diff --git a/website/content/en/releases/12.4R/relnotes.adoc b/website/content/en/releases/12.4R/relnotes.adoc --- a/website/content/en/releases/12.4R/relnotes.adoc +++ b/website/content/en/releases/12.4R/relnotes.adoc @@ -19,31 +19,46 @@ == Abstract [.abstract-title] -The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. +The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. +This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. +Some brief remarks on upgrading are also presented. [[intro]] == Introduction -This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. +This document contains the release notes for FreeBSD {releaseCurrent}. +It describes recently added, changed, or deleted features of FreeBSD. +It also provides some notes on upgrading from previous versions of FreeBSD. -The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. +The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. +Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch since {releasePrev}. The {releaseCurrent} is expected to be the final release from the {releaseBranch} branch. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. -This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/] or any of its mirrors. More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. +This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. +It can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/] or any of its mirrors. +More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. -All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. +All users are encouraged to consult the release errata before installing FreeBSD. +The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. +Typically, it contains information on known bugs, security advisories, and corrections to documentation. +An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. -This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. +This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. +In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. -Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. +Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. +They may also list changes to major ports/packages or release engineering practices. +Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD -Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. +Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. +The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. +The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. @@ -107,30 +122,38 @@ === Userland Configuration Changes // SAMPLE ENTRY: -// A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`. {{< revision "364883" >}} (Sponsored by The FreeBSD Foundation) +// A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`. +// {{< revision "364883" >}} (Sponsored by The FreeBSD Foundation) [[userland-programs]] === Userland Application Changes -The man:ar[1] utility does not overwrite the stdout stream pointer to make it compatible with the musl library. It also deprecates the `-T` flag. +The man:ar[1] utility does not overwrite the stdout stream pointer to make it compatible with the musl library. +It also deprecates the `-T` flag. The man:cp[1] utility will detect infinite recursion caused by `-R` flag and squash it. -The man:cp[1] utility will honor properly `-H`, `-L` and `-P` flags. Notably, it will not resolve symlinks encountedered during traversal when either `-H` or `-P` are specified. +The man:cp[1] utility will honor properly `-H`, `-L` and `-P` flags. +Notably, it will not resolve symlinks encountedered during traversal when either `-H` or `-P` are specified. The man:cp[1] utility will allow `-P` working without `-R` as per POSIX. -The man:df[1] utility will now support using `-l` and `-t` flags together. If both are specified, the parameter list of the `-t` option is applied on top of the selection of local file systems. +The man:df[1] utility will now support using `-l` and `-t` flags together. +If both are specified, the parameter list of the `-t` option is applied on top of the selection of local file systems. -The man:elfctl[1] utility had a number of bugs fixed involving operations with multiple features on multiple files, `-e` being specified multiple times and error handling for the `-e` flag. The utility also had some improvements to the manual page. +The man:elfctl[1] utility had a number of bugs fixed involving operations with multiple features on multiple files, `-e` being specified multiple times and error handling for the `-e` flag. +The utility also had some improvements to the manual page. The man:fsck_ufs[8] utility had a segfault bug fixed when using with man:gjournal[8]. The man:growfs[8] utility will not error if the file system is already the requested size. -The man:nfsd[8] utility had a bug fixed when handling of Open/Create for the pNFS server. A bug regarding session slot freeing for NFSv4.1/4.2 has also been fixed as well as a bug when verifying for attributes like FilesAvail. The utility had a number of sanity checks added too. +The man:nfsd[8] utility had a bug fixed when handling of Open/Create for the pNFS server. +A bug regarding session slot freeing for NFSv4.1/4.2 has also been fixed as well as a bug when verifying for attributes like FilesAvail. +The utility had a number of sanity checks added too. -The man:sh[1] utility will now read more profile files. It will load each .sh file in /etc/profile.d, then /usr/local/etc/profile, then each .sh file in /usr/local/etc/profile.d/. +The man:sh[1] utility will now read more profile files. +It will load each .sh file in /etc/profile.d, then /usr/local/etc/profile, then each .sh file in /usr/local/etc/profile.d/. The man:usbconfig[8] utility has been