1Release notes for FreeBSD 15.0. 2 3This file describes new user-visible features, changes and updates relevant to 4users of binary FreeBSD releases. Each entry should describe the change in no 5more than several sentences and should reference manual pages where an 6interested user can find more information. Entries should wrap after 80 7columns. Each entry should begin with one or more commit IDs on one line, 8specified as a comma separated list and/or range, followed by a colon and a 9newline. Entries should be separated by a newline. 10 11Changes to this file should not be MFCed. 12 13929f5966a9fd, b9b0e105c357, 5105e1ebecc7, cb3eac927b5d, ce9c325a2e92, 18a870751b03, 89c82750da1a, 0c13e9c3c464, 10eecc467f32, 619feb9dd00e, 7d2cfb27d62f, e26259f48afe, a245dc5d68c7, 9a726ef24134, 383e7290c0b5, c791ea80b5f7, 543b875a8ee4, 40a5abfc3f66, 73ed0c7992fd, 04764f21855a, 624b7beed5ac, 7b68893ffa9b, 6c4771c73470, dd0ec030f8fd, fb1ccc04adfe, b98d0566b2bd, ca9ccf0ce9ad, 6b28571cb6ba, 98d46e05ab08, 2a454b05f2c1, 110111a6cca1, 5f8493bbf479, e447c252d0ec, 4680e7fcc70a, 188138106b9f, 4cb1baa7d85c, 805498e49ae4, f58febc4cefa, ae07a5805b19, 0559f30a882d, cbb6e747af98, 0d1496f0f1e7, 60f970b85e44, 0b9a631e0724, ee3960cba106: 14 Replaced Heimdal 1.5.2 with MIT KRB5 (1.21.3, 1.22.0, 1.22.1). 15 Heimdal 1.5.2 can still be built using the WITHOUT_MITKRB5 flag. 16 Heimdal build plumbing will be removed in 16. 17 182b74ff5fceb6: 19 Introduced support for watchdog timer in Intel 6300ESB I/O controller 20 hub via the i6300esbwd driver, now included in ichwd.ko. 21 This driver is intended primarily for QEMU users, where it serves as 22 the default and only watchdog timer for x86 virtual machines. 23 243068d706eabe: 25 Lua updated to 5.4.8, which is minor bug fixes from 5.4.7. 26 27b45a181a74c8: 28 Awk updates to August 04, 2025 version, with minor bug fixes. 29 30dc5ba6b8b4f0: 31 The WITHOUT_GSSAPI src.conf(5) option has been removed. The GSSAPI 32 libraries are now always built unless WITHOUT_KERBEROS is set. 33 34c43cad871720: 35 jemalloc 5.3.0 has landed. See contrib/jemalloc/ChangeLog 36 for the long list of changes. 37 38cce64f2e6851: 39 Add support for the NFSv4.2 Clone operation, which uses 40 block cloning to "copy on write" files on an NFS server. 41 This only works for exported ZFS file systems that have 42 block cloning enabled, at this time. 43 4437b2cb5ecb0f: 45 Add support to VOP_COPY_FILE_RANGE() for block cloning. 46 At this time, ZFS is the only local file system that supports 47 this and only if block cloning is enabled. NFSv4.2 also supports it. 48 See pathconf(2) and copy_file_range(2) for more information. 49 502ec2ba7e232d, df58e8b1506f (openzfs 2957eabbe), f61844833ee8, b1b607bd200f, 51 ee95e4d02dbd: 52 Add Solaris style extended attributes (called named attributes 53 in NFSv4). At this time, only ZFS when the ZFS property called 54 xattr=dir and NFSv4 support them. The attributes are presented 55 in a directory as regular files. See named_attribute(7) for 56 more information. 57 58ef2a572bf6: 59 Inline IPSEC offload infrastructure and driver support for mlx5(4) 60 Nvidia ConnectX-6+ network cards were added. 61 6268ba38dad3: 63 amd64: handling of the %fsbase/%gsbase registers and tls base 64 were reworked, making it more useful for apps that directly 65 manipulate CPU context. 66 6778aaab9f1cf: 68 rtld: added support for -z initfirst 69 70e36f069ecb4, c069ca085b: 71 Reliability of UFS on volumes with more than 2G of inodes is 72 significantly improved. The underlying issue was the invalid 73 interpretation of the 32bit inode number as signed, which got 74 sign-extended into ino_t. 75 76d390633cf8c: 77 On modern amd64 machines (which have the LA57 CPU feature), 78 FreeBSD is able to utilize more than 4TB of RAM. 79 802bd157bc732a: 81 The readdir_r(3) function is deprecated and may be removed in future 82 releases. Using it in a program will result in compile-time and 83 link-time warnings. 