| title | sidenav |
|---|---|
FreeBSD 13.1-RELEASE Release Notes |
download |
The release notes for FreeBSD 13.1-RELEASE contain a summary of the changes made to the FreeBSD base system on the 13-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 13.1-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
The release distribution to which these release notes apply represents the latest point along the 13-STABLE development branch since 13-STABLE was created. Information regarding pre-built, binary release distributions along this branch can be found at https://www.FreeBSD.org/releases/.
The release distribution to which these release notes apply represents a point along the 13-STABLE development branch between 13.0-RELEASE and the future 13.2-RELEASE. Information regarding pre-built, binary release distributions along this branch can be found at https://www.FreeBSD.org/releases/.
This distribution of FreeBSD 13.1-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the Obtaining FreeBSD appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 13.1-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD since 13.0-RELEASE. In general, changes described here are unique to the 13-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after 13.0-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.
Users of all powerpc architectures, after successful kernel and world installation, will need to run manually "kldxref /boot/kernel".
|
Important
|
Upgrading FreeBSD should only be attempted after backing up all data and configuration files. |
|
Important
|
After upgrading, sshd (from OpenSSH 8.8p1) will not accept new connections until it is restarted.
After installing the new userland, either reboot (as specified in the source update procedure), or execute |
This section covers changes and additions to userland applications, contributed software, and system utilities.
The -i flag is now added to man:rtsol[8] and man:rtsold[8] by default in /etc/defaults/rc.conf. gitref:a0fc5094bf4c[repository=src]
(Sponsored by https://www.patreon.com/cperciva)
The -i option has been added to man:rtsol[8] and man:rtsold[8] to disable the random delay between zero and one seconds, speeding up the boot process. gitref:8056b73ea163[repository=src]
(Sponsored by https://www.patreon.com/cperciva)
For 64-bit architectures, the base system is now built with Position
Independent Executable (PIE) support enabled by default.
It may be disabled using the WITHOUT_PIE knob.
A clean build is required.
gitref:396e9f259d96[repository=src]
There is a new zfskeys man:rc[8] service script, which allows for automatic decryption of ZFS datasets encrypted with ZFS native encryption during boot.
See the man:rc.conf[5] manual page for more information.
gitref:33ff39796ffe[repository=src], gitref:8719e8a951b7[repository=src] (Sponsored by Modirum and Klara Inc.)
The NVMe emulation in man:bhyve[8] has been upgraded to version 1.4 of the NVMe specification. gitref:b7a2cf0d9102[repository=src] - gitref:eae02d959363[repository=src]
NVMe iovec construction for large IOs in man:bhyve[8] has been fixed. The problem was exposed by the UEFI driver included with Rocky Linux 8.4. gitref:a7761d19dacd[repository=src]
Extra Alt Gr mappings for Brazillian Portuguese ABNT2 keyboards were added. gitref:310623908c20[repository=src]
The chroot facility now supports unprivileged operation, and
the man:chroot[8] program now has a -n option to enable its use.
gitref:460b4b550dc9[repository=src] (Sponsored by EPSRC)
The CAM library has been modified to use man:realpath[3] on device names before parsing them, which allows tools such as man:camcontrol[8] and man:smartctl[8] to be friendlier when symlinks are in use. gitref:e32acf95ea25[repository=src]
man:md5sum[1] and similar message-digest programs compatible with those
on Linux were added by having the corresponding BSD programs run with the -r
option if the program name ends in sum.
gitref:c0d5665be0dc[repository=src]
(Sponsored by Netflix)
man:svnlite[1] is disabled in the build by default. gitref:a4f99b3c2384[repository=src]
man:mpsutil[8] has been extended to show adapter information and to control NCQ. gitref:395bc3598b47[repository=src]
Problems after downloading firmware to a device using man:camcontrol[8] were fixed by forcing a rescan of the LUN after the firmware download. gitref:327da43602cc[repository=src] (Sponsored by Netflix)
A new mode has been added to the scripted partition editor for variant disk
names in man:bsdinstall[8].
If the disk parameter DEFAULT is set in place of an actual device name,
or no disk is specified for the PARTITIONS parameter, the installer will
follow the logic used in the automatic-partitioning mode, in which it
will either provide a selection dialog for one of several disks if
several are present or automatically select it if there is only one.
This simplifies the creation of fully-automatic installation media for
hardware or VMs with varying disk names. gitref:5ec4eb443e81[repository=src]
Building of LLDB has been enabled on all powerpc architectures. gitref:cb1bee9bd34[repository=src]
One True Awk has been updated to the latest from upstream (20210215). All the FreeBSD patches but one have now been either upstreamed or discarded. Notable changes include:
-
Locale is no longer used for ranges
-
Various bugs fixed
-
Better compatibility with
gawkandmawk
The one remaining FreeBSD change, likely to be removed in FreeBSD 14, is that
we still allow hex numbers, prefixed with 0x, to be parsed and
interpreted as hex numbers, while all other awks (now including One
True Awk) interpret them as 0, in line with awk’s historic behavior.
zlib has been upgraded to version 1.2.12.
libarchive has been upgraded to verion 3.6.0 with additional bug and
security fixes from the upcoming patchlevel release.
