[情報] FreeBSD 13.5-RELEASE Release Notes
https://www.freebsd.org/releases/13.5R/relnotes/
簡單重點.
1. 13.5-RELEASE 應該是13-STABLE系列的最後一版本,
13.5-RELEASE 為 13.4-RELEASE 安全性更新版本.
2. 13.4-RELEASE EoL June 30, 2025 , 13.5-RELEASE April 30, 2026
也就是說大約一年,要轉進新版.
3. 部份 32bits CPU 停止支援,可以看 https://www.freebsd.org/platforms/
FreeBSD 13.5-RELEASE Release Notes
Abstract
The release notes for FreeBSD 13.5-RELEASE contain a summary of the changes
made to the FreeBSD base system on the 13-STABLE development line. This
document lists applicable security advisories that were issued since
the last release, as well as significant changes to the FreeBSD kernel and
userland. Some brief remarks on upgrading are also presented.
Introduction
This document contains the release notes for FreeBSD 13.5-RELEASE. It describes
recently added, changed, or deleted features of FreeBSD. It also provides some
notes on upgrading from previous versions of FreeBSD.
The "release" distribution to which these release notes apply represents the
latest point along the 13-STABLE development branch since 13-STABLE was
created. Information regarding pre-built, binary "release" distributions
along this branch can be found at https://www.FreeBSD.org/releases/.
The "release" distribution to which these release notes apply represents a point
along the 13-STABLE development branch since 13.4-RELEASE. The 13.5-RELEASE
is expected to be the final release from the 13-STABLE branch.
Information regarding pre-built, binary "release" distributions along this
branch can be found at https://www.FreeBSD.org/releases/.
This distribution of FreeBSD 13.5-RELEASE is a "release" distribution. It can be
found at https://www.FreeBSD.org/releases/ or any of its mirrors. More
information on obtaining this (or other) "release" distributions of FreeBSD can
be found in the Obtaining FreeBSD appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before installing FreeBSD.
The errata document is updated with "late-breaking" information discovered late
in the release cycle or after the release. Typically, it contains information on
known bugs, security advisories, and corrections to documentation. An up-to-date
copy of the errata for FreeBSD 13.5-RELEASE can be found on the FreeBSD Web site.
This document describes the most user-visible new or changed features in FreeBSD
since 13.4-RELEASE. In general, changes described here are unique to the
13-STABLE branch unless specifically marked as MERGED features.
Typical release note items document recent security advisories issued after
13.4-RELEASE, new drivers or hardware support, new commands or options, major
bug fixes, or contributed software upgrades. They may also list changes to
major ports/packages or release engineering practices. Clearly the release notes
cannot list every single change made to FreeBSD between releases; this document
focuses primarily on security advisories, user-visible changes, and major
architectural improvements.
Upgrading from Previous Releases of FreeBSD
Binary upgrades between RELEASE versions (and snapshots of the various security
branches) are supported using the freebsd-update(8) utility. See the
release-specific upgrade procedure, FreeBSD 13.5-RELEASE upgrade information,
with more details in the FreeBSD handbook binary upgrade procedure. This will
update unmodified userland utilities, as well as unmodified GENERIC kernels
distributed as a part of an official FreeBSD release. The freebsd-update(8) u
tility requires that the host being upgraded have Internet connectivity.
Source-based upgrades (those based on recompiling the FreeBSD base system from
source code) from previous versions are supported, according to the instructions
in /usr/src/UPDATING.
Upgrading FreeBSD should only be attempted after backing up all data and
configuration files.
Security and Errata
This section lists the various Security Advisories and Errata Notices since
13.4-RELEASE.
