xref: /freebsd/RELNOTES (revision f9cf745a5084dc0a38733db8e774252e4ed2f444) 
1Release notes for FreeBSD 15.0.
2
3This file describes new user-visible features, changes and updates relevant to
4users of binary FreeBSD releases.  Each entry should describe the change in no
5more than several sentences and should reference manual pages where an
6interested user can find more information.  Entries should wrap after 80
7columns.  Each entry should begin with one or more commit IDs on one line,
8specified as a comma separated list and/or range, followed by a colon and a
9newline.  Entries should be separated by a newline.
10
11Changes to this file should not be MFCed.
12
13f1f230439fa4:
14	FreeBSD now implements the inotify(2) family of system calls.
15
1650e733f19b37, 171f66b0c2ca:
17	These commits helped improve utilization of NFSv4.1/4.2
18	delegations.  The changes are only used when the NFSv4
19	mount uses the "nocto" mount option and requires an
20	up-to-date NFSv4.1/4.2 server with delegations enabled.
21	For example: For a FreeBSD kernel build with both src
22	and obj NFSv4 mounted, the total RPC count dropped from
23	5461286 to 945643, with a 20% drop in elapsed time.
24
25cd240957d7ba
26	Making a connection to INADDR_ANY (i.e., using INADDR_ANY as an alias
27	for localhost) is now disabled by default.  This functionality can be
28	re-enabled by setting the net.inet.ip.connect_inaddr_wild sysctl to 1.
29
30b61850c4e6f6
31	The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0,
32	meaning that interfaces added to a bridge may not have IP addresses
33	assigned.  Refer to bridge(4) for more information.
34
3544e5a0150835, 9a37f1024ceb:
36	A new utility sndctl(8) has been added to concentrate the various
37	interfaces for viewing and manipulating audio device settings (sysctls,
38	/dev/sndstat), into a single utility with a similar control-driven
39	interface to that of mixer(8).
40
4193a94ce731a8:
42	ps(1)'s options '-a' and '-A', when combined with any other one
43	affecting the selection of processes except for '-X' and '-x', would
44	have no effect, in contradiction with the rule that one process is
45	listed as soon as any of the specified options selects it (inclusive
46	OR), which is both mandated by POSIX and arguably a natural expectation.
47	This bug has been fixed.
48
49	As a practical consequence, specifying '-a'/'-A' now causes all
50	processes to be listed regardless of other selection options (except for
51	'-X' and '-x', which still apply).  In particular, to list only
52	processes from specific jails, one must not use '-a' with '-J'.  Option
53	'-J', contrary to its apparent initial intent, never worked as a filter
54	in practice (except by accident with '-a' due to the bug), but instead
55	as any other selection options (e.g., '-U', '-p', '-G', etc.) subject to
56	the "inclusive OR" rule.
57
58995b690d1398:
59	ps(1)'s '-U' option has been changed to select processes by their real
60	user IDs instead of their effective one, in accordance with POSIX and
61	the use case of wanting to list processes launched by some user, which
62	is expected to be more frequent than listing processes having the rights
63	of some user.  This only affects the selection of processes whose real
64	and effective user IDs differ.	After this change, ps(1)'s '-U' flag
65	behaves differently then in other BSDs but identically to that of
66	Linux's procps and illumos.
67
681aabbb25c9f9:
69	ps(1)'s default list of processes now comes from matching its effective
70	user ID instead of its real user ID with the effective user ID of all
71	processes, in accordance with POSIX.  As ps(1) itself is not installed
72	setuid, this only affects processes having different real and effective
73	user IDs that launch ps(1) processes.
74
75f0600c41e754-de701f9bdbe0, bc201841d139:
76	mac_do(4) is now considered production-ready and its functionality has
77	been considerably extended at the price of breaking credentials
78	transition rules' backwards compatibility.  All that could be specified
79	with old rules can also be with new rules.  Migrating old rules is just
80	a matter of adding "uid=" in front of the target part, substituting
81	commas (",") with semi-colons (";") and colons (":") with greater-than
82	signs (">").  Please consult the mac_do(4) manual page for the new rules
83	grammar.
84
8502d4eeabfd73:
86	hw.snd.maxautovchans has been retired. The commit introduced a
87	hw.snd.vchans_enable sysctl, which along with
88	dev.pcm.X.{play|rec}.vchans, from now on work as tunables to only
89	enable/disable vchans, as opposed to setting their number and/or
90	(de-)allocating vchans. Since these sysctls do not trigger any
91	(de-)allocations anymore, their effect is instantaneous, whereas before
92	we could have frozen the machine (when trying to allocate new vchans)
93	when setting dev.pcm.X.{play|rec}.vchans to a very large value.
94
957e7f88001d7d:
96	The definition of pf's struct pfr_tstats and struct pfr_astats has
97	changed, breaking ABI compatibility for 32-bit powerpc (including
98	powerpcspe) and armv7. Users of these platforms should ensure kernel
99	and userspace are updated together.
