diff options
Diffstat (limited to 'RELNOTES')
| -rw-r--r-- | RELNOTES | 434 |
1 files changed, 338 insertions, 96 deletions
@@ -1,4 +1,4 @@ -Release notes for FreeBSD 14.0. +Release notes for FreeBSD 15.0. This file describes new user-visible features, changes and updates relevant to users of binary FreeBSD releases. Each entry should describe the change in no @@ -10,98 +10,340 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. -da5b7e90e740,5a8fceb3bd9f,7b0a665d72c0,13ec1e3155c7,318d0db5fe8a,1ae2c59bcf21: - Boottrace is a new kernel-userspace interface for capturing trace - events during system boot and shutdown. Event annotations are - present in: - - - The boot and shutdown paths in the kernel - - Some key system utilities (init(8), shutdown(8), reboot(8)) - - rc(8) scripts (via boottrace(8)) - - In contrast to other existing boot-time tracing facilities like TSLOG, - Boottrace focuses on the ease of use and is aimed primarily at system - administrators. - - It is available in the default GENERIC kernel and can be enabled by - toggling a single sysctl(8) variable. - - See boottrace(4) for more details. - -05a1d0f5d7ac: - Kernel TLS offload now supports receive-side offload of TLS 1.3. - -19dc64451179: - if_stf now supports 6rd (RFC5969). - -c1d255d3ffdb, 3968b47cd974, bd452dcbede6: - Add WiFi 6 support to wpa. - -ba48d52ca6c8,4ac3d08a9693,2533eca1c2b9: - The default bell tone is now 800Hz. It may be set with kbdcontrol - again. There's devd integration for people wishing to use their sound - cards for the beep. - -92b3e07229ba: - net.inet.tcp.nolocaltimewait enabled by default. It prevents - creation of timewait entries for TCP connections that were - terminated locally. - -d410b585b6f0: - sh(1) is now the default shell for the root user. - -396851c20aeb: - libncursesw has been split into libtinfow and libncursesw, linker - scripts should make it transparent for consumers. pkg-config files - are also now installed to ease ports detecting the ncurses setup from - base. - -a422084abbda: - LLVM's MemorySanitizer can now be used in amd64 kernels. See the - kmsan(9) manual page for more information. - -38da497a4dfc: - LLVM's AddressSanitizer can now be used in amd64 kernels. See the - kasan(9) manual page for more information. - -f39dd6a97844,23f24377b1a9,628bd30ab5a4: - One True Awk has been updated to the latest from upstream - (20210727). All the FreeBSD patches, but one, have now been - either up streamed or discarded. Notable changes include: - o Locale is no longer used for ranges - o Various bugs fixed - o Better compatibility with gawk and mawk - - The one FreeBSD change, likely to be removed in FreeBSD 14, is that - we still allow hex numbers, prefixed with 0x, to be parsed and - interpreted as hex numbers while all other awks (including one - true awk now) interpret them as 0 in line with awk's historic - behavior. - - A second change, less likely to be noticed, is the historic wart - if -Ft meaning to use hard tab characters as the field separator - is deprecated and will likely be removed in FreeBSD 14. - -ee29e6f31111: - Commit ee29e6f31111 added a new sysctl called vfs.nfsd.srvmaxio - that can be used to increase the maximum I/O size for the NFS - server to any power of 2 up to 1Mbyte while the nfsd(8) is not running. - The FreeBSD NFS client can now be set to use a 1Mbyte I/O size - via the vfs.maxbcachebuf tunable and the Linux NFS client - can also do 1Mbyte I/O. - kern.ipc.maxsockbuf will need to be increased. A console - message will suggest a setting for it. - -d575e81fbcfa: - gconcat(8) has added support for appending devices to the device - not present at creation time. - -76681661be28: - Remove support for asymmetric cryptographic operations from - the kernel open cryptographic framework (OCF). - -a145cf3f73c7: - The NFSv4 client now uses the highest minor version of NFSv4 - supported by the NFSv4 server by default instead of minor version 0, - for NFSv4 mounts. - The "minorversion" mount option may be used to override this default. +1349a733cf28: + Add a driver supporting a new storage controller interface, + Universal Flash Storage Host Controller Interface, supporting + version 4.1 and earlier, via ufshci(4). + +f1f230439fa4: + FreeBSD now implements the inotify(2) family of system calls. + +50e733f19b37, 171f66b0c2ca: + These commits helped improve utilization of NFSv4.1/4.2 + delegations. The changes are only used when the NFSv4 + mount uses the "nocto" mount option and requires an + up-to-date NFSv4.1/4.2 server with delegations enabled. + For