diff --git a/website/archetypes/release/relnotes.adoc b/website/archetypes/release/relnotes.adoc index 7f79fe8e1d..896dbd0158 100644 --- a/website/archetypes/release/relnotes.adoc +++ b/website/archetypes/release/relnotes.adoc @@ -1,200 +1,200 @@ --- title: "FreeBSD X.0-RELEASE Release Notes" sidenav: download --- :localRel: X.0 :releaseCurrent: X.0-RELEASE :releaseBranch: X-STABLE :releasePrev: X.Y-RELEASE :releaseNext: X.Y-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |No advisories. | | |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |No notices. | | |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes [[userland-programs]] === Userland Application Changes [[userland-contrib]] === Contributed Software [[userland-deprecated-programs]] === Deprecated Applications [[userland-libraries]] === Runtime Libraries and API [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers [[drivers-removals]] === Deprecated and Removed Drivers [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[hardware-virtualization]] === Virtualization Support [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes [[future-releases]] == General Notes Regarding Future FreeBSD Releases diff --git a/website/content/en/releases/13.1R/relnotes.adoc b/website/content/en/releases/13.1R/relnotes.adoc index 233113eef1..c2171e970c 100644 --- a/website/content/en/releases/13.1R/relnotes.adoc +++ b/website/content/en/releases/13.1R/relnotes.adoc @@ -1,435 +1,435 @@ --- title: "FreeBSD 13.1-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 13.1-RELEASE :releaseBranch: 13-STABLE :releasePrev: 13.0-RELEASE :releaseNext: 13.2-RELEASE :releaseType: release include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. -This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/] or any of its mirrors. More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/] or any of its mirrors. More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. Users of all powerpc architectures, after successful kernel and world installation, will need to run manually "kldxref /boot/kernel". [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [IMPORTANT] ==== After upgrading, sshd (from OpenSSH 8.8p1) will not accept new connections until it is restarted. After installing the new userland, either reboot (as specified in the source update procedure), or execute `service sshd restart`. ==== //// XXX: gjb will fill this in just before the release is final [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [width="100%",cols="40%,30%,30%",options="header",] |=== |Advisory |Date |Topic |link:https://www.freebsd.org/security/advisories/FreeBSD-SA-20:31.icmp6.asc[FreeBSD-SA-20:31.icmp6] |1 December 2020 |Use-after-free in error message handling |=== [[errata]] === Errata Notices [width="100%",cols="40%,30%,30%",options="header",] |=== |Errata |Date |Topic |link:https://www.freebsd.org/security/advisories/FreeBSD-EN-20:19.audit.asc[FreeBSD-EN-20:19.audit] |1 December 2020 |execve/fexecve system call auditing |=== //// [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes // SAMPLE ENTRY: // A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`. {{< revision "364883" >}} (Sponsored by The FreeBSD Foundation) The `-i` flag is now added to man:rtsol[8] and man:rtsold[8] by default in `/etc/defaults/rc.conf`. gitref:a0fc5094bf4c[repository=src] (Sponsored by https://www.patreon.com/cperciva[https://www.patreon.com/cperciva]) [[userland-programs]] === Userland Application Changes The `-i` option has been added to man:rtsol[8] and man:rtsold[8] to disable the random delay between zero and one seconds, speeding up the boot process. gitref:8056b73ea163[repository=src] (Sponsored by https://www.patreon.com/cperciva[https://www.patreon.com/cperciva]) For 64-bit architectures, the base system is now built with Position Independent Executable (PIE) support enabled by default. It may be disabled using the `WITHOUT_PIE` knob. A clean build is required. gitref:396e9f259d96[repository=src] There is a new `zfskeys` man:rc[8] service script, which allows for automatic decryption of ZFS datasets encrypted with ZFS native encryption during boot. See the man:rc.conf[5] manual page for more information. gitref:33ff39796ffe[repository=src], gitref:8719e8a951b7[repository=src] (Sponsored by Modirum and Klara Inc.) The NVMe emulation in man:bhyve[8] has been upgraded to version 1.4 of the NVMe specification. gitref:b7a2cf0d9102[repository=src] - gitref:eae02d959363[repository=src] NVMe iovec construction for large IOs in man:bhyve[8] has been fixed. The problem was exposed by the UEFI driver included with Rocky Linux 8.4. gitref:a7761d19dacd[repository=src] Extra Alt Gr mappings for Brazillian Portuguese ABNT2 keyboards were added. gitref:310623908c20[repository=src] The `chroot` facility now supports unprivileged operation, and the man:chroot[8] program now has a `-n` option to enable its use. gitref:460b4b550dc9[repository=src] (Sponsored by EPSRC) The CAM library has been modified to use man:realpath[3] on device names before parsing them, which allows tools such as man:camcontrol[8] and man:smartctl[8] to be friendlier when symlinks are in use. gitref:e32acf95ea25[repository=src] man:md5sum[1] and similar message-digest programs compatible with those on Linux were added by having the corresponding BSD programs run with the `-r` option if the program name ends in `sum`. gitref:c0d5665be0dc[repository=src] (Sponsored by Netflix) man:svnlite[1] is disabled in the build by default. gitref:a4f99b3c2384[repository=src] man:mpsutil[8] has been extended to show adapter information and to control NCQ. gitref:395bc3598b47[repository=src] Problems after downloading firmware to a device using man:camcontrol[8] were fixed by forcing a rescan of the LUN after the firmware download. gitref:327da43602cc[repository=src] (Sponsored by Netflix) A new mode has been added to the scripted partition editor for variant disk names in man:bsdinstall[8]. If the disk parameter `DEFAULT` is set in place of an actual device name, or no disk is specified for the `PARTITIONS` parameter, the installer will follow the logic used in the automatic-partitioning mode, in which it will either provide a selection dialog for one of several disks if several are present or automatically select it if there is only one. This simplifies the creation of fully-automatic installation media for hardware or VMs with varying disk names. gitref:5ec4eb443e81[repository=src] [[userland-contrib]] === Contributed Software Building of LLDB has been enabled on all powerpc architectures. gitref:cb1bee9bd34[repository=src] One True Awk has been updated to the latest from upstream (20210215). All the FreeBSD patches but one have now been either upstreamed or discarded. Notable changes include: * Locale is no longer used for ranges * Various bugs fixed * Better compatibility with `gawk` and `mawk` The one remaining FreeBSD change, likely to be removed in FreeBSD 14, is that we still allow hex numbers, prefixed with `0x`, to be parsed and interpreted as hex numbers, while all other awks (now including One True Awk) interpret them as `0`, in line with awk's historic behavior. `zlib` has been upgraded to version 1.2.12. `libarchive` has been upgraded to verion 3.6.0 with additional bug and security fixes from the upcoming patchlevel release. Release notes are available at https://github.com/libarchive/libarchive/releases[https://github.com/libarchive/libarchive/releases]. The `ssh` package has been updated to OpenSSH v8.8p1, including a security update and bug fixes. Other updates include these changes: * man:ssh[1]: When prompting whether to record a new host key, accept that key's fingerprint as a synonym for "yes." * man:ssh-keygen[1]: When acting as a CA and signing certificates with an RSA key, default to using the `rsa-sha2-512` signature algorithm. * man:ssh[1]: `UpdateHostkeys` is enabled by default, subject to some conservative preconditions. * man:scp[1]: The behavior of remote to remote copies (e.g. `scp host-a:/path host-b:`) has been changed to transfer through the local host by default. * man:scp[1] has experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. The use of FIDO/U2F hardware authenticators has been enabled in `ssh`, using the new public key types `ecdsa-sk` and `ed25519-sk`, along with corresponding certificate types. FIDO/U2F support is described in https://www.openssh.com/txt/release-8.2[https://www.openssh.com/txt/release-8.2]. gitref:a613d68fff9a[repository=src] (Sponsored by The FreeBSD Foundation) [[userland-libraries]] === Runtime Libraries and API Assembly optimized code for OpenSSL has been added on powerpc, powerpc64 and powerpc64le. gitref:ce35a3bc852[repository=src] The detection of CPU features accelerating crypto operations for ARMv7 and ARM64 has been fixed, speeding up `aes-256-gcm` and `sha256` substantially. gitref:32a2fed6e71f[repository=src] (Sponsored by Ampere Computing LLC and Klara Inc.) Building ASAN and UBSAN libraries has been enabled on riscv64 and riscv64sf. gitref:8c56b338da7[repository=src] OFED libraries are now built on riscv64 and riscv64sf. gitref:2b978245733[repository=src] OPENMP libraries are now built on riscv64 and riscv64sf. gitref:aaf56e35569[repository=src] [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes Output corruption on serial console on powerpc64 has been fixed. gitref:dca829138ca[repository=src] CAS has been changed to support Radix MMU. gitref:cc8e726c85b[repository=src] Running FreeBSD with HPT superpages enabled on QEMU with TCG has been fixed on powerpc64(le). gitref:f05174ed354[repository=src] Superpages support has been added to pmap_mincore on powerpc64(le). gitref:32b50b8520d[repository=src] HWCAP/HWCAP2 aux args support was added on arm64 for 32-bit ARM binaries. This fixes build/run of golang under `COMPAT32` emulation. gitref:28e22482279f[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate")) [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers The man:igc[4] driver was introduced for the Intel I225 Ethernet controller. This controller supports 2.5G/1G/100Mb/10Mb speeds, and allows tx/rx checksum offload, TSO, LRO, and multi-queue operation. gitref:d7388d33b4dd[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate")) A fix for VGA / HDMI console with AST2500 during boot on powerpc64(le) has been added. gitref:c41d129485e[repository=src] PCI common read/write functions are fixed on big endian targets in man:virtio[4]. gitref:7e583075a41[repository=src], gitref:8d589845881[repository=src] Big-endian support has been added to man:mpr[4]. gitref:7d45bf699dc[repository=src], gitref:2954aedb8e5[repository=src], gitref:c80a1c1072d[repository=src] Max I/O size has been reduced to avoid DMA issues in man:aacraid[4]. gitref:572e3575dba[repository=src] A bug preventing a virtual guest using man:virtio_random[8] from shutting down or rebooting has been fixed. gitref:fa67c45842bb[repository=src] The man:ice[4] driver has been updated to 1.34.2-k, adding firmware logging and initial DCB support. gitref:a0cdf45ea1d1[repository=src] (Sponsored by Intel Corporation) The man:mgb[4] network interface driver has been added, with support for Microchip devices LAN7430 PCIe Gigabit Ethernet controller with PHY and LAN7431 PCIe Gigabit Ethernet controller with RGMII interface. The driver has a number of caveats and limitations, but is functional. gitref:e0262ffbc6ae[repository=src] (Sponsored by The FreeBSD Foundation) Support has been added for link status, media, and VLAN MTU with the man:cdce[4] device. gitref:973fb85188ea[repository=src] The man:iwlwifi[4] driver along with a LinuxKPI 802.11 compatibility layer was added to supplement man:iwm[4] for newer Intel Wireless chipsets. (Sponsored by The FreeBSD Foundation) Kernel crash dumps can now be saved on SD cards and eMMC modules using a `dwmmc` controller when the kernel is configured with the `MMCCAM` option. gitref:79c3478e76c3[repository=src] Kernel crash dumps can now be saved on SD cards using an `sdhci` controller when the kernel is configured with the `MMCCAM` option. gitref:8934d3e7b9b9[repository=src] [[drivers-platform]] === Supported Platforms Support has been added for the HiFive Unmatched RISC-V board. [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage [[storage-zfs]] === ZFS Changes ZFS has been upgraded to OpenZFS release 2.1.4. OpenZFS release notes can be found at https://github.com/openzfs/zfs/releases[https://github.com/openzfs/zfs/releases]. [[storage-nfs]] === NFS Changes Two new daemons, man:rpc.tlsclntd[8] and man:rpc.tlsservd[8], are now built by default on amd64 and arm64. They provide support for NFS-over-TLS as described in the Internet Draft entitled "Towards Remote Procedure Call Encryption By Default". These daemons are built when WITH_OPENSSL_KTLS is specified. They use KTLS to encrypt/decrypt all NFS RPC message traffic, and provide optional verification of machine identity via X.509 certificates. gitref:2c76eebca71b[repository=src] gitref:59f6f5e23c1a[repository=src] The default minor version used for an NFSv4 mount has been changed to the highest minor version supported by the NFSv4 server. This default can be overridden by using the `minorversion` mount option. gitref:8a04edfdcbd2[repository=src] A new NFSv4.1/4.2 mount option `nconnect` has been added that can be used to specify the number of TCP connections that will be used for the mount, up to a maximum of 16. The first (default) TCP connection will be used for all RPCs that consist of small RPC messages. The RPCs that can consist of large RPC messages (Read/Readdir/ReaddirPlus/Write) will be sent on the additional TCP connections in a round-robin fashion. If either the NFS client or NFS server have multiple network interfaces aggregated together, or a network interface that uses multiple queues, this can increase NFS performance for the mount. gitref:9ec7dbf46b0a[repository=src] A sysctl called `vfs.nfsd.srvmaxio` has been added that can be used to increase the NFS server's maximum I/O size from 128Kbytes to any power of 2 up to 1Mbyte. It can only be set when the nfsd threads are not running, and will normally require an increase in `kern.ipc.maxsockbuf` to at least the value recommended by the console log message generated when setting `vfs.nfsd.srvmaxio` is first attempted. gitref:9fb6e613373c[repository=src] [[storage-ufs]] === UFS Changes Following gitref:5cc52631b3b8[repository=src], man:fsck_ffs[8] did not work for background fsck in preen mode where UFS was tuned for soft updates without soft update journaling. Fixed: gitref:fb2feceac34c[repository=src] [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes UEFI boot is improved for amd64. The loader detects whether the loaded kernel can handle the in-place staging area (non-copying mode). The default is `copy_staging auto`. Auto-detection can be overridden, for example: with `copy_staging enable`, the loader will unconditionally copy the staging area to 2M, regardless of kernel capabilities. Also, the code to grow the staging area is more robust; for growth to occur, it's no longer necessary to hand-tune and recompile the loader. (Sponsored by https://www.freebsdfoundation.org[The FreeBSD Foundation]) `boot1` and `loader` have been fixed on powerpc64le. gitref:8a62b07bce7[repository=src] [[boot-process]] === Other Boot Changes Performance improvements have been made to man:loader[8], man:nvme[4], man:random[4], man:rtsold[8], and x86 clock calibration, which collectively yield a significant speedup in system boot time. Configuration changes on the EC2 platform provide additional benefits, resulting in {releaseCurrent} booting over twice as fast as {releasePrev}. (Sponsored by https://www.patreon.com/cperciva[https://www.patreon.com/cperciva]) EC2 images are now built by default to boot using UEFI instead of legacy BIOS. Note that UEFI is not supported by Xen-based EC2 instances or by "bare metal" EC2 instances. gitref:65f22ccf8247[repository=src] (Sponsored by https://www.patreon.com/cperciva[https://www.patreon.com/cperciva]) Support was added for recording EC2 AMI Ids in the AWS Systems Manager Parameter Store. FreeBSD will be using the public prefix `/aws/service/freebsd`, resulting in parameter names which look like `/aws/service/freebsd/amd64/base/ufs/13.1/RELEASE`. gitref:242d1c32e42c[repository=src] (Sponsored by https://www.patreon.com/cperciva[https://www.patreon.com/cperciva]) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network The handling of the lowest address on an IPv4 (sub)net (host 0) has been changed so that packets are not sent as a broadcast unless this address has been set as the broadcast address. This makes the lowest address usable for a host. The old behavior can be restored with the `net.inet.ip.broadcast_lowest` sysctl. See https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-lowest-address/[https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-lowest-address/] for background information. gitref:3ee882bf21af[repository=src] [[future-releases]] == General Notes Regarding Future FreeBSD Releases [[future-releases-cputype]] === Default `CPUTYPE` Change Starting with FreeBSD-13.0, the default `CPUTYPE` for the i386 architecture will change from `486` to `686`. This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. FreeBSD 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support. As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically. There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception. As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the `COMPAT_FREEBSD32` option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux(R) distributions have been doing for quite some time. This is expected to be the final bump of the default `CPUTYPE` in i386. [IMPORTANT] ==== This change does not affect the FreeBSD 12.x series of releases. ==== diff --git a/website/content/en/releases/13.2R/relnotes.adoc b/website/content/en/releases/13.2R/relnotes.adoc index 966f0a7b5c..222d3eda7b 100644 --- a/website/content/en/releases/13.2R/relnotes.adoc +++ b/website/content/en/releases/13.2R/relnotes.adoc @@ -1,430 +1,430 @@ --- title: "FreeBSD 13.2-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 13.2-RELEASE :releaseBranch: 13-STABLE :releasePrev: 13.1-RELEASE :releaseNext: 13.3-RELEASE :releaseType: release include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. The link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure] will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. Users of all PowerPC architectures, after successful kernel and world installation, must run `kldxref /boot/kernel` manually. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up **all** data and configuration files. ==== [IMPORTANT] ==== After installing the new userland software, running daemons are still from the previous version. After installing the user-level components with the second invocation of freebsd-update, or via an upgrade from source with `installworld`, the system should be rebooted to start everything with the new software. For example, older versions of `sshd` failed to process incoming connections correctly after the new [.filename]#/usr/sbin/sshd# was installed; rebooting started a new `sshd` and other daemons. ==== //// XXX: gjb will fill this in just before the release is final [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [width="100%",cols="40%,30%,30%",options="header",] |=== |Advisory |Date |Topic |link:https://www.freebsd.org/security/advisories/FreeBSD-SA-20:31.icmp6.asc[FreeBSD-SA-20:31.icmp6] |1 December 2020 |Use-after-free in error message handling |=== [[errata]] === Errata Notices [width="100%",cols="40%,30%,30%",options="header",] |=== |Errata |Date |Topic |link:https://www.freebsd.org/security/advisories/FreeBSD-EN-20:19.audit.asc[FreeBSD-EN-20:19.audit] |1 December 2020 |execve/fexecve system call auditing |=== //// [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes // SAMPLE ENTRY: // A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`. // gitref:1234567890ab[repository=src] (Sponsored by The FreeBSD Foundation) The man:growfs[7] startup script will now add a swap partition while expanding the root file system if possible, and if one did not previously exist. This is primarily useful when installing on an SD card using a raw image. A new man:rc.conf[5] variable has been added, `growfs_swap_size`, which can control the addition if necessary. See man:growfs[7] for details. The `zfskeys` startup script supports autoloading of keys stored on ZFS. gitref:2411090f6940[repository=src] (Sponsored by Klara Inc.) A new RC script, `zpoolreguid` has been added, which will assign a new GUID to one or more zpools, useful for virtualization environments when sharing datasets. The `hostid` startup script will now generate a random (version 4) UUID if there is no [.filename]#/etc/hostid# file and no valid UUID from hardware. Also, if there is no [.filename]#/etc/machine-id# file, the `hostid_save` script will store a compact version of the hostid (one without hyphens) in [.filename]#/etc/machine-id#. This file is used by libraries such as GLib. gitref:17333d92643d[repository=src] gitref:a379d5c5efb2[repository=src] gitref:71d88613d129[repository=src] It is now possible to add default routes for FIBs other than the primary by using the `defaultrouter_fibN` and `ipv6_defaultrouter_fibN` man:rc.conf[5] variables. gitref:c6ec1b441ad3[repository=src] (Sponsored by ScaleEngine Inc.) [[userland-programs]] === Userland Application Changes The man:bhyve[8] utility has gained virtio-input device emulation support. This will be used to inject keyboard/mouse input events into a guest. The command line syntax is: `-s ,virtio-input,/dev/input/eventX`. gitref:6192776124c5[repository=src] The man:kdump[1] utility has gained support for decoding Linux system calls. The man:killall[1] utility now allows sending signals to processes with their controlling terminal on man:pts[4] using the syntax `-t pts/N`. gitref:a76fa7bb6cb7[repository=src] An man:nproc[1] utility has been added, compatible with the Linux program of the same name. The man:timeout[1] utility has been moved from [.filename]#/usr/bin# to [.filename]#/bin#. The man:pciconf[8] utility has added support for decoding ACS extended capability. gitref:dde4103a465b[repository=src] (Sponsored by Chelsio Communications) The man:procstat[1] utility can now print information about advisory locks on files with the newly added `advlock` command. gitref:f9daaf452a8a[repository=src] The man:pwd_mkdb[8] utility no longer copies comments from [.filename]#/etc/master.passwd# to [.filename]#/etc/passwd#. gitref:3e955733117d[repository=src] MSS clamping has been improved for man:ppp[8]. gitref:301bff9bdd62[repository=src] Metric aliasing has been changed in man:prometheus_sysctl_exporter[8] to avoid confusing Prometheus server due to conflicting metric names. The `tcp_log_bucket` UMA zone has been renamed to `tcp_log_id_bucket`, and `tcp_log_node` was renamed to `tcp_log_id_node` for consistency. Sysctl variables with `(LEGACY)` in their descriptions are no longer being exported, these are used by ZFS sysctls that have been replaced by others, many of which alias to the same Prometheus metric name (like `vfs.zfs.arc_max` and `vfs.zfs.arc.max`). gitref:e4f508d5a211[repository=src] (Sponsored by Axcient) The man:uuidgen[1] utility has a new option `-r` to generate a random UUID, version 4. gitref:8fd1953b7eb2[repository=src] When invoked by man:inetd[8], `ctlstat -P` will now produce output suitable for ingestion into Prometheus; see man:ctlstat[8]. gitref:f7896015fcde[repository=src] (Sponsored by Axcient) [[userland-contrib]] === Contributed Software Gavin Howard's `bc` has been upgraded to version 6.2.4. `expat` (`libbsdxml`) has been upgraded to version 2.5.0. `file` has been upgraded to version 5.43. `less` has been upgraded to version 608. `libarchive` has been upgraded to version 3.6.2 with many reliability fixes. Release notes are available at https://github.com/libarchive/libarchive/releases[]. `libedit` has been upgraded to version 2022-04-11. `LLVM` and the `clang` compiler have been upgraded to version 14.0.5. Supported `LLVM` sanitizers are now enabled on `powerpc64` and variants. `mandoc` has been upgraded to version 1.14.6. `OpenSSH` has been upgraded to version 9.3p1. `OpenSSL` has been upgraded to version 1.1.1t. -`sendmail` has been upgraded to version 8.17.1. +`sendmail` has been upgraded to version 8.17.1. gitref:68e86d5265bc[repository=src] `sqlite3` has been upgraded to version 3.40.1. `tzcode` has been upgraded to version 2022g with improved timezone change detection and reliability fixes. `tzdata` has been upgraded to version 2023c. `unbound` has been upgraded to version 1.17.1. `xz` has been upgraded to version 5.4.1. `xz-embedded` has been upgraded to 3f438e15109229bb14ab45f285f4bff5412a9542. `zlib` has been upgraded to version 1.2.13. [[userland-libraries]] === Runtime Libraries and API Support of SHA-512/224 has been added to `libmd`. gitref:e04ee7d95ef6[repository=src] (Sponsored by Klara, Inc.) Linux-style system call tracing is now supported by man:sysdecode[3] and man:kdump[1]. The native pthread library functions can now support Linux semantics. [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes The man:bhyve[8] hypervisor and kernel module man:vmm[4] now support more than 16 vCPUs in a guest. By default bhyve permits each guest to create the same number of vCPUs as the count of physical CPUs on the host. This limit can be adjusted via the loader tunable `hw.vmm.maxcpu`. gitref:3e02f8809aec[repository=src] Address Space Layout Randomization (ASLR) is enabled for 64-bit executables by default. It can be disabled as needed if applications fail unexpectedly, for example with segmentation faults. To disable for a single invocation, use the man:proccontrol[1] command: `proccontrol -m aslr -s disable command`. To disable ASLR for all invocations of a binary, use the man:elfctl[1] command: `elfctl -e +noaslr file`. Problems should be reported via the problem reporting system, https://bugs.freebsd.org[], or posting to the `freebsd-stable@FreeBSD.org` mailing list. gitref:10192e77cfac[repository=src] (Sponsored by Stormshield) A workaround has been implemented for a hardware page invalidation problem on Intel Alder Lake (twelfth generation) and Raptor Lake (thirteenth generation) hybrid CPUs. The bug can lead to file system corruption with UFS and MSDOSFS, and probably other memory corruption. The slower cores (E-cores) automatically use a slower method of page invalidation with the workaround. gitref:567cc4e6bfd9[repository=src] (Sponsored by The FreeBSD Foundation) A new kernel configuration knob is available, `SPLIT_KERNEL_DEBUG`, which controls splitting of kernel and module debug data into separate standalone files. This interacts with the `WITHOUT_KERNEL_SYMBOLS` option, which operates differently than in 13.0-RELEASE and {releasePrev}, but similarly to prior releases; it now controls only installation of the debug data. The defaults are `WITH_KERNEL_SYMBOLS` and `WITH_SPLIT_KERNEL_DEBUG`, allowing the kernel and modules without debug data to be installed in [.filename]#/boot#, and standalone debugging files to be installed in [.filename]#/usr/lib/debug#, as was done by default in releases before 13.0-RELEASE. Using `WITHOUT_KERNEL_SYMBOLS` and `WITH_SPLIT_KERNEL_DEBUG`, standalone debugging files are generated but not installed, as when using `WITHOUT_KERNEL_SYMBOLS` in releases before 13.0-RELEASE. Finally, using `WITHOUT_KERNEL_SYMBOLS` and `WITHOUT_SPLIT_KERNEL_DEBUG` installs the kernel and modules with built-in debugging information in [.filename]#/boot#, as in {releasePrev} using `WITHOUT_KERNEL_SYMBOLS`. gitref:0c4d13c521aa[repository=src] (Sponsored by The FreeBSD Foundation) On the PowerPC, a radix pmap in pseries is supported for ISA 3.0. This should make pseries significantly faster on POWER9 instances, as fewer hypercalls are needed to manage pmap now. gitref:c74c77531248[repository=src] Support for man:ptrace[2] is now available for Linux processes on arm64. gitref:99950e8beb72[repository=src] In order to facilitate ABI compatibility of `stable` branches, the CPU affinity system calls are now more tolerant of CPU sets that are smaller than used by the kernel. This will facilitate increases to the size of the kernel set, `MAXCPU`. gitref:72bc1e6806cc[repository=src] 64-bit man:linux[4] ABI support was added for saving CPU floating point state across signal delivery. gitref:0b82c544de58[repository=src], gitref:20d601714206[repository=src] vDSO (virtual dynamic shared object) support has been nearly completed in the man:linux[4] ABI. gitref:a340b5b4bd48[repository=src] The state of the arm64 man:linux[4] ABI was brought to parity with the amd64 man:linux[4] ABI. gitref:0b82c544de58[repository=src], gitref:a340b5b4bd48[repository=src] [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers The man:em[4] driver now correctly supports the full range of receive buffer sizes available on newer chips 82580 and i350. gitref:3f8306cf8e2d[repository=src] The man:ena[4] driver has been upgraded to version 2.6.2. (Sponsored by Amazon, Inc.) Basic support for Intel Alder Lake CPUs has been implemented for man:hwpmc[4]. gitref:b8ef2ca9eae9[repository=src] The man:ice[4] driver has been updated to version 1.37.7-k. The man:irdma[4] RDMA driver was introduced for the Intel E810 Ethernet Controller, supporting both RoCEv2 and iWARP protocols in per-PF manner, RoCEv2 being the default, and was upgraded to version 1.1.5-k. gitref:42bad04a2156[repository=src] (Sponsored by Intel Corporation) Initial support is now available for DPAA2 (second generation Data Path Acceleration Architecture – a hardware-level networking architecture found in some NXP SoCs). It runs NXP-supplied firmware which provides DPAA2 objects as an abstraction layer, and provides a `dpni` network interface. gitref:d5a64a935bc9[repository=src] (Sponsored by Bare Enthusiasm :) and Traverse Technologies) The man:iwlwifi[4] driver for Intel wireless interfaces was updated. (Sponsored by The FreeBSD Foundation) The man:rtw88[4] driver was added to support several Realtek wireless PCI interfaces. It is currently limited to 802.11 a/b/g operation. See https://wiki.freebsd.org/WiFi/Rtw88[] for additional information. There were many additions and improvements to the KPI for support of Linux device drivers. (Sponsored by The FreeBSD Foundation) [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-nfs]] === NFS Changes A problem causing NFS server hangs has been fixed; the problem was caused by a bug with SACK handling in TCP. [[storage-ufs]] === UFS Changes It is now possible to take snapshots on UFS filesystems when running with journaled soft updates. Thus it is now possible to do background dumps on live filesystems running with journaled soft updates. Background dumps are requested by using the `-L` flag to man:dump[8]. (In previous releases UFS snapshots were incompatible with journaled soft updates.) gitref:3f908eed27b4[repository=src] (Sponsored by The FreeBSD Foundation) [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes The `teken.fg_color` and `teken.bg_color` man:loader.conf[5] variables now accept a `bright` or `light` prefix (and color numbers 8 through 15) to select bright colors. gitref:1dcb6002c500[repository=src] (Sponsored by The FreeBSD Foundation). See also gitref:233ab015c0d7[repository=src] Several bugs have been fixed in man:loader[8] that caused the video console output to disappear. These appeared to be hangs after the boot loader starts the kernel. (Sponsored by Netflix) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network The kernel man:wg[4] WireGuard driver has been reintegrated; it provides Virtual Private Network (VPN) interfaces using the WireGuard protocol. gitref:5ae69e2f10da[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate") and The FreeBSD Foundation) KTLS (the kernel TLS implementation) has added receive offload support for TLS 1.3. Receive offload is now supported for TLS 1.1 through 1.3; send offload is supported for TLS 1.0 through 1.3. gitref:1462dc95f796[repository=src] (Sponsored by Netflix) The man:netlink[4] network configuration protocol is now available. It is a communication protocol defined in RFC 3549, and uses a raw socket to exchange configuration information between user space and kernel. It is used by third-party routing programs and by the man:linux[4] ABI. The man:netlink[4] protocol is not included in the GENERIC configuration in {releaseCurrent}, but is available as a kernel module. gitref:6058f6cc48f5[repository=src] Radix tables and lookups are now supported for MAC addresses in man:ipfw[4]. This allows MAC address tables to be constructed and used for filtering. gitref:c31f8b7bd895[repository=src] Kernel modules dpdk_lpm4 and dpdk_lpm6 are now available and can be loaded via man:loader.conf[5]. They provide optimized routing functions for hosts with a very large amount of routing tables. They can be configured via man:route[8] and are part of the modular FIB lookup mechanism. gitref:0ca122044369[repository=src] There are numerous bug fixes in TCP and SCTP. [[future-releases]] == General Notes Regarding Future FreeBSD Releases `OPIE` has been deprecated and will be removed in FreeBSD 14.0. The man:ce[4] and man:cp[4] synchronous serial drivers have been deprecated and will be removed in FreeBSD 14.0. Drivers for ISA sound cards have been deprecated and will be removed in FreeBSD 14.0. gitref:d7620b6ec941[repository=src] (Sponsored by The FreeBSD Foundation) The man:mergemaster[8] utility has been deprecated and will be removed in FreeBSD 14.0. Its replacement is man:etcupdate[8]. gitref:5fa16e3c50c5[repository=src] (Sponsored by The FreeBSD Foundation) The man:minigzip[1] utility has been deprecated and will be removed in FreeBSD 14.0. gitref:84d3fc26e3a2[repository=src] The remaining components of ATM in netgraph (NgATM) have been deprecated and will be removed in FreeBSD 14.0. Support for ATM NICs was removed previously. The Telnet daemon, man:telnetd[8], has been deprecated and will be removed in FreeBSD 14.0. The Telnet client is not affected. The VINUM class in man:geom[8] has been deprecated and will be removed in a future release. [[future-releases-cputype]] === Default `CPUTYPE` Change Starting with FreeBSD-13.0, the default `CPUTYPE` for the i386 architecture will change from `486` to `686`. This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. FreeBSD 13.x will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support. As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically. There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception. As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the `COMPAT_FREEBSD32` option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux(R) distributions have been doing for quite some time. This is expected to be the final bump of the default `CPUTYPE` in i386. [IMPORTANT] ==== This change does not affect the FreeBSD 12.x series of releases. ==== diff --git a/website/content/en/releases/13.3R/relnotes.adoc b/website/content/en/releases/13.3R/relnotes.adoc index 6067355d7c..fad01dc7a3 100644 --- a/website/content/en/releases/13.3R/relnotes.adoc +++ b/website/content/en/releases/13.3R/relnotes.adoc @@ -1,330 +1,330 @@ --- title: "FreeBSD 13.3-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 13.3-RELEASE :releaseBranch: 13-STABLE :releasePrev: 13.2-RELEASE :releaseNext: 13.4-RELEASE :releasePrev14: 14.0-RELEASE :releaseType: release include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD {releaseBranch} since {releasePrev}. Note that some of the changes described here are also available in FreeBSD {releasePrev14}. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up **all** data and configuration files. ==== [IMPORTANT] ==== After installing the new userland software, running daemons are still from the previous version. After installing the user-level components with the second invocation of freebsd-update, or via an upgrade from source with `installworld`, the system should be rebooted to start everything with the new software. For example, older versions of `sshd` failed to process incoming connections correctly after the new [.filename]#/usr/sbin/sshd# was installed; rebooting started a new `sshd` and other daemons. ==== //// XXX: Release Engineering Lead will fill this in just before the release is final [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [width="100%",cols="40%,30%,30%",options="header",] |=== |Advisory |Date |Topic |link:https://www.freebsd.org/security/advisories/FreeBSD-SA-20:31.icmp6.asc[FreeBSD-SA-20:31.icmp6] |1 December 2020 |Use-after-free in error message handling |=== [[errata]] === Errata Notices [width="100%",cols="40%,30%,30%",options="header",] |=== |Errata |Date |Topic |=== //// [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes // SAMPLE ENTRY: // A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`. // gitref:1234567890ab[repository=src] (Sponsored by The FreeBSD Foundation) The man:libtacplus[3] library has been improved so that man:tacplus.conf[5] now follows POSIX shell syntax rules. This may cause TACACS+ authentication to fail if the shared secret contains a single quote, double quote, or backslash character which isn't already properly quoted or escaped. The library allows additional AV pairs to be configured, up to 255. gitref:5761f8a7de9f[repository=src] (Sponsored by Klara, Inc.) Programs such as man:login[1] that utilize man:setusercontext[3] will now allow the process priority to be set from the [.filename]#~/.login_conf# file if the credentials permit setting it. Also, the priority may be specified in man:login.conf[5] as `inherit`, indicating that the process priority is inherited from the parent process. Similarly, the `umask` value may now be specified as `inherit`. gitref:8b359002747a[repository=src] gitref:e074746fec21[repository=src] gitref:16e02df98ad6[repository=src] (Sponsored by Kumacom SAS) The configuration file and security output changes reported by man:periodic[8] that are emailed to system administrators now use reduced context to minimize unrelated content. The options passed to man:diff[1] to produce the daily output can be controlled by a `daily_diff_flags` variable in man:rc.conf[5]; the options passed to man:diff[1] for the security scripts are controlled by `security_status_diff_flags`. gitref:4c14a3a6aebe[repository=src] gitref:6d9195b5f763[repository=src] The default location for downloading leapsecond information has been updated to use the canonical source, as the previous location was no longer supported. gitref:d19b59cfe594[repository=src] The man:powerd[8] daemon is now enabled by default in [.filename]#/etc/rc.conf# on the arm64 `RPI` image for Raspberry Pi systems, allowing the system to run at full speed as needed. Users with non-default turbo settings may want to disable it. gitref:e889b5a892b6[repository=src] The umask for a service may now be specified in man:rc.conf[5] using the variable _umask, where the service is named . gitref:2d6a03dd43c7[repository=src] [[userland-programs]] === Userland Application Changes The man:head[1] and man:tail[1] programs now support the `-q` (quiet) and `-v` (verbose) options consistently. Numeric arguments may now use SI suffixes supported by man:expand_number[3]. gitref:585762c3733f[repository=src] The man:objdump[1] utility from LLVM is now available. Some LLVM objdump options have a different output format than GNU objdump; man:readelf[1] is available for inspecting ELF files, and GNU objdump is available from the [.filename]#devel/binutils# port or package. The man:tftpd[8] server can be configured to allow writes to files in a chrooted environment that are not world-writable using the new `-S` option. gitref:b71dde1aeba2[repository=src] [[userland-contrib]] === Contributed Software `expat` has been upgaded to version 2.6.0. Several Heimdal security fixes have been applied to mitigate vulnerabilities in the Kerberos Key Distribution Center. The `libfido2` authentication token library has been updated to version 1.13.0. gitref:b27bad1e0373[repository=src] gitref:079a1c2059e7[repository=src] gitref:d79e0d1735e3[repository=src] (Sponsored by The FreeBSD Foundation) `LLVM` and the `clang` compiler have been upgraded to version 17.0.6. `nvi` (man:vi[1]) has been upgraded to version 2.2.1. -`sendmail` has been upgraded to version 8.18.1. +`sendmail` has been upgraded to version 8.18.1. This version enforces stricter RFC compliance by default, especially with respect to line endings. This may cause issues with receiving messages from non-compliant MTAs; please see the first 8.18.1 release note in link:https://ftp.sendmail.org/RELEASE_NOTES[] for mitigations. gitref:b36ddb27b3b9[repository=src] `OpenSSH` has been updated to version 9.6p1, including a number of security fixes. The most significant are fixes for a newly-discovered weakness in the SSH transport protocol. man:ssh-keygen[1] now generates Ed25519 keys by default. man:sshd[8] now accurately preserves quoting of subsystem commands and arguments. gitref:f26eafdfafb0[repository=src] gitref:221a6bc397ad[repository=src] gitref:2cd20d9bc807[repository=src] (Sponsored by The FreeBSD Foundation) `tzdata` has been upgraded to version 2024a. `unbound` has been upgraded to version 1.19.1, including security fixes. gitref:c6edb21e3763[repository=src] `xz` has been upgraded to version 5.4.5. The man:zlib[3] library has been updated to version 1.3.1. gitref:f2de7ba78a49[repository=src] gitref:05e3998add1c[repository=src] [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes The man:intro[9] introduction to the kernel programming interfaces has been completely rewritten. gitref:5a0c410787b8[repository=src] (Sponsored by The FreeBSD Foundation) [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers Multiple PCI MCFG regions are now supported on x86 systems, enabling support for PCI config access for domains (segments) other than 0. gitref:0fb0306a89ad[repository=src] A problem with the `graid` implementation of Promise RAID1 created with 4 or more disks has been fixed. The array worked only until reboot. gitref:394ceefc2f2f[repository=src] The man:iwlwifi[4] driver for Intel wireless interfaces has been updated, supporting chipsets up to BE200. (Sponsored by The FreeBSD Foundation) (Sponsored by minipci.biz) The man:rtw88[4] driver for Realtek wireless PCI interfaces has been updated. There have been many stability fixes to native and LinuxKPI-based wireless drivers. (Sponsored by The FreeBSD Foundation) The man:smsc[4] driver for USB Ethernet adapters will now obtain the MAC address from bootargs on Raspberry Pi systems that pass it, and will otherwise fall back to use of man:ether_gen_addr[9] to generate a stable MAC address if none is provided by the hardware. gitref:3d96ee7c7dcc[repository=src] [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage In the course of debugging and resolving a problem with vnode recycling in the generic file system code, sysctls for vnode-related statistics have been grouped under `vfs.vnode` for greater visibility. gitref:77a8bd148796[repository=src] [[storage-nfs]] === NFS Changes The NFS server (man:nfsd[8], man:nfsuserd[8], man:mountd[8], man:gssd[8], and man:rpc.tlsservd[8]) can be run in an appropriately configured vnet jail. The vnet jail must be on its own file system, have the `allow.nfsd` jail parameter set on it, and `enforce_statfs` cannot be set to `0`. Use of UDP and pNFS server configurations are not permitted. See man:jail[8], man:nfsd[8], and man:mountd[8]. gitref:b4805d577787[repository=src] A new `syskrb5` mount option is available that allows a Kerberized NFSv4.1/4.2 mount to be done without any Kerberos credential (TGT or keytab) at mount time. See man:mount_nfs[8]. gitref:0644746d5091[repository=src] [[storage-zfs]] === ZFS Changes `OpenZFS` has been upgraded to version 2.1.14. gitref:7005cd440405[repository=src] gitref:e6c1e181ba7f[repository=src] gitref:d9a61490b098[repository=src] gitref:f5eac6541278[repository=src] The man:zfsd[8] daemon will now fault disks that generate too many I/O delay events. gitref:e2ce586899ff[repository=src] (Sponsored by Axcient) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network The logging priority of syslog messages due to overflow of a socket listen queue can now be set using the sysctl `kern.ipc.sooverprio`. The default is 7, corresponding to LOG_DEBUG. A value of -1 suppresses logging. See man:listen[2]. gitref:773c91ccc892[repository=src] The netgraph man:ng_ipfw[4] module no longer truncates cookies to 16 bits, allowing a full 32 bits. gitref:0b9242dea68c[repository=src] Support for IPv6 RFC 4620 nodeinfo is now disabled by default. gitref:5c4e8a631097[repository=src] (Sponsored by The FreeBSD Foundation) pf filter rules can be optionally enabled for packets delivered locally to enable pf rdr rules for connections initiated from the host. This can change the behavior of rules which match packets delivered to `lo0`. To enable this feature, use the commands `sysctl net.pf.filter_local=1; service pf restart`. When enabled, it is best to ensure that packets delivered locally are not filtered, e.g. by adding a `set skip on lo` rule. gitref:6dfb2c2dce0f[repository=src] [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not fit in other sections of this document. [[hardware-arch]] === Hardware Architecture Support The BeagleBone Black (armv7) is no longer supported; it does not work with the current boot files (DTB). [[hardware-virtualization]] === Virtualization Support The Google Virtual NIC (man:gve[4]) is now supported. gitref:4e846759f0a3[repository=src] (Sponsored by Google) [[future-releases]] == General Notes Regarding Future FreeBSD Releases FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. We expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. However, we also anticipate that armv7 may be removed in FreeBSD 16.0. We will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. With the current support schedule, stable/14 will reach end of life (EOL) 5 years after the release of FreeBSD {releasePrev14}. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of {releasePrev14} in November 2023, support for deprecated 32-bit platforms will end in November 2028. The project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms. Use FreeBSD {releasePrev14} and following minor releases, or the stable/14 branch, to migrate off 32-bit platforms. diff --git a/website/content/en/releases/13.4R/relnotes.adoc b/website/content/en/releases/13.4R/relnotes.adoc index b63bc2a77e..686f6ca34b 100644 --- a/website/content/en/releases/13.4R/relnotes.adoc +++ b/website/content/en/releases/13.4R/relnotes.adoc @@ -1,321 +1,321 @@ --- title: "FreeBSD 13.4-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 13.4-RELEASE :releaseBranch: 13-STABLE :releasePrev: 13.3-RELEASE :releaseNext: 13.5-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:03.unbound.asc[FreeBSD-SA-24:03.unbound] |28 March 2024 |Multiple vulnerabilities in Unbound |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh] |01 July 2024 |OpenSSH pre-authentication remote code execution |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf] |07 August 2024 |pf incorrectly matches different ICMPv6 states in the state table |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace] |07 August 2024 |man:ktrace[2] fails to detach when executing a setuid binary |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient] |07 August 2024 |NFS client accepts file names containing path separators |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh] |07 August 2024 |OpenSSH pre-authentication async signal safety issue |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv] |04 September 2024 |Multiple vulnerabilities in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via TPM device passthrough |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] |04 September 2024 |Multiple issues in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via USB controller |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] |04 September 2024 |Possible DoS in X.509 name checks in OpenSSL |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |04 September 2024 |umtx Kernel panic or Use-After-Free |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:05.tty.asc[FreeBSD-EN-24:05.tty] |28 March 2024 |TTY Kernel panic |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:06.wireguard.asc[FreeBSD-EN-24:06.wireguard] |28 March 2024 |Insufficient barriers in WireGuard man:if_wg[4] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:07.clang.asc[FreeBSD-EN-24:07.clang] |28 March 2024 |Clang crash when certain optimization is enabled |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:08.kerberos.asc[FreeBSD-EN-24:08.kerberos] |28 March 2024 |Kerberos segfaults when using weak crypto |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:09.zfs.asc[FreeBSD-EN-24:09.zfs] |24 April 2024 |High CPU usage by kernel threads related to ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSD-EN-24:10.zfs] |19 June 2024 |Kernel memory leak in ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11.ldns] |19 June 2024 |LDNS uses nameserver commented out in resolv.conf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12.killpg] |19 June 2024 |Lock order reversal in killpg causing livelock |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libcpass:[++].asc[FreeBSD-EN-24:13.libc++] |19 June 2024 |Incorrect size passed to heap allocated std::string delete |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14.ifconfig] |07 August 2024 |Incorrect ifconfig netmask assignment |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar] |04 September 2024 |man:cron[8] / man:periodic[8] session login |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-programs]] === Userland Application Changes `libcapsicum` has been improved to cache more time zone information. This change reduces the number of calls to man:tzset[3] and improves performance. [[userland-contrib]] === Contributed Software `sqlite3` has been upgraded to 3.46.0. `OpenSSH` has been to upgraded to 9.7p1. This release contains mostly bugfixes. It also makes support for the DSA signature algorithm a compile-time option, with plans to disable it upstream later this year and remove support entirely in 2025. LLVM and the `clang` compiler have been upgraded to version 18.1.5. `bc` has been updated to version 6.7.6. `atf` has been updated to 0.22 snapshot 55c21b2c. `libarchive` has been updated to 3.7.4. `capsicum-test` has been updated to snapshot eab7a83b. [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers The man:irdma[4] driver has been updated. The man:ice[4] driver has been updated. Support for SIM7600G has been added to man:u3g[4]. There have been many stability fixes to native and LinuxKPI-based wireless drivers. (Sponsored by The FreeBSD Foundation) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-protocols]] == Network Protocols Lots of improvements to the network stack, including performance improvements and bug fixes for the man:sctp[4] stack. Specifically, support for the SCTP checksum offload feature has been added to the loopback interface. [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/13.4R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[processor]] === Processor Support Added support for AMD Ryzen 7 "Phoenix" processors (family 0x19, model 0x70-0x7f) to the man:amdsmn[4] and man:amdtemp[4] drivers. This enables temperature readings of these CPUs via sysctl. The sensors function identically to those for the "Raphael" processors (model 0x60-0x6f); only the PCI device ID differs. [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages References to the legacy `disklabel` utility have been removed in favour of gpart. Future FreeBSD releases will remove this tool entirely. [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes The DVD package set has been modernized. package:archivers/unzip[] has been removed as it is in base now. package:emulators/linux_base-c7[] has been removed as it is unlikely to be useful without other Linux packages being installed. package:ports-mgmt/portmaster[] has been removed as it has been discouraged in favour of using pkg and binary packages. package:x11-drivers/xf86-video-vmware[] has been removed as it is no longer useful with the current version of xorg-server. package:devel/git[] has been replaced with package:devel/git@lite[] as this is sufficient for most purposes. package:sysutils/seatd[] and package:x11-wm/sway[] have been added for Wayland support. [[future-releases]] == General Notes Regarding Future FreeBSD Releases FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. The FreeBSD Project expects to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. However, the Project also anticipates that armv7 may be removed in FreeBSD 16.0. The Project will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD 14.0-RELEASE. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of 14.0-RELEASE in November 2023, support for deprecated 32-bit platforms will end in November 2028. The Project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms. diff --git a/website/content/en/releases/13.5R/relnotes.adoc b/website/content/en/releases/13.5R/relnotes.adoc index c455e420bc..6677a204a1 100644 --- a/website/content/en/releases/13.5R/relnotes.adoc +++ b/website/content/en/releases/13.5R/relnotes.adoc @@ -1,450 +1,450 @@ --- title: "FreeBSD 13.5-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 13.5-RELEASE :releaseBranch: 13-STABLE :releasePrev: 13.4-RELEASE :releaseNext: 13.5-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch since {releasePrev}. The {releaseNext} is expected to be the final release from the {releaseBranch} branch. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |man:bhyve[8] out-of-bounds read access via XHCI emulation |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:17.bhyve.asc[FreeBSD-SA-24:17.bhyve] |29 October 2024 |Multiple issues in the bhyve hypervisor |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc[FreeBSD-SA-24:18.ctl] |29 October 2024 |Unbounded allocation in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:19.fetch.asc[FreeBSD-SA-24:19.fetch] |29 October 2024 |Certificate revocation list man:fetch[1] option fails |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc[FreeBSD-SA-25:01.openssh] |29 January 2025 |OpenSSH Keystroke Obfuscation Bypass |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc[FreeBSD-SA-25:02.fs] |29 January 2025 |Buffer overflow in some filesystems via NFS |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate] |29 January 2025 |Unprivileged access to system files |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace] |29 January 2025 |Uninitialized kernel memory disclosure via man:ktrace[2] |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh] |21 February 2025 |Multiple vulnerabilities in OpenSSH |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16.pf] |19 September 2024 |Incorrect ICMPv6 state handling in pf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:17.pam_xdg.asc[FreeBSD-EN-24:17.pam_xdg] |29 October 2024 |XDG runtime directory's file descriptor leak at login |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:01.rpc.asc[FreeBSD-EN-25:01.rpc] |29 January 2025 |NULL pointer dereference in the NFSv4 client |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:02.audit.asc[FreeBSD-EN-25:02.audit] |29 January 2025 |System call auditing disabled by DTrace |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:03.tzdata.asc[FreeBSD-EN-25:03.tzdata] |29 January 2025 |Timezone database information update |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-contrib]] === Contributed Software `libpcap` has been consecutively updated to 1.10.3, 1.10.4 and 1.10.5. gitref:7aedea868535[repository=src], gitref:e6efc827e47a[repository=src] and gitref:68ddf72800f8[repository=src]. (Sponsored by The FreeBSD Foundation) `tpcdump` has been consecutively updated to 4.99.4 and 4.99.5. gitref:e5258a079df3[repository=src] and gitref:094f44ea0358[repository=src]. (Sponsored by The FreeBSD Foundation). `tzdata` has been consecutively updated to 2024b and 2025a. gitref:59ffae6c0c7a[repository=src] and gitref:2d6dcb4f97f8[repository=src]. `expat` has been consecutively updated to 2.6.3 and 2.6.4. gitref:bab279022ba2[repository=src] and gitref:3d46113d2196[repository=src]. `less` has been updated to v668. gitref:eed6d080a74f[repository=src]. `file` has been updated consecutively to 5.45 and 5.46. gitref:90222d7fa4bb[repository=src] and gitref:dcb4ac96fcf6[repository=src]. `xz` has been updated consecutively to 5.6.2 and 5.6.3. gitref:45230e7f9298[repository=src] and gitref:aa2f56a6ecd6[repository=src]. Some functionalities of `libusb` have been merged from the 1.0.16 version. gitref:02ef8e4061ab[repository=src]. (Sponsored by The FreeBSD Foundation) `tzcode` has been updated to 2024b. gitref:036ce2460cbc[repository=src]. (Sponsored by Klara, Inc.) With multiple intermediary commits and version updates llvm-project has been updated to release/19.x llvmorg-19.1.7-0-gcd708029e0b2. gitref:2611bae42b7d[repository=src]. This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp. man:libarchive[3] has been updated to 3.7.7. gitref:6c7993ffba96[repository=src]. man:unbound[8] has been consecutively updated to 1.21.0, 1.21.1 and 1.22.0. gitref:7217d74d1085[repository=src], gitref:d10c9c15a3a4[repository=src] and gitref:741bb8476204[repository=src]. wpa has been updated to 2.11. gitref:87b2a3073aaf[repository=src]. `bc` has been consecutively updated to 7.0.0 and 7.0.2. gitref:1d669b3d15bc[repository=src] and gitref:bb18c65a9177[repository=src]. `sqlite3` has been updated to 3.46.1. gitref:bee9d305ee57[repository=src]. OpenSSH has been consecutively updated to 9.8p1, 9.9p1 and 9.9p2. gitref:b74bb7f01193[repository=src], gitref:cb8e164fbb15[repository=src] and gitref:31dcdee20afc[repository=src]. (Sponsored by The FreeBSD Foundation) [[userland-deprecated-programs]] === Deprecated Applications and Features Update deprecation warning to note that man:gvinum[8] is removed in 15.0. gitref:8126ed28bda6[repository=src]. man:shar[1] has been deprecated and deprecation notice has been added. gitref:0d946859c994[repository=src]. The man:shar[1] program is simple, but the fundamental idea of a sh archive is risky at best and one that probably should not be promoted as prominently as a program in `$PATH` and a manpage. The same functionality can easily be found in man:tar[1] instead. While OpenSSH plans to remove support for the DSA signature algorithm in early 2025, FreeBSD 13.5-RELEASE and the stable/13 branch are not expected to receive upstream vendor code updates. However, potential security issues in imported components may necessitate the removal of DSA signature support during the branch's lifetime. [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers Purism coreboot keyboards support was added. gitref:dfdcb418d7b8[repository=src]. Support of Realtek 8156/8156B was moved from man:cdce[4] to man:ure[4]. gitref:1b0af7617e6c[repository=src]. (Sponsored by The FreeBSD Foundation) Support for Brainboxes USB-to-Serial adapters were added. gitref:c3a377dbbb87[repository=src]. [[drivers-removals]] === Deprecated and Removed Drivers man:agp[4] has been planned for removal in FreeBSD 15.0, and the man page now states that it is deprecated. gitref:8375d2b9c653[repository=src]. [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage Allow to pass {NGROUPS_MAX} + 1 groups in man:mountd[8]. gitref:927d7d57793a[repository=src]. NGROUPS_MAX is just the minimum maximum of the number of allowed supplementary groups. The actual runtime value may be greater. Allow more groups to be specified accordingly. man:nmount[2] has been changed similarly. (Sponsored by The FreeBSD Foundation) Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106. gitref:dfe803fdbc54[repository=src]. Add microsecond precision for disk latency for man:gstat[8]. gitref:d81b0f5e43f0[repository=src]. (Sponsored by Postgres Professional) Fix cd9660 duplicate directory names. gitref:79778b7aafc8[repository=src]. This issue was at first introduced in FreeBSD 14.2-RELEASE which caused it creating cd9660 images with duplicate short (level 2) names in the installer images. (Sponsored by The FreeBSD Foundation) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network Convert PF_DEFAULT_TO_DROP into a vnet loader tunable `net.pf.default_to_drop`. gitref:cb162f659578[repository=src]. gitref:7f7ef494f11d[repository=src] introduced a compile time option PF_DEFAULT_TO_DROP to make the man:pf[4] default rule to drop. While this change exposes a vnet loader tunable `net.pf.default_to_drop` so that users can change the default rule without re-compiling the man:pf[4] module. This change is similar to that for IPFW gitref:5f17ebf94db5[repository=src]. Add AIM to man:igc[4] driver. gitref:eaa616f02193[repository=src]. man:igc[4] is derived from man:igb[4] and has never had an AIM implementation. The same algorithm from e1000 is appropriate here. The AIM algorithm was re-introduced from the older igb or out of tree driver, and then modernized with permission to use Intel code from other drivers. (Sponsored by Rubicon Communications, LLC/Netgate and BBOX.io) Re-add AIM to e1000 driver. gitref:a527aa7a7f62[repository=src]. (Sponsored by Rubicon Communications, LLC/Netgate and BBOX.io) Old itr sysctl handler has been removed from the e1000 driver. gitref:a42c3e61504b[repository=src]. With the new AIM code, it is expected most users will not need to manually tune this. (Sponsored by BBOX.io) Improve SFP support man:igb[4] driver. gitref:cf6a8711e437[repository=src]. (Sponsored by Nozomi Networks and BBOX.io) man:igb[4] driver version has been updated to 2.5.28-fbsd. gitref:a446e9481531[repository=src]. `if_bypass` from man:ixgbe[4] has been updated to ix-3.3.38. gitref:5121d1b91209[repository=src]. `if_ix` from man:ixgbe[4] has been updated with ix-3.3.38 changes. gitref:78d9eb6de856[repository=src]. `ixgbe_mbx` from man:ixgbe[4] has been updated with ix-3.3.38 changes. gitref:fa00169e26ff[repository=src]. `ixgbe_phy` from man:ixgbe[4] has been updated with ix-3.3.38 changes. gitref:b1dadbcebdfd[repository=src]. `if_sriov` from man:ixgbe[4] has been updated with ix-3.3.38 changes. gitref:deea1953820e[repository=src]. man:ena[4] driver version has been updated to 2.8.0. gitref:2e7ba5d93e2d[repository=src]. (Sponsored by Amazon, Inc.) [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/13.5R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[hardware-virtualization]] === Virtualization Support Teach man:sysctl[8] to attach and run itself in a jail. gitref:5b0a5d8c1ea3[repository=src]. This allows the parent jail to retrieve or set kernel state when child does not have man:sysctl[8] installed (for example light weighted OCI containers or slim jails). This is especially useful when manipulating jail prison or vnet sysctls. For example, `sysctl -j foo -Ja` or `sysctl -j foo net.fibs=2`. Teach man:ip6addrctl[8] to attach and run itself in a jail. gitref:fa9926a62ae3[repository=src]. This will make it easier to manage address selection policies of vnet jails, especially for those light weighted OCI containers or slim jails. Enable vnet man:sysctl[9] variables to be loader tunable. gitref:d2a999c2e0a0[repository=src]. Completes phase two of gitref:3da1cf1e88f8[repository=src]. The meaning of the flag CTLFLAG_TUN is extended to automatically check if there is a kernel environment variable which shall initialize the sysctl during early boot. In memoriam of Hans Petter Selasky. Add flags to filter jail prison and vnet variables via man:sysctl[8]. gitref:09cbd68e4e47[repository=src]. So users do not have to contact the source code to tell whether a variable is a jail prison / vnet one or not. Define a common `mac` node for jail parameters of MAC. gitref:ae2383c0dd16[repository=src]. To be used by MAC/do. (Sponsored by The FreeBSD Foundation) `ORACLE VMSIZE` was bumped to accommodate growth. gitref:75cd2f886164[repository=src]. OCI was renamed to ORACLE in releng tooling. gitref:aad6a5f96b78[repository=src]. This allows future releng tooling to use OCI for the industry standard Open Container Initiative tooling, reducing potential for confusion Oracle Cloud Infrastructure. (Sponsored by SkunkWerks, GmbH) [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages Refer to man:graid[8] and man:zfs[8] instead of man:gvinum[8] in man:ccdconfig[8]. gitref:9e3c356f11a9[repository=src]. man:ixgbe[4] has been renamed to man:ix[4]. gitref:c07626eaa21a[repository=src]. [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes The KDE desktop environment has been removed from the installer images due to compatibility issues with OpenSSL 1.1.1 and upcoming package breakages. [[installer]] === Installation and Upgrading An option was added to edit the ZFS pool creation options in bsdinstall zfsboot. gitref:6258b5bf0670[repository=src]. This allows the default options (`-O compress=lz4 -O atime=off`) to be overridden, before the ZFS boot pool is created. For example, to set the compression algorithm to something different. Chase location of pkg repo databases. gitref:ef6b3c58883d[repository=src]. pkg used to store copies of upstream repository databases in `/var/db/pkg/repo-\*.sqlite`. About a year ago this was moved to `/var/db/pkg/repos/*/`, resulting in FreeBSD cloud images no longer having those databases removed. (Sponsored by Amazon) [[future-releases]] == General Notes Regarding Future FreeBSD Releases FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. The FreeBSD Project expects to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. However, the Project also anticipates that armv7 may be removed in FreeBSD 16.0. The Project will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD 14.0-RELEASE. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of 14.0-RELEASE in November 2023, support for deprecated 32-bit platforms will end in November 2028. The Project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms. diff --git a/website/content/en/releases/14.1R/relnotes.adoc b/website/content/en/releases/14.1R/relnotes.adoc index 576d206a33..4c5315a9d6 100644 --- a/website/content/en/releases/14.1R/relnotes.adoc +++ b/website/content/en/releases/14.1R/relnotes.adoc @@ -1,361 +1,361 @@ --- title: "FreeBSD 14.1-RELEASE Release Notes" sidenav: download --- :releaseCurrent: 14.1-RELEASE :releaseBranch: 14-STABLE :releasePrev: 14.0-RELEASE :releaseNext: 14.2-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |No advisories. | | |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |No notices. | | |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes A new `kdc_restart` variable is available that manages man:kdc[8] (or `krb5kdc`) under man:daemon[8]. Set `kdc_restart="YES"` in man:rc.conf[5] to auto restart kdc on abnormal termination. Set `kdc_restart_delay="N"` to the number of seconds to delay before restarting the kdc. gitref:abc4b3088941[repository=src] By default, changes shown in email by the man:periodic[8] facility from the `daily` scripts show less context than before to reduce the size of the output. The behavior can be controlled by the `daily_diff_flags` variable in man:periodic.conf[5]. Similarly, the changes shown by the security scripts show less context than previously, controlled by the `security_status_diff_flags` variable in man:periodic.conf[5]. gitref:538994626b9f[repository=src], gitref:37dc394170a5[repository=src], gitref:128e78ffb084[repository=src] [[userland-programs]] === Userland Application Changes The man:adduser[8] utility, used by man:bsdinstall[8], will now create a ZFS dataset for a new user's home directory if the parent directory resides on a ZFS dataset. A command-line option is available to disable use of a separate dataset. ZFS encryption is also available. gitref:516009ce8d38[repository=src] The man:date[1] program now supports nanoseconds. For example: `date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and `date +%N` prints "415050400". gitref:eeb04a736cb9[repository=src] The man:dtrace[1] utility can now generate machine-readable output in JSON, XML, and HTML using man:libxo[3]. gitref:aef4504139a4[repository=src] (Sponsored by Innovate UK) The man:lastcomm[1] utility now displays timestamps with a precision of seconds. gitref:692c0a2e80c1[repository=src] (Sponsored by DSS Gmbh) The man:ldconfig[8] utility now supports hints files of either byte order. The default format is the native byte-order of the host. gitref:fa7b31166ddb[repository=src] OpenSSH has been upgraded to version 9.7p1. Full release notes are at https://www.openssh.com/txt/release-9.7[] and https://www.openssh.com/txt/release-9.6[] . gitref:a25789646d71[repository=src], gitref:464fa66f639b[repository=src] (Sponsored by The FreeBSD Foundation) The man:usbconfig[8] utility now reads the descriptions of usb vendor and products from [.filename]#/usr/share/misc/usb_vendors# when available, similar to what man:pciconf[8] does. gitref:7b9a772f9f64[repository=src] [[userland-contrib]] === Contributed Software One True Awk (man:awk[1]) has been updated to 2nd Edition, with new -csv support and UTF-8 support. gitref:daf917daba9c[repository=src] Clang/LLVM have been upgraded to version 18.1.5. gitref:90a5e985e5f4[repository=src] The man:libarchive[3] library has been upgraded to version 3.7.4. gitref:8774c92e32b2[repository=src] The man:sendmail[8] suite has been upgraded to version 8.18.1, addressing CVE-2023-51765. gitref:58ae50f31e95[repository=src] The man:unbound[8] resolver has been upgraded to version 1.20.0, and addresses "`The DNSBomb`" vulnerability, CVE-2024-33655. gitref:dcde37c4170b[repository=src] [[userland-libraries]] === Runtime Libraries and API The man:setusercontext[3] routine in `libutil` will now set the process priority (nice) from the [.filename]#.login.conf# file from the home directory under appropriate conditions, as well as the system man:login.conf[5]. The priority can now have the value `inherit`, indicating that the priority should be unchanged from that of the parent process. Similarly, the umask can have the value `inherit`. gitref:6f6186e19fe5[repository=src], gitref:a8c273b3c97f[repository=src], gitref:d2d66fedc418[repository=src] (Sponsored by Kumacom SAS) Many string and memory operations in the C library now use SIMD (single instruction multiple data) extensions for improved performance when available on amd64 systems; see man:simd[7]. (Sponsored by The FreeBSD Foundation) There is now a much better implementation of the 128-bit `tgammal` function in the math library, man:math[3], on platforms that support it. gitref:8df6c930c151[repository=src] [[cloud]] == Cloud Support This section covers changes in support for cloud environments. {releaseCurrent} supports cloudinit, including the `nuageinit` startup script and support for a `config-drive` partition. It is compatible with OpenStack and many hosting facilities. See the https://cloud-init.io[cloud-init] web site and the commit messages, gitref:16a6da44e28d[repository=src] gitref:227e7a205edf[repository=src]. (Sponsored by OVHcloud) [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes The `fpu_kern_enter` and `fpu_kern_leave` routines have been implemented for powerpc, allowing the use of man:ossl[4] crypto functions in the kernel that use floating point and vector registers. gitref:91e53779b4fc[repository=src] [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers A driver is available for man:ice[4] Ethernet network controllers in the Intel E800 series, which support 100 Gb/s operation. It was upgraded to version 1.39.13-k. gitref:71d104536b51[repository=src] gitref:f6de0a7c94e9[repository=src] (Sponsored by Intel Corporation) Numerous stability improvements have been in the man:iwlwifi[4] driver for Intel Wi-Fi devices. (Sponsored by The FreeBSD Foundation) Multiple PCI MCFG regions are now supported on amd64 and i386, allowing PCI configuration space access for domains (segments) other than 0. gitref:4b5f64408804[repository=src] The man:smsc[4] Ethernet driver can now fetch the value of `smsc95xx.macaddr` passed by some Raspberry Pi models and use it for the MAC address. It always uses a stable MAC address even if there is no address in EEPROM. gitref:028e4c6548e4[repository=src] The `snd_clone` framework has been removed from the sound subsystem, including related sysctls, simplifying the system. The per-channel nodes ([.filename]#/dev/dspX.Y#) are no longer created, just the primary device ([.filename]#/dev/dspX#). gitref:e6c51f6db8d7[repository=src] (Sponsored by The FreeBSD Foundation) Audio now supports asynchronous device detach. This greatly simplifies hot plugging and unplugging of things such as USB headsets, and eases use of PulseAudio in cases that require operating system sleep and wake (suspend and resume). gitref:d692c314d29a[repository=src] (Sponsored by The FreeBSD Foundation) [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-nfs]] === NFS The man:mountd[8] server has been modified to use man:strunvis[3] to decode directory names in man:exports[5] file(s). This allows special characters, such as blanks, to be embedded in the directory name. `vis -M` may be used to encode such directory names; see man:vis[1]. gitref:2c83f1ada435[repository=src] New man:sysctl[8] variables have been added under `kern.rpc.unenc` and `kern.rpc.tls`, which allow an NFS server administrator to determine how much NFS-over-TLS is being used. A large number of failed handshakes might indicate an NFS configuration problem. gitref:b8e137d8d32d[repository=src] [[storage-ufs]] === UFS Soft updates are now enabled by default when creating a new UFS file system with man:newfs[8]. gitref:6b2af2d88ffd[repository=src] [[storage-zfs]] === ZFS OpenZFS has been upgraded to version 2.2.4. gitref:78c9d8f1ce65[repository=src] [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes The man:loader[8] now reads local configuration files listed in the variable `local_loader_conf_files` after other configuration files, defaulting to [.filename]#/boot/loader.conf.local#. gitref:a25531db0fc2[repository=src] The man:loader[8] can now be configured to read specific configuration files based on the planar maker, planar product, system product and uboot m_product variables from the SMBIOS. For the moment, the best documentation is the git commit message, gitref:3eb3a802a31b[repository=src]. Console detection in man:loader[8] has been improved on EFI systems. If there is no ConOut variable, ConIn is checked. If multiple devices are found, serial is preferred. gitref:20a6f4779ac6[repository=src] (Sponsored by Netflix) Frame buffer support in man:loader[8] can now use a text-only video driver, resulting in space savings. gitref:57ca2848c0aa[repository=src] (Sponsored by Netflix) The detection of ACPI is now done earlier in man:loader.efi[8] on arm64 systems. The copy of [.filename]#loader.efi# on the EFI partition should be updated on arm64 systems using ACPI. gitref:05cf4dda599a[repository=src] gitref:16c09de80135[repository=src] The LinuxBoot loader can be used to boot FreeBSD from Linux on aarch64 systems as well as amd64. gitref:46010641267[repository=src] (Sponsored by Netflix) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network ARP (man:arp[4]) support for 802-standard networks has been restored; it had been accidentally removed with FDDI support. (This is different than the Ethernet standard encapsulation.) gitref:d776dd5fbd48[repository=src] It is possible to build a kernel with IPv6 support (INET6) without IPv4 (INET). gitref:6df9fa1c6b83[repository=src] and others The netgraph man:ng_ipfw[4] module no longer truncates cookies to 16 bits, allowing a full 32 bits. gitref:dadf64c5586e[repository=src] [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/14.1R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages A new man:networking[7] manual page provides a quickstart guide to connecting the system to networks including Wi-Fi, and links to other manual pages and the handbook. gitref:39f92a4c4c49[repository=src] [[future-releases]] == General Notes Regarding Future FreeBSD Releases FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. We expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. However, we also anticipate that armv7 may be removed in FreeBSD 16.0. We will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. With the current support schedule, stable/14 will reach end of life (EOL) 5 years after the release of FreeBSD {releasePrev}. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of {releasePrev} in November 2023, support for deprecated 32-bit platforms will end in November 2028. The project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms. Use FreeBSD {releasePrev} and following minor releases, or the stable/14 branch, to migrate off 32-bit platforms. diff --git a/website/content/en/releases/14.2R/relnotes.adoc b/website/content/en/releases/14.2R/relnotes.adoc index 963791679a..7aeda8dfac 100644 --- a/website/content/en/releases/14.2R/relnotes.adoc +++ b/website/content/en/releases/14.2R/relnotes.adoc @@ -1,467 +1,467 @@ --- title: "FreeBSD 14.2-RELEASE Release Notes" sidenav: download --- :localRel: 14.2 :releaseCurrent: 14.2-RELEASE :releaseBranch: 14-STABLE :releasePrev: 14.1-RELEASE :releaseNext: 14.3-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh] |01 July 2024 |OpenSSH pre-authentication remote code execution |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf] |07 August 2024 |pf incorrectly matches different ICMPv6 states in the state table |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace] |07 August 2024 |man:ktrace[2] fails to detach when executing a setuid binary |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient] |07 August 2024 |NFS client accepts file names containing path separators |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh] |07 August 2024 |OpenSSH pre-authentication async signal safety issue |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv] |04 September 2024 |Multiple vulnerabilities in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via TPM device passthrough |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] |04 September 2024 |Multiple issues in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via USB controller |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] |04 September 2024 |Possible DoS in X.509 name checks in OpenSSL |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |04 September 2024 |umtx Kernel panic or Use-After-Free |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |man:bhyve[8] out-of-bounds read access via XHCI emulation |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:17.bhyve.asc[FreeBSD-SA-24:17.bhyve] |29 October 2024 |Multiple issues in the bhyve hypervisor |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc[FreeBSD-SA-24:18.ctl] |29 October 2024 |Unbounded allocation in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:19.fetch.asc[FreeBSD-SA-24:19.fetch] |29 October 2024 |Certificate revocation list man:fetch[1] option fails |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSD-EN-24:10.zfs] |19 June 2024 |Kernel memory leak in ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11.ldns] |19 June 2024 |LDNS uses nameserver commented out in resolv.conf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12.killpg] |19 June 2024 |Lock order reversal in killpg causing livelock |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libcpass:[++].asc[FreeBSD-EN-24:13.libc++] |19 June 2024 |Incorrect size passed to heap allocated std::string delete |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14.ifconfig] |07 August 2024 |Incorrect ifconfig netmask assignment |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar] |04 September 2024 |man:cron[8] / man:periodic[8] session login |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16.pf] |19 September 2024 |Incorrect ICMPv6 state handling in pf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:17.pam_xdg.asc[FreeBSD-EN-24:17.pam_xdg] |29 October 2024 |XDG runtime directory's file descriptor leak at login |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-programs]] === Userland Application Changes An option has been added to change the directory in man:env[1] which closely resembles the feature in the GNU version of env although it does not support long options. gitref:08e8554c4a39[repository=src] (Sponsored by Klara, Inc.) [[userland-contrib]] === Contributed Software `bc` has been upgraded to 7.0.2. gitref:90ea553a0d30[repository=src] `libarchive` has been upgraded to 3.7.7. gitref:2ae238160f20[repository=src] `libcbor` has been upgraded to 0.11.0. gitref:1755b9daa693[repository=src] (Sponsored by The FreeBSD Foundation) `libcxxrt` has been upgraded to vendor snapshot 6f2fdfebcd62. gitref:d0dcee46d971[repository=src] `libfido2` has been upgraded to 1.14.0. gitref:128bace5102e[repository=src] (Sponsored by The FreeBSD Foundation) `libpcap` has been upgraded to 1.10.5. gitref:26f21a6494b4[repository=src] (Sponsored by The FreeBSD Foundation) `llvm` has been upgraded to 18.1.6. gitref:f1e3279983d6[repository=src] `openssl` has been upgraded to 3.0.15. gitref:cc43f991ab3e[repository=src] `tcpdump` has been upgraded to 4.99.5. gitref:ec3da16d8bc1[repository=src] (Sponsored by The FreeBSD Foundation) `unbound` has been upgraded to 1.22.0. gitref:0a096a7b3ae8[repository=src] [[userland-libraries]] === Runtime Libraries and API man:fma[3] now returns correctly-signed zero when provided certain small inputs (as observed in the Python test suite). gitref:dc39004bc670[repository=src] (Sponsored by The FreeBSD Foundation) The `cap_rights_is_empty` function has been added. It reports whether a `cap_rights_t` has no rights set. gitref:e77813f7e4a3[repository=src] (Sponsored by The FreeBSD Foundation) [[userland-deprecated-programs]] === Deprecated Applications man:fdisk[8] has been deprecated in favor of man:gpart[8] for a long time but has not been removed, running this application will show a warning to migrate to man:gpart[8]. gitref:3958be5c29da[repository=src] (Sponsored by The FreeBSD Foundation) The accuracy of man:asinf[3] and man:acosf[3] has improved. gitref:33c82f11c267[repository=src] [[cloud]] == Cloud Support This section covers changes in support for cloud environments. The `nuageinit` startup script now supports OpenStack network config. gitref:ea310d18b222[repository=src] (Sponsored by OVHcloud) The FreeBSD project is now publishing OCI-compatible container images. gitref:8a688fcc242e[repository=src] The FreeBSD project is now publishing Oracle Cloud Infrastructure images. See the link:https://cloudmarketplace.oracle.com/marketplace/app/freebsd-release[Oracle Cloud Infrastructure FreeBSD Listing] for more information. gitref:77b296a2582b[repository=src] The "shutdown" and "reboot" API in the Amazon EC2 cloud now work for arm64 instances. Older instances upgraded to FreeBSD {releaseCurrent} will need to have `debug.acpi.quirks="8"` set in `/boot/loader.conf`. gitref:28b881840df7[repository=src] (Sponsored by Amazon) The FreeBSD projects now publishes "small" EC2 images; these are the "base" images minus debug symbols, tests, 32-bit libraries, the LLDB debugger, the Amazon SSM Agent, and the AWS CLI. gitref:953142d6baf3[repository=src] (Sponsored by Amazon) [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers `ena` has been upgraded to 2.8.0. gitref:6bf02434bd9a[repository=src] (Sponsored by Amazon, Inc.) `ice` has been upgraded to 1.43.2-k. gitref:38a1655adcb3[repository=src] (Sponsored by Intel Corporation) `ice_ddp` has been upgraded to 1.3.41.0. gitref:a9d78bb714e3[repository=src] (Sponsored by Intel Corporation) Tiger Lake-H support has been added to the man:hda[4] driver. gitref:dbb6f488df6e[repository=src] Meteor Lake support has been added to the man:ichsmb[4] driver. gitref:14c22e28e4ee[repository=src] (Sponsored by Framework Computer Inc) (Sponsored by The FreeBSD Foundation) Meteor Lake support has been added to the man:ig4[4] driver. gitref:56f0fc0011c2[repository=src] A new wireless driver supporting some Realtek chipsets is available: man:rtw89[4]. gitref:a2d1e07f6451[repository=src] (Sponsored by The FreeBSD Foundation) Support for Realtek 8156/8156B has been moved from from man:cdce[4] to man:ure[4] for improved performance and reliability. gitref:630077a84186[repository=src] (Sponsored by The FreeBSD Foundation) Support for ACPI GPIO _AEI objects has been added. gitref:1db6ffb2a482[repository=src] (Sponsored by Amazon) man:nvme[4] and man:nvmecontrol[8] have been enabled on all architectures. gitref:24687a65dd7f[repository=src], gitref:aba2d7f89dcf[repository=src] (Sponsored by Chelsio Communications and Netflix) [[drivers-removals]] === Deprecated and Removed Drivers man:agp[4] has been planned for removal in FreeBSD 15.0, and the man page now states that it is deprecated. gitref:92af7c97e197[repository=src] man:syscons[4] has been planned for removal in future releases, and has been noted as deprecated in the man pages to notify users to migrate to man:vt[4]. gitref:2bc5b1d60512[repository=src] (Sponsored by The FreeBSD Foundation) [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-zfs]] === ZFS OpenZFS has been upgraded to version 2.2.6. gitref:755e773877e9[repository=src] [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes The BIOS boot loader added back support for gzip and bzip2, but removed support for graphics mode (by default) to address size problems. (The EFI boot loader is unchanged with support for all of those.) gitref:4d3b05a8530e[repository=src] (Sponsored by Netflix) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-protocols]] === Network Protocols Lots of improvements to the network stack, including performance improvements and bug fixes for the man:sctp[4] stack. Descriptors returned by man:sctp_peeloff[2] now inherit capabilities from the parent socket. gitref:ae3d7e27abc9[repository=src] (Sponsored by The FreeBSD Foundation) [[network-general]] === General Network AIM(Adaptive Interrupt Moderation) support has been added to the man:igc[4] driver. gitref:472a0ccf847a[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io) This feature has also been added to the man:lem[4], man:em[4] and man:igb[4] drivers. A major regression in UDP performance introduced in FreeBSD 12.0, including NFS over UDP, is believed to be fixed with this change. gitref:49f12d5b38f6[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io) [[wireless-networking]] === Wireless Networking The LinuxKPI, particularly for 802.11, has been enhanced to improve the stability of wireless drivers such as man:iwlwifi[4]. (Sponsored by The FreeBSD Foundation) [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[processor]] === Processor Support The maximum IOAPIC ID has been increased to 255, fixing a boot failure on certain high-core-count AMD CPUs. gitref:18119e711f1c[repository=src] (Sponsored by The FreeBSD Foundation) Nominal support for POWER10 and POWER11 has been added. gitref:f9f006df1535[repository=src] [[hardware-virtualization]] === Virtualization Support The NVMM hypervisor is now detected. gitref:34f40baca641[repository=src] The VNC server in man:bhyve[8] will now show the correct colors when using the package:www/novnc[] client. gitref:f9e09dc5b1d5[repository=src] Under Hyper-V, TLB flushes are now performed using hypercalls rather than IPIs, providing up to a 40% improvement in TLB performance. gitref:7ece5993b787[repository=src] (Sponsored by Microsoft) [[linuxulator]] === Linux Binary Compatibility The `AT_NO_AUTOMOUNT` flag is now ignored for all Linuxulator stat() variants (as the behavior specified by the flag already matches FreeBSD's), improving Linux application compatibility. gitref:99d3ce80ba07[repository=src] (Sponsored by The FreeBSD Foundation) [[multimedia]] == Multimedia Many improvements to the audio stack including support for hot-swapping in man:mixer[8], and the addition of man:mididump[1]. gitref:cf9d2fb18433[repository=src] (Sponsored by The FreeBSD Foundation) gitref:7224e9f2d4af[repository=src] (Sponsored by The FreeBSD Foundation) [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[Installer]] === Installer The FreeBSD installer, man:bsdinstall[8], now supports downloading and installing firmware packages after the FreeBSD base system installation is complete. gitref:03c07bdc8b31[repository=src] (Sponsored by The FreeBSD Foundation) [[ports-packages]] === Packaging Changes The package:net/wifi-firmware-kmod@release[] package has been added to the DVD package set in order to provide necessary firmware for wifi drivers. gitref:8c6df7ead19c[repository=src] (Sponsored by The FreeBSD Foundation) [[future-releases]] == General Notes Regarding Future FreeBSD Releases FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. The FreeBSD Project expects to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. However, the Project also anticipates that armv7 may be removed in FreeBSD 16.0. The Project will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD 14.0-RELEASE. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of 14.0-RELEASE in November 2023, support for deprecated 32-bit platforms will end in November 2028. The Project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms. diff --git a/website/content/en/releases/14.3R/relnotes.adoc b/website/content/en/releases/14.3R/relnotes.adoc index 5ab5b6e14a..d37ac36aaa 100644 --- a/website/content/en/releases/14.3R/relnotes.adoc +++ b/website/content/en/releases/14.3R/relnotes.adoc @@ -1,537 +1,537 @@ --- title: "FreeBSD 14.3-RELEASE Release Notes" sidenav: download --- :localRel: 14.3 :releaseCurrent: 14.3-RELEASE :releaseBranch: 14-STABLE :releasePrev: 14.2-RELEASE :releaseNext: X.Y-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic | https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc[FreeBSD-SA-25:01.openssh] | 2025-01-29 | OpenSSH Keystroke Obfuscation Bypass | https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc[FreeBSD-SA-25:02.fs] | 2025-01-29 | Buffer overflow in some filesystems via NFS | https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate] | 2025-01-29 | Unprivileged access to system files | https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace] | 2025-01-29 | Uninitialized kernel memory disclosure via man:ktrace[2] | https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh] | 2025-02-21 | Multiple vulnerabilities in OpenSSH |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:01.rpc.asc[FreeBSD-EN-25:01.rpc] | 2025-01-29 | NULL pointer dereference in the NFSv4 client | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:02.audit.asc[FreeBSD-EN-25:02.audit] | 2025-01-29 | System call auditing disabled by DTrace | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:03.tzdata.asc[FreeBSD-EN-25:03.tzdata] | 2025-01-29 | Timezone database information update | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:04.tzdata.asc[FreeBSD-EN-25:04.tzdata] | 2025-04-10 | Timezone database information update | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:05.expat.asc[FreeBSD-EN-25:05.expat] | 2025-04-10 | Update expat to 2.7.1 | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:06.daemon.asc[FreeBSD-EN-25:06.daemon] | 2025-04-10 | man:daemon[8] missing signals | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:07.openssl.asc[FreeBSD-EN-25:07.openssl] | 2025-04-10 | Update OpenSSL to 3.0.16 | https://www.freebsd.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot] | 2025-04-10 | Root certificate bundle update |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes [[userland-programs]] === Userland Application Changes Fix `-U` flag of man:ps[1] to select processes by real user IDs. This is what POSIX mandates for option `-U` and arguably the behavior that most users actually need in most cases. Before, `-U` would select processes by their effective user IDs (which is the behavior mandated by POSIX for option `-u`). gitref:a2132d91739d[repository=src]. (Sponsored by The FreeBSD Foundation). Make '-O' more versatile and predictable for man:ps[1]. The man:ps[1] display's list of columns is now first built without taking into account the `-O` options. In a second step, all columns passed via `-O` are finally inserted after the built-so-far display's first PID column (if it exists, else at start), in their order of appearance as arguments to the `-O` options. gitref:1fc8cb547cd4[repository=src]. (Sponsored by The FreeBSD Foundation). Remove not-explicitly-requested columns with duplicate data in man:ps[1]. Before this change, when stacking up more columns in the display through command-line options, if user requested to add some "canned" display (through options `-j`, `-l`, `-u` or `-v`), columns in it that were "duplicates" of already requested ones (meaning that they share the same keyword, regardless of whether their headers have been customized) were in the end omitted. gitref:7aa2f4826717[repository=src]. (Sponsored by The FreeBSD Foundation). Add flags to filter jail prison and vnet variables in man:sysctl[8] output. So users do not have to contact the source code to tell whether a variable is a jail prison / vnet one or not. gitref:615c9ce250ee[repository=src]. man:grep[1] no longer follows symbolic links by default for recursive searches. This matches the documented behavior in the manual page. gitref:3a2ec5957ea9[repository=src] [[userland-contrib]] === Contributed Software llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp have been updated to llvm-project llvmorg-19.1.7-0-gcd708029e0b2(gitref:dc3f24ea8a25[repository=src]). man:zfs[8]: OpenZFS has been updated to zfs-2.2-release(2.2.7)(gitref:2ec8b6948070[repository=src]). man:xz[1] has been updated to 5.8.1(gitref:9679eedea94c[repository=src]). man:less[1] has been updated to v668(gitref:0bb4c188d363[repository=src]). man:file[1] has been updated to 5.46(gitref:71c92e6b94f0[repository=src]). man:expat[3] has been updated to 2.7.1(gitref:6f7ee9ac036e[repository=src]). `tzdata` has been updated to 2025b(gitref:475082194ac8[repository=src]). OpenSSH has been updated to 9.9p2(gitref:059b786b7db5[repository=src]). (Sponsored by The FreeBSD Foundation). OpenSSL has been updated to 3.0.16(gitref:cb29db243bd0[repository=src]). `googletest` has been updated from 1.14.0 to 1.15.2(gitref:1d67cec52542[repository=src]). One notable change is that GoogleTest 1.15.x now officially requires C++-14 (1.14.x required C++-11). `spleen` has been updated to Spleen 2.1.0(gitref:26336203d32c[repository=src]). [[userland-deprecated-programs]] === Deprecated Applications Update deprecation warning to note that man:gvinum[8] is removed in 15.0(gitref:dec497a9fcbf[repository=src]). Deprecation notice for man:syscons[4] has been added. man:syscons[4] is not compatible with UEFI, does not support UTF-8, and is Giant-locked. There is no specific timeline yet for removing it, but support for the Giant lock is expected to go away in one or two major release cycles. (gitref:8c922db4f3d9[repository=src]). (Sponsored by The FreeBSD Foundation). OpenSSH plans to remove support for the DSA signature algorithm in early 2025. man:publickey[5] stuffs has been deprecated. This uses DES and it is likely that nobody uses that in 2025. (gitref:9197c04a251b[repository=src]). [[userland-libraries]] === Runtime Libraries and API `libcxxrt` has been updated to upstream 6f2fdfebcd62(gitref:d9901a23bd2f[repository=src]). [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes Support legacy PCI hotplug on arm64. gitref:355f02cddbf0[repository=src]. (Sponsored by Arm Ltd). Define a common 'mac' node for MAC's jail parameters for man:mac[3]. To be used by man:mac_do[4]. gitref:66fb52a27279[repository=src]. (Sponsored by The FreeBSD Foundation). New `setcred()` system call and associated MAC hooks. This new system call allows to set all necessary credentials of a process in one go: Effective, real and saved UIDs, effective, real and saved GIDs, supplementary groups and the MAC label. Its advantage over standard credential-setting system calls (such as `setuid()`, `seteuid()`, etc.) is that it enables MAC modules, such as man:mac_do[4], to restrict the set of credentials some process may gain in a fine-grained manner. gitref:c1d7552dddb5[repository=src]. (Sponsored by The FreeBSD Foundation). Support multiple users and groups as single rule's targets in man:mac_do[4]. Supporting group targets is a requirement for man:mac_do[4] to be able to enforce a limited set of valid new groups passed to `setgroups()`. Additionally, it must be possible for this set of groups to also depend on the target UID, since users and groups are quite tied in UNIX (users are automatically placed in only the groups specified through '/etc/passwd' (primary group) and '/etc/group' (supplementary ones)). gitref:83ffc412b2e9[repository=src]. (Sponsored by The FreeBSD Foundation). Teach man:sysctl[8] to attach and run itself in a jail. This allows the parent jail to retrieve or set kernel state when child does not have man:sysctl[8] installed (for example light weighted OCI containers or slim jails). This is especially useful when manipulating jail prison or vnet sysctls. For example, `sysctl -j foo -Ja` or `sysctl -j foo net.fibs=2`. gitref:8d5d7e2ba3a6[repository=src]. Enable vnet man:sysctl[9] variables to be loader tunable. In gitref:3da1cf1e88f8[repository=src], the meaning of the flag `CTLFLAG_TUN` is extended to automatically check if there is a kernel environment variable which shall initialize the `SYSCTL` during early boot. It works for all `SYSCTL` types both statically and dynamically created ones, except for the `SYSCTLs` which belong to VNETs. Note that the implementation has a limitation. It behaves the same way as that of non-vnet loader tunables. That is, after the kernel or modules being initialized, any changes (for example via `kenv`) to kernel environment variable will not affect the corresponding vnet variable of subsequently created VNETs. To overcome it, `TUNABLE_XXX_FETCH` can be used to fetch the kernel environment variable into those vnet variables during vnet constructing. gitref:894efae09de4[repository=src] man:sound[4]: Allocate vchans on-demand. Refactor `pcm_chnalloc()` and merge with parts of `vchan_setnew()` (now removed) and `dsp_open()`’s channel creation into a `new dsp_chn_alloc()` function. The function is responsible for either using a free HW channel (if `vchans` are disabled), or allocating a new vchan. `hw.snd.vchans_enable` (previously `hw.snd.maxautovchans`) and `dev.pcm.X.{play|rec}.vchans` now work as tunables to only enable/disable `vchans`, as opposed to setting their number and/or (de-)allocating vchans. Since these sysctls do not trigger any (de-)allocations anymore, their effect is instantaneous, whereas before it could have frozen the machine (when trying to allocate new vchans) when setting `dev.pcm.X.{play|rec}.vchans` to a very large value. gitref:960ee8094913[repository=src]. (Sponsored by The FreeBSD Foundation). LinuxKPI: `linux_alloc_pages()` now honors `__GFP_NORETRY`. This is to fix slowdowns with drm-kmod that get worse over time as physical memory become more fragmented (and probably also depending on other factors). gitref:831e6fb0baf6[repository=src] (Sponsored by The FreeBSD Foundation). [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers man:mpi3mr[4] driver version has been updated to 8.14.0.2.0(gitref:e6d4b221ba7c[repository=src]). man:mpi3mr[4] MPI Header has been updated to Version 36. This aligns with the latest MPI specification. This includes updated structures, field definitions, and constants required for compatibility with updated firmware. (gitref:60cf1576501d[repository=src]). The man:mpi3mr[4] driver is now in GENERIC (gitref:e2b8fb2202c2[repository=src]). man:rtw88[4]: Merge Realtek's rtw88 driver based on Linux v6.14 (gitref:8ef442451791[repository=src]). (Sponsored by The FreeBSD Foundation). man:rtw89[4]: Merge Realtek's rtw89 driver based on Linux v6.14 (gitref:b6e8b845aeab[repository=src]). (Sponsored by The FreeBSD Foundation). man:iwmbtfw[4]: Add support for 9260/9560 bluetooth adaptors (gitref:8e62ae9693bd[repository=src]). Required firmware files are already included in to package:comms/iwmbt-firmware[] port. man:ena[4] driver version has been updated to v2.8.1 (gitref:a1685d25601e[repository=src]). (Sponsored by Amazon, Inc.) man:ix[4]: Add support for 1000BASE-BX SFP modules x550(gitref:24491b4acce5[repository=src]). man:bnxt[4]: Enable NPAR support on BCM57504 10/25GbE NICs. (gitref:54f842ed8897[repository=src]). man:bnxt[4]: Add 5760X (Thor2) PCI IDs support. Add Thor2 PCI IDs. (gitref:45e161020c2d[repository=src]). man:bnxt[4]: Add support for 400G speed modules (gitref:32fdad17f060[repository=src]). man:ix[4]: Add support for 1000BASE-BX SFP modules. Add support for 1Gbit BiDi modules. (gitref:c34817d9aef7[repository=src]). man:igc[4]: Fix attach for I226-K and LMVP devices. The device IDs for these were in the driver's list of PCI ids to attach to, but `igc_set_mac_type()` had never been setup to set the correct mac type for these devices. Fix this by adding these IDs to the switch block in order for them to be recognized by the driver instead of returning an error. This fixes the man:igc[4] attach for the I226-K LOM on the ASRock Z790 PG-ITX/TB4 motherboard, allowing it to be recognized and used. gitref:f034ddd2fa38[repository=src]. Remove old itr sysctl handler from man:em[4]. This implementation had various bugs. The unit conversion/scaling was wrong, and it also did not handle 82574L or man:igb[4] devices correctly. With the new AIM code, it is expected most users will not need to manually tune this. gitref:edf50670e215[repository=src] (Sponsored by BBOX.io). Added support for Brainboxes USB-to-Serial adapters in man:uftdi[4]. (gitref:47db906375b5[repository=src]) [[drivers-removals]] === Deprecated and Removed Drivers [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage Define a new `-a` command line option man:mountd[8]. When a file system was exported with the `-alldirs` flag, the export succeeded even if the directory path was not a server file system mount point. gitref:ead3cd3ef628[repository=src] Document recent file handle layout changes. gitref:ca22082c01a7[repository=src] Allow to pass `{NGROUPS_MAX} + 1` groups in man:mountd[8]. `NGROUPS_MAX` is just the minimum maximum of the number of allowed supplementary groups. The actual runtime value may be greater. Allow more groups to be specified accordingly (now that, a few commits ago, man:nmount[2] has been changed similarly). gitref:ca9614d8f64a[repository=src] (Sponsored by The FreeBSD Foundation). [[boot-loader]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. man:loader.efi[8]: Favor the v3 (64-bit) entry point in man:smbios[4]. Be consistent with what is done with non-EFI boot (but with the difference that EFI runs in 64-bit mode on 64-bit platforms, so there is no restriction that the v3 entry point should be below 4GB). gitref:807d51be8040[repository=src]. (Sponsored by The FreeBSD Foundation). man:libsa[3]: Favor the v3 (64-bit) entry point on non-EFI boot in man:smbios[4]. When both the 32-bit and 64-bit entry points are present, the SMBIOS specification says that the 64-bit entry point always has at least all the structures the 32-bit entry point refers. In other words, the 32-bit entry point is provided for compatibility, so it is assumed the 64-bit one has more chances to be filled with adequate values. gitref:93af0db0d529[repository=src] (Sponsored by The FreeBSD Foundation). man:libsa[3]: Use 64-bit entry point if table below 4GB on non-EFI boot in man:smbios[4]. On amd64, boot blocks and the non-EFI loader are 32-bit compiled as clients of BTX, so cannot access addresses beyond 4GB. However, the 64-bit entry point may refer to a structure table below 4GB, which can be used if the BIOS does not provide a 32-bit entry point. The situation is similar for powerpc64. gitref:7b0350b376c0[repository=src]. (Sponsored by The FreeBSD Foundation). Search for v3 (64-bit) entry point first on BIOS boot in man:smbios[4]. When booted from BIOS (i.e., not EFI), also search for a 64-bit version of the SMBIOS Entry Point. This allows to detect and report the proper SMBIOS version with BIOSes that only provide the v3 table, as happens on Hetzner virtual machines. For machines that provide both, leverage the v3 table in priority consistently with the EFI case. gitref:145ef4af15f0[repository=src]. (Sponsored by The FreeBSD Foundation). [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network Teach man:ip6addrctl[8] to attach and run itself in a jail. This will make it easier to manage address selection policies of vnet jails, especially for those light weighted OCI containers or slim jails. gitref:b709f7b38cc4[repository=src] Convert `PF_DEFAULT_TO_DROP` into a vnet loader tunable 'net.pf.default_to_drop' for man:pf[4]. gitref:7f7ef494f11d[repository=src] introduced a compile time option `PF_DEFAULT_TO_DROP` to make the man:pf[4] default rule to drop. While this change exposes a vnet loader tunable 'net.pf.default_to_drop' so that users can change the default rule without re-compiling the man:pf[4] module. gitref:3965be101c43[repository=src] [[wireless-networking]] === Wireless Networking The LinuxKPI, particularly for 802.11, has been enhanced to support crypto offload and 802.11n and 802.11ac standards. The man:iwlwifi[4] wireless driver is the first to make use of these new features supporting 802.11ac for some Intel Wi-Fi 5, and all of Intel Wi-Fi 6 and Wi-Fi 7 hardware. (Sponsored by The FreeBSD Foundation) The man:rtw88[4] driver was made to work (associate) again and a memory leak got resolved. (Sponsored by The FreeBSD Foundation) Following other drivers man:iwlwififw[4] firmware was removed from the base system in favor of the ports based solution and man:fwget[8] support. (Sponsored by The FreeBSD Foundation) [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[hardware-virtualization]] === Virtualization Support Several bug fixes and configuration changes collectively allow device hotplug on both x86 and arm64 ("Graviton") EC2 instances. Users upgrading EC2 instances from earlier FreeBSD releases should set `hw.pci.intx_reroute=0` and `debug.acpi.quirks="56"` in `/boot/loader.conf`. [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages Refer to man:graid[8] and man:zfs[8] instead of man:gvinum[8] in man:ccdconfig[8]). (gitref:55cb3a33d920[repository=src]). man:ps[1]: Document change in behavior for `-a`/`-A`. Document the practical consequence of change gitref:93a94ce731a8[repository=src] that specifying `-a`/`-A` leads to printing all processes regardless of the presence of other process selection options (except for `-x`/`-X`, which command a filter). gitref:eed005b57895[repository=src]. (Sponsored by The FreeBSD Foundation). man:ps[1]: Change in behavior for option `-U`. gitref:4e4739dd0745[repository=src] (Sponsored by The FreeBSD Foundation). man:ps[1]: Change of how current user's processes are matched. gitref:7219648f60d1[repository=src]. (Sponsored by The FreeBSD Foundation). man:ps[1]: Match current user's processes using effective UID. This puts man:ps[1] of FreeBSD in conformance with POSIX. gitref:1e8dc267ca91[repository=src]. (Sponsored by The FreeBSD Foundation). man:mac_do[4]: Change of rules syntax; Provide hints and pointers. gitref:0c3357dfa18f[repository=src]. (Sponsored by The FreeBSD Foundation). man:firewire[4]: Add deprecation notice. This was originally discussed as part of FreeBSD 15 planning, but did not happen in time. Add the deprecation notice now, with an expectation that it will be removed before FreeBSD 16. gitref:fc889167c319[repository=src]. (Sponsored by The FreeBSD Foundation). The ethernet switch controllers, man:mtkswitch[4], man:ip17x[4], man:ar40xx[4], and man:e6000sw[4] have gained initial manual pages. man:mount[8] has gained an example for remounting all filesystems read/write in single-user mode. Manual pages for the lua man:loader[8] modules have had their desctiptions reworded to optimize man:apropos[1] results. The manual pages style guide, man:style.mdoc[5], has gained a section for listing supported hardware. When listed this way, the supported hardware will be listed in link:https://www.freebsd.org/releases/{localRel}R/hardware[the supported hardware notes]. Many manuals have had this section added or reworded in this release. Much work has gone into adding man:sysctl[8]s and environment variables to the manual. Try searching for them with `apropos Va=here.is.the.sysctl` or `apropos Ev=here_is_the_environment_variable`. The man:intro[5] to the File Formats manual has been revised, incorporating improvements from OpenBSD. [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. A new `FreeBSD-kmods` repository is included in the default `/etc/pkg/FreeBSD.conf` man:pkg[8] configuration file. This repository contains kernel modules compiled specifically for {releaseCurrent} rather than for the {releaseBranch} branch. Installing kernel modules from this repository allows drivers with unstable kernel interfaces, in particular graphics drivers, to work even when the main {releaseBranch} repository has packages build on a previous release. (gitref:a47542f71511[repository=src]). [[ports-packages]] === Packaging Changes [[future-releases]] == General Notes Regarding Future FreeBSD Releases FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. The FreeBSD Project expects to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. However, the Project also anticipates that armv7 may be removed in FreeBSD 16.0. The Project will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD 14.0-RELEASE. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of 14.0-RELEASE in November 2023, support for deprecated 32-bit platforms will end in November 2028. The Project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms. diff --git a/website/content/en/releases/14.4R/relnotes.adoc b/website/content/en/releases/14.4R/relnotes.adoc index ed8d16c9ec..c96dad6033 100644 --- a/website/content/en/releases/14.4R/relnotes.adoc +++ b/website/content/en/releases/14.4R/relnotes.adoc @@ -1,200 +1,200 @@ --- title: "FreeBSD 14.4-RELEASE Release Notes" sidenav: download --- :localRel: 14.4 :releaseCurrent: 14.4-RELEASE :releaseBranch: 14-STABLE :releasePrev: X.Y-RELEASE :releaseNext: X.Y-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |No advisories. | | |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |No notices. | | |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes [[userland-programs]] === Userland Application Changes [[userland-contrib]] === Contributed Software [[userland-deprecated-programs]] === Deprecated Applications [[userland-libraries]] === Runtime Libraries and API [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers [[drivers-removals]] === Deprecated and Removed Drivers [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[hardware-virtualization]] === Virtualization Support [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes [[future-releases]] == General Notes Regarding Future FreeBSD Releases diff --git a/website/content/en/releases/15.0R/relnotes.adoc b/website/content/en/releases/15.0R/relnotes.adoc index ea669f7352..5f08dde520 100644 --- a/website/content/en/releases/15.0R/relnotes.adoc +++ b/website/content/en/releases/15.0R/relnotes.adoc @@ -1,1712 +1,1712 @@ --- title: "FreeBSD 15.0-RELEASE Release Notes" sidenav: download --- :localRel: 15.0 :releaseCurrent: 15.0-RELEASE :releaseBranch: 15-STABLE :releasePrev: 14.0-RELEASE :releaseNext: 15.1-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 2 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. toc::[] [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[upgrade-fu]] === Upgrading from Distribution Sets Binary upgrades between snapshots and RELEASE versions are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. [[upgrade-rc]] === Upgrading from Packages [IMPORTANT] ==== For users of PRERELEASE, ALPHA, and BETA builds of FreeBSD 15.0, due to late-breaking changes in FreeBSD.org infrastructure, it is not possible to upgrade directly using the man:pkg[8] utility. ==== Packaged base system installations require either manually copying the required files from a source tree checkout of the `15.0-RELEASE` tag, or alternatively, force-install the `FreeBSD-pkg-bootstrap` package from the official release base system packages. The recommended, and most secure approach, is using the source tree checkout of any of head, stable/15, or releng/15.0 branches after 2025-11-27 22:00 UTC. .... # cp /usr/src/usr.sbin/pkg/FreeBSD.conf.quarterly-release \ /etc/pkg/FreeBSD.conf # cp -R /usr/src/share/keys/pkgbase-15 /usr/share/keys/pkgbase-15 .... Users who do not have up to date sources installed may use a less secure, but simpler approach, validating the checksums after installation. As these are architecture-independent files, the checksums will match on all platforms. The FreeBSD-base package repository will need to be enabled before upgrading via man:pkg[8]: .... # pkg add -f https://pkg.freebsd.org/FreeBSD:15:$(uname -p)/base_release_0/FreeBSD-pkg-bootstrap-15.0.pkg # sha256 -r /etc/pkg/FreeBSD.conf /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 \ /usr/share/keys/pkgbase-15/trusted/awskms-15 /usr/share/keys/pkgbase-15/trusted/backup-signing-15 ab261a3b84ffc11654ac0bafbb7d6b3f1b6afc30bfabab3bcff64259678eac26 /etc/pkg/FreeBSD.conf 036ae4f9c441a3febb41734bbb37227ec3374edd3c6c687e5cb70d580efbea30 /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 529c79e85a6ca152faa9d57ead85fe0111ffada8d0a0fa2f11fc510999fa50df /usr/share/keys/pkgbase-15/trusted/awskms-15 c368ec8d05654bdaad34742c1d75b9b150bfc3892838cef32f6e5b036b0c0605 /usr/share/keys/pkgbase-15/trusted/backup-signing-15 # mkdir -p /usr/local/etc/pkg/repos # echo "FreeBSD-base: { enabled: yes }" > /usr/local/etc/pkg/repos/FreeBSD.conf .... [[upgrade-mk]] === Upgrading from Source Source-based upgrades from previous versions are supported via compiling the releng/15.0 branch. Refer to the instructions in [.filename]#/usr/src/UPDATING#. [[security-errata]] == Included Security Fixes and Errata Patches This section lists the various Security Advisories and Errata Notices since {releasePrev} that have been addressed in {releaseCurrent}. [[security]] === Fixed Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-SA-23:17.pf.asc[FreeBSD-SA-23:17.pf] |05 December 2023 |TCP spoofing vulnerability in man:pf[4] |https://www.freebsd.org/security/advisories/FreeBSD-SA-23:18.nfsclient.asc[FreeBSD-SA-23:18.nfsclient] |12 December 2023 |NFS client data corruption and kernel memory disclosure |https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc[FreeBSD-SA-23:19.openssh] |19 December 2023 |Prefix Truncation Attack in the SSH protocol |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:01.bhyveload.asc[FreeBSD-SA-24:01.bhyveload] |14 February 2024 |man:bhyveload[8] host file access |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:02.tty.asc[FreeBSD-SA-24:02.tty] |14 February 2024 |man:jail[2] information leak |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:03.unbound.asc[FreeBSD-SA-24:03.unbound] |28 March 2024 |Multiple vulnerabilities in unbound |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh] |01 July 2024 |OpenSSH pre-authentication remote code execution |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf] |07 August 2024 |pf incorrectly matches different ICMPv6 states in the state table |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace] |07 August 2024 |man:ktrace[2] fails to detach when executing a setuid binary |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient] |07 August 2024 |NFS client accepts file names containing path separators |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh] |07 August 2024 |OpenSSH pre-authentication async signal safety issue |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv] |04 September 2024 |Multiple vulnerabilities in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via TPM device passthrough |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] |04 September 2024 |Multiple issues in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via USB controller |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] |04 September 2024 |Possible DoS in X.509 name checks in OpenSSL |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |04 September 2024 |umtx Kernel panic or Use-After-Free |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |man:bhyve[8] out-of-bounds read access via XHCI emulation |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:17.bhyve.asc[FreeBSD-SA-24:17.bhyve] |29 October 2024 |Multiple issues in the bhyve hypervisor |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc[FreeBSD-SA-24:18.ctl] |29 October 2024 |Unbounded allocation in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:19.fetch.asc[FreeBSD-SA-24:19.fetch] |29 October 2024 |Certificate revocation list man:fetch[1] option fails |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc[FreeBSD-SA-25:01.openssh] |29 January 2025 |OpenSSH Keystroke Obfuscation Bypass |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc[FreeBSD-SA-25:02.fs] |29 January 2025 |Buffer overflow in some filesystems via NFS |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate] |29 January 2025 |Unprivileged access to system files |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace] |29 January 2025 |Uninitialized kernel memory disclosure via man:ktrace[2] |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh] |21 February 2025 |Multiple vulnerabilities in OpenSSH |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:06.xz.asc[FreeBSD-SA-25:06.xz] |02 July 2025 |Use-after-free in multi-threaded xz decoder |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc[FreeBSD-SA-25:07.libarchive] |08 August 2025 |Integer overflow in libarchive leading to double free |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:08.openssl.asc[FreeBSD-SA-25:08.openssl] |30 September 2025 |Multiple vulnerabilities in OpenSSL |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:09.netinet.asc[FreeBSD-SA-25:09.netinet] |22 October 2025 |`SO_REUSEPORT_LB` breaks man:connect[2] for UDP sockets |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:10.unbound.asc[FreeBSD-SA-25:10.unbound] |26 November 2025 |Cache poison in local-unbound service |=== [[errata]] === Patched Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:15.sanitizer.asc[FreeBSD-EN-23:15:sanitizer] |01 December 2023 |Clang sanitizer failure with ASLR enabled |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:16.openzfs.asc[FreeBSD-EN-23:16:openzfs] |01 December 2023 |OpenZFS data corruption |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:17.ossl.asc[FreeBSD-EN-23:17:ossl] |05 December 2023 |man:ossl[4]'s AES-GCM implementation may give incorrect results |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:18.openzfs.asc[FreeBSD-EN-23:18:openzfs] |05 December 2023 |High CPU usage by ZFS kernel threads |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:19.pkgbase.asc[FreeBSD-EN-23:19:pkgbase] |05 December 2023 |Incorrect pkgbase version number for FreeBSD {releasePrev}. |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:20.vm.asc[FreeBSD-EN-23:20:vm] |05 December 2023 |Incorrect results from the kernel physical memory allocator |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:21.tty.asc[FreeBSD-EN-23:21:tty] |24 November 2023 |man:tty[4] IUTF8 causes a kernel panic |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:22.vfs.asc[FreeBSD-EN-23:22:vfs] |05 December 2023 |ZFS snapshot directories not accessible over NFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:01.tzdata.asc[FreeBSD-EN-24:01:tzdata] |14 February 2024 |Timezone database information update |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:02.libutil.asc[FreeBSD-EN-24:02:libutil] |14 February 2024 |Login class resource limits and CPU mask bypass |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:03.kqueue.asc[FreeBSD-EN-24:03:kqueue] |14 February 2024 |man:kqueue_close[2] page fault on exit using man:rfork[2] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:04.ip.asc[FreeBSD-EN-24:04:ip] |14 February 2024 |Kernel panic triggered by man:bind[2] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:05.tty.asc[FreeBSD-EN-24:05:tty] |28 March 2024 |TTY Kernel Panic |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:06.wireguard.asc[FreeBSD-EN-24:06:wireguard] |28 March 2024 |Insufficient barriers in WireGuard man:if_wg[4] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:07.clang.asc[FreeBSD-EN-24:07:clang] |28 March 2024 |Clang crash when certain optimization is enabled |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:08.kerberos.asc[FreeBSD-EN-24:08:kerberos] |28 March 2024 |Kerberos segfaults when using weak crypto |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:09.zfs.asc[FreeBSD-EN-24:09:zfs] |24 April 2024 |High CPU usage by kernel threads related to ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSD-EN-24:10:zfs] |19 June 2024 |Kernel memory leak in ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11:ldns] |19 June 2024 |LDNS uses nameserver commented out in resolv.conf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12:killpg] |19 June 2024 |Lock order reversal in killpg causing livelock |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libc%2B%2B.asc[FreeBSD-EN-24:13:libc++] |19 June 2024 |Incorrect size passed to heap allocated std::string delete |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14:ifconfig] |07 August 2024 |Incorrect ifconfig netmask assignment |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15:calendar] |04 September 2024 |man:cron[8] / man:periodic[8] session login |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16:pf] |19 September 2024 |Incorrect ICMPv6 state handling in pf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:17.pam_xdg.asc[FreeBSD-EN-24:17:pam_xdg] |20 October 2024 |XDG runtime directory's file descriptor leak at login |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:01.rpc.asc[FreeBSD-EN-25:01.rpc] |29 January 2025 | NULL pointer dereference in the NFSv4 client |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:02.audit.asc[FreeBSD-EN-25:02.audit] |29 January 2025 |System call auditing disabled by DTrace |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:03.tzdata.asc[FreeBSD-EN-25:03.tzdata] |29 January 2025 |Timezone database information update |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:04.tzdata.asc[FreeBSD-EN-25:04.tzdata] |10 April 2025 |Timezone database information update |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:05.expat.asc[FreeBSD-EN-25:05.expat] |10 April 2025 |Update expat to 2.7.1 |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:06.daemon.asc[FreeBSD-EN-25:06.daemon] |10 April 2025 |man:daemon[8] missing signals |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:07.openssl.asc[FreeBSD-EN-25:07.openssl] |10 April 2025 |Update OpenSSL to 3.0.16 |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot] |10 April 2025 |Root certificate bundle update |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:09.libc.asc[FreeBSD-EN-25:09:libc] |02 July 2025 |Dynamically-loaded C++ libraries crashing at exit |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:10.zfs.asc[FreeBSD-EN-25:10:zfs] |02 July 2025 |Corruption in ZFS replication streams from encrypted datasets |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:11.ena.asc[FreeBSD-EN-25:11:ena] |02 July 2025 |`ena` resets and kernel panic on Nitro v4 or newer instances |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:12.efi.asc[FreeBSD-EN-25:12:efi] |08 August 2025 |man:bsdinstall[8] not copying the correct loader on systems with IA32 UEFI firmware. |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:13.wlan_tkip.asc[FreeBSD-EN-25:13:wlan_tkip] |08 August 2025 |net80211 TKIP crypto support fails for some drivers |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:14.route.asc[FreeBSD-EN-25:14:route] |08 August 2025 |man:route[8] monitor buffers too much when redirected to a file |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:15.arm64.asc[FreeBSD-EN-25:15:arm64] |16 September 2025 |arm64 man:syscall[2] allows unprivileged user to panic kernel |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:16.vfs.asc[FreeBSD-EN-25:16:vfs] |16 September 2025 |man:copy_file_range[2] fails to set output parameters |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:17.bnxt.asc[FreeBSD-EN-25:17:bnxt] |16 September 2025 |man:bnxt[4] fails to set media type in some cases |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc[FreeBSD-EN-25:18:freebsd-update] |30 September 2025 |man:freebsd-update[8] installs libraries in incorrect order |=== [[architectures]] == Architectures The venerable 32-bit hardware platforms i386, armv6, and 32-bit powerpc have been retired. 32-bit application support lives on via the 32-bit compatibility mode in their respective 64-bit platforms. The armv7 platform remains as the last supported 32-bit platform. We thank them for their service. [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes The Kerberos v5 Authentication Service, man:krb5kdc[8], has gained a new `kdc_restart` variable under man:daemon[8]. Set `kdc_restart="YES"` in man:rc.conf[5] to auto restart kdc on abnormal termination. Set `kdc_restart_delay="N"` to the number of seconds to delay before restarting the kdc. gitref:abc4b3088941[repository=src] The `daily` man:periodic[8] scripts now show less context in emails by default to reduce output size. The behavior can be controlled by the `daily_diff_flags` variable in man:periodic.conf[5]. Similarly, the changes shown by the security scripts show less context than previously, controlled by the `security_status_diff_flags` variable in man:periodic.conf[5]. gitref:538994626b9f[repository=src], gitref:37dc394170a5[repository=src], gitref:128e78ffb084[repository=src] The man:bsnmpd[1] daemon no longer supports legacy UDP transport. Users, that have not updated their `/etc/snmpd.config` since 12.0-RELEASE or older will need to merge in the new configuration. In particular, the transport definition shall be changed from `begemotSnmpdPortStatus` OID to `begemotSnmpdTransInetStatus`. gitref:9ba51cce8bbd[repository=src] The `FreeBSD-base` repository is now defined in `/etc/pkg/FreeBSD.conf`, disabled by default. Systems which installed with pkgbase prior to 15.0-RC1 (if running `releng/15.0`) or November 15th (if running from `stable`/`main` snapshots) will need to remove the definition of the `FreeBSD-base` repository from `/usr/local/etc/pkg/repos/` and replace it with a single line `FreeBSD-base: { enabled: yes }`. gitref:5d832135a971[repository=src] The man:powerd[8] utility is now enabled in `/etc/rc.conf` by default on images for the arm64 Raspberry Pi's (`arm64-aarch64-RPI` files). This prevents the CPU clock from running slow all the time. gitref:4347ef60501f[repository=src] [[userland-programs]] === Userland Application Changes The man:adduser[8] utility, used by man:bsdinstall[8], will now create a ZFS dataset for a new user's home directory if the parent directory resides on a ZFS dataset. A command-line option is available to disable use of a separate dataset. ZFS encryption is also available. gitref:516009ce8d38[repository=src] The man:date[1] program now supports nanoseconds. For example: `date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and `date +%N` prints "415050400". gitref:eeb04a736cb9[repository=src] {{< sponsored "Klara, Inc." >}} The man:dtrace[1] utility can now generate machine-readable output in JSON, XML, and HTML using man:libxo[3]. gitref:aef4504139a4[repository=src] {{< sponsored "Innovate UK" >}} The man:lastcomm[1] utility now displays timestamps with a precision of seconds. gitref:692c0a2e80c1[repository=src] {{< sponsored "DSS Gmbh" >}} The man:ldconfig[8] utility now supports hints files of either byte order. The default format is the native byte-order of the host. gitref:fa7b31166ddb[repository=src] The man:usbconfig[8] utility now reads the descriptions of usb vendor and products from [.filename]#/usr/share/misc/usb_vendors# when available, similar to what man:pciconf[8] does. gitref:7b9a772f9f64[repository=src] The man:env[1] utility has gained an option to change the directory, which closely resembles the feature in the GNU version of env, although it does not support long options. gitref:08e8554c4a39[repository=src] {{< sponsored "Klara, Inc." >}} The man:ps[1] utility now automatically removes canned displays' columns that contain same data as some explicitly-requested columns. Before this change, if some user requested to add some "canned display" (options `-j`, `-l`, `-u` or `-v`), columns in it that were duplicates of explicitly-requested ones earlier on the command line were omitted, but this did not work the other way around, when a canned display appears before explicitly-requested columns. Additionally, columns with different keywords but which are aliases to the same keyword are now also considered holding the same data, in addition to columns having the same keyword. gitref:cd768a840644[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:ps[1] utility's `-O` option is now more versatile and predictable. The man:ps[1] display's list of columns is now first built without taking into account the `-O` options. In a second step, all columns passed via `-O` are finally inserted after the built-so-far display's first PID column (if it exists, else at start), in their order of appearance as arguments to the `-O` options. gitref:5dad61d9b949[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:ps[1] utility's `-a` and `-A` options now always show all processes. When combined with other options affecting the selection of processes, except for `-X` and `-x`, option `-a` would have no effect (and `-A` would reduce to just `-x`). This was in contradiction with the rule applying to all other selection options stating that one process is listed as soon as any of these options has been specified and selects it, which is both mandated by POSIX and arguably a natural expectation. As a practical consequence, specifying `-a` or `-A` now causes all processes to be listed regardless of other selection options such as `-U`, `-p`, `-G`, etc., except for the `-X` and `-x` filter options, which continue to apply. In particular, to list only processes from specific jails, one must not use `-a` with `-J`. Option `-J`, contrary to its apparent initial intent, never worked as a filter in practice, except by accident with only `-a` due to the bug. gitref:93a94ce731a8[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:ps[1] utility now matches current user's processes using the effective user ID. Previously, we would match using the real user ID. This puts man:ps[1] in conformance with POSIX on that topic. gitref:1aabbb25c9f9c4372[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:ps[1] utility's `-U` flag now selects processes by real user IDs. This is what POSIX mandates for option `-U` and arguably the behavior that most users actually need in most cases. Before, `-U` would select processes by their effective user IDs (which is the behavior mandated by POSIX for option `-u`). gitref:995b690d1398[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:sysctl[8] utility has gained flags to filter jail prison and vnet variables, so users do not have to contact the source code to tell whether a variable is a jail prison / vnet one or not. gitref:615c9ce250ee[repository=src] The man:grep[1] utility no longer follows symbolic links by default for recursive searches. This matches the documented behavior in the manual page. gitref:fc12c191c087[repository=src] The man:mdo[1] utility now supports fully specifying all users and groups in the target credentials. As a convenience, in addition to a full explicit specification, it allows starting from a baseline providing default values for all attributes, which is either the login credentials from some user in the password database or the current credentials, and then amending these attributes selectively. The manual page has been updated to describe the new options and their interactions. gitref:4ffcb1a4a99c[repository=src] {{< sponsored "The FreeBSD Foundation" >}} {{< sponsored "Google LLC (GSoC 2025)" >}} When booting in single-user mode, man:init[8] now changes the working directory to `/root`, using `/` only as a fallback. The `/.profile` link to `/root/.profile` is no more installed. gitref:b4b91207ab6f[repository=src], gitref:ca771d7ae527[repository=src] The deprecated man:ftpd[8] has been removed from the base system. Users who still need it can install the `ftp/freebsd-ftpd` port. gitref:259bb93b80c0[repository=src] The Kerberos v5 database administration program learned how to dump the Heimdal KDC database in a format which can be loaded into the MIT KDC. See https://wiki.freebsd.org/Kerberos/Heimdal2MIT_KDC_Migration for how to use `kadmin -l dump -f` to transfer/convert the KDC database. gitref:9fd3b28d4e0d[repository=src], gitref:23fbea8cf2f3[repository=src] The man:bsdconfig[8] and man:bsdinstall[8] utilities now use man:bsddialog[1] instead of GNU dialog. gitref:c36b3dbc99d1[repository=src], gitref:04b465777a09[repository=src] The man:jail[8] command now supports the `zfs.dataset` parameter to attach a list of ZFS datasets to a jail. gitref:e0dfe185cbca[repository=src] The man:jail[8] command now supports meta and env parameters, which are arbitrary strings associated with a jail. These parameters can be used to tag jails with specific metadata, or to pass information securely to be accessed inside a jail. They can be added at jail creation, or modified later using man:jail[8]. gitref:30e6e008bc06[repository=src] {{< sponsored "SkunkWerks, GmbH" >}} The `rc.d/jail` startup script now supports the legacy variable `jail_${jailname}_zfs_dataset` to allow unmaintained jail managers like `ezjail` to leverage the new `zfs.dataset` feature (see above). gitref:0b49e504a32d[repository=src] The man:newsyslog[8] utility now supports specifying a global compression method directly at the beginning of the `newsyslog.conf` file. All historical compression flags (`J`, `X`, `Y`, `Z`) then behave as indicating "treat the file as compressible" instead of "compress the file with that specific method.". The following methods are available: * `none`: Never compress. * `legacy`: Historical behavior (`J`=bzip2, `X`=xz, `Y`=zstd, `Z`=gzip). * `bzip2`, `xz`, `zstd`, `gzip`: Apply the specified compression method. gitref:61174ad88e33[repository=src], gitref:906748d208d3[repository=src], gitref:39d668f1e09e[repository=src] [[userland-contrib]] === Contributed Software One True Awk (man:awk[1]) has been updated to 2nd Edition, with new -csv support and UTF-8 support. The snapshot used is 20250804. gitref:b45a181a74c8[repository=src] {{< sponsored "Netflix" >}} The system reference manual toolchain, man:mandoc[1], has been updated to version 1.14.6 snapshot 2025-09-26. This version includes improved compatibility with groff and DocBook, improved html and markdown output, and the deprecation of the LIBRARY section. gitref:c1c95add8c80[repository=src], gitref:80c12959679a[repository=src], gitref:4c07abdbacf4[repository=src], gitref:06410c1b5163[repository=src], gitref:59fc2b0166f7[repository=src] The man:jemalloc[3] library has been updated to version 5.3.0. gitref:c43cad871720[repository=src] The man:bmake[1] build system has been upgraded to 20250804, providing many debugging improvements, bug fixes such as detecting and rejecting `gmake` syntax, and feature improvements such as a floating point argument to `-j` being used as a multiple of the number of cpus available. The man:sendmail[8] suite has been upgraded to version 8.18.1, addressing CVE-2023-51765. gitref:58ae50f31e95[repository=src] The man:bc[1] calculator has been upgraded to 7.1.0. gitref:fdc4a7c8012b[repository=src] The `blacklist` suite has been renamed upstream to `blocklist`. Existing setups will continue to work emitting a warning. The snapshot used is 20251026. gitref:4afb96fdd272[repository=src] The man:bsddialog[1] utility has been upgraded to 1.0.5. gitref:0595e10ec773[repository=src] The man:byacc[1] parser generator has been upgraded to 20240109. gitref:822ca3276345[repository=src] The `libarchive` library has been upgraded to 3.8.2. gitref:8a0b57ba54f0[repository=src] The `libcbor` library has been upgraded to 0.11.0. gitref:1755b9daa693[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The `libcxxrt` library has been upgraded to vendor snapshot 6f2fdfebcd62. gitref:d0dcee46d971[repository=src] The `libfido2` library has been upgraded to 1.14.0. gitref:128bace5102e[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The `libpcap` library has been upgraded to 1.10.5. gitref:26f21a6494b4[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:ncurses[3] library has been upgraded to 6.5. gitref:21817992b331[repository=src] The man:tcpdump[1] utility has been upgraded to 4.99.5. gitref:ec3da16d8bc1[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The `unbound` DNS validating resolver has been upgraded to 1.24.1. gitref:a988846174e0[repository=src] The `llvm` compiler infrastructure has been upgraded to 19.1.7-0-gcd708029e0b2. gitref:dc3f24ea8a25[repository=src] The OpenZFS filesystem has been updated to zfs-2.4.0-rc4. gitref:7b5b0f43eb06[repository=src] The man:xz[1] data compressors have been updated to 5.8.1. gitref:128836d304d9[repository=src] The man:less[1] pager has been updated to v679. gitref:76bafc906926[repository=src] The man:file[1] identifier has been updated to 5.46. gitref:ae316d1d1cff[repository=src] The man:zlib[3] data compression library has been updated to 1.3.1. gitref:6255c67c3d1a[repository=src] The Time Zone Database, `tzdata`, has been updated to 2025b. gitref:475082194ac8[repository=src] OpenSSH has been updated to 10.0p2. .gitref:8e28d84935f2[repository=src] {{< sponsored "The FreeBSD Foundation" >}} OpenSSL has been updated to 3.5.4. gitref:c0366f908ff4[repository=src] Lua has been updated to 5.4.8. gitref:3068d706eabe[repository=src] {{< sponsored "Netflix" >}} The Google Test C++ testing framework has been updated to 1.15.2. One notable change is that GoogleTest 1.15.x now officially requires C++-14 (1.14.x required C++-11). gitref:1d67cec52542[repository=src] The `spleen` man:vt[4] console font has been updated to version 2.1.0. gitref:26336203d32c[repository=src] MIT KRB5 1.22.1 Kerberos replaces Heimdal 1.5.2 by default. Heimdal 1.5.2 can still be built using the `WITHOUT_MITKRB5` flag. Heimdal Kerberos will be entirely removed in FreeBSD 16. See also the note about the `-f` flag to `kadmin -l dump` under section <>. gitref:ee3960cba106[repository=src], gitref:0b9a631e0724[repository=src], gitref:60f970b85e44[repository=src], gitref:0d1496f0f1e7[repository=src], gitref:cbb6e747af98[repository=src], gitref:0559f30a882d[repository=src], gitref:ae07a5805b19[repository=src], gitref:f58febc4cefa[repository=src], gitref:805498e49ae4[repository=src], gitref:4cb1baa7d85c[repository=src], gitref:188138106b9f[repository=src], gitref:4680e7fcc70a[repository=src], gitref:e447c252d0ec[repository=src], gitref:5f8493bbf479[repository=src], gitref:110111a6cca1[repository=src], gitref:2a454b05f2c1[repository=src], gitref:98d46e05ab08[repository=src], gitref:6b28571cb6ba[repository=src], gitref:ca9ccf0ce9ad[repository=src], gitref:b98d0566b2bd[repository=src], gitref:fb1ccc04adfe[repository=src], gitref:dd0ec030f8fd[repository=src], gitref:6c4771c73470[repository=src], gitref:7b68893ffa9b[repository=src], gitref:624b7beed5ac[repository=src], gitref:04764f21855a[repository=src], gitref:73ed0c7992fd[repository=src], gitref:40a5abfc3f66[repository=src], gitref:543b875a8ee4[repository=src], gitref:c791ea80b5f7[repository=src], gitref:383e7290c0b5[repository=src], gitref:9a726ef24134[repository=src], gitref:a245dc5d68c7[repository=src], gitref:e26259f48afe[repository=src], gitref:7d2cfb27d62f[repository=src], gitref:619feb9dd00e[repository=src], gitref:10eecc467f32[repository=src], gitref:0c13e9c3c464[repository=src], gitref:89c82750da1a[repository=src], gitref:18a870751b03[repository=src], gitref:ce9c325a2e92[repository=src], gitref:cb3eac927b5d[repository=src], gitref:5105e1ebecc7[repository=src], gitref:b9b0e105c357[repository=src], gitref:929f5966a9fd[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:rtw88[4] driver has been updated to Linux v6.17. A possible issue that devices cannot authenticate is still being investigated. gitref:c1d365f39e08[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:rtw89[4] driver has been updated to Linux v6.17. The driver is under-tested and may still have issues. gitref:b35044b38f74[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:iwlwifi[4] driver has been updated to Linux v6.17. The BE200 based chipsets will need newer firmware requiring further driver fixes which are not in this release. gitref:69caa1cf3ce5[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[userland-libraries]] === Runtime Libraries and API The man:setusercontext[3] routine in `libutil` will now set the process priority (nice) from the [.filename]#.login.conf# file from the home directory under appropriate conditions, as well as the system man:login.conf[5]. The priority can now have the value `inherit`, indicating that the priority should be unchanged from that of the parent process. Similarly, the umask can have the value `inherit`. gitref:c328e6c6ccaa[repository=src], gitref:d162d7e2ad32[repository=src], gitref:f2a0277d3e51[repository=src] {{< sponsored "Kumacom SAS" >}} Many string and memory operations in the C library now use SIMD (single instruction multiple data) extensions for improved performance when available on amd64 systems; see man:simd[7]. {{< sponsored "The FreeBSD Foundation" >}} There is now a much better implementation of the 128-bit `tgammal` function in the math library, man:math[3], on platforms that support it. gitref:8df6c930c151[repository=src] man:fma[3] now returns correctly-signed zero when provided certain small inputs (as observed in the Python test suite). gitref:dc39004bc670[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The `cap_rights_is_empty` function has been added. It reports whether a `cap_rights_t` has no rights set. gitref:e77813f7e4a3[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `libcxxrt` has been updated to upstream 6f2fdfebcd62. gitref:d9901a23bd2f[repository=src] The accuracy of man:asinf[3] and man:acosf[3] has improved. gitref:33c82f11c267[repository=src] The man:setgroups[2] and man:getgroups[2] system calls and the man:initgroups[3] library function have been changed to avoid setting or reporting the effective group ID, now only concerning themselves with the supplementary groups. The main purpose of this change is to avoid security issues going forward by becoming compatible with Linux/glibc, OpenBSD, NetBSD and illumos-based systems. Consequently, almost all portable applications should already be compliant with this new behavior and will continue to work correctly or even get fixed in the process (see, e.g., gitref:239e8c98636a[repository=src] for an example affecting