Security Advisories
Advisory Date Topic
FreeBSD-SA-24:15.bhyve 19 September 2024 bhyve(8) out-of-bounds
read access via XHCI
emulation
FreeBSD-SA-24:16.libnv 19 September 2024 Integer overflow in
libnv
FreeBSD-SA-24:17.bhyve 29 October 2024 Multiple issues in the
[Abhyve hypervisor
FreeBSD-SA-24:18.ctl 29 October 2024 Unbounded allocation
in ctl(4) CAM Target
[BLayer
FreeBSD-SA-24:19.fetch 29 October 2024 Certificate revocation
list fetch(1) option
fails
FreeBSD-SA-25:01.openssh 29 January 2025 OpenSSH Keystroke
Obfuscation Bypass
FreeBSD-SA-25:02.fs 29 January 2025 Buffer overflow in some
filesystems via NFS
FreeBSD-SA-25:03.etcupdate 29 January 2025 Unprivileged access to
system files
FreeBSD-SA-25:04.ktrace 29 January 2025 Uninitialized kernel
memory disclosure via
ktrace(2)
FreeBSD-SA-25:05.openssh 21 February 2025 Multiple vulnerabilities
in OpenSSH
Errata Notices
Errata Date Topic
FreeBSD-EN-24:16.pf 19 September 2024 Incorrect ICMPv6 state
handling in pf
FreeBSD-EN-24:17.pam_xdg 29 October 2024 XDG runtime directory's
file descriptor leak at
login
FreeBSD-EN-25:01.rpc 29 January 2025 NULL pointer dereference
in the NFSv4 client
FreeBSD-EN-25:02.audit 29 January 2025 System call auditing
disabled by DTrace
FreeBSD-EN-25:03.tzdata 29 January 2025 Timezone database
information update
Userland
This section covers changes and additions to userland applications, contributed
software, and system utilities.
Contributed Software
libpcap has been consecutively updated to 1.10.3, 1.10.4 and 1.10.5.
7aedea868535, e6efc827e47a and 68ddf72800f8.
(Sponsored by The FreeBSD Foundation)
tpcdump has been consecutively updated to 4.99.4 and 4.99.5. e5258a079df3 and
094f44ea0358. (Sponsored by The FreeBSD Foundation).
tzdata has been consecutively updated to 2024b and 2025a. 59ffae6c0c7a and
2d6dcb4f97f8.
expat has been consecutively updated to 2.6.3 and 2.6.4. bab279022ba2 and
3d46113d2196.
less has been updated to v668. eed6d080a74f.
file has been updated consecutively to 5.45 and 5.46. 90222d7fa4bb and
dcb4ac96fcf6.
xz has been updated consecutively to 5.6.2 and 5.6.3. 45230e7f9298 and
aa2f56a6ecd6.
Some functionalities of libusb have been merged from the 1.0.16 version.
02ef8e4061ab. (Sponsored by The FreeBSD Foundation)
tzcode has been updated to 2024b. 036ce2460cbc. (Sponsored by Klara, Inc.)
With multiple intermediary commits and version updates llvm-project has been
updated to release/19.x llvmorg-19.1.7-0-gcd708029e0b2. 2611bae42b7d.
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp.
libarchive(3) has been updated to 3.7.7. 6c7993ffba96.
unbound(8) has been consecutively updated to 1.21.0, 1.21.1 and 1.22.0.
7217d74d1085, d10c9c15a3a4 and 741bb8476204.
wpa has been updated to 2.11. 87b2a3073aaf.
bc has been consecutively updated to 7.0.0 and 7.0.2. 1d669b3d15bc and
bb18c65a9177.
sqlite3 has been updated to 3.46.1. bee9d305ee57.
OpenSSH has been consecutively updated to 9.8p1, 9.9p1 and 9.9p2. b74bb7f01193,
cb8e164fbb15 and 31dcdee20afc. (Sponsored by The FreeBSD Foundation)
Deprecated Applications and Features
Update deprecation warning to note that gvinum(8) is removed in 15.0.
8126ed28bda6.
shar(1) has been deprecated and deprecation notice has been added. 0d946859c994.
The shar(1) program is simple, but the fundamental idea of a sh archive is
risky at best and one that probably should not be promoted as prominently as a
program in $PATH and a manpage. The same functionality can easily be found in
tar(1) instead.
While OpenSSH plans to remove support for the DSA signature algorithm in
early 2025, FreeBSD 13.5-RELEASE and the stable/13 branch are not expected
to receive upstream vendor code updates. However, potential security issues in
imported components may necessitate the removal of DSA signature support
during the branch’s lifetime.
Devices and Drivers
This section covers changes and additions to devices and device drivers since
13.4-RELEASE.
Device Drivers
Purism coreboot keyboards support was added. dfdcb418d7b8.
