1Release notes for FreeBSD 15.0. 2 3This file describes new user-visible features, changes and updates relevant to 4users of binary FreeBSD releases. Each entry should describe the change in no 5more than several sentences and should reference manual pages where an 6interested user can find more information. Entries should wrap after 80 7columns. Each entry should begin with one or more commit IDs on one line, 8specified as a comma separated list and/or range, followed by a colon and a 9newline. Entries should be separated by a newline. 10 11Changes to this file should not be MFCed. 12 1350e733f19b37, 171f66b0c2ca: 14 These commits helped improve utilization of NFSv4.1/4.2 15 delegations. The changes are only used when the NFSv4 16 mount uses the "nocto" mount option and requires an 17 up-to-date NFSv4.1/4.2 server with delegations enabled. 18 For example: For a FreeBSD kernel build with both src 19 and obj NFSv4 mounted, the total RPC count dropped from 20 5461286 to 945643, with a 20% drop in elapsed time. 21 22cd240957d7ba 23 Making a connection to INADDR_ANY (i.e., using INADDR_ANY as an alias 24 for localhost) is now disabled by default. This functionality can be 25 re-enabled by setting the net.inet.ip.connect_inaddr_wild sysctl to 1. 26 27b61850c4e6f6 28 The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0, 29 meaning that interfaces added to a bridge may not have IP addresses 30 assigned. Refer to bridge(4) for more information. 31 3244e5a0150835, 9a37f1024ceb: 33 A new utility sndctl(8) has been added to concentrate the various 34 interfaces for viewing and manipulating audio device settings (sysctls, 35 /dev/sndstat), into a single utility with a similar control-driven 36 interface to that of mixer(8). 37 3893a94ce731a8: 39 ps(1)'s options '-a' and '-A', when combined with any other one 40 affecting the selection of processes except for '-X' and '-x', would 41 have no effect, in contradiction with the rule that one process is 42 listed as soon as any of the specified options selects it (inclusive 43 OR), which is both mandated by POSIX and arguably a natural expectation. 44 This bug has been fixed. 45 46 As a practical consequence, specifying '-a'/'-A' now causes all 47 processes to be listed regardless of other selection options (except for 48 '-X' and '-x', which still apply). In particular, to list only 49 processes from specific jails, one must not use '-a' with '-J'. Option 50 '-J', contrary to its apparent initial intent, never worked as a filter 51 in practice (except by accident with '-a' due to the bug), but instead 52 as any other selection options (e.g., '-U', '-p', '-G', etc.) subject to 53 the "inclusive OR" rule. 54 55995b690d1398: 56 ps(1)'s '-U' option has been changed to select processes by their real 57 user IDs instead of their effective one, in accordance with POSIX and 58 the use case of wanting to list processes launched by some user, which 59 is expected to be more frequent than listing processes having the rights 60 of some user. This only affects the selection of processes whose real 61 and effective user IDs differ. After this change, ps(1)'s '-U' flag 62 behaves differently then in other BSDs but identically to that of 63 Linux's procps and illumos. 64 651aabbb25c9f9: 66 ps(1)'s default list of processes now comes from matching its effective 67 user ID instead of its real user ID with the effective user ID of all 68 processes, in accordance with POSIX. As ps(1) itself is not installed 69 setuid, this only affects processes having different real and effective 70 user IDs that launch ps(1) processes. 71 72f0600c41e754-de701f9bdbe0, bc201841d139: 73 mac_do(4) is now considered production-ready and its functionality has 74 been considerably extended at the price of breaking credentials 75 transition rules' backwards compatibility. All that could be specified 76 with old rules can also be with new rules. Migrating old rules is just 77 a matter of adding "uid=" in front of the target part, substituting 78 commas (",") with semi-colons (";") and colons (":") with greater-than 79 signs (">"). Please consult the mac_do(4) manual page for the new rules 80 grammar. 81 8202d4eeabfd73: 83 hw.snd.maxautovchans has been retired. The commit introduced a 84 hw.snd.vchans_enable sysctl, which along with 85 dev.pcm.X.{play|rec}.vchans, from now on work as tunables to only 86 enable/disable vchans, as opposed to setting their number and/or 87 (de-)allocating vchans. Since these sysctls do not trigger any 88 (de-)allocations anymore, their effect is instantaneous, whereas before 89 we could have frozen the machine (when trying to allocate new vchans) 90 when setting dev.pcm.X.{play|rec}.vchans to a very large value. 91 927e7f88001d7d: 93 The definition of pf's struct pfr_tstats and struct pfr_astats has 94 changed, breaking ABI compatibility for 32-bit powerpc (including 95 powerpcspe) and armv7. Users of these platforms should ensure kernel 96 and userspace are updated together. 97 985dc99e9bb985, 08e638c089a, 4009a98fe80: 99 The net.inet.