84 859ba51cce8bbd: 86 bsnmpd(1) no longer supports legacy UDP transport. Users, that have 87 not updated their /etc/snmpd.config since 12.0-RELEASE or older will 88 need to merge in the new configuration. In particular, the transport 89 definition shall be changed from begemotSnmpdPortStatus OID to 90 begemotSnmpdTransInetStatus. 91 921349a733cf28: 93 Add a driver supporting a new storage controller interface, 94 Universal Flash Storage Host Controller Interface, supporting 95 version 4.1 and earlier, via ufshci(4). 96 97f1f230439fa4: 98 FreeBSD now implements the inotify(2) family of system calls. 99 10050e733f19b37, 171f66b0c2ca: 101 These commits helped improve utilization of NFSv4.1/4.2 102 delegations. The changes are only used when the NFSv4 103 mount uses the "nocto" mount option and requires an 104 up-to-date NFSv4.1/4.2 server with delegations enabled. 105 For example: For a FreeBSD kernel build with both src 106 and obj NFSv4 mounted, the total RPC count dropped from 107 5461286 to 945643, with a 20% drop in elapsed time. 108 109c3fc0db3bc50 110 The default value of the sysctl variable 111 net.inet.tcp.nolocaltimewait has changed from 1 to 0. This means 112 that FreeBSD does not skip the TIME_WAIT state anymore for 113 endpoints for which the remote address is local. The new sysctl 114 variable net.inet.tcp.msl_local can be used to control the time 115 these endpoints stay in the TIME_WAIT state. The sysctl variable 116 net.inet.tcp.nolocaltimewait is deprecated and intended to be 117 removed in FreeBSD 16. 118 119cd240957d7ba 120 Making a connection to INADDR_ANY (i.e., using INADDR_ANY as an alias 121 for localhost) is now disabled by default. This functionality can be 122 re-enabled by setting the net.inet.ip.connect_inaddr_wild sysctl to 1. 123 124b61850c4e6f6 125 The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0, 126 meaning that interfaces added to a bridge may not have IP addresses 127 assigned. Refer to bridge(4) for more information. 128 12944e5a0150835, 9a37f1024ceb: 130 A new utility sndctl(8) has been added to concentrate the various 131 interfaces for viewing and manipulating audio device settings (sysctls, 132 /dev/sndstat), into a single utility with a similar control-driven 133 interface to that of mixer(8). 134 13593a94ce731a8: 136 ps(1)'s options '-a' and '-A', when combined with any other one 137 affecting the selection of processes except for '-X' and '-x', would 138 have no effect, in contradiction with the rule that one process is 139 listed as soon as any of the specified options selects it (inclusive 140 OR), which is both mandated by POSIX and arguably a natural expectation. 141 This bug has been fixed. 142 143 As a practical consequence, specifying '-a'/'-A' now causes all 144 processes to be listed regardless of other selection options (except for 145 '-X' and '-x', which still apply). In particular, to list only 146 processes from specific jails, one must not use '-a' with '-J'. Option 147 '-J', contrary to its apparent initial intent, never worked as a filter 148 in practice (except by accident with '-a' due to the bug), but instead 149 as any other selection options (e.g., '-U', '-p', '-G', etc.) subject to 150 the "inclusive OR" rule. 151 152995b690d1398: 153 ps(1)'s '-U' option has been changed to select processes by their real 154 user IDs instead of their effective one, in accordance with POSIX and 155 the use case of wanting to list processes launched by some user, which 156 is expected to be more frequent than listing processes having the rights 157 of some user. This only affects the selection of processes whose real 158 and effective user IDs differ. After this change, ps(1)'s '-U' flag 159 behaves differently then in other BSDs but identically to that of 160 Linux's procps and illumos. 