful hints on writing and submitting effective problem reports. [[seealso]] == Further Reading There are many sources of information about FreeBSD; some are included with this distribution, while others are available on-line or in print versions. [[release-docs]] === Release Documentation A number of other files provide more specific information about this {releaseType} distribution. These files are provided in various formats. Most distributions will include both ASCII text ([.filename]`.TXT`) and HTML ([.filename]`.HTM`) renditions. Some distributions may also include other formats such as Portable Document Format ([.filename]`.PDF`). * [.filename]`README.TXT`: This file, which gives some general information about FreeBSD as well as some cursory notes about obtaining a distribution. * [.filename]`RELNOTES.TXT`: The release notes, showing what's new and different in FreeBSD {releaseCurrent} compared to the previous release (FreeBSD {releasePrev}). * [.filename]`HARDWARE.TXT`: The hardware compatibility list, showing devices with which FreeBSD has been tested and is known to work. * [.filename]`ERRATA.TXT`: Release errata. Late-breaking, post-release information can be found in this file, which is principally applicable to releases (as opposed to snapshots). It is important to consult this file before installing a release of FreeBSD, as it contains the latest information on problems which have been found and fixed since the release was created. During installation, these documents are available via the Documentation menu. Once the system is installed, you can revisit this menu by re-running the {{< manpage "bsdinstall" "8">}} utility. [.note] *Note*: + To learn about any late-breaking news or post-release problems, it is extremely important to read the errata for any given release before installing it. The errata file accompanying each release (most likely right next to this file) is already out of date by definition, but other copies are kept updated on the Internet and should be consulted as the current errata for this release. These other copies of the errata are located at link:../../releases/[https://www.FreeBSD.org/releases] (as well as any sites which keep up-to-date mirrors of this location). [[manpages]] === Manual Pages As with almost all UNIX(R)-like operating systems, FreeBSD includes a set of manual pages, accessible link:{manual-site}[online] or with the {{< manpage "man" "1">}} command. In general, these pages provide information on the different commands and APIs available to the FreeBSD user. Some pages are written to give information on particular topics. Notable examples include {{< manpage "tuning" "7">}} (a guide to performance tuning), {{< manpage "security" "7">}} (an introduction to FreeBSD security), and {{< manpage "style" "9">}} (a style guide for kernel coding). [[booksarticles]] === Books and Articles FreeBSD Project-maintained documentation includes the highly useful _FreeBSD Handbook_, which includes a detailed guide to installing and upgrading the operating system, and _FreeBSD FAQ_ (Frequently Asked Questions). The link:{handbook}[Handbook] and link:{faq}[FAQ] are online in the link:{main-site}[documentation portal] and at mirror sites. Other Project-maintained books and articles are more specialized -- covering a wide range of topics, from effective use of the mailing lists, to dual-booting FreeBSD with other operating systems, to guidelines for new committers. Like the Handbook and FAQ, these documents are in the portal, mirrors and [.filename]`doc` repository. For offline documentation in HTML and PDF formats: you can install a language-specific package such as package:misc/freebsd-doc-en[] (_-en_ for English), or multi-language package:misc/freebsd-doc-all[]. Alternatively, use a copy of the [.filename]`doc` repo to build and install from source code. A listing of other books and documents about FreeBSD can be found in the link:{handbook}bibliography[bibliography] of the FreeBSD Handbook. Because of FreeBSD's strong UNIX(R) heritage, many other articles and books written for UNIX(R) systems are applicable as well, some of which are also listed in the