git: f2b2850fdf - main - 15.1/relnotes: initial informaton added (135 entries, SA and EN)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 May 2026 20:03:33 UTC
The branch main has been updated by vladlen:
URL: https://cgit.FreeBSD.org/doc/commit/?id=f2b2850fdf1882eb3b8fe21b21b072a979efa3fd
commit f2b2850fdf1882eb3b8fe21b21b072a979efa3fd
Author: Vladlen Popolitov <vladlen@FreeBSD.org>
AuthorDate: 2026-05-05 20:03:26 +0000
Commit: Vladlen Popolitov <vladlen@FreeBSD.org>
CommitDate: 2026-05-05 20:03:26 +0000
15.1/relnotes: initial informaton added (135 entries, SA and EN)
Reviewed by: jlduran
Approved by: re (implicit)
Differential Revision: https://reviews.freebsd.org/D56768
---
website/content/en/releases/15.1R/relnotes.adoc | 611 +++++++++++++++++++++++-
1 file changed, 602 insertions(+), 9 deletions(-)
diff --git a/website/content/en/releases/15.1R/relnotes.adoc b/website/content/en/releases/15.1R/relnotes.adoc
index e0bab3260a..bb78f9668d 100644
--- a/website/content/en/releases/15.1R/relnotes.adoc
+++ b/website/content/en/releases/15.1R/relnotes.adoc
@@ -6,8 +6,8 @@ sidenav: download
:localRel: 15.1
:releaseCurrent: 15.1-RELEASE
:releaseBranch: 15-STABLE
-:releasePrev: X.Y-RELEASE
-:releaseNext: X.Y-RELEASE
+:releasePrev: 15.0-RELEASE
+:releaseNext: 15.2-RELEASE
:releaseType: "release"
include::shared/en/urls.adoc[]
@@ -15,7 +15,7 @@ include::shared/en/urls.adoc[]
= FreeBSD {releaseCurrent} Release Notes
:doctype: article
:toc: macro
-:toclevels: 1
+:toclevels: 2
:icons: font
== Abstract
@@ -25,6 +25,8 @@ The release notes for FreeBSD {releaseCurrent} contain a summary of the changes
This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland.
Some brief remarks on upgrading are also presented.
+toc::[]
+
[[intro]]
== Introduction
@@ -84,9 +86,77 @@ This section lists the various Security Advisories and Errata Notices since {rel
| Date
| Topic
-|No advisories.
-|
-|
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:09.netinet.asc[FreeBSD-SA-25:09.netinet]
+| 22 October 2025
+| SO_REUSEPORT_LB breaks man:connect[2] for UDP sockets
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:10.unbound.asc[FreeBSD-SA-25:10.unbound]
+| 26 November 2025
+| Cache poison in local-unbound service
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc[FreeBSD-SA-25:12.rtsold]
+| 16 December 2025
+| Remote code execution via ND6 Router Advertisements
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:01.openssl.asc[FreeBSD-SA-26:01.openssl]
+| 27 January 2026
+| Multiple vulnerabilities in OpenSSL
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:03.blocklistd.asc[FreeBSD-SA-26:03.blocklistd]
+| 10 February 2026
+| man:blocklistd[8] socket leak
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:05.route.asc[FreeBSD-SA-26:05.route]
+| 24 February 2026
+| Local DoS and possible privilege escalation via routing sockets
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:06.tcp.asc[FreeBSD-SA-26:06.tcp]
+| 26 March 2026
+| TCP: remotely exploitable DoS vector (mbuf leak)
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:07.nvmf.asc[FreeBSD-SA-26:07.nvmf]
+| 26 March 2026
+| Remote denial of service via null pointer dereference
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc[FreeBSD-SA-26:08.rpcsec_gss]
+| 26 March 2026
+| Remote code execution via RPCSEC_GSS packet validation
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:09.pf.asc[FreeBSD-SA-26:09.pf]
+| 25 March 2026
+| pf silently ignores certain rules
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:10.tty.asc[FreeBSD-SA-26:10.tty]
+| 21 April 2026
+| Kernel use-after-free bug in the TIOCNOTTY handler
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:11.amd64.asc[FreeBSD-SA-26:11.amd64]
+| 21 April 2026
+| Missing large page handling in pmap_pkru_update_range()
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:12.dhclient.asc[FreeBSD-SA-26:12.dhclient]
+| 29 April 2026
+| Remote code execution via malicious DHCP options
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:13.exec.asc[FreeBSD-SA-26:13.exec]
+| 29 April 2026
+| Local privilege escalation via execve()
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:14.pf.asc[FreeBSD-SA-26:14.pf]
+| 29 April 2026
+| pf can overflow the stack parsing crafted SCTP packets
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:15.dhclient.asc[FreeBSD-SA-26:15.dhclient]
+| 29 April 2026
+| Remotely triggerable out-of-bounds heap write in dhclient
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:16.libnv.asc[FreeBSD-SA-26:16.libnv]
+| 29 April 2026
+| Stack overflow via select() file descriptor set overflow
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:17.libnv.asc[FreeBSD-SA-26:17.libnv]
+| 29 April 2026
+| Heap overflow in libnv
|===
@@ -100,10 +170,57 @@ This section lists the various Security Advisories and Errata Notices since {rel
| Date
| Topic
-|No notices.