{tcp,udp,raw}.bind_all_fibs tunables have been added. 100 They modify socket behavior such that packets not originating from the 101 same FIB as the socket are ignored. TCP and UDP sockets belonging to 102 different FIBs may also be bound to the same address. The default 103 behavior is unmodified. 104 105f87bb5967670, e51036fbf3f8: 106 Support for vinum volumes has been removed. 107 1088ae6247aa966, cf0ede720391d, 205659c43d87bd, 1ccbdf561f417, 4db1b113b151: 109 The layout of NFS file handles for the tarfs, tmpfs, cd9660, and ext2fs 110 file systems has changed. An NFS server that exports any of these file 111 systems will need its clients to unmount and remount the exports. 112 1131111a44301da: 114 Defer the January 19, 2038 date limit in UFS1 filesystems to 115 February 7, 2106. This affects only UFS1 format filesystems. 116 See the commit message for details. 117 11807cd69e272da: 119 Add a new -a command line option to mountd(8). 120 If this command line option is specified, when 121 a line in exports(5) has the -alldirs export option, 122 the directory must be a server file system mount point. 123 1240e8a36a2ab12: 125 Add a new NFS mount option called "mountport" that may be used 126 to specify the port# for the NFS server's Mount protocol. 127 This permits a NFSv3 mount to be done without running rpcbind(8). 128 129b2f7c53430c3: 130 Kernel TLS is now enabled by default in kernels including KTLS 131 support. KTLS is included in GENERIC kernels for aarch64, 132 amd64, powerpc64, and powerpc64le. 133 134f57efe95cc25: 135 New mididump(1) utility which dumps MIDI 1.0 events in real time. 136 137ddfc6f84f242: 138 Update unicode to 16.0.0 and CLDR to 45.0.0. 139 140b22be3bbb2de: 141 Basic Cloudinit images no longer generate RSA host keys by default for 142 SSH. 143 144000000000000: 145 RSA host keys for SSH are deprecated and will no longer be generated 146 by default in FreeBSD 16. 147 1480aabcd75dbc2: 149 EC2 AMIs no longer generate RSA host keys by default for SSH. RSA 150 host key generation can be re-enabled by setting sshd_rsa_enable="YES" 151 in /etc/rc.conf if it is necessary to support very old SSH clients. 152 153a1da7dc1cdad: 154 The SO_SPLICE socket option was added. It allows TCP connections to 155 be spliced together, enabling proxy-like functionality without the 156 need to copy data in and out of user memory. 157 158fc12c191c087: 159 grep(1) no longer follows symbolic links by default for 160 recursive searches. This matches the documented behavior in 161 the manual page. 162 163e962b37bf0ff: 164 When running bhyve(8) guests with a boot ROM, i.e., bhyveload(8) is not 165 used, bhyve now assumes that the boot ROM will enable PCI BAR decoding. 166 This is incompatible with some boot ROMs, particularly outdated builds 167 of edk2-bhyve. To restore the old behavior, add 168 "pci.enable_bars='true'" to your bhyve configuration. 169 170 Note in particular that the uefi-edk2-bhyve package has been renamed 171 to edk2-bhyve. 172 17343caa2e805c2: 174 amd64 bhyve(8)'s "lpc.bootrom" and "lpc.bootvars" options are 175 deprecated. Use the top-level "bootrom" and "bootvars" options 176 instead. 177 178822ca3276345: 179 byacc was updated to 20240109. 180 18121817992b331: 182 ncurses was updated to 6.5. 183 1841687d77197c0: 185 Filesystem manual pages have been moved to section four. 186 Please check ports you are maintaining for crossreferences. 187 1888aac90f18aef: 189 new MAC/do policy and mdo(1) utility which enables a user to 190 become another user without the requirement of setuid root. 191 1927398d1ece5cf: 193 hw.snd.version is removed. 194 195a15f7c96a276,a8089ea5aee5: 196 NVMe over Fabrics controller. The nvmft(4) kernel module adds 197 a new frontend to the CAM target layer which exports ctl(4) 198 LUNs as NVMe namespaces to remote hosts. The nvmfd(8) daemon 199 is responsible for accepting incoming connection requests and 200 handing off connected queue pairs to nvmft(4). 201 202a1eda74167b5,1058c12197ab: 203 NVMe over Fabrics host. New commands added to nvmecontrol(8) 204 to establish connections to remote controllers. Once 205 connections are established they are handed off to the nvmf(4) 206 kernel module which creates nvmeX devices and exports remote 207 namespaces as nda(4) disks. 208 20925723d66369f: 210 As a side-effect of retiring the unit.* code in sound(4), the 211 hw.snd.maxunit loader(8) tunable is also retired. 212 213eeb04a736cb9: 214 date(1) now supports nanoseconds. For example: 215 `date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and 216 `date +%N` prints "415050400". 217 2186d5ce2bb6344: 219 The default value of the nfs_reserved_port_only rc.conf(5) setting has 220 changed. The FreeBSD NFS server now requires the source port of 221 requests to be in the privileged port range (i.e., <= 1023), which 222 generally requires the client to have elevated privileges on their local 223 system. The previous behavior can be restored by setting 224 nfs_reserved_port_only=NO in rc.conf. 225 226aea973501b19: 227 ktrace(2) will now record detailed information about capability mode 228 violations. The kdump(1) utility has been updated to display such 229 information. 