161 1621aabbb25c9f9: 163 ps(1)'s default list of processes now comes from matching its effective 164 user ID instead of its real user ID with the effective user ID of all 165 processes, in accordance with POSIX. As ps(1) itself is not installed 166 setuid, this only affects processes having different real and effective 167 user IDs that launch ps(1) processes. 168 169f0600c41e754-de701f9bdbe0, bc201841d139: 170 mac_do(4) is now considered production-ready and its functionality has 171 been considerably extended at the price of breaking credentials 172 transition rules' backwards compatibility. All that could be specified 173 with old rules can also be with new rules. Migrating old rules is just 174 a matter of adding "uid=" in front of the target part, substituting 175 commas (",") with semi-colons (";") and colons (":") with greater-than 176 signs (">"). Please consult the mac_do(4) manual page for the new rules 177 grammar. 178 17902d4eeabfd73: 180 hw.snd.maxautovchans has been retired. The commit introduced a 181 hw.snd.vchans_enable sysctl, which along with 182 dev.pcm.X.{play|rec}.vchans, from now on work as tunables to only 183 enable/disable vchans, as opposed to setting their number and/or 184 (de-)allocating vchans. Since these sysctls do not trigger any 185 (de-)allocations anymore, their effect is instantaneous, whereas before 186 we could have frozen the machine (when trying to allocate new vchans) 187 when setting dev.pcm.X.{play|rec}.vchans to a very large value. 188 1897e7f88001d7d: 190 The definition of pf's struct pfr_tstats and struct pfr_astats has 191 changed, breaking ABI compatibility for 32-bit powerpc (including 192 powerpcspe) and armv7. Users of these platforms should ensure kernel 193 and userspace are updated together. 194 1955dc99e9bb985, 08e638c089a, 4009a98fe80: 196 The net.inet.{tcp,udp,raw}.bind_all_fibs tunables have been added. 197 They modify socket behavior such that packets not originating from the 198 same FIB as the socket are ignored. TCP and UDP sockets belonging to 199 different FIBs may also be bound to the same address. The default 200 behavior is unmodified. 201 202f87bb5967670, e51036fbf3f8: 203 Support for vinum volumes has been removed. 204 2058ae6247aa966, cf0ede720391d, 205659c43d87bd, 1ccbdf561f417, 4db1b113b151: 206 The layout of NFS file handles for the tarfs, tmpfs, cd9660, and ext2fs 207 file systems has changed. An NFS server that exports any of these file 208 systems will need its clients to unmount and remount the exports. 209 2101111a44301da: 211 Defer the January 19, 2038 date limit in UFS1 filesystems to 212 February 7, 2106. This affects only UFS1 format filesystems. 213 See the commit message for details. 214 21507cd69e272da: 216 Add a new -a command line option to mountd(8). 217 If this command line option is specified, when 218 a line in exports(5) has the -alldirs export option, 219 the directory must be a server file system mount point. 220 2210e8a36a2ab12: 222 Add a new NFS mount option called "mountport" that may be used 223 to specify the port# for the NFS server's Mount protocol. 224 This permits a NFSv3 mount to be done without running rpcbind(8). 225 226b2f7c53430c3: 227 Kernel TLS is now enabled by default in kernels including KTLS 228 support. KTLS is included in GENERIC kernels for aarch64, 229 amd64, powerpc64, and powerpc64le. 230 231f57efe95cc25: 232 New mididump(1) utility which dumps MIDI 1.0 events in real time. 233 234ddfc6f84f242: 235 Update unicode to 16.0.0 and CLDR to 45.0.0. 236 237b22be3bbb2de: 238 Basic Cloudinit images no longer generate RSA host keys by default for 239 SSH. 240 241000000000000: 242 RSA host keys for SSH are deprecated and will no longer be generated 243 by default in FreeBSD 16. 244 2450aabcd75dbc2: 246 EC2 AMIs no longer generate RSA host keys by default for SSH. RSA 247 host key generation can be re-enabled by setting sshd_rsa_enable="YES" 248 in /etc/rc.conf if it is necessary to support very old SSH clients. 