-|
-|
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:19.zfs.asc[FreeBSD-EN-25:19.zfs]
+| 16 December 2025
+| Unprivileged kernel NULL pointer dereference
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-25:20.vmm.asc[FreeBSD-EN-25:20.vmm]
+| 16 December 2025
+| man:bhyve[8] PCI passthru regression
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:01.devinfo.asc[FreeBSD-EN-26:01.devinfo]
+| 27 January 2026
+| devinfo output formatting regression
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:02.arm64.asc[FreeBSD-EN-26:02.arm64]
+| 27 January 2026
+| arm64 SVE signal context misalignment
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:03.vm.asc[FreeBSD-EN-26:03.vm]
+| 27 January 2026
+| The page fault handler fails to zero memory
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:04.arm64.asc[FreeBSD-EN-26:04.arm64]
+| 10 February 2026
+| Kernel panic when dumping process core on arm64
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:05.vm.asc[FreeBSD-EN-26:05.vm]
+| 21 April 2026
+| The page fault handler fails to zero memory
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:06.timerfd.asc[FreeBSD-EN-26:06.timerfd]
+| 21 April 2026
+| Periodic man:timerfd[2] timers may produce incorrect results
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:07.pkgbase.asc[FreeBSD-EN-26:07.pkgbase]
+| 21 April 2026
+| Base packages fail to build with newer versions of libucl
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:08.pf.asc[FreeBSD-EN-26:08.pf]
+| 29 April 2026
+| Incorrect duplicate rule detection for automatic tables
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:09.tzdata.asc[FreeBSD-EN-26:09.tzdata]
+| 29 April 2026
+| Timezone database information update
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:10.amd64.asc[FreeBSD-EN-26:10.amd64]
+| 29 April 2026
+| TLB invalidation bug on AMD systems with INVLPGB
+
+| link:https://www.FreeBSD.org/security/advisories/FreeBSD-EN-26:11.dhclient.asc[FreeBSD-EN-26:11.dhclient]
+| 1 May 2026
+| man:dhclient[8] lease validation is too strict
|===
@@ -115,18 +232,230 @@ This section covers changes and additions to userland applications, contributed
[[userland-config]]
=== Userland Configuration Changes
+The `us.intl.acc.kbd` keyboard layout has been installed and available for use with the man:vt[4] console.
+gitref:34196ce83f9c[repository=src].
+
+The Lenovo laptop keyboard keymap has been installed and available for use with man:vt[4].
+gitref:23eaa98d6dc1[repository=src].
+
+The default shell for the root user and the 'freebsd' user in release images is changed from man:csh[1] to man:sh[1].
+gitref:c8763bd078d8[repository=src].
+
+rc.subr now supports setting the audit user for services via rc.conf directives, allowing administrators to override the audit user ID when services are started, which prevents unexpected audit log attribution in scenarios like unprivileged users restarting services via sudo.
+gitref:7edef9117688[repository=src].
+{{< sponsored "Modirum MDPay; Klara, Inc." >}}
+
[[userland-programs]]
=== Userland Application Changes
+The man:find[1] utility now supports -xattr and -xattrname primaries for searching files based on extended attributes. The -xattr primary matches files that have any extended attribute, while -xattrname allows filtering by a specific attribute name, optionally prefixed with a namespace like "user:" or "system:".
+gitref:5cbb1e05086c[repository=src].
+{{< sponsored "Klara, Inc." >}}
+
+The man:newfs[8] utility now prevents simultaneous use of GEOM journaling and soft updates. When GEOM journaling is requested, soft updates are not enabled automatically, and explicit requests for both features result in an error.
+gitref:f758262e66dd[repository=src].
+
+The man:tr[1] utility now correctly handles the CCLASS ([:alpha:]) character class in Unicode mode, fixing case conversion operations for alphabetic characters.
+gitref:a51ec1cc5a82[repository=src].
+
+The man:diff3[1] utility's merge mode is made compatible with GNU diff3, improving interoperability with other systems and tools.
+gitref:a6f17dd2430b[repository=src].
+
+The man:pwd[1] utility now defaults to the -L (logical) option, following POSIX semantics. Paths containing dot or dot-dot components are rejected in logical mode.
+gitref:24b95c5ece3d[repository=src].
+
+A -E flag has been added to man:bectl[8] to create an empty boot environment without cloning the currently running environment. This allows users to create a new, independent boot environment for manual installation or configuration.
+gitref:2b5087e9850b[repository=src].
+
+The man:daemon[8] utility now supports specifying the output file mode via a new option, allowing non-root log collectors to access log files and improving compatibility with log rotation tools.