bibliography. [[acknowledgements]] == Acknowledgments FreeBSD represents the cumulative work of many hundreds, if not thousands, of individuals from around the world who have worked countless hours to bring about this {releaseType}. For a complete list of FreeBSD developers and contributors, please see link:{contributors}["Contributors to FreeBSD"] on the FreeBSD Web site or any of its mirrors. Special thanks also go to the many thousands of FreeBSD users and testers all over the world, without whom this {releaseType} simply would not have been possible. diff --git a/website/content/en/releases/14.4R/relnotes.adoc b/website/content/en/releases/14.4R/relnotes.adoc index 048875487e..7b44910c94 100644 --- a/website/content/en/releases/14.4R/relnotes.adoc +++ b/website/content/en/releases/14.4R/relnotes.adoc @@ -1,578 +1,564 @@ --- title: "FreeBSD 14.4-RELEASE Release Notes" sidenav: download --- :localRel: 14.4 :releaseCurrent: 14.4-RELEASE :releaseBranch: 14-STABLE :releasePrev: 14.3-RELEASE :releaseNext: 14.5-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 2 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. toc::[] [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:06.xz.asc[FreeBSD-SA-25:06.xz] | 2 July 2025 | Use-after-free in multi-threaded xz decoder | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc[FreeBSD-SA-25:07.libarchive] | 8 August 2025 | Integer overflow in libarchive leading to double free | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:08.openssl.asc[FreeBSD-SA-25:08.openssl] | 30 September 2025 | Multiple vulnerabilities in OpenSSL | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:09.netinet.asc[FreeBSD-SA-25:09.netinet] | 22 October 2025 | SO_REUSEPORT_LB breaks man:connect[2] for UDP sockets | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:10.unbound.asc[FreeBSD-SA-25:10.unbound] | 26 November 2025 | Cache poison in local-unbound service | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:11.ipfw.asc[FreeBSD-SA-25:11.ipfw] | 16 December 2025 | ipfw denial of service | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc[FreeBSD-SA-25:12.rtsold] | 16 December 2025 | Remote code execution via ND6 Router Advertisements | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:01.openssl.asc[FreeBSD-SA-26:01.openssl] | 27 January 2026 | Multiple vulnerabilities in OpenSSL |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:02.jail.asc[FreeBSD-SA-26:02.jail] |27 January 2026 |Jail escape by a privileged user via nullfs | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:04.jail.asc[FreeBSD-SA-26:04.jail] | 24 February 2026 | Jail chroot escape via fd exchange with a different jail | link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:05.route.asc[FreeBSD-SA-26:05.route] | 24 February 2026 | Local DoS and possible privilege escalation via routing sockets |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:10.zfs.asc[FreeBSD-EN-25:10.zfs] | 2 July 2025 | Corruption in ZFS replication streams from encrypted datasets | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:12.efi.asc[FreeBSD-EN-25:12.efi] | 8 August 2025 | man:bsdinstall[8] not copying the correct loader on systems with | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:13.wlan_tkip.asc[FreeBSD-EN-25:13.wlan_tkip] | 8 August 2025 | net80211 TKIP crypto support fails for some drivers | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:14.route.asc[FreeBSD-EN-25:14.route] | 8 August 2025 | man:route[8] monitor buffers too much when redirected to a file | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:15.arm64.asc[FreeBSD-EN-25:15.arm64] | 16 September 2025 | arm64 man:syscall[2] allows unprivileged user to panic kernel | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:16.vfs.asc[FreeBSD-EN-25:16.vfs] | 16 September 2025 | man:copy_file_range[2] fails to set output parameters | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:17.bnxt.asc[FreeBSD-EN-25:17.bnxt] | 16 September 2025 | man:bnxt[4] fails to set media type in some cases | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc[FreeBSD-EN-25:18.freebsd-update] | 30 September 2025 | man:freebsd-update[8] installs libraries