Support of Realtek 8156/8156B was moved from cdce(4) to ure(4). 1b0af7617e6c.
(Sponsored by The FreeBSD Foundation)
Support for Brainboxes USB-to-Serial adapters were added. c3a377dbbb87.
Deprecated and Removed Drivers
agp(4) has been planned for removal in FreeBSD 15.0, and the man page now
states that it is deprecated. 8375d2b9c653.
Storage
This section covers changes and additions to file systems and other storage
subsystems, both local and networked.
General Storage
Allow to pass {NGROUPS_MAX} + 1 groups in mountd(8). 927d7d57793a. NGROUPS_MAX
is just the minimum maximum of the number of allowed supplementary groups.
The actual runtime value may be greater. Allow more groups to be specified
accordingly. nmount(2) has been changed similarly.
(Sponsored by The FreeBSD Foundation)
Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106.
dfe803fdbc54.
Add microsecond precision for disk latency for gstat(8). d81b0f5e43f0.
(Sponsored by Postgres Professional)
Fix cd9660 duplicate directory names. 79778b7aafc8. This issue was at first
introduced in FreeBSD 14.2-RELEASE which caused it creating cd9660 images with
duplicate short (level 2) names in the installer images.
(Sponsored by The FreeBSD Foundation)
Networking
This section describes changes that affect networking in FreeBSD.
General Network
Convert PF_DEFAULT_TO_DROP into a vnet loader tunable net.pf.default_to_drop.
cb162f659578. 7f7ef494f11d introduced a compile time option PF_DEFAULT_TO_DROP
to make the pf(4) default rule to drop. While this change exposes a vnet loader
tunable net.pf.default_to_drop so that users can change the default rule without
re-compiling the pf(4) module. This change is similar to that for
IPFW 5f17ebf94db5.
Add AIM to igc(4) driver. eaa616f02193. igc(4) is derived from igb(4) and has
never had an AIM implementation. The same algorithm from e1000 is appropriate
here. The AIM algorithm was re-introduced from the older igb or out of tree
driver, and then modernized with permission to use Intel code from other
drivers. (Sponsored by Rubicon Communications, LLC/Netgate and BBOX.io)
Re-add AIM to e1000 driver. a527aa7a7f62.
(Sponsored by Rubicon Communications, LLC/Netgate and BBOX.io)
Old itr sysctl handler has been removed from the e1000 driver.
a42c3e61504b. With the new AIM code, it is expected most users will not need to
manually tune this. (Sponsored by BBOX.io)
Improve SFP support igb(4) driver. cf6a8711e437.
(Sponsored by Nozomi Networks and BBOX.io)
igb(4) driver version has been updated to 2.5.28-fbsd. a446e9481531.
if_bypass from ixgbe(4) has been updated to ix-3.3.38. 5121d1b91209.
if_ix from ixgbe(4) has been updated with ix-3.3.38 changes. 78d9eb6de856.
ixgbe_mbx from ixgbe(4) has been updated with ix-3.3.38 changes. fa00169e26ff.
ixgbe_phy from ixgbe(4) has been updated with ix-3.3.38 changes. b1dadbcebdfd.
if_sriov from ixgbe(4) has been updated with ix-3.3.38 changes. deea1953820e.
ena(4) driver version has been updated to 2.8.0. 2e7ba5d93e2d.
(Sponsored by Amazon, Inc.)
Hardware Support
This section covers general hardware support for physical machines, hypervisors,
and virtualization environments, as well as hardware changes and updates that
do not otherwise fit in other sections of this document.
Please see the list of hardware supported by 13.5-RELEASE, as well as the
platforms page for the complete list of supported CPU architectures.
Virtualization Support
Teach sysctl(8) to attach and run itself in a jail. 5b0a5d8c1ea3. This allows
the parent jail to retrieve or set kernel state when child does not have
sysctl(8) installed (for example light weighted OCI containers or slim jails).
This is especially useful when manipulating jail prison or vnet sysctls.
For example, sysctl -j foo -Ja or sysctl -j foo net.fibs=2.
Teach ip6addrctl(8) to attach and run itself in a jail. fa9926a62ae3.
This will make it easier to manage address selection policies of vnet jails,
especially for those light weighted OCI containers or slim jails.
Enable vnet sysctl(9) variables to be loader tunable. d2a999c2e0a0.