+gitref:4bc40d5a624e[repository=src].
+
+The man:newfs[8] utility gains a `-u` flag to disable soft updates and soft updates journaling, providing a way to turn off the default soft updates for UFS2 filesystems.
+gitref:f5a51cfba15c[repository=src].
+{{< sponsored "Klara, Inc.; NetApp, Inc." >}}
+
+The man:zfs[8] clone command now accepts the `-u` option to prevent automatic mounting of newly created datasets. This allows users to create clones without immediately mounting them, which can be useful for scripting or when preparing datasets for later use.
+gitref:6ab8f46c6c47[repository=src].
+
+The man:zdb[8] utility gains a `-O` option for use with `-r` to specify an object ID directly, allowing copying of a file by object ID rather than pathname.
+gitref:ccb7c82aa15b[repository=src].
+
+man:setaudit[8] utility has been added for managing audit policies.
+gitref:dc88f0003e85[repository=src].
+{{< sponsored "Modirum MDPay; Klara, Inc." >}}
+
+The ipfs(8) utility is disabled by default and its kernel support is now optional. Users who rely on ipfs must explicitly enable it in the kernel configuration.
+gitref:91de9b501aa7[repository=src].
+
+The man:sockstat[1] utility now displays UDP-Lite endpoints by default.
+gitref:c10317b0c455[repository=src].
+
[[userland-contrib]]
=== Contributed Software
+Certificate authority bundle has been regenerated from NSS 3.123.1, adding new trusted certificates (OISTE Server Root ECC G1, OISTE Server Root RSA G1, SwissSign RSA TLS Root CA 2022, TrustAsia TLS ECC Root CA, TrustAsia TLS RSA Root CA, Certigna Root CA, e-Szigno TLS Root CA 2023, Atos TrustedRoot Root CA ECC G2 2020, Atos TrustedRoot Root CA RSA G2 2020) and removing several certificates. Several previously trusted CAs have been moved to untrusted status, and a number of new untrusted certificates have been added.
+gitref:5bb9cd154dfa[repository=src].
+
+Time zone code has been updated to 2026b.
+gitref:b72580fcb0a7[repository=src].
+
+tzdata has been updated to 2026b.
+gitref:1e5aff8e5bc6[repository=src].
+
+Mediatek's mt76 driver has been updated to version based on Linux kernel tag v7.0.
+gitref:808910385ce9[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+OpenSSL updated to version 3.5.6.
+gitref:e2fcde7333a5[repository=src].
+
+libfido2 has been updated to 1.16.0.
+gitref:a54428834b9d[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+expat has been updated to version 2.7.5.
+gitref:0b94911946e9[repository=src].
+
+man:xz[1] has been updated to version 5.8.3.
+gitref:7176f76d2251[repository=src].
+
+libcbor has been updated to 0.13.0.
+gitref:967186fe0a54[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+man:tcpdump[1] has been updated to version 4.99.6.
+gitref:6af32a9d37ad[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+libpcap has been updated to version 1.10.6.
+gitref:e0ae00f43186[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+man:zlib[3] has been updated updated to version 1.3.2.
+gitref:74f357256769[repository=src].
+
+OpenZFS has been updated to version 2.4.1.
+gitref:a8dbd836b785[repository=src].
+
+The man:dtrace[1] utility now supports the `ustackdepth` variable on arm64, allowing users to query user-space stack depth in DTrace scripts on that architecture.
+gitref:00412df3265e[repository=src].
+
+USB vendor database has been updated to 2025.12.13.
+gitref:9b2cba4a8a69[repository=src].
+
+The PCI vendor database has been updated to the 2026-02-10 version, providing current hardware identification for tools like man:pciconf[8].
+gitref:2483216eecf3[repository=src].
+
+man:blocklistd[8] has been updated to version 2026-02-07.
+gitref:d73fac00cdd4[repository=src].
+
+Spleen font has been updated to version 2.2.0. The update adds several previously missing characters critical for manual pages on high-dpi displays, including em-dash, en-dash, hyphen, angle brackets, white square, dagger, and double dagger. It also improves character alignment across different font sizes.
+gitref:da4c7b4518dd[repository=src].
+
+GoogleTest has been updated to version 1.17.0. The new version now requires {cpp}17 to build.
+gitref:0029027156f4[repository=src].
+
+ncurses has been updated to version 6.6. The update is ABI compatible with version 6.5. HTML documentation is removed.
+gitref:297d5bf89067[repository=src].
+
+man:nvi[1] has been updated to version 2.2.2.
+gitref:b840145f1985[repository=src].
+
+man:mtree[8] has been updated to snapshot 20260111 from NetBSD.
+gitref:e2e7269461e9[repository=src].
+
+The Linux compatibility layer adds support for the F_DUPFD_QUERY fcntl command, which is used with kcmp(2) KCMP_FILE for checking file descriptor equivalence in Linux containers.
+gitref:ec8d0b5f5dfb[repository=src].
