xref: /freebsd/RELNOTES (revision fc8310db5208a5a0d9acd4a9f61aa6e5180fb376) 
1Release notes for FreeBSD 15.0.
2
3This file describes new user-visible features, changes and updates relevant to
4users of binary FreeBSD releases.  Each entry should describe the change in no
5more than several sentences and should reference manual pages where an
6interested user can find more information.  Entries should wrap after 80
7columns.  Each entry should begin with one or more commit IDs on one line,
8specified as a comma separated list and/or range, followed by a colon and a
9newline.  Entries should be separated by a newline.
10
11Changes to this file should not be MFCed.
12
13f0600c41e754-de701f9bdbe0, bc201841d139:
14	mac_do(4) is now considered production-ready and its functionality has
15	been considerably extended at the price of breaking credentials
16	transition rules' backwards compatibility.  All that could be specified
17	with old rules can also be with new rules.  Migrating old rules is just
18	a matter of adding "uid=" in front of the target part, substituting
19	commas (",") with semi-colons (";") and colons (":") with greater-than
20	signs (">").  Please consult the mac_do(4) manual page for the new rules
21	grammar.
22
2302d4eeabfd73:
24	hw.snd.maxautovchans has been retired. The commit introduced a
25	hw.snd.vchans_enable sysctl, which along with
26	dev.pcm.X.{play|rec}.vchans, from now on work as tunables to only
27	enable/disable vchans, as opposed to setting their number and/or
28	(de-)allocating vchans. Since these sysctls do not trigger any
29	(de-)allocations anymore, their effect is instantaneous, whereas before
30	we could have frozen the machine (when trying to allocate new vchans)
31	when setting dev.pcm.X.{play|rec}.vchans to a very large value.
32
337e7f88001d7d:
34	The definition of pf's struct pfr_tstats and struct pfr_astats has
35	changed, breaking ABI compatibility for 32-bit powerpc (including
36	powerpcspe) and armv7. Users of these platforms should ensure kernel
37	and userspace are updated together.
38
395dc99e9bb985, 08e638c089a, 4009a98fe80:
40	The net.inet.{tcp,udp,raw}.bind_all_fibs tunables have been added.
41	They modify socket behavior such that packets not originating from the
42	same FIB as the socket are ignored.  TCP and UDP sockets belonging to
43	different FIBs may also be bound to the same address.  The default
44	behavior is unmodified.
45
46f87bb5967670, e51036fbf3f8:
47	Support for vinum volumes has been removed.
48
498ae6247aa966, cf0ede720391d, 205659c43d87bd, 1ccbdf561f417, 4db1b113b151:
50	The layout of NFS file handles for the tarfs, tmpfs, cd9660, and ext2fs
51	file systems has changed.  An NFS server that exports any of these file
52	systems will need its clients to unmount and remount the exports.
53
541111a44301da:
55	Defer the January 19, 2038 date limit in UFS1 filesystems to
56	February 7, 2106. This affects only UFS1 format filesystems.
57	See the commit message for details.
58
5907cd69e272da:
60	Add a new -a command line option to mountd(8).
61	If this command line option is specified, when
62	a line in exports(5) has the -alldirs export option,
63	the directory must be a server file system mount point.
64
650e8a36a2ab12:
66	Add a new NFS mount option called "mountport" that may be used
67	to specify the port# for the NFS server's Mount protocol.
68	This permits a NFSv3 mount to be done without running rpcbind(8).
69
70b2f7c53430c3:
71	Kernel TLS is now enabled by default in kernels including KTLS
72	support.  KTLS is included in GENERIC kernels for aarch64,
73	amd64, powerpc64, and powerpc64le.
74
75f57efe95cc25:
76	New mididump(1) utility which dumps MIDI 1.0 events in real time.
77
78ddfc6f84f242:
79	Update unicode to 16.0.0 and CLDR to 45.0.0.
80
81b22be3bbb2de:
82	Basic Cloudinit images no longer generate RSA host keys by default for
83	SSH.
84
85000000000000:
86	RSA host keys for SSH are deprecated and will no longer be generated
87	by default in FreeBSD 16.