Completes phase two of 3da1cf1e88f8. The meaning of the flag CTLFLAG_TUN is
extended to automatically check if there is a kernel environment variable
which shall initialize the sysctl during early boot.
In memoriam of Hans Petter Selasky.
Add flags to filter jail prison and vnet variables via sysctl(8). 09cbd68e4e47.
So users do not have to contact the source code to tell whether a variable is
a jail prison / vnet one or not.
Define a common mac node for jail parameters of MAC. ae2383c0dd16.
To be used by MAC/do. (Sponsored by The FreeBSD Foundation)
ORACLE VMSIZE was bumped to accommodate growth. 75cd2f886164.
OCI was renamed to ORACLE in releng tooling. aad6a5f96b78. This allows future
releng tooling to use OCI for the industry standard Open Container Initiative
tooling, reducing potential for confusion Oracle Cloud Infrastructure.
(Sponsored by SkunkWerks, GmbH)
Documentation
This section covers changes to manual (man(1)) pages and other documentation
shipped with the base system.
Man Pages
Refer to graid(8) and zfs(8) instead of gvinum(8) in ccdconfig(8). 9e3c356f11a9.
ixgbe(4) has been renamed to ix(4). c07626eaa21a.
Ports Collection and Package Infrastructure
This section covers changes to the FreeBSD Ports Collection, package
infrastructure, and package maintenance and installation tools.
Packaging Changes
The KDE desktop environment has been removed from the installer images due to
compatibility issues with OpenSSL 1.1.1 and upcoming package breakages.
Installation and Upgrading
An option was added to edit the ZFS pool creation options in bsdinstall zfsboot.
6258b5bf0670. This allows the default options (-O compress=lz4 -O atime=off)
to be overridden, before the ZFS boot pool is created. For example, to set the
compression algorithm to something different.
Chase location of pkg repo databases. ef6b3c58883d. pkg used to store copies of
upstream repository databases in /var/db/pkg/repo-*.sqlite. About a year ago
this was moved to /var/db/pkg/repos/*/, resulting in FreeBSD cloud images no
longer having those databases removed. (Sponsored by Amazon)
General Notes Regarding Future FreeBSD Releases
FreeBSD 15.0 is not expected to include support for 32-bit platforms other than
armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed.
64-bit systems will still be able to run older 32-bit binaries.
The FreeBSD Project expects to support armv7 as a Tier 2 architecture in
FreeBSD 15.0 and stable/15. However, the Project also anticipates that armv7 may
be removed in FreeBSD 16.0. The Project will provide an update on the status of
armv7 for both 15.x and 16.x at the time of 15.0 release.
Support for executing 32-bit binaries on 64-bit platforms via the COMPAT_
FREEBSD32 option will continue for at least the stable/15 and stable/16 branches.
Support for compiling individual 32-bit applications via cc -m32 will also
continue for at least the stable/15 branch, which includes suitable headers in
/usr/include and libraries in /usr/lib32.
Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0
and later releases. These future releases will not include binary packages or
support for building packages from ports for deprecated 32-bit platforms.
The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel
and world support. Ports will retain existing support for building ports and
packages for 32-bit systems on stable/14 and earlier branches as long as those
branches are supported by the ports system. However, all 32-bit platforms are
Tier-2 or Tier-3, and support for individual ports should be expected to degrade
as upstreams deprecate 32-bit platforms.
With the current support schedule, stable/14 will reach end of life (EOL) around
5 years after the release of FreeBSD 14.0-RELEASE. The EOL of stable/14 will
mark the end of support for deprecated 32-bit platforms, including source
releases, pre-built packages, and support for building applications from ports.
With the release of 14.0-RELEASE in November 2023, support for deprecated 32-bit
platforms will end in November 2028.
The Project may choose to alter this approach when FreeBSD 15.0 is released by
extending some level of support for one or more of the deprecated platforms in
15.0 or later. Any alterations will be driven by community feedback and
committed efforts to support these platforms.
--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 140.238.52.217 (日本)
※ 文章網址: https://www.ptt.cc/bbs/FreeBSD/M.1744896411.A.AD4.html
FreeBSD 近期熱門文章
PTT數位生活區 即時熱門文章