+
+Unicode support has been updated to Unicode 17.0.0 and CLDR 48, adding 4,803 characters and 4 new scripts (Sidetic, Tolong Siki, Beria Erfe, Tai Yo). This affects locale definitions, collation, monetary, and numeric formatting for UTF-8 locales.
+gitref:476a063a88aa[repository=src].
+
+man:bmake[1] has been updated to version 20251111.
+gitref:11aa32794394[repository=src].
+
+man:sqlite3[1] has been updated to version 3.50.4.
+gitref:e37206a66db0[repository=src].
+
+man:less[1] has been updated to version 685.
+gitref:ca36afaf671b[repository=src].
+
+man:unbound[8] has been updated to version 1.24.1.
+gitref:fc3c317b055c[repository=src].
+
+The blacklist subsystem has been renamed to blocklist (man:blocklistd[8]) throughout the system. Old names in rc scripts, firewall rules, and configuration knobs remain functional but emit warnings. This change follows upstream terminology updates.
+gitref:7f6f2139eef9[repository=src].
+
+man:bsddialog[1] has been updated to version 1.0.5.
+gitref:aa2fe36f5e4b[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
[[userland-deprecated-programs]]
=== Deprecated Applications
+The lpr suite of printing utilities (man:lpr[1], man:lpd[8], man:lpc[8], man:lpq[1], man:lprm[1], man:lp[1], man:pac[8], man:lptest[1], man:chkprintcap[8]) has been deprecated and may be removed before FreeBSD 16.0. Users are advised to use alternatives such as print/cups or sysutils/LPRng from the ports collection.
+gitref:9b75d6ec6929[repository=src].
+
+The man:bsdlabel[8] utility has been scheduled for removal in FreeBSD 16.0. Users should migrate to man:gpart[8] for disk labeling.
+gitref:be24d85ec784[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The man:fdisk[8] utility has been scheduled for removal in FreeBSD 16.0. Users should transition to man:gpart[8] or man:bsdinstall[8] for disk partitioning.
+gitref:2be4c64a0d27[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
[[userland-libraries]]
=== Runtime Libraries and API
+The man:posix_spawn[3] interface now supports the POSIX-required `chdir` and `fchdir` file actions, enabling processes to change their working directory during spawning.
+gitref:43347b26fb46[repository=src].
+
+Adds the man:posix_spawnattr_getexecfd_np[3] and man:posix_spawnattr_setexecfd_np[3] functions, allowing a file descriptor to be used as the executable file for posix_spawn.
+gitref:6b9e7e922d8b[repository=src].
+
+Adds the pthread_tryjoin_np() function, which allows a thread to attempt to join another thread without blocking.
+gitref:a8891c29d6a0[repository=src].
+
+The libc string functions memcpy, memmove, and memset on AArch64 now use the MOPS (Memory Operations) hardware instructions when available, improving performance for these common operations.
+gitref:d8e700f2eeb9[repository=src].
+{{< sponsored "Arm Ltd" >}}
+
+Adds a glibc-compatible man:tdestroy[3] function to libc, providing a standardized way to destroy binary search trees and improving compatibility with software expecting this function.
+gitref:6197518ee905[repository=src].
+
+Adds man:strdupa[3] and man:strndupa[3] functions, which allocate memory for a copy of a string on the stack using man:alloca[3]. This provides a convenient alternative to man:strdup[3] and man:strndup[3] for temporary string copies that are automatically freed when the function returns.
+gitref:b2e649a0b98d[repository=src].
+
+Adds C23 `<stdbit.h>` header with bit manipulation functions like `stdc_bit_ceil()`, `stdc_bit_width()`, and `stdc_count_ones()`. This provides standard bit operations for C programs.
+gitref:275c11b7ccff[repository=src].
+
+The C23 trigonometric functions from the `*pi` family (acospi, acospif etc.) have beed exposed in <math.h>. This provides standard-conforming APIs for applications using these functions.
+gitref:104488641aca[repository=src].
+
+The C23 `memalignment()` function has been added to libc, allowing programs to compute pointer alignment. A man page has been included.
+gitref:24ea81047de7[repository=src].
+
+The SONAME of libzfs and libzpool have been bumped to libzfs7 and libzpool7 due to ABI-breaking changes, requiring recompilation of dependent applications.
+gitref:5b2489caf266[repository=src].
+
+Adds libuvmem, a userland port of the man:vmem[9] kernel memory allocator, providing a similar interface for userland applications.
+gitref:3ae14e8f332f[repository=src].
+
+[[cloud]]
+== Cloud Support
+
+This section covers changes in support for cloud environments.
+
+Oracle Cloud Infrastructure (OCI) build targets and related scripts are removed. The last official OCI images are from FreeBSD 15.0-RELEASE.
+gitref:2702a3ac1ab6[repository=src].
+{{< sponsored "SkunkWerks, GmbH" >}}
+
+The pkg package is now installed on VM and cloud images that use a packaged base system, enabling base system updates without requiring manual installation of pkg from the ports repository.
