xref: /freebsd/RELNOTES (revision c553872b778ebd094156cf87bb553de23bfc4399)
1Release notes for FreeBSD 15.0.
2
3This file describes new user-visible features, changes and updates relevant to
4users of binary FreeBSD releases.  Each entry should describe the change in no
5more than several sentences and should reference manual pages where an
6interested user can find more information.  Entries should wrap after 80
7columns.  Each entry should begin with one or more commit IDs on one line,
8specified as a comma separated list and/or range, followed by a colon and a
9newline.  Entries should be separated by a newline.
10
11Changes to this file should not be MFCed.
12
13929f5966a9fd, b9b0e105c357, 5105e1ebecc7, cb3eac927b5d, ce9c325a2e92, 18a870751b03, 89c82750da1a, 0c13e9c3c464, 10eecc467f32, 619feb9dd00e, 7d2cfb27d62f, e26259f48afe, a245dc5d68c7, 9a726ef24134, 383e7290c0b5, c791ea80b5f7, 543b875a8ee4, 40a5abfc3f66, 73ed0c7992fd, 04764f21855a, 624b7beed5ac, 7b68893ffa9b, 6c4771c73470, dd0ec030f8fd, fb1ccc04adfe, b98d0566b2bd, ca9ccf0ce9ad, 6b28571cb6ba, 98d46e05ab08, 2a454b05f2c1, 110111a6cca1, 5f8493bbf479, e447c252d0ec, 4680e7fcc70a, 188138106b9f, 4cb1baa7d85c, 805498e49ae4, f58febc4cefa, ae07a5805b19, 0559f30a882d, cbb6e747af98, 0d1496f0f1e7, 60f970b85e44, 0b9a631e0724, ee3960cba106:
14	Replaced Heimdal 1.5.2 with MIT KRB5 (1.21.3, 1.22.0, 1.22.1).
15	Heimdal 1.5.2 can still be built using the WITHOUT_MITKRB5 flag.
16	Heimdal build plumbing will be removed in 16.
17
182b74ff5fceb6:
19	Introduced support for watchdog timer in Intel 6300ESB I/O controller
20	hub via the i6300esbwd driver, now included in ichwd.ko.
21	This driver is intended primarily for QEMU users, where it serves as
22	the default and only watchdog timer for x86 virtual machines.
23
243068d706eabe:
25	Lua updated to 5.4.8, which is minor bug fixes from 5.4.7.
26
27b45a181a74c8:
28	Awk updates to August 04, 2025 version, with minor bug fixes.
29
30dc5ba6b8b4f0:
31	The WITHOUT_GSSAPI src.conf(5) option has been removed.  The GSSAPI
32	libraries are now always built unless WITHOUT_KERBEROS is set.
33
34c43cad871720:
35	jemalloc 5.3.0 has landed. See contrib/jemalloc/ChangeLog
36	for the long list of changes.
37
38cce64f2e6851:
39	Add support for the NFSv4.2 Clone operation, which uses
40	block cloning to "copy on write" files on an NFS server.
41	This only works for exported ZFS file systems that have
42	block cloning enabled, at this time.
43
4437b2cb5ecb0f:
45	Add support to VOP_COPY_FILE_RANGE() for block cloning.
46	At this time, ZFS is the only local file system that supports
47	this and only if block cloning is enabled.  NFSv4.2 also supports it.
48	See pathconf(2) and copy_file_range(2) for more information.
49
502ec2ba7e232d, df58e8b1506f (openzfs 2957eabbe), f61844833ee8, b1b607bd200f,
51	ee95e4d02dbd:
52	Add Solaris style extended attributes (called named attributes
53	in NFSv4).  At this time, only ZFS when the ZFS property called
54	xattr=dir and NFSv4 support them.  The attributes are presented
55	in a directory as regular files.  See named_attribute(7) for
56	more information.
57
58ef2a572bf6:
59	Inline IPSEC offload infrastructure and driver support for mlx5(4)
60	Nvidia ConnectX-6+ network cards were added.
61
6268ba38dad3:
63	amd64: handling of the %fsbase/%gsbase registers and tls base
64	were reworked, making it more useful for apps that directly
65	manipulate CPU context.
