xref: /freebsd/RELNOTES (revision 1c1f229e9156dd75cab5e0e3e586c5ef319d68ee)
1Release notes for FreeBSD 14.0.
2
3This file describes new user-visible features, changes and updates relevant to
4users of binary FreeBSD releases.  Each entry should describe the change in no
5more than several sentences and should reference manual pages where an
6interested user can find more information.  Entries should wrap after 80
7columns.  Each entry should begin with one or more commit IDs on one line,
8specified as a comma separated list and/or range, followed by a colon and a
9newline.  Entries should be separated by a newline.
10
11Changes to this file should not be MFCed.
12
13ff01d71e48d4:
14	dialog(1) has been replaced by bsddialog(1)
15
1641582f28ddf7:
17	FreeBSD 15.0 will not include support for 32-bit platforms.
18	However, 64-bit systems will still be able to run older 32-bit
19	binaries.
20
21	Support for executing 32-bit binaries on 64-bit platforms via
22	COMPAT_FREEBSD32 will remain supported for at least the
23	stable/15 and stable/16 branches.
24
25	Support for compiling individual 32-bit applications via
26	`cc -m32` will also be supported for at least the stable/15
27	branch which includes suitable headers in /usr/include and
28	libraries in /usr/lib32.
29
30	Support for 32-bit platforms in ports for 15.0 and later
31	releases is also deprecated, and these future releases may not
32	include binary packages for 32-bit platforms or support for
33	building 32-bit applications from ports.
34
35	stable/14 and earlier branches will retain existing 32-bit
36	kernel and world support.  Ports will retain existing support
37	for building ports and packages for 32-bit systems on stable/14
38	and earlier branches as long as those branches are supported
39	by the ports system.  However, all 32-bit platforms are Tier-2
40	or Tier-3 and support for individual ports should be expected
41	to degrade as upstreams deprecate 32-bit platforms.
42
43	With the current support schedule, stable/14 will be EOLed 5
44	years after the release of 14.0.  The EOL of stable/14 would
45	mark the end of support for 32-bit platforms including source
46	releases, pre-built packages, and support for building
47	applications from ports.  Given an estimated release date of
48	October 2023 for 14.0, support for 32-bit platforms would end
49	in October 2028.
50
51	The project may choose to alter this approach when 15.0 is
52	released by extending some level of 32-bit support for one or
53	more platforms in 15.0 or later.  Users should use the
54	stable/14 branch to migrate off of 32-bit platforms.
55
563cb2f5f369ec:
57	The lua-flavored loader(8) will now interpret .lua files that appear in
58	loader_conf_files as lua, and execute them in a sandbox.  Existing
59	loader environment variables are available as globals in the sandbox,
60	and any global variable set, if not a table value, will be reflected in
61	the loader environment upon successful execution of the configuration
62	file.  Environment variables with names that aren't valid lua names may
63	be accessed as indices of _ENV; e.g., _ENV['net.fibs'].
64
65bdc81eeda05d:
66	nda is now the default nvme device on all platforms. While nda creates
67	nvd links by default so fstab, etc continues to work, configuration
68	should be updated to the new nda devices.
69
70	To restore the old behavior, add hw.nvme.use_nvd=1 to loader.conf or
71	`options NVME_USE_NVD=1` to the kernel config.  To disable the nvd
72	compatibility aliases, add kern.cam.nda.nvd_compat=0 to loader.conf.
73
74bbb2d2ce4220:
75	Change pw (hence bsdinstall) not to move /home to /usr/home.
76	Previously, when creating the path to home directories, pw
77	would move any path in the root directory under /usr, creating
78	a symlink in root.  In particular, the default /home would become
79	/usr/home.  Now /home is at the top level by default.  /usr/home
80	can be used explicitly.
81
823416e102c4e9:
83	Remove TI code from armv7 GENERIC kernel.
84	This code doesn't cope with newer DTS and hasn't in a long time so
85	support for TI armv7 platform (like BeagleBone and Pandaboard) is now
86	removed from GENERIC.
87
88d198b8774d2c:
89	Add a new "fwget" utility.
90	The goal of this utility is to inspect the system for peripherals
91	that needs firmware and install the appropriate packages for them.
92	For now only pci subsystem is supported and only firmwares for Intel
93	and AMD GPUs are known.
