This does not include entries for changes that were included in 12.2
release.
Reviewed by: emaste (earlier version)
Differential Revision: https://reviews.freebsd.org/D29279
The kernel now supports enforcing a W^X memory mapping policy for user
processes.
The policy is not enforced by default but can be enabled by setting the
`kern.elf32.allow_wx` and `kern.elf64.allow_wx` sysctls to 0.
Individual binaries can be exempted from the policy by man:elfctl[1] via
the `wxneeded` feature.
gitref:2e1c94aa1fd5[repository=src] {{< sponsored "The FreeBSD Foundation" >}}
[[userland-programs]]
=== Userland Application Changes
@ -123,8 +143,13 @@ This permits rotation of the output file via man:newsyslog[8]. gitref:4cd407ec93
The man:daemon[8] utility no longer blocks SIGTERM during the restart delay. gitref:09a3675d961[repository=src]
The man:devd[8] utility now reports a `kernel` system event when the system
resumes from sleep rather than a `kern` system event. gitref:f87655ec7694[repository=src]
The man:diskinfo[8] utility now reports the physical device name GEOM attribute when available. gitref:b5961be1ab7[repository=src]
The man:elf2aout[1] utility has been removed. gitref:dd99ab06f360[repository=src]
The man:freebsd-update[8] utility now displays progress for the "Fetching files..." stage. gitref:d6e1e31a0e6[repository=src]
The man:freebsd-update[8] utility now supports the `-p` flag, which ensures password db changes are included in [.filename]#/etc/passwd# via man:pwd_mkdb[8]. gitref:9b6591109e8[repository=src] {{< sponsored "The FreeBSD Foundation" >}}
@ -133,6 +158,11 @@ The man:freebsd-update[8] utility now supports the `updatesready` and `showconfi
The manual page for the man:freebsd-update[8] utility documents using the `PAGER` environment variable for non-interactive use. gitref:32f4592764d[repository=src]
The obsolete version of the GNU debugger installed to [.filename]#/usr/libexec# for use by man:crashinfo[8] has been removed.
Detailed kernel crash information can be obtained by installing modern GDB
from ports or packages.
gitref:1c0ea326aa6d[repository=src]
The manual page for the man:gstat[8] utility now documents the use of interactive keyboard commands. gitref:cfaa2958dc4[repository=src]
The manual page for the man:inetd[8] utility now includes an example of how to use netcat as an HTTP proxy. gitref:a58fc861516[repository=src]
@ -156,6 +186,23 @@ The previous implementation is still available in FreeBSD-13 and can be selected
The new man:getlocalbase[3] function in libutil retrieves the LOCALBASE path in a standard way. gitref:30d21d27953[repository=src]
The man:cap_random[3] function has been removed as it has been
superseeded by man:getrandom[2]. gitref:a76f78dc3f43[repository=src]
A new Linux-compatible man:copy_file_range[2] system call supports efficient
file copies.
In particular, this system call permits the kernel to request that an NFSv4.2
server perform a copy operation locally on the server. gitref:bbbbeca3e9a3[repository=src]
The man:regex[3] function no longer accepts redundant escapes for most
ordinary characters.
This will cause applications such as man:sed[1] and man:grep[1] to reject
regular expressions using these escapes.
gitref:adeebf4cd47c[repository=src]
New man:aio_readv[2] and man:aio_writev[2] system calls provide vectored
analogues of man:aio_read[2] and man:aio_write[2]. gitref:022ca2fc7fe0
[[kernel]]
== Kernel
@ -169,6 +216,46 @@ Notably, if a process had been assigned a numbered cpuset then it will be assign
allowed to the attaching process and the jail.
Processes belonging to the superuser will implicitly widen their CPU mask as needed if they share no CPUs in common with the jail.
The in-kernel cryptographic framework has been overhauled to better support
modern cryptographic algorithms as well as simplify the interface for both
A new man:safexcel[4] driver supports cryptographic requests via the EIP-97
packet processing module found on the ESPRESSObin. gitref:b356ddf07671[repository=src] {{< sponsored "Rubicon Communications, LLC" >}}
A new man:usbhid[4] driver uses drivers from the man:hid[4] framework for USB
HID devices instead of man:ukbd[4], man:ums[4], and man:uhid[4].
man:usbhid[4] is enabled by adding `hw.usb.usbhid.enable=1` to [.filename]#/boot/loader.conf# and adding `usbhid` to `kld_list=""` in [.filename]#/etc/rc.conf#. gitref:b62f6dfaed3d[repository=src]
The suite of VirtIO device drivers now support the VirtIO V1 spec. This improves FreeBSD's compatibility as a guest operating system with various hypervisors and emulators including the ability to run on the link:https://wiki.qemu.org/images/4/4e/Q35.pdf[Q35 chipset] under QEMU.
The man:armv8crypto[4] driver which supports software cryptography on
ARMv8 CPUs now supports AES-XTS which is used by man:geli[4].
gitref:4979620ece98[repository=src]
The man:armv8crypto[4] driver now supports AES-GCM which is used by IPsec
man:tcp[4] now supports Proportional Rate Reduction (as described by RFC6937) to improve SACK loss recovery during burst loss and ACK thinning scenarios.
This feature is enabled by default.
A new man:sysctl[8], `net.inet.tcp.do_prr`, can be set to `0` to restore the prior behavior.
@ -243,6 +416,10 @@ The man:ping[8] and man:ping6[8] utilities have been merged.
man:ping[8] supports both IPv4 and IPv6.
A legacy man:ping6[8] is retained for backwards compatibility. gitref:3cde9171d2d5[repository=src]
SCTP support is now available as a new [.filename]#sctp.ko# kernel module
and is no longer compiled into GENERIC by default.
gitref:e64080e79c53[repository=src] {{< sponsored "The FreeBSD Foundation" >}}
[[network-general]]
=== General Network
@ -258,6 +435,12 @@ The amd64 architecture now supports Hygon Dhyana Family 18h processors. gitref:
The amd64 architecture now supports 57-bit virtual addresses (LA57) on supported CPUs. This permits user processes to use up to 56 bits of virtual address space. This also includes support for five layer nested page tables used by bhyve. gitref:9ce875d9b59d[repository=src] {{< sponsored "The FreeBSD Foundation" >}}
[[ARM-ARM64]]
=== ARMv5
Support for version 5 of the 32-bit ARM architecture has been removed.
Building for `TARGET=arm` now defaults to a `TARGET_ARCH` of `armv7`.
gitref:eb4977bd0fb2[repository=src]
=== Allwinner
The aw_gpio driver now suppots GPIO interrupts. gitref:0fe5379c6a9[repository=src]
@ -284,6 +467,11 @@ if_dwc now supports flow control. gitref:2b4a66ed171[repository=src]
if_dwc now supports checksum offloading. gitref:98ea5a7b9a1[repository=src]
=== Sparc
Support for the `sparc64` architecture (SPARC 9) has been removed.