xref: /freebsd-13.1/RELNOTES (revision 9300a0eb)
1Release notes for FreeBSD 13.0.
2
3This file describes new user-visible features, changes and updates relevant to
4users of binary FreeBSD releases.  Each entry should describe the change in no
5more than several sentences and should reference manual pages where an
6interested user can find more information.  Entries should wrap after 80
7columns.  Each entry should begin with one or more commit IDs on one line,
8specified as a comma separated list and/or range, followed by a colon and a
9newline.  Entries should be separated by a newline.
10
11Changes to this file should not be MFCed.
12
13b7a2cf0d9102 - eae02d959363:
14	Upgrade bhyve's emulation to version 1.4 of the NVMe specification
15
160a6760a1de32, 3f3676a71266, 580c04df4db6:
17	Add WiFi 6 support.
18
19various:
20	Add support for the HiFive Unmatched RISC-V board.
21
229fb6e613373c:
23	Add a sysctl called vfs.nfsd.srvmaxio that can be used to
24	increase the NFS server's maximum I/O size from 128Kbytes
25	to any power of 2 up to 1Mbyte.  It can only be set when
26	the nfsd threads are not running and will normally require
27	an increase in kern.ipc.maxsockbuf to at least the value
28	recommended by the console log message generated when
29	setting vfs.nfsd.srvmaxio is first attempted.
30
319ec7dbf46b0a:
32	Add a new NFSv4.1/4.2 mount option "nconnect" that can
33	be used to specify the number of TCP connections that
34	will be used for the mount, up to a maximum of 16.
35	The first (default) TCP connection will be used for
36	all RPCs that consist of small RPC messages.
37	The RPCs that can consist of large RPC messages
38	(Read/Readdir/ReaddirPlus/Write) will be sent on the
39	additional TCP connections in a round robin fashion.
40	If either the NFS client or NFS server have multiple
41	network interfaces aggregated together or a network
42	interface that uses multiple queues, this can increase
43	NFS performance for the mount.
44
45various:
46	One True Awk has been updated to the latest from upstream
47	(20210215). All the FreeBSD patches, but one, have now been
48	either up streamed or discarded.  Notable changes include:
49		o Locale is no longer used for ranges
50		o Various bugs fixed
51		o Better compatibility with gawk and mawk
52
53	The one FreeBSD change, likely to be removed in FreeBSD 14, is that
54	we still allow hex numbers, prefixed with 0x, to be parsed and
55	interpreted as hex numbers while all other awks (including one
56	true awk now) interpret them as 0 in line with awk's historic
57	behavior.
58
598a04edfdcbd2:
60	Change the default minor version used for an NFSv4 mount
61	to the highest minor version supported by the NFSv4 server.
62	This default can be overridden by using the "minorversion"
63	mount option.
64
652c76eebca71b, 59f6f5e23c1a:
66	Add two daemons rpc.tlsclntd(8) and rpc.tlsservd(8) that provide
67	support for NFS-over-TLS as described in the Internet Draft titled
68	"Towards Remote Procedure Call Encryption By Default".
69	These daemons are only built when WITH_OPENSSL_KTLS is specified
70	and are only tested on amd64 at this time.
71	They use KTLS to encrypt/decrypt all NFS RPC message traffic, plus
72	optional verification of machine identity via X.509 certificates.
73
74f76393a6305b6:
75	Add AES-GCM support to armv8crypto(4) providing accelerated
76	support for KTLS, IPsec, and other crypto API consumers.
77
78074a91f746bd:
79	The aesni(4) and armv8crypto(4) devices are now included in
80	GENERIC on amd64, i386, and arm64.
81
822e1c94aa1fd5:
83	Add support for enforcing W^X mapping policy for user
84	processes.  The policy is not enforced by default but can be
85	enabled by setting the kern.elf32.allow_wx and
86	kern.elf64.allow_wx sysctls to 0.  Individual binaries can be
87	exempted from the policy by elfctl(1) via the wxneeded
88	feature.
89
904979620ece98:
91	Add AES-XTS support to armv8crypto(4) providing accelerated
92	software support for the default GELI cipher on arm64 systems.