+gitref:c8d759230a0e[repository=src].
+{{< sponsored "Amazon" >}}
+
+The GCE image family now includes TARGET and FS in its name, ensuring that image families are unique per architecture and filesystem. This prevents the GCE instances API from selecting an incompatible image when using an image family name.
+gitref:0005bb76e2e7[repository=src].
+
[[kernel]]
== Kernel
@@ -135,6 +464,39 @@ This section covers changes to kernel configurations, system tuning, and system
[[kernel-general]]
=== General Kernel Changes
+The System Dynamic Tracing (SDT) provider is now enabled on 32-bit powerpc and powerpc64le platforms, allowing users to utilize DTrace probes on these architectures.
+gitref:769bc6877399[repository=src].
+
+The kernel configuration for GENERIC on amd64 has been includes both SCHED_ULE and SCHED_4BSD schedulers, allowing users to choose between them at boot via the kern.sched sysctl.
+gitref:a3b5daf4242f[repository=src].
+
+The sched_ule scheduler is now implemented as a scheduler instance, which may affect system performance and scheduling behavior for users.
+gitref:ec10524db95a[repository=src].
+
+Adds a scheduler selection framework that allows choosing different CPU schedulers at boot time via a tunable. This provides a foundation for future scheduler implementations.
+gitref:159a66aecc9c[repository=src].
+
+The MINIMAL kernel configuration has included the virtio_scsi driver, enabling booting in qemu/kvm virtual machines.
+gitref:80dec91da334[repository=src].
+{{< sponsored "Klara, Inc.; NetApp, Inc." >}}
+
+The man:pdwait[2] system call has been added for waiting on process descriptors, providing an alternative to man:wait4[2] for processes created with pdfork(2).
+gitref:758de6465572[repository=src].
+
+The man:pdrfork[2] system call has been added, providing a new mechanism for process creation with deterministic resource inheritance.
+gitref:4ae6f372e26c[repository=src].
+
+A race condition in the powerpc thread switching code that could cause system hangs during boot on multi-CPU power9 pseries guests has been resolved.
+gitref:a50789d8b89b[repository=src].
+
+The sysctls hw.ata.rotating and hw.ata.unmapped_io have been scheduled for removal in FreeBSD 16 instead of FreeBSD 15.
+gitref:469ab88d107c[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The sysctl vfs.zfs.min_auto_ashift and other legacy ZFS sysctls now emit warnings when used, indicating they are deprecated and will be removed. Users should update scripts and configurations to use the new sysctl names, such as vfs.zfs.vdev.min_auto_ashift.
+gitref:f0033878b92e[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
[[drivers]]
== Devices and Drivers
@@ -143,9 +505,78 @@ This section covers changes and additions to devices and device drivers since {r
[[drivers-device]]
=== Device Drivers
+man:ena[4] driver updated to v2.8.3.
+gitref:b949f8292de5[repository=src].
+{{< sponsored "Amazon, Inc." >}}
+
+The bcm2838_xhci driver now correctly identifies the Raspberry Pi 400 hardware by its compatible string, enabling proper xhci initialization and USB functionality (including external ports and the built-in keyboard) on that platform.
+gitref:861deac98c4c[repository=src].
+
+A driver for the bcm2835-virtgpio GPIO controller found on Raspberry Pi 3B and some Compute Module boards has been added. This enables control of the ACT (green) LED via man:gpioled[4].
+gitref:fb10574334ca[repository=src].
+
+smartpqi driver has been updated to vendor version 14.4690.0.2008 - 15.2.0.2008. The update adds support for new controllers and increases the I/O buffer size limit for passthrough ioctl from 16-bit to 32-bit.
+gitref:0c370a416b68[repository=src].
+{{< sponsored "Microchip Technology Inc." >}}
+
+The man:asmc[4] driver no longer supports 32-bit Intel-based Macs, making it clear that use on i386 hardware is not supported.
+gitref:e16f1bf3baa1[repository=src].
+
+The mfi(4) driver now supports the Fujitsu RAID Controller SAS 6Gbit/s 1GB (D3116) used in Fujitsu PRIMERGY servers.
+gitref:e16e4cd25c1d[repository=src].
+
+man:ath[4] driver code updated to Linux kernel version 6.17, improving Atheros/QCA wireless hardware support.
+gitref:1fa2a48dab66[repository=src].
+
+The hardware performance monitoring counter (hwpmc) support has been added for additional Intel CPU models: Alder Lake (models 6-B7, 6-BA, 6-BF), Alder Lake-N, and Emerald Rapids. Users running on these processors can now collect performance events using pmc(3) and related tools. The Emerald Rapids support includes JSON event definitions imported from Intel perfmon version 1.06, providing comprehensive event coverage.
+gitref:a40167734ecb[repository=src],
+gitref:6b0cb6ea249e[repository=src],
+gitref:9ac702781508[repository=src].
