diff --git a/website/content/en/releases/13.0R/relnotes.adoc b/website/content/en/releases/13.0R/relnotes.adoc index eeed9d104e..153548151e 100644 --- a/website/content/en/releases/13.0R/relnotes.adoc +++ b/website/content/en/releases/13.0R/relnotes.adoc @@ -1,718 +1,728 @@ --- title: "FreeBSD 13.0-RELEASE Release Notes" sidenav: download --- = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font :releaseCurrent: 13.0-RELEASE :releaseBranch: 13-STABLE :releasePrev: 12.2-RELEASE :releaseNext: 13.1-RELEASE :releaseType: release include::shared/en/urls.adoc[] == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. The {releaseType} distribution to which these release notes apply represents a point along the {releaseBranch} development branch between {releasePrev} and the future {releaseNext}. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[https://www.FreeBSD.org/releases/] or any of its mirrors. More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. Upgrading powerpc64 systems from earlier FreeBSD Releases is NOT supported. Users need to reinstall, due to using new ABI. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [IMPORTANT] ==== Updating UEFI ESP partitions (the partition the firmware boots from) has changed. See <> for important details. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |No advisories. | | |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |No notices. | | |=== // Sample release notes entry. //The man:fsck_msdosfs[8] utility includes a variety of enhancements, including reducing the memory footprint, a new flag, `-M`, which disables the use of man:mmap[2], and others. gitref:9708ba9f29[repository=src] [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-config]] === Userland Configuration Changes man:rc.subr[8] now honors `${name}_env` in all man:rc[8] scripts. Previously, environment variables set by a user via `${name}_env` were ignored if the service defined a custom `*_cmd` variable to control the behavior of the `run_rc_command` function, for example, `start_cmd`, instead of relying on variables like `command` and `command_args`. gitref:d15e810db9a5[repository=src] man:init[8], man:service[8], and man:cron[8] will now adopt user/class environment variables by default (excluding `PATH`). Notably, environment variables for all cron jobs and man:rc[8] services can now be set via man:login.conf[5]. gitref:21c1a93c048f[repository=src], gitref:736a5a6d1dbb[repository=src], gitref:7466dbd68487[repository=src] The default config for man:newsyslog[8] will now only include files from the /etc/newsyslog.conf.d/ and /usr/local/etc/newsyslog.conf.d/ directories if the filename ends with ".conf" and does not begin with a "." character. This matches the man:syslog.conf[5] functionality, and also prevents ".sample" or ".pkgnew" files being included. gitref:9165316ff6bf[repository=src] The kernel now supports enforcing a W^X memory mapping policy for user processes. The policy is not enforced by default but can be enabled by setting the `kern.elf32.allow_wx` and `kern.elf64.allow_wx` sysctls to 0. Individual binaries can be exempted from the policy by man:elfctl[1] via the `wxneeded` feature. gitref:2e1c94aa1fd5[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[userland-programs]] === Userland Application Changes The man:calendar[1] utility again supports nested C pre-processor conditionals and now supports the C++ comment syntax in addition to the C syntax. gitref:19b5c307548[repository=src] The man:calendar[1] utility consistently prints dates according to the locale of the invoking user, not the possibly varying locales of included files. gitref:f1560bd080a[repository=src] The man:calendar[1] utility uses the correct paths for included files if invoked with the -a option. gitref:19b5c307548[repository=src] The man:calendar[1] utility no longer installs data files other than calendar.freebsd. The data files are now provided by the deskutils/calendar-data port. gitref:d20d6550187[repository=src] The man:daemon[8] utility now supports the `-H` flag to close and re-open the output file when SIGHUP is received. This permits rotation of the output file via man:newsyslog[8]. gitref:4cd407ec933[repository=src] The man:daemon[8] utility no longer blocks SIGTERM during the restart delay. gitref:09a3675d961[repository=src] The man:devd[8] utility now reports a `kernel` system