example: For a FreeBSD kernel build with both src + and obj NFSv4 mounted, the total RPC count dropped from + 5461286 to 945643, with a 20% drop in elapsed time. + +cd240957d7ba + Making a connection to INADDR_ANY (i.e., using INADDR_ANY as an alias + for localhost) is now disabled by default. This functionality can be + re-enabled by setting the net.inet.ip.connect_inaddr_wild sysctl to 1. + +b61850c4e6f6 + The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0, + meaning that interfaces added to a bridge may not have IP addresses + assigned. Refer to bridge(4) for more information. + +44e5a0150835, 9a37f1024ceb: + A new utility sndctl(8) has been added to concentrate the various + interfaces for viewing and manipulating audio device settings (sysctls, + /dev/sndstat), into a single utility with a similar control-driven + interface to that of mixer(8). + +93a94ce731a8: + ps(1)'s options '-a' and '-A', when combined with any other one + affecting the selection of processes except for '-X' and '-x', would + have no effect, in contradiction with the rule that one process is + listed as soon as any of the specified options selects it (inclusive + OR), which is both mandated by POSIX and arguably a natural expectation. + This bug has been fixed. + + As a practical consequence, specifying '-a'/'-A' now causes all + processes to be listed regardless of other selection options (except for + '-X' and '-x', which still apply). In particular, to list only + processes from specific jails, one must not use '-a' with '-J'. Option + '-J', contrary to its apparent initial intent, never worked as a filter + in practice (except by accident with '-a' due to the bug), but instead + as any other selection options (e.g., '-U', '-p', '-G', etc.) subject to + the "inclusive OR" rule. + +995b690d1398: + ps(1)'s '-U' option has been changed to select processes by their real + user IDs instead of their effective one, in accordance with POSIX and + the use case of wanting to list processes launched by some user, which + is expected to be more frequent than listing processes having the rights + of some user. This only affects the selection of processes whose real + and effective user IDs differ. After this change, ps(1)'s '-U' flag + behaves differently then in other BSDs but identically to that of + Linux's procps and illumos. + +1aabbb25c9f9: + ps(1)'s default list of processes now comes from matching its effective + user ID instead of its real user ID with the effective user ID of all + processes, in accordance with POSIX. As ps(1) itself is not installed + setuid, this only affects processes having different real and effective + user IDs that launch ps(1) processes. + +f0600c41e754-de701f9bdbe0, bc201841d139: + mac_do(4) is now considered production-ready and its functionality has + been considerably extended at the price of breaking credentials + transition rules' backwards compatibility. All that could be specified + with old rules can also be with new rules. Migrating old rules is just + a matter of adding "uid=" in front of the target part, substituting + commas (",") with semi-colons (";") and colons (":") with greater-than + signs (">"). Please consult the mac_do(4) manual page for the new rules + grammar. + +02d4eeabfd73: + hw.snd.maxautovchans has been retired. The commit introduced a + hw.snd.vchans_enable sysctl, which along with + dev.pcm.X.{play|rec}.vchans, from now on work as tunables to only + enable/disable vchans, as opposed to setting their number and/or + (de-)allocating vchans. Since these sysctls do not trigger any + (de-)allocations anymore, their effect is instantaneous, whereas before + we could have frozen the machine (when trying to allocate new vchans) + when setting dev.pcm.X.{play|rec}.vchans to a very large value. + +7e7f88001d7d: + The definition of pf's struct pfr_tstats and struct pfr_astats has + changed, breaking ABI compatibility for 32-bit powerpc (including + powerpcspe) and armv7. Users of these platforms should ensure kernel + and userspace are updated together. + +5dc99e9bb985, 08e638c089a, 4009a98fe80: + The net.inet.