249 250a1da7dc1cdad: 251 The SO_SPLICE socket option was added. It allows TCP connections to 252 be spliced together, enabling proxy-like functionality without the 253 need to copy data in and out of user memory. 254 255fc12c191c087: 256 grep(1) no longer follows symbolic links by default for 257 recursive searches. This matches the documented behavior in 258 the manual page. 259 260e962b37bf0ff: 261 When running bhyve(8) guests with a boot ROM, i.e., bhyveload(8) is not 262 used, bhyve now assumes that the boot ROM will enable PCI BAR decoding. 263 This is incompatible with some boot ROMs, particularly outdated builds 264 of edk2-bhyve. To restore the old behavior, add 265 "pci.enable_bars='true'" to your bhyve configuration. 266 267 Note in particular that the uefi-edk2-bhyve package has been renamed 268 to edk2-bhyve. 269 27043caa2e805c2: 271 amd64 bhyve(8)'s "lpc.bootrom" and "lpc.bootvars" options are 272 deprecated. Use the top-level "bootrom" and "bootvars" options 273 instead. 274 275822ca3276345: 276 byacc was updated to 20240109. 277 27821817992b331: 279 ncurses was updated to 6.5. 280 2811687d77197c0: 282 Filesystem manual pages have been moved to section four. 283 Please check ports you are maintaining for crossreferences. 284 2858aac90f18aef: 286 new MAC/do policy and mdo(1) utility which enables a user to 287 become another user without the requirement of setuid root. 288 2897398d1ece5cf: 290 hw.snd.version is removed. 291 292a15f7c96a276,66b5296f1b29: 293 NVMe over Fabrics controller. The nvmft(4) kernel module adds 294 a new frontend to the CAM target layer which exports ctl(4) 295 LUNs as NVMe namespaces to remote hosts. The ctld(8) daemon 296 now supports NVMe controllers in addition to iSCSI targets and 297 is responsible for accepting incoming connection requests and 298 handing off connected queue pairs to nvmft(4). 299 300a1eda74167b5,1058c12197ab: 301 NVMe over Fabrics host. New commands added to nvmecontrol(8) 302 to establish connections to remote controllers. Once 303 connections are established they are handed off to the nvmf(4) 304 kernel module which creates nvmeX devices and exports remote 305 namespaces as nda(4) disks. 306 30725723d66369f: 308 As a side-effect of retiring the unit.* code in sound(4), the 309 hw.snd.maxunit loader(8) tunable is also retired. 310 311eeb04a736cb9: 312 date(1) now supports nanoseconds. For example: 313 `date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and 314 `date +%N` prints "415050400". 315 3166d5ce2bb6344: 317 The default value of the nfs_reserved_port_only rc.conf(5) setting has 318 changed. The FreeBSD NFS server now requires the source port of 319 requests to be in the privileged port range (i.e., <= 1023), which 320 generally requires the client to have elevated privileges on their local 321 system. The previous behavior can be restored by setting 322 nfs_reserved_port_only=NO in rc.conf. 323 324aea973501b19: 325 ktrace(2) will now record detailed information about capability mode 326 violations. The kdump(1) utility has been updated to display such 327 information. 328 329f32a6403d346: 330 One True Awk updated to 2nd Edition. See https://awk.dev for details 331 on the additions. Unicode and CSVs (Comma Separated Values) are now 332 supported. 333 334fe86d923f83f: 335 usbconfig(8) now reads the descriptions of the usb vendor and products 336 from usb.ids when available, similarly to what pciconf(8) does. 337 3384347ef60501f: 339 The powerd(8) utility is now enabled in /etc/rc.conf by default on 340 images for the arm64 Raspberry Pi's (arm64-aarch64-RPI img files). 341 This prevents the CPU clock from running slow all the time. 342 3430b49e504a32d: 344 rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset 345 to allow unmaintained jail managers like ezjail to make use of this 346 feature (simply rename jail_${jailname}_zfs_datasets in the ezjail 347 config to jail_${jailname}_zfs_dataset. 