in incorrect order | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:02.arm64.asc[FreeBSD-EN-26:02.arm64] | 27 January 2026 | arm64 SVE signal context misalignment | link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:03.vm.asc[FreeBSD-EN-26:03.vm] | 27 January 2026 | The page fault handler fails to zero memory |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. -[[userland-config]] -=== Userland Configuration Changes - [[userland-programs]] === Userland Application Changes The man:newfs[8] utility gains a `-u` flag to disable soft updates and soft updates journaling, providing a way to turn off the default soft updates for UFS2 filesystems. gitref:929ef0d36c6c[repository=src]. {{< sponsored "Klara, Inc. | NetApp, Inc." >}} The man:sockstat[1] utility now displays UDP-Lite endpoints by default, providing visibility into these sockets alongside other network connections. gitref:23cda744e4da[repository=src]. man:mdo[1] adds new options to control user and group IDs in launched processes, including `-k` to keep current users, `-g` and `-G` to set primary and supplementary groups, `-s` to amend supplementary groups, and `--euid`/`--ruid`/`--svuid`/`--egid`/`--rgid`/`--svgid` to override specific IDs. This provides finer-grained control over process credentials while maintaining compatibility with existing behavior. gitref:58f55afb301b[repository=src]. {{< sponsored "The FreeBSD Foundation | Google LLC (GSoC 2025)" >}} The man:freebsd-update[8] utility now installs shared libraries in a specific order (libsys, libc, libthr, then others) to prevent failures during upgrades from 14.x to 15.x. gitref:e26928669f39[repository=src]. {{< sponsored "https://www.patreon.com/cperciva" >}} The man:ngctl[8] utility gains a `-j` flag to attach and run inside a jail, allowing manipulation of netgraph nodes from within a jail environment. This enables administrators to manage netgraph configurations in jails where ngctl may not be directly available. gitref:04911babef1b[repository=src]. The man:bsdinstall[8] installer no longer supports ZFS installations using MBR disk layouts. This removes a previously broken option that could cause installation failures. gitref:220584471931[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} man:sndctl[8], a new utility has been added for listing and modifying audio device properties using a control-driven interface similar to man:mixer[8]. gitref:00988d12bc37[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} The man:nuageinit[7] tool now supports the chpasswd command, allowing password changes via a list or multiline string, including deprecated syntax for compatibility with some providers. gitref:6c912470030b[repository=src]. {{< sponsored "OVHCloud" >}} The man:pkg[7] utility now parses command-line arguments in the same way as man:pkg[8], requiring options to be placed in the same positions. This changes the behavior of some previously accepted command sequences, such as `pkg -f bootstrap` no longer working; users must use `pkg bootstrap -f` instead. gitref:62947e508161[repository=src]. {{< sponsored "The FreeBSD Foundation | The FreeBSD Foundation" >}} Adds meta and env parameters to jails, allowing arbitrary string metadata and environment information to be associated with each jail. The parameters can be set during jail creation or modified later using `jail -cm`, and can be viewed with man:jls[8]. The `security.jail.meta_maxbufsize` sysctl controls the maximum size of these parameters. gitref:527027da391d[repository=src]. {{< sponsored "SkunkWerks GmbH" >}} The man:swapon[8] utility now supports encrypted swap files using man:md[4] devices with an [.filename]#.eli# suffix in man:fstab[5]. This allows encrypted swap to be configured in fstab as previously documented. gitref:9d80d681ee9d[repository=src]. The man:diff[1] utility now reports I/O errors encountered during the Stone algorithm's file comparison phase, providing error messages where previously only the exit status indicated failure. gitref:3c10ed2ba3aa[repository=src]. {{< sponsored "Klara, Inc." >}} The man:diff[1] utility no longer incorrectly compares a file or directory to itself, fixing a bug