OpenSSH). However, out of caution, porters, system administrators and users are advised to audit their applications using man:setgroups[2], man:getgroups[2] and man:initgroups[3], watching out for the following points. Applications must be using man:setgid[2] or man:setegid[2] in addition to man:setgroups[2] or man:initgroups[3] to set the effective group ID. They must not treat the first element of the array returned by man:getgroups[2] specially, but instead as any other supplementary group. For more information, please consult the SECURITY CONSIDERATIONS sections that have been added to the man:setgroups[2], man:getgroups[2] and man:initgroups[3] manual pages. Compatibility system calls and library functions have been provided so that binaries and libraries compiled on FreeBSD 14 systems or earlier will continue to work exactly as before. gitref:9da2fe96ff2e[repository=src], gitref:8878569103a3[repository=src], gitref:7132fb5edbc9[repository=src], gitref:2932e6f59bff[repository=src], gitref:8878569103a3[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `libc` contains compatibility functions enabling running executables/libraries compiled for older versions of FreeBSD. Those that are themselves using compatibility system calls would not reference them correctly, causing misbehavior at runtime. This has been fixed. gitref:47f5f89dbd27[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:readdir_r[3] function is deprecated and may be removed in future releases. Using it in a program will result in compile-time and link-time warnings. gitref:2bd157bc732a[repository=src] {{< sponsored "Klara, Inc." >}} The runtime linker man:rtld[1] has grown support for the static linker flag specified by `-z initfirst`. gitref:78aaab9f1cf359f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[userland-misc]] === Miscellaneous The Gallant font for man:vt[4] has been updated with more than 4300 new glyphs, including support for Greek, Cyrillic, International Phonetic Association Extensions, Extended Latin characters, Zapf Dingbats, Tons of arrows, Tons of mathematical symbols, Letterlike symbols and enclosed alphanumerics, Pixel-perfect box drawing, Currency symbols, More punctuation, Just enough Katakana to say コンニチハ, Powerline glyphs in the Private Use Area at U+e0a0. gitref:9e8c1ab0976c[repository=src] Unicode support has been updated to 16.0.0 and CLDR to 45.0.0. gitref:ddfc6f84f242[repository=src] [[userland-deprecated-programs]] === Deprecated Applications man:fdisk[8] has been deprecated in favor of man:gpart[8] for a long time but has not been removed, running this application will show a warning to migrate to man:gpart[8]. gitref:3958be5c29da[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Deprecation notice for man:syscons[4] has been added. man:syscons[4] is not compatible with UEFI, does not support UTF-8, and is Giant-locked. There is no specific timeline yet for removing it, but support for the Giant lock is expected to go away in one or two major release cycles. gitref:8c922db4f3d9[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The `shar` utility has been removed. It lives on as a port at package:sysutils/freebsd-shar[]. gitref:3fde39073c72[repository=src] The cryptographically weak DSA signature algorithm was removed from OpenSSH, following upstream. The man:publickey[5] database has been removed, This uses DES and we hope that nobody uses that in 2025. gitref:9197c04a251b[repository=src] [[cloud]] == Cloud Support This section covers changes in support for cloud environments. {releaseCurrent} supports cloudinit, including the `nuageinit` startup script and support for a `config-drive` partition. It is compatible with OpenStack and many hosting facilities. See the https://cloud-init.io[cloud-init] web site and the commit messages, gitref:16a6da44e28d[repository=src] gitref:227e7a205edf[repository=src] {{< sponsored "OVHcloud" >}} Basic Cloudinit images no longer generate RSA host keys by default for SSH. gitref:b22be3bbb2de[repository=src] The FreeBSD project is now publishing OCI-compatible container images. gitref:8a688fcc242e[repository=src] The FreeBSD project is now publishing Oracle Cloud Infrastructure images. See the link:https://cloudmarketplace.oracle.com/marketplace/app/freebsd-release[Oracle Cloud Infrastructure FreeBSD Listing] for more information. gitref:77b296a2582b[repository=src] The "shutdown" and "reboot" API in the Amazon EC2 cloud now work for arm64 ("Graviton") instances. gitref:28b881840df7[repository=src] {{< sponsored "Amazon" >}} Several bug fixes and configuration changes collectively allow device hotplug on both x86 and arm64 ("Graviton") EC2 instances. gitref:ce9a34b1614e[repository=src] gitref:55c3348ed78f[repository=src] gitref:d70bac252d30[repository=src] {{< sponsored "Amazon" >}} Users upgrading EC2 instances from earlier FreeBSD releases should set `hw.pci.intx_reroute=0` and `debug.acpi.quirks="56"` in `/boot/loader.conf`. The FreeBSD project now publishes "small" EC2 images; these are the "base" images minus debug symbols, tests, 32-bit libraries, the LLDB debugger, the Amazon SSM Agent, and the AWS CLI. gitref:953142d6baf3[repository=src] {{< sponsored "Amazon" >}} The FreeBSD project now publishes "builder" EC2 images; these boot into a memory disk and extract a clean "base" image onto the root disk (mounted at `/mnt`) to be customized before creating an AMI. gitref:584265890303[repository=src] {{< sponsored "Amazon" >}} FreeBSD "base" EC2 images now boot up to 76% faster than corresponding {releasePrev} images, with the largest improvements found on arm64 ("Graviton") instances. EC2 AMIs no longer generate RSA host keys by default for SSH. RSA host key generation can be re-enabled by setting `sshd_rsa_enable="YES"` in `/etc/rc.conf` if it is necessary to support very old SSH clients. gitref:0aabcd75dbc2[repository=src] {{< sponsored "Amazon" >}} FreeBSD {releaseCurrent} now supports Google Cloud Compute Engine C4 machines. gitref:7b32f4f0a7fe[repository=src] {{< sponsored "Google" >}} [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes ktrace(2) will now record detailed information about capability mode violations. The kdump(1) utility has been updated to display such information. gitref:9bec84131215[repository=src], gitref:96c8b3e50988[repository=src], gitref:05296a0ff616[repository=src], gitref:6a4616a529c1[repository=src], gitref:0cd9cde767c3[repository=src], gitref:aa32d7cbc92c[repository=src] FreeBSD now natively implements the Linux man:inotify[2] interface. The system calls themselves are not API-compatible, but libc provides an API-compatible interface, so software which relies on inotify can be run unmodified. gitref:f1f230439fa4[repository=src], {{< sponsored "Klara, Inc." >}} The `fpu_kern_enter` and `fpu_kern_leave` routines have been implemented for powerpc, allowing the use of man:ossl[4] crypto functions in the kernel that use floating point and vector registers. gitref:91e53779b4fc[repository=src] Support legacy PCI hotplug on arm64. gitref:355f02cddbf0[repository=src]. {{< sponsored "Arm Ltd" >}} Jails can now be accessed via jail descriptors in man:jail_set[2] and man:jail_get[2], as well as the new `jail_attach_jd(2)` and `jail_remove_jd(2)` syscalls. They allow manipulation of jails through the file descriptor interface without the race conditions inherent in jail IDs, and can also optionally control jail lifetime. gitref:851dc7f859c2[repository=src] Jails and jail descriptors now have associated man:kevent[2] filters that allow tracking jail creation, changes, attachment, and removal. gitref:1bd74d201a53[repository=src] gitref:9d7f89ef2607[repository=src] A new common 'mac' node for MAC modules' jail parameters has been created. All future MAC modules' jail parameters will appear under this node. See man:mac[4] for an introduction to MAC. First consumer is man:mac_do[4]. gitref:5041b20503db[repository=src], gitref:f3a06ced2568[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:mac_do[4] is now considered production-ready, after a number of important fixes. gitref:bbf8af664dc9[repository=src], gitref:292c814931d9[repository=src], gitref:53d2e0d48549[repository=src], gitref:add521c1a5d2[repository=src], gitref:2a20ce91dc29[repository=src], gitref:fa4352b74580[repository=src], gitref:3d8d91a5b32c[repository=src], gitref:8f7e8726e3f5[repository=src], gitref:89958992b618[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:mac_do[4] now supports changing rules within jails with the `security.mac.do.rules` man:sysctl[8] knob. gitref:b3f93680e39b[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Introduce the man:setcred[2] system call and associated MAC hooks. This new system call allows to set all necessary credentials of a process in one go: Effective, real and saved user IDs, effective, real and saved group IDs, supplementary groups and the MAC label. Besides providing atomicity, its advantage over standard credentials-setting system calls, such as `setuid()`, `seteuid()`, etc., is that it enables MAC modules, such as man:mac_do[4], to restrict the set of credentials some process may gain in a fine-grained manner, as they can now see the final desired state and compare it with the initial one. gitref:ddb3eb4efe55[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Support multiple users and groups as single rule's targets in man:mac_do[4]. Supporting group targets is a requirement for man:mac_do[4] to be able to enforce a limited set of valid new groups in the target credentials and to allow group-only credentials transitions. The allowed groups are tied to one or multiple user IDs. Multiple users and groups in a rule's target part are treated as alternatives (inclusive disjunction), except for the clauses expressing the mandatory presence or absence of a supplementary group. The rules syntax has been changed incompatibly, but migrating existing rules is just a matter of adding `uid=` in front of the target part, substituting commas (`,`) with semi-colons (`;`) and colons (`:`) with greater-than signs (`>`). Please consult the man:mac_do[4] manual page for more information. gitref:83ffc412b2e9[repository=src], gitref:8f7e8726e3f5[repository=src], gitref:f01d26dec67f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Teach man:sysctl[8] to attach and run itself in a jail. This allows the parent jail to retrieve or set kernel state when child does not have man:sysctl[8] installed (for example light weighted OCI containers or slim jails). This is especially useful when manipulating jail prison or vnet sysctls. For example, `sysctl -j foo -Ja` or `sysctl -j foo net.fibs=2`. gitref:8d5d7e2ba3a6[repository=src]. Enable vnet man:sysctl[9] variables to be loader tunable. In gitref:3da1cf1e88f8[repository=src], the meaning of the flag `CTLFLAG_TUN` is extended to automatically check if there is a kernel environment variable which shall initialize the `SYSCTL` during early boot. It works for all `SYSCTL` types both statically and dynamically created ones, except for the `SYSCTLs` which belong to VNETs. Note that the implementation has a limitation. It behaves the same way as that of non-vnet loader tunables. That is, after the kernel or modules being initialized, any changes (for example via `kenv`) to kernel environment variable will not affect the corresponding vnet variable of subsequently created VNETs. To overcome it, `TUNABLE_XXX_FETCH` can be used to fetch the kernel environment variable into those vnet variables during vnet constructing. gitref:894efae09de4[repository=src] man:sound[4]: Allocate vchans on-demand. Refactor `pcm_chnalloc()` and merge with parts of `vchan_setnew()` (now removed) and `dsp_open()`’s channel creation into a `new dsp_chn_alloc()` function. The function is responsible for either using a free HW channel (if `vchans` are disabled), or allocating a new vchan. `hw.snd.vchans_enable` (previously `hw.snd.maxautovchans`) and `dev.pcm.X.{play|rec}.vchans` now work as tunables to only enable/disable `vchans`, as opposed to setting their number and/or (de-)allocating vchans. Since these sysctls do not trigger any (de-)allocations anymore, their effect is instantaneous, whereas before it could have frozen the machine (when trying to allocate new vchans) when setting `dev.pcm.X.{play|rec}.vchans` to a very large value. gitref:960ee8094913[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} The `hw.snd.version` man:sysctl[8] knob was removed. gitref:7398d1ece5cf[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The `unit.*` code in man:sound[4] was retired, and as part of that the `hw.snd.maxunit` man:loader[8] tunable was removed. gitref:25723d66369f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Gradual slowdowns and freezes experienced by owners of some AMD GPUs using the amdgpu DRM driver from the `drm-kmod` ports, starting with v5.15 (`graphics/drm-515-kmod` port), have been fixed. In particular, owners of graphics cards with Green Sardine, Polaris 10 and 20 and Vega chips were known to be affected. Recent Intel-based GPUs (gen 13+) may also have been affected. gitref:718d1928f874[repository=src], gitref:4ca9190251bb[repository=src], gitref:986edb19a49c[repository=src], gitref:9d1f3ce79d85[repository=src], gitref:da257e519bc0[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The code iterating over memory domains (NUMA) was improved and fixed in a number of ways, resulting in particular in decreased latency for some graphical operations with DRM drivers. gitref:da257e519bc0[repository=src], gitref:83ad6d8d8eee[repository=src], gitref:b15ff7214020[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The effective group ID is now stored in the new `cr_gid` field of `struct cred` and has been removed as the first element of `cr_groups[]`, which now only contains the supplementary groups. All downstream and out-of-tree modules using `cr_groups[0]` must be fixed to use `cr_gid` instead, and surrounding code that loops on `cr_groups[]` elements excluding `cr_groups[0]`, i.e., that intends to act on supplementary groups only, also needs to be adjusted as now supplementary groups start at `&cr_groups[0]` instead of `&cr_groups[1]`. Code that needs to be portable to both 15.0 and earlier versions can use `cr_gid`, which existed also previously as a macro, and can test the truth value of `&cr_groups[0] != &cr_gid` to know how to browse the supplementary groups adequately. gitref:be1f7435ef218b1df35[repository=src] {{< sponsored "the FreeBSD Foundation" >}} [[kernel-architecture-specific]] === Architecture-Specific Changes On amd64, FreeBSD now supports more than 4TB of RAM on modern machines that have the LA57 CPU feature. gitref:d390633cf8cf[repository=src] {{< sponsored "the FreeBSD Foundation" >}} On amd64, handling of the `%fsbase`/`%gsbase` registers and tls base were reworked, making it more useful for apps that directly manipulate CPU context. gitref:68ba38dad3[repository=src] {{< sponsored "the FreeBSD Foundation" >}} [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers The man:tty[4] terminal interface now has the `IUTF8` flag, which enables proper UTF-8 backspacing handling, set by default, suiting the default UTF-8 locale. gitref:bb830e346bd5[repository=src] A driver is available for man:ice[4] Ethernet network controllers in the Intel E800 series, which support 100 Gb/s operation. It was upgraded to version 1.43.2-k. gitref:38a1655adcb3[repository=src] {{< sponsored "Intel Corporation" >}} Numerous stability improvements have gone into the man:iwlwifi[4] driver for Intel Wi-Fi devices. {{< sponsored "The FreeBSD Foundation" >}} Multiple PCI MCFG regions are now supported on amd64, allowing PCI configuration space access for domains (segments) other than 0. gitref:4b5f64408804[repository=src] The man:smsc[4] Ethernet driver can now fetch the value of `smsc95xx.macaddr` passed by some Raspberry Pi models and use it for the MAC address. It always uses a stable MAC address even if there is no address in EEPROM. gitref:028e4c6548e4[repository=src] The `snd_clone` framework has been removed from the sound subsystem, including related sysctls, simplifying the system. The per-channel nodes ([.filename]#/dev/dspX.Y#) are no longer created, just the primary device ([.filename]#/dev/dspX#). gitref:e6c51f6db8d7[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Audio now supports asynchronous device detach. This greatly simplifies hot plugging and unplugging of things such as USB headsets, and eases use of PulseAudio in cases that require operating system sleep and wake (suspend and resume). gitref:d692c314d29a[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `ice_ddp` has been upgraded to 1.3.41.0. gitref:a9d78bb714e3[repository=src] {{< sponsored "Intel Corporation" >}} Tiger Lake-H support has been added to the man:hda[4] driver. gitref:dbb6f488df6e[repository=src] Meteor Lake support has been added to the man:ichsmb[4] driver. gitref:14c22e28e4ee[repository=src] {{< sponsored "Framework Computer Inc" >}} {{< sponsored "The FreeBSD Foundation" >}} Meteor Lake support has been added to the man:ig4[4] driver. gitref:56f0fc0011c2[repository=src] Support for Realtek 8156/8156B has been moved from man:cdce[4] to man:ure[4] for improved performance and reliability. gitref:630077a84186[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Support for ACPI GPIO _AEI objects has been added. gitref:1db6ffb2a482[repository=src] {{< sponsored "Amazon" >}} man:nvme[4] and man:nvmecontrol[8] have been enabled on all architectures. gitref:24687a65dd7f[repository=src], gitref:aba2d7f89dcf[repository=src] {{< sponsored "Chelsio Communications and Netflix" >}} man:mpi3mr[4] driver version has been updated to 8.14.0.2.0. gitref:e6d4b221ba7c[repository=src] man:mpi3mr[4] MPI Header has been updated to Version 36. This aligns with the latest MPI specification. This includes updated structures, field definitions, and constants required for compatibility with updated firmware. gitref:60cf1576501d[repository=src] The man:mpi3mr[4] driver is now in GENERIC. gitref:e2b8fb2202c2[repository=src] man:iwmbtfw[4]: Add support for 9260/9560 bluetooth adapters. Required firmware files are already included in to package:comms/iwmbt-firmware[] port. gitref:8e62ae9693bd[repository=src] man:ena[4] driver version has been updated to v2.8.1. gitref:a1685d25601e[repository=src] {{< sponsored "Amazon, Inc." >}} man:bnxt[4]: Enable NPAR support on BCM57504 10/25GbE NICs. gitref:54f842ed8897[repository=src] man:bnxt[4]: Add 5760X (Thor2) PCI IDs support. Add Thor2 PCI IDs. gitref:45e161020c2d[repository=src] man:bnxt[4]: Add support for 400G speed modules. gitref:32fdad17f060[repository=src] man:ix[4]: Add support for 1000BASE-BX SFP modules. Add support for 1Gbit BiDi modules. Add support for Intel Ethernet Network Adapter E610. gitref:89d4096950c4[repository=src] gitref:dea5f973d0c8[repository=src] man:igc[4]: Fix attach for I226-K and LMVP devices. The device IDs for these were in the driver's list of PCI ids to attach to, but `igc_set_mac_type()` had never been setup to set the correct mac type for these devices. Fix this by adding these IDs to the switch block in order for them to be recognized by the driver instead of returning an error. This fixes the man:igc[4] attach for the I226-K LOM on the ASRock Z790 PG-ITX/TB4 motherboard, allowing it to be recognized and used. gitref:f034ddd2fa38[repository=src]. Remove old itr sysctl handler from man:em[4]. This implementation had various bugs. The unit conversion/scaling was wrong, and it also did not handle 82574L or man:igb[4] devices correctly. With the new AIM code, it is expected most users will not need to manually tune this. gitref:edf50670e215[repository=src] {{< sponsored "BBOX.io" >}} Added support for Brainboxes USB-to-Serial adapters in man:uftdi[4]. gitref:47db906375b5[repository=src] The man:iwx[4] driver has been added, supporting the Intel Wi-Fi 6 series of M.2 wireless network adapters. gitref:2ad0f7e91582[repository=src] {{< sponsored "The FreeBSD Foundation" >}} A new cellular modem driver supports USB network devices implementing the Mobile Broadband Interface Model (MBIM): man:umb[4]. The accompanying man:umbctl[8] tool is used to display or set MBIM cellular modem interface parameters (4G/LTE). gitref:0f1bf1c22a0c[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:smbios[4] now searches for the SMBIOS v3 (64-bit) entry point first also if booted from BIOS. This allows to detect and report the proper SMBIOS version with BIOSes that only provide the v3 table, as happens on Hetzner virtual machines. For machines that provide both, leverage the v3 table in priority consistently with the case of EFI boot. gitref:bc7f6508363c[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:usbhid[4] driver is now enabled by default, and is used in preference to other USB HID drivers like man:ukbd[4], man:ums[4], and man:uhid[4]. Supported device classes now include: - Absolute‐positioning mice in virtualized environments via man:hms[4] - Digitizers and stylus devices via man:hpen[4] - Compound HID devices, such as keyboards and mice that share a single USB interface - Special keyboard function keys (volume, brightness, etc.) via man:hcons[4] and man:hsctrl[4] - Game controllers, including Xbox 360 and PS4 gamepads via man:xb360gp[4] and man:ps4dshock[4], and generic controllers via man:hgame[4] - Raw HID devices via man:hidraw[4] FIDO/U2F security tokens continue to be supported through the autoloaded man:u2f[4] driver. Device names and protocol handling for these devices are unchanged. gitref:74072e9f16c1[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:udbc[4] driver has been added enabling host side debugging of targets using xHC debug. gitref:d566b6a70bcb[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:ufshci[4] driver has been added, supporting Universal Flash Storage (UFS) host controllers. gitref:1349a733cf28[repository=src] {{< sponsored "Samsung Electronics" >}} The man:mlx5[4] driver now supports inline IPSEC offload on Nvidia ConnectX-6+ network cards, leveraging the new in-kernel IPSEC offload infrastructure. gitref:e23731db48ef[repository=src] {{< sponsored "NVIDIA networking" >}} Support for the watchdog timer in Intel 6300ESB I/O controller hub has been included in the man:ichwd[4] driver. This is intended primarily for QEMU users, where that watchdog timer serves as the default and only one for x86 virtual machines. gitref:2b74ff5fceb6623f6[repository=src] The man:qat[4] driver has grown support for the 402xx device with ID 0x4944/0x4945. gitref:138e36514fe8[repository=src] {{< sponsored "Intel Corporation" >}} [[drivers-removals]] === Deprecated and Removed Drivers The man:agp[4] bus driver has been deprecated and planned for removal in FreeBSD 16.0. gitref:92af7c97e197[repository=src] gitref:cadadd1a0398[repository=src] The IBM PC floppy disk controller, man:fdc[4], and related utilities have been deprecated and planned for removal in FreeBSD 16.0. gitref:4c736cfc69a7[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:firewire[4] bus and related drivers have been deprecated and planned for removal in FreeBSD 16.0. gitref:fc889167c319[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:le[4] Ethernet driver has been deprecated and planned for removal in FreeBSD 16.0. gitref:e4d6433e9c03[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:syscons[4] has been planned for removal in future releases, and has been noted as deprecated in the manual pages to notify users to migrate to man:vt[4]. gitref:2bc5b1d60512[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:upgt[4] USB 802.11g driver has been deprecated and planned for removal in FreeBSD 16.0. gitref:7f8a5c5a1585[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage Add Solaris style extended attributes (called named attributes in NFSv4). At this time, only ZFS, specifically filesystem datasets that have their `xattr` property set to `dir`, and NFSv4 support them. The attributes are presented in a directory as regular files. See man:named_attribute[7] for more information. gitref:2ec2ba7e232d[repository=src], gitref:df58e8b1506f[repository=src], gitref:f61844833ee8[repository=src], gitref:b1b607bd200f[repository=src], gitref:ee95e4d02dbd[repository=src] Add support for accessing remote NVMe over Fabrics controllers over the TCP transport. New commands added to man:nvmecontrol[8] are used to establish connections to remote controllers. Once connections are established they are handed off to the man:nvmf[4] kernel module which creates `nvme__X__` devices and exports remote namespaces as man:nda[4] disks. gitref:a1eda74167b5[repository=src], gitref:1058c12197ab[repository=src] {{< sponsored "Chelsio Communications" >}} Add support for exporting namespaces to remote NVMe over Fabrics hosts over the TCP transport. The man:nvmft[4] kernel module adds a new frontend to the CAM target layer which exports man:ctl[4] LUNs as NVMe namespaces to remote hosts. The man:ctld[8] daemon now supports NVMe controllers in addition to iSCSI targets and is responsible for accepting incoming connection requests and handing off connected queue pairs to man:nvmft[4]. gitref:a15f7c96a276[repository=src], gitref:66b5296f1b29[repository=src] {{< sponsored "Chelsio Communications" >}} Add support for dynamically resizing NVMe namespaces. The man:nvd[4] and man:nda[4] drivers now notify geom of sizes changes in real time. gitref:86d3ec359a56[repository=src] {{< sponsored "Netflix" >}} [[storage-nfs]] === NFS The default value of the `nfs_reserved_port_only` man:rc.conf[5] setting has changed. The FreeBSD NFS server now requires the source port of requests to be in the privileged port range (i.e., ≤ 1023), which generally requires the client to have elevated privileges on their local system. The previous behavior can be restored by setting `nfs_reserved_port_only=NO` in man:rc.conf[5]. gitref:6d5ce2bb6344[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Define a new `-a` command line option man:mountd[8] that prevents exporting a file system with the `-alldirs` flag if the directory path is not a server file system mount point. gitref:07cd69e272da[repository=src] The layout of NFS file handles for the man:tarfs[4], man:tmpfs[4], man:cd9660[4], and man:ext2fs[4] file systems has changed. An NFS server that exports any of these file systems will need its clients to unmount and remount the exports. gitref:4db1b113b151[repository=src], gitref:1ccbdf561f41[repository=src], gitref:205659c43d87[repository=src], gitref:cf0ede720391[repository=src], gitref:8ae6247aa966[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:mountd[8] server has been modified to use man:strunvis[3] to decode directory names in man:exports[5] file(s). This allows special characters, such as blanks, to be embedded in the directory name. `vis -M` may be used to encode such directory names; see man:vis[1]. gitref:2c83f1ada435[repository=src] Allow to specify as many groups as configured to be supported by the system in `-maproot` or `-mapall` options in man:exports[5]. Previously, the cap was `NGROUPS_MAX + 1`, where `NGROUPS_MAX` is just the minimum maximum of the number of allowed supplementary groups. Now use the proper `{NGROUPS_MAX} + 1` value, with `{NGROUPS_MAX}` being fetched at runtime via man:sysconf[3]. gitref:e87848a8150e[repository=src] {{< sponsored "The FreeBSD Foundation" >}} New man:sysctl[8] variables have been added under `kern.rpc.unenc` and `kern.rpc.tls`, which allow an NFS server administrator to determine how much NFS-over-TLS is being used. A large number of failed handshakes might indicate an NFS configuration problem. gitref:b8e137d8d32d[repository=src] The utilization of NFSv4.1/4.2 delegations was improved when the `nocto` mount option is used. This requires an up-to-date NFSv4.1/4.2 server with delegations enabled. For example, when building a FreeBSD kernel with both `src` and `obj` NFSv4 mounted, the total RPC count drops from 5461286 to 945643, with a 20% drop in elapsed time. gitref:171f66b0c2ca[repository=src], gitref:50e733f19b37[repository=src] New support for the NFSv4.2 Clone operation, which uses block cloning to "copy on write" files on an NFS server. This only works for exported ZFS file systems that have block cloning enabled, at this time. gitref:cce64f2e6851[repository=src] [[storage-ufs]] === UFS Soft updates are now enabled by default when creating a new UFS file system with man:newfs[8]. gitref:6b2af2d88ffd[repository=src] Reliability of UFS on volumes with more than 2G of inodes is significantly improved. The underlying issue was the invalid interpretation of the 32-bit inode number as signed, which got sign-extended into `ino_t`. gitref:c069ca085bd1[repository=src], gitref:e36f069ecb47[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106. This affects only filesystems with old UFS1 format. See the commit message for details. gitref:1111a44301da[repository=src] [[storage-zfs]] === ZFS Add support to `VOP_COPY_FILE_RANGE()` for block cloning. At this time, ZFS is the only local file system that supports this and only if block cloning is enabled. NFSv4.2 also supports it. See `pathconf(2)` and `copy_file_range(2)` for more information. gitref:37b2cb5ecb0f[repository=src] [[storage-geom]] === GEOM Support for vinum volumes has been removed. gitref:f87bb5967670[repository=src], gitref:e51036fbf3f8[repository=src] [[boot-loader]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. The ASCII man:loader[8] art may once again be enabled on graphical systems via an optional `loader_gfx` variable in man:loader.conf[5]. gitref:bef6d85b6de5[repository=src] The man:loader[8] now reads local configuration files listed in the variable `local_loader_conf_files` after other configuration files, defaulting to [.filename]#/boot/loader.conf.local#. gitref:a25531db0fc2[repository=src] The man:loader[8] can now be configured to read specific configuration files based on the planar maker, planar product, system product and uboot m_product variables from the SMBIOS. For the moment, the best documentation is the git commit message, gitref:3eb3a802a31b[repository=src]. Console detection in man:loader[8] has been improved on EFI systems. If there is no ConOut variable, ConIn is checked. If multiple devices are found, serial is preferred. gitref:20a6f4779ac6[repository=src] {{< sponsored "Netflix" >}} Frame buffer support in man:loader[8] can now use a text-only video driver, resulting in space savings. gitref:57ca2848c0aa[repository=src] {{< sponsored "Netflix" >}} The detection of ACPI is now done earlier in man:loader.efi[8] on arm64 systems. The copy of [.filename]#loader.efi# on the EFI partition should be updated on arm64 systems using ACPI. gitref:05cf4dda599a[repository=src] gitref:16c09de80135[repository=src] The LinuxBoot loader can be used to boot FreeBSD from Linux on aarch64 and amd64. gitref:46010641267[repository=src] {{< sponsored "Netflix" >}} The BIOS boot loader added back support for gzip and bzip2, but removed support for graphics mode (by default) to address size problems. (The EFI boot loader is unchanged with support for all of those.) gitref:4d3b05a8530e[repository=src] {{< sponsored "Netflix" >}} The BIOS boot loader can now use the SMBIOS v3 (64-bit) entry point if its table is below 4GB. The BIOS boot loader is compiled 32-bit as a client of BTX even on amd64, so cannot access addresses beyond 4GB. However, the 64-bit entry point may refer to a structure table below 4GB, which can be used if the BIOS does not provide a 32-bit entry point, as happens on Hetzner virtual machines. gitref:7f005c6699f4[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The BIOS boot loader now favors the SMBIOS v3 (64-bit) entry point. When both the 32-bit and 64-bit entry points are present, the SMBIOS specification says that the 64-bit entry point always has at least all the structures the 32-bit entry point refers to. In other words, the 32-bit entry point is provided for compatibility, so it is assumed the 64-bit one has more chances to be filled with adequate values. gitref:3f744fb8b2c5[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The EFI boot loader now favors the SMBIOS v3 (64-bit) entry point, consistently with what is done with BIOS boot. There is a difference though: As the EFI loader runs in 64-bit mode on 64-bit platforms, there is no restriction that the v3 entry point's structure table should be below 4GB. gitref:96f77576e9ea[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network FreeBSD now implements the `SO_SPLICE` interface, originally from OpenBSD. This features allows userspace applications to splice two connected TCP sockets together, after which data arriving on one socket is automatically forwarded through the socket to which it is spliced, instead of being delivered to the application. gitref:a1da7dc1cdad[repository=src] {{< sponsored "Klara, Inc." >}} {{< sponsored "Stormshield" >}} ARP (man:arp[4]) support for 802-standard networks has been restored; it had been accidentally removed with FDDI support. (This is different than the Ethernet standard encapsulation.) gitref:d776dd5fbd48[repository=src] It is possible to build a kernel with IPv6 support (INET6) without IPv4 (INET). gitref:6df9fa1c6b83[repository=src] and others The netgraph man:ng_ipfw[4] module no longer truncates cookies to 16 bits, allowing a full 32 bits. gitref:dadf64c5586e[repository=src] AIM (Adaptive Interrupt Moderation) support has been added to the man:igc[4] driver. gitref:472a0ccf847a[repository=src] {{< sponsored "Rubicon Communications, LLC (\"Netgate\") and BBOX.io" >}} This feature has also been added to the man:lem[4], man:em[4] and man:igb[4] drivers. A major regression in UDP performance introduced in FreeBSD 12.0, including NFS over UDP, is believed to be fixed with this change. gitref:49f12d5b38f6[repository=src] {{< sponsored "Rubicon Communications, LLC (\"Netgate\") and BBOX.io" >}} Teach man:ip6addrctl[8] to attach and run itself in a jail. This will make it easier to manage address selection policies of vnet jails, especially for those light weighted OCI containers or slim jails. gitref:b709f7b38cc4[repository=src] The man:pf[4] packet filter has learned a new runtime man:loader.conf[5] tunable, 'net.pf.default_to_drop', as well as a compile time option, `PF_DEFAULT_TO_DROP`, making the default rule to drop. gitref:7f7ef494f11d[repository=src], gitref:3965be101c43[repository=src] A new man:pf[4] route-to pool option "prefer-ipv6-nexthop" allows for routing IPv4 packets over IPv6 gateways. gitref:65c318630123[repository=src] gitref:d2761422eb0a[repository=src] {{< sponsored "InnoGames GmbH" >}} man:pf[4] now supports the OpenBSD style NAT syntax. It is possible to use "nat-to", "rdr-to" and "binat-to" on "pass" and "match" rules. The old "nat on ..." syntax can still be used. gitref:e0fe26691fc9[repository=src] {{< sponsored "InnoGames GmbH" >}} The man:pfsync[4] protocol has been updated to synchronize multiple missing attributes. This fixes synchronizing of states with route-to, af-to, rtable, dummynet, tags, and scrub options. If synchronization with an older version of FreeBSD is needed the protocol version can be configured with `ifconfig pfsync0 version $VERSION` where $VERSION is 1301 for 13.X relases or 1400 for 14.X. It defaults to 1500 for synchronization between hosts running FreeBSD 15.0. gitref:99475087d63b[repository=src] {{< sponsored "InnoGames GmbH" >}} Kernel TLS support is now enabled by default in `GENERIC` (default) kernels for aarch64, amd64, powerpc64, and powerpc64le. gitref:b2f7c53430c3[repository=src] {{< sponsored "Chelsio Communications" >}} The `net.inet.