348 349e0dfe185cbca: 350 jail(8) now support zfs.dataset to add a list of ZFS datasets to a 351 jail. 352 35361174ad88e33: 354 newsyslog(8) now supports specifying a global compression method directly 355 at the beginning of the newsyslog.conf file, which will make newsyslog(8) 356 to behave like the corresponding option was passed to the newly added 357 '-c' option. For example: 358 359 <compress> none 360 361906748d208d3: 362 newsyslog(8) now accepts a new option, '-c' which overrides all historical 363 compression flags by treating their meaning as "treat the file as compressible" 364 rather than "compress the file with that specific method." 365 366 The following choices are available: 367 * none: Do not compress, regardless of flag. 368 * legacy: Historical behavior (J=bzip2, X=xz, Y=zstd, Z=gzip). 369 * bzip2, xz, zstd, gzip: apply the specified compression method. 370 371 We plan to change the default to 'none' in FreeBSD 15.0. 372 3731a878807006c: 374 This commit added some statistics collection to the NFS-over-TLS 375 code in the NFS server so that sysadmins can moditor usage. 376 The statistics are available via the kern.rpc.tls.* sysctls. 377 3787c5146da1286: 379 Mountd has been modified to use strunvis(3) to decode directory 380 names in exports(5) file(s). This allows special characters, 381 such as blanks, to be embedded in the directory name(s). 382 "vis -M" may be used to encode such directory name(s). 383 384c5359e2af5ab: 385 bhyve(8) has a new network backend, "slirp", which makes use of the 386 libslirp package to provide a userspace network stack. This backend 387 makes it possible to access the guest network from the host without 388 requiring any extra network configuration on the host. 389 390bb830e346bd5: 391 Set the IUTF8 flag by default in tty(4). 392 393 128f63cedc14 and 9e589b093857 added proper UTF-8 backspacing handling 394 in the tty(4) driver, which is enabled by setting the new IUTF8 flag 395 through stty(1). Since the default locale is UTF-8, enable IUTF8 by 396 default. 397 398ff01d71e48d4: 399 dialog(1) has been replaced by bsddialog(1) 400 40141582f28ddf7: 402 FreeBSD 15.0 will not include support for 32-bit platforms. 403 However, 64-bit systems will still be able to run older 32-bit 404 binaries. 405 406 Support for executing 32-bit binaries on 64-bit platforms via 407 COMPAT_FREEBSD32 will remain supported for at least the 408 stable/15 and stable/16 branches. 409 410 Support for compiling individual 32-bit applications via 411 `cc -m32` will also be supported for at least the stable/15 412 branch which includes suitable headers in /usr/include and 413 libraries in /usr/lib32. 414 415 Support for 32-bit platforms in ports for 15.0 and later 416 releases is also deprecated, and these future releases may not 417 include binary packages for 32-bit platforms or support for 418 building 32-bit applications from ports. 419 420 stable/14 and earlier branches will retain existing 32-bit 421 kernel and world support. Ports will retain existing support 422 for building ports and packages for 32-bit systems on stable/14 423 and earlier branches as long as those branches are supported 424 by the ports system. However, all 32-bit platforms are Tier-2 425 or Tier-3 and support for individual ports should be expected 426 to degrade as upstreams deprecate 32-bit platforms. 427 428 With the current support schedule, stable/14 will be EOLed 5 429 years after the release of 14.0. The EOL of stable/14 would 430 mark the end of support for 32-bit platforms including source 431 releases, pre-built packages, and support for building 432 applications from ports. Given an estimated release date of 433 October 2023 for 14.0, support for 32-bit platforms would end 434 in October 2028. 435 436 The project may choose to alter this approach when 15.0 is 437 released by extending some level of 32-bit support for one or 438 more platforms in 15.0 or later. Users should use the 439 stable/14 branch to migrate off of 32-bit platforms. 440