1Release notes for FreeBSD 15.0. 2 3This file describes new user-visible features, changes and updates relevant to 4users of binary FreeBSD releases. Each entry should describe the change in no 5more than several sentences and should reference manual pages where an 6interested user can find more information. Entries should wrap after 80 7columns. Each entry should begin with one or more commit IDs on one line, 8specified as a comma separated list and/or range, followed by a colon and a 9newline. Entries should be separated by a newline. 10 11Changes to this file should not be MFCed. 12 13f1f230439fa4: 14 FreeBSD now implements the inotify(2) family of system calls. 15 1650e733f19b37, 171f66b0c2ca: 17 These commits helped improve utilization of NFSv4.1/4.2 18 delegations. The changes are only used when the NFSv4 19 mount uses the "nocto" mount option and requires an 20 up-to-date NFSv4.1/4.2 server with delegations enabled. 21 For example: For a FreeBSD kernel build with both src 22 and obj NFSv4 mounted, the total RPC count dropped from 23 5461286 to 945643, with a 20% drop in elapsed time. 24 25cd240957d7ba 26 Making a connection to INADDR_ANY (i.e., using INADDR_ANY as an alias 27 for localhost) is now disabled by default. This functionality can be 28 re-enabled by setting the net.inet.ip.connect_inaddr_wild sysctl to 1. 29 30b61850c4e6f6 31 The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0, 32 meaning that interfaces added to a bridge may not have IP addresses 33 assigned. Refer to bridge(4) for more information. 34 3544e5a0150835, 9a37f1024ceb: 36 A new utility sndctl(8) has been added to concentrate the various 37 interfaces for viewing and manipulating audio device settings (sysctls, 38 /dev/sndstat), into a single utility with a similar control-driven 39 interface to that of mixer(8). 40 4193a94ce731a8: 42 ps(1)'s options '-a' and '-A', when combined with any other one 43 affecting the selection of processes except for '-X' and '-x', would 44 have no effect, in contradiction with the rule that one process is 45 listed as soon as any of the specified options selects it (inclusive 46 OR), which is both mandated by POSIX and arguably a natural expectation. 47 This bug has been fixed. 48 49 As a practical consequence, specifying '-a'/'-A' now causes all 50 processes to be listed regardless of other selection options (except for 51 '-X' and '-x', which still apply). In particular, to list only 52 processes from specific jails, one must not use '-a' with '-J'. Option 53 '-J', contrary to its apparent initial intent, never worked as a filter 54 in practice (except by accident with '-a' due to the bug), but instead 55 as any other selection options (e.g., '-U', '-p', '-G', etc.) subject to 56 the "inclusive OR" rule. 57 58995b690d1398: 59 ps(1)'s '-U' option has been changed to select processes by their real 60 user IDs instead of their effective one, in accordance with POSIX and 61 the use case of wanting to list processes launched by some user, which 62 is expected to be more frequent than listing processes having the rights 63 of some user. This only affects the selection of processes whose real 64 and effective user IDs differ. After this change, ps(1)'s '-U' flag 65 behaves differently then in other BSDs but identically to that of 66 Linux's procps and illumos. 67 681aabbb25c9f9: 69 ps(1)'s default list of processes now comes from matching its effective 70 user ID instead of its real user ID with the effective user ID of all 71 processes, in accordance with POSIX. As ps(1) itself is not installed 72 setuid, this only affects processes having different real and effective 73 user IDs that launch ps(1) processes. 74 75f0600c41e754-de701f9bdbe0, bc201841d139: 76 mac_do(4) is now considered production-ready and its functionality has 77 been considerably extended at the price of breaking credentials 78 transition rules' backwards compatibility. All that could be specified 79 with old rules can also be with new rules. Migrating old rules is just 80 a matter of adding "uid=" in front of the target part, substituting 81 commas (",") with semi-colons (";") and colons (":") with greater-than 82 signs (">"). Please consult the mac_do(4) manual page for the new rules 83 grammar. 84 8502d4eeabfd73: 86 hw.snd.maxautovchans has been retired. The commit introduced a 87 hw.snd.vchans_enable sysctl, which along with 88 dev.pcm.X.{play|rec}.vchans, from now on work as tunables to only 89 enable/disable vchans, as opposed to setting their number and/or 90 (de-)allocating vchans. Since these sysctls do not trigger any 91 (de-)allocations anymore, their effect is instantaneous, whereas before 92 we could have frozen the machine (when trying to allocate new vchans) 93 when setting dev.pcm.X.{play|rec}.vchans to a very large value. 94 957e7f88001d7d: 96 The definition of pf's struct pfr_tstats and struct pfr_astats has 97 changed, breaking ABI compatibility for 32-bit powerpc (including 98 powerpcspe) and armv7. Users of these platforms should ensure kernel 99 and userspace are updated together. 