{tcp,udp,raw}.bind_all_fibs` tunables have been added. They default to 1 for backwards compatibility. Setting them to 0 modifies the corresponding protocol's socket behavior such that packets not originating from an interface in the same FIB as the socket are ignored. In this case, TCP and UDP sockets belonging to different FIBs may also be bound to the same address. The default behavior is unmodified. gitref:5dc99e9bb985[repository=src], gitref:08e638c089ab[repository=src], gitref:4009a98fe80b[repository=src] {{< sponsored "Klara, Inc." >}} {{< sponsored "Stormshield" >}} Making a connection to `INADDR_ANY`, i.e., using it as an alias for `localhost`, is now disabled by default. This functionality can be re-enabled by setting the `net.inet.ip.connect_inaddr_wild` sysctl to 1. gitref:cd240957d7ba[repository=src] {{< sponsored "The FreeBSD Foundation" >}} New in-kernel inline IPSEC offload infrastructure. See also the note about the man:mlx5[4] driver supporting it. gitref:ef2a572bf6[repository=src] {{< sponsored "NVIDIA networking" >}} A new man:ngctl[8] flag, `-j`, allows it to attach and run inside a jail, making it possible to manipulate netgraph nodes in a jail even if man:ngctl[8] is not installed inside it. gitref:72d01e62b082[repository=src] man:sockstat[4] will show UDP-Lite endpoints by default. gitref:978615d7bf7c[repository=src] Kernel compatibility code supporting man:ipfw[8] binaries from FreeBSD 7 and 8 has been removed. gitref:660255be1ed9[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[network-protocols]] === Network Protocols Lots of improvements to the network stack, including performance improvements and bug fixes for the man:sctp[4] stack. Descriptors returned by man:sctp_peeloff[2] now inherit Capsicum capability man:rights[4] from the parent socket. gitref:ae3d7e27abc9[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The default value of the sysctl variable `net.inet.tcp.nolocaltimewait` has changed from 1 to 0. This means that FreeBSD does not skip the `TIME_WAIT` state anymore for endpoints for which the remote address is local. The new sysctl variable `net.inet.tcp.msl_local` can be used to control the time these endpoints stay in the `TIME_WAIT` state. The sysctl variable `net.inet.tcp.nolocaltimewait` is deprecated and intended to be removed in FreeBSD 16. gitref:c3fc0db3bc50[repository=src] {{< sponsored "Netflix" >}} The local stream (AF_UNIX/SOCK_STREAM) and sequenced packet stream (AF_UNIX/SOCK_SEQPACKET) sockets have been improved for better bulk transfer and round trip times. The SOCK_SEQPACKET socket has been brought to the specification and now behaves as a true stream socket, while in previous FreeBSD releases it could exhibit features of a datagram socket. Applications that were using SOCK_SEQPACKET incorrectly and relied on old implementation bugs may need to be adjusted. gitref:d15792780760[repository=src] [[wireless-networking]] === Wireless Networking The LinuxKPI 802.11 compatibility layer man:linuxkpi_wlan[4] gained support for the Galois/Counter Mode Protocol (GCMP) from man:wlan_gcmp[4]. {{< sponsored "The FreeBSD Foundation" >}} Following other drivers man:iwlwififw[4] firmware was removed from the base system in favor of the ports based solution and man:fwget[8] support. In case of updating from earlier releases, users must install the firmware packages upfront. {{< sponsored "The FreeBSD Foundation" >}} The man:iwlwifi[4] wireless driver supports 802.11ac (VHT) for some Intel Wi-Fi 5, and all of Intel Wi-Fi 6 and Wi-Fi 7 hardware. {{< sponsored "The FreeBSD Foundation" >}} The man:iwx[4] wireless driver supports 802.11ac (VHT) for Intel Wi-Fi 6 hardware. {{< sponsored "The FreeBSD Foundation" >}} The man:rtwn[4] wireless driver supports 802.11ac (VHT) for the RTL8812A and RTL8821A chipsets. The man:rtw89[4] wireless driver supports 802.11g for some Realtek Wi-Fi 6 and Wi-Fi 7 hardware. gitref:a2d1e07f6451[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[hardware-virtualization]] === Virtualization Support man:bhyve[8] and man:vmm[4] now support the arm64 and riscv platforms. The `sysutils/u-boot-bhyve-arm64` and `sysutils/u-boot-bhyve-riscv` ports provide boot loaders for use on these platforms. gitref:47e073941f4e[repository=src] gitref:d3916eace506[repository=src] {{< sponsored "Arm Ltd" >}} {{< sponsored "Innovate UK" >}} {{< sponsored "The FreeBSD Foundation" >}} {{< sponsored "University Politehnica of Bucharest" >}} man:bhyve[4] now supports a "slirp" networking backend, which enables unprivileged user networking. Currently only inbound connections to the guest are supported, outbound connections from the guest are not. This feature requires the `net/libslirp` port. gitref:c5359e2af5ab[repository=src] {{< sponsored "Innovate UK" >}} man:bhyve[4] now may configure a NUMA topology for guest memory. Furthermore, it is possible to define a man:domainset[9] policy for each guest NUMA domain, wherein the host memory used to back the guest physical memory of each guest NUMA domain can be specified, akin to man:cpuset[1]'s `-n` option. This is supported only for amd64 guests for now. gitref:f1d705d4f431[repository=src] The VNC server in man:bhyve[8] will now show the correct colors when using the package:www/novnc[] client. gitref:f9e09dc5b1d5[repository=src] When running man:bhyve[8] guests with a boot ROM, i.e., bhyveload(8) is not used, bhyve now assumes that the boot ROM will enable PCI BAR decoding. This is incompatible with some boot ROMs, particularly outdated builds of `edk2-bhyve`. To restore the old behavior, add `pci.enable_bars='true'` to your bhyve configuration. Note that the `uefi-edk2-bhyve` package has been renamed to `edk2-bhyve`. gitref:e962b37bf0ff[repository=src] {{< sponsored "Innovate UK" >}} amd64 man:bhyve[8]'s `lpc.bootrom` and `lpc.bootvars` options are deprecated. Use the top-level `bootrom` and `bootvars` options instead. gitref:43caa2e805c2[repository=src] {{< sponsored "Innovate UK" >}} The NVMM hypervisor is now detected. gitref:34f40baca641[repository=src] Under Hyper-V, TLB flushes are now performed using hypercalls rather than IPIs, providing up to a 40% improvement in TLB performance. gitref:7ece5993b787[repository=src] {{< sponsored "Microsoft" >}} [[linuxulator]] === Linux Binary Compatibility The `AT_NO_AUTOMOUNT` flag is now ignored for all Linuxulator stat() variants (as the behavior specified by the flag already matches FreeBSD's), improving Linux application compatibility. gitref:99d3ce80ba07[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The Linux man:inotify[2] system calls are now implemented in the Linuxulator. {{< sponsored "Klara, Inc." >}} [[multimedia]] == Multimedia Many improvements to the audio stack including support for hot-swapping in man:mixer[8], and the addition of man:mididump[1]. gitref:cf9d2fb18433[repository=src] {{< sponsored "The FreeBSD Foundation" >}} gitref:7224e9f2d4af[repository=src] {{< sponsored "The FreeBSD Foundation" >}} A new utility man:sndctl[8] has been added to concentrate the various interfaces for viewing and manipulating audio device settings (sysctls, `/dev/sndstat`), into a single utility with a similar control-driven interface to that of `mixer(8)`. gitref:44e5a0150835[repository=src], gitref:9a37f1024ceb[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `virtual_oss` is imported to base. The `audio/virtual_oss` port will stop being built from FreeBSD 15.0 onwards. Regarding user-facing changes, the only practical difference is the installation process. Everything is provided by the base system, except for the following optional components, which can be installed from ports: * sndio backend support: `audio/virtual_oss_sndio` * bluetooth backend support: `audio/virtual_oss_bluetooth` * `virtual_equalizer(8)`: `audio/virtual_oss_equalizer` Apart from that, `virtual_oss` should work as expected. Users of `virtual_oss` can uninstall `audio/virtual_oss` and instead use the base system version from now on. gitref:5a31c623143f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Manual Pages A new man:freebsd-base[7] manual provides details on the layout of base system packages and how to update a system with them. gitref:e1632b827b1a[repository=src] Manual pages on filesystems have been moved to section four, the Kernel Interfaces Manual. gitref:1687d77197c0[repository=src] The man:builtin[1] manual has been rewritten featuring streamlined information and a new section on keybindings that are built into the FreeBSD CLI. gitref:42df4faf7004[repository=src] A new man:networking[7] manual page provides a quickstart guide to connecting the system to networks including Wi-Fi, and links to other manual pages and the handbook. gitref:39f92a4c4c49[repository=src] The man:build[7] manual has been revised to incorporate instructions on building the system from source. gitref:275f61111f435[repository=src] Refer to man:graid[8] and man:zfs[8] instead of man:gvinum[8] in man:ccdconfig[8]. gitref:55cb3a33d920[repository=src] The man:ps[1] manual page has been revamped to explain the general principles, and descriptions in there have been updated to match reality. The preamble has been revamped to give a thorough overview of the different aspects of the man:ps[1] command. The description of several options and some keywords have been fixed to match their actual behavior and/or expanded. The STANDARDS and BUGS sections have been expanded. gitref:ddf144a04b53[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:mac_do[4] manual page has been revamped as part of adding support for multiple users and groups as single rule's targets, which lead to changing the rules syntax. In particular, it has grown a JAIL SUPPORT and SECURITY CONSIDERATIONS sections. gitref:bc201841d139[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The existing content of the man:mdo[1] manual page has been enriched as part of documenting the new support for fully specifying all users and groups in the target credentials. It has now a longer introduction and a new SECURITY CONSIDERATIONS section. gitref:20ebb6ec5ac0[repository=src] {{< sponsored "The FreeBSD Foundation" >}} {{< sponsored "Google LLC (GSoC 2025)" >}} The ethernet switch controllers, man:mtkswitch[4], man:ip17x[4], man:ar40xx[4], and man:e6000sw[4] have gained initial manual pages. gitref:37f00bc257d[repository=src], gitref:f750a114d2c[repository=src], gitref:91c975c3913[repository=src], gitref:6da793a8caa[repository=src] man:mount[8] has gained an example for remounting all filesystems read/write in single-user mode. gitref:c3e06b23b417[repository=src] Manual pages for the lua man:loader[8] modules have had their descriptions reworded to optimize man:apropos[1] results. gitref:5d59c1b4f14e[repository=src] The manual pages style guide, man:style.mdoc[5], has gained a section for listing supported hardware. When listed this way, the supported hardware will be listed in link:https://www.freebsd.org/releases/{localRel}R/hardware[the supported hardware notes]. Many manuals have had this section added or reworded in this release. Much work has gone into adding man:sysctl[8]s and environment variables to the manual. Try searching for them with `apropos Va=here.is.the.sysctl` or `apropos Ev=here_is_the_environment_variable`. The man:intro[1] to the General Commands manual has been revised, incorporating a statement about installing additional commands, and a listing of cannonical command directories. gitref:cc0af6d5a6c2[repository=src] The man:intro[2] to the System Calls manual has been revised, incorporating links and a HISTORY section from OpenBSD. gitref:9a62cdc01327[repository=src], gitref:69ff2d754c1c[repository=src], gitref:6dfbe695c322[repository=src], gitref:de525c502a3a[repository=src], gitref:d846f33bb6d4[repository=src], gitref:4696ca7baf2f[repository=src], gitref:9e8df7900f52[repository=src], gitref:bcc57e971597[repository=src] The man:intro[5] to the File Formats manual has been revised, incorporating improvements from OpenBSD. gitref:8d65152cbfc8[repository=src], gitref:26ec37653662[repository=src], gitref:37508388d066[repository=src], gitref:a6175f28da70[repository=src] The filesystem hierarchy index manual, man:hier[7], has been revised, incorporating a great deal of crossreferences, and increased detail on `/usr/local`. [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. A new `FreeBSD-kmods` repository is included in the default `/etc/pkg/FreeBSD.conf` man:pkg[8] configuration file. This repository contains kernel modules compiled specifically for {releaseCurrent} rather than for the {releaseBranch} branch. Installing kernel modules from this repository allows drivers with unstable kernel interfaces, in particular graphics drivers, to work even when the main {releaseBranch} repository has packages build on a previous release. gitref:a47542f71511[repository=src] The `FreeBSD` and `FreeBSD-kmods` repositories defined in `/etc/pkg/FreeBSD.conf` have been renamed to `FreeBSD-ports` and `FreeBSD-ports-kmods` respectively. Users who override these in `/usr/local/etc/pkg/repos` will need to adjust their configuration to match the new names. [[Installer]] === Installer The FreeBSD installer, man:bsdinstall[8], now supports downloading and installing firmware packages after the FreeBSD base system installation is complete. gitref:03c07bdc8b31[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[ports-packages]] === Packaging Changes The bootonly ISO and mini-memstick image now include the package:net/wifi-firmware-iwlwifi-kmod[] and package:net/wifi-firmware-rtw88-kmod[] packages, making installations possible over a wireless connection (on systems supported by these firmware packages). gitref:655fcdde1aff[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The package:net/wifi-firmware-kmod@release[] package has been added to the DVD ISO, providing firmware for a broader set of Wi-Fi drivers. gitref:8c6df7ead19c[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[future-releases]] == General Notes Regarding Future FreeBSD Releases diff --git a/website/content/en/releases/15.1R/relnotes.adoc b/website/content/en/releases/15.1R/relnotes.adoc index e49343882a..e0bab3260a 100644 --- a/website/content/en/releases/15.1R/relnotes.adoc +++ b/website/content/en/releases/15.1R/relnotes.adoc @@ -1,200 +1,200 @@ --- title: "FreeBSD 15.1-RELEASE Release Notes" sidenav: download --- :localRel: 15.1 :releaseCurrent: 15.1-RELEASE :releaseBranch: 15-STABLE :releasePrev: X.Y-RELEASE :releaseNext: X.Y-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. -More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}mirrors[Obtaining FreeBSD appendix] to the link:{handbook}[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |No advisories. | | |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |No notices. | | |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes [[userland-programs]] === Userland Application Changes [[userland-contrib]] === Contributed Software [[userland-deprecated-programs]] === Deprecated Applications [[userland-libraries]] === Runtime Libraries and API [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers [[drivers-removals]] === Deprecated and Removed Drivers [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[hardware-virtualization]] === Virtualization Support [[documentation]] == Documentation This section covers changes to manual (man:man[1]) pages and other documentation shipped with the base system. [[man-pages]] === Man Pages [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes [[future-releases]] == General Notes Regarding Future FreeBSD Releases diff --git a/website/content/ru/releases/15.0R/relnotes.adoc b/website/content/ru/releases/15.0R/relnotes.adoc index de73b7cc8f..2e5d12ca53 100644 --- a/website/content/ru/releases/15.0R/relnotes.adoc +++ b/website/content/ru/releases/15.0R/relnotes.adoc @@ -1,1719 +1,1719 @@ --- title: "FreeBSD 15.0-RELEASE Информация о релизе" sidenav: download --- :localRel: 15.0 :releaseCurrent: 15.0-RELEASE :releaseBranch: 15-STABLE :releasePrev: 14.0-RELEASE :releaseNext: 15.1-RELEASE :releaseType: "release" include::shared/ru/urls.adoc[] = Информация о релизе FreeBSD {releaseCurrent} :doctype: article :toc: macro :toclevels: 2 :icons: font == Аннотация [.abstract-title] Информация о релизе FreeBSD {releaseCurrent} содержит сводку изменений, внесённых в базовую систему FreeBSD на линии разработки {releaseBranch}. Этот документ перечисляет применимые рекомендации по безопасности, выпущенные с момента последнего релиза, а также значительные изменения в ядре FreeBSD и пользовательском пространстве. Также представлены некоторые краткие замечания по обновлению. toc::[] [[intro]] == Введение Этот документ содержит информацию о релизе FreeBSD {releaseCurrent}. В нем описаны недавно добавленные, измененные или удаленные функции FreeBSD. Также представлены некоторые замечания по обновлению с предыдущих версий FreeBSD. Дистрибутив {releaseType}, к которому относится эта информация о релизе, представляет собой последнюю точку на ветке разработки {releaseBranch} между {releasePrev} и будущим {releaseNext}. Информацию о предварительно собранных, бинарных дистрибутивах {releaseType} на этой ветке можно найти на https://www.FreeBSD.org/releases/[]. -Дополнительную информацию о получении этого (или другого) дистрибутива {releaseType} FreeBSD можно найти в link:{handbook}/mirrors[приложении по получению FreeBSD] к link:{handbook}/[руководству FreeBSD]. +Дополнительную информацию о получении этого (или другого) дистрибутива {releaseType} FreeBSD можно найти в link:{handbook}mirrors[приложении по получению FreeBSD] к link:{handbook}[руководству FreeBSD]. Всем пользователям рекомендуется ознакомиться с исправлениями и дополнениями релиза перед установкой FreeBSD. Документ с исправлениями и дополнениями обновляется «последней информацией», обнаруженной в конце цикла выпуска или после выпуска. Обычно он содержит информацию об известных ошибках, уведомлениях о безопасности и исправлениях в документации. Актуальную копию исправлений и дополнений для FreeBSD {releaseCurrent} можно найти на веб-сайте FreeBSD. В этом документе описаны наиболее заметные для пользователя новые или измененные функции в FreeBSD после {releasePrev}. Как правило, описанные здесь изменения уникальны для ветки {releaseBranch}, если они не отмечены специально как функции MERGED. Обычные пункты информации о релизе документируют недавние уведомления о безопасности, выпущенные после {releasePrev}, новые драйверы или поддержку оборудования, новые команды или опции, основные исправления ошибок или обновления предоставленного программного обеспечения. Также могут перечисляться изменения в основных портах/пакетах или практиках инженерии выпуска. Очевидно, что информация о релизе не может перечислить каждое изменение, внесенное в FreeBSD между выпусками; этот документ в основном фокусируется на уведомлениях о безопасности, изменениях, заметных для пользователя, и основных архитектурных улучшениях. [[upgrade]] == Обновление с предыдущих выпусков FreeBSD [IMPORTANT] ==== Попытку обновления FreeBSD следует предпринимать только после резервного копирования _всех_ данных и конфигурационных файлов. ==== [[upgrade-fu]] === Обновление из дистрибутивных наборов Бинарные обновления между промежуточными сборками и релизными версиями поддерживаются с помощью утилиты man:freebsd-update[8]. Ознакомьтесь с процедурой обновления конкретного релиза, с link:../installation/#upgrade-binary[Информацией об обновлении FreeBSD {releaseCurrent}] и с более подробной информацией в разделе Руководства FreeBSD о link:{handbook}cutting-edge/#freebsdupdate-upgrade[процедуре бинарного обновления]. При этом будут обновлены неизменённые пользовательские утилиты, а также неизменённые ядра GENERIC, распространяемые как часть официального релиза FreeBSD. Утилита man:freebsd-update[8] требует, чтобы обновляемая система имела подключение к сети Интернет. [[upgrade-rc]] == Обновление из пакетов [IMPORTANT] ==== Для пользователей FreeBSD 15.0 сборок PRERELEASE, ALPHA и BETA прямое обновление с помощью утилиты man:pkg[8] выполнить невозможно ввиду последних изменений в инфраструктуре FreeBSD.org. ==== Для систем, установка которых выполнена из пакетов, требуется либо ручное копирование необходимых файлов из копии дерева исходного кода с тегом `15.0-RELEASE`, либо использование альтернативного варианта в виде принудительной установки пакета `FreeBSD-pkg-bootstrap` из набора пакетов базовой системы официального релиза. Рекомендуемым и наиболее безопасным методом является использование копии дерева исходного кода любой из веток head, stable/15 или releng/15.0 после 2025-11-27 22:00 UTC. .... # cp /usr/src/usr.sbin/pkg/FreeBSD.conf.quarterly-release \ /etc/pkg/FreeBSD.conf # cp -R /usr/src/share/keys/pkgbase-15 /usr/share/keys/pkgbase-15 .... Пользователи, у которых не установлен актуальный исходный код, могут использовать менее безопасный, но более простой подход, включающий проверку контрольных сумм после установки. Поскольку эти файлы не зависят от архитектуры, соответствующие контрольные суммы будут совпадать на всех платформах. Перед обновлением через man:pkg[8] будет необходима активация репозитория пакетов FreeBSD-base: .... # pkg add -f https://pkg.freebsd.org/FreeBSD:15:$(uname -p)/base_release_0/FreeBSD-pkg-bootstrap-15.0.pkg # sha256 -r /etc/pkg/FreeBSD.conf /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 \ /usr/share/keys/pkgbase-15/trusted/awskms-15 /usr/share/keys/pkgbase-15/trusted/backup-signing-15 ab261a3b84ffc11654ac0bafbb7d6b3f1b6afc30bfabab3bcff64259678eac26 /etc/pkg/FreeBSD.conf 036ae4f9c441a3febb41734bbb37227ec3374edd3c6c687e5cb70d580efbea30 /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 529c79e85a6ca152faa9d57ead85fe0111ffada8d0a0fa2f11fc510999fa50df /usr/share/keys/pkgbase-15/trusted/awskms-15 c368ec8d05654bdaad34742c1d75b9b150bfc3892838cef32f6e5b036b0c0605 /usr/share/keys/pkgbase-15/trusted/backup-signing-15 # mkdir -p /usr/local/etc/pkg/repos # echo "FreeBSD-base: { enabled: yes }" > /usr/local/etc/pkg/repos/FreeBSD.conf .... [[upgrade-mk]] === Обновление из исходного кода Обновления с предыдущих версий из исходного кода поддерживаются через компиляцию ветки releng/15.0. Обратитесь к соответствующим инструкциям в [.filename]#/usr/src/UPDATING#. [[security-errata]] == Включенные исправления безопасности и патчи В этом разделе перечислены различные уведомления о безопасности и исправления, выпущенные после {releasePrev}, которые были устранены в {releaseCurrent}. [[security]] === Бюллетени безопасности (ошибки исправлены) [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Бюллетень | Дата | Тема |https://www.freebsd.org/security/advisories/FreeBSD-SA-23:17.pf.asc[FreeBSD-SA-23:17.pf] |5 декабря 2023 г. |Уязвимость подмены TCP в man:pf[4] |https://www.freebsd.org/security/advisories/FreeBSD-SA-23:18.nfsclient.asc[FreeBSD-SA-23:18.nfsclient] |12 декабря 2023 г. |Повреждение данных клиента NFS и раскрытие памяти ядра |https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc[FreeBSD-SA-23:19.openssh] |19 декабря 2023 г. |Атака усечения префикса в протоколе SSH |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:01.bhyveload.asc[FreeBSD-SA-24:01.bhyveload] |14 февраля 2024 г. |Доступ man:bhyveload[8] к файлам хоста |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:02.tty.asc[FreeBSD-SA-24:02.tty] |14 февраля 2024 г. |Утечка информации man:jail[2] |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:03.unbound.asc[FreeBSD-SA-24:03.unbound] |28 марта 2024 г. |Множественные уязвимости в unbound |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh] |1 июля 2024 г. |Удаленное выполнение кода в OpenSSH до аутентификации |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf] |7 августа 2024 г. |pf некорректно сопоставляет различные состояния ICMPv6 в таблице состояний |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace] |7 августа 2024 г. |man:ktrace[2] не отключается при выполнении setuid-бинарника |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient] |7 августа 2024 г. |Клиент NFS принимает имена файлов, содержащие разделители пути |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh] |7 августа 2024 г. |Проблема безопасности асинхронных сигналов в OpenSSH до аутентификации |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv] |4 сентября 2024 г. |Множественные уязвимости в libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve] |4 сентября 2024 г. |Привилегированный выход гостя из man:bhyve[8] через проброс устройства TPM |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] |4 сентября 2024 г. |Множественные проблемы в man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |4 сентября 2024 г. |Привилегированный выход гостя из man:bhyve[8] через контроллер USB |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] |4 сентября 2024 г. |Возможная DoS при проверке имен X.509 в OpenSSL |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |4 сентября 2024 г. |Паника ядра или Use-After-Free в umtx |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 сентября 2024 г. |Чтение за пределами допустимого диапазона в man:bhyve[8] через эмуляцию XHCI |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 сентября 2024 г. |Переполнение целого числа в libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:17.bhyve.asc[FreeBSD-SA-24:17.bhyve] |29 октября 2024 г. |Множественные проблемы в гипервизоре bhyve |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc[FreeBSD-SA-24:18.ctl] |29 октября 2024 г. |Неограниченное выделение памяти в man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:19.fetch.asc[FreeBSD-SA-24:19.fetch] |29 октября 2024 г. |Опция man:fetch[1] для списка отзыва сертификатов не работает |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc[FreeBSD-SA-25:01.openssh] |29 января 2025 г. |Обход маскировки нажатий клавиш в OpenSSH |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc[FreeBSD-SA-25:02.fs] |29 января 2025 г. |Переполнение буфера в некоторых файловых системах через NFS |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate] |29 января 2025 г. |Непривилегированный доступ к системным файлам |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace] |29 января 2025 г. |Раскрытие неинициализированной памяти ядра через man:ktrace[2] |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh] |21 февраля 2025 г. |Множественные уязвимости в OpenSSH |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:06.xz.asc[FreeBSD-SA-25:06.xz] |2 июля 2025 г. |Использование после освобождения в многопоточном декодере xz |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc[FreeBSD-SA-25:07.libarchive] |8 августа 2025 г. |Переполнение целого числа в libarchive, приводящее к двойному освобождению памяти |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:08.openssl.asc[FreeBSD-SA-25:08.openssl] |30 сентября 2025 г. |Множественные уязвимости в OpenSSL |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:09.netinet.asc[FreeBSD-SA-25:09.netinet] |22 октября 2025 г. |`SO_REUSEPORT_LB` нарушает работу man:connect[2] для UDP-сокетов |https://www.freebsd.org/security/advisories/FreeBSD-SA-25:10.unbound.asc[FreeBSD-SA-25:10.unbound] |26 ноября 2025 г. |Отравление кеша в службе local-unbound |=== [[errata]] === Уведомления об ошибках (ошибки исправлены) [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Исправление | Дата | Тема |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:15.sanitizer.asc[FreeBSD-EN-23:15:sanitizer] |1 декабря 2023 г. |Сбой санитайзера Clang при включенном ASLR |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:16.openzfs.asc[FreeBSD-EN-23:16:openzfs] |1 декабря 2023 г. |Повреждение данных OpenZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:17.ossl.asc[FreeBSD-EN-23:17:ossl] |5 декабря 2023 г. |Реализация AES-GCM в man:ossl[4] может давать некорректные результаты |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:18.openzfs.asc[FreeBSD-EN-23:18:openzfs] |5 декабря 2023 г. |Высокая загрузка ЦП потоками ядра ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:19.pkgbase.asc[FreeBSD-EN-23:19:pkgbase] |5 декабря 2023 г. |Некорректный номер версии pkgbase для FreeBSD {releasePrev}. |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:20.vm.asc[FreeBSD-EN-23:20:vm] |5 декабря 2023 г. |Некорректные результаты от распределителя физической памяти ядра |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:21.tty.asc[FreeBSD-EN-23:21:tty] |24 ноября 2023 г. |man:tty[4] IUTF8 вызывает панику ядра |https://www.freebsd.org/security/advisories/FreeBSD-EN-23:22.vfs.asc[FreeBSD-EN-23:22:vfs] |5 декабря 2023 г. |Каталоги снимков ZFS недоступны по NFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:01.tzdata.asc[FreeBSD-EN-24:01:tzdata] |14 февраля 2024 г. |Обновление информации базы данных часовых поясов |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:02.libutil.asc[FreeBSD-EN-24:02:libutil] |14 февраля 2024 г. |Обход ограничений ресурсов класса входа и маски ЦП |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:03.kqueue.asc[FreeBSD-EN-24:03:kqueue] |14 февраля 2024 г. |Ошибка страницы в man:kqueue_close[2] при выходе с использованием man:rfork[2] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:04.ip.asc[FreeBSD-EN-24:04:ip] |14 февраля 2024 г. |Паника ядра, вызванная man:bind[2] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:05.tty.asc[FreeBSD-EN-24:05:tty] |28 марта 2024 г. |Паника ядра TTY |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:06.wireguard.asc[FreeBSD-EN-24:06:wireguard] |28 марта 2024 г. |Недостаточные барьеры в WireGuard man:if_wg[4] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:07.clang.asc[FreeBSD-EN-24:07:clang] |28 марта 2024 г. |Аварийное завершение Clang при включении определенной оптимизации |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:08.kerberos.asc[FreeBSD-EN-24:08:kerberos] |28 марта 2024 г. |Segfault в Kerberos при использовании слабой криптографии |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:09.zfs.asc[FreeBSD-EN-24:09:zfs] |24 апреля 2024 г. |Высокая загрузка ЦП потоками ядра, связанными с ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSD-EN-24:10:zfs] |19 июня 2024 г. |Утечка памяти ядра в ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11:ldns] |19 июня 2024 г. |LDNS использует серверы имен, закомментированные в resolv.conf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12:killpg] |19 июня 2024 г. |Инверсия порядка блокировок в killpg, вызывающая взаимную блокировку |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libc%2B%2B.asc[FreeBSD-EN-24:13:libc++] |19 июня 2024 г. |Некорректный размер, передаваемый при удалении std::string, выделенного в куче |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14:ifconfig] |7 августа 2024 г. |Некорректное назначение маски сети в ifconfig |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15:calendar] |4 сентября 2024 г. |Вход в сеанс man:cron[8] / man:periodic[8] |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16:pf] |19 сентября 2024 г. |Некорректная обработка состояния ICMPv6 в pf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:17.pam_xdg.asc[FreeBSD-EN-24:17:pam_xdg] |20 октября 2024 г. |Утечка файлового дескриптора в каталоге выполнения XDG при входе в систему |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:01.rpc.asc[FreeBSD-EN-25:01.rpc] |29 января 2025 г. | Разыменование нулевого указателя в клиенте NFSv4 |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:02.audit.asc[FreeBSD-EN-25:02.audit] |29 января 2025 г. |Аудит системных вызовов отключен DTrace |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:03.tzdata.asc[FreeBSD-EN-25:03.tzdata] |29 января 2025 г. |Обновление информации базы данных часовых поясов |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:04.tzdata.asc[FreeBSD-EN-25:04.tzdata] |10 апреля 2025 г. |Обновление информации базы данных часовых поясов |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:05.expat.asc[FreeBSD-EN-25:05.expat] |10 апреля 2025 г. |Обновление expat до версии 2.7.1 |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:06.daemon.asc[FreeBSD-EN-25:06.daemon] |10 апреля 2025 г. |Отсутствующие сигналы в man:daemon[8] |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:07.openssl.asc[FreeBSD-EN-25:07.openssl] |10 апреля 2025 г. |Обновление OpenSSL до версии 3.0.16 |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot] |10 апреля 2025 г. |Обновление набора корневых сертификатов |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:09.libc.asc[FreeBSD-EN-25:09:libc] |2 июля 2025 г. |Аварийное завершение динамически загружаемых библиотек C++ при выходе |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:10.zfs.asc[FreeBSD-EN-25:10:zfs] |2 июля 2025 г. |Повреждение в потоках репликации ZFS из зашифрованных наборов данных |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:11.ena.asc[FreeBSD-EN-25:11:ena] |2 июля 2025 г. |Сбросы `ena` и паника ядра на экземплярах Nitro v4 или новее |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:12.efi.asc[FreeBSD-EN-25:12:efi] |8 августа 2025 г. |man:bsdinstall[8] не копирует правильный загрузчик на системах с прошивкой IA32 UEFI. |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:13.wlan_tkip.asc[FreeBSD-EN-25:13:wlan_tkip] |8 августа 2025 г. |Поддержка криптографии TKIP в net80211 не работает для некоторых драйверов |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:14.route.asc[FreeBSD-EN-25:14:route] |8 августа 2025 г. |man:route[8] monitor буферизирует слишком много данных при перенаправлении в файл |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:15.arm64.asc[FreeBSD-EN-25:15:arm64] |16 сентября 2025 г. |arm64 man:syscall[2] позволяет непривилегированному пользователю вызвать панику ядра |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:16.vfs.asc[FreeBSD-EN-25:16:vfs] |16 сентября 2025 г. |man:copy_file_range[2] не устанавливает выходные параметры |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:17.bnxt.asc[FreeBSD-EN-25:17:bnxt] |16 сентября 2025 г. |man:bnxt[4] не устанавливает тип среды в некоторых случаях |https://www.freebsd.org/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc[FreeBSD-EN-25:18:freebsd-update] |30 сентября 2025 г. |man:freebsd-update[8] устанавливает библиотеки в неверном порядке |=== [[architectures]] == Архитектуры Почтенные 32-разрядные аппаратные платформы i386, armv6 и 32-разрядная powerpc ушли на пенсию. Поддержка 32-разрядных приложений сохраняется через режим совместимости 32-разрядных приложений на соответствующих 64-разрядных платформах. Платформа armv7 остается последней поддерживаемой 32-разрядной платформой. Мы благодарим их за службу. [[userland]] == Пользовательское окружение Этот раздел охватывает изменения и дополнения в пользовательских приложениях, предоставленном программном обеспечении и системных утилитах. [[userland-config]] === Изменения конфигурации пользовательского окружения Службе аутентификации Kerberos v5, man:krb5kdc[8], добавлена новая переменная `kdc_restart` в man:daemon[8]. Установите `kdc_restart="YES"` в man:rc.conf[5] для автоматического перезапуска kdc при аномальном завершении. Установите `kdc_restart_delay="N"` на количество секунд задержки перед перезапуском kdc. gitref:abc4b3088941[repository=src] Скрипты `daily` man:periodic[8] теперь по умолчанию показывают меньше контекста в письмах для уменьшения размера вывода. Поведение можно контролировать с помощью переменной `daily_diff_flags` в man:periodic.conf[5]. Аналогично, изменения, показываемые скриптами безопасности, показывают меньше контекста, чем раньше, что контролируется переменной `security_status_diff_flags` в man:periodic.conf[5]. gitref:538994626b9f[repository=src], gitref:37dc394170a5[repository=src], gitref:128e78ffb084[repository=src] Демон man:bsnmpd[1] больше не поддерживает устаревший транспорт UDP. Пользователям, которые не обновляли свой `/etc/snmpd.config` с 12.0-RELEASE или старше, потребуется обновить конфигурацию. В частности, определение транспорта должно быть изменено с OID `begemotSnmpdPortStatus` на `begemotSnmpdTransInetStatus`. gitref:9ba51cce8bbd[repository=src] Репозиторий `FreeBSD-base` теперь определен в `/etc/pkg/FreeBSD.conf` и отключен по умолчанию. Системам, которые были установлены с pkgbase до 15.0-RC1 (если используется `releng/15.0`) или 15 ноября (если используются снимки `stable`/`main`), потребуется удалить определение репозитория `FreeBSD-base` из `/usr/local/etc/pkg/repos/` и заменить его одной строкой `FreeBSD-base: { enabled: yes }`. gitref:5d832135a971[repository=src] Утилита man:powerd[8] теперь включена по умолчанию в `/etc/rc.conf` на образах для Raspberry Pi на arm64 (файлы `arm64-aarch64-RPI`). Это предотвращает постоянную работу тактовой частоты ЦП на низкой скорости. gitref:4347ef60501f[repository=src] [[userland-programs]] === Изменения в пользовательских приложениях Утилита man:adduser[8], используемая man:bsdinstall[8], теперь создает набор данных ZFS для домашнего каталога нового пользователя, если родительский каталог находится на наборе данных ZFS. Доступна опция командной строки для отключения использования отдельного набора данных. Также доступно шифрование ZFS. gitref:516009ce8d38[repository=src] Программа man:date[1] теперь поддерживает наносекунды. Например: `date -Ins` выводит "2024-04-22T12:20:28,763742224+02:00", а `date +%N` выводит "415050400". gitref:eeb04a736cb9[repository=src] {{< sponsored "Klara, Inc." >}} Утилита man:dtrace[1] теперь может генерировать машинно-читаемый вывод в форматах JSON, XML и HTML с использованием man:libxo[3]. gitref:aef4504139a4[repository=src] {{< sponsored "Innovate UK" >}} Утилита man:lastcomm[1] теперь отображает временные метки с точностью до секунд. gitref:692c0a2e80c1[repository=src] {{< sponsored "DSS Gmbh" >}} Утилита man:ldconfig[8] теперь поддерживает файлы подсказок с любым порядком байт. Формат по умолчанию — собственный порядок байт хоста. gitref:fa7b31166ddb[repository=src] Утилита man:usbconfig[8] теперь читает описания производителей и продуктов USB из [.filename]#/usr/share/misc/usb_vendors#, когда они доступны, аналогично тому, как это делает man:pciconf[8]. gitref:7b9a772f9f64[repository=src] Утилита man:env[1] получила опцию для изменения каталога, которая очень похожа на функцию в версии env от GNU, хотя и не поддерживает длинные опции. gitref:08e8554c4a39[repository=src] {{< sponsored "Klara, Inc." >}} Утилита man:ps[1] теперь автоматически удаляет столбцы из готовых представлений, которые содержат те же данные, что и некоторые явно запрошенные столбцы. До этого изменения, если пользователь запрашивал добавление какого-либо «готового представления» (опции `-j`, `-l`, `-u` или `-v`), столбцы в нем, которые были дубликатами явно запрошенных ранее в командной строке, опускались, но это не работало в обратную сторону, когда готовое представление появлялось перед явно запрошенными столбцами. Кроме того, столбцы с разными ключевыми словами, которые являются псевдонимами одного и того же ключевого слова, теперь также считаются содержащими одни и те же данные, в дополнение к столбцам с одинаковыми ключевыми словами. gitref:cd768a840644[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Опция `-O` утилиты man:ps[1] стала более универсальной и предсказуемой. Список столбцов для отображения man:ps[1] теперь сначала строится без учета опций `-O`. На втором шаге все столбцы, переданные через `-O`, наконец вставляются после первого столбца PID (если он существует, иначе в начало) в уже построенном отображении, в порядке их появления в качестве аргументов для опций `-O`. gitref:5dad61d9b949[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Опции `-a` и `-A` утилиты man:ps[1] теперь всегда показывают все процессы. При комбинировании с другими опциями, влияющими на выбор процессов, кроме `-X` и `-x`, опция `-a` не имела бы эффекта (а `-A` сводилась бы просто к `-x`). Это противоречило правилу, применяемому ко всем другим опциям выбора, которое гласит, что процесс отображается, как только любая из этих опций была указана и выбирает его, что требуется POSIX и, вероятно, является естественным ожиданием. В качестве практического следствия, указание `-a` или `-A` теперь приводит к отображению всех процессов независимо от других опций выбора, таких как `-U`, `-p`, `-G` и т.