event when the system resumes from sleep rather than a `kern` system event. gitref:f87655ec7694[repository=src] The man:diskinfo[8] utility now reports the physical device name GEOM attribute when available. gitref:b5961be1ab7[repository=src] Removed userland support for FreeBSD/i386 a.out executables. gitref:9bc6c7219a37[repository=src], gitref:50a40d091170[repository=src], gitref:0713c7b88cf0[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Removed the man:elf2aout[1] utility. gitref:dd99ab06f360[repository=src] The man:freebsd-update[8] utility now displays progress for the "Fetching files..." stage. gitref:d6e1e31a0e6[repository=src] The man:freebsd-update[8] utility now supports the `-p` flag, which ensures password db changes are included in [.filename]#/etc/passwd# via man:pwd_mkdb[8]. gitref:9b6591109e8[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:freebsd-update[8] utility now supports the `updatesready` and `showconfig` commands to check for updates and check the configuration respectively. gitref:8cfda118cbd[repository=src] The manual page for the man:freebsd-update[8] utility documents using the `PAGER` environment variable for non-interactive use. gitref:32f4592764d[repository=src] Removed the obsolete version of the GNU debugger that was installed to [.filename]#/usr/libexec# for use by man:crashinfo[8]. Detailed kernel crash information can be obtained by installing modern GDB from ports or packages. gitref:1c0ea326aa6d[repository=src] Removed the obsolete binutils 2.17 and man:gcc[1] 4.2.1 from the tree. All supported architectures now use the LLVM/clang toolchain. gitref:0ad202f312f6[repository=src], gitref:a04ec978b369[repository=src], gitref:57f804675e65[repository=src], gitref:90b9aa475e9e[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Removed the GPL-licensed version of man:dtc[1]. The BSD-licensed version is now built and installed unconditionally. gitref:134b378392a8[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The manual page for the man:gstat[8] utility now documents the use of interactive keyboard commands. gitref:cfaa2958dc4[repository=src] The manual page for the man:inetd[8] utility now includes an example of how to use netcat as an HTTP proxy. gitref:a58fc861516[repository=src] The manual page for the man:inetd[8] utility now includes comments for all examples. gitref:26a4a61a285[repository=src] Removed the man:ctm[1] utility. It is now provided by the `misc/ctm` port. gitref:385e98080cab[repository=src] The BSD version of man:grep[1] is now installed by default. The obsolete GNU version that was the previous default has been removed. gitref:8aff76fb37b5[repository=src], gitref:47d1ad2413da[repository=src] Removed the man:amd[8] automount daemon. Its functionality is provided by man:autofs[5]. gitref:13f7dbe822d5[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[userland-contrib]] === Contributed Software Replaced the man:bc[1] and man:dc[1] utilities with the version developed by Gavin D. Howard. The new versions do not depend on an external large number library, offer GNU bc extensions, are much faster than and fix POSIX compliance issues of the programs they replace. They support POSIX message catalogs and come with localized messages in Chinese, Dutch, English, French, German, Japanese, Polish, Portugueze, and Russian. The previous implementation is still available in FreeBSD-13 and can be selected instead of the new one by the build option `WITHOUT_GH_BC`. gitref:c41fef90a7d[repository=src] The clang, lld, and lldb utilities and compiler-rt, llvm, libunwind, and libc++ libraries have been updated to version 11.0.1. gitref:39b7445e15cd[repository=src] [[userland-deprecated-programs]] === Deprecated Applications [[userland-libraries]] === Runtime Libraries and API The new man:getlocalbase[3] function in libutil retrieves the LOCALBASE path in a standard way. gitref:30d21d27953[repository=src] Removed the man:cap_random[3] function as it has been superseeded by man:getrandom[2]. gitref:a76f78dc3f43[repository=src] A new Linux-compatible man:copy_file_range[2] system call supports efficient file copies. In particular, this system call permits the kernel to request that an NFSv4.2 server perform a copy operation locally on the server. gitref:bbbbeca3e9a3[repository=src] The man:regex[3] function no longer accepts redundant escapes for most ordinary