diff --git a/website/content/en/releases/13.0R/relnotes.adoc b/website/content/en/releases/13.0R/relnotes.adoc --- a/website/content/en/releases/13.0R/relnotes.adoc +++ b/website/content/en/releases/13.0R/relnotes.adoc @@ -105,6 +105,26 @@ [[userland-config]] === Userland Configuration Changes +man:rc.subr[8] now honors `${name}_env` in all man:rc[8] scripts. +Previously, environment variables set by a user via `${name}_env` were ignored +if the service defined a custom `*_cmd` variable to control the behavior +of the `run_rc_command` function, for example, `start_cmd`, instead of relying +on variables like `command` and `command_args`. gitref:d15e810db9a5[repository=src] + +man:init[8], man:service[8], and man:cron[8] will now adopt user/class +environment variables by default (excluding `PATH`). +Notably, environment variables for all cron jobs and man:rc[8] services can +now be set via man:login.conf[5]. +gitref:21c1a93c048f[repository=src], gitref:736a5a6d1dbb[repository=src], +gitref:7466dbd68487[repository=src] + +The kernel now supports enforcing a W^X memory mapping policy for user +processes. +The policy is not enforced by default but can be enabled by setting the +`kern.elf32.allow_wx` and `kern.elf64.allow_wx` sysctls to 0. +Individual binaries can be exempted from the policy by man:elfctl[1] via +the `wxneeded` feature. +gitref:2e1c94aa1fd5[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[userland-programs]] === Userland Application Changes @@ -123,8 +143,13 @@ The man:daemon[8] utility no longer blocks SIGTERM during the restart delay. gitref:09a3675d961[repository=src] +The man:devd[8] utility now reports a `kernel` system event when the system +resumes from sleep rather than a `kern` system event. gitref:f87655ec7694[repository=src] + The man:diskinfo[8] utility now reports the physical device name GEOM attribute when available. gitref:b5961be1ab7[repository=src] +The man:elf2aout[1] utility has been removed. gitref:dd99ab06f360[repository=src] + The man:freebsd-update[8] utility now displays progress for the "Fetching files..." stage. gitref:d6e1e31a0e6[repository=src] The man:freebsd-update[8] utility now supports the `-p` flag, which ensures password db changes are included in [.filename]#/etc/passwd# via man:pwd_mkdb[8]. gitref:9b6591109e8[repository=src] {{< sponsored "The FreeBSD Foundation" >}} @@ -133,6 +158,11 @@ The manual page for the man:freebsd-update[8] utility documents using the `PAGER` environment variable for non-interactive use. gitref:32f4592764d[repository=src] +The obsolete version of the GNU debugger installed to [.filename]#/usr/libexec# for use by man:crashinfo[8] has been removed. +Detailed kernel crash information can be obtained by installing modern GDB +from ports or packages. +gitref:1c0ea326aa6d[repository=src] + The manual page for the man:gstat[8] utility now documents the use of interactive keyboard commands. gitref:cfaa2958dc4[repository=src] The manual page for the man:inetd[8] utility now includes an example of how to use netcat as an HTTP proxy. gitref:a58fc861516[repository=src] @@ -156,6 +186,23 @@ The new man:getlocalbase[3] function in libutil retrieves the LOCALBASE path in a standard way. gitref:30d21d27953[repository=src] +The man:cap_random[3] function has been removed as it has been +superseeded by man:getrandom[2]. gitref:a76f78dc3f43[repository=src] + +A new Linux-compatible man:copy_file_range[2] system call supports efficient +file copies. +In particular, this system call permits the kernel to request that an NFSv4.2 +server perform a copy operation locally on the server. gitref:bbbbeca3e9a3[repository=src] + +The man:regex[3] function no longer accepts redundant escapes for most +ordinary characters. +This will cause applications such as man:sed[1] and man:grep[1] to reject +regular expressions using these escapes. +gitref:adeebf4cd47c[repository=src] + +New man:aio_readv[2] and man:aio_writev[2] system calls provide vectored +analogues of man:aio_read[2] and man:aio_write[2]. gitref:022ca2fc7fe0 + [[kernel]] == Kernel @@ -169,6 +216,46 @@ allowed to the attaching process and the jail. Processes belonging to the superuser will implicitly widen their CPU mask as needed if they share no CPUs in common with the jail. +The in-kernel cryptographic framework has been overhauled to better support +modern cryptographic algorithms as well as simplify the interface for both +device drivers and framework consumers. +gitref:c03414326909[repository=src] {{< sponsored "Chelsio Communications" >}} + +Support