94
95896516e54a8c:
96	Add a new "syskrb5" mount option for Kerberized NFSv4.1/4.2 mounts.
97	Without this patch, a Kerberized NFSv4.1/4.2 mount must provide
98	a Kerberos credential for the client at mount time.
99	This patch uses a feature of NFSv4.1/4.2 called SP4_NONE, which
100	allows the state maintenance operations to be performed by any
101	authentication mechanism, so that these operations may be done via
102	AUTH_SYS instead of RPCSEC_GSS (KerberosV).  As such, no Kerberos
103	credential is required at mount time.
104	See mount_nfs(8).
105
106330aa8acdec7,ff2f1f691cdb:
107	Adds support for the SP4_MACH_CRED case for the
108	NFSv4.1/4.2 ExchangeID operation since the Linux
109	NFSv4.1/4.2 client is now using this for Kerberized mounts.
110	This change should only affect Kerberized NFSv4.1/4.2 mounts.
111	The Linux Kerberized NFSv4.1/4.2 mounts currently work without
112	support for this because Linux will fall back to SP4_NONE,
113	but there is no guarantee this fallback will work forever.
114
1157344856e3a6d and many others:
116	Add support so that nfsd(8), nfsuserd(8), mountd(8), gssd(8)
117	and rpc.tlsservd(8) can be run in an appropriately configured
118	vnet prison.  The vnet prison must be on its own file system,
119	have the "allow.nfsd" jail parameter set on it and enforce_statfs
120	cannot be set to "0".  Use of UDP and pNFS server configurations
121	are not permitted.  (ie. The nfsd command line options "-u", "-p"
122	and "-m" are not supported.)
123	See jail(8), nfsd(8) and mountd(8).
124
1252fb4f839f3fc,d89513ed2050,3413ee88c39d,f97a19ecb985,021562c5020d,431d2a81d421:
126	sendmail has been updated to the latest upstream version (8.17.1).
127
1284a30d7bb373c,d670a8f7c596,af01b4722577,4e240e55d818:
129	The growfs(7) script can now add a swap partition at the end of
130	the expansion area, and does so by default if there is no existing
131	swap.  See growfs(7).
132
13386edb11e7491:
134	llvm-objdump is now always installed as objdump.
135
136616f32ea6da7:
137	mta_start_script along with othermta rc.d script has been retired.
138
139a67b925ff3e5:
140	The default mail transport agent is now dma(8) replacing sendmail.
141
14222893e584032:
143	L3 filtering on if_bridge will do surprising things which aren't
144	fail-safe, so net.link.bridge.pfil_member and
145	net.link.bridge.pfil_bridge now default to zero.
146
147f0bc4ed144fc:
148	A new DTrace provider, kinst, is introduced and documented in
149	dtrace_kinst(4).  The provider allows kernel instructions to be traced,
150	similar to the FBT (function boundary tracing) provider except that all
151	instructions may be probed instead of logical entry and return
152	instructions.  The provider is currently amd64-only.
153
1540aa2700123e2:
155	OPIE has been removed from the base system.  If you still wish
156	to use it, install the security/opie port.  Otherwise, make
157	sure to remove or comment out any mention of pam_opie and
158	pam_opieaccess from your PAM policies (etcupdate will normally
159	take care of this for the stock policies).
160
1610eea46fb1f83:
162	Removed telnetd.
163
164981ef32230b2,33721eb991d8:
165	These commits make the use of NFSv4.1/4.2 mounts with the "intr"
166	mount option fairly usable, although not 100% correct, so long as
167	the "nolockd" mount option is used as well.  See the mount_nfs(8)
168	manual page for more information.
169
170b875d4f5ddcb,0685c73cfe88:
171	The NFSv4.1/4.2 client and server will now generate console messages
172	if sessions are broken, suggesting that users check to ensure
173	that the /etc/hostid strings are unique for all NFSv4.1/4.2 clients.
174
175240afd8c1fcc:
176	makefs(8) has ZFS support; it can create a ZFS pool, backed by a
177	single disk vdev, containing one or more datasets populated from
178	the staging directory.
179
18078ee8d1c4cda,f4f56ff43dbd:
181	The in-tree qat(4) driver has been replaced with Intel's QAT driver.
182	The new version provides additional interfaces to the chipset's
183	cryptographic and compression offload functionality.