where diff could produce misleading output. In addition, several internal correctness and robustness improvements were made (see related commits), including fixes for resource leaks in the pagination code, improved error handling around file descriptor operations, and prevention of potential integer overflows when using very large context windows. Additional tests were added to cover these cases. gitref:b4139147bbb7[repository=src], gitref:6761e555376e[repository=src], gitref:2434f3b279a9[repository=src], gitref:238bf5ebf684[repository=src]. {{< sponsored "Klara, Inc." >}} The Bluetooth startup script [.filename]#rc.d/bluetooth# now retries the hccontrol reset up to three times for improved reliability and fixes a redirection bug that could create stray files. gitref:53d1c328e912[repository=src]. [[userland-contrib]] === Contributed Software OpenSSL has been updated to version 3.0.16. gitref:aed5a47b3a8a[repository=src]. Spleen font has been updated to version 2.2.0, adding missing characters (em-dash, en-dash, hyphen, angle brackets, white square, dagger, double dagger) and improving character alignment, particularly for high-dpi displays. gitref:c44ec96b471e[repository=src]. man:libarchive[3] updated to version 3.8.5. This includes a bug fix for bsdtar to resolve a regression in zero-length pattern handling. gitref:39fd1181e5b2[repository=src]. man:xz[1] has been updated to version 5.8.2. gitref:07700b0107dc[repository=src]. man:mtree[8] has been updated to version from NetBSD, improving compatibility and fixing bugs in mtree. gitref:f9d671f726ac[repository=src]. pci_vendors database has been updated to version 2026-02-10. gitref:7805899ed791[repository=src]. tzdata has been updated to version 2025c. gitref:68e2f4cc5e4e[repository=src]. man:bmake[1] has been updated to version 20251111. gitref:c95f96dea30a[repository=src]. SQLite has been updated to version 3.50.4. gitref:ef55f6b86626[repository=src]. The man:unbound[8] DNS resolver mitigates `YXDOMAIN` and nodata non-referral answer poisoning, preventing a malicious actor from exploiting a possible cache poison attack. This addresses CVE-2025-11411. gitref:cd40a23fb249[repository=src]. OpenZFS has been updated to version 2.2.9. This release includes improvements to ARC shrinking, fixes for `zpool add` safety checks, zvol blk-mq synchronization, and BRT range conversion math. gitref:709465f2c4f1[repository=src]. man:less[1] has been updated to version 685. gitref:054ae5e7b465[repository=src]. USB vendor database has been updated to 2025-12-13. gitref:02138275effb[repository=src]. man:unbound[8] has been updated to version 1.24.1. This release includes a security fix for CVE-2025-11411. gitref:eeb41dca070f[repository=src]. The man:kadmin[1] utility gains a new `-f` option for dumping Heimdal KDC databases in MIT-compatible format, enabling migration to MIT KDC without recreating the database from scratch. gitref:a93e1b731ae4[repository=src]. man:mandoc[1] has been updated to version 2025-09-26. The update improves case sorting in mandoc db, adds macros for AT&T Unix versions 8 and 10, warns on blank lines in man:man[7] like man:mdoc[7], and fixes a PDF/PS footer regression. gitref:7fa4ccb8e4e7[repository=src]. expat has been updated to version 2.7.3. gitref:a85cfcb61efd[repository=src]. man:bc[1] and man:dc[1] have been updated to version 7.1.0. gitref:ab36487a79cd[repository=src]. The gallant console font now includes over 4300 glyphs, adding support for Greek, Cyrillic, IPA extensions, extended Latin, Zapf Dingbats, arrows, mathematical symbols, box drawing, currency symbols, and Powerline glyphs. This expands the character set available in the console for multilingual text and symbols. gitref:8d2d6647d65a[repository=src]. man:libucl[3] has been updated to version 0.9.2. gitref:0a8d8b0c878f[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} man:mandoc[1] has been updated to Groff Compat Edition with improved groff compatibility in formatting, error handling, and rendering. gitref:8039d22f6afd[repository=src]. OpenSSH has been updated to version 10.0p2. The update removes support for the weak DSA signature algorithm and changes the default key