FreeBSD 15.0-RELEASE Release Notes

A new kdc_restart variable is available that manages kdc(8) (or krb5kdc) under daemon(8). Set kdc_restart="YES" in rc.conf(5) to auto restart kdc on abnormal termination. Set kdc_restart_delay="N" to the number of seconds to delay before restarting the kdc. abc4b3088941

By default, changes shown in email by the periodic(8) facility from the daily scripts show less context than before to reduce the size of the output. The behavior can be controlled by the daily_diff_flags variable in periodic.conf(5). Similarly, the changes shown by the security scripts show less context than previously, controlled by the security_status_diff_flags variable in periodic.conf(5). 538994626b9f, 37dc394170a5, 128e78ffb084

The adduser(8) utility, used by bsdinstall(8), will now create a ZFS dataset for a new user’s home directory if the parent directory resides on a ZFS dataset. A command-line option is available to disable use of a separate dataset. ZFS encryption is also available. 516009ce8d38

The date(1) program now supports nanoseconds. For example: date -Ins prints "2024-04-22T12:20:28,763742224+02:00" and date +%N prints "415050400". eeb04a736cb9

The dtrace(1) utility can now generate machine-readable output in JSON, XML, and HTML using libxo(3). aef4504139a4 (Sponsored by Innovate UK)

The lastcomm(1) utility now displays timestamps with a precision of seconds. 692c0a2e80c1 (Sponsored by DSS Gmbh)

The ldconfig(8) utility now supports hints files of either byte order. The default format is the native byte-order of the host. fa7b31166ddb

The usbconfig(8) utility now reads the descriptions of usb vendor and products from /usr/share/misc/usb_vendors when available, similar to what pciconf(8) does. 7b9a772f9f64

An option has been added to change the directory in env(1) which closely resembles the feature in the GNU version of env although it does not support long options. 08e8554c4a39 (Sponsored by Klara, Inc.)

Fix -U flag of ps(1) to select processes by real user IDs. This is what POSIX mandates for option -U and arguably the behavior that most users actually need in most cases. Before, -U would select processes by their effective user IDs (which is the behavior mandated by POSIX for option -u). a2132d91739d. (Sponsored by The FreeBSD Foundation).

Make '-O' more versatile and predictable for ps(1). The ps(1) display’s list of columns is now first built without taking into account the -O options. In a second step, all columns passed via -O are finally inserted after the built-so-far display’s first PID column (if it exists, else at start), in their order of appearance as arguments to the -O options. 1fc8cb547cd4. (Sponsored by The FreeBSD Foundation).

Remove not-explicitly-requested columns with duplicate data in ps(1). Before this change, when stacking up more columns in the display through command-line options, if user requested to add some "canned" display (through options -j, -l, -u or -v), columns in it that were "duplicates" of already requested ones (meaning that they share the same keyword, regardless of whether their headers have been customized) were in the end omitted. 7aa2f4826717. (Sponsored by The FreeBSD Foundation).

Add flags to filter jail prison and vnet variables in sysctl(8) output. So users do not have to contact the source code to tell whether a variable is a jail prison / vnet one or not. 615c9ce250ee.

grep(1) no longer follows symbolic links by default for recursive searches. This matches the documented behavior in the manual page. 3a2ec5957ea9

One True Awk (awk(1)) has been updated to 2nd Edition, with new -csv support and UTF-8 support. The snapshot used is 20250804. b45a181a74c8

The sendmail(8) suite has been upgraded to version 8.18.1, addressing CVE-2023-51765. 58ae50f31e95

bc has been upgraded to 7.0.2. 90ea553a0d30

libarchive has been upgraded to 3.7.7. 2ae238160f20

libcbor has been upgraded to 0.11.0. 1755b9daa693 (Sponsored by The FreeBSD Foundation)

libcxxrt has been upgraded to vendor snapshot 6f2fdfebcd62. d0dcee46d971

libfido2 has been upgraded to 1.14.0. 128bace5102e (Sponsored by The FreeBSD Foundation)

libpcap has been upgraded to 1.10.5. 26f21a6494b4 (Sponsored by The FreeBSD Foundation)

tcpdump has been upgraded to 4.99.5. ec3da16d8bc1 (Sponsored by The FreeBSD Foundation)

unbound has been upgraded to 1.22.0. 0a096a7b3ae8

llvm has been upgraded to 19.1.7-0-gcd708029e0b2. dc3f24ea8a25

zfs(8): OpenZFS has been updated to zfs-2.2-release(2.2.7)(2ec8b6948070).

