aboutsummaryrefslogtreecommitdiff
path: root/RELNOTES
diff options
context:
space:
mode:
authorGlen Barber <gjb@FreeBSD.org>2021-01-22 00:10:07 +0000
committerGlen Barber <gjb@FreeBSD.org>2021-01-22 00:10:07 +0000
commita53ce3fc4938e37d5ec89304846203d2083c61a2 (patch)
treec1d8547a5f26114d4459eace0e703d5672435d70 /RELNOTES
parent679e4cdabdc5a93e5c0d7cdf3fc52202a8de02ef (diff)
downloadsrc-a53ce3fc4938e37d5ec89304846203d2083c61a2.tar.gz
src-a53ce3fc4938e37d5ec89304846203d2083c61a2.zip
Bump CURRENT to 14.0
This one goes to 14. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC ("Netgate")
Diffstat (limited to 'RELNOTES')
-rw-r--r--RELNOTES295
1 files changed, 1 insertions, 294 deletions
diff --git a/RELNOTES b/RELNOTES
index 136a6123ee72..a4f276592a73 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,4 +1,4 @@
-Release notes for FreeBSD 13.0.
+Release notes for FreeBSD 14.0.
This file describes new user-visible features, changes and updates relevant to
users of binary FreeBSD releases. Each entry should describe the change in no
@@ -10,296 +10,3 @@ newline. Entries should be separated by a newline.
Changes to this file should not be MFCed.
-074a91f746bd:
- The aesni(4) and armv8crypto(4) devices are now included in
- GENERIC on amd64, i386, and arm64.
-
-2e1c94aa1fd5:
- Add support for enforcing W^X mapping policy for user
- processes. The policy is not enforced by default but can be
- enabled by setting the kern.elf32.allow_wx and
- kern.elf64.allow_wx sysctls to 0. Individual binaries can be
- exempted from the policy by elfctl(1) via the wxneeded
- feature.
-
-4979620ece98:
- Add AES-XTS support to armv8crypto(4) providing accelerated
- software support for the default GELI cipher on arm64 systems.
-
-r368667:
- GDB 6.1.1 was removed. Users of crashinfo(8) should install the
- gdb package or devel/gdb port.
-
-r368559:
- The hme(4) driver was removed.
-
-r367660:
- Fixes the case where gssd will not startup because /usr is a separate
- local file system that is not yet mounted. It does not fix the case
- where /usr is a separately mounted remote file system (such as NFS).
- This latter case can be fixed by adding mountcritremote to the
- REQUIRED line. Unfortunately doing so implies that all Kerberized
- NFS mounts in /etc/fstab will need the "late" mount option.
- This was not done, since the requirement for "late" would introduce
- a POLA violation.
-
-r367423:
- This commit added a new startup scripts variable called
- nfsv4_server_only which uses the -R option on mountd added by r367026.
- When nfsv4_server_only is set to "YES" in /etc/rc.conf, the NFS server
- only handles NFSv4 and does not register with rpcbind. As such, rpcbind
- does not need to be running. Useful for sites which consider rpcbind a
- security issue.
-
-r366267:
- Kernel option ACPI_DMAR was renamed to IOMMU. amd64's IOMMU subsystem
- was split out from amd64 DMAR support and is now generic, i.e., it can
- be used by all architectures.
-
-r364896:
- A series of commits ending with r364896 added NFS over TLS
- to the kernel. This is believed to be compatible with
- the Internet Draft titled "Towards Remote Procedure Call Encryption
- By Default" (expected to soon become an RFC).
- The mount_nfs(8) and exports(5) man pages describe the mount and
- export option(s) related to NFS over TLS.
- For NFS over TLS to work, the rpctlscd(8) { client } or rpctlssd(8)
- { server } must be running on a kernel built with "options KERN_TLS"
- on an architecture where PMAP_HAS_DMAP != 0.
-
-r364725:
- Changes to one obscure devd event generated on resume need to
- be documented. The old form will still be generated in 13, but not
- in 14.
-
-r363679:
- Applications using regex(3), e.g. sed/grep, will no longer accept
- redundant escapes for most ordinary characters.
-
-r363253:
- SCTP support has been removed from GENERIC kernel configurations.
- The SCTP stack is now built as sctp.ko and can be dynamically loaded.
-
-r363233:
- Merge sendmail 8.16.1: See contrib/sendmail/RELEASE_NOTES for details.
-
-r363180:
- The safexcel(4) crypto offload driver has been added.