Release notes are available at
https://github.com/libarchive/libarchive/releases.
The ssh package has been updated to OpenSSH v8.8p1, including a security
update and bug fixes. Other updates include these changes:
-
man:ssh[1]: When prompting whether to record a new host key, accept that key’s fingerprint as a synonym for "yes."
-
man:ssh-keygen[1]: When acting as a CA and signing certificates with an RSA key, default to using the
rsa-sha2-512signature algorithm. -
man:ssh[1]:
UpdateHostkeysis enabled by default, subject to some conservative preconditions. -
man:scp[1]: The behavior of remote to remote copies (e.g.
scp host-a:/path host-b:) has been changed to transfer through the local host by default. -
man:scp[1] has experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used.
The use of FIDO/U2F hardware authenticators has been enabled in ssh,
using the new public key types ecdsa-sk and ed25519-sk, along with
corresponding certificate types.
FIDO/U2F support is described in
https://www.openssh.com/txt/release-8.2.
gitref:a613d68fff9a[repository=src]
(Sponsored by The FreeBSD Foundation)
Assembly optimized code for OpenSSL has been added on powerpc, powerpc64 and powerpc64le. gitref:ce35a3bc852[repository=src]
The detection of CPU features accelerating crypto operations for ARMv7 and
ARM64 has been fixed, speeding up aes-256-gcm and sha256 substantially.
gitref:32a2fed6e71f[repository=src]
(Sponsored by Ampere Computing LLC and Klara Inc.)
Building ASAN and UBSAN libraries has been enabled on riscv64 and riscv64sf. gitref:8c56b338da7[repository=src]
OFED libraries are now built on riscv64 and riscv64sf. gitref:2b978245733[repository=src]
OPENMP libraries are now built on riscv64 and riscv64sf. gitref:aaf56e35569[repository=src]
This section covers changes to kernel configurations, system tuning, and system control parameters that are not otherwise categorized.
Output corruption on serial console on powerpc64 has been fixed. gitref:dca829138ca[repository=src]
CAS has been changed to support Radix MMU. gitref:cc8e726c85b[repository=src]
Running FreeBSD with HPT superpages enabled on QEMU with TCG has been fixed on powerpc64(le). gitref:f05174ed354[repository=src]
Superpages support has been added to pmap_mincore on powerpc64(le). gitref:32b50b8520d[repository=src]
HWCAP/HWCAP2 aux args support was added on arm64 for 32-bit ARM binaries.
This fixes build/run of golang under COMPAT32 emulation.
gitref:28e22482279f[repository=src]
(Sponsored by Rubicon Communications, LLC ("Netgate"))
This section covers changes and additions to devices and device drivers since 13.0-RELEASE.
The man:igc[4] driver was introduced for the Intel I225 Ethernet controller. This controller supports 2.5G/1G/100Mb/10Mb speeds, and allows tx/rx checksum offload, TSO, LRO, and multi-queue operation. gitref:d7388d33b4dd[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate"))
A fix for VGA / HDMI console with AST2500 during boot on powerpc64(le) has been added. gitref:c41d129485e[repository=src]
PCI common read/write functions are fixed on big endian targets in man:virtio[4]. gitref:7e583075a41[repository=src], gitref:8d589845881[repository=src]
Big-endian support has been added to man:mpr[4]. gitref:7d45bf699dc[repository=src], gitref:2954aedb8e5[repository=src], gitref:c80a1c1072d[repository=src]
Max I/O size has been reduced to avoid DMA issues in man:aacraid[4]. gitref:572e3575dba[repository=src]
A bug preventing a virtual guest using man:virtio_random[8] from shutting down or rebooting has been fixed. gitref:fa67c45842bb[repository=src]
The man:ice[4] driver has been updated to 1.34.2-k, adding firmware logging and initial DCB support. gitref:a0cdf45ea1d1[repository=src] (Sponsored by Intel Corporation)
The man:mgb[4] network interface driver has been added, with support for Microchip devices LAN7430 PCIe Gigabit Ethernet controller with PHY and LAN7431 PCIe Gigabit Ethernet controller with RGMII interface. The driver has a number of caveats and limitations, but is functional. gitref:e0262ffbc6ae[repository=src] (Sponsored by The FreeBSD Foundation)
Support has been added for link status, media, and VLAN MTU with the man:cdce[4] device. gitref:973fb85188ea[repository=src]
The man:iwlwifi[4] driver along with a LinuxKPI 802.11 compatibility layer was added to supplement man:iwm[4] for newer Intel Wireless chipsets. (Sponsored by The FreeBSD Foundation)
Kernel crash dumps can now be saved on SD cards and eMMC modules using
a dwmmc controller when the kernel is configured with the MMCCAM option.
gitref:79c3478e76c3[repository=src]
Kernel crash dumps can now be saved on SD cards using
an sdhci controller when the kernel is configured with the MMCCAM option.
gitref:8934d3e7b9b9[repository=src]
This section covers changes and additions to file systems and other storage subsystems, both local and networked.
