diff options
Diffstat (limited to 'RELNOTES')
| -rw-r--r-- | RELNOTES | 295 |
1 files changed, 1 insertions, 294 deletions
@@ -1,4 +1,4 @@ -Release notes for FreeBSD 13.0. +Release notes for FreeBSD 14.0. This file describes new user-visible features, changes and updates relevant to users of binary FreeBSD releases. Each entry should describe the change in no @@ -10,296 +10,3 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. -074a91f746bd: - The aesni(4) and armv8crypto(4) devices are now included in - GENERIC on amd64, i386, and arm64. - -2e1c94aa1fd5: - Add support for enforcing W^X mapping policy for user - processes. The policy is not enforced by default but can be - enabled by setting the kern.elf32.allow_wx and - kern.elf64.allow_wx sysctls to 0. Individual binaries can be - exempted from the policy by elfctl(1) via the wxneeded - feature. - -4979620ece98: - Add AES-XTS support to armv8crypto(4) providing accelerated - software support for the default GELI cipher on arm64 systems. - -r368667: - GDB 6.1.1 was removed. Users of crashinfo(8) should install the - gdb package or devel/gdb port. - -r368559: - The hme(4) driver was removed. - -r367660: - Fixes the case where gssd will not startup because /usr is a separate - local file system that is not yet mounted. It does not fix the case - where /usr is a separately mounted remote file system (such as NFS). - This latter case can be fixed by adding mountcritremote to the - REQUIRED line. Unfortunately doing so implies that all Kerberized - NFS mounts in /etc/fstab will need the "late" mount option. - This was not done, since the requirement for "late" would introduce - a POLA violation. - -r367423: - This commit added a new startup scripts variable called - nfsv4_server_only which uses the -R option on mountd added by r367026. - When nfsv4_server_only is set to "YES" in /etc/rc.conf, the NFS server - only handles NFSv4 and does not register with rpcbind. As such, rpcbind - does not need to be running. Useful for sites which consider rpcbind a - security issue. - -r366267: - Kernel option ACPI_DMAR was renamed to IOMMU. amd64's IOMMU subsystem - was split out from amd64 DMAR support and is now generic, i.e., it can - be used by all architectures. - -r364896: - A series of commits ending with r364896 added NFS over TLS - to the kernel. This is believed to be compatible with - the Internet Draft titled "Towards Remote Procedure Call Encryption - By Default" (expected to soon become an RFC). - The mount_nfs(8) and exports(5) man pages describe the mount and - export option(s) related to NFS over TLS. - For NFS over TLS to work, the rpctlscd(8) { client } or rpctlssd(8) - { server } must be running on a kernel built with "options KERN_TLS" - on an architecture where PMAP_HAS_DMAP != 0. - -r364725: - Changes to one obscure devd event generated on resume need to - be documented. The old form will still be generated in 13, but not - in 14. - -r363679: - Applications using regex(3), e.g. sed/grep, will no longer accept - redundant escapes for most ordinary characters. - -r363253: - SCTP support has been removed from GENERIC kernel configurations. - The SCTP stack is now built as sctp.ko and can be dynamically loaded. - -r363233: - Merge sendmail 8.16.1: See contrib/sendmail/RELEASE_NOTES for details. - -r363180: - The safexcel(4) crypto offload driver has been added. - -r363084: - nc(1) now implements SCTP mode, enabled by specifying the --sctp option. - -r362681: - A new implementation of bc and dc has been imported. It offers - better standards compliance, performance, localization and comes - with extensive test cases that are optionally installed. - Use WITHOUT_GH_BC=yes to build and install the world with the - previous version instead of the new one, if required. - -r362158, r362163: - struct export_args has changed so that the "user" specified for - the -maproot and -mapall exports(5) options may be