characters. This will cause applications such as man:sed[1] and man:grep[1] to reject regular expressions using these escapes. gitref:adeebf4cd47c[repository=src] New man:aio_readv[2] and man:aio_writev[2] system calls provide vectored analogues of man:aio_read[2] and man:aio_write[2]. gitref:022ca2fc7fe0[repository=src] powerpc64 switched to ELFv2 ABI at the same time it switched to LLVM. This brings us to a parity with modern Linux distributions. This also makes the binaries from previous FreeBSD versions incompatible with 13.0-RELEASE. Kernel still supports ELFv1, so jails and chroots using older FreeBSD versions are still compatible. gitref:e4399d169acc[repository=src] Removed CU-SeeMe support from man:libalias[3]. gitref:65a1d63665b[repository=src] [[kernel]] == Kernel This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized. [[kernel-general]] === General Kernel Changes Processes that attach to a man:jail[8] will now completely rebase their man:cpuset[1] onto the jail's cpuset. Notably, if a process had been assigned a numbered cpuset then it will be assigned a new numbered set that is the combination of CPUs allowed to the attaching process and the jail. Processes belonging to the superuser will implicitly widen their CPU mask as needed if they share no CPUs in common with the jail. Overhauled the in-kernel cryptographic framework to better support modern cryptographic algorithms as well as simplify the interface for both device drivers and framework consumers. gitref:c03414326909[repository=src] {{< sponsored "Chelsio Communications" >}} man:geli[8] now reports the use of accelerated software cryptography (such as AES-NI on x86 CPUs) as "accelerated software" rather than "hardware". This is purely a change in naming, and does not imply reduced performance or support. gitref:a3d565a1188f[repository=src] {{< sponsored "Chelsio Communications" >}} Removed support for Kerberos GSS algorithms deprecated by RFCs 6649 and 8429. gitref:dee3aa83d1b6[repository=src] {{< sponsored "Chelsio Communications" >}} Removed support for previously-deprecated algorithms in man:geli[8]. gitref:e2b9919398c3[repository=src] {{< sponsored "Chelsio Communications" >}} Removed support for IPsec algorithms deprecated by RFC 8221 as well as Triple DES. gitref:16aabb761c0a[repository=src] {{< sponsored "Chelsio Communications" >}} Removed support for previously-deprecated cryptographic algorithms from man:cryptodev[4] and the in-kernel cryptographic framework. gitref:6c80c319ef88[repository=src] {{< sponsored "Chelsio Communications" >}} Refactored the amd64 DMAR driver to provide a generic I/O MMU framework which can be used by other architectures. As part of this, renamed the amd64-specific `ACPI_DMAR` kernel option to `IOMMU`. gitref:6186bfbd1880[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} Added a driver for the Arm System Memory Management Unit version 3.2 to the aarch64 architecture. The driver is enabled by the `IOMMU` kernel option. gitref:4cc8701067e1[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} {{< sponsored "Innovate UK" >}} The GENERIC kernels for amd64 and i386 now include man:aesni[4] to support accelerated software cryptography for man:geli[8] by default. gitref:074a91f746bd[repository=src] The GENERIC kernel for aarch64 now includes man:armv8crypto[4] to support accelerated software cryptography for man:geli[8] by default. gitref:074a91f746bd[repository=src] Added Safe Memory Reclamation (SMR) to the kernel, a light weight variant of epoch reclamation closely coupled to man:uma[9]. This has been applied in parts of the VM subsystem and VFS layer to improve scalability on high core count systems. gitref:d4665eaa6638[repository=src] Removed support for procfs-based process debugging. gitref:59838c1a197[repository=src] Added the man:netgdb[4] facility, allowing the man:gdb[4] kernel debugger to be used over the network. gitref:dda17b3672f2[repository=src] Added the man:backlight[9] subsystem. gitref:675aae732d3[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Added a CAM-Newbus SDIO support module. gitref:67ca7330cf3[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers Removed several network drivers for obsolete Ethernet adapters: * man:bm[4] BMAC gitref:9e774e53407b[repository=src] * man:cs[4] Crystal Semiconductor CS8900/CS8920 gitref:e1edf1240b33[repository=src] * man:de[4] DEC