66
6778aaab9f1cf:
68	rtld: added support for -z initfirst
69
70e36f069ecb4, c069ca085b:
71	Reliability of UFS on volumes with more than 2G of inodes is
72	significantly improved.  The underlying issue was the invalid
73	interpretation of the 32bit inode number as signed, which got
74	sign-extended into ino_t.
75
76d390633cf8c:
77	On modern amd64 machines (which have the LA57 CPU feature),
78	FreeBSD is able to utilize more than 4TB of RAM.
79
802bd157bc732a:
81	The readdir_r(3) function is deprecated and may be removed in future
82	releases.  Using it in a program will result in compile-time and
83	link-time warnings.
84
859ba51cce8bbd:
86	bsnmpd(1) no longer supports legacy UDP transport.  Users, that have
87	not updated their /etc/snmpd.config since 12.0-RELEASE or older will
88	need to merge in the new configuration.  In particular, the transport
89	definition shall be changed from begemotSnmpdPortStatus OID to
90	begemotSnmpdTransInetStatus.
91
921349a733cf28:
93	Add a driver supporting a new storage controller interface,
94	Universal Flash Storage Host Controller Interface, supporting
95	version 4.1 and earlier, via ufshci(4).
96
97f1f230439fa4:
98	FreeBSD now implements the inotify(2) family of system calls.
99
10050e733f19b37, 171f66b0c2ca:
101	These commits helped improve utilization of NFSv4.1/4.2
102	delegations.  The changes are only used when the NFSv4
103	mount uses the "nocto" mount option and requires an
104	up-to-date NFSv4.1/4.2 server with delegations enabled.
105	For example: For a FreeBSD kernel build with both src
106	and obj NFSv4 mounted, the total RPC count dropped from
107	5461286 to 945643, with a 20% drop in elapsed time.
108
109c3fc0db3bc50
110	The default value of the sysctl variable
111	net.inet.tcp.nolocaltimewait has changed from 1 to 0. This means
112	that FreeBSD does not skip the TIME_WAIT state anymore for
113	endpoints for which the remote address is local. The new sysctl
114	variable net.inet.tcp.msl_local can be used to control the time
115	these endpoints stay in the TIME_WAIT state. The sysctl variable
116	net.inet.tcp.nolocaltimewait is deprecated and intended to be
117	removed in FreeBSD 16.
118
119cd240957d7ba
120	Making a connection to INADDR_ANY (i.e., using INADDR_ANY as an alias
121	for localhost) is now disabled by default.  This functionality can be
122	re-enabled by setting the net.inet.ip.connect_inaddr_wild sysctl to 1.
123
124b61850c4e6f6
125	The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0,
126	meaning that interfaces added to a bridge may not have IP addresses
127	assigned.  Refer to bridge(4) for more information.
128
12944e5a0150835, 9a37f1024ceb:
130	A new utility sndctl(8) has been added to concentrate the various
131	interfaces for viewing and manipulating audio device settings (sysctls,
132	/dev/sndstat), into a single utility with a similar control-driven
133	interface to that of mixer(8).
134
13593a94ce731a8:
136	ps(1)'s options '-a' and '-A', when combined with any other one
137	affecting the selection of processes except for '-X' and '-x', would
138	have no effect, in contradiction with the rule that one process is
139	listed as soon as any of the specified options selects it (inclusive
140	OR), which is both mandated by POSIX and arguably a natural expectation.
141	This bug has been fixed.
142
143	As a practical consequence, specifying '-a'/'-A' now causes all
144	processes to be listed regardless of other selection options (except for
145	'-X' and '-x', which still apply).  In particular, to list only
146	processes from specific jails, one must not use '-a' with '-J'.  Option
147	'-J', contrary to its apparent initial intent, never worked as a filter
148	in practice (except by accident with '-a' due to the bug), but instead
149	as any other selection options (e.g., '-U', '-p', '-G', etc.) subject to
150	the "inclusive OR" rule.