in more than - 16 groups. - -r361884: - sed(1) has learned about hex escapes (e.g. \x27) and will now do the - right thing with them, removing the need for printf magic or obnoxious - escaping in many scenarios. - -r361238, r361798, r361799: - ZFS will now unconditionally reject read(2) of a directory with EISDIR. - Additionally, read(2) of a directory is now rejected with EISDIR by - default and may be re-enabled for non-ZFS filesystems that allow it with - the sysctl(8) MIB 'security.bsd.allow_read_dir'. - - Aliases for grep to default to '-d skip' may be desired if commonly - non-recursively grepping a list that includes directories and the - possibility of EISDIR errors in stderr is not tolerable. Example - aliases, commented out, have been installed in /root/.cshrc and - /root/.shrc. - -r361066: - Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5). - exec.prepare runs before mounts, so can be used to populate new jails. - exec.release runs after unmounts, so can be used to remove ephemeral - jails. - -r360920,r360923,r360924,r360927,r360928,r360931,r360933,r360936: - Remove support for ARC4, Blowfish, Cast, DES, Triple DES, MD5, - MD5-KPDK, MD5-HMAC, SHA1-KPDK, and Skipjack algorithms from - the kernel open cryptographic framework (OCF). - -r360562: - Remove support for ARC4, Blowfish, Cast, DES, Triple DES, - MD5-HMAC, and Skipjack algorithms from /dev/crypto. - -r360557: - Remove support for DES, Triple DES, Blowfish, Cast, and - Camellia ciphers from IPsec(4). Remove support for MD5-HMAC, - Keyed MD5, Keyed SHA1, and RIPEMD160-HMAC from IPsec(4). - -r359945: - Remove support for Triple DES, Blowfish, and MD5 HMAC from - geli(4). - -r359786-r359787: - Remove support for DES, Triple DES, and RC4 from in-kernel GSS - authentication. - -r357627: - remove elf2aout. - -r357560-r357565: - init(8), service(8), and cron(8) will now adopt user/class environment - variables (excluding PATH, by default, which will be overwritten) by - default. Notably, environment variables for all cron jobs and rc - services can now be set via login.conf(5). - -r357455: - sparc64 has been removed from FreeBSD. - -r355677: - Adds support for NFSv4.2 (RFC-7862) and Extended Attributes - (RFC-8276) to the NFS client and server. - NFSv4.2 is comprised of several optional features that can be supported - in addition to NFSv4.1. This patch adds the following optional features: - - posix_fadvise(POSIX_FADV_WILLNEED/POSIX_FADV_DONTNEED) - - posix_fallocate() - - intra server file range copying via the copy_file_range(2) syscall - --> Avoiding data tranfer over the wire to/from the NFS client. - - lseek(SEEK_DATA/SEEK_HOLE) - - Extended attribute syscalls for "user" namespace attributes as defined - by RFC-8276. - - For the client, NFSv4.2 is only used if the mount command line option - minorversion=2 is specified. - For the server, two new sysctls called vfs.nfsd.server_min_minorversion4 - and vfs.nfsd.server_max_minorversion4 have been added that allow - sysadmins to limit the minor versions of NFSv4 supported by the nfsd - server. - Setting vfs.nfsd.server_max_minorversion4 to 0 or 1 will disable NFSv4.2 - on the server. - -r356263: - armv5 support has been removed from FreeBSD. - -r354517: - iwm(4) now supports most Intel 9260, 9460 and 9560 Wi-Fi devices. - -r354269: - sqlite3 is updated to sqlite3-3.30.1. - -r352668: - cron(8) now supports the -n (suppress mail on succesful run) and -q - (suppress logging of command execution) options in the crontab format. - See the crontab(5) manpage for details. - -r352304: - ntpd is no longer by default locked in memory. rlimit memlock 32 - or rlimit memlock 0 can be used to restore this behaviour. - -r351863: - rc.subr(8) now honors ${name}_env in all rc(8) scripts. Previously, - environment variables set by a user via ${name}_env were ignored - if the service defined a custom *_cmd variable to control the behavior - of the run_rc_command