88
890aabcd75dbc2:
90	EC2 AMIs no longer generate RSA host keys by default for SSH.  RSA
91	host key generation can be re-enabled by setting sshd_rsa_enable="YES"
92	in /etc/rc.conf if it is necessary to support very old SSH clients.
93
94a1da7dc1cdad:
95	The SO_SPLICE socket option was added.  It allows TCP connections to
96	be spliced together, enabling proxy-like functionality without the
97	need to copy data in and out of user memory.
98
99fc12c191c087:
100	grep(1) no longer follows symbolic links by default for
101	recursive searches.  This matches the documented behavior in
102	the manual page.
103
104e962b37bf0ff:
105	When running bhyve(8) guests with a boot ROM, i.e., bhyveload(8) is not
106	used, bhyve now assumes that the boot ROM will enable PCI BAR decoding.
107	This is incompatible with some boot ROMs, particularly outdated builds
108	of edk2-bhyve.  To restore the old behavior, add
109	"pci.enable_bars='true'" to your bhyve configuration.
110
111	Note in particular that the uefi-edk2-bhyve package has been renamed
112	to edk2-bhyve.
113
11443caa2e805c2:
115	amd64 bhyve(8)'s "lpc.bootrom" and "lpc.bootvars" options are
116	deprecated.  Use the top-level "bootrom" and "bootvars" options
117	instead.
118
119822ca3276345:
120	byacc was updated to 20240109.
121
12221817992b331:
123	ncurses was updated to 6.5.
124
1251687d77197c0:
126	Filesystem manual pages have been moved to section four.
127	Please check ports you are maintaining for crossreferences.
128
1298aac90f18aef:
130	new MAC/do policy and mdo(1) utility which enables a user to
131	become another user without the requirement of setuid root.
132
1337398d1ece5cf:
134	hw.snd.version is removed.
135
136a15f7c96a276,a8089ea5aee5:
137	NVMe over Fabrics controller.  The nvmft(4) kernel module adds
138	a new frontend to the CAM target layer which exports ctl(4)
139	LUNs as NVMe namespaces to remote hosts.  The nvmfd(8) daemon
140	is responsible for accepting incoming connection requests and
141	handing off connected queue pairs to nvmft(4).
142
143a1eda74167b5,1058c12197ab:
144	NVMe over Fabrics host.  New commands added to nvmecontrol(8)
145	to establish connections to remote controllers.  Once
146	connections are established they are handed off to the nvmf(4)
147	kernel module which creates nvmeX devices and exports remote
148	namespaces as nda(4) disks.
149
15025723d66369f:
151	As a side-effect of retiring the unit.* code in sound(4), the
152	hw.snd.maxunit loader(8) tunable is also retired.
153
154eeb04a736cb9:
155	date(1) now supports nanoseconds. For example:
156	`date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and
157	`date +%N` prints "415050400".
158
1596d5ce2bb6344:
160	The default value of the nfs_reserved_port_only rc.conf(5) setting has
161	changed.  The FreeBSD NFS server now requires the source port of
162	requests to be in the privileged port range (i.e., <= 1023), which
163	generally requires the client to have elevated privileges on their local
164	system.  The previous behavior can be restored by setting
165	nfs_reserved_port_only=NO in rc.conf.
166
167aea973501b19:
168	ktrace(2) will now record detailed information about capability mode
169	violations. The kdump(1) utility has been updated to display such
170	information.
171
172f32a6403d346:
173	One True Awk updated to 2nd Edition. See https://awk.dev for details
174	on the additions. Unicode and CSVs (Comma Separated Values) are now
175	supported.
176
177fe86d923f83f:
178	usbconfig(8) now reads the descriptions of the usb vendor and products
179	from usb.ids when available, similarly to what pciconf(8) does.
180
1814347ef60501f:
182	The powerd(8) utility is now enabled in /etc/rc.conf by default on
183	images for the arm64 Raspberry Pi's (arm64-aarch64-RPI img files).