DC21x4x gitref:08ac01a92c88[repository=src] * man:ed[4] NE-2000 and WD-80x3 gitref:05aa6e583be3[repository=src] * man:ep[4] 3Com Etherlink III (3c5x9) ISA gitref:e153ee663af1[repository=src] * man:ex[4] Intel EtherExpress Pro/10 and Pro/10+ gitref:3ee01a13855b[repository=src] * man:fe[4] Fujitsu MB86960A/MB86965A gitref:dd262716a1e0[repository=src] * man:hme[4] Sun Microelectronics STP2002-STQ gitref:9ee99cec1f36[repository=src] * man:pcn[4] AMD PCnet gitref:607790d10fdb[repository=src] * man:sf[4] Starfire gitref:3b70dd81f56f[repository=src] * man:sn[4] SMC 91Cxx gitref:90089841deba[repository=src] * man:tl[4] Texas Instruments ThunderLAN gitref:7c897ca91fe1[repository=src] * man:tx[4] SMC 83c17x gitref:b1b1c2fe385c[repository=src] * man:txp[4] 3Com 3XP Typhoon/Sidewinder (3CR990) gitref:be345ff023d9[repository=src] * man:vx[4] 3Com EtherLink III / Fast EtherLink III (3c59x) PCI gitref:e8504bf9e7a0[repository=src] * man:wb[4] Winbond W89C840F gitref:02fae06a11b4[repository=src] * man:xe[4] Xircom PCMCIA gitref:7a582e5374c8[repository=src] The man:qat[4] driver has been added, supporting some of the cryptographic acceleration functions of the Intel QuickAssist (QAT) device. The man:qat[4] driver supports the QAT devices integrated with Atom C2000 and C3000 and Xeon C620 and D-1500 platforms, and the Intel QAT Adapter 8950. gitref:72143e89bb43[repository=src] {{< sponsored "Rubicon Communications, LLC (\"Netgate\")" >}} Removed the man:ubsec[4] driver for obsolete Broadcom BCM58xx crypto accelerators. gitref:97e251327f95[repository=src] {{< sponsored "Chelsio Communications" >}} Removed the deprecated man:ufm[4] driver for USB FM tuners. gitref:209d3fb41fe[repository=src] Removed the deprecated man:ctau[4] and man:cx[4] drivers. gitref:2733d8c96c6f[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Removed the man:vpo[4] driver for parallel port SCSI adapters. gitref:51691e26d06[repository=src] A new man:safexcel[4] driver supports cryptographic requests via the EIP-97 packet processing module found on the ESPRESSObin. gitref:b356ddf07671[repository=src] {{< sponsored "Rubicon Communications, LLC" >}} A new man:usbhid[4] driver uses drivers from the man:hid[4] framework for USB HID devices instead of man:ukbd[4], man:ums[4], and man:uhid[4]. man:usbhid[4] is enabled by adding `hw.usb.usbhid.enable=1` to [.filename]#/boot/loader.conf# and adding `usbhid` to `kld_list=""` in [.filename]#/etc/rc.conf#. gitref:b62f6dfaed3d[repository=src] The suite of VirtIO device drivers now support the VirtIO V1 spec. This improves FreeBSD's compatibility as a guest operating system with various hypervisors and emulators including the ability to run on the link:https://wiki.qemu.org/images/4/4e/Q35.pdf[Q35 chipset] under QEMU. A new man:ossl[4] driver supports optimized software cryptography on aarch64, amd64, and i386 using assembly routines from OpenSSL. gitref:ba610be90a7c[repository=src] {{< sponsored "Netflix" >}}, gitref:22bd0c9731d7[repository=src] {{< sponsored "The FreeBSD Foundation" >}} The man:armv8crypto[4] driver which supports software cryptography on ARMv8 CPUs now supports AES-XTS which is used by man:geli[8]. gitref:4979620ece98[repository=src] The man:armv8crypto[4] driver now supports AES-GCM which is used by IPsec and kernel TLS. gitref:f76393a6305b6[repository=src] {{< sponsored "Ampere Computing" >}} man:ixl[4] was ported to powerpc64. gitref:c5568ba08741[repository=src] man:mrsas[4] was ported to powerpc64. gitref:e34a057ca6eb[repository=src] man:aacraid[4] was ported to powerpc64. gitref:d8c51c6f74b6[repository=src] man:virtio[4] was ported to powerpc64. gitref:f272c8de6e47[repository=src] man:hwpmc[4] gained support for POWER8 and POWER9. gitref:68dd71825601[repository=src] man:cpld[4] driver was written for powerpc64 and powerpcspe. gitref:2a05eb9f3c4b[repository=src], gitref:ccb1ebe01caa[repository=src] The man:cgem[4] ethernet driver now supports 64-bit physical addresses. gitref:facdd1cd2045[repository=src] Added the man:axp[4] driver, supporting the 10G ethernet controller found on AMD EPYC processors. gitref:7113afc84c0[repository=src] Added support for Intel Speed Shift to man:cpufreq[4]. gitref:4577cf3744b[repository=src] Added a driver for pwm-backlight compatible devices, such as the one found on the Pinebook and Pinebook Pro. gitref:38d94a4bc75[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-general]] === General