100
1015dc99e9bb985, 08e638c089a, 4009a98fe80:
102	The net.inet.{tcp,udp,raw}.bind_all_fibs tunables have been added.
103	They modify socket behavior such that packets not originating from the
104	same FIB as the socket are ignored.  TCP and UDP sockets belonging to
105	different FIBs may also be bound to the same address.  The default
106	behavior is unmodified.
107
108f87bb5967670, e51036fbf3f8:
109	Support for vinum volumes has been removed.
110
1118ae6247aa966, cf0ede720391d, 205659c43d87bd, 1ccbdf561f417, 4db1b113b151:
112	The layout of NFS file handles for the tarfs, tmpfs, cd9660, and ext2fs
113	file systems has changed.  An NFS server that exports any of these file
114	systems will need its clients to unmount and remount the exports.
115
1161111a44301da:
117	Defer the January 19, 2038 date limit in UFS1 filesystems to
118	February 7, 2106. This affects only UFS1 format filesystems.
119	See the commit message for details.
120
12107cd69e272da:
122	Add a new -a command line option to mountd(8).
123	If this command line option is specified, when
124	a line in exports(5) has the -alldirs export option,
125	the directory must be a server file system mount point.
126
1270e8a36a2ab12:
128	Add a new NFS mount option called "mountport" that may be used
129	to specify the port# for the NFS server's Mount protocol.
130	This permits a NFSv3 mount to be done without running rpcbind(8).
131
132b2f7c53430c3:
133	Kernel TLS is now enabled by default in kernels including KTLS
134	support.  KTLS is included in GENERIC kernels for aarch64,
135	amd64, powerpc64, and powerpc64le.
136
137f57efe95cc25:
138	New mididump(1) utility which dumps MIDI 1.0 events in real time.
139
140ddfc6f84f242:
141	Update unicode to 16.0.0 and CLDR to 45.0.0.
142
143b22be3bbb2de:
144	Basic Cloudinit images no longer generate RSA host keys by default for
145	SSH.
146
147000000000000:
148	RSA host keys for SSH are deprecated and will no longer be generated
149	by default in FreeBSD 16.
150
1510aabcd75dbc2:
152	EC2 AMIs no longer generate RSA host keys by default for SSH.  RSA
153	host key generation can be re-enabled by setting sshd_rsa_enable="YES"
154	in /etc/rc.conf if it is necessary to support very old SSH clients.
155
156a1da7dc1cdad:
157	The SO_SPLICE socket option was added.  It allows TCP connections to
158	be spliced together, enabling proxy-like functionality without the
159	need to copy data in and out of user memory.
160
161fc12c191c087:
162	grep(1) no longer follows symbolic links by default for
163	recursive searches.  This matches the documented behavior in
164	the manual page.
165
166e962b37bf0ff:
167	When running bhyve(8) guests with a boot ROM, i.e., bhyveload(8) is not
168	used, bhyve now assumes that the boot ROM will enable PCI BAR decoding.
169	This is incompatible with some boot ROMs, particularly outdated builds
170	of edk2-bhyve.  To restore the old behavior, add
171	"pci.enable_bars='true'" to your bhyve configuration.
172
173	Note in particular that the uefi-edk2-bhyve package has been renamed
174	to edk2-bhyve.
175
17643caa2e805c2:
177	amd64 bhyve(8)'s "lpc.bootrom" and "lpc.bootvars" options are
178	deprecated.  Use the top-level "bootrom" and "bootvars" options
179	instead.
180
181822ca3276345:
182	byacc was updated to 20240109.
183
18421817992b331:
185	ncurses was updated to 6.5.
186
1871687d77197c0:
188	Filesystem manual pages have been moved to section four.
189	Please check ports you are maintaining for crossreferences.
190
1918aac90f18aef:
192	new MAC/do policy and mdo(1) utility which enables a user to
193	become another user without the requirement of setuid root.
194
1957398d1ece5cf:
196	hw.snd.version is removed.
197
198a15f7c96a276,a8089ea5aee5:
199	NVMe over Fabrics controller.  The nvmft(4) kernel module adds
200	a new frontend to the CAM target layer which exports ctl(4)
201	LUNs as NVMe namespaces to remote hosts.  The nvmfd(8) daemon
202	is responsible for accepting incoming connection requests and
203	handing off connected queue pairs to nvmft(4).
204
205a1eda74167b5,1058c12197ab:
206	NVMe over Fabrics host.  New commands added to nvmecontrol(8)
207	to establish connections to remote controllers.  Once
208	connections are established they are handed off to the nvmf(4)
209	kernel module which creates nvmeX devices and exports remote
210	namespaces as nda(4) disks.
211
21225723d66369f:
213	As a side-effect of retiring the unit.* code in sound(4), the
214	hw.snd.maxunit loader(8) tunable is also retired.
215
216eeb04a736cb9:
217	date(1) now supports nanoseconds. For example:
218	`date -Ins` prints "2024-04-22T12:20:28,763742224+02:00" and
219	`date +%N` prints "415050400".
220
2216d5ce2bb6344:
222	The default value of the nfs_reserved_port_only rc.conf(5) setting has
223	changed.  The FreeBSD NFS server now requires the source port of
224	requests to be in the privileged port range (i.e., <= 1023), which
225	generally requires the client to have elevated privileges on their local
226	system.  The previous behavior can be restored by setting
227	nfs_reserved_port_only=NO in rc.conf.