function, e.g., start_cmd, instead of relying on - the variables like command and command_args, - -r351770,r352920,r352922,r352923: - dd(1) now supports conv=fsync, conv=fdatasync, oflag=fsync, oflag=sync, - and iflag=fullblock flags, compatible with illumos and GNU. - -r351522: - Add kernel-side support for in-kernel Transport Layer Security - (KTLS). KTLS permits using sendfile(2) over sockets using - TLS. - -r351397: - WPA is updated from 2.8 to 2.9. - -r351361: - Add probes for lockmgr(9) to the lockstat DTrace provider, add - corresponding lockstat(1) events, and document the new probes in - dtrace_lockstat.4. - -r351356: - Intel RST is a new 'feature' that remaps NVMe devices from - their normal location to part of the AHCI bar space. This - will eliminate the need to set the BIOS SATA setting from RST - to AHCI causing the nvme drive to be erased before FreeBSD - will see the nvme drive. FreeBSD will now be able to see the - nvme drive now in the default config. - -r351201, r351372: - Add a vop_stdioctl() call, so that file systems that do not support - holes will have a trivial implementation of lseek(SEEK_DATA/SEEK_HOLE). - The algorithm appears to be compatible with the POSIX draft and - the implementation in Linux for the case of a file system that - does not support holes. Prior to this patch, lseek(2) would reply - -1 with errno set to ENOTTY for SEEK_DATA/SEEK_HOLE on files in - file systems that do not support holes. - r351372 maps ENOTTY to EINVAL for lseek(SEEK_DATA/SEEK_HOLE) for - any other cases, such as a ENOTTY return from vn_bmap_seekhole(). - -r350665: - The fuse driver has been renamed to fusefs(5) and been substantially - rewritten. The new driver includes many bug fixes and performance - enhancements, as well as the following user-visible features: - * Optional kernel-side permissions checks (-o default_permissions) - * mknod(2), socket(2), and pipe(2) support - * server side locking with fcntl(2) - * FUSE operations are now interruptible when mounted with -o intr - * server side handling of UTIME_NOW during utimensat(2) - * mount options may be updated with "mount -u" - * fusefs file system may now be exported over NFS - * RLIMIT_FSIZE support - * support for fuse file systems using protocols as old as 7.4 - - FUSE file system developers should also take note of the following new - features: - * The protocol level has been raised from 7.8 to 7.23 - * kqueue support on /dev/fuse - * server-initiated cache invalidation via FUSE_NOTIFY_REPLY - -r350471: - gnop(8) can now configure a delay to be applied to read and write - request delays. See the -d, -q and -x parameters. - -r350315, r350316: - Adds a Linux compatible copy_file_range(2) syscall. - -r350307: - libcap_random(3) has been removed. Applications can use native - APIs to get random data in capability mode. - -r349529,r349530: - Add support for using unmapped mbufs with sendfile(2). - -r349352: - nand(4) and related components have been removed. - -r349349: - The UEFI loader now supports HTTP boot. - -r349335: - bhyve(8) now implements a High Definition Audio (HDA) driver, allowing - guests to play to and record audio data from the host. - -r349286: - swapon(8) can now erase a swap device immediately before enabling it, - similar to newfs(8)'s -E option. This behaviour can be specified by - adding -E to swapon(8)'s command-line parameters, or by adding the - "trimonce" option to a swap device's /etc/fstab entry. - -r347908-r347923: - The following network drivers have been removed: bm(4), cs(4), de(4), - ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), - vx(4), wb(4), xe(4). - -r347532: - Wired page accounting has been split into kernel wirings and user - wirings (e.g., by mlock(2)). Kernel wirings no long count towards - the global limit, which is renamed to vm.max_user_wired. bhyve -S - allocates user-wired memory and is now subject to that limit. - -$FreeBSD$ |