Storage For man:iscsi[4] and man:ctld[8], support for specifying network QoS in the form of DiffServ Codepoints (DSCP) and Ethernet Priority Code Point (PCP) was added. gitref:ddf1072aac49[repository=src] {{< sponsored "NetApp" >}} The man:ctld[8] utility now supports the `-f` flag to test the validity of configuration files. gitref:7fcbecd004f[repository=src] Removed the man:nand[4] device framework and man:nandfs[5] filesystem and associated utilities. gitref:f5a95d9a0794[repository=src] Removed the `GEOM_SCHED` class and accompanying man:gsched[8] tool. gitref:86c06ff8864[repository=src] man:gnop[8] can now apply configurable delays to read and write requests to simulate a slow disk. gitref:4f80c85519d5[repository=src] The kernel now provides a default implementation for the `SEEK_DATA` and `SEEK_HOLE` man:ioctl[2]'s for filesystems which do not support sparse files. gitref:2e1b32c0e3fc[repository=src] The NFS client and server now support NFSv4.2 (RFC 7862) and Extended Attributes (RFC 8276). gitref:c057a378180e[repository=src] Attempts to read a directory fail with `EISDIR` by default. The `-d skip` flags can be passed to man:grep[1] to suppress errors in stderr when non-recursively grepping a list that includes directories. gitref:dcef4f65ae39[repository=src] The NFS server now permits credentials specified via `-maproot` or `-mapall` in man:exports[5] to include more than 16 groups. gitref:cc5efdde94bf[repository=src] The NFS client and server now support NFS over TLS. The additional userland daemons are not built by default but can be enabled by building a new world that includes a KTLS-enabled OpenSSL via the `WITH_OPENSSL_KTLS` option. gitref:6e4b6ff88fde[repository=src], gitref:2c76eebca71b[repository=src], gitref:59f6f5e23c1a[repository=src] A new `nfsv4_server_only` variable can be set to `YES` in [.filename]#/etc/rc.conf# to only enable support for NFSv4. This avoids the need to run man:rpcbind[8] on an NFS server. gitref:4389a5661034[repository=src] Updated the man:fusefs[5] protocol to 7.28 along with adding support for `FUSE_COPY_FILE_RANGE` and `FUSE_LSEEK`. gitref:92bbfe1f0d1f[repository=src] The ZFS implementation is now provided by OpenZFS. gitref:9e5787d2284e[repository=src] {{< sponsored "iXsystems" >}} Added the man:pvscsi[4] driver, supporting the para-virtualized SCSI controller in VMWare products like ESXi. gitref:052e12a5084[repository=src] {{< sponsored "VMWare" >}} {{< sponsored "Panzura" >}} [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. The man:efibootmgr[8] utility now supports the `-b` flag to specify an index of a specific boot entry to create or modify. gitref:a2581e80212[repository=src] {{< sponsored "Netflix" >}} The man:efibootmgr[8] utility now supports the `-E` flag to query which EFI System Partition was used to boot the system. gitref:1cdb8eb8fe1[repository=src] {{< sponsored "Netflix" >}} The man:efibootmgr[8] utility now supports the `-f` and `-F` flags to set or clear a request to boot to the UEFI user interface on the next boot. gitref:83c4237258d[repository=src] {{< sponsored "Ampere Computing, Inc." >}} Prior releases had a complete ms-dos formatted filesystem packaged into boot1.efifat. Older versions of FreeBSD installed this filesystem image into a raw partition. However, uses of the ESP have proliferated, making this inflexible approach no longer desirable. Users have varied needs for the size of this partition, and multiple booting setups require more detailed access. To update old ESP partitions, users should stop using the man:gpart[8] utility. Instead, ESP partitions should be mounted as MS-DOS filesystems as [.filename]#/boot/efi#, and [.filename]#/boot/loader.efi# should be copied to [.filename]#/boot/efi/efi/boot/bootx64.efi# if the default setup is use. If the man:efibootmgr[8] utility is used to customize the boot environment, this file should be copied to the location set with the `-l` flag. [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network A new type of man:mbuf[9] (network data buffer) can represent multiple, unmapped physical pages as a single buffer. This improves the performance of man:sendfile[2] by reducing the length of mbuf linked lists in socket buffers. gitref:82334850ea45[repository=src], gitref:cec06a3edc52[repository=src] {{< sponsored "Netflix" >}} The kernel now