{tcp,udp,raw}.bind_all_fibs tunables have been added. + They modify socket behavior such that packets not originating from the + same FIB as the socket are ignored. TCP and UDP sockets belonging to + different FIBs may also be bound to the same address. The default + behavior is unmodified. + +f87bb5967670, e51036fbf3f8: + Support for vinum volumes has been removed. + +8ae6247aa966, cf0ede720391d, 205659c43d87bd, 1ccbdf561f417, 4db1b113b151: + The layout of NFS file handles for the tarfs, tmpfs, cd9660, and ext2fs + file systems has changed. An NFS server that exports any of these file + systems will need its clients to unmount and remount the exports. + +1111a44301da: + Defer the January 19, 2038 date limit in UFS1 filesystems to + February 7, 2106. This affects only UFS1 format filesystems. + See the commit message for details. + +07cd69e272da: + Add a new -a command line option to mountd(8). + If this command line option is specified, when + a line in exports(5) has the -alldirs export option, + the directory must be a server file system mount point. + +0e8a36a2ab12: + Add a new NFS mount option called "mountport" that may be used + to specify the port# for the NFS server's Mount protocol. + This permits a NFSv3 mount to be done without running rpcbind(8). + +b2f7c53430c3: + Kernel TLS is now enabled by default in kernels including KTLS + support. KTLS is included in GENERIC kernels for aarch64, + amd64, powerpc64, and powerpc64le. + +f57efe95cc25: + New mididump(1) utility which dumps MIDI 1.0 events in real time. + +ddfc6f84f242: + Update unicode to 16.0.0 and CLDR to 45.0.0. + +b22be3bbb2de: + Basic Cloudinit images no longer generate RSA host keys by default for + SSH. + +000000000000: + RSA host keys for SSH are deprecated and will no longer be generated + by default in FreeBSD 16. + +0aabcd75dbc2: + EC2 AMIs no longer generate RSA host keys by default for SSH. RSA + host key generation can be re-enabled by setting sshd_rsa_enable="YES" + in /etc/rc.conf if it is necessary to support very old SSH clients. + +a1da7dc1cdad: + The SO_SPLICE socket option was added. It allows TCP connections to + be spliced together, enabling proxy-like functionality without the + need to copy data in and out of user memory. + +fc12c191c087: + grep(1) no longer follows symbolic links by default for + recursive searches. This matches the documented behavior in + the manual page. + +e962b37bf0ff: + When running bhyve(8) guests with a boot ROM, i.e., bhyveload(8) is not + used, bhyve now assumes that the boot ROM will enable PCI BAR decoding. + This is incompatible with some boot ROMs, particularly outdated builds + of edk2-bhyve. To restore the old behavior, add + "pci.enable_bars='true'" to your bhyve configuration. + + Note in particular that the uefi-edk2-bhyve package has been renamed + to edk2-bhyve. + +43caa2e805c2: + amd64 bhyve(8)'s "lpc.bootrom" and "lpc.bootvars" options are + deprecated. Use the top-level "bootrom" and "bootvars" options + instead. + +822ca3276345: + byacc was updated to 20240109. + +21817992b331: + ncurses was updated to 6.5. + +1687d77197c0: + Filesystem manual pages have been moved to section four. + Please check ports you are maintaining for crossreferences. + +8aac90f18aef: + new MAC/do policy and mdo(1) utility which enables a user to + become another user without the requirement of setuid root. + +7398d1ece5cf: + hw.snd.version is removed. + +a15f7c96a276,a8089ea5aee5: + NVMe over Fabrics controller. The nvmft(4) kernel module adds + a new frontend to the CAM target layer which exports ctl(4) + LUNs as NVMe namespaces to remote hosts. The nvmfd(8) daemon + is responsible for accepting incoming connection requests and + handing off connected queue pairs to nvmft(4). + +a1eda74167b5,1058c12197ab: + NVMe over Fabrics host. New commands added to nvmecontrol(8) + to establish connections to remote controllers. Once + connections are established they are handed off to the nvmf(4) + kernel module which creates nvmeX devices and exports remote + namespaces as nda(4) disks. + +25723d66369f: + As a side-effect of retiring the unit.* code in sound(4), the + hw.snd.maxunit loader(8) tunable is also retired. + +eeb04a736cb9: + date(1) now supports nanoseconds. For example: + `date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and + `date +%N` prints "415050400". + +6d5ce2bb6344: + The default value of the nfs_reserved_port_only rc.conf(5) setting has + changed. The FreeBSD NFS server now requires the source port of + requests to be in the privileged port range (i.e., <= 1023), which + generally requires the client to have elevated privileges on their local + system. The previous behavior can be restored by setting + nfs_reserved_port_only=NO in rc.conf. + +aea973501b19: + ktrace(2) will now record detailed information about capability mode + violations. The kdump(1) utility has been updated to display such + information. + +f32a6403d346: + One True Awk updated to 2nd Edition. See https://awk.dev