agreement to the post-quantum hybrid algorithm mlkem768x25519-sha256. The sshd(8) authentication phase now runs in a separate sshd-auth binary. gitref:7ca599aa6139[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} lyaml, a Lua binding for libyaml, is now available in the base system. gitref:c508393e49fc[repository=src]. libyaml has been updated to version 0.2.5. gitref:e52f11f4bbc8[repository=src]. The man:nc[1] (or netcat) utility now accepts service names (e.g., 'http') in addition to port numbers for the -p option and as command-line arguments. gitref:0fe58344e829[repository=src]. The blocklist utility (man:blacklistd[8]) has been updated with upstream changes as part of the rename from blacklist to blocklist. gitref:4690a369ff6d[repository=src]. [[userland-deprecated-programs]] === Deprecated Applications The RIP routing protocol is deprecated and will be removed in a future release. The man pages for man:routed[8], man:rtquery[8], man:route6d[8], and man:rip6query[8] are updated to note the deprecation. Users needing RIP should use alternatives like 'bird' or 'quagga' from the ports collection. gitref:d350c18f98fd[repository=src]. [[userland-libraries]] === Runtime Libraries and API The man:inet_net_ntop[3] and man:inet_net_pton[3] functions are updated to correctly handle IPv6 addresses, fixing previous incorrect behavior. gitref:b4871be3490d[repository=src]. {{< sponsored "https://www.patreon.com/bsdivy" >}} The PAM library now searches for modules in [.filename]#${LOCALBASE}/lib/security#, in addition to [.filename]#${LOCALBASE}/lib#. This allows PAM modules installed by ports that follow the Linux directory convention to be found and used. gitref:65808459e21b[repository=src]. [[cloud]] == Cloud Support This section covers changes in support for cloud environments. man:nuageinit[7] receives multiple improvements: execution is now logged; uses a fully compliant YAML parser; improves cloud-init compatibility (adds 'runcmd', 'packages', 'fqdn', 'hostname', 'sudo', 'write_files', 'nameservers', 'tzsetup', 'doas'); improves network support with many fixes, adds support for 'wakeonlan', 'set-name', and 'match.driver'; uses man:resolvconf[8]; and only creates the default user when needed. Also adds support for cloud-init, configuration over the network, and package management. gitref:548d4b2af90b[repository=src], gitref:5444803b745e[repository=src], gitref:3a680e954469[repository=src], gitref:cbd62452bff6[repository=src], gitref:d056f72c358b[repository=src], gitref:823f1076c7cd[repository=src], gitref:bb3bc92f4df6[repository=src]. {{< sponsored "OVHCloud" >}} [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes The man:jail[8] system will restrict unprivileged users in a parent jail from scheduling, debugging, or signaling processes in subordinate jails by default in FreeBSD 15.0 and later. New privileges PRIV_SCHED_DIFFJAIL, PRIV_DEBUG_DIFFJAIL, and PRIV_SIGNAL_DIFFJAIL are required for such cross-jail operations. A new jail parameter allow.nounprivileged_parent_tampering is introduced in FreeBSD 14.x to enable early adoption of the new behavior, but this will become enabled by default in FreeBSD 15.x, affecting development setups that rely on cross-jail process management. gitref:5c6949e12ee6[repository=src]. The change fixes a race condition in the powerpc context switch code that could cause the system to hang after starting all APs, particularly in qemu-system-ppc64 power9 pseries guests. gitref:666599639cf6[repository=src]. [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers The man:mrsas[4] driver now supports the Fujitsu RAID Controller SAS 6Gbit/s 1GB (D3116), which is used in Fujitsu PRIMERGY servers like the RX300 S7. gitref:653099bcc191[repository=src]. The man:mfi[4] driver now supports the Fujitsu RAID Controller SAS 6Gbit/s 1GB (D3116) by adding its subvendor and subdevice IDs. gitref:3690911c355a[repository=src]. The NVMe driver now supports BAR5 for Table BIR and PBA BIR, enabling FreeBSD on Google Compute Engine C4 machines. gitref:dca645cd3112[repository=src]. {{< sponsored "Google" >}} The man:qat[4] driver now supports the 402xx device (IDs 0x4944/0x4945) under the existing