-
-r363084:
- nc(1) now implements SCTP mode, enabled by specifying the --sctp option.
-
-r362681:
- A new implementation of bc and dc has been imported. It offers
- better standards compliance, performance, localization and comes
- with extensive test cases that are optionally installed.
- Use WITHOUT_GH_BC=yes to build and install the world with the
- previous version instead of the new one, if required.
-
-r362158, r362163:
- struct export_args has changed so that the "user" specified for
- the -maproot and -mapall exports(5) options may be in more than
- 16 groups.
-
-r361884:
- sed(1) has learned about hex escapes (e.g. \x27) and will now do the
- right thing with them, removing the need for printf magic or obnoxious
- escaping in many scenarios.
-
-r361238, r361798, r361799:
- ZFS will now unconditionally reject read(2) of a directory with EISDIR.
- Additionally, read(2) of a directory is now rejected with EISDIR by
- default and may be re-enabled for non-ZFS filesystems that allow it with
- the sysctl(8) MIB 'security.bsd.allow_read_dir'.
-
- Aliases for grep to default to '-d skip' may be desired if commonly
- non-recursively grepping a list that includes directories and the
- possibility of EISDIR errors in stderr is not tolerable. Example
- aliases, commented out, have been installed in /root/.cshrc and
- /root/.shrc.
-
-r361066:
- Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5).
- exec.prepare runs before mounts, so can be used to populate new jails.
- exec.release runs after unmounts, so can be used to remove ephemeral
- jails.
-
-r360920,r360923,r360924,r360927,r360928,r360931,r360933,r360936:
- Remove support for ARC4, Blowfish, Cast, DES, Triple DES, MD5,
- MD5-KPDK, MD5-HMAC, SHA1-KPDK, and Skipjack algorithms from
- the kernel open cryptographic framework (OCF).
-
-r360562:
- Remove support for ARC4, Blowfish, Cast, DES, Triple DES,
- MD5-HMAC, and Skipjack algorithms from /dev/crypto.
-
-r360557:
- Remove support for DES, Triple DES, Blowfish, Cast, and
- Camellia ciphers from IPsec(4). Remove support for MD5-HMAC,
- Keyed MD5, Keyed SHA1, and RIPEMD160-HMAC from IPsec(4).
-
-r359945:
- Remove support for Triple DES, Blowfish, and MD5 HMAC from
- geli(4).
-
-r359786-r359787:
- Remove support for DES, Triple DES, and RC4 from in-kernel GSS
- authentication.
-
-r357627:
- remove elf2aout.
-
-r357560-r357565:
- init(8), service(8), and cron(8) will now adopt user/class environment
- variables (excluding PATH, by default, which will be overwritten) by
- default. Notably, environment variables for all cron jobs and rc
- services can now be set via login.conf(5).
-
-r357455:
- sparc64 has been removed from FreeBSD.
-
-r355677:
- Adds support for NFSv4.2 (RFC-7862) and Extended Attributes
- (RFC-8276) to the NFS client and server.
- NFSv4.2 is comprised of several optional features that can be supported
- in addition to NFSv4.1. This patch adds the following optional features:
- - posix_fadvise(POSIX_FADV_WILLNEED/POSIX_FADV_DONTNEED)
- - posix_fallocate()
- - intra server file range copying via the copy_file_range(2) syscall
- --> Avoiding data tranfer over the wire to/from the NFS client.
- - lseek(SEEK_DATA/SEEK_HOLE)
- - Extended attribute syscalls for "user" namespace attributes as defined
- by RFC-8276.
-
- For the client, NFSv4.2 is only used if the mount command line option
- minorversion=2 is specified.
- For the server, two new sysctls called vfs.nfsd.server_min_minorversion4
- and vfs.nfsd.server_max_minorversion4 have been added that allow
- sysadmins to limit the minor versions of NFSv4 supported by the nfsd
- server.
- Setting vfs.nfsd.server_max_minorversion4 to 0 or 1 will disable NFSv4.2
- on the server.
-
-r356263:
- armv5 support has been removed from FreeBSD.
-
-r354517:
- iwm(4) now supports most Intel 9260, 9460 and 9560 Wi-Fi devices.
-
-r354269:
- sqlite3 is updated to sqlite3-3.30.1.
-
-r352668:
- cron(8) now supports the -n (suppress mail on succesful run) and -q
- (suppress logging of command execution) options in the crontab format.
- See the crontab(5) manpage for details.