for details + on the additions. Unicode and CSVs (Comma Separated Values) are now + supported. + +fe86d923f83f: + usbconfig(8) now reads the descriptions of the usb vendor and products + from usb.ids when available, similarly to what pciconf(8) does. + +4347ef60501f: + The powerd(8) utility is now enabled in /etc/rc.conf by default on + images for the arm64 Raspberry Pi's (arm64-aarch64-RPI img files). + This prevents the CPU clock from running slow all the time. + +0b49e504a32d: + rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset + to allow unmaintained jail managers like ezjail to make use of this + feature (simply rename jail_${jailname}_zfs_datasets in the ezjail + config to jail_${jailname}_zfs_dataset. + +e0dfe185cbca: + jail(8) now support zfs.dataset to add a list of ZFS datasets to a + jail. + +61174ad88e33: + newsyslog(8) now supports specifying a global compression method directly + at the beginning of the newsyslog.conf file, which will make newsyslog(8) + to behave like the corresponding option was passed to the newly added + '-c' option. For example: + + <compress> none + +906748d208d3: + newsyslog(8) now accepts a new option, '-c' which overrides all historical + compression flags by treating their meaning as "treat the file as compressible" + rather than "compress the file with that specific method." + + The following choices are available: + * none: Do not compress, regardless of flag. + * legacy: Historical behavior (J=bzip2, X=xz, Y=zstd, Z=gzip). + * bzip2, xz, zstd, gzip: apply the specified compression method. + + We plan to change the default to 'none' in FreeBSD 15.0. + +1a878807006c: + This commit added some statistics collection to the NFS-over-TLS + code in the NFS server so that sysadmins can moditor usage. + The statistics are available via the kern.rpc.tls.* sysctls. + +7c5146da1286: + Mountd has been modified to use strunvis(3) to decode directory + names in exports(5) file(s). This allows special characters, + such as blanks, to be embedded in the directory name(s). + "vis -M" may be used to encode such directory name(s). + +c5359e2af5ab: + bhyve(8) has a new network backend, "slirp", which makes use of the + libslirp package to provide a userspace network stack. This backend + makes it possible to access the guest network from the host without + requiring any extra network configuration on the host. + +bb830e346bd5: + Set the IUTF8 flag by default in tty(4). + + 128f63cedc14 and 9e589b093857 added proper UTF-8 backspacing handling + in the tty(4) driver, which is enabled by setting the new IUTF8 flag + through stty(1). Since the default locale is UTF-8, enable IUTF8 by + default. + +ff01d71e48d4: + dialog(1) has been replaced by bsddialog(1) + +41582f28ddf7: + FreeBSD 15.0 will not include support for 32-bit platforms. + However, 64-bit systems will still be able to run older 32-bit + binaries. + + Support for executing 32-bit binaries on 64-bit platforms via + COMPAT_FREEBSD32 will remain supported for at least the + stable/15 and stable/16 branches. + + Support for compiling individual 32-bit applications via + `cc -m32` will also be supported for at least the stable/15 + branch which includes suitable headers in /usr/include and + libraries in /usr/lib32. + + Support for 32-bit platforms in ports for 15.0 and later + releases is also deprecated, and these future releases may not + include binary packages for 32-bit platforms or support for + building 32-bit applications from ports. + + stable/14 and earlier branches will retain existing 32-bit + kernel and world support. Ports will retain existing support + for building ports and packages for 32-bit systems on stable/14 + and earlier branches as long as those branches are supported + by the ports system. However, all 32-bit platforms are Tier-2 + or Tier-3 and support for individual ports should be expected + to degrade as upstreams deprecate 32-bit platforms. + + With the current support schedule, stable/14 will be EOLed 5 + years after the release of 14.0. The EOL of stable/14 would + mark the end of support for 32-bit platforms including source + releases, pre-built packages, and support for building + applications from ports. Given an estimated release date of + October 2023 for 14.0, support for 32-bit platforms would end + in October 2028. + + The project may choose to alter this approach when 15.0 is + released by extending some level of 32-bit support for one or + more platforms in 15.0 or later. Users should use the + stable/14 branch to migrate off of 32-bit platforms. |