184
185	This will have no visible change for most users; however, the new
186	driver does not support Atom C2000 chipsets.  To preserve support for
187	those chipsets, the old driver has been renamed to qat_c2xxx and kept
188	in the tree.  Users of qat(4) on C2000 hardware will thus need to
189	ensure that qat_c2xxx(4) is loaded instead of qat(4).
190
191da5b7e90e740,5a8fceb3bd9f,7b0a665d72c0,13ec1e3155c7,318d0db5fe8a,1ae2c59bcf21:
192	Boottrace is a new kernel-userspace interface for capturing trace
193	events during system boot and shutdown. Event annotations are
194	present in:
195
196	- The boot and shutdown paths in the kernel
197	- Some key system utilities (init(8), shutdown(8), reboot(8))
198	- rc(8) scripts (via boottrace(8))
199
200	In contrast to other existing boot-time tracing facilities like TSLOG,
201	Boottrace focuses on the ease of use and is aimed primarily at system
202	administrators.
203
204	It is available in the default GENERIC kernel and can be enabled by
205	toggling a single sysctl(8) variable.
206
207	See boottrace(4) for more details.
208
20905a1d0f5d7ac:
210	Kernel TLS offload now supports receive-side offload of TLS 1.3.
211
21219dc64451179:
213	if_stf now supports 6rd (RFC5969).
214
215c1d255d3ffdb, 3968b47cd974, bd452dcbede6:
216	Add WiFi 6 support to wpa.
217
218ba48d52ca6c8,4ac3d08a9693,2533eca1c2b9:
219	The default bell tone is now 800Hz. It may be set with kbdcontrol
220	again. There's devd integration for people wishing to use their sound
221	cards for the beep.
222
22392b3e07229ba:
224	net.inet.tcp.nolocaltimewait enabled by default.  It prevents
225	creation of timewait entries for TCP connections that were
226	terminated locally.
227
228d410b585b6f0:
229	sh(1) is now the default shell for the root user.
230
231396851c20aeb:
232	libncursesw has been split into libtinfow and libncursesw, linker
233	scripts should make it transparent for consumers. pkg-config files
234	are also now installed to ease ports detecting the ncurses setup from
235	base.
236
237a422084abbda:
238	LLVM's MemorySanitizer can now be used in amd64 kernels.  See the
239	kmsan(9) manual page for more information.
240
24138da497a4dfc:
242	LLVM's AddressSanitizer can now be used in amd64 kernels.  See the
243	kasan(9) manual page for more information.
244
245f39dd6a97844,23f24377b1a9,628bd30ab5a4:
246	One True Awk has been updated to the latest from upstream
247	(20210727). All the FreeBSD patches, but one, have now been
248	either up streamed or discarded.  Notable changes include:
249		o Locale is no longer used for ranges
250		o Various bugs fixed
251		o Better compatibility with gawk and mawk
252
253	The one FreeBSD change, likely to be removed in FreeBSD 14, is that
254	we still allow hex numbers, prefixed with 0x, to be parsed and
255	interpreted as hex numbers while all other awks (including one
256	true awk now) interpret them as 0 in line with awk's historic
257	behavior.
258
259	A second change, less likely to be noticed, is the historic wart
260	if -Ft meaning to use hard tab characters as the field separator
261	is deprecated and will likely be removed in FreeBSD 14.
262
263ee29e6f31111:
264	Commit ee29e6f31111 added a new sysctl called vfs.nfsd.srvmaxio
265	that can be used to increase the maximum I/O size for the NFS
266	server to any power of 2 up to 1Mbyte while the nfsd(8) is not running.
267	The FreeBSD NFS client can now be set to use a 1Mbyte I/O size
268	via the vfs.maxbcachebuf tunable and the Linux NFS client
269	can also do 1Mbyte I/O.
270	kern.ipc.maxsockbuf will need to be increased.  A console
271	message will suggest a setting for it.
272
273d575e81fbcfa:
274	gconcat(8) has added support for appending devices to the device
275	not present at creation time.
276
27776681661be28:
278	Remove support for asymmetric cryptographic operations from
279	the kernel open cryptographic framework (OCF).
280
281a145cf3f73c7:
282	The NFSv4 client now uses the highest minor version of NFSv4
283	supported by the NFSv4 server by default instead of minor version 0,
284	for NFSv4 mounts.
285	The "minorversion" mount option may be used to override this default.
286