ZFS has been upgraded to OpenZFS release 2.1.4. OpenZFS release notes can be found at https://github.com/openzfs/zfs/releases.
Two new daemons, man:rpc.tlsclntd[8] and man:rpc.tlsservd[8], are now built by default on amd64 and arm64. They provide support for NFS-over-TLS as described in the Internet Draft entitled "Towards Remote Procedure Call Encryption By Default". These daemons are built when WITH_OPENSSL_KTLS is specified. They use KTLS to encrypt/decrypt all NFS RPC message traffic, and provide optional verification of machine identity via X.509 certificates. gitref:2c76eebca71b[repository=src] gitref:59f6f5e23c1a[repository=src]
The default minor version used for an NFSv4 mount has been changed
to the highest minor version supported by the NFSv4 server.
This default can be overridden by using the minorversion
mount option.
gitref:8a04edfdcbd2[repository=src]
A new NFSv4.1/4.2 mount option nconnect has been added that can
be used to specify the number of TCP connections that
will be used for the mount, up to a maximum of 16.
The first (default) TCP connection will be used for
all RPCs that consist of small RPC messages.
The RPCs that can consist of large RPC messages
(Read/Readdir/ReaddirPlus/Write) will be sent on the
additional TCP connections in a round-robin fashion.
If either the NFS client or NFS server have multiple
network interfaces aggregated together, or a network
interface that uses multiple queues, this can increase
NFS performance for the mount.
gitref:9ec7dbf46b0a[repository=src]
A sysctl called vfs.nfsd.srvmaxio has been added that can be used to
increase the NFS server’s maximum I/O size from 128Kbytes
to any power of 2 up to 1Mbyte. It can only be set when
the nfsd threads are not running, and will normally require
an increase in kern.ipc.maxsockbuf to at least the value
recommended by the console log message generated when
setting vfs.nfsd.srvmaxio is first attempted.
gitref:9fb6e613373c[repository=src]
This section covers the boot loader, boot menu, and other boot-related changes.
UEFI boot is improved for amd64. The loader detects whether the loaded kernel can handle the in-place staging area (non-copying mode). The default is copy_staging auto. Auto-detection can be overridden, for example: with copy_staging enable, the loader will unconditionally copy the staging area to 2M, regardless of kernel capabilities. Also, the code to grow the staging area is more robust; for growth to occur, it’s no longer necessary to hand-tune and recompile the loader. (Sponsored by The FreeBSD Foundation)
boot1 and loader have been fixed on powerpc64le.
gitref:8a62b07bce7[repository=src]
Performance improvements have been made to man:loader[8], man:nvme[4], man:random[4], man:rtsold[8], and x86 clock calibration, which collectively yield a significant speedup in system boot time. Configuration changes on the EC2 platform provide additional benefits, resulting in 13.1-RELEASE booting over twice as fast as 13.0-RELEASE. (Sponsored by https://www.patreon.com/cperciva)
EC2 images are now built by default to boot using UEFI instead of legacy BIOS. Note that UEFI is not supported by Xen-based EC2 instances or by "bare metal" EC2 instances. gitref:65f22ccf8247[repository=src] (Sponsored by https://www.patreon.com/cperciva)
Support was added for recording EC2 AMI Ids in the AWS Systems
Manager Parameter Store.
FreeBSD will be using the public prefix
/aws/service/freebsd, resulting in parameter names which look like
/aws/service/freebsd/amd64/base/ufs/13.1/RELEASE.
gitref:242d1c32e42c[repository=src]
(Sponsored by https://www.patreon.com/cperciva)
This section describes changes that affect networking in FreeBSD.
The handling of the lowest address on an IPv4 (sub)net (host 0) has been changed so that packets are not sent as a broadcast unless this address has been set as the broadcast address. This makes the lowest address usable for a host. The old behavior can be restored with the net.inet.ip.broadcast_lowest sysctl. See https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-lowest-address/ for background information. gitref:3ee882bf21af[repository=src]
Starting with FreeBSD-13.0, the default CPUTYPE for the i386 architecture will change from 486 to 686.
This means that, by default, binaries produced will require a 686-class CPU, including but not limited to binaries provided by the FreeBSD Release Engineering team. FreeBSD 13.0 will continue to support older CPUs, however users needing this functionality will need to build their own releases for official support.
As the primary use for i486 and i586 CPUs is generally in the embedded market, the general end-user impact is expected to be minimal, as new hardware with these CPU types has long faded, and much of the deployed base of such systems is nearing retirement age, statistically.
There were several factors taken into account for this change. For example, i486 does not have 64-bit atomics, and while they can be emulated in the kernel, they cannot be emulated in the userland. Additionally, the 32-bit amd64 libraries have been i686 since their inception.
As the majority of 32-bit testing is done by developers using the lib32 libraries on 64-bit hardware with the COMPAT_FREEBSD32 option in the kernel, this change ensures better coverage and user experience. This also aligns with what the majority of Linux® distributions have been doing for quite some time.
This is expected to be the final bump of the default CPUTYPE in i386.
|
Important
|
This change does not affect the FreeBSD 12.x series of releases. |