151
152995b690d1398:
153	ps(1)'s '-U' option has been changed to select processes by their real
154	user IDs instead of their effective one, in accordance with POSIX and
155	the use case of wanting to list processes launched by some user, which
156	is expected to be more frequent than listing processes having the rights
157	of some user.  This only affects the selection of processes whose real
158	and effective user IDs differ.	After this change, ps(1)'s '-U' flag
159	behaves differently then in other BSDs but identically to that of
160	Linux's procps and illumos.
161
1621aabbb25c9f9:
163	ps(1)'s default list of processes now comes from matching its effective
164	user ID instead of its real user ID with the effective user ID of all
165	processes, in accordance with POSIX.  As ps(1) itself is not installed
166	setuid, this only affects processes having different real and effective
167	user IDs that launch ps(1) processes.
168
169f0600c41e754-de701f9bdbe0, bc201841d139:
170	mac_do(4) is now considered production-ready and its functionality has
171	been considerably extended at the price of breaking credentials
172	transition rules' backwards compatibility.  All that could be specified
173	with old rules can also be with new rules.  Migrating old rules is just
174	a matter of adding "uid=" in front of the target part, substituting
175	commas (",") with semi-colons (";") and colons (":") with greater-than
176	signs (">").  Please consult the mac_do(4) manual page for the new rules
177	grammar.
178
17902d4eeabfd73:
180	hw.snd.maxautovchans has been retired. The commit introduced a
181	hw.snd.vchans_enable sysctl, which along with
182	dev.pcm.X.{play|rec}.vchans, from now on work as tunables to only
183	enable/disable vchans, as opposed to setting their number and/or
184	(de-)allocating vchans. Since these sysctls do not trigger any
185	(de-)allocations anymore, their effect is instantaneous, whereas before
186	we could have frozen the machine (when trying to allocate new vchans)
187	when setting dev.pcm.X.{play|rec}.vchans to a very large value.
188
1897e7f88001d7d:
190	The definition of pf's struct pfr_tstats and struct pfr_astats has
191	changed, breaking ABI compatibility for 32-bit powerpc (including
192	powerpcspe) and armv7. Users of these platforms should ensure kernel
193	and userspace are updated together.
194
1955dc99e9bb985, 08e638c089a, 4009a98fe80:
196	The net.inet.{tcp,udp,raw}.bind_all_fibs tunables have been added.
197	They modify socket behavior such that packets not originating from the
198	same FIB as the socket are ignored.  TCP and UDP sockets belonging to
199	different FIBs may also be bound to the same address.  The default
200	behavior is unmodified.
201
202f87bb5967670, e51036fbf3f8:
203	Support for vinum volumes has been removed.
204
2058ae6247aa966, cf0ede720391d, 205659c43d87bd, 1ccbdf561f417, 4db1b113b151:
206	The layout of NFS file handles for the tarfs, tmpfs, cd9660, and ext2fs
207	file systems has changed.  An NFS server that exports any of these file
208	systems will need its clients to unmount and remount the exports.
209
2101111a44301da:
211	Defer the January 19, 2038 date limit in UFS1 filesystems to
212	February 7, 2106. This affects only UFS1 format filesystems.
213	See the commit message for details.
214
21507cd69e272da:
216	Add a new -a command line option to mountd(8).
217	If this command line option is specified, when
218	a line in exports(5) has the -alldirs export option,
219	the directory must be a server file system mount point.
220
2210e8a36a2ab12:
222	Add a new NFS mount option called "mountport" that may be used
223	to specify the port# for the NFS server's Mount protocol.
224	This permits a NFSv3 mount to be done without running rpcbind(8).
225
226b2f7c53430c3:
227	Kernel TLS is now enabled by default in kernels including KTLS
228	support.  KTLS is included in GENERIC kernels for aarch64,
229	amd64, powerpc64, and powerpc64le.
230
231f57efe95cc25:
232	New mididump(1) utility which dumps MIDI 1.0 events in real time.
233
234ddfc6f84f242:
235	Update unicode to 16.0.0 and CLDR to 45.0.0.
236
237b22be3bbb2de:
238	Basic Cloudinit images no longer generate RSA host keys by default for
239	SSH.
240
241000000000000:
242	RSA host keys for SSH are deprecated and will no longer be generated
243	by default in FreeBSD 16.