supports in-kernel framing and encryption of Transport Layer Security (TLS) data on TCP sockets for TLS versions 1.0 through 1.3. Transmit offload via in-kernel crypto drivers is supported for MtE cipher suites using AES-CBC as well as AEAD cipher suites using AES-GCM. Receive offload via in-kernel crypto drivers is supported for AES-GCM cipher suites for TLS 1.2. Using KTLS requires the use of a KTLS-aware userland SSL library. The OpenSSL library included in the base system does not enable KTLS support by default, but support can be enabled by building with the `WITH_OPENSSL_KTLS` option. gitref:b2e60773c6b0[repository=src], gitref:6554362c6640[repository=src], gitref:f1f934754638[repository=src], gitref:3c0e56850511[repository=src], gitref:c1c52cd57e88[repository=src] {{< sponsored "Netflix" >}} {{< sponsored "Chelsio Communications" >}} man:tcp[4] now supports Proportional Rate Reduction (as described by RFC6937) to improve SACK loss recovery during burst loss and ACK thinning scenarios. This feature is enabled by default. A new man:sysctl[8], `net.inet.tcp.do_prr`, can be set to `0` to restore the prior behavior. PRR should generally help improve loss recovery performance and prevent numerous preventable retransmit timeout (RTO) stalls. This surpasses the prior behavior, but a strictly packet conserving variant can be enabled. A misconfigured token bucket traffic policer can cause persistent loss even during loss recovery. In that case, activating the conservative PRR variant may prevent some retransmission timeouts (RTO) and associated session stalls for a few milliseconds while behaving less optimal in the general case. A new man:sysctl[8], `net.inet.tcp.do_prr_conservative`, can be set to `1` to enable strictly packet conserving behavior (at most 1 segment for each ACK received), while the normal variant may send up to 2 segments per received ACK - helping in cases of ACK thinning or significant burst loss events. gitref:0e1d7c25c5ab[repository=src] {{< sponsored "NetApp" >}} The man:cc_cubic[4] man:tcp[4] congestion control algorithm aligns more closely with the standard in RFC8312. gitref:40f9078ff9d9[repository=src] {{< sponsored "NetApp" >}} The amount of queued packets in for unresolved ARP/NDP entries has been increased to 16. gitref:0da3f8c98d17d9[repository=src] Stacked VLAN (802.1ad) support has been added. gitref:c7cffd65c5d8[repository=src]. The man:ping[8] utility now supports setting network QoS, with IP DSCP gitref:6034024daddb[repository=src] and Ethernet PCP gitref:81a6f4c7ae69[repository=src]. {{< sponsored "NetApp" >}} Merged the man:ping[8] and man:ping6[8] utilities. man:ping[8] supports both IPv4 and IPv6. A legacy man:ping6[8] is retained for backwards compatibility. gitref:3cde9171d2d5[repository=src] SCTP support is now available as a new [.filename]#sctp.ko# kernel module and is no longer compiled into GENERIC by default. gitref:e64080e79c53[repository=src] {{< sponsored "The FreeBSD Foundation" >}} -[[[network-routing]] -=== Routing +[[network-routing]] +== Routing FreeBSD 13 features a rewritten routing stack. It is based on the introduction of nexthops - objects holding all necessary state to pass a packet to the desired destination. gitref:a666325282ea[repository=src] + Multipath routing support has been rewritten in more scalable fashion, featuring 64-wide multipath routes with O(1) lookup time. gitref:fedeb08b6a58[repository=src]. The `RADIX_MPATH` kernel option got replaced with `ROUTE_MPATH`, which is turned on by default. Additionally, the `net.route.multipath` sysctl has been added to control the feature in runtime. gitref:d1d941c5b910[repository=src], gitref:d5fe384b4d41[repository=src] + Support for custom route lookup algorithms has been added. The framework decouples control-plane and data-plane, resulting in both faster lookups and better convergence times for large tables under load. gitref:f5baf8bb12f3[repository=src] + DPDK librte-based IPv4/IPv6 route lookup algorithms has been added, optimising control-plane and data-plane for large routing tables. gitref:537d13437314[repository=src] Interface fib is now used for proxyarp checks. gitref:66bc03d41566[repository=src] + Loopback route installation has been fixed for the interfaces in different fibs using the same prefix. gitref:9fdbf7eef5c0[repository=src] + Number of fibs can now be changed at runtime by