xz(1) has been updated to 5.8.1(9679eedea94c).

less(1) has been updated to v668(0bb4c188d363).

file(1) has been updated to 5.46(71c92e6b94f0).

expat(3) has been updated to 2.7.1(6f7ee9ac036e).

tzdata has been updated to 2025b(475082194ac8).

OpenSSH has been updated to 9.9p2(059b786b7db5). (Sponsored by The FreeBSD Foundation).

OpenSSL has been updated to 3.0.16(cb29db243bd0).

googletest has been updated from 1.14.0 to 1.15.2(1d67cec52542). One notable change is that GoogleTest 1.15.x now officially requires C-14 (1.14.x required C-11).

spleen has been updated to Spleen 2.1.0(26336203d32c).

The setusercontext(3) routine in libutil will now set the process priority (nice) from the .login.conf file from the home directory under appropriate conditions, as well as the system login.conf(5). The priority can now have the value inherit, indicating that the priority should be unchanged from that of the parent process. Similarly, the umask can have the value inherit. 6f6186e19fe5, a8c273b3c97f, d2d66fedc418 (Sponsored by Kumacom SAS)

Many string and memory operations in the C library now use SIMD (single instruction multiple data) extensions for improved performance when available on amd64 systems; see simd(7). (Sponsored by The FreeBSD Foundation)

There is now a much better implementation of the 128-bit tgammal function in the math library, math(3), on platforms that support it. 8df6c930c151

fma(3) now returns correctly-signed zero when provided certain small inputs (as observed in the Python test suite). dc39004bc670 (Sponsored by The FreeBSD Foundation)

The cap_rights_is_empty function has been added. It reports whether a cap_rights_t has no rights set. e77813f7e4a3 (Sponsored by The FreeBSD Foundation)

libcxxrt has been updated to upstream 6f2fdfebcd62(d9901a23bd2f).

fdisk(8) has been deprecated in favor of gpart(8) for a long time but has not been removed, running this application will show a warning to migrate to gpart(8). 3958be5c29da (Sponsored by The FreeBSD Foundation)

The accuracy of asinf(3) and acosf(3) has improved. 33c82f11c267

Update deprecation warning to note that gvinum(8) is removed in 15.0(dec497a9fcbf).

Deprecation notice for syscons(4) has been added. syscons(4) is not compatible with UEFI, does not support UTF-8, and is Giant-locked. There is no specific timeline yet for removing it, but support for the Giant lock is expected to go away in one or two major release cycles. (8c922db4f3d9). (Sponsored by The FreeBSD Foundation).

OpenSSH plans to remove support for the DSA signature algorithm in early 2025.

publickey(5) stuffs has been deprecated. This uses DES and it is likely that nobody uses that in 2025. (9197c04a251b).

The fpu_kern_enter and fpu_kern_leave routines have been implemented for powerpc, allowing the use of ossl(4) crypto functions in the kernel that use floating point and vector registers. 91e53779b4fc

Support legacy PCI hotplug on arm64. 355f02cddbf0. (Sponsored by Arm Ltd).

Define a common 'mac' node for MAC’s jail parameters for mac(3). To be used by mac_do(4). 66fb52a27279. (Sponsored by The FreeBSD Foundation).

New setcred() system call and associated MAC hooks. This new system call allows to set all necessary credentials of a process in one go: Effective, real and saved UIDs, effective, real and saved GIDs, supplementary groups and the MAC label. Its advantage over standard credential-setting system calls (such as setuid(), seteuid(), etc.) is that it enables MAC modules, such as mac_do(4), to restrict the set of credentials some process may gain in a fine-grained manner. c1d7552dddb5. (Sponsored by The FreeBSD Foundation).