+{{< sponsored "Stormshield" >}}
+
+The man:hid[4] driver now allows members of the 'game' group to access game controller events, enabling unprivileged use of controllers via libraries like libsdl.
+gitref:d0e1b3edee70[repository=src].
+
+The man:iwx[4] driver has been included in the kernel build configuration, enabling support for Intel AX210/AX211/AX411 Wi-Fi 6E and Wi-Fi 7 wireless network adapters.
+gitref:0f9ab6c5232b[repository=src].
+
+The NVMe driver now supports BAR5 for Table BIR and PBA BIR, enabling FreeBSD to work on Google Compute Engine C4 machines with NVMe controllers that use separate 32-bit BAR4 and BAR5 registers.
+gitref:6c321dc15d52[repository=src].
+{{< sponsored "Google" >}}
+
+The man:ice[4] driver now supports the Intel E835-XXV-4 network adapter.
+gitref:b59a9230a6a8[repository=src].
+{{< sponsored "Intel Corporation" >}}
+
+The man:ice[4] driver now supports Intel E835 Ethernet adapters with SPDM security and RDMA capabilities on 100Gbps and 200Gbps links.
+gitref:16004d2a9eee[repository=src].
+{{< sponsored "Intel Corporation" >}}
+
+The man:qat[4] driver now supports the 402xx device (IDs 0x4944/0x4945) using the existing qat_4xxx driver. Device-specific firmware files has been added.
+gitref:88c0ce38bc18[repository=src].
+{{< sponsored "Intel Corporation" >}}
+
[[drivers-removals]]
=== Deprecated and Removed Drivers
+The man:hifn[4] driver has been marked as scheduled for removal in FreeBSD 16.0, alerting users to plan for future compatibility changes.
+gitref:ba6c676ef3ac[repository=src].
+
+The man:safe[4] driver has been marked for removal in FreeBSD 16.0, indicating deprecation and future removal of the driver.
+gitref:0ef2ecd0ced4[repository=src].
+
+The man:agp[4] driver deprecation notice has been updated to indicate removal in FreeBSD 16.0 instead of 15.0.
+gitref:92f169fe0f19[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The man:fdc[4] driver and floppy utilities (man:fdcontrol[8], man:fdformat[8], man:fdread[1], man:fdwrite[1]) have been deprecated. Support is planned for removal in FreeBSD 16.
+gitref:661b40ffdee2[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The deprecation notice for the man:le[4] driver has been updated to reflect that it was not removed prior to FreeBSD 15.0, indicating ongoing support status.
+gitref:59ba7278499f[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
[[storage]]
== Storage
@@ -154,6 +585,42 @@ This section covers changes and additions to file systems and other storage subs
[[storage-general]]
=== General Storage
+The man:mt[1] utility and libmt library add support for LTO-10 and LTO-10P tape density codes and specifications. LTO-10 tape drives are not backward compatible with previous generation LTO tapes.
+gitref:7fe98ee4d49a[repository=src].
+{{< sponsored "Spectra Logic" >}}
+
+=== ZFS
+
+The minimum scrub and resilver times for ZFS have been reduced from multi-second to sub-second values, allowing faster transaction group cycles on modern storage and improving write performance under heavy load.
+gitref:35ee242abcba[repository=src].
+
+The commit introduces a new tunable, `zfs_arc_evict_batches_limit`, to improve parallel eviction performance in the ZFS ARC. This change reduces lock contention and can significantly increase throughput for certain workloads.
+gitref:8a79d0968006[repository=src].
+
+The man:zpool[8] prefetch command now supports BRT (Block Reference Table) metadata, improving performance for block cloning operations and frees of cloned blocks. The -t parameter is now optional; when omitted, the command prefetches both DDT and BRT metadata.
+gitref:41878d57eaf3[repository=src].
+
+=== NFS
+
+The NFS client now properly handles case-insensitive file systems like man:msdosfs[4] when exported via NFS. Name caching is modified to avoid false cache hits for different case variations of the same file name.
+gitref:406c98d2ca1d[repository=src].
+
+NFSv4 diskless boot now supports configurations using man:nfsuserd[8] for name and id mappings. The kernel primes the mapping cache with essential entries to avoid deadlocks during boot. Users must set boot.nfsroot.options="nfsv4" and boot.nfsroot.user_domain="<user.domain>" in loader.conf.
+gitref:692a289922d2[repository=src].
+
+Adds internal infrastructure for POSIX draft ACLs as an extension to NFSv4.2, based on an Internet Draft. These changes prepare the NFS client and server for future support but introduce no user-visible semantics changes at this time. Note that due to internal KAPI changes, nfscommon.ko, nfscl.ko, and nfsd.ko must be rebuilt from sources after updating.
+gitref:20bfa56c514b[repository=src],
+gitref:2eddaeb3e505[repository=src],
+gitref:d842c511d84c[repository=src],
+gitref:dccf41dd1834[repository=src],
+gitref:144c1eda3973[repository=src].