qat_4xxx driver, and adds required firmware files. gitref:af51f41346ad[repository=src]. {{< sponsored "Intel Corporation" >}} The man:smartpqi[4] driver is updated to version 4660.0.2002, providing updated support for Microchip smartpqi controllers. gitref:ec98cb56861f[repository=src]. {{< sponsored "Microchip Technology Inc." >}} The man:ix[4] and man:ixv[4] drivers add support for the Intel Ethernet E610 family of devices, including new PCI IDs for backplane, SFP, 10 GbE, 2.5 GbE, and SGMII variants. This enables link speeds of 2.5G, 5G, and 10G on supported hardware. gitref:a728b96686e6[repository=src]. {{< sponsored "Intel Corporation" >}} The man:epair[4] driver now supports stable MAC addresses via the `net.link.epair.ether_gen_addr` sysctl. This helps maintain consistent DHCP and dynamic DNS assignments when epair interfaces are recreated, such as after jail restarts. The default behavior remains random MAC generation, but setting the sysctl to 1 enables stable addresses. gitref:02f70f6633fd[repository=src]. The man:iwlwifi[4] driver now includes ACPI support, enabling regulatory features for 802.11ax, 802.11be, and Per Platform Antenna Gain (PPAG) settings. gitref:c4496f82680c[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} [[drivers-removals]] === Deprecated and Removed Drivers The in-kernel MIDI sequencer is deprecated. This change adds a deprecation notice to the kernel and may affect applications that rely on this legacy interface. gitref:ab9c9443eec5[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage The new 9P filesystem implementation (man:p9fs[4]) has been added for use with bhyve virtio-9p devices. It allows guests to access host files via share mappings and can be used as a root or non-root filesystem. The driver is loaded via `virtio_p9fs_load=YES` in [.filename]#loader.conf#. gitref:615fba7c6b39[repository=src]. The man:tarfs[4] filesystem now correctly handles large files exceeding 4 GB and 8 GB limits. It fixes decompression errors when seeking beyond 4 GB in zstd-compressed tarballs and properly processes extended header records for files larger than 8 GB. gitref:35c612fbabd8[repository=src]. {{< sponsored "Klara, Inc." >}} The man:nullfs[4] and man:unionfs[4] filesystems now perform stricter checks for jail root vnodes during dotdot lookups, preventing a potential chroot escape vulnerability. gitref:3feafab4a34c[repository=src]. [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes The EFI boot loader now uses firmware-provided Blt functions only when using the Graphics Output Protocol (GOP), avoiding issues on older UGA-based systems like MacBooks. gitref:6741fb1bd4f4[repository=src]. The Raspberry Pi Zero 2W device tree blob is now included on the release SD card images, enabling support for this hardware model. gitref:fce5d401a803[repository=src]. The man:bsdinstall[8] installer now copies [.filename]#loader.efi# to all ESPs created for multi-volume ZFS datasets, providing boot redundancy if the primary disk fails. gitref:d8e73f45fc5f[repository=src]. {{< sponsored "Netflix" >}} Wireless firmware packages are now included on bootonly installation media, enabling users to fetch installation files over a wireless connection. gitref:2ee0f3c954e7[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network Compatibility code for IPFW versions prior to FreeBSD 8 has been removed to simplify the codebase. Users or third-party modules that still rely on the old compatibility interfaces must migrate before upgrading. gitref:57865e505aef[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} [.filename]#sbin/ipfw15# binary has been added with updated KBI for compatibility with 15.0+ kernels. The original man:ipfw[8] binary detects the new KBI and automatically runs ipfw15, ensuring firewall rules can be loaded during upgrades. The utility is also installed as [.filename]#/sbin/dnctl15# for dummynet compatibility. gitref:969e2b406835[repository=src]. [[wireless-networking]] === Wireless Networking The net80211 subsystem has been updated to properly support VHT160 and VHT80P80 channel widths with modern access points, aligning with changes from 802.11ac-2013 to 