244
2450aabcd75dbc2:
246	EC2 AMIs no longer generate RSA host keys by default for SSH.  RSA
247	host key generation can be re-enabled by setting sshd_rsa_enable="YES"
248	in /etc/rc.conf if it is necessary to support very old SSH clients.
249
250a1da7dc1cdad:
251	The SO_SPLICE socket option was added.  It allows TCP connections to
252	be spliced together, enabling proxy-like functionality without the
253	need to copy data in and out of user memory.
254
255fc12c191c087:
256	grep(1) no longer follows symbolic links by default for
257	recursive searches.  This matches the documented behavior in
258	the manual page.
259
260e962b37bf0ff:
261	When running bhyve(8) guests with a boot ROM, i.e., bhyveload(8) is not
262	used, bhyve now assumes that the boot ROM will enable PCI BAR decoding.
263	This is incompatible with some boot ROMs, particularly outdated builds
264	of edk2-bhyve.  To restore the old behavior, add
265	"pci.enable_bars='true'" to your bhyve configuration.
266
267	Note in particular that the uefi-edk2-bhyve package has been renamed
268	to edk2-bhyve.
269
27043caa2e805c2:
271	amd64 bhyve(8)'s "lpc.bootrom" and "lpc.bootvars" options are
272	deprecated.  Use the top-level "bootrom" and "bootvars" options
273	instead.
274
275822ca3276345:
276	byacc was updated to 20240109.
277
27821817992b331:
279	ncurses was updated to 6.5.
280
2811687d77197c0:
282	Filesystem manual pages have been moved to section four.
283	Please check ports you are maintaining for crossreferences.
284
2858aac90f18aef:
286	new MAC/do policy and mdo(1) utility which enables a user to
287	become another user without the requirement of setuid root.
288
2897398d1ece5cf:
290	hw.snd.version is removed.
291
292a15f7c96a276,66b5296f1b29:
293	NVMe over Fabrics controller.  The nvmft(4) kernel module adds
294	a new frontend to the CAM target layer which exports ctl(4)
295	LUNs as NVMe namespaces to remote hosts.  The ctld(8) daemon
296	now supports NVMe controllers in addition to iSCSI targets and
297	is responsible for accepting incoming connection requests and
298	handing off connected queue pairs to nvmft(4).
299
300a1eda74167b5,1058c12197ab:
301	NVMe over Fabrics host.  New commands added to nvmecontrol(8)
302	to establish connections to remote controllers.  Once
303	connections are established they are handed off to the nvmf(4)
304	kernel module which creates nvmeX devices and exports remote
305	namespaces as nda(4) disks.
306
30725723d66369f:
308	As a side-effect of retiring the unit.* code in sound(4), the
309	hw.snd.maxunit loader(8) tunable is also retired.
310
311eeb04a736cb9:
312	date(1) now supports nanoseconds. For example:
313	`date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and
314	`date +%N` prints "415050400".
315
3166d5ce2bb6344:
317	The default value of the nfs_reserved_port_only rc.conf(5) setting has
318	changed.  The FreeBSD NFS server now requires the source port of
319	requests to be in the privileged port range (i.e., <= 1023), which
320	generally requires the client to have elevated privileges on their local
321	system.  The previous behavior can be restored by setting
322	nfs_reserved_port_only=NO in rc.conf.
323
324aea973501b19:
325	ktrace(2) will now record detailed information about capability mode
326	violations. The kdump(1) utility has been updated to display such
327	information.
328
329f32a6403d346:
330	One True Awk updated to 2nd Edition. See https://awk.dev for details
331	on the additions. Unicode and CSVs (Comma Separated Values) are now
332	supported.
333
334fe86d923f83f:
335	usbconfig(8) now reads the descriptions of the usb vendor and products
336	from usb.ids when available, similarly to what pciconf(8) does.
337
3384347ef60501f:
339	The powerd(8) utility is now enabled in /etc/rc.conf by default on
340	images for the arm64 Raspberry Pi's (arm64-aarch64-RPI img files).
