git: bc9dae715f - main - 13.3 relnotes: first draft

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mike Karels <karels_at_FreeBSD.org>
Date: Thu, 22 Feb 2024 00:12:42 UTC
The branch main has been updated by karels:

URL: https://cgit.FreeBSD.org/doc/commit/?id=bc9dae715fc0384bffcfa8de20f8d9c047b94e33

commit bc9dae715fc0384bffcfa8de20f8d9c047b94e33
Author:     Mike Karels <karels@FreeBSD.org>
AuthorDate: 2024-02-22 00:11:32 +0000
Commit:     Mike Karels <karels@FreeBSD.org>
CommitDate: 2024-02-22 00:11:32 +0000

    13.3 relnotes: first draft
    
    Flesh out the 13.3 release notes with information from git commits
    with Relnotes: yes, entries in RELNOTES, and some information from
    UPDATING.
    
    Reviewed by:    jhb, emaste
    Differential Revision:  https://reviews.freebsd.org/D43995
---
 website/content/en/releases/13.3R/relnotes.adoc | 112 +++++++++++++++++++++++-
 1 file changed, 111 insertions(+), 1 deletion(-)

diff --git a/website/content/en/releases/13.3R/relnotes.adoc b/website/content/en/releases/13.3R/relnotes.adoc
index b2cacf3096..ced30aebaa 100644
--- a/website/content/en/releases/13.3R/relnotes.adoc
+++ b/website/content/en/releases/13.3R/relnotes.adoc
@@ -7,6 +7,7 @@ sidenav: download
 :releaseBranch: 13-STABLE
 :releasePrev: 13.2-RELEASE
 :releaseNext: 13.4-RELEASE
+:releasePrev14: 14.0-RELEASE
 :releaseType: release
 
 include::shared/en/urls.adoc[]
@@ -47,7 +48,7 @@ Typically, it contains information on known bugs, security advisories, and corre
 An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site.
 
 This document describes the most user-visible new or changed features in FreeBSD {releaseBranch} since {releasePrev}.
-Note that some of the changes described here are also available in FreeBSD 14.0-RELEASE.
+Note that some of the changes described here are also available in FreeBSD {releasePrev14}.
 
 Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades.
 They may also list changes to major ports/packages or release engineering practices.
@@ -111,12 +112,57 @@ This section covers changes and additions to userland applications, contributed
 // A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`.
 // gitref:1234567890ab[repository=src] (Sponsored by The FreeBSD Foundation)
 
+The man:libtacplus[3] library has been improved so that man:tacplus.conf[5] now follows POSIX shell syntax rules.
+This may cause TACACS+ authentication to fail if the shared secret contains a single quote, double quote, or backslash character which isn't already properly quoted or escaped.
+The library allows additional AV pairs to be configured, up to 255.
+gitref:5761f8a7de9f[repository=src] (Sponsored by Klara, Inc.)
+
+Programs such as man:login[1] that utilize man:setusercontext[3] will now allow the process priority to be set from the [.filename]#~/.login_conf# file if the credentials permit setting it.
+Also, the priority may be specified in man:login.conf[5] as `inherit`, indicating that the process priority is inherited from the parent process.
+Similarly, the `umask` value may now be specified as `inherit`.
+gitref:8b359002747a[repository=src] gitref:e074746fec21[repository=src] gitref:16e02df98ad6[repository=src] (Sponsored by Kumacom SAS)
+
+The configuration file and security output changes reported by man:periodic[8] that are emailed to system administrators now use reduced context to minimize unrelated content.
+The options passed to man:diff[1] to produce the daily output can be controlled by a `daily_diff_flags` variable in man:rc.conf[5];
+the options passed to man:diff[1] for the security scripts are controlled by
+`security_status_diff_flags`.
+gitref:4c14a3a6aebe[repository=src] gitref:6d9195b5f763[repository=src]
+
 [[userland-programs]]
 === Userland Application Changes
 
+The man:head[1] and man:tail[1] programs now support the `-q` (quiet) and `-v` (verbose) options consistently.
+Numeric arguments may now use SI suffixes supported by man:expand_number[3].
+gitref:585762c3733f[repository=src]
+
+The man:objdump[1] utility from LLVM is now available.
+Some LLVM objdump options have a different output format than GNU objdump; man:readelf[1] is available for inspecting ELF files, and GNU objdump is available from the [.filename]#devel/binutils# port or package.
+
+
 [[userland-contrib]]
 === Contributed Software
 