д., кроме опций фильтрации `-X` и `-x`, которые продолжают применяться. В частности, чтобы отображать только процессы из определенных клеток, нельзя использовать `-a` вместе с `-J`. Опция `-J`, вопреки своему кажущемуся первоначальному назначению, на практике никогда не работала как фильтр, кроме как случайно с только `-a` из-за ошибки. gitref:93a94ce731a8[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Утилита man:ps[1] теперь сопоставляет процессы текущего пользователя, используя эффективный идентификатор пользователя (EUID). Ранее сопоставление производилось по реальному идентификатору пользователя (RUID). Это приводит man:ps[1] в соответствие с POSIX по этой теме. gitref:1aabbb25c9f9c4372[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Флаг `-U` утилиты man:ps[1] теперь выбирает процессы по реальным идентификаторам пользователей. Это то, что требует POSIX для опции `-U` и, вероятно, поведение, которое большинству пользователей действительно нужно в большинстве случаев. Раньше `-U` выбирало процессы по их эффективным идентификаторам пользователей (что является поведением, требуемым POSIX для опции `-u`). gitref:995b690d1398[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Утилита man:sysctl[8] получила флаги для фильтрации переменных jail, prison и vnet, так что пользователям не нужно обращаться к исходному коду, чтобы определить, является ли переменная jail, prison / vnet или нет. gitref:615c9ce250ee[repository=src] Утилита man:grep[1] больше не следует символическим ссылкам по умолчанию при рекурсивном поиске. Это соответствует задокументированному поведению на странице руководства. gitref:fc12c191c087[repository=src] Утилита man:mdo[1] теперь поддерживает полное указание всех пользователей и групп в учетных данных цели. Для удобства, в дополнение к полному явному указанию, она позволяет начинать с базового набора, предоставляющего значения по умолчанию для всех атрибутов, который представляет собой либо учетные данные входа какого-либо пользователя из базы данных паролей, либо текущие учетные данные, а затем выборочно изменять эти атрибуты. Страница руководства была обновлена для описания новых опций и их взаимодействия. gitref:4ffcb1a4a99c[repository=src] {{< sponsored "The FreeBSD Foundation" >}} {{< sponsored "Google LLC (GSoC 2025)" >}} При загрузке в однопользовательском режиме man:init[8] теперь изменяет рабочий каталог на `/root`, используя `/` только как запасной вариант. Ссылка `/.profile` на `/root/.profile` больше не устанавливается. gitref:b4b91207ab6f[repository=src], gitref:ca771d7ae527[repository=src] Устаревший man:ftpd[8] был удален из базовой системы. Пользователям, которым он еще нужен, можно установить порт `ftp/freebsd-ftpd`. gitref:259bb93b80c0[repository=src] Программа администрирования базы данных Kerberos v5 научилась выгружать базу данных Heimdal KDC в формате, который можно загрузить в MIT KDC. См. https://wiki.freebsd.org/Kerberos/Heimdal2MIT_KDC_Migration, как использовать `kadmin -l dump -f` для переноса/конвертации базы данных KDC. gitref:9fd3b28d4e0d[repository=src], gitref:23fbea8cf2f3[repository=src] Утилиты man:bsdconfig[8] и man:bsdinstall[8] теперь используют man:bsddialog[1] вместо GNU dialog. gitref:c36b3dbc99d1[repository=src], gitref:04b465777a09[repository=src] Команда man:jail[8] теперь поддерживает параметр `zfs.dataset` для присоединения списка наборов данных ZFS к клетке. gitref:e0dfe185cbca[repository=src] Команда man:jail[8] теперь поддерживает параметры meta и env, которые представляют собой произвольные строки, связанные с клеткой. Эти параметры можно использовать для пометки клетки определенными метаданными или для безопасной передачи информации, к которой можно будет получить доступ внутри клетки. Их можно добавить при создании клетки или изменить позже с помощью man:jail[8]. gitref:30e6e008bc06[repository=src] {{< sponsored "SkunkWerks, GmbH" >}} Скрипт запуска `rc.d/jail` теперь поддерживает устаревшую переменную `jail_${jailname}_zfs_dataset`, чтобы позволить неподдерживаемым менеджерам клеток, таким как `ezjail`, использовать новую функцию `zfs.dataset` (см. выше). gitref:0b49e504a32d[repository=src] Утилита man:newsyslog[8] теперь поддерживает указание глобального метода сжатия непосредственно в начале файла `newsyslog.conf`. Все исторические флаги сжатия (`J`, `X`, `Y`, `Z`) тогда ведут себя как указание «считать файл сжимаемым» вместо «сжать файл этим конкретным методом». Доступны следующие методы: * `none`: Никогда не сжимать. * `legacy`: Историческое поведение (`J`=bzip2, `X`=xz, `Y`=zstd, `Z`=gzip). * `bzip2`, `xz`, `zstd`, `gzip`: Применить указанный метод сжатия. gitref:61174ad88e33[repository=src], gitref:906748d208d3[repository=src], gitref:39d668f1e09e[repository=src] [[userland-contrib]] === Предоставленное программное обеспечение One True Awk (man:awk[1]) обновлен до 2-го издания с новой поддержкой -csv и поддержкой UTF-8. Использован снимок 20250804. gitref:b45a181a74c8[repository=src] {{< sponsored "Netflix" >}} Инструментальная цепочка справочных руководств системы, man:mandoc[1], обновлена до версии 1.14.6, снимок 2025-09-26. Эта версия включает улучшенную совместимость с groff и DocBook, улучшенный вывод в html и markdown, а также устаревание раздела LIBRARY. gitref:c1c95add8c80[repository=src], gitref:80c12959679a[repository=src], gitref:4c07abdbacf4[repository=src], gitref:06410c1b5163[repository=src], gitref:59fc2b0166f7[repository=src] Библиотека man:jemalloc[3] обновлена до версии 5.3.0. gitref:c43cad871720[repository=src] Система сборки man:bmake[1] обновлена до 20250804, предоставляя множество улучшений отладки, исправлений ошибок, таких как обнаружение и отклонение синтаксиса `gmake`, и улучшений функций, таких как использование аргумента с плавающей запятой для `-j` в качестве множителя количества доступных процессоров. Комплекс man:sendmail[8] обновлен до версии 8.18.1, устраняя CVE-2023-51765. gitref:58ae50f31e95[repository=src] Калькулятор man:bc[1] обновлен до версии 7.1.0. gitref:fdc4a7c8012b[repository=src] Комплекс `blacklist` переименован вышестоящими разработчиками в `blocklist`. Существующие настройки продолжат работать с выдачей предупреждения. Использован снимок 20251026. gitref:4afb96fdd272[repository=src] Утилита man:bsddialog[1] обновлена до версии 1.0.5. gitref:0595e10ec773[repository=src] Генератор парсеров man:byacc[1] обновлен до версии 20240109. gitref:822ca3276345[repository=src] Библиотека `libarchive` обновлена до версии 3.8.2. gitref:8a0b57ba54f0[repository=src] Библиотека `libcbor` обновлена до версии 0.11.0. gitref:1755b9daa693[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Библиотека `libcxxrt` обновлена до снимка поставщика 6f2fdfebcd62. gitref:d0dcee46d971[repository=src] Библиотека `libfido2` обновлена до версии 1.14.0. gitref:128bace5102e[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Библиотека `libpcap` обновлена до версии 1.10.5. gitref:26f21a6494b4[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Библиотека man:ncurses[3] обновлена до версии 6.5. gitref:21817992b331[repository=src] Утилита man:tcpdump[1] обновлена до версии 4.99.5. gitref:ec3da16d8bc1[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Проверяющий DNS-резолвер `unbound` обновлен до версии 1.24.1. gitref:a988846174e0[repository=src] Инфраструктура компилятора `llvm` обновлена до 19.1.7-0-gcd708029e0b2. gitref:dc3f24ea8a25[repository=src] Файловая система OpenZFS обновлена до zfs-2.4.0-rc4. gitref:7b5b0f43eb06[repository=src] Компрессоры данных man:xz[1] обновлены до версии 5.8.1. gitref:128836d304d9[repository=src] Программа просмотра man:less[1] обновлена до версии v679. gitref:76bafc906926[repository=src] Идентификатор файлов man:file[1] обновлен до версии 5.46. gitref:ae316d1d1cff[repository=src] Библиотека сжатия данных man:zlib[3] обновлена до версии 1.3.1. gitref:6255c67c3d1a[repository=src] База данных часовых поясов, `tzdata`, обновлена до версии 2025b. gitref:475082194ac8[repository=src] OpenSSH обновлен до версии 10.0p2. .gitref:8e28d84935f2[repository=src] {{< sponsored "The FreeBSD Foundation" >}} OpenSSL обновлен до версии 3.5.4. gitref:c0366f908ff4[repository=src] Lua обновлена до версии 5.4.8. gitref:3068d706eabe[repository=src] {{< sponsored "Netflix" >}} Тестовая среда C++ Google Test обновлена до версии 1.15.2. Одно заметное изменение заключается в том, что GoogleTest 1.15.x теперь официально требует C++14 (1.14.x требовала C++11). gitref:1d67cec52542[repository=src] Шрифт консоли `spleen` для man:vt[4] обновлен до версии 2.1.0. gitref:26336203d32c[repository=src] MIT KRB5 1.22.1 Kerberos заменяет Heimdal 1.5.2 по умолчанию. Heimdal 1.5.2 все еще можно собрать, используя флаг `WITHOUT_MITKRB5`. Heimdal Kerberos будет полностью удален в FreeBSD 16. См. также примечание о флаге `-f` для `kadmin -l dump` в разделе <>. gitref:ee3960cba106[repository=src], gitref:0b9a631e0724[repository=src], gitref:60f970b85e44[repository=src], gitref:0d1496f0f1e7[repository=src], gitref:cbb6e747af98[repository=src], gitref:0559f30a882d[repository=src], gitref:ae07a5805b19[repository=src], gitref:f58febc4cefa[repository=src], gitref:805498e49ae4[repository=src], gitref:4cb1baa7d85c[repository=src], gitref:188138106b9f[repository=src], gitref:4680e7fcc70a[repository=src], gitref:e447c252d0ec[repository=src], gitref:5f8493bbf479[repository=src], gitref:110111a6cca1[repository=src], gitref:2a454b05f2c1[repository=src], gitref:98d46e05ab08[repository=src], gitref:6b28571cb6ba[repository=src], gitref:ca9ccf0ce9ad[repository=src], gitref:b98d0566b2bd[repository=src], gitref:fb1ccc04adfe[repository=src], gitref:dd0ec030f8fd[repository=src], gitref:6c4771c73470[repository=src], gitref:7b68893ffa9b[repository=src], gitref:624b7beed5ac[repository=src], gitref:04764f21855a[repository=src], gitref:73ed0c7992fd[repository=src], gitref:40a5abfc3f66[repository=src], gitref:543b875a8ee4[repository=src], gitref:c791ea80b5f7[repository=src], gitref:383e7290c0b5[repository=src], gitref:9a726ef24134[repository=src], gitref:a245dc5d68c7[repository=src], gitref:e26259f48afe[repository=src], gitref:7d2cfb27d62f[repository=src], gitref:619feb9dd00e[repository=src], gitref:10eecc467f32[repository=src], gitref:0c13e9c3c464[repository=src], gitref:89c82750da1a[repository=src], gitref:18a870751b03[repository=src], gitref:ce9c325a2e92[repository=src], gitref:cb3eac927b5d[repository=src], gitref:5105e1ebecc7[repository=src], gitref:b9b0e105c357[repository=src], gitref:929f5966a9fd[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Драйвер man:rtw88[4] обновлен до Linux v6.17. Возможная проблема с тем, что устройства не могут пройти аутентификацию, все еще исследуется. gitref:c1d365f39e08[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Драйвер man:rtw89[4] обновлен до Linux v6.17. Драйвер недостаточно протестирован и все еще может иметь проблемы. gitref:b35044b38f74[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Драйвер man:iwlwifi[4] обновлен до Linux v6.17. Для наборов микросхем на основе BE200 потребуется более новая прошивка, требующая дальнейших исправлений драйвера, которых нет в этом выпуске. gitref:69caa1cf3ce5[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[userland-libraries]] === Библиотеки времени выполнения и API Функция man:setusercontext[3] в `libutil` теперь будет устанавливать приоритет процесса (nice) из файла [.filename]#.login.conf# в домашнем каталоге при соответствующих условиях, а также из системного man:login.conf[5]. Приоритет теперь может иметь значение `inherit`, указывающее, что приоритет должен быть неизменным от родительского процесса. Аналогично, umask может иметь значение `inherit`. gitref:c328e6c6ccaa[repository=src], gitref:d162d7e2ad32[repository=src], gitref:f2a0277d3e51[repository=src] {{< sponsored "Kumacom SAS" >}} Многие операции со строками и памятью в библиотеке C теперь используют расширения SIMD (single instruction multiple data) для повышения производительности, когда они доступны на системах amd64; см. man:simd[7]. {{< sponsored "The FreeBSD Foundation" >}} Теперь в математической библиотеке man:math[3] на поддерживающих платформах появилась гораздо лучшая реализация 128-разрядной функции `tgammal`. gitref:8df6c930c151[repository=src] man:fma[3] теперь возвращает правильно знаковый ноль при определенных малых входных данных (как замечено в тестовом наборе Python). gitref:dc39004bc670[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлена функция `cap_rights_is_empty`. Она сообщает, установлены ли какие-либо права в `cap_rights_t`. gitref:e77813f7e4a3[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `libcxxrt` обновлен до вышестоящего 6f2fdfebcd62. gitref:d9901a23bd2f[repository=src] Улучшена точность man:asinf[3] и man:acosf[3]. gitref:33c82f11c267[repository=src] Системные вызовы man:setgroups[2] и man:getgroups[2] и библиотечная функция man:initgroups[3] были изменены, чтобы избежать установки или отображения эффективного идентификатора группы (GID), теперь они касаются только дополнительных групп. Основная цель этого изменения — избежать проблем с безопасностью в будущем, став совместимыми с Linux/glibc, OpenBSD, NetBSD и системами на основе illumos. Следовательно, почти все переносимые приложения уже должны соответствовать этому новому поведению и будут продолжать работать правильно или даже исправятся в процессе (см., например, gitref:239e8c98636a[repository=src] для примера, затрагивающего OpenSSH). Однако, из предосторожности, портерам, системным администраторам и пользователям рекомендуется проверить свои приложения, использующие man:setgroups[2], man:getgroups[2] и man:initgroups[3], обратив внимание на следующие моменты. Приложения должны использовать man:setgid[2] или man:setegid[2] в дополнение к man:setgroups[2] или man:initgroups[3] для установки эффективного идентификатора группы. Они не должны специально обрабатывать первый элемент массива, возвращаемого man:getgroups[2], а рассматривать его как любой другой дополнительной группы. Для получения дополнительной информации обратитесь к разделам SECURITY CONSIDERATIONS, которые были добавлены на страницы руководств man:setgroups[2], man:getgroups[2] и man:initgroups[3]. Предоставлены совместимые системные вызовы и библиотечные функции, чтобы двоичные файлы и библиотеки, скомпилированные на системах FreeBSD 14 или более ранних, продолжали работать точно так же, как и раньше. gitref:9da2fe96ff2e[repository=src], gitref:8878569103a3[repository=src], gitref:7132fb5edbc9[repository=src], gitref:2932e6f59bff[repository=src], gitref:8878569103a3[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `libc` содержит функции совместимости, позволяющие запускать исполняемые файлы/библиотеки, скомпилированные для старых версий FreeBSD. Те из них, которые сами используют совместимые системные вызовы, не ссылались на них правильно, что вызывало некорректное поведение во время выполнения. Это было исправлено. gitref:47f5f89dbd27[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Функция man:readdir_r[3] устарела и может быть удалена в будущих выпусках. Ее использование в программе приведет к предупреждениям во время компиляции и компоновки. gitref:2bd157bc732a[repository=src] {{< sponsored "Klara, Inc." >}} Динамический компоновщик man:rtld[1] получил поддержку флага статического компоновщика, задаваемого параметром `-z initfirst`. gitref:78aaab9f1cf359f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[userland-misc]] === Разное Шрифт Gallant для man:vt[4] обновлен более чем 4300 новыми глифами, включая поддержку греческого, кириллицы, расширений Международного фонетического алфавита, расширенных латинских символов, Zapf Dingbats, множества стрелок, множества математических символов, буквоподобных символов и обрамленных буквенно-цифровых символов, идеального рисования рамок пиксель к пикселю, символов валют, дополнительных знаков пунктуации, достаточного количества катаканы, чтобы сказать コンニチハ («добрый день», японский), глифов Powerline в области частного использования (Private Use Area) по адресу U+e0a0. gitref:9e8c1ab0976c[repository=src] Поддержка Unicode обновлена до 16.0.0, а CLDR — до 45.0.0. gitref:ddfc6f84f242[repository=src] [[userland-deprecated-programs]] === Устаревшие приложения man:fdisk[8] давно устарел в пользу man:gpart[8], но не был удален; запуск этого приложения будет показывать предупреждение о переходе на man:gpart[8]. gitref:3958be5c29da[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлено уведомление об устаревании man:syscons[4]. man:syscons[4] несовместим с UEFI, не поддерживает UTF-8 и блокируется глобальным мютексом Giant. Конкретных сроков его удаления еще нет, но поддержка блокировки Giant, как ожидается, исчезнет через один или два основных цикла выпуска. gitref:8c922db4f3d9[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Утилита `shar` была удалена. Она продолжает существовать как порт package:sysutils/freebsd-shar[]. gitref:3fde39073c72[repository=src] Криптографически слабый алгоритм подписи DSA был удален из OpenSSH, следуя за вышестоящими разработчиками. База данных man:publickey[5] была удалена. Она использует DES, и мы надеемся, что никто не использует это в 2025 году. gitref:9197c04a251b[repository=src] [[cloud]] == Поддержка облачных сред Этот раздел охватывает изменения в поддержке облачных сред. {releaseCurrent} поддерживает cloudinit, включая скрипт запуска `nuageinit` и поддержку раздела `config-drive`. Он совместим с OpenStack и многими хостинг-провайдерами. См. веб-сайт https://cloud-init.io[cloud-init] и сообщения коммитов, gitref:16a6da44e28d[repository=src] gitref:227e7a205edf[repository=src] {{< sponsored "OVHcloud" >}} Базовые образы Cloudinit больше не генерируют RSA-ключи хоста по умолчанию для SSH. Генерацию RSA-ключа хоста можно повторно включить, установив `sshd_rsa_enable="YES"` в `/etc/rc.conf`, если необходимо поддерживать очень старые SSH-клиенты. gitref:b22be3bbb2de[repository=src] Проект FreeBSD теперь публикует образы контейнеров, совместимые с OCI. gitref:8a688fcc242e[repository=src] Проект FreeBSD теперь публикует образы для Oracle Cloud Infrastructure. См. link:https://cloudmarketplace.oracle.com/marketplace/app/freebsd-release[список FreeBSD в Oracle Cloud Infrastructure] для получения дополнительной информации. gitref:77b296a2582b[repository=src] API "shutdown" и "reboot" в облаке Amazon EC2 теперь работают для экземпляров arm64 ("Graviton"). gitref:28b881840df7[repository=src] {{< sponsored "Amazon" >}} Несколько исправлений ошибок и изменений конфигурации в совокупности позволяют осуществлять горячее подключение устройств как на x86, так и на экземплярах EC2 arm64 ("Graviton"). gitref:ce9a34b1614e[repository=src] gitref:55c3348ed78f[repository=src] gitref:d70bac252d30[repository=src] {{< sponsored "Amazon" >}} Пользователям, обновляющим экземпляры EC2 с более ранних выпусков FreeBSD, следует установить `hw.pci.intx_reroute=0` и `debug.acpi.quirks="56"` в `/boot/loader.conf`. Проект FreeBSD теперь публикует "маленькие" ("small") образы EC2; это образы "base" без отладочных символов, тестов, 32-разрядных библиотек, отладчика LLDB, агента Amazon SSM и AWS CLI. gitref:953142d6baf3[repository=src] {{< sponsored "Amazon" >}} Проект FreeBSD теперь публикует "сборочные" ("builder") образы EC2; они загружаются в диск в памяти и извлекают чистый образ "base" на корневой диск (смонтированный в `/mnt`) для настройки перед созданием AMI. gitref:584265890303[repository=src] {{< sponsored "Amazon" >}} Образы EC2 "base" FreeBSD теперь загружаются до 76% быстрее, чем соответствующие образы {releasePrev}, причем наибольшие улучшения наблюдаются на экземплярах arm64 ("Graviton"). AMI EC2 больше не генерируют RSA-ключи хоста по умолчанию для SSH. Генерацию RSA-ключа хоста можно повторно включить, установив `sshd_rsa_enable="YES"` в `/etc/rc.conf`, если необходимо поддерживать очень старые SSH-клиенты. gitref:0aabcd75dbc2[repository=src] {{< sponsored "Amazon" >}} FreeBSD {releaseCurrent} теперь поддерживает машины Google Cloud Compute Engine C4. gitref:7b32f4f0a7fe[repository=src] {{< sponsored "Google" >}} [[kernel]] == Ядро В этом разделе рассматриваются изменения в конфигурациях ядра, настройке системы и параметрах системного управления, которые не отнесены к другим категориям. [[kernel-general]] === Общие изменения в ядре ktrace(2) теперь будет записывать подробную информацию о нарушениях режима возможностей (capability mode). Утилита kdump(1) была обновлена для отображения такой информации. gitref:9bec84131215[repository=src], gitref:96c8b3e50988[repository=src], gitref:05296a0ff616[repository=src], gitref:6a4616a529c1[repository=src], gitref:0cd9cde767c3[repository=src], gitref:aa32d7cbc92c[repository=src] FreeBSD теперь нативно реализует интерфейс man:inotify[2] из Linux. Сами системные вызовы не являются API-совместимыми, но libc предоставляет API-совместимый интерфейс, поэтому программное обеспечение, зависящее от inotify, может работать без изменений. gitref:f1f230439fa4[repository=src], {{< sponsored "Klara, Inc." >}} Реализованы процедуры `fpu_kern_enter` и `fpu_kern_leave` для powerpc, позволяющие использовать криптографические функции man:ossl[4] в ядре, которые используют регистры с плавающей запятой и векторные регистры. gitref:91e53779b4fc[repository=src] Добавлена поддержка устаревшего горячего подключения PCI на arm64. gitref:355f02cddbf0[repository=src]. {{< sponsored "Arm Ltd" >}} Теперь к клетке можно обращаться через дескрипторы клеток в man:jail_set[2] и man:jail_get[2], а также с помощью новых системных вызовов `jail_attach_jd(2)` и `jail_remove_jd(2)`. Они позволяют манипулировать клетками через интерфейс файловых дескрипторов без состояний гонки, присущих идентификаторам клетки, а также могут дополнительно контролировать время жизни клетки. gitref:851dc7f859c2[repository=src] Клетки и дескрипторы клетки теперь имеют связанные фильтры man:kevent[2], которые позволяют отслеживать создание, изменение, присоединение и удаление клеток. gitref:1bd74d201a53[repository=src] gitref:9d7f89ef2607[repository=src] Создан новый общий узел 'mac' для параметров клетки модулей MAC. Все будущие параметры клетки модулей MAC будут появляться под этим узлом. См. man:mac[4] для введения в MAC. Первым потребителем является man:mac_do[4]. gitref:5041b20503db[repository=src], gitref:f3a06ced2568[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:mac_do[4] теперь считается готовым к производственному использованию после ряда важных исправлений. gitref:bbf8af664dc9[repository=src], gitref:292c814931d9[repository=src], gitref:53d2e0d48549[repository=src], gitref:add521c1a5d2[repository=src], gitref:2a20ce91dc29[repository=src], gitref:fa4352b74580[repository=src], gitref:3d8d91a5b32c[repository=src], gitref:8f7e8726e3f5[repository=src], gitref:89958992b618[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:mac_do[4] теперь поддерживает изменение правил внутри клетки с помощью параметра `security.mac.do.rules` в man:sysctl[8]. gitref:b3f93680e39b[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Представлен системный вызов man:setcred[2] и связанные с ним хуки MAC. Этот новый системный вызов позволяет установить все необходимые учетные данные процесса за один раз: эффективный, реальный и сохраненный идентификаторы пользователя, эффективный, реальный и сохраненный идентификаторы группы, дополнительные группы и метку MAC. Помимо обеспечения атомарности, его преимущество перед стандартными системными вызовами установки учетных данных, такими как `setuid()`, `seteuid()` и т.д., заключается в том, что он позволяет модулям MAC, таким как man:mac_do[4], ограничивать набор учетных данных, которые может получить некоторый процесс, точным образом, поскольку теперь они могут видеть конечное желаемое состояние и сравнивать его с исходным. gitref:ddb3eb4efe55[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлена поддержка нескольких пользователей и групп в качестве целей одного правила в man:mac_do[4]. Поддержка целей-групп необходима для того, чтобы man:mac_do[4] мог применять ограниченный набор допустимых новых групп в целевых учетных данных и разрешать переходы учетных данных только между группами. Разрешенные группы привязаны к одному или нескольким идентификаторам пользователя. Несколько пользователей и групп в целевой части правила рассматриваются как альтернативы (инклюзивная дизъюнкция), за исключением условий, выражающих обязательное наличие или отсутствие дополнительной группы. Синтаксис правил был изменен несовместимым образом, но миграция существующих правил — это просто вопрос добавления `uid=` перед целевой частью, замены запятых (`,`) на точку с запятой (`;`) и двоеточий (`:`) на знак «больше» (`>`). Пожалуйста, обратитесь к странице руководства man:mac_do[4] для получения дополнительной информации. gitref:83ffc412b2e9[repository=src], gitref:8f7e8726e3f5[repository=src], gitref:f01d26dec67f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлена возможность man:sysctl[8] присоединяться и запускаться в клетке. Это позволяет родительской клетке получать или устанавливать состояние ядра, когда в дочерней клетке не установлен man:sysctl[8] (например, в легковесных контейнерах OCI или slim-клетках). Это особенно полезно при манипуляции с jail, prison или vnet sysctl. Например, `sysctl -j foo -Ja` или `sysctl -j foo net.fibs=2`. gitref:8d5d7e2ba3a6[repository=src]. Включена возможность настройки vnet man:sysctl[9] переменных через loader tunable. В gitref:3da1cf1e88f8[repository=src] значение флага `CTLFLAG_TUN` расширено для автоматической проверки наличия переменной среды ядра, которая должна инициализировать `SYSCTL` во время ранней загрузки. Это работает для всех типов `SYSCTL`, как статических, так и динамически созданных, за исключением `SYSCTL`, принадлежащих VNET. Обратите внимание, что реализация имеет ограничение. Она ведет себя так же, как и non-vnet loader tunables. То есть после инициализации ядра или модулей любые изменения (например, через `kenv`) переменной среды ядра не повлияют на соответствующую vnet переменную последующих создаваемых VNET. Чтобы преодолеть это, можно использовать `TUNABLE_XXX_FETCH` для получения переменной среды ядра в эти vnet переменные во время создания vnet. gitref:894efae09de4[repository=src] man:sound[4]: Выделение vchans по требованию. Рефакторинг `pcm_chnalloc()` и объединение с частями `vchan_setnew()` (теперь удалена) и создания каналов `dsp_open()` в новую функцию `dsp_chn_alloc()`. Функция отвечает за использование свободного HW-канала (если `vchans` отключены) или выделение нового vchan. `hw.snd.vchans_enable` (ранее `hw.snd.maxautovchans`) и `dev.pcm.X.{play|rec}.vchans` теперь работают как tunables только для включения/отключения `vchans`, в отличие от установки их количества и/или (де-)выделения vchans. Поскольку эти sysctl больше не запускают никаких (де-)выделений, их эффект мгновенен, тогда как раньше это могло привести к зависанию машины (при попытке выделить новые vchans) при установке `dev.pcm.X.{play|rec}.vchans` в очень большое значение. gitref:960ee8094913[repository=src]. {{< sponsored "The FreeBSD Foundation" >}} Удален параметр man:sysctl[8] `hw.snd.version`. gitref:7398d1ece5cf[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Код `unit.*` в man:sound[4] был удален, и в рамках этого удален tunable man:loader[8] `hw.snd.maxunit`. gitref:25723d66369f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Исправлены постепенные замедления и зависания, с которыми сталкивались владельцы некоторых видеокарт AMD, использующих драйвер DRM amdgpu из портов `drm-kmod`, начиная с v5.15 (порт `graphics/drm-515-kmod`). В частности, известно, что затрагивались владельцы видеокарт с чипами Green Sardine, Polaris 10 и 20, а также Vega. Последние видеокарты на базе Intel (gen 13+) также могли быть затронуты. gitref:718d1928f874[repository=src], gitref:4ca9190251bb[repository=src], gitref:986edb19a49c[repository=src], gitref:9d1f3ce79d85[repository=src], gitref:da257e519bc0[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Код, выполняющий итерацию по доменам памяти (NUMA), был улучшен и исправлен несколькими способами, что, в частности, привело к снижению задержки для некоторых графических операций с драйверами DRM. gitref:da257e519bc0[repository=src], gitref:83ad6d8d8eee[repository=src], gitref:b15ff7214020[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Эффективный идентификатор группы теперь хранится в новом поле `cr_gid` структуры `struct cred` и удален как первый элемент `cr_groups[]`, который теперь содержит только дополнительные группы. Все нижестоящие и сторонние модули, использующие `cr_groups[0]`, должны быть исправлены для использования `cr_gid` вместо него, а окружающий код, который перебирает элементы `cr_groups[]`, исключая `cr_groups[0]` (т.