230 231f32a6403d346: 232 One True Awk updated to 2nd Edition. See https://awk.dev for details 233 on the additions. Unicode and CSVs (Comma Separated Values) are now 234 supported. 235 236fe86d923f83f: 237 usbconfig(8) now reads the descriptions of the usb vendor and products 238 from usb.ids when available, similarly to what pciconf(8) does. 239 2404347ef60501f: 241 The powerd(8) utility is now enabled in /etc/rc.conf by default on 242 images for the arm64 Raspberry Pi's (arm64-aarch64-RPI img files). 243 This prevents the CPU clock from running slow all the time. 244 2450b49e504a32d: 246 rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset 247 to allow unmaintained jail managers like ezjail to make use of this 248 feature (simply rename jail_${jailname}_zfs_datasets in the ezjail 249 config to jail_${jailname}_zfs_dataset. 250 251e0dfe185cbca: 252 jail(8) now support zfs.dataset to add a list of ZFS datasets to a 253 jail. 254 25561174ad88e33: 256 newsyslog(8) now supports specifying a global compression method directly 257 at the beginning of the newsyslog.conf file, which will make newsyslog(8) 258 to behave like the corresponding option was passed to the newly added 259 '-c' option. For example: 260 261 <compress> none 262 263906748d208d3: 264 newsyslog(8) now accepts a new option, '-c' which overrides all historical 265 compression flags by treating their meaning as "treat the file as compressible" 266 rather than "compress the file with that specific method." 267 268 The following choices are available: 269 * none: Do not compress, regardless of flag. 270 * legacy: Historical behavior (J=bzip2, X=xz, Y=zstd, Z=gzip). 271 * bzip2, xz, zstd, gzip: apply the specified compression method. 272 273 We plan to change the default to 'none' in FreeBSD 15.0. 274 2751a878807006c: 276 This commit added some statistics collection to the NFS-over-TLS 277 code in the NFS server so that sysadmins can moditor usage. 278 The statistics are available via the kern.rpc.tls.* sysctls. 279 2807c5146da1286: 281 Mountd has been modified to use strunvis(3) to decode directory 282 names in exports(5) file(s). This allows special characters, 283 such as blanks, to be embedded in the directory name(s). 284 "vis -M" may be used to encode such directory name(s). 285 286c5359e2af5ab: 287 bhyve(8) has a new network backend, "slirp", which makes use of the 288 libslirp package to provide a userspace network stack. This backend 289 makes it possible to access the guest network from the host without 290 requiring any extra network configuration on the host. 291 292bb830e346bd5: 293 Set the IUTF8 flag by default in tty(4). 294 295 128f63cedc14 and 9e589b093857 added proper UTF-8 backspacing handling 296 in the tty(4) driver, which is enabled by setting the new IUTF8 flag 297 through stty(1). Since the default locale is UTF-8, enable IUTF8 by 298 default. 299 300ff01d71e48d4: 301 dialog(1) has been replaced by bsddialog(1) 302 30341582f28ddf7: 304 FreeBSD 15.0 will not include support for 32-bit platforms. 305 However, 64-bit systems will still be able to run older 32-bit 306 binaries. 307 308 Support for executing 32-bit binaries on 64-bit platforms via 309 COMPAT_FREEBSD32 will remain supported for at least the 310 stable/15 and stable/16 branches. 311 312 Support for compiling individual 32-bit applications via 313 `cc -m32` will also be supported for at least the stable/15 314 branch which includes suitable headers in /usr/include and 315 libraries in /usr/lib32. 316 317 Support for 32-bit platforms in ports for 15.0 and later 318 releases is also deprecated, and these future releases may not 319 include binary packages for 32-bit platforms or support for 320 building 32-bit applications from ports. 321 322 stable/14 and earlier branches will retain existing 32-bit 323 kernel and world support. Ports will retain existing support 324 for building ports and packages for 32-bit systems on stable/14 325 and earlier branches as long as those branches are supported 326 by the ports system. However, all 32-bit platforms are Tier-2 327 or Tier-3 and support for individual ports should be expected 328 to degrade as upstreams deprecate 32-bit platforms. 329 330 With the current support schedule, stable/14 will be EOLed 5 331 years after the release of 14.0. The EOL of stable/14 would 332 mark the end of support for 32-bit platforms including source 333 releases, pre-built packages, and support for building 334 applications from ports. Given an estimated release date of 335 October 2023 for 14.0, support for 32-bit platforms would end 336 in October 2028. 337 338 The project may choose to alter this approach when 15.0 is 339 released by extending some level of 32-bit support for one or 340 more platforms in 15.0 or later. Users should use the 341 stable/14 branch to migrate off of 32-bit platforms. 342