228
229aea973501b19:
230	ktrace(2) will now record detailed information about capability mode
231	violations. The kdump(1) utility has been updated to display such
232	information.
233
234f32a6403d346:
235	One True Awk updated to 2nd Edition. See https://awk.dev for details
236	on the additions. Unicode and CSVs (Comma Separated Values) are now
237	supported.
238
239fe86d923f83f:
240	usbconfig(8) now reads the descriptions of the usb vendor and products
241	from usb.ids when available, similarly to what pciconf(8) does.
242
2434347ef60501f:
244	The powerd(8) utility is now enabled in /etc/rc.conf by default on
245	images for the arm64 Raspberry Pi's (arm64-aarch64-RPI img files).
246	This prevents the CPU clock from running slow all the time.
247
2480b49e504a32d:
249	rc.d/jail now supports the legacy variable jail_${jailname}_zfs_dataset
250	to allow unmaintained jail managers like ezjail to make use of this
251	feature (simply rename jail_${jailname}_zfs_datasets in the ezjail
252	config to jail_${jailname}_zfs_dataset.
253
254e0dfe185cbca:
255	jail(8) now support zfs.dataset to add a list of ZFS datasets to a
256        jail.
257
25861174ad88e33:
259	newsyslog(8) now supports specifying a global compression method directly
260	at the beginning of the newsyslog.conf file, which will make newsyslog(8)
261	to behave like the corresponding option was passed to the newly added
262	'-c' option. For example:
263
264	<compress> none
265
266906748d208d3:
267	newsyslog(8) now accepts a new option, '-c' which overrides all historical
268	compression flags by treating their meaning as "treat the file as compressible"
269	rather than "compress the file with that specific method."
270
271	The following choices are available:
272	 * none: Do not compress, regardless of flag.
273	 * legacy: Historical behavior (J=bzip2, X=xz, Y=zstd, Z=gzip).
274	 * bzip2, xz, zstd, gzip: apply the specified compression method.
275
276	We plan to change the default to 'none' in FreeBSD 15.0.
277
2781a878807006c:
279	This commit added some statistics collection to the NFS-over-TLS
280	code in the NFS server so that sysadmins can moditor usage.
281	The statistics are available via the kern.rpc.tls.* sysctls.
282
2837c5146da1286:
284	Mountd has been modified to use strunvis(3) to decode directory
285	names in exports(5) file(s).  This allows special characters,
286	such as blanks, to be embedded in the directory name(s).
287	"vis -M" may be used to encode such directory name(s).
288
289c5359e2af5ab:
290	bhyve(8) has a new network backend, "slirp", which makes use of the
291	libslirp package to provide a userspace network stack.  This backend
292	makes it possible to access the guest network from the host without
293	requiring any extra network configuration on the host.
294
295bb830e346bd5:
296	Set the IUTF8 flag by default in tty(4).
297
298	128f63cedc14 and 9e589b093857 added proper UTF-8 backspacing handling
299	in the tty(4) driver, which is enabled by setting the new IUTF8 flag
300	through stty(1). Since the default locale is UTF-8, enable IUTF8 by
301	default.
302
303ff01d71e48d4:
304	dialog(1) has been replaced by bsddialog(1)
305
30641582f28ddf7:
307	FreeBSD 15.0 will not include support for 32-bit platforms.
308	However, 64-bit systems will still be able to run older 32-bit
309	binaries.
310
311	Support for executing 32-bit binaries on 64-bit platforms via
312	COMPAT_FREEBSD32 will remain supported for at least the
313	stable/15 and stable/16 branches.
314
315	Support for compiling individual 32-bit applications via
316	`cc -m32` will also be supported for at least the stable/15
317	branch which includes suitable headers in /usr/include and
318	libraries in /usr/lib32.
319
320	Support for 32-bit platforms in ports for 15.0 and later
321	releases is also deprecated, and these future releases may not
322	include binary packages for 32-bit platforms or support for
323	building 32-bit applications from ports.
324
325	stable/14 and earlier branches will retain existing 32-bit
326	kernel and world support.  Ports will retain existing support
327	for building ports and packages for 32-bit systems on stable/14
328	and earlier branches as long as those branches are supported
329	by the ports system.  However, all 32-bit platforms are Tier-2
330	or Tier-3 and support for individual ports should be expected
331	to degrade as upstreams deprecate 32-bit platforms.
332
333	With the current support schedule, stable/14 will be EOLed 5
334	years after the release of 14.0.  The EOL of stable/14 would
335	mark the end of support for 32-bit platforms including source
336	releases, pre-built packages, and support for building
337	applications from ports.  Given an estimated release date of
338	October 2023 for 14.0, support for 32-bit platforms would end
339	in October 2028.
340
341	The project may choose to alter this approach when 15.0 is
342	released by extending some level of 32-bit support for one or
343	more platforms in 15.0 or later.  Users should use the
344	stable/14 branch to migrate off of 32-bit platforms.
345