100 1015dc99e9bb985, 08e638c089a, 4009a98fe80: 102 The net.inet.{tcp,udp,raw}.bind_all_fibs tunables have been added. 103 They modify socket behavior such that packets not originating from the 104 same FIB as the socket are ignored. TCP and UDP sockets belonging to 105 different FIBs may also be bound to the same address. The default 106 behavior is unmodified. 107 108f87bb5967670, e51036fbf3f8: 109 Support for vinum volumes has been removed. 110 1118ae6247aa966, cf0ede720391d, 205659c43d87bd, 1ccbdf561f417, 4db1b113b151: 112 The layout of NFS file handles for the tarfs, tmpfs, cd9660, and ext2fs 113 file systems has changed. An NFS server that exports any of these file 114 systems will need its clients to unmount and remount the exports. 115 1161111a44301da: 117 Defer the January 19, 2038 date limit in UFS1 filesystems to 118 February 7, 2106. This affects only UFS1 format filesystems. 119 See the commit message for details. 120 12107cd69e272da: 122 Add a new -a command line option to mountd(8). 123 If this command line option is specified, when 124 a line in exports(5) has the -alldirs export option, 125 the directory must be a server file system mount point. 126 1270e8a36a2ab12: 128 Add a new NFS mount option called "mountport" that may be used 129 to specify the port# for the NFS server's Mount protocol. 130 This permits a NFSv3 mount to be done without running rpcbind(8). 131 132b2f7c53430c3: 133 Kernel TLS is now enabled by default in kernels including KTLS 134 support. KTLS is included in GENERIC kernels for aarch64, 135 amd64, powerpc64, and powerpc64le. 136 137f57efe95cc25: 138 New mididump(1) utility which dumps MIDI 1.0 events in real time. 139 140ddfc6f84f242: 141 Update unicode to 16.0.0 and CLDR to 45.0.0. 142 143b22be3bbb2de: 144 Basic Cloudinit images no longer generate RSA host keys by default for 145 SSH. 146 147000000000000: 148 RSA host keys for SSH are deprecated and will no longer be generated 149 by default in FreeBSD 16. 150 1510aabcd75dbc2: 152 EC2 AMIs no longer generate RSA host keys by default for SSH. RSA 153 host key generation can be re-enabled by setting sshd_rsa_enable="YES" 154 in /etc/rc.conf if it is necessary to support very old SSH clients. 155 156a1da7dc1cdad: 157 The SO_SPLICE socket option was added. It allows TCP connections to 158 be spliced together, enabling proxy-like functionality without the 159 need to copy data in and out of user memory. 160 161fc12c191c087: 162 grep(1) no longer follows symbolic links by default for 163 recursive searches. This matches the documented behavior in 164 the manual page. 165 166e962b37bf0ff: 167 When running bhyve(8) guests with a boot ROM, i.e., bhyveload(8) is not 168 used, bhyve now assumes that the boot ROM will enable PCI BAR decoding. 169 This is incompatible with some boot ROMs, particularly outdated builds 170 of edk2-bhyve. To restore the old behavior, add 171 "pci.enable_bars='true'" to your bhyve configuration. 172 173 Note in particular that the uefi-edk2-bhyve package has been renamed 174 to edk2-bhyve. 175 17643caa2e805c2: 177 amd64 bhyve(8)'s "lpc.bootrom" and "lpc.bootvars" options are 178 deprecated. Use the top-level "bootrom" and "bootvars" options 179 instead. 180 181822ca3276345: 182 byacc was updated to 20240109. 183 18421817992b331: 185 ncurses was updated to 6.5. 186 1871687d77197c0: 188 Filesystem manual pages have been moved to section four. 189 Please check ports you are maintaining for crossreferences. 190 1918aac90f18aef: 192 new MAC/do policy and mdo(1) utility which enables a user to 193 become another user without the requirement of setuid root. 194 1957398d1ece5cf: 196 hw.snd.version is removed. 197 198a15f7c96a276,a8089ea5aee5: 199 NVMe over Fabrics controller. The nvmft(4) kernel module adds 200 a new frontend to the CAM target layer which exports ctl(4) 201 LUNs as NVMe namespaces to remote hosts. The nvmfd(8) daemon 202 is responsible for accepting incoming connection requests and 203 handing off connected queue pairs to nvmft(4). 204 205a1eda74167b5,1058c12197ab: 206 NVMe over Fabrics host. New commands added to nvmecontrol(8) 207 to establish connections to remote controllers. Once 208 connections are established they are handed off to the nvmf(4) 209 kernel module which creates nvmeX devices and exports remote 210 namespaces as nda(4) disks. 211 21225723d66369f: 213 As a side-effect of retiring the unit.* code in sound(4), the 214 hw.snd.maxunit loader(8) tunable is also retired. 215 216eeb04a736cb9: 217 date(1) now supports nanoseconds. For example: 218 `date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and 219 `date +%N` prints "415050400". 220 2216d5ce2bb6344: 222 The default value of the nfs_reserved_port_only rc.conf(5) setting has 223 changed. The FreeBSD NFS server now requires the source port of 224 requests to be in the privileged port range (i.e., <= 1023), which 225 generally requires the client to have elevated privileges on their local 226 system. The previous behavior can be restored by setting 227 nfs_reserved_port_only=NO in rc.conf. 228 229aea973501b19: 230 ktrace(2) will now record detailed information about capability mode 231 violations. The kdump(1) utility has been updated to display such 232 information. 