+
+The NFSv4 client and server now support the archive attribute (UF_ARCHIVE), which is used by Windows NFSv4.1 clients despite being deprecated in RFC8881. This improves interoperability with Windows NFS clients.
+gitref:3a64c667f16f[repository=src].
+
+The support for mounting a diskless root file system via NFSv4 has been added. Requires specific server configuration and client settings in man:loader.conf[5] and man:sysctl.conf[5].
+gitref:2a97b49bc472[repository=src].
+
[[boot]]
== Boot Loader Changes
@@ -162,6 +629,13 @@ This section covers the boot loader, boot menu, and other boot-related changes.
[[boot-loader]]
=== Boot Loader Changes
+A shutdown splash screen has been added to the man:splash[4] kernel feature. Users can customize the shutdown splash by providing a PNG image via the shutdown_splash directive in man:loader.conf[5].
+gitref:0bd9b26d19e2[repository=src].
+{{< sponsored "Defenso" >}}
+
+The EFI boot loader now uses firmware-provided Blt functions only when using GOP (Graphics Output Protocol), not UGA (Universal Graphics Adapter). This improves compatibility with older MacBook systems where UGA Blt functions were unreliable.
+gitref:d3902baca506[repository=src].
+
[[network]]
== Networking
@@ -170,6 +644,62 @@ This section describes changes that affect networking in FreeBSD.
[[network-general]]
=== General Network
+Adds support for masked IP address lookups in man:ipfw[8] tables, allowing non-contiguous prefixes and enabling more CPU-efficient firewall configurations.
+gitref:a9b93531788c[repository=src].
+{{< sponsored "Yandex LLC" >}}
+
+The man:ipfw[8] firewall now supports masked IP address lookups in tables, allowing non-contiguous prefixes for more efficient firewall rule configurations. This enables CPU-effective firewall setups by masking non-significant bits in lookup keys and table entries.
+gitref:a9b93531788c[repository=src].
+{{< sponsored "Yandex LLC" >}}
+
+IPv6 packets are now passed to divert sockets, removing a previous limitation that restricted divert sockets to IPv4 only. This enables IPv6 packet handling in divert socket applications.
+gitref:e5cf3437275f[repository=src].
+{{< sponsored "OPNsense, Klara, Inc." >}}
+
+Adds a sysctl/tunable net.inet.ipf.jail_allowed to control whether a jail can manage its own ipfilter rules, pools, and settings. The default denies jail access, requiring host system management of jail rules via interface attachment or enabling the sysctl for jail control.
+gitref:65bc0a1ade72[repository=src].
+
+The man:ipfw[8] version 3 compatibility code for FreeBSD 8 and earlier is removed, as it is obsolete and no longer needed. This cleanup may affect systems still using very old configurations, but it does not change the functionality for current supported releases.
+gitref:9657c50cdd77[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The support for RFC 7217 stable IPv6 address generation via a new ifconfig 'stableaddr' flag and associated sysctls has been added. The feature is disabled by default, preserving existing behavior. The man:ifconfig[8] manual page is updated with documentation.
+gitref:865e0b20ca3c[repository=src].
+
+[[wireless-networking]]
+=== Wireless Networking
+
+The ath12k driver for Qualcomm Atheros wireless devices has been updated to version v7.0 from Linux, adding support for Wi-Fi 7 chipsets and restructuring the driver with a new wifi7 subdirectory.
+gitref:bbfa2e7345fe[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The ath11k wireless driver has been is updated to a newer version from Linux 7.0, which may improve performance and stability for supported hardware.
+gitref:24c9bc6e364a[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The ath10k driver for Atheros/QCA wireless chipsets has been updated to version 7.0, based on Linux tag v7.0.
+gitref:4208012711cc[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The man:rtw89[4] wireless driver has been updated to version v7.0, adding support for newer Realtek chipsets and improving stability and functionality.
+gitref:7ffebcdb702d[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The man:iwlwifi[4] wireless driver has been updated to version 7.0. This update includes changes to support for Intel wireless devices, new firmware API structures, and regulatory updates.
+gitref:f45e34316eb7[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+The man:rtw88[4] driver has been updated to version 7.0, based on the Linux kernel tag v7.0, incorporating various fixes and improvements for Realtek wireless devices.
+gitref:bcdf750def1d[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
+Adds initial support for LinuxKPI-based wireless drivers, notably man:iwlwifi[4], on RISC-V systems. While ACPI is not yet fully supported on this architecture, the driver framework has been adapted to allow compilation and operation where possible. Note that the man:rtw89[4] driver is temporarily unavailable on RISC-V due to unresolved ACPI dependencies.
+gitref:7990fa2a819c[repository=src],
+gitref:24777428cbc2[repository=src],
+gitref:d301aadc994f[repository=src],
+gitref:4a56313c73eb[repository=src].