improved by adding a `-v` flag, it uses man:getopt[3] to handle options, and the manual page has been also improved. @@ -181,7 +204,8 @@ The man:unbound[8] utility has been updated to version 1.16.3. -wpa has been updated to version 2.10. This includes hostapd 2.10. +wpa has been updated to version 2.10. +This includes hostapd 2.10. [[userland-libraries]] === Runtime Libraries and API @@ -195,13 +219,17 @@ [[kernel-general]] === General Kernel Changes -The man:hwpmc[4] framework had a counter/interrupt state initialization bug fixed for arm64. It also added IDs for Intel Comet/Ice/Tiger/Rocketlake CPUs. +The man:hwpmc[4] framework had a counter/interrupt state initialization bug fixed for arm64. +It also added IDs for Intel Comet/Ice/Tiger/Rocketlake CPUs. -The man:iflib[4] network interface driver framework had a lock order reversal (LOR) fixed, and the vlan processing in the drivers has been fixed. Also some data races that produced crashes on VMWare guests using the vmxnet3 driver have been fixed. +The man:iflib[4] network interface driver framework had a lock order reversal (LOR) fixed, and the vlan processing in the drivers has been fixed. +Also some data races that produced crashes on VMWare guests using the vmxnet3 driver have been fixed. -The man:net80211[4] interface has improved several validations including Mesh ID length and SSID length. It also prevents plaintext injection by A-MSDU RFC1042/EAPOL frames and rejects mixed plaintext/encrypted fragments. +The man:net80211[4] interface has improved several validations including Mesh ID length and SSID length. +It also prevents plaintext injection by A-MSDU RFC1042/EAPOL frames and rejects mixed plaintext/encrypted fragments. -The man:pf[4] framework had some memory leaks fixed and now ensures the correct source/destination IP address in ICMP errors. It also provides improved route-to handling of pfsync'd states along with other changes and improvements. +The man:pf[4] framework had some memory leaks fixed and now ensures the correct source/destination IP address in ICMP errors. +It also provides improved route-to handling of pfsync'd states along with other changes and improvements. The man:sched_ule[4] scheduler bad a bug fixed about a loss of significance when setting kern.sched.interact above 32. @@ -242,7 +270,8 @@ The man:pfsync[4] pseudo-device had some locking, defer mode, and NULL check bugs fixed. -The man:random[4] device had some improvements that now make entropy sources deregistration-safe. On x86 prefer RDSEED over RDRAND when available as per Intel documentation. +The man:random[4] device had some improvements that now make entropy sources deregistration-safe. +On x86 prefer RDSEED over RDRAND when available as per Intel documentation. The man:rk_i2c[4] driver had a number of improvements including the increasing of the number of bytes that can be sent to 32. @@ -258,7 +287,8 @@ [[storage-general]] === General Storage -The man:fusefs[5] file system in userspace had several bugs fixed including a race condition, an undefined variable access, and a couple of bugs regarding OP_RECLAIM. Other fixes and improvements have been added. +The man:fusefs[5] file system in userspace had several bugs fixed including a race condition, an undefined variable access, and a couple of bugs regarding OP_RECLAIM. +Other fixes and improvements have been added. The NFS client code had a number of bug fixes including a use-after-free bug, a race condition, and a forced dismount looping. @@ -282,8 +312,10 @@ The man:dummynet[4] system facility had an out-of-bounds bug fixed as well as a bug regarding the validation of the length of socket options. -The man:ipfilter[4] packet filter added the `SDT` and `DT5` man:dtrace[1] probes. It now has the ability to dump a copy of ippool in ippool.conf format. -From now on, to improve security, man:ipfilter[4] only allows jails to manipulate ipfilter rules, NAT tables, and ippools if the jail has its own VNET. A number of other improvements have been implemented. +The man:ipfilter[4] packet filter added the `SDT` and `DT5` man:dtrace[1] probes. +It now has the ability to dump a copy of ippool in ippool.conf format. +From now on, to improve security, man:ipfilter[4] only allows jails to manipulate ipfilter rules, NAT tables, and ippools if the jail has its own VNET. +A number of other improvements have been implemented. The man:netmap[4] framework had a fix for a TOCTOU vulnerability as well as a bug regarding an integer overflow. @@ -295,13 +327,17 @@ Starting with FreeBSD-13.0, the default `CPUTYPE` for the i386 architecture will change from `486` to `686`. -This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. FreeBSD 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support. +This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. +FreeBSD 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support. As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically. -There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception. +There were several factors taken into account for this change. +For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. +Additionally, the 32-bit amd64 libraries have been i686 since their inception. -As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the `COMPAT_FREEBSD32` option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux(R) distributions have been doing for quite some time. +As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the `COMPAT_FREEBSD32` option in the kernel, this change ensures better coverage and user experience. +This also aligns with what the majority of Linux(R) distributions have been doing for quite some time. This is expected to be the final bump of the default `CPUTYPE` in i386.