93
94022ca2fc7fe0:
95	Add aio_writev(2) and aio_readv(2), vectored analogues of aio_write(2)
96	and aio_read(2).
97
9892bbfe1f0d1f:
99	The fusefs(5) protocol has been updated to 7.28.  Support for
100	FUSE_COPY_FILE_RANGE and FUSE_LSEEK is added.
101
102r368667:
103	GDB 6.1.1 was removed.  Users of crashinfo(8) should install the
104	gdb package or devel/gdb port.
105
106r368559:
107	The hme(4) driver was removed.
108
109r367660:
110	Fixes the case where gssd will not startup because /usr is a separate
111	local file system that is not yet mounted.  It does not fix the case
112	where /usr is a separately mounted remote file system (such as NFS).
113	This latter case can be fixed by adding mountcritremote to the
114	REQUIRED line.  Unfortunately doing so implies that all Kerberized
115	NFS mounts in /etc/fstab will need the "late" mount option.
116	This was not done, since the requirement for "late" would introduce
117	a POLA violation.
118
119r367423:
120	This commit added a new startup scripts variable called
121	nfsv4_server_only which uses the -R option on mountd added by r367026.
122	When nfsv4_server_only is set to "YES" in /etc/rc.conf, the NFS server
123	only handles NFSv4 and does not register with rpcbind.  As such, rpcbind
124	does not need to be running.  Useful for sites which consider rpcbind a
125	security issue.
126
127r366267:
128        Kernel option ACPI_DMAR was renamed to IOMMU.  amd64's IOMMU subsystem
129        was split out from amd64 DMAR support and is now generic, i.e., it can
130        be used by all architectures.
131
132r364896:
133	A series of commits ending with r364896 added NFS over TLS
134	to the kernel.  This is believed to be compatible with
135	the Internet Draft titled "Towards Remote Procedure Call Encryption
136	By Default" (expected to soon become an RFC).
137	The mount_nfs(8) and exports(5) man pages describe the mount and
138	export option(s) related to NFS over TLS.
139	For NFS over TLS to work, the rpctlscd(8) { client } or rpctlssd(8)
140	{ server } must be running on a kernel built with "options KERN_TLS"
141	on an architecture where PMAP_HAS_DMAP != 0.
142
143r364725:
144	Changes to one obscure devd event generated on resume need to
145	be documented. The old form will still be generated in 13, but not
146	in 14.
147
148r363679:
149	Applications using regex(3), e.g. sed/grep, will no longer accept
150	redundant escapes for most ordinary characters.
151
152r363253:
153	SCTP support has been removed from GENERIC kernel configurations.
154	The SCTP stack is now built as sctp.ko and can be dynamically loaded.
155
156r363233:
157	Merge sendmail 8.16.1: See contrib/sendmail/RELEASE_NOTES for details.
158
159r363180:
160	The safexcel(4) crypto offload driver has been added.
161
162r363084:
163	nc(1) now implements SCTP mode, enabled by specifying the --sctp option.
164
165r362681:
166	A new implementation of bc and dc has been imported. It offers
167	better standards compliance, performance, localization and comes
168	with extensive test cases that are optionally installed.
169	Use WITHOUT_GH_BC=yes to build and install the world with the
170	previous version instead of the new one, if required.
171
172r362158, r362163:
173	struct export_args has changed so that the "user" specified for
174	the -maproot and -mapall exports(5) options may be in more than
175	16 groups.
176
177r361884:
178	sed(1) has learned about hex escapes (e.g. \x27) and will now do the
179	right thing with them, removing the need for printf magic or obnoxious
180	escaping in many scenarios.
181
182r361238, r361798, r361799:
183	ZFS will now unconditionally reject read(2) of a directory with EISDIR.
184	Additionally, read(2) of a directory is now rejected with EISDIR by
185	default and may be re-enabled for non-ZFS filesystems that allow it with
186	the sysctl(8) MIB 'security.bsd.allow_read_dir'.