802.11-2020. This enables VHT160 and VHT80P80 in the LinuxKPI 802.11 driver compatibility code, affecting wireless performance and compatibility. gitref:ccdd6285df5d[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[hardware-virtualization]] === Virtualization Support man:bhyve[8] now reports SVM as disabled in the VM control register, preventing hangs on AMD systems with recent Windows guests. gitref:321a15380668[repository=src]. [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages Updates the UPDATING file to document that example files are now installed in [.filename]#/usr/share/examples# as intended, due to a prior fix in the build system. gitref:d149be3a0cbe[repository=src]. The shell man:builtin[1] command manual has been streamlined and gained a new section on built-in keyboard bindings. gitref:b98efcdb6210[repository=src] The man:newaliases[1] man page has been updated to clarify that it is for man:sendmail[8]. gitref:e3df9a78da6b[repository=src]. The man:ps[1] man page now documents that `-a` and `-A` show all processes regardless of other selection options, and clarifies the behavior of `-J`. gitref:f18a49a747f7[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} The man:write[2] manual page now includes a new section describing the atomicity guarantees of write operations. gitref:c19f161f5f65[repository=src]. Manual pages for several DTrace providers have been added, including man:dtrace_fbt[4] (function boundary tracing), man:dtrace_vfs[4] (VFS activity), man:dtrace_pid[4] (user-level process tracing),man:dtrace_priv[4] (privilege checks), and man:dtrace_callout_execute[4] (callout handler execution). gitref:0c91fa982437[repository=src], gitref:04bb91e9c5f7[repository=src], gitref:ff6b04c37e78[repository=src], gitref:f69bf8f994e5[repository=src], gitref:7d43404485bf[repository=src]. New or improved manuals have appeared for most Ethernet switch controllers including man:mtkswitch[4], man:ip17x[4], man:ar40xx[4], man:arswitch[4], man:e6000sw[4], and man:e6060sw[4]. gitref:f31ac06711e6[repository=src], gitref:17e9eb1e0eb7[repository=src], gitref:1343a5b616ec[repository=src], gitref:d0e29f92f7a2[repository=src], gitref:5e0e046d95a9[repository=src], gitref:ded154a1df97[repository=src]. man:linuxkpi[4] and man:linuxkpi_wlan[4] manual pages have been added providing brief documentation on the LinuxKPI and its 802.11 compatibility features. gitref:669062384f55[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} The man:vt[4] manual page now includes an example on increasing scrollback size and a section explaining console fonts, covering conversion, support, and usage. gitref:ce92b9d8332a[repository=src]. gitref:c330c43e58d7[repository=src]. The man:cdboot[8] manual page has been added, documenting the previously undocumented cdboot utility. gitref:d659366cc62a[repository=src]. The man:crash[8] manual page has been updated to reflect current system behavior, removing references to obsolete panic messages and updating guidance on recovery media. gitref:4f2140aa9677[repository=src]. The man:dumpon[8] manual page now shows settings to adjust the behavior of man:crash[8] dumps. gitref:7c8717183536[repository=src]. The man:ipfw[8] manual page now documents how to delete a NAT configuration instance. gitref:186ac4724746[repository=src]. The man:mtree[8] utility's man page is updated to clarify that the `type` keyword remains mandatory and is not removed by `-R all`. This ensures consistent behavior and prevents potential misinterpretation of the command. gitref:f957857c4835[repository=src]. The man:pf.conf[5] man page now documents that network address ranges used as items in list macros must be quoted with additional single quotes. gitref:0077daf9cdc4[repository=src]. The man:pw[8] manual page now clarifies the acceptable formats for member lists with the `-M`, `-m`, and `-d` flags of the `groupadd` and `groupmod` options. gitref:78343cd2a0f1[repository=src]. - -[[ports]] -== Ports Collection and Package Infrastructure - -This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. - -[[ports-packages]] -=== Packaging Changes - -[[future-releases]] -== General Notes Regarding Future FreeBSD Releases