184	This prevents the CPU clock from running slow all the time.
185
1860b49e504a32d:
187	rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset
188	to allow unmaintained jail managers like ezjail to make use of this
189	feature (simply rename jail_${jailname}_zfs_datasets in the ezjail
190	config to jail_${jailname}_zfs_dataset.
191
192e0dfe185cbca:
193	jail(8) now support zfs.dataset to add a list of ZFS datasets to a
194        jail.
195
19661174ad88e33:
197	newsyslog(8) now supports specifying a global compression method directly
198	at the beginning of the newsyslog.conf file, which will make newsyslog(8)
199	to behave like the corresponding option was passed to the newly added
200	'-c' option. For example:
201
202	<compress> none
203
204906748d208d3:
205	newsyslog(8) now accepts a new option, '-c' which overrides all historical
206	compression flags by treating their meaning as "treat the file as compressible"
207	rather than "compress the file with that specific method."
208
209	The following choices are available:
210	 * none: Do not compress, regardless of flag.
211	 * legacy: Historical behavior (J=bzip2, X=xz, Y=zstd, Z=gzip).
212	 * bzip2, xz, zstd, gzip: apply the specified compression method.
213
214	We plan to change the default to 'none' in FreeBSD 15.0.
215
2161a878807006c:
217	This commit added some statistics collection to the NFS-over-TLS
218	code in the NFS server so that sysadmins can moditor usage.
219	The statistics are available via the kern.rpc.tls.* sysctls.
220
2217c5146da1286:
222	Mountd has been modified to use strunvis(3) to decode directory
223	names in exports(5) file(s).  This allows special characters,
224	such as blanks, to be embedded in the directory name(s).
225	"vis -M" may be used to encode such directory name(s).
226
227c5359e2af5ab:
228	bhyve(8) has a new network backend, "slirp", which makes use of the
229	libslirp package to provide a userspace network stack.  This backend
230	makes it possible to access the guest network from the host without
231	requiring any extra network configuration on the host.
232
233bb830e346bd5:
234	Set the IUTF8 flag by default in tty(4).
235
236	128f63cedc14 and 9e589b093857 added proper UTF-8 backspacing handling
237	in the tty(4) driver, which is enabled by setting the new IUTF8 flag
238	through stty(1). Since the default locale is UTF-8, enable IUTF8 by
239	default.
240
241ff01d71e48d4:
242	dialog(1) has been replaced by bsddialog(1)
243
24441582f28ddf7:
245	FreeBSD 15.0 will not include support for 32-bit platforms.
246	However, 64-bit systems will still be able to run older 32-bit
247	binaries.
248
249	Support for executing 32-bit binaries on 64-bit platforms via
250	COMPAT_FREEBSD32 will remain supported for at least the
251	stable/15 and stable/16 branches.
252
253	Support for compiling individual 32-bit applications via
254	`cc -m32` will also be supported for at least the stable/15
255	branch which includes suitable headers in /usr/include and
256	libraries in /usr/lib32.
257
258	Support for 32-bit platforms in ports for 15.0 and later
259	releases is also deprecated, and these future releases may not
260	include binary packages for 32-bit platforms or support for
261	building 32-bit applications from ports.
262
263	stable/14 and earlier branches will retain existing 32-bit
264	kernel and world support.  Ports will retain existing support
265	for building ports and packages for 32-bit systems on stable/14
266	and earlier branches as long as those branches are supported
267	by the ports system.  However, all 32-bit platforms are Tier-2
268	or Tier-3 and support for individual ports should be expected
269	to degrade as upstreams deprecate 32-bit platforms.
270
271	With the current support schedule, stable/14 will be EOLed 5
272	years after the release of 14.0.  The EOL of stable/14 would
273	mark the end of support for 32-bit platforms including source
274	releases, pre-built packages, and support for building
275	applications from ports.  Given an estimated release date of
276	October 2023 for 14.0, support for 32-bit platforms would end
277	in October 2028.
278
279	The project may choose to alter this approach when 15.0 is
280	released by extending some level of 32-bit support for one or
281	more platforms in 15.0 or later.  Users should use the
282	stable/14 branch to migrate off of 32-bit platforms.
283