е. который предназначен для работы только с дополнительными группами), также необходимо скорректировать, поскольку теперь дополнительные группы начинаются с `&cr_groups[0]` вместо `&cr_groups[1]`. Коду, который должен быть переносимым как на 15.0, так и на более ранние версии, можно использовать `cr_gid`, который существовал и ранее как макрос, и можно проверить истинность выражения `&cr_groups[0] != &cr_gid`, чтобы знать, как адекватно просматривать дополнительные группы. gitref:be1f7435ef218b1df35[repository=src] {{< sponsored "the FreeBSD Foundation" >}} [[kernel-architecture-specific]] === Архитектурно-зависимые изменения В amd64 FreeBSD теперь поддерживает более 4 ТБ оперативной памяти на современных машинах, имеющих функцию CPU LA57. gitref:d390633cf8cf[repository=src] {{< sponsored "the FreeBSD Foundation" >}} В amd64 обработка регистров `%fsbase`/`%gsbase` и базового адреса TLS была переработана, что делает их более полезными для приложений, напрямую манипулирующих контекстом CPU. gitref:68ba38dad3[repository=src] {{< sponsored "the FreeBSD Foundation" >}} [[drivers]] == Устройства и драйверы В этом разделе рассматриваются изменения и дополнения в устройствах и драйверах устройств, появившиеся после {releasePrev}. [[drivers-device]] === Драйверы устройств Интерфейс терминала man:tty[4] теперь имеет флаг `IUTF8`, который включает правильную обработку удаления символов UTF-8 (backspacing), установлен по умолчанию, что соответствует локали UTF-8 по умолчанию. gitref:bb830e346bd5[repository=src] Доступен драйвер для контроллеров Ethernet серии Intel E800 man:ice[4], поддерживающих работу на скорости 100 Гбит/с. Он был обновлен до версии 1.43.2-k. gitref:38a1655adcb3[repository=src] {{< sponsored "Intel Corporation" >}} В драйвер man:iwlwifi[4] для устройств Wi-Fi от Intel внесены многочисленные улучшения стабильности. {{< sponsored "The FreeBSD Foundation" >}} Теперь в amd64 поддерживаются несколько регионов PCI MCFG, что обеспечивает доступ к пространству конфигурации PCI для доменов (сегментов), отличных от 0. gitref:4b5f64408804[repository=src] Драйвер Ethernet man:smsc[4] теперь может получать значение `smsc95xx.macaddr`, передаваемое некоторыми моделями Raspberry Pi, и использовать его для MAC-адреса. Он всегда использует стабильный MAC-адрес, даже если в EEPROM нет адреса. gitref:028e4c6548e4[repository=src] Фреймворк `snd_clone` был удален из звуковой подсистемы, включая связанные sysctl, упрощая систему. Узлы на канал ([.filename]#/dev/dspX.Y#) больше не создаются, только основное устройство ([.filename]#/dev/dspX#). gitref:e6c51f6db8d7[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Теперь звук поддерживает асинхронное отключение устройств. Это значительно упрощает горячее подключение и отключение таких устройств, как USB-гарнитуры, и облегчает использование PulseAudio в случаях, требующих перехода операционной системы в режим сна и пробуждения (suspend и resume). gitref:d692c314d29a[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `ice_ddp` обновлен до версии 1.3.41.0. gitref:a9d78bb714e3[repository=src] {{< sponsored "Intel Corporation" >}} Добавлена поддержка Tiger Lake-H в драйвер man:hda[4]. gitref:dbb6f488df6e[repository=src] Добавлена поддержка Meteor Lake в драйвер man:ichsmb[4]. gitref:14c22e28e4ee[repository=src] {{< sponsored "Framework Computer Inc" >}} {{< sponsored "The FreeBSD Foundation" >}} Добавлена поддержка Meteor Lake в драйвер man:ig4[4]. gitref:56f0fc0011c2[repository=src] Поддержка Realtek 8156/8156B перенесена из man:cdce[4] в man:ure[4] для повышения производительности и надежности. gitref:630077a84186[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлена поддержка объектов ACPI GPIO _AEI. gitref:1db6ffb2a482[repository=src] {{< sponsored "Amazon" >}} man:nvme[4] и man:nvmecontrol[8] включены для всех архитектур. gitref:24687a65dd7f[repository=src], gitref:aba2d7f89dcf[repository=src] {{< sponsored "Chelsio Communications and Netflix" >}} Версия драйвера man:mpi3mr[4] обновлена до 8.14.0.2.0. gitref:e6d4b221ba7c[repository=src] Заголовок MPI для man:mpi3mr[4] обновлен до версии 36. Это соответствует последней спецификации MPI. Это включает обновленные структуры, определения полей и константы, необходимые для совместимости с обновленной прошивкой. gitref:60cf1576501d[repository=src] Драйвер man:mpi3mr[4] теперь включен в GENERIC. gitref:e2b8fb2202c2[repository=src] man:iwmbtfw[4]: Добавлена поддержка адаптеров Bluetooth 9260/9560. Необходимые файлы прошивки уже включены в порт package:comms/iwmbt-firmware[]. gitref:8e62ae9693bd[repository=src] Версия драйвера man:ena[4] обновлена до v2.8.1. gitref:a1685d25601e[repository=src] {{< sponsored "Amazon, Inc." >}} man:bnxt[4]: Включена поддержка NPAR на сетевых картах BCM57504 10/25GbE. gitref:54f842ed8897[repository=src] man:bnxt[4]: Добавлена поддержка идентификаторов PCI для 5760X (Thor2). Добавлены идентификаторы PCI для Thor2. gitref:45e161020c2d[repository=src] man:bnxt[4]: Добавлена поддержка модулей скорости 400G. gitref:32fdad17f060[repository=src] man:ix[4]: Добавлена поддержка SFP-модулей 1000BASE-BX. Добавлена поддержка BiDi-модулей на 1 Гбит/с. Добавлена поддержка Intel Ethernet Network Adapter E610. gitref:89d4096950c4[repository=src] gitref:dea5f973d0c8[repository=src] man:igc[4]: Исправлено присоединение для устройств I226-K и LMVP. Идентификаторы этих устройств были в списке PCI ID драйвера для присоединения, но `igc_set_mac_type()` никогда не был настроен для установки правильного типа MAC для этих устройств. Исправлено добавлением этих ID в блок switch, чтобы они распознавались драйвером вместо возврата ошибки. Это исправляет присоединение man:igc[4] для встроенного сетевого адаптера I226-K на материнской плате ASRock Z790 PG-ITX/TB4, позволяя его распознать и использовать. gitref:f034ddd2fa38[repository=src]. Удален старый обработчик sysctl itr из man:em[4]. Эта реализация имела различные ошибки. Преобразование/масштабирование единиц измерения было неверным, и она также неправильно обрабатывала устройства 82574L или man:igb[4]. С новым кодом AIM ожидается, что большинству пользователей не потребуется вручную настраивать этот параметр. gitref:edf50670e215[repository=src] {{< sponsored "BBOX.io" >}} Добавлена поддержка адаптеров USB-to-Serial от Brainboxes в man:uftdi[4]. gitref:47db906375b5[repository=src] Добавлен драйвер man:iwx[4], поддерживающий серию беспроводных сетевых адаптеров M.2 Intel Wi-Fi 6. gitref:2ad0f7e91582[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Новый драйвер сотовых модемов поддерживает USB-сетевые устройства, реализующие Mobile Broadband Interface Model (MBIM): man:umb[4]. Сопутствующий инструмент man:umbctl[8] используется для отображения или установки параметров интерфейса сотового модема MBIM (4G/LTE). gitref:0f1bf1c22a0c[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:smbios[4] теперь сначала ищет точку входа SMBIOS v3 (64-разрядную), даже если загрузка произведена из BIOS. Это позволяет обнаруживать и сообщать правильную версию SMBIOS с BIOS, которые предоставляют только таблицу v3, как это происходит на виртуальных машинах Hetzner. Для машин, предоставляющих обе таблицы, использовать таблицу v3 в приоритете, согласованно со случаем загрузки EFI. gitref:bc7f6508363c[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Драйвер man:usbhid[4] теперь включен по умолчанию и используется в приоритете перед другими USB HID драйверами, такими как man:ukbd[4], man:ums[4] и man:uhid[4]. Поддерживаемые классы устройств теперь включают: - Мыши с абсолютным позиционированием в виртуализированных средах через man:hms[4] - Дигитайзеры и устройства-стилусы через man:hpen[4] - Составные HID-устройства, такие как клавиатуры и мыши, совместно использующие один USB-интерфейс - Специальные функциональные клавиши клавиатуры (громкость, яркость и т.д.) через man:hcons[4] и man:hsctrl[4] - Игровые контроллеры, включая геймпады Xbox 360 и PS4 через man:xb360gp[4] и man:ps4dshock[4], а также универсальные контроллеры через man:hgame[4] - Сырые HID-устройства через man:hidraw[4] Ключи безопасности FIDO/U2F продолжают поддерживаться через автоматически загружаемый драйвер man:u2f[4]. Имена устройств и обработка протокола для этих устройств не изменились. gitref:74072e9f16c1[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлен драйвер man:udbc[4], обеспечивающий отладку на стороне хоста для целей с использованием xHC debug. gitref:d566b6a70bcb[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлен драйвер man:ufshci[4], поддерживающий контроллеры Universal Flash Storage (UFS). gitref:1349a733cf28[repository=src] {{< sponsored "Samsung Electronics" >}} Драйвер man:mlx5[4] теперь поддерживает встроенную разгрузку IPSEC на сетевых картах Nvidia ConnectX-6+, используя новую инфраструктуру разгрузки IPSEC в ядре. gitref:e23731db48ef[repository=src] {{< sponsored "NVIDIA networking" >}} Поддержка таймера watchdog в концентраторе ввода-вывода Intel 6300ESB добавлена в драйвер man:ichwd[4]. Это предназначено в первую очередь для пользователей QEMU, где этот таймер watchdog служит таймером по умолчанию и единственным для виртуальных машин x86. gitref:2b74ff5fceb6623f6[repository=src] Драйвер man:qat[4] получил поддержку устройства 402xx с ID 0x4944/0x4945. gitref:138e36514fe8[repository=src] {{< sponsored "Intel Corporation" >}} [[drivers-removals]] === Устаревшие и удаленные драйверы Шинный драйвер man:agp[4] устарел и планируется к удалению в FreeBSD 16.0. gitref:92af7c97e197[repository=src] gitref:cadadd1a0398[repository=src] Контроллер гибких дисков IBM PC, man:fdc[4], и связанные утилиты устарели и планируются к удалению в FreeBSD 16.0. gitref:4c736cfc69a7[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Шина man:firewire[4] и связанные драйверы устарели и планируются к удалению в FreeBSD 16.0. gitref:fc889167c319[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Драйвер Ethernet man:le[4] устарел и планируется к удалению в FreeBSD 16.0. gitref:e4d6433e9c03[repository=src] {{< sponsored "The FreeBSD Foundation" >}} man:syscons[4] запланирован к удалению в будущих выпусках, и в руководствах добавлено уведомление об устаревании, чтобы пользователи перешли на man:vt[4]. gitref:2bc5b1d60512[repository=src] {{< sponsored "The FreeBSD Foundation" >}} USB-драйвер 802.11g man:upgt[4] устарел и планируется к удалению в FreeBSD 16.0. gitref:7f8a5c5a1585[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[storage]] == Подсистема хранения данных В этом разделе рассматриваются изменения и дополнения в файловых системах и других подсистемах хранения данных, как локальных, так и сетевых. [[storage-general]] === Общие изменения в системах хранения Добавлены расширенные атрибуты в стиле Solaris (называемые именованными атрибутами в NFSv4). На данный момент их поддерживают только ZFS, а именно наборы данных файловой системы, у которых свойство `xattr` установлено в `dir`, а также NFSv4. Атрибуты представлены в каталоге как обычные файлы. См. man:named_attribute[7] для получения дополнительной информации. gitref:2ec2ba7e232d[repository=src], gitref:df58e8b1506f[repository=src], gitref:f61844833ee8[repository=src], gitref:b1b607bd200f[repository=src], gitref:ee95e4d02dbd[repository=src] Добавлена поддержка доступа к удаленным контроллерам NVMe over Fabrics через транспорт TCP. В man:nvmecontrol[8] добавлены новые команды для установления соединений с удаленными контроллерами. После установления соединения они передаются модулю ядра man:nvmf[4], который создает устройства `nvme__X__` и экспортирует удаленные пространства имен как диски man:nda[4]. gitref:a1eda74167b5[repository=src], gitref:1058c12197ab[repository=src] {{< sponsored "Chelsio Communications" >}} Добавлена поддержка экспорта пространств имен удаленным хостам NVMe over Fabrics через транспорт TCP. Модуль ядра man:nvmft[4] добавляет новый интерфейс в целевой слой CAM, который экспортирует LUN man:ctl[4] как пространства имен NVMe удаленным хостам. Демон man:ctld[8] теперь поддерживает контроллеры NVMe в дополнение к целям iSCSI и отвечает за прием входящих запросов на подключение и передачу подключенных пар очередей в man:nvmft[4]. gitref:a15f7c96a276[repository=src], gitref:66b5296f1b29[repository=src] {{< sponsored "Chelsio Communications" >}} Добавлена поддержка динамического изменения размера пространств имен NVMe. Драйверы man:nvd[4] и man:nda[4] теперь уведомляют geom об изменениях размеров в реальном времени. gitref:86d3ec359a56[repository=src] {{< sponsored "Netflix" >}} [[storage-nfs]] === NFS Значение по умолчанию настройки `nfs_reserved_port_only` в man:rc.conf[5] изменилось. Сервер NFS FreeBSD теперь требует, чтобы исходный порт запросов находился в диапазоне привилегированных портов (т.е. ≤ 1023), что, как правило, требует наличия у клиента повышенных привилегий в его локальной системе. Предыдущее поведение можно восстановить, установив `nfs_reserved_port_only=NO` в man:rc.conf[5]. gitref:6d5ce2bb6344[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Определена новая опция командной строки `-a` для man:mountd[8], которая предотвращает экспорт файловой системы с флагом `-alldirs`, если путь к каталогу не является точкой монтирования файловой системы сервера. gitref:07cd69e272da[repository=src] Структура NFS-дескрипторов файлов для файловых систем man:tarfs[4], man:tmpfs[4], man:cd9660[4] и man:ext2fs[4] изменилась. Серверу NFS, экспортирующему любую из этих файловых систем, потребуется, чтобы его клиенты отмонтировали и снова смонтировали экспорты. gitref:4db1b113b151[repository=src], gitref:1ccbdf561f41[repository=src], gitref:205659c43d87[repository=src], gitref:cf0ede720391[repository=src], gitref:8ae6247aa966[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Сервер man:mountd[8] был изменен для использования man:strunvis[3] для декодирования имен каталогов в файле(ах) man:exports[5]. Это позволяет встраивать специальные символы, такие как пробелы, в имя каталога. Для кодирования таких имен каталогов можно использовать `vis -M`; см. man:vis[1]. gitref:2c83f1ada435[repository=src] Разрешено указывать столько групп в опциях `-maproot` или `-mapall` в man:exports[5], сколько поддерживается системой. Ранее ограничение было `NGROUPS_MAX + 1`, где `NGROUPS_MAX` — это всего лишь минимальный максимум разрешенного количества дополнительных групп. Теперь используется правильное значение `{NGROUPS_MAX} + 1`, где `{NGROUPS_MAX}` получается во время выполнения через man:sysconf[3]. gitref:e87848a8150e[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлены новые переменные man:sysctl[8] под `kern.rpc.unenc` и `kern.rpc.tls`, которые позволяют администратору сервера NFS определить, насколько активно используется NFS-over-TLS. Большое количество неудачных рукопожатий может указывать на проблему конфигурации NFS. gitref:b8e137d8d32d[repository=src] Использование делегирований NFSv4.1/4.2 было улучшено при использовании опции монтирования `nocto`. Для этого требуется актуальный сервер NFSv4.1/4.2 с включенными делегированиями. Например, при сборке ядра FreeBSD с смонтированными через NFSv4 каталогами `src` и `obj` общее количество RPC-запросов снижается с 5461286 до 945643, а затраченное время уменьшается на 20%. gitref:171f66b0c2ca[repository=src], gitref:50e733f19b37[repository=src] Новая поддержка операции NFSv4.2 Clone, которая использует клонирование блоков для «копирования при записи» файлов на сервере NFS. Пока это работает только для экспортируемых файловых систем ZFS, у которых включено клонирование блоков. gitref:cce64f2e6851[repository=src] [[storage-ufs]] === UFS Программные обновления (soft updates) теперь включены по умолчанию при создании новой файловой системы UFS с помощью man:newfs[8]. gitref:6b2af2d88ffd[repository=src] Надежность UFS на томах с более чем 2 ГБ inodes значительно улучшена. Основная проблема заключалась в некорректной интерпретации 32-разрядного номера inode как знакового, который расширялся знаковым битом в `ino_t`. gitref:c069ca085bd1[repository=src], gitref:e36f069ecb47[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Отложить лимит даты 19 января 2038 года в файловых системах UFS1 до 7 февраля 2106 года. Это затрагивает только файловые системы со старым форматом UFS1. Подробности см. в сообщении коммита. gitref:1111a44301da[repository=src] [[storage-zfs]] === ZFS Добавлена поддержка `VOP_COPY_FILE_RANGE()` для клонирования блоков. В настоящее время ZFS — единственная локальная файловая система, которая поддерживает это, и только если включено клонирование блоков. NFSv4.2 также поддерживает это. См. `pathconf(2)` и `copy_file_range(2)` для получения дополнительной информации. gitref:37b2cb5ecb0f[repository=src] [[storage-geom]] === GEOM Поддержка томов vinum была удалена. gitref:f87bb5967670[repository=src], gitref:e51036fbf3f8[repository=src] [[boot-loader]] == Изменения в загрузчике Этот раздел охватывает загрузчик, загрузочное меню и другие изменения, связанные с загрузкой. ASCII-арт man:loader[8] снова может быть включен на графических системах с помощью необязательной переменной `loader_gfx` в man:loader.conf[5]. gitref:bef6d85b6de5[repository=src] man:loader[8] теперь читает локальные конфигурационные файлы, перечисленные в переменной `local_loader_conf_files`, после других конфигурационных файлов, по умолчанию это [.filename]#/boot/loader.conf.local#. gitref:a25531db0fc2[repository=src] man:loader[8] теперь можно настроить на чтение определенных конфигурационных файлов на основе переменных производителя платы (planar maker), продукта платы (planar product), продукта системы (system product) и uboot m_product из SMBIOS. На данный момент лучшей документацией является сообщение коммита git, gitref:3eb3a802a31b[repository=src]. Определение консоли в man:loader[8] было улучшено на системах EFI. Если переменная ConOut отсутствует, проверяется ConIn. Если найдено несколько устройств, предпочтение отдается последовательному порту. gitref:20a6f4779ac6[repository=src] {{< sponsored "Netflix" >}} Поддержка кадрового буфера в man:loader[8] теперь может использовать только текстовый видео-драйвер, что приводит к экономии места. gitref:57ca2848c0aa[repository=src] {{< sponsored "Netflix" >}} Обнаружение ACPI теперь выполняется раньше в man:loader.efi[8] на системах arm64. Копию [.filename]#loader.efi# на разделе EFI следует обновить на системах arm64, использующих ACPI. gitref:05cf4dda599a[repository=src] gitref:16c09de80135[repository=src] Загрузчик LinuxBoot можно использовать для загрузки FreeBSD из Linux на aarch64 и amd64. gitref:46010641267[repository=src] {{< sponsored "Netflix" >}} В загрузчик BIOS добавлена обратно поддержка gzip и bzip2, но удалена поддержка графического режима (по умолчанию) для решения проблем с размером. (Загрузчик EFI не изменился, поддерживая все эти функции.) gitref:4d3b05a8530e[repository=src] {{< sponsored "Netflix" >}} Загрузчик BIOS теперь может использовать точку входа SMBIOS v3 (64-разрядную), если ее таблица находится ниже 4 ГБ. Загрузчик BIOS компилируется как 32-разрядный клиент BTX даже на amd64, поэтому не может обращаться к адресам за пределами 4 ГБ. Однако 64-разрядная точка входа может ссылаться на таблицу структур ниже 4 ГБ, которую можно использовать, если BIOS не предоставляет 32-разрядную точку входа, как это происходит на виртуальных машинах Hetzner. gitref:7f005c6699f4[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Загрузчик BIOS теперь отдает предпочтение точке входа SMBIOS v3 (64-разрядной). Когда присутствуют и 32-разрядная, и 64-разрядная точки входа, спецификация SMBIOS гласит, что 64-разрядная точка входа всегда содержит как минимум все структуры, на которые ссылается 32-разрядная точка входа. Другими словами, 32-разрядная точка входа предоставляется для совместимости, поэтому предполагается, что у 64-разрядной точки входа больше шансов быть заполненной адекватными значениями. gitref:3f744fb8b2c5[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Загрузчик EFI теперь отдает предпочтение точке входа SMBIOS v3 (64-разрядной), согласованно с тем, что делается при загрузке BIOS. Однако есть разница: поскольку загрузчик EFI работает в 64-разрядном режиме на 64-разрядных платформах, нет ограничения, чтобы таблица структур точки входа v3 находилась ниже 4 ГБ. gitref:96f77576e9ea[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[network]] == Сеть Этот раздел описывает изменения, влияющие на сеть в FreeBSD. [[network-general]] === Общие сетевые изменения FreeBSD теперь реализует интерфейс `SO_SPLICE`, первоначально из OpenBSD. Эта функция позволяет пользовательским приложениям «сращивать» два соединенных TCP-сокета вместе, после чего данные, поступающие на один сокет, автоматически перенаправляются через сокет, к которому они сращены, вместо доставки приложению. gitref:a1da7dc1cdad[repository=src] {{< sponsored "Klara, Inc." >}} {{< sponsored "Stormshield" >}} Поддержка ARP (man:arp[4]) для сетей стандарта 802 восстановлена; она была случайно удалена вместе с поддержкой FDDI. (Это отличается от стандартной инкапсуляции Ethernet.) gitref:d776dd5fbd48[repository=src] Теперь можно собрать ядро с поддержкой IPv6 (INET6) без IPv4 (INET). gitref:6df9fa1c6b83[repository=src] и другие Модуль netgraph man:ng_ipfw[4] больше не обрезает cookie до 16 бит, позволяя использовать полные 32 бита. gitref:dadf64c5586e[repository=src] Добавлена поддержка AIM (Adaptive Interrupt Moderation) в драйвер man:igc[4]. gitref:472a0ccf847a[repository=src] {{< sponsored "Rubicon Communications, LLC (\"Netgate\") and BBOX.io" >}} Эта функция также добавлена в драйверы man:lem[4], man:em[4] и man:igb[4]. Считается, что серьезный регресс производительности UDP, появившийся в FreeBSD 12.0, включая NFS поверх UDP, исправлен этим изменением. gitref:49f12d5b38f6[repository=src] {{< sponsored "Rubicon Communications, LLC (\"Netgate\") and BBOX.io" >}} Добавлена возможность man:ip6addrctl[8] присоединяться и запускаться в клетке. Это упростит управление политиками выбора адресов для vnet клетки, особенно для легковесных контейнеров OCI или slim-клетки. gitref:b709f7b38cc4[repository=src] Пакетный фильтр man:pf[4] получил новый параметр времени выполнения man:loader.conf[5] 'net.pf.default_to_drop', а также опцию времени компиляции `PF_DEFAULT_TO_DROP`, делая правило по умолчанию — «отбрасывать». gitref:7f7ef494f11d[repository=src], gitref:3965be101c43[repository=src] Новая опция пула route-to "prefer-ipv6-nexthop" в man:pf[4] позволяет маршрутизировать IPv4-пакеты через IPv6-шлюзы. gitref:65c318630123[repository=src] gitref:d2761422eb0a[repository=src] {{< sponsored "InnoGames GmbH" >}} man:pf[4] теперь поддерживает синтаксис NAT в стиле OpenBSD. Можно использовать "nat-to", "rdr-to" и "binat-to" в правилах "pass" и "match". Старый синтаксис "nat on ..." по-прежнему можно использовать. gitref:e0fe26691fc9[repository=src] {{< sponsored "InnoGames GmbH" >}} Протокол man:pfsync[4] обновлен для синхронизации нескольких отсутствующих атрибутов. Это исправляет синхронизацию состояний с опциями route-to, af-to, rtable, dummynet, tags и scrub. Если требуется синхронизация с более старой версией FreeBSD, версию протокола можно настроить с помощью `ifconfig pfsync0 version $VERSION`, где $VERSION — 1301 для релизов 13.X или 1400 для 14.X. По умолчанию используется 1500 для синхронизации между хостами под управлением FreeBSD 15.0. gitref:99475087d63b[repository=src] {{< sponsored "InnoGames GmbH" >}} Поддержка Kernel TLS теперь включена по умолчанию в ядрах `GENERIC` (по умолчанию) для aarch64, amd64, powerpc64 и powerpc64le. gitref:b2f7c53430c3[repository=src] {{< sponsored "Chelsio Communications" >}} Добавлены настраиваемые параметры `net.inet.{tcp,udp,raw}.bind_all_fibs`. По умолчанию они установлены в 1 для обратной совместимости. Установка их в 0 изменяет поведение сокета соответствующего протокола таким образом, что игнорируются пакеты, поступающие не с интерфейса в том же FIB, что и сокет. В этом случае TCP- и UDP-сокеты, принадлежащие разным FIB, также могут быть привязаны к одному адресу. Поведение по умолчанию не изменено. gitref:5dc99e9bb985[repository=src], gitref:08e638c089ab[repository=src], gitref:4009a98fe80b[repository=src] {{< sponsored "Klara, Inc." >}} {{< sponsored "Stormshield" >}} Подключение к `INADDR_ANY`, т.е. использование его в качестве псевдонима для `localhost`, теперь отключено по умолчанию. Эту функциональность можно повторно включить, установив sysctl `net.inet.ip.connect_inaddr_wild` в 1. gitref:cd240957d7ba[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Новая встроенная инфраструктура разгрузки IPSEC в ядре. См. также примечание о поддержке этого в драйвере man:mlx5[4]. gitref:ef2a572bf6[repository=src] {{< sponsored "NVIDIA networking" >}} Новый флаг man:ngctl[8], `-j`, позволяет ему присоединяться и работать внутри клетки, что дает возможность управлять узлами netgraph в клетке, даже если man:ngctl[8] не установлен внутри него. gitref:72d01e62b082[repository=src] man:sockstat[4] теперь по умолчанию будет отображать конечные точки UDP-Lite. gitref:978615d7bf7c[repository=src] Код совместимости ядра, поддерживающий бинарники man:ipfw[8] из FreeBSD 7 и 8, был удален. gitref:660255be1ed9[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[network-protocols]] === Сетевые протоколы Множество улучшений сетевого стека, включая улучшения производительности и исправления ошибок для стека man:sctp[4]. Дескрипторы, возвращаемые man:sctp_peeloff[2], теперь наследуют права доступа Capsicum man:rights[4] от родительского сокета. gitref:ae3d7e27abc9[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Значение по умолчанию переменной sysctl `net.inet.tcp.nolocaltimewait` изменилось с 1 на 0. Это означает, что FreeBSD больше не пропускает состояние `TIME_WAIT` для конечных точек, удаленный адрес которых является локальным. Новая переменная sysctl `net.inet.tcp.msl_local` может использоваться для контроля времени пребывания этих конечных точек в состоянии `TIME_WAIT`. Переменная sysctl `net.inet.tcp.nolocaltimewait` устарела и планируется к удалению в FreeBSD 16. gitref:c3fc0db3bc50[repository=src] {{< sponsored "Netflix" >}} Локальные потоковые сокеты (AF_UNIX/SOCK_STREAM) и сокеты последовательного потока пакетов (AF_UNIX/SOCK_SEQPACKET) были улучшены для лучшей передачи больших объемов данных и времени цикла (round trip). Сокет SOCK_SEQPACKET был доведен до соответствия спецификации и теперь ведет себя как настоящий потоковый сокет, тогда как в предыдущих выпусках FreeBSD он мог проявлять особенности датаграммного сокета. Приложения, которые использовали SOCK_SEQPACKET некорректно и полагались на старые ошибки реализации, возможно, потребуется скорректировать. gitref:d15792780760[repository=src] [[wireless-networking]] === Беспроводные сети Слой совместимости LinuxKPI 802.11 man:linuxkpi_wlan[4] получил поддержку протокола Galois/Counter Mode Protocol (GCMP) из man:wlan_gcmp[4]. {{< sponsored "The FreeBSD Foundation" >}} Вслед за другими драйверами прошивка man:iwlwififw[4] была удалена из базовой системы в пользу решения на основе портов и поддержки man:fwget[8]. В случае обновления с более ранних выпусков пользователи должны предварительно установить пакеты прошивки. {{< sponsored "The FreeBSD Foundation" >}} Беспроводной драйвер man:iwlwifi[4] поддерживает 802.11ac (VHT) для некоторого оборудования Intel Wi-Fi 5 и для всего оборудования Intel Wi-Fi 6 и Wi-Fi 7. {{< sponsored "The FreeBSD Foundation" >}} Беспроводной драйвер man:iwx[4] поддерживает 802.11ac (VHT) для оборудования Intel Wi-Fi 6. {{< sponsored "The FreeBSD Foundation" >}} Беспроводной драйвер man:rtwn[4] поддерживает 802.11ac (VHT) для чипсетов RTL8812A и RTL8821A. Беспроводной драйвер man:rtw89[4] поддерживает 802.11g для некоторого оборудования Realtek Wi-Fi 6 и Wi-Fi 7. gitref:a2d1e07f6451[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[hardware]] == Поддержка оборудования Этот раздел охватывает общую поддержку оборудования для физических машин, гипервизоров и сред виртуализации, а также изменения и обновления оборудования, которые не подходят в другие разделы этого документа. Пожалуйста, ознакомьтесь со link:https://www.freebsd.org/releases/{localRel}R/hardware[списком оборудования], поддерживаемым {releaseCurrent}, а также с link:https://www.freebsd.org/platforms/[страницей платформ] для полного списка поддерживаемых архитектур процессоров. [[hardware-virtualization]] === Поддержка виртуализации man:bhyve[8] и man:vmm[4] теперь поддерживают платформы arm64 и riscv. Порты `sysutils/u-boot-bhyve-arm64` и `sysutils/u-boot-bhyve-riscv` предоставляют загрузчики для использования на этих платформах. gitref:47e073941f4e[repository=src] gitref:d3916eace506[repository=src] {{< sponsored "Arm Ltd" >}} {{< sponsored "Innovate UK" >}} {{< sponsored "The FreeBSD Foundation" >}} {{< sponsored "University Politehnica of Bucharest" >}} man:bhyve[4] теперь поддерживает сетевой бэкенд «slirp», который обеспечивает непривилегированную пользовательскую сеть. В настоящее время поддерживаются только входящие подключения к гостевой системе, исходящие подключения от гостевой системы — нет. Для этой функции требуется порт `net/libslirp`. gitref:c5359e2af5ab[repository=src] {{< sponsored "Innovate UK" >}} man:bhyve[4] теперь может настраивать топологию NUMA для памяти гостевой системы. Кроме того, можно определить политику man:domainset[9] для каждого гостевого домена NUMA, в которой можно указать память хоста, используемую для поддержки физической памяти каждого гостевого домена NUMA, аналогично опции `-n` в man:cpuset[1]. Пока это поддерживается только для гостевых систем amd64. gitref:f1d705d4f431[repository=src] Сервер VNC в man:bhyve[8] теперь будет показывать правильные цвета при использовании клиента package:www/novnc[]. gitref:f9e09dc5b1d5[repository=src] При запуске гостевых систем man:bhyve[8] с загрузочным ПЗУ (т.е. когда bhyveload(8) не используется), bhyve теперь предполагает, что загрузочное ПЗУ включит декодирование PCI BAR. Это несовместимо с некоторыми загрузочными ПЗУ, особенно устаревшими сборками `edk2-bhyve`. Чтобы восстановить старое поведение, добавьте `pci.enable_bars='true'` в вашу конфигурацию bhyve. Примечание: пакет `uefi-edk2-bhyve` был переименован в `edk2-bhyve`. gitref:e962b37bf0ff[repository=src] {{< sponsored "Innovate UK" >}} Опции `lpc.bootrom` и `lpc.bootvars` для amd64 man:bhyve[8] устарели. Вместо них используйте опции верхнего уровня `bootrom` и `bootvars`. gitref:43caa2e805c2[repository=src] {{< sponsored "Innovate UK" >}} Теперь обнаруживается гипервизор NVMM. gitref:34f40baca641[repository=src] В Hyper-V очистка TLB теперь выполняется с использованием гипервызовов, а не IPI, что обеспечивает улучшение производительности TBL до 40%. gitref:7ece5993b787[repository=src] {{< sponsored "Microsoft" >}} [[linuxulator]] === Совместимость с Linux-бинарниками (Linuxulator) Флаг `AT_NO_AUTOMOUNT` теперь игнорируется для всех вариантов stat() в Linuxulator (поскольку поведение, задаваемое флагом, уже соответствует поведению FreeBSD), что улучшает совместимость с Linux-приложениями. gitref:99d3ce80ba07[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Системные вызовы man:inotify[2] для Linux теперь реализованы в Linuxulator. {{< sponsored "Klara, Inc." >}} [[multimedia]] == Мультимедиа Многочисленные улучшения звукового стека, включая поддержку горячей замены в man:mixer[8] и добавление man:mididump[1]. gitref:cf9d2fb18433[repository=src] {{< sponsored "The FreeBSD Foundation" >}} gitref:7224e9f2d4af[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Добавлена новая утилита man:sndctl[8], которая объединяет различные интерфейсы для просмотра и управления настройками аудиоустройств (sysctls, `/dev/sndstat`) в одной утилите с интерфейсом, управляемым элементами управления, аналогичным интерфейсу `mixer(8)`. gitref:44e5a0150835[repository=src], gitref:9a37f1024ceb[repository=src] {{< sponsored "The FreeBSD Foundation" >}} `virtual_oss` импортирован в базовую систему. Начиная с FreeBSD 15.0, порт `audio/virtual_oss` перестанет собираться. Что касается изменений для пользователей, единственное практическое отличие — это процесс установки. Всё предоставляется базовой системой, за исключением следующих опциональных компонентов, которые можно установить из портов: * Поддержка бэкенда sndio: `audio/virtual_oss_sndio` * Поддержка бэкенда bluetooth: `audio/virtual_oss_bluetooth` * `virtual_equalizer(8)`: `audio/virtual_oss_equalizer` Помимо этого, `virtual_oss` должен работать как ожидается. Пользователи `virtual_oss` могут удалить `audio/virtual_oss` и с этого момента использовать версию из базовой системы. gitref:5a31c623143f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[documentation]] == Документация В этом разделе рассматриваются изменения на страницах Справочника (man:man[1]) и другой документации, поставляемой в составе базовой системы. [[man-pages]] === Страницы Справочника Новое руководство man:freebsd-base[7] предоставляет подробности о структуре пакетов базовой системы и о том, как обновлять систему с их помощью. gitref:e1632b827b1a[repository=src] Руководства по файловым системам были перемещены в раздел четыре, Руководство по интерфейсам ядра. gitref:1687d77197c0[repository=src] Руководство man:builtin[1] было переписано, содержит оптимизированную информацию и новый раздел о сочетаниях клавиш, встроенных в интерфейс командной строки FreeBSD. gitref:42df4faf7004[repository=src] Новая страница руководства man:networking[7] предоставляет краткое руководство по подключению системы к сетям, включая Wi-Fi, и содержит ссылки на другие страницы руководств и справочник. gitref:39f92a4c4c49[repository=src] Руководство man:build[7] было пересмотрено, включив инструкции по сборке системы из исходного кода. gitref:275f61111f435[repository=src] В man:ccdconfig[8] теперь указаны ссылки на man:graid[8] и man:zfs[8] вместо man:gvinum[8]. gitref:55cb3a33d920[repository=src] Страница руководства man:ps[1] была переработана, чтобы объяснить общие принципы, и описания в ней были обновлены в соответствии с реальностью. Введение было переработано, чтобы дать полный обзор различных аспектов команды man:ps[1]. Описания нескольких опций и некоторых ключевых слов были исправлены в соответствии с их фактическим поведением и/или расширены. Разделы STANDARDS и BUGS были расширены. gitref:ddf144a04b53[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Страница руководства man:mac_do[4] была переработана в рамках добавления поддержки нескольких пользователей и групп в качестве целей для одного правила, что привело к изменению синтаксиса правил. В частности, были добавлены разделы JAIL SUPPORT и SECURITY CONSIDERATIONS. gitref:bc201841d139[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Существующее содержание страницы руководства man:mdo[1] было расширено в рамках документирования новой поддержки полного указания всех пользователей и групп в учетных данных цели. Теперь оно содержит более длинное введение и новый раздел SECURITY CONSIDERATIONS. gitref:20ebb6ec5ac0[repository=src] {{< sponsored "The FreeBSD Foundation" >}} {{< sponsored "Google LLC (GSoC 2025)" >}} Контроллеры коммутаторов Ethernet man:mtkswitch[4], man:ip17x[4], man:ar40xx[4] и man:e6000sw[4] получили начальные страницы руководств. gitref:37f00bc257d[repository=src], gitref:f750a114d2c[repository=src], gitref:91c975c3913[repository=src], gitref:6da793a8caa[repository=src] man:mount[8] получил пример повторного монтирования всех файловых систем в режиме чтения/записи в однопользовательском режиме. gitref:c3e06b23b417[repository=src] Описания на страницах руководств для модулей lua man:loader[8] были переформулированы для оптимизации результатов man:apropos[1]. gitref:5d59c1b4f14e[repository=src] Руководство по стилю для страниц руководств, man:style.mdoc[5], получило раздел для перечисления поддерживаемого оборудования. При таком перечислении поддерживаемое оборудование будет указано в link:https://www.freebsd.org/releases/{localRel}R/hardware[информации о поддерживаемом оборудовании]. В этом выпуске этот раздел был добавлен или переформулирован во многих руководствах. Проделана большая работа по добавлению man:sysctl[8] и переменных окружения в Справочник. Попробуйте искать их с помощью `apropos Va=here.is.the.sysctl` или `apropos Ev=here_is_the_environment_variable`. Руководство man:intro[1] по общим командам было пересмотрено, включив утверждение об установке дополнительных команд и список канонических каталогов команд. gitref:cc0af6d5a6c2[repository=src] Руководство man:intro[2] по системным вызовам было пересмотрено, включив ссылки и раздел HISTORY из OpenBSD. gitref:9a62cdc01327[repository=src], gitref:69ff2d754c1c[repository=src], gitref:6dfbe695c322[repository=src], gitref:de525c502a3a[repository=src], gitref:d846f33bb6d4[repository=src], gitref:4696ca7baf2f[repository=src], gitref:9e8df7900f52[repository=src], gitref:bcc57e971597[repository=src] Раздел man:intro[5] Справочника по форматам файлов был пересмотрен с включением улучшений из OpenBSD. gitref:8d65152cbfc8[repository=src], gitref:26ec37653662[repository=src], gitref:37508388d066[repository=src], gitref:a6175f28da70[repository=src] Индексное руководство по иерархии файловой системы, man:hier[7], было пересмотрено, включив множество перекрестных ссылок и более подробную информацию о `/usr/local`. [[ports]] == Коллекция портов и инфраструктура пакетов В этом разделе рассматриваются изменения в Коллекции портов FreeBSD, инфраструктуре пакетов, а также в инструментах обслуживания и установки пакетов. Новый репозиторий `FreeBSD-kmods` включен в конфигурационный файл man:pkg[8] по умолчанию `/etc/pkg/FreeBSD.conf`. Этот репозиторий содержит модули ядра, скомпилированные специально для {releaseCurrent}, а не для ветки {releaseBranch}. Установка модулей ядра из этого репозитория позволяет драйверам с нестабильными интерфейсами ядра, в частности графическим драйверам, работать даже тогда, когда основной репозиторий {releaseBranch} содержит пакеты, собранные на предыдущем выпуске. (gitref:a47542f71511[repository=src]). Репозитории `FreeBSD` и `FreeBSD-kmods`, определенные в `/etc/pkg/FreeBSD.conf`, были переименованы в `FreeBSD-ports` и `FreeBSD-ports-kmods` соответственно. Пользователям, которые переопределяют их в `/usr/local/etc/pkg/repos`, необходимо скорректировать свою конфигурацию в соответствии с новыми именами. [[Installer]] === Установщик Установщик FreeBSD, man:bsdinstall[8], теперь поддерживает загрузку и установку пакетов с прошивками после завершения установки базовой системы FreeBSD. gitref:03c07bdc8b31[repository=src] (Спонсировано The FreeBSD Foundation) [[ports-packages]] === Изменения в упаковке The bootonly ISO and mini-memstick image now include the package:net/wifi-firmware-iwlwifi-kmod[] and package:net/wifi-firmware-rtw88-kmod[] packages, making installations possible over a wireless connection (on systems supported by these firmware packages). gitref:655fcdde1aff[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Пакет package:net/wifi-firmware-kmod@release[] был добавлен в набор пакетов на DVD для предоставления необходимых прошивок для большего количества Wi-Fi драйверов. gitref:8c6df7ead19c[repository=src] (Спонсировано The FreeBSD Foundation) [[future-releases]] == Общие замечания относительно будущих выпусков FreeBSD // // The FreeBSD Russian Documentation Project // // Original EN revision (21.12.2025): dce95ff77e20458eddae4233e3247c39e4548362 //