for Kerberos GSS algorithms deprecated by RFCs 6649 and 8429 has been +removed. +gitref:dee3aa83d1b6[repository=src] {{< sponsored "Chelsio Communications" >}} + +Support for previously-deprecated algorithms in man:geli[4] has +been removed. +gitref:e2b9919398c3[repository=src] {{< sponsored "Chelsio Communications" >}} + +Support for IPsec algorithms deprecated by RFC 8221 as well as Triple DES +has been removed. +gitref:16aabb761c0a[repository=src] {{< sponsored "Chelsio Communications" >}} + +Support for previously-deprecated cryptographic algorithms has been removed +from man:cryptodev[4] and the in-kernel cryptographic framework. +gitref:6c80c319ef88[repository=src] {{< sponsored "Chelsio Communications" >}} + +The amd64 DMAR driver has been refactored to provide a generic I/O MMU +framework which can be used by other architectures. +As part of this, the amd64-specific `ACPI_DMAR` kernel option has been +renamed to `IOMMU`. +gitref:6186bfbd1880[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} + +A driver for Arm System Memory Management Unity version 3.2 has been added +to the aarch64 architecture. +The driver is enabled by the `IOMMU` kernel option. +gitref:4cc8701067e1[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} {{< sponsored "Innovate UK" >}} + +The GENERIC kernels for amd64 and i386 now include man:aesni[4] to support +accelerated software cryptography for man:geli[4] by default. +gitref:074a91f746bd[repository=src] + +The GENERIC kernel for aarch64 now includes man:armv8crypto[4] to support +accelerated software cryptography for man:geli[4] by default. +gitref:074a91f746bd[repository=src] + [[drivers]] == Devices and Drivers @@ -177,12 +264,43 @@ [[drivers-device]] === Device Drivers +Several network drivers for obsolete Ethernet adapters have been removed: + +* man:bm[4] BMAC gitref:9e774e53407b[repository=src] +* man:cs[4] Crystal Semiconductor CS8900/CS8920 gitref:e1edf1240b33[repository=src] +* man:de[4] DEC DC21x4x gitref:08ac01a92c88[repository=src] +* man:ed[4] NE-2000 and WD-80x3 gitref:05aa6e583be3[repository=src] +* man:ep[4] 3Com Etherlink III (3c5x9) ISA gitref:e153ee663af1[repository=src] +* man:ex[4] Intel EtherExpress Pro/10 and Pro/10+ gitref:3ee01a13855b[repository=src] +* man:fe[4] Fujitsu MB86960A/MB86965A gitref:dd262716a1e0[repository=src] +* man:hme[4] Sun Microelectronics STP2002-STQ gitref:9ee99cec1f36[repository=src] +* man:pcn[4] AMD PCnet gitref:607790d10fdb[repository=src] +* man:sf[4] Starfire gitref:3b70dd81f56f[repository=src] +* man:sn[4] SMC 91Cxx gitref:90089841deba[repository=src] +* man:tl[4] Texas Instruments ThunderLAN gitref:7c897ca91fe1[repository=src] +* man:tx[4] SMC 83c17x gitref:b1b1c2fe385c[repository=src] +* man:txp[4] 3Com 3XP Typhoon/Sidewinder (3CR990) gitref:be345ff023d9[repository=src] +* man:vx[4] 3Com EtherLink III / Fast EtherLink III (3c59x) PCI gitref:e8504bf9e7a0[repository=src] +* man:wb[4] Winbond W89C840F gitref:02fae06a11b4[repository=src] +* man:xe[4] Xircom PCMCIA gitref:7a582e5374c8[repository=src] + +A new man:safexcel[4] driver supports cryptographic requests via the EIP-97 +packet processing module found on the ESPRESSObin. gitref:b356ddf07671[repository=src] {{< sponsored "Rubicon Communications, LLC" >}} + A new man:usbhid[4] driver uses drivers from the man:hid[4] framework for USB HID devices instead of man:ukbd[4], man:ums[4], and man:uhid[4]. man:usbhid[4] is enabled by adding `hw.usb.usbhid.enable=1` to [.filename]#/boot/loader.conf# and adding `usbhid` to `kld_list=""` in [.filename]#/etc/rc.conf#. gitref:b62f6dfaed3d[repository=src] The suite of VirtIO device drivers now support the VirtIO V1 spec. This improves FreeBSD's compatibility as a guest operating system with various hypervisors and emulators including the ability to run on the link:https://wiki.qemu.org/images/4/4e/Q35.pdf[Q35 chipset] under QEMU. +The man:armv8crypto[4] driver which supports software cryptography on +ARMv8 CPUs now supports AES-XTS which is used by man:geli[4]. +gitref:4979620ece98[repository=src] + +The man:armv8crypto[4] driver now supports AES-GCM which is used by IPsec +and kernel TLS. +gitref:f76393a6305b6[repository=src] {{< sponsored "Ampere Computing" >}} + [[storage]] == Storage @@ -192,6 +310,43 @@ The man:ctld[8] utility now supports the `-f` flag to test the validity of configuration files. gitref:7fcbecd004f[repository=src] +The man:nand[4] device framework and man:nandfs[5] filesystem and associated +utilities have been removed. gitref:f5a95d9a0794[repository=src] + +man:gnop[8] can