controlling `net.fibs` sysctl. gitref:f5247a232a33[repository=src] + `net.add_addr_allfibs` sysctl default has been changed to 0. gitref:2d3982419593[repository=src] Temporal routes (routes with `-expire` time set) expiration have been for both IPv4 and IPv6. gitref:34a5582c47c7[repository=src] + Duplicate routes installation issue for /32 or /128 interface aliases has been fixed. gitref:81728a538d24[repository=src] + IPv6 interface routes are now marked with RTF_PINNED like their IPv4 counterparts. gitref:81728a538d24[repository=src] + The {{< manpage "route" "8">}} network auto-guessing has been eliminated by removing remnants of classful behavior. gitref:d28210b2c2aa[repository=src] + Sysctl `net.inet6.ip6.deembed_scopeid` , making it possible to disable IPv6 scope de-embedding, has been removed. gitref:bec053ffe01d[repository=src] [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. === AMD64 The amd64 architecture now supports Hygon Dhyana Family 18h processors. gitref:2ee49fac82fc[repository=src] The amd64 architecture now supports 57-bit virtual addresses (LA57) on supported CPUs. This permits user processes to use up to 56 bits of virtual address space. This also includes support for five layer nested page tables used by bhyve. gitref:9ce875d9b59d[repository=src] {{< sponsored "The FreeBSD Foundation" >}} [[ARM-ARM64]] === arm64 The 64-bit ARM architecture known as arm64 or AArch64 is promoted to Tier-1 status for FreeBSD 13. https://lists.freebsd.org/pipermail/freebsd-arm/2021-April/023602.html[Announcement] Added a driver for the Broadcom "GENET" ethernet driver found on the Raspberry Pi 4B. It was derived in part from NetBSD's version of the driver. gitref:2cd0c529781a[repository=src] Added support for using Address Space Identifiers (ASIDs) to the arm64 pmap. This improves TLB utilization for some workloads. gitref:50e3ab6bcf8c[repository=src] The man:linux[4] ABI compatibility layer is now enabled by default. gitref:6659d8e7c26[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Added support for the man:gdb[4] kernel debugger. gitref:bbfa199cbc16[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Added support for building ISO installer images. gitref:6dadc5d1cdec[repository=src] {{< sponsored "The FreeBSD Foundation" >}} Added SD card configuration files for the Rock64 and RockPro64. gitref:b407a449ac4c[repository=src] gitref:0edb2e1d0caa[repository=src] === ARMv5 Removed support for version 5 of the 32-bit ARM architecture. Building for `TARGET=arm` now defaults to a `TARGET_ARCH` of `armv7`. gitref:eb4977bd0fb2[repository=src] === Allwinner The aw_gpio driver now suppots GPIO interrupts. gitref:0fe5379c6a9[repository=src] A new aw_pwm driver supports Pulse Width Modulation (PWM) hardware on Allwinner boards. PWM channels can be configured with man:pwm[8]. gitref:277a038d0da[repository=src] The AXP803/AXP813 drivers now report battery sensor information. gitref:66bddb4c701[repository=src] Audio now works on H3/H5 SoCs. gitref:bfcf888a87a[repository=src] Infrared receiver now works on the H3 SoC. gitref:012fba460ac[repository=src] USB DRD now works on multiple Allwinner SoCs. This means that some USB ports can be used as peripherals. gitref:aea49d9fed9[repository=src] === RockChip A new rk_pwm driver supports PWM hardware on the RK3399. PWM channels can be configured with man:pwm[8]. gitref:bcd380e88b2[repository=src] External PCI-express adapters are now supports for the RK3399 SoC. gitref:dfd1d0fcabe[repository=src] USB3 found in RK3328 and RK3399 is now supported. gitref:7d888a5b2be[repository=src] if_dwc now supports flow control. gitref:2b4a66ed171[repository=src] if_dwc now supports checksum offloading. gitref:98ea5a7b9a1[repository=src] === POWER All powerpc architectures switched to LLVM and are currently mostly similar to amd64 toolchain-wise. gitref:678da4a27447[repository=src] powerpc (32-bit) switched to Secure-PLT. gitref:e861dab45186[repository=src] powerpc64le (64-bit little endian port) was introduced, targeting POWER8 and newer processors. gitref:b75abea4d087[repository=src] Radix MMU support for powerpc64 and powerpc64le (experimental, disabled by default). gitref:65bbba25d214[repository=src] Superpages support for powerpc64 and powerpc64le (experimental, disabled by default). gitref:e2d6c417e303[repository=src] LinuxKPI support. gitref:937a05ba81c3[repository=src] Support