+{{< sponsored "The FreeBSD Foundation" >}}
+
[[hardware]]
== Hardware Support
@@ -180,6 +710,32 @@ Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list o
[[hardware-virtualization]]
=== Virtualization Support
+Adds a new jail configuration knob allow.vmm_ppt to control PCI passthrough access in bhyve jails. The change requires explicit configuration for PCI passthrough functionality in jails, replacing the previous blanket restriction.
+gitref:94066f9a07ad[repository=src].
+{{< sponsored "The FreeBSD Foundation; Klara, Inc." >}}
+
+The virtio GPU driver now works with Parallels Desktop by splitting resource attachment requests, enabling graphics support in this virtualization environment.
+gitref:91ce7a19120a[repository=src].
+{{< sponsored "Arm Ltd" >}}
+
+The support for the Fine-Grained Trap (FGT) registers on arm64 has been added, enabling enhanced virtualization capabilities for hypervisors.
+gitref:89776ce6a7b7[repository=src].
+{{< sponsored "Arm Ltd" >}}
+
+The commit enables the Memory Operations (MOPS) instruction set for arm64 userspace when the hardware feature is present. This allows user applications to use MOPS instructions for improved memory operations performance.
+gitref:2a9a92ba7bd7[repository=src].
+{{< sponsored "Arm Ltd" >}}
+
+UNIX domain socket support added to bhyve remote framebuffer. Graphical console now available for bhyve instances in jails without networking.
+gitref:d29dd64b3f88[repository=src].
+{{< sponsored "Defenso" >}}
+
+The amd64 architecture now supports LASS (Linear Address Space Separation), a security feature that helps isolate kernel and user address spaces. This change may affect debugging and low-level system programming.
+gitref:532c8d3f90b9[repository=src].
+
+The x86 cpuid code has added a flag for Extended Destination ID support, enabling support for up to 32768 APIC IDs in IO-APIC and MSI without interrupt remapping.
+gitref:b54646e37a2b[repository=src].
+
[[documentation]]
== Documentation
@@ -188,13 +744,50 @@ This section covers changes to manual (man:man[1]) pages and other documentation
[[man-pages]]
=== Man Pages
+The man:nfsv4[4] manual page now includes documentation for setting up an NFSv4 root file system, providing guidance for users who wish to use this feature.
+gitref:6ef2df5e8e7a[repository=src].
+
+The man:ifconfig[8] manual page formatting has been corrected to improve readability.
+gitref:c20f5fd44322[repository=src].
+
+man:pdfork[2] and man:pdwait[2] manual pages has been added documenting the pdrfork and pdwait system calls.
+gitref:780b7f9e0ece[repository=src].
+
+The manual page for the undocumented man:mq_getfd_np[3] function from man:librt[3] has been added. This provides documentation for a function that has been present since FreeBSD 11.
+gitref:992f994bb71e[repository=src].
+
+The manual pages have been added for the deprecated blacklist utilities (man:blacklistctl[8], man:blacklistd[8], man:blacklistd.conf[5], man:libblacklist[3]), documenting their deprecation and nuances. This provides users with updated documentation for the deprecated blacklist tools, which are now renamed to blocklist.
+gitref:f935c0f66f75[repository=src].
+
[[ports]]
== Ports Collection and Package Infrastructure
This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools.
+KDE has been removed from the dvd1.iso image to fit within the 4.7 GB DVD size limit, and editors/emacs and editors/vim have been added.
+gitref:142df248ac06[repository=src].
+
[[ports-packages]]
=== Packaging Changes
+zstd has been packaged as a separate library and program package, similar to zlib, bzip2, and xz. The zstd package has been included in the minimal package set, ensuring it remains installed by default.
+gitref:8c61751d078e[repository=src].
+{{< sponsored "https://www.patreon.com/bsdivy" >}}
+
+Package repository configuration changes redirect package requests from pkgbase.freebsd.org to pkg.freebsd.org mirrors, adding approximately 70 seconds to pkgbase system installation/upgrade operations. Systems with 15.0-PRERELEASE, ALPHA, or BETA installations become orphaned as they expect packages signed with old pkg keys rather than new pkgbase signing keys.
+gitref:0c87d29a54da[repository=src].
+
+OpenPAM has been moved to a separate 'pam' package, allowing systems without PAM (e.g., jails, containers) to avoid installing PAM modules. The pam package is included in minimal installation sets by default, but custom or embedded systems can omit it.
+gitref:95cc7f59b7ce[repository=src].
+{{< sponsored "https://www.patreon.com/bsdivy" >}}
+
+The installworld and installkernel targets are now blocked on systems using pkgbase to prevent package database inconsistencies. Users can override this check with DESTDIR=/ if needed.
+gitref:ef82bdc864c5[repository=src].
+{{< sponsored "https://www.patreon.com/bsdivy" >}}
+
+Firmware packages from the kmods repository have been included on the DVD installation media, ensuring that firmware modules are usable on the release version.
+gitref:b0fbed20ceb9[repository=src].
+{{< sponsored "https://www.patreon.com/cperciva" >}}
+
[[future-releases]]
== General Notes Regarding Future FreeBSD Releases