187
188	Aliases for grep to default to '-d skip' may be desired if commonly
189	non-recursively grepping a list that includes directories and the
190	possibility of EISDIR errors in stderr is not tolerable.  Example
191	aliases, commented out, have been installed in /root/.cshrc and
192	/root/.shrc.
193
194r361066:
195	Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5).
196	exec.prepare runs before mounts, so can be used to populate new jails.
197	exec.release runs after unmounts, so can be used to remove ephemeral
198	jails.
199
200r360920,r360923,r360924,r360927,r360928,r360931,r360933,r360936:
201	Remove support for ARC4, Blowfish, Cast, DES, Triple DES, MD5,
202	MD5-KPDK, MD5-HMAC, SHA1-KPDK, and Skipjack algorithms from
203	the kernel open cryptographic framework (OCF).
204
205r360562:
206	Remove support for ARC4, Blowfish, Cast, DES, Triple DES,
207	MD5-HMAC, and Skipjack algorithms from /dev/crypto.
208
209r360557:
210	Remove support for DES, Triple DES, Blowfish, Cast, and
211	Camellia ciphers from IPsec(4).  Remove support for MD5-HMAC,
212	Keyed MD5, Keyed SHA1, and RIPEMD160-HMAC from IPsec(4).
213
214r359945:
215	Remove support for Triple DES, Blowfish, and MD5 HMAC from
216	geli(4).
217
218r359786-r359787:
219	Remove support for DES, Triple DES, and RC4 from in-kernel GSS
220	authentication.
221
222r357627:
223	remove elf2aout.
224
225r357560-r357565:
226	init(8), service(8), and cron(8) will now adopt user/class environment
227	variables (excluding PATH, by default, which will be overwritten) by
228	default.  Notably, environment variables for all cron jobs and rc
229	services can now be set via login.conf(5).
230
231r357455:
232	sparc64 has been removed from FreeBSD.
233
234r355677:
235	Adds support for NFSv4.2 (RFC-7862) and Extended Attributes
236	(RFC-8276) to the NFS client and server.
237	NFSv4.2 is comprised of several optional features that can be supported
238	in addition to NFSv4.1. This patch adds the following optional features:
239	- posix_fadvise(POSIX_FADV_WILLNEED/POSIX_FADV_DONTNEED)
240	- posix_fallocate()
241	- intra server file range copying via the copy_file_range(2) syscall
242	--> Avoiding data tranfer over the wire to/from the NFS client.
243	- lseek(SEEK_DATA/SEEK_HOLE)
244	- Extended attribute syscalls for "user" namespace attributes as defined
245	  by RFC-8276.
246
247	For the client, NFSv4.2 is only used if the mount command line option
248	minorversion=2 is specified.
249	For the server, two new sysctls called vfs.nfsd.server_min_minorversion4
250 	and vfs.nfsd.server_max_minorversion4 have been added that allow
251	sysadmins to limit the minor versions of NFSv4 supported by the nfsd
252	server.
253	Setting vfs.nfsd.server_max_minorversion4 to 0 or 1 will disable NFSv4.2
254	on the server.
255
256r356263:
257	armv5 support has been removed from FreeBSD.
258
259r354517:
260	iwm(4) now supports most Intel 9260, 9460 and 9560 Wi-Fi devices.
261
262r354269:
263	sqlite3 is updated to sqlite3-3.30.1.
264
265r352668:
266	cron(8) now supports the -n (suppress mail on succesful run) and -q
267	(suppress logging of command execution) options in the crontab format.
268	See the crontab(5) manpage for details.
269
270r352304:
271	ntpd is no longer by default locked in memory. rlimit memlock 32
272	or rlimit memlock 0 can be used to restore this behaviour.
273
274r351863:
275	rc.subr(8) now honors ${name}_env in all rc(8) scripts.  Previously,
276	environment variables set by a user via ${name}_env were ignored
277	if the service defined a custom *_cmd variable to control the behavior
278	of the run_rc_command function, e.g., start_cmd, instead of relying on
279	the variables like command and command_args,
280
281r351770,r352920,r352922,r352923:
282	dd(1) now supports conv=fsync, conv=fdatasync, oflag=fsync, oflag=sync,
283	and iflag=fullblock flags, compatible with illumos and GNU.