QEMU/KVM pseries without hugepages. gitref:b934fc74683b[repository=src] Support for handling kernel minidumps. gitref:d3c34fc0f473[repository=src] Optimized memcpy, memmove, bcopy, strncpy and strcpy. gitref:e16c18650cdc[repository=src], gitref:181e35008cfb[repository=src], gitref:075fb85f0904[repository=src] XIVE interrupt controller driver for POWER9, which improves performance by about 10%. gitref:d49fc192c141[repository=src] Converting pmap drivers to ifunc improved performance by about 20%. gitref:45b69dd63[repository=src] Plenty of stability fixes, which fix many kernel panics. Plenty of other performance improvements - performance during bulk -a package building is at least 60% higher. === Sparc Removed support for the `sparc64` architecture (SPARC 9). gitref:58aa35d42975[repository=src] [[hardware-virtualization]] === Virtualization Support The man:bhyve[8] utility supports additional COM3 and COM4 serial ports. gitref:eed1cc6cdfa[repository=src] Removed the deprecated bvmconsole and bvmdebug device models from man:bhyve[8] and the associated kernel device drivers for FreeBSD guests. gitref:c4df8cbfde5[repository=src] The man:bhyve[8] utility works reliably with more VNC clients including the macOS "Screen Sharing" application. gitref:2bb4be0f865[repository=src] The man:bhyve[8] utility now supports VirtIO-9p (aka VirtFS) filesystem sharing. gitref:100353cfbf8[repository=src] {{< sponsored "Conclusive Engineering (development), vStack.com (funding)" >}} The man:bhyve[8] utility now supports virtual machine snapshots. This feature is still in active development and is not yet enabled by default. gitref:483d953a86a[repository=src] {{< sponsored "University Politehnica of Bucharest, Matthew Grooms (student scholarships), iXsystems" >}} The man:bhyve[8] utility now supports a VM Generation Counter ACPI device. gitref:9cb339cc7b8[repository=src] The man:bhyve[8] utility now supports PCI HDAudio devices. gitref:7e3c7420615[repository=src] [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[ports-packages]] === Packaging Changes [[future-releases]] == General Notes Regarding Future FreeBSD Releases [[future-releases-cputype]] === Default `CPUTYPE` Change The default `CPUTYPE` for the i386 architecture is now `686` (instead of `486`). This means that binaries require a 686-class CPU by default including, but not limited to, binaries provided by the FreeBSD Release Engineering team. The FreeBSD 13.0 code base continues to support older CPUs. Users who need to run on 486- or 586-class CPUs need to build their own releases. As the embedded market is the primary user of cores based on i486 and i586, end-user impact is expected to be minimal. Most embedded systems have custom builds already. Although some minor adjustments will be necessary, it will be on par with the effort required to move between major versions. Server and desktop machines based on these CPU types are generally over 20 years old. Most have been retired or are too resource poor to make FreeBSD 13.0 an attractive upgrade. There were several factors taken into account for this change. Most applications need 64-bit atomics for proper operation. While those operations can be emulated in the kernel on i486, they cannot be emulated in userland. Updating the default allows compiler generated code to select the right atomics in those cases, allow better optimizations and produce better error messages when necessary. The older library and/or include file approaches are much less optimal in resulting code and diagnostics. Current compiler technology produces better, faster, and/or smaller binaries for i686 than for i486. Several bugs in compiler support for i486 code generation attest to its lesser use in the wider ecosystem. In the wider ecosystem, i686 has been the default for many years so has received more testing and more optimization. Finally, the 32-bit amd64 libraries have been i686 since their inception. These factors strongly suggest that a i686 default will provide such an improved enough user experience to offset the minor pain for those few users of the older technology. As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the `COMPAT_FREEBSD32` option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux(R) distributions have been doing for quite some time. This is expected to be the final bump of the default `CPUTYPE` in i386.