From nobody Thu Feb 22 00:12:42 2024 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TgD9k5VfZz5BfM6 for ; Thu, 22 Feb 2024 00:12:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TgD9k4fpzz4Xbk; Thu, 22 Feb 2024 00:12:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708560762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1HIe1Jmgb226XnIzvaEzXLgLw3cGegUJdRXdcNZh7Bg=; b=Lz1MAVAbQQkYRolsPkHpIEO+c2HFKWhzEjy2oXxfW7iSWr9gwU0H1jkT/R9WTdMsi7/f3+ TauN5GhotEqXe1eyusrkj4fzaFtsVwhl0APzu+JR8WYITsHplXUhCgtHrMiGbn4DiI1K0S fnYep06Tmwu2aM+EO2OKEGd4Sf+a4XwvWj+IHDjYN2UiGamdMfYykNaHs3OtjKsXSrywVc NMsvaV6skwqicc6XDXhfgf7D4u0pLZFTt4ZCITDyfcKus+RySUVhO57DdkPUaZTCEbzIX/ EGcfGeKIqghdi7ozDpL/wvy/eltvwNEvKcrmpPY5VaJ2JkyoELcl6X/UHVHGwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708560762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1HIe1Jmgb226XnIzvaEzXLgLw3cGegUJdRXdcNZh7Bg=; b=mwBhQoiVh54qXWG7T3Pvj/bCR8Ma6R3QvKZ4DAGfJLmBeDyaNLSVxQTqWLlnR6SvbCcGrF +CLX6Y+zuSyW/xRIUIDlGnVSrGQrUZX6RJG3kPAHJ8QaJvmllR/Uu4IKPWrYe94XSqEa+O ZD9gJxIf1k5vcmjgvW5LqgbBmUe/6y8hCyqVtGvaigh1GBc2uK4w23nSn1TQnz1FyudqRn nbYkCLhSVJs1bMEwWaCRhNFM+a/2LNNid3RV51jdSpyDiw1gATHAtSA4bPiQIhNlK5/96/ hOmX0bHryO++JFQlMM7C8ZmGzuVAULk1i2DnTFIQAKnuBMONp0W2yjb25tj/yQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708560762; a=rsa-sha256; cv=none; b=bN4IwJJJzmy5ES3qYa3NrizaEe4JAC9sD6jW/4XPP36Nh9OIYOgLbNGT9+6IrB/VjPEPe/ 0Bsos68Z+KtM5YK9hFrdai88JI01W7Jgf4H56yfzOmBAvjWOWSBIRNEGbQ+8EDQ6CYtijK neQpBELOo00VPM2BKtg/MQmLu4lVKECif6t8EqFBdK/H6tFUHvNMas/3TceiZXDqNSmetU BMLDvf6Fx2NsPvnwR664seJPIU78lBKEaeZpEbd3z/mn3H4UBDgJLsMvABbe0GJJv5V3qC xmKM9xkhjCWSamTU/tOZ/mBI/4ypYcKbNOEIXhTM5l/yTzegWWhdWJFfPS4bLg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TgD9k3kd3z1Nwf; Thu, 22 Feb 2024 00:12:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41M0CgKa072867; Thu, 22 Feb 2024 00:12:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41M0CgE2072864; Thu, 22 Feb 2024 00:12:42 GMT (envelope-from git) Date: Thu, 22 Feb 2024 00:12:42 GMT Message-Id: <202402220012.41M0CgE2072864@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Mike Karels Subject: git: bc9dae715f - main - 13.3 relnotes: first draft List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: karels X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bc9dae715fc0384bffcfa8de20f8d9c047b94e33 Auto-Submitted: auto-generated The branch main has been updated by karels: URL: https://cgit.FreeBSD.org/doc/commit/?id=bc9dae715fc0384bffcfa8de20f8d9c047b94e33 commit bc9dae715fc0384bffcfa8de20f8d9c047b94e33 Author: Mike Karels AuthorDate: 2024-02-22 00:11:32 +0000 Commit: Mike Karels CommitDate: 2024-02-22 00:11:32 +0000 13.3 relnotes: first draft Flesh out the 13.3 release notes with information from git commits with Relnotes: yes, entries in RELNOTES, and some information from UPDATING. Reviewed by: jhb, emaste Differential Revision: https://reviews.freebsd.org/D43995 --- website/content/en/releases/13.3R/relnotes.adoc | 112 +++++++++++++++++++++++- 1 file changed, 111 insertions(+), 1 deletion(-) diff --git a/website/content/en/releases/13.3R/relnotes.adoc b/website/content/en/releases/13.3R/relnotes.adoc index b2cacf3096..ced30aebaa 100644 --- a/website/content/en/releases/13.3R/relnotes.adoc +++ b/website/content/en/releases/13.3R/relnotes.adoc @@ -7,6 +7,7 @@ sidenav: download :releaseBranch: 13-STABLE :releasePrev: 13.2-RELEASE :releaseNext: 13.4-RELEASE +:releasePrev14: 14.0-RELEASE :releaseType: release include::shared/en/urls.adoc[] @@ -47,7 +48,7 @@ Typically, it contains information on known bugs, security advisories, and corre An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD {releaseBranch} since {releasePrev}. -Note that some of the changes described here are also available in FreeBSD 14.0-RELEASE. +Note that some of the changes described here are also available in FreeBSD {releasePrev14}. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. @@ -111,12 +112,57 @@ This section covers changes and additions to userland applications, contributed // A new man:rc.conf[5] variable has been added, `linux_mounts_enable`, which controls if Linux(R)-specific filesystems are mounted in [.filename]#/compat/linux# if `linux_enable` is set to `YES`. // gitref:1234567890ab[repository=src] (Sponsored by The FreeBSD Foundation) +The man:libtacplus[3] library has been improved so that man:tacplus.conf[5] now follows POSIX shell syntax rules. +This may cause TACACS+ authentication to fail if the shared secret contains a single quote, double quote, or backslash character which isn't already properly quoted or escaped. +The library allows additional AV pairs to be configured, up to 255. +gitref:5761f8a7de9f[repository=src] (Sponsored by Klara, Inc.) + +Programs such as man:login[1] that utilize man:setusercontext[3] will now allow the process priority to be set from the [.filename]#~/.login_conf# file if the credentials permit setting it. +Also, the priority may be specified in man:login.conf[5] as `inherit`, indicating that the process priority is inherited from the parent process. +Similarly, the `umask` value may now be specified as `inherit`. +gitref:8b359002747a[repository=src] gitref:e074746fec21[repository=src] gitref:16e02df98ad6[repository=src] (Sponsored by Kumacom SAS) + +The configuration file and security output changes reported by man:periodic[8] that are emailed to system administrators now use reduced context to minimize unrelated content. +The options passed to man:diff[1] to produce the daily output can be controlled by a `daily_diff_flags` variable in man:rc.conf[5]; +the options passed to man:diff[1] for the security scripts are controlled by +`security_status_diff_flags`. +gitref:4c14a3a6aebe[repository=src] gitref:6d9195b5f763[repository=src] + [[userland-programs]] === Userland Application Changes +The man:head[1] and man:tail[1] programs now support the `-q` (quiet) and `-v` (verbose) options consistently. +Numeric arguments may now use SI suffixes supported by man:expand_number[3]. +gitref:585762c3733f[repository=src] + +The man:objdump[1] utility from LLVM is now available. +Some LLVM objdump options have a different output format than GNU objdump; man:readelf[1] is available for inspecting ELF files, and GNU objdump is available from the [.filename]#devel/binutils# port or package. + + [[userland-contrib]] === Contributed Software +The `libfido2` authentication token library has been updated to version 1.13.0. +gitref:b27bad1e0373[repository=src] gitref:079a1c2059e7[repository=src] gitref:d79e0d1735e3[repository=src] (Sponsored by The FreeBSD Foundation) + +`LLVM` and the `clang` compiler have been upgraded to version 17.0.6. + +`sendmail` has been upgraded to version 8.18.1. +This version enforces stricter RFC compliance by default, especially with respect to line endings. +This may cause issues with receiving messages from non-compliant MTAs; please see the first 8.18.1 release note in link:https://ftp.sendmail.org/RELEASE_NOTES[https://ftp.sendmail.org/RELEASE_NOTES] for mitigations. +gitref:b36ddb27b3b9[repository=src] + +`OpenSSH` has been updated to version 9.6p1, including a number of security fixes. +The most significant are fixes for a newly-discovered weakness in the SSH transport protocol. +man:ssh-keygen[1] now generates Ed25519 keys by default. +man:sshd[8] now accurately preserves quoting of subsystem commands and arguments. +gitref:f26eafdfafb0[repository=src] gitref:221a6bc397ad[repository=src] gitref:2cd20d9bc807[repository=src] (Sponsored by The FreeBSD Foundation) + +`tzdata` has been upgraded to version 2024a. + +The man:zlib[3] library has been updated to version 1.3.1. +gitref:f2de7ba78a49[repository=src] gitref:05e3998add1c[repository=src] + [[userland-libraries]] === Runtime Libraries and API @@ -128,6 +174,9 @@ This section covers changes to kernel configurations, system tuning, and system [[kernel-general]] === General Kernel Changes +The man:intro[9] introduction to the kernel programming interfaces has been completely rewritten. +gitref:5a0c410787b8[repository=src] gitref:221a6bc397ad[repository=src] gitref:2cd20d9bc807[repository=src] (Sponsored by The FreeBSD Foundation) + [[drivers]] == Devices and Drivers @@ -136,6 +185,12 @@ This section covers changes and additions to devices and device drivers since {r [[drivers-device]] === Device Drivers +Multiple PCI MCFG regions are now supported on x86 systems, enabling support for PCI config access for domains (segments) other than 0. +gitref:0fb0306a89ad[repository=src] + +The man:smsc[4] driver for USB Ethernet adapters will now obtain the MAC address from bootargs on Raspberry Pi systems that pass it, and will otherwise fall back to use of man:ether_gen_addr[9] to generate a stable MAC address if none is provided by the hardware. +gitref:3d96ee7c7dcc[repository=src] + [[storage]] == Storage @@ -144,9 +199,29 @@ This section covers changes and additions to file systems and other storage subs [[storage-nfs]] === NFS Changes +The NFS server (man:nfsd[8], man:nfsuserd[8], man:mountd[8], man:gssd[8], and man:rpc.tlsservd[8]) can be run in an appropriately configured vnet jail. +The vnet jail must be on its own file system, have the `allow.nfsd` jail parameter set on it, and `enforce_statfs` cannot be set to `0`. +Use of UDP and pNFS server configurations are not permitted. +See man:jail[8], man:nfsd[8], and man:mountd[8]. +gitref:b4805d577787[repository=src] + +A new `syskrb5` mount option is available that allows a Kerberized NFSv4.1/4.2 mount to be done without any Kerberos credential (TGT or keytab) at mount time. +See man:mount_nfs[8]. +gitref:0644746d5091[repository=src] + [[storage-ufs]] === UFS Changes +[[storage-zfs]] +=== ZFS Changes + +`OpenZFS` has been upgraded to version 2.1.14. +gitref:7005cd440405[repository=src] gitref:e6c1e181ba7f[repository=src] gitref:d9a61490b098[repository=src] gitref:f5eac6541278[repository=src] + +The man:zfsd[8] daemon will now fault disks that generate too many I/O delay events. +gitref:e2ce586899ff[repository=src] (Sponsored by Axcient) + + [[boot]] == Boot Loader Changes @@ -163,6 +238,41 @@ This section describes changes that affect networking in FreeBSD. [[network-general]] === General Network +Support for IPv6 RFC 4620 nodeinfo is now disabled by default. +gitref:5c4e8a631097[repository=src] (Sponsored by The FreeBSD Foundation) + +pf filter rules can be optionally enabled for packets delivered locally +to enable pf rdr rules for connections initiated from the host. +This can change the behavior of rules which match packets delivered to `lo0`. +To enable this feature, use the commands `sysctl net.pf.filter_local=1; service pf restart`. +When enabled, it is best to ensure that packets delivered locally are not filtered, e.g. by adding a "set skip on lo" rule. +gitref:6dfb2c2dce0f[repository=src] + [[future-releases]] == General Notes Regarding Future FreeBSD Releases +FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. +The armv6, i386, and powerpc platforms are deprecated and will be removed. +64-bit systems will still be able to run older 32-bit binaries. + +We expect to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. +However, we also anticipate that armv7 may be removed in FreeBSD 16.0. +We will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. + +Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. +Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. + +Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. +These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. + +The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. +Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. +However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. + +With the current support schedule, stable/14 will reach end of life (EOL) 5 years after the release of FreeBSD {releasePrev14}. +The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. +With the release of {releasePrev14} in November 2023, support for deprecated 32-bit platforms will end in November 2028. + +The project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. +Any alterations will be driven by community feedback and committed efforts to support these platforms. +Use FreeBSD {releasePrev14} and following minor releases, or the stable/14 branch, to migrate off 32-bit platforms.