284
285r351522:
286	Add kernel-side support for in-kernel Transport Layer Security
287	(KTLS).  KTLS permits using sendfile(2) over sockets using
288	TLS.
289
290r351397:
291	WPA is updated from 2.8 to 2.9.
292
293r351361:
294	Add probes for lockmgr(9) to the lockstat DTrace provider, add
295	corresponding lockstat(1) events, and document the new probes in
296	dtrace_lockstat.4.
297
298r351356:
299	Intel RST is a new 'feature' that remaps NVMe devices from
300	their normal location to part of the AHCI bar space.  This
301	will eliminate the need to set the BIOS SATA setting from RST
302	to AHCI causing the nvme drive to be erased before FreeBSD
303	will see the nvme drive. FreeBSD will now be able to see the
304	nvme drive now in the default config.
305
306r351201, r351372:
307	Add a vop_stdioctl() call, so that file systems that do not support
308	holes will have a trivial implementation of lseek(SEEK_DATA/SEEK_HOLE).
309	The algorithm appears to be compatible with the POSIX draft and
310	the implementation in Linux for the case of a file system that
311	does not support holes.  Prior to this patch, lseek(2) would reply
312	-1 with errno set to ENOTTY for SEEK_DATA/SEEK_HOLE on files in
313	file systems that do not support holes.
314	r351372 maps ENOTTY to EINVAL for lseek(SEEK_DATA/SEEK_HOLE) for
315	any other cases, such as a ENOTTY return from vn_bmap_seekhole().
316
317r350665:
318	The fuse driver has been renamed to fusefs(5) and been substantially
319	rewritten.  The new driver includes many bug fixes and performance
320	enhancements, as well as the following user-visible features:
321	* Optional kernel-side permissions checks (-o default_permissions)
322	* mknod(2), socket(2), and pipe(2) support
323	* server side locking with fcntl(2)
324	* FUSE operations are now interruptible when mounted with -o intr
325	* server side handling of UTIME_NOW during utimensat(2)
326	* mount options may be updated with "mount -u"
327	* fusefs file system may now be exported over NFS
328	* RLIMIT_FSIZE support
329	* support for fuse file systems using protocols as old as 7.4
330
331	FUSE file system developers should also take note of the following new
332	features:
333	* The protocol level has been raised from 7.8 to 7.23
334	* kqueue support on /dev/fuse
335	* server-initiated cache invalidation via FUSE_NOTIFY_REPLY
336
337r350471:
338	gnop(8) can now configure a delay to be applied to read and write
339	request delays.  See the -d, -q and -x parameters.
340
341r350315, r350316:
342	Adds a Linux compatible copy_file_range(2) syscall.
343
344r350307:
345	libcap_random(3) has been removed.  Applications can use native
346	APIs to get random data in capability mode.
347
348r349529,r349530:
349	Add support for using unmapped mbufs with sendfile(2).
350
351r349352:
352	nand(4) and related components have been removed.
353
354r349349:
355	The UEFI loader now supports HTTP boot.
356
357r349335:
358	bhyve(8) now implements a High Definition Audio (HDA) driver, allowing
359	guests to play to and record audio data from the host.
360
361r349286:
362	swapon(8) can now erase a swap device immediately before enabling it,
363	similar to newfs(8)'s -E option.  This behaviour can be specified by
364	adding -E to swapon(8)'s command-line parameters, or by adding the
365	"trimonce" option to a swap device's /etc/fstab entry.
366
367r347908-r347923:
368	The following network drivers have been removed: bm(4), cs(4), de(4),
369	ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4),
370	vx(4), wb(4), xe(4).
371
372r347532:
373	Wired page accounting has been split into kernel wirings and user
374	wirings (e.g., by mlock(2)).  Kernel wirings no long count towards
375	the global limit, which is renamed to vm.max_user_wired.  bhyve -S
376	allocates user-wired memory and is now subject to that limit.
377
378$FreeBSD$
379