-
-r352304:
- ntpd is no longer by default locked in memory. rlimit memlock 32
- or rlimit memlock 0 can be used to restore this behaviour.
-
-r351863:
- rc.subr(8) now honors ${name}_env in all rc(8) scripts. Previously,
- environment variables set by a user via ${name}_env were ignored
- if the service defined a custom *_cmd variable to control the behavior
- of the run_rc_command function, e.g., start_cmd, instead of relying on
- the variables like command and command_args,
-
-r351770,r352920,r352922,r352923:
- dd(1) now supports conv=fsync, conv=fdatasync, oflag=fsync, oflag=sync,
- and iflag=fullblock flags, compatible with illumos and GNU.
-
-r351522:
- Add kernel-side support for in-kernel Transport Layer Security
- (KTLS). KTLS permits using sendfile(2) over sockets using
- TLS.
-
-r351397:
- WPA is updated from 2.8 to 2.9.
-
-r351361:
- Add probes for lockmgr(9) to the lockstat DTrace provider, add
- corresponding lockstat(1) events, and document the new probes in
- dtrace_lockstat.4.
-
-r351356:
- Intel RST is a new 'feature' that remaps NVMe devices from
- their normal location to part of the AHCI bar space. This
- will eliminate the need to set the BIOS SATA setting from RST
- to AHCI causing the nvme drive to be erased before FreeBSD
- will see the nvme drive. FreeBSD will now be able to see the
- nvme drive now in the default config.
-
-r351201, r351372:
- Add a vop_stdioctl() call, so that file systems that do not support
- holes will have a trivial implementation of lseek(SEEK_DATA/SEEK_HOLE).
- The algorithm appears to be compatible with the POSIX draft and
- the implementation in Linux for the case of a file system that
- does not support holes. Prior to this patch, lseek(2) would reply
- -1 with errno set to ENOTTY for SEEK_DATA/SEEK_HOLE on files in
- file systems that do not support holes.
- r351372 maps ENOTTY to EINVAL for lseek(SEEK_DATA/SEEK_HOLE) for
- any other cases, such as a ENOTTY return from vn_bmap_seekhole().
-
-r350665:
- The fuse driver has been renamed to fusefs(5) and been substantially
- rewritten. The new driver includes many bug fixes and performance
- enhancements, as well as the following user-visible features:
- * Optional kernel-side permissions checks (-o default_permissions)
- * mknod(2), socket(2), and pipe(2) support
- * server side locking with fcntl(2)
- * FUSE operations are now interruptible when mounted with -o intr
- * server side handling of UTIME_NOW during utimensat(2)
- * mount options may be updated with "mount -u"
- * fusefs file system may now be exported over NFS
- * RLIMIT_FSIZE support
- * support for fuse file systems using protocols as old as 7.4
-
- FUSE file system developers should also take note of the following new
- features:
- * The protocol level has been raised from 7.8 to 7.23
- * kqueue support on /dev/fuse
- * server-initiated cache invalidation via FUSE_NOTIFY_REPLY
-
-r350471:
- gnop(8) can now configure a delay to be applied to read and write
- request delays. See the -d, -q and -x parameters.
-
-r350315, r350316:
- Adds a Linux compatible copy_file_range(2) syscall.
-
-r350307:
- libcap_random(3) has been removed. Applications can use native
- APIs to get random data in capability mode.
-
-r349529,r349530:
- Add support for using unmapped mbufs with sendfile(2).
-
-r349352:
- nand(4) and related components have been removed.
-
-r349349:
- The UEFI loader now supports HTTP boot.
-
-r349335:
- bhyve(8) now implements a High Definition Audio (HDA) driver, allowing
- guests to play to and record audio data from the host.
-
-r349286:
- swapon(8) can now erase a swap device immediately before enabling it,
- similar to newfs(8)'s -E option. This behaviour can be specified by
- adding -E to swapon(8)'s command-line parameters, or by adding the
- "trimonce" option to a swap device's /etc/fstab entry.
-
-r347908-r347923:
- The following network drivers have been removed: bm(4), cs(4), de(4),
- ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4),
- vx(4), wb(4), xe(4).
-
-r347532:
- Wired page accounting has been split into kernel wirings and user
- wirings (e.g., by mlock(2)). Kernel wirings no long count towards
- the global limit, which is renamed to vm.max_user_wired. bhyve -S
- allocates user-wired memory and is now subject to that limit.
-
-$FreeBSD$