341	This prevents the CPU clock from running slow all the time.
342
3430b49e504a32d:
344	rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset
345	to allow unmaintained jail managers like ezjail to make use of this
346	feature (simply rename jail_${jailname}_zfs_datasets in the ezjail
347	config to jail_${jailname}_zfs_dataset.
348
349e0dfe185cbca:
350	jail(8) now support zfs.dataset to add a list of ZFS datasets to a
351        jail.
352
35361174ad88e33:
354	newsyslog(8) now supports specifying a global compression method directly
355	at the beginning of the newsyslog.conf file, which will make newsyslog(8)
356	to behave like the corresponding option was passed to the newly added
357	'-c' option. For example:
358
359	<compress> none
360
361906748d208d3:
362	newsyslog(8) now accepts a new option, '-c' which overrides all historical
363	compression flags by treating their meaning as "treat the file as compressible"
364	rather than "compress the file with that specific method."
365
366	The following choices are available:
367	 * none: Do not compress, regardless of flag.
368	 * legacy: Historical behavior (J=bzip2, X=xz, Y=zstd, Z=gzip).
369	 * bzip2, xz, zstd, gzip: apply the specified compression method.
370
371	We plan to change the default to 'none' in FreeBSD 15.0.
372
3731a878807006c:
374	This commit added some statistics collection to the NFS-over-TLS
375	code in the NFS server so that sysadmins can moditor usage.
376	The statistics are available via the kern.rpc.tls.* sysctls.
377
3787c5146da1286:
379	Mountd has been modified to use strunvis(3) to decode directory
380	names in exports(5) file(s).  This allows special characters,
381	such as blanks, to be embedded in the directory name(s).
382	"vis -M" may be used to encode such directory name(s).
383
384c5359e2af5ab:
385	bhyve(8) has a new network backend, "slirp", which makes use of the
386	libslirp package to provide a userspace network stack.  This backend
387	makes it possible to access the guest network from the host without
388	requiring any extra network configuration on the host.
389
390bb830e346bd5:
391	Set the IUTF8 flag by default in tty(4).
392
393	128f63cedc14 and 9e589b093857 added proper UTF-8 backspacing handling
394	in the tty(4) driver, which is enabled by setting the new IUTF8 flag
395	through stty(1). Since the default locale is UTF-8, enable IUTF8 by
396	default.
397
398ff01d71e48d4:
399	dialog(1) has been replaced by bsddialog(1)
400
40141582f28ddf7:
402	FreeBSD 15.0 will not include support for 32-bit platforms.
403	However, 64-bit systems will still be able to run older 32-bit
404	binaries.
405
406	Support for executing 32-bit binaries on 64-bit platforms via
407	COMPAT_FREEBSD32 will remain supported for at least the
408	stable/15 and stable/16 branches.
409
410	Support for compiling individual 32-bit applications via
411	`cc -m32` will also be supported for at least the stable/15
412	branch which includes suitable headers in /usr/include and
413	libraries in /usr/lib32.
414
415	Support for 32-bit platforms in ports for 15.0 and later
416	releases is also deprecated, and these future releases may not
417	include binary packages for 32-bit platforms or support for
418	building 32-bit applications from ports.
419
420	stable/14 and earlier branches will retain existing 32-bit
421	kernel and world support.  Ports will retain existing support
422	for building ports and packages for 32-bit systems on stable/14
423	and earlier branches as long as those branches are supported
424	by the ports system.  However, all 32-bit platforms are Tier-2
425	or Tier-3 and support for individual ports should be expected
426	to degrade as upstreams deprecate 32-bit platforms.
427
428	With the current support schedule, stable/14 will be EOLed 5
429	years after the release of 14.0.  The EOL of stable/14 would
430	mark the end of support for 32-bit platforms including source
431	releases, pre-built packages, and support for building
432	applications from ports.  Given an estimated release date of
433	October 2023 for 14.0, support for 32-bit platforms would end
434	in October 2028.
435
436	The project may choose to alter this approach when 15.0 is
437	released by extending some level of 32-bit support for one or
438	more platforms in 15.0 or later.  Users should use the
439	stable/14 branch to migrate off of 32-bit platforms.
440