+The `libfido2` authentication token library has been updated to version 1.13.0.
+gitref:b27bad1e0373[repository=src] gitref:079a1c2059e7[repository=src] gitref:d79e0d1735e3[repository=src] (Sponsored by The FreeBSD Foundation)
+
+`LLVM` and the `clang` compiler have been upgraded to version 17.0.6.
+
+`sendmail` has been upgraded to version 8.18.1. 
+This version enforces stricter RFC compliance by default, especially with respect to line endings.
+This may cause issues with receiving messages from non-compliant MTAs; please see the first 8.18.1 release note in link:https://ftp.sendmail.org/RELEASE_NOTES[https://ftp.sendmail.org/RELEASE_NOTES] for mitigations.
+gitref:b36ddb27b3b9[repository=src]
+
+`OpenSSH` has been updated to version 9.6p1, including a number of security fixes.
+The most significant are fixes for a newly-discovered weakness in the SSH transport protocol.
+man:ssh-keygen[1] now generates Ed25519 keys by default.
+man:sshd[8] now accurately preserves quoting of subsystem commands and arguments.
+gitref:f26eafdfafb0[repository=src] gitref:221a6bc397ad[repository=src] gitref:2cd20d9bc807[repository=src] (Sponsored by The FreeBSD Foundation)
+
+`tzdata` has been upgraded to version 2024a.
+
+The man:zlib[3] library has been updated to version 1.3.1.
+gitref:f2de7ba78a49[repository=src] gitref:05e3998add1c[repository=src]
+
 [[userland-libraries]]
 === Runtime Libraries and API
 
@@ -128,6 +174,9 @@ This section covers changes to kernel configurations, system tuning, and system
 [[kernel-general]]
 === General Kernel Changes
 
+The man:intro[9] introduction to the kernel programming interfaces has been completely rewritten.
+gitref:5a0c410787b8[repository=src] gitref:221a6bc397ad[repository=src] gitref:2cd20d9bc807[repository=src] (Sponsored by The FreeBSD Foundation)
+
 [[drivers]]
 == Devices and Drivers
 
@@ -136,6 +185,12 @@ This section covers changes and additions to devices and device drivers since {r
 [[drivers-device]]
 === Device Drivers
 
+Multiple PCI MCFG regions are now supported on x86 systems, enabling support for PCI config access for domains (segments) other than 0.
+gitref:0fb0306a89ad[repository=src]
+
+The man:smsc[4] driver for USB Ethernet adapters will now obtain the MAC address from bootargs on Raspberry Pi systems that pass it, and will otherwise fall back to use of man:ether_gen_addr[9] to generate a stable MAC address if none is provided by the hardware.
+gitref:3d96ee7c7dcc[repository=src]
+
 [[storage]]
 == Storage
 
@@ -144,9 +199,29 @@ This section covers changes and additions to file systems and other storage subs
 [[storage-nfs]]
 === NFS Changes
 
+The NFS server (man:nfsd[8], man:nfsuserd[8], man:mountd[8], man:gssd[8], and man:rpc.tlsservd[8]) can be run in an appropriately configured vnet jail.
+The vnet jail must be on its own file system, have the `allow.nfsd` jail parameter set on it, and `enforce_statfs` cannot be set to `0`.
+Use of UDP and pNFS server configurations are not permitted.
+See man:jail[8], man:nfsd[8], and man:mountd[8].
+gitref:b4805d577787[repository=src]
+
+A new `syskrb5` mount option is available that allows a Kerberized NFSv4.1/4.2 mount to be done without any Kerberos credential (TGT or keytab) at mount time.
+See man:mount_nfs[8].
+gitref:0644746d5091[repository=src]
+
 [[storage-ufs]]
 === UFS Changes
 
+[[storage-zfs]]
+=== ZFS Changes
+
+`OpenZFS` has been upgraded to version 2.1.14.
+gitref:7005cd440405[repository=src] gitref:e6c1e181ba7f[repository=src] gitref:d9a61490b098[repository=src] gitref:f5eac6541278[repository=src]
+
+The man:zfsd[8] daemon will now fault disks that generate too many I/O delay events.
+gitref:e2ce586899ff[repository=src] (Sponsored by Axcient)
+
+
 [[boot]]
 == Boot Loader Changes
 
@@ -163,6 +238,41 @@ This section describes changes that affect networking in FreeBSD.
 [[network-general]]
 === General Network
 
+Support for IPv6 RFC 4620 nodeinfo is now disabled by default.
+gitref:5c4e8a631097[repository=src] (Sponsored by The FreeBSD Foundation)
+
+pf filter rules can be optionally enabled for packets delivered locally
+to enable pf rdr rules for connections initiated from the host.
+This can change the behavior of rules which match packets delivered to `lo0`.
+To enable this feature, use the commands `sysctl net.pf.filter_local=1; service pf restart`.
+When enabled, it is best to ensure that packets delivered locally are not filtered, e.g. by adding a "set skip on lo" rule.
+gitref:6dfb2c2dce0f[repository=src]
+
 [[future-releases]]
 == General Notes Regarding Future FreeBSD Releases
 
+FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7.
+The armv6, i386, and powerpc platforms are deprecated and will be removed.
+64-bit systems will still be able to run older 32-bit binaries.
+
+We expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15.
+However, we also anticipate that armv7 may be removed in FreeBSD 16.0.
+We will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release.
+
+Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches.
+Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#.
+
+Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases.
+These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms.
+
+The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support.
+Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system.
+However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms.
+
+With the current support schedule, stable/14 will reach end of life (EOL) 5 years after the release of FreeBSD {releasePrev14}.
+The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports.
+With the release of {releasePrev14} in November 2023, support for deprecated 32-bit platforms will end in November 2028.
+
+The project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later.
+Any alterations will be driven by community feedback and committed efforts to support these platforms.
+Use FreeBSD {releasePrev14} and following minor releases, or the stable/14 branch, to migrate off 32-bit platforms.