now apply configurable delays to read and write requests to +simulate a slow disk. gitref:4f80c85519d5[repository=src] + +The kernel now provides a default implementation for the `SEEK_DATA` and +`SEEK_HOLE` man:ioctl[2]'s for filesystems which do not support +sparse files. gitref:2e1b32c0e3fc[repository=src] + +The NFS client and server now support NFSv4.2 (RFC 7862) and Extended +Attributes (RFC 8276). gitref:c057a378180e[repository=src] + +Attempts to read a directory fail with `EISDIR` by default. +The `-d skip` flags can be passed to man:grep[1] to suppress errors in stderr +when non-recursively grepping a list that includes directories. +gitref:dcef4f65ae39[repository=src] + +The NFS server now permits credentials specified via `-maproot` or `-mapall` +in man:exports[5] to include more than 16 groups. +gitref:cc5efdde94bf[repository=src] + +The NFS client and server now support NFS over TLS. +The additional userland daemons are not built by default but can be +enabled by building a new world that includes a KTLS-enabled OpenSSL +via the `WITH_OPENSSL_KTLS` option. +gitref:6e4b6ff88fde[repository=src], gitref:2c76eebca71b[repository=src], +gitref:59f6f5e23c1a[repository=src] + +A new `nfsv4_server_only` variable can be set to `YES` in [.filename]#/etc/rc.conf# to only enable support for NFSv4. +This avoids the need to run man:rpcbind[8] on an NFS server. +gitref:4389a5661034[repository=src] + +The man:fusefs[5] protocol has been updated to 7.28 along with adding support +for `FUSE_COPY_FILE_RANGE` and `FUSE_LSEEK`. +gitref:92bbfe1f0d1f[repository=src] + [[storage-general]] === General Storage @@ -224,6 +379,24 @@ This section describes changes that affect networking in FreeBSD. +A new type of man:mbuf[9] (network data buffer) can represent multiple, +unmapped physical pages as a single buffer. +This improves the performance of man:sendfile[2] by reducing the length of +mbuf linked lists in socket buffers. gitref:82334850ea45[repository=src], gitref:cec06a3edc52[repository=src] {{< sponsored "Netflix" >}} + +The kernel now supports in-kernel framing and encryption of Transport +Layer Security (TLS) data on TCP sockets for TLS versions 1.0 through 1.3. +Transmit offload via in-kernel crypto drivers is supported for +MtE cipher suites using AES-CBC as well as AEAD cipher suites using +AES-GCM. +Receive offload via in-kernel crypto drivers is supported for AES-GCM +cipher suites for TLS 1.2. +Using KTLS requires the use of a KTLS-aware userland SSL library. +The OpenSSL library included in the base system does not enable KTLS +support by default, +but support can be enabled by building with the `WITH_OPENSSL_KTLS` option. +gitref:b2e60773c6b0[repository=src], gitref:6554362c6640[repository=src], gitref:f1f934754638[repository=src], gitref:3c0e56850511[repository=src], gitref:c1c52cd57e88[repository=src] {{< sponsored "Netflix" >}} {{< sponsored "Chelsio Communications" >}} + man:tcp[4] now supports Proportional Rate Reduction (as described by RFC6937) to improve SACK loss recovery during burst loss and ACK thinning scenarios. This feature is enabled by default. A new man:sysctl[8], `net.inet.tcp.do_prr`, can be set to `0` to restore the prior behavior. @@ -243,6 +416,10 @@ man:ping[8] supports both IPv4 and IPv6. A legacy man:ping6[8] is retained for backwards compatibility. gitref:3cde9171d2d5[repository=src] +SCTP support is now available as a new [.filename]#sctp.ko# kernel module +and is no longer compiled into GENERIC by default. +gitref:e64080e79c53[repository=src] {{< sponsored "The FreeBSD Foundation" >}} + [[network-general]] === General Network @@ -258,6 +435,12 @@ The amd64 architecture now supports 57-bit virtual addresses (LA57) on supported CPUs. This permits user processes to use up to 56 bits of virtual address space. This also includes support for five layer nested page tables used by bhyve. gitref:9ce875d9b59d[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[ARM-ARM64]] +=== ARMv5 + +Support for version 5 of the 32-bit ARM architecture has been removed. +Building for `TARGET=arm` now defaults to a `TARGET_ARCH` of `armv7`. +gitref:eb4977bd0fb2[repository=src] + === Allwinner The aw_gpio driver now suppots GPIO interrupts. gitref:0fe5379c6a9[repository=src] @@ -284,6 +467,11 @@ if_dwc now supports checksum offloading. gitref:98ea5a7b9a1[repository=src] +=== Sparc + +Support for the `sparc64` architecture (SPARC 9) has been removed. +gitref:58aa35d42975[repository=src] + [[hardware-virtualization]] === Virtualization Support