233 234f32a6403d346: 235 One True Awk updated to 2nd Edition. See https://awk.dev for details 236 on the additions. Unicode and CSVs (Comma Separated Values) are now 237 supported. 238 239fe86d923f83f: 240 usbconfig(8) now reads the descriptions of the usb vendor and products 241 from usb.ids when available, similarly to what pciconf(8) does. 242 2434347ef60501f: 244 The powerd(8) utility is now enabled in /etc/rc.conf by default on 245 images for the arm64 Raspberry Pi's (arm64-aarch64-RPI img files). 246 This prevents the CPU clock from running slow all the time. 247 2480b49e504a32d: 249 rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset 250 to allow unmaintained jail managers like ezjail to make use of this 251 feature (simply rename jail_${jailname}_zfs_datasets in the ezjail 252 config to jail_${jailname}_zfs_dataset. 253 254e0dfe185cbca: 255 jail(8) now support zfs.dataset to add a list of ZFS datasets to a 256 jail. 257 25861174ad88e33: 259 newsyslog(8) now supports specifying a global compression method directly 260 at the beginning of the newsyslog.conf file, which will make newsyslog(8) 261 to behave like the corresponding option was passed to the newly added 262 '-c' option. For example: 263 264 <compress> none 265 266906748d208d3: 267 newsyslog(8) now accepts a new option, '-c' which overrides all historical 268 compression flags by treating their meaning as "treat the file as compressible" 269 rather than "compress the file with that specific method." 270 271 The following choices are available: 272 * none: Do not compress, regardless of flag. 273 * legacy: Historical behavior (J=bzip2, X=xz, Y=zstd, Z=gzip). 274 * bzip2, xz, zstd, gzip: apply the specified compression method. 275 276 We plan to change the default to 'none' in FreeBSD 15.0. 277 2781a878807006c: 279 This commit added some statistics collection to the NFS-over-TLS 280 code in the NFS server so that sysadmins can moditor usage. 281 The statistics are available via the kern.rpc.tls.* sysctls. 282 2837c5146da1286: 284 Mountd has been modified to use strunvis(3) to decode directory 285 names in exports(5) file(s). This allows special characters, 286 such as blanks, to be embedded in the directory name(s). 287 "vis -M" may be used to encode such directory name(s). 288 289c5359e2af5ab: 290 bhyve(8) has a new network backend, "slirp", which makes use of the 291 libslirp package to provide a userspace network stack. This backend 292 makes it possible to access the guest network from the host without 293 requiring any extra network configuration on the host. 294 295bb830e346bd5: 296 Set the IUTF8 flag by default in tty(4). 297 298 128f63cedc14 and 9e589b093857 added proper UTF-8 backspacing handling 299 in the tty(4) driver, which is enabled by setting the new IUTF8 flag 300 through stty(1). Since the default locale is UTF-8, enable IUTF8 by 301 default. 302 303ff01d71e48d4: 304 dialog(1) has been replaced by bsddialog(1) 305 30641582f28ddf7: 307 FreeBSD 15.0 will not include support for 32-bit platforms. 308 However, 64-bit systems will still be able to run older 32-bit 309 binaries. 310 311 Support for executing 32-bit binaries on 64-bit platforms via 312 COMPAT_FREEBSD32 will remain supported for at least the 313 stable/15 and stable/16 branches. 314 315 Support for compiling individual 32-bit applications via 316 `cc -m32` will also be supported for at least the stable/15 317 branch which includes suitable headers in /usr/include and 318 libraries in /usr/lib32. 319 320 Support for 32-bit platforms in ports for 15.0 and later 321 releases is also deprecated, and these future releases may not 322 include binary packages for 32-bit platforms or support for 323 building 32-bit applications from ports. 324 325 stable/14 and earlier branches will retain existing 32-bit 326 kernel and world support. Ports will retain existing support 327 for building ports and packages for 32-bit systems on stable/14 328 and earlier branches as long as those branches are supported 329 by the ports system. However, all 32-bit platforms are Tier-2 330 or Tier-3 and support for individual ports should be expected 331 to degrade as upstreams deprecate 32-bit platforms. 332 333 With the current support schedule, stable/14 will be EOLed 5 334 years after the release of 14.0. The EOL of stable/14 would 335 mark the end of support for 32-bit platforms including source 336 releases, pre-built packages, and support for building 337 applications from ports. Given an estimated release date of 338 October 2023 for 14.0, support for 32-bit platforms would end 339 in October 2028. 340 341 The project may choose to alter this approach when 15.0 is 342 released by extending some level of 32-bit support for one or 343 more platforms in 15.0 or later. Users should use the 344 stable/14 branch to migrate off of 32-bit platforms. 345