Support multiple users and groups as single rule’s targets in mac_do(4). Supporting group targets is a requirement for mac_do(4) to be able to enforce a limited set of valid new groups passed to setgroups(). Additionally, it must be possible for this set of groups to also depend on the target UID, since users and groups are quite tied in UNIX (users are automatically placed in only the groups specified through '/etc/passwd' (primary group) and '/etc/group' (supplementary ones)). 83ffc412b2e9. (Sponsored by The FreeBSD Foundation).

Teach sysctl(8) to attach and run itself in a jail. This allows the parent jail to retrieve or set kernel state when child does not have sysctl(8) installed (for example light weighted OCI containers or slim jails). This is especially useful when manipulating jail prison or vnet sysctls. For example, sysctl -j foo -Ja or sysctl -j foo net.fibs=2. 8d5d7e2ba3a6.

Enable vnet sysctl(9) variables to be loader tunable. In 3da1cf1e88f8, the meaning of the flag CTLFLAG_TUN is extended to automatically check if there is a kernel environment variable which shall initialize the SYSCTL during early boot. It works for all SYSCTL types both statically and dynamically created ones, except for the SYSCTLs which belong to VNETs. Note that the implementation has a limitation. It behaves the same way as that of non-vnet loader tunables. That is, after the kernel or modules being initialized, any changes (for example via kenv) to kernel environment variable will not affect the corresponding vnet variable of subsequently created VNETs. To overcome it, TUNABLE_XXX_FETCH can be used to fetch the kernel environment variable into those vnet variables during vnet constructing. 894efae09de4

sound(4): Allocate vchans on-demand. Refactor pcm_chnalloc() and merge with parts of vchan_setnew() (now removed) and dsp_open()’s channel creation into a new dsp_chn_alloc() function. The function is responsible for either using a free HW channel (if vchans are disabled), or allocating a new vchan. hw.snd.vchans_enable (previously hw.snd.maxautovchans) and dev.pcm.X.{play|rec}.vchans now work as tunables to only enable/disable vchans, as opposed to setting their number and/or (de-)allocating vchans. Since these sysctls do not trigger any (de-)allocations anymore, their effect is instantaneous, whereas before it could have frozen the machine (when trying to allocate new vchans) when setting dev.pcm.X.{play|rec}.vchans to a very large value. 960ee8094913. (Sponsored by The FreeBSD Foundation).

LinuxKPI: linux_alloc_pages() now honors __GFP_NORETRY. This is to fix slowdowns with drm-kmod that get worse over time as physical memory become more fragmented (and probably also depending on other factors). 831e6fb0baf6 (Sponsored by The FreeBSD Foundation).

A driver is available for ice(4) Ethernet network controllers in the Intel E800 series, which support 100 Gb/s operation. It was upgraded to version 1.43.2-k. 38a1655adcb3 (Sponsored by Intel Corporation)

Numerous stability improvements have been in the iwlwifi(4) driver for Intel Wi-Fi devices. (Sponsored by The FreeBSD Foundation)

Multiple PCI MCFG regions are now supported on amd64 and i386, allowing PCI configuration space access for domains (segments) other than 0. 4b5f64408804

The smsc(4) Ethernet driver can now fetch the value of smsc95xx.macaddr passed by some Raspberry Pi models and use it for the MAC address. It always uses a stable MAC address even if there is no address in EEPROM. 028e4c6548e4

The snd_clone framework has been removed from the sound subsystem, including related sysctls, simplifying the system. The per-channel nodes (/dev/dspX.Y) are no longer created, just the primary device (/dev/dspX). e6c51f6db8d7 (Sponsored by The FreeBSD Foundation)

Audio now supports asynchronous device detach. This greatly simplifies hot plugging and unplugging of things such as USB headsets, and eases use of PulseAudio in cases that require operating system sleep and wake (suspend and resume). d692c314d29a (Sponsored by The FreeBSD Foundation)

ena has been upgraded to 2.8.0. 6bf02434bd9a (Sponsored by Amazon, Inc.)

ice_ddp has been upgraded to 1.3.41.0. a9d78bb714e3 (Sponsored by Intel Corporation)

Tiger Lake-H support has been added to the hda(4) driver. dbb6f488df6e

Meteor Lake support has been added to the ichsmb(4) driver. 14c22e28e4ee (Sponsored by Framework Computer Inc) (Sponsored by The FreeBSD Foundation)

Meteor Lake support has been added to the ig4(4) driver. 56f0fc0011c2

A new wireless driver supporting some Realtek chipsets is available: rtw89(4). a2d1e07f6451 (Sponsored by The FreeBSD Foundation)

Support for Realtek 8156/8156B has been moved from from cdce(4) to ure(4) for improved performance and reliability. 630077a84186 (Sponsored by The FreeBSD Foundation)

Support for ACPI GPIO _AEI objects has been added. 1db6ffb2a482 (Sponsored by Amazon)

nvme(4) and nvmecontrol(8) have been enabled on all architectures. 24687a65dd7f, aba2d7f89dcf (Sponsored by Chelsio Communications and Netflix)

mpi3mr(4) driver version has been updated to 8.14.0.2.0(e6d4b221ba7c).

mpi3mr(4) MPI Header has been updated to Version 36. This aligns with the latest MPI specification. This includes updated structures, field definitions, and constants required for compatibility with updated firmware. (60cf1576501d).

The mpi3mr(4) driver is now in GENERIC (e2b8fb2202c2).

rtw88(4): Merge Realtek’s rtw88 driver based on Linux v6.14 (8ef442451791). (Sponsored by The FreeBSD Foundation).

rtw89(4): Merge Realtek’s rtw89 driver based on Linux v6.14 (b6e8b845aeab). (Sponsored by The FreeBSD Foundation).

iwmbtfw(4): Add support for 9260/9560 bluetooth adaptors (8e62ae9693bd). Required firmware files are already included in to comms/iwmbt-firmware port.

ena(4) driver version has been updated to v2.8.1 (a1685d25601e). (Sponsored by Amazon, Inc.)

ix(4): Add support for 1000BASE-BX SFP modules x550(24491b4acce5).

bnxt(4): Enable NPAR support on BCM57504 10/25GbE NICs. (54f842ed8897).

bnxt(4): Add 5760X (Thor2) PCI IDs support. Add Thor2 PCI IDs. (45e161020c2d).

bnxt(4): Add support for 400G speed modules (32fdad17f060).

ix(4): Add support for 1000BASE-BX SFP modules. Add support for 1Gbit BiDi modules. (c34817d9aef7).

igc(4): Fix attach for I226-K and LMVP devices. The device IDs for these were in the driver’s list of PCI ids to attach to, but igc_set_mac_type() had never been setup to set the correct mac type for these devices. Fix this by adding these IDs to the switch block in order for them to be recognized by the driver instead of returning an error. This fixes the igc(4) attach for the I226-K LOM on the ASRock Z790 PG-ITX/TB4 motherboard, allowing it to be recognized and used. f034ddd2fa38.

Remove old itr sysctl handler from em(4). This implementation had various bugs. The unit conversion/scaling was wrong, and it also did not handle 82574L or igb(4) devices correctly. With the new AIM code, it is expected most users will not need to manually tune this. edf50670e215 (Sponsored by BBOX.io).

Added support for Brainboxes USB-to-Serial adapters in uftdi(4). (47db906375b5)

agp(4) has been planned for removal in FreeBSD 15.0, and the man page now states that it is deprecated. 92af7c97e197

syscons(4) has been planned for removal in future releases, and has been noted as deprecated in the man pages to notify users to migrate to vt(4). 2bc5b1d60512 (Sponsored by The FreeBSD Foundation)

The mountd(8) server has been modified to use strunvis(3) to decode directory names in exports(5) file(s). This allows special characters, such as blanks, to be embedded in the directory name. vis -M may be used to encode such directory names; see vis(1). 2c83f1ada435

New sysctl(8) variables have been added under kern.rpc.unenc and kern.rpc.tls, which allow an NFS server administrator to determine how much NFS-over-TLS is being used. A large number of failed handshakes might indicate an NFS configuration problem. b8e137d8d32d

Soft updates are now enabled by default when creating a new UFS file system with newfs(8). 6b2af2d88ffd

Define a new -a command line option mountd(8). When a file system was exported with the -alldirs flag, the export succeeded even if the directory path was not a server file system mount point. ead3cd3ef628

Document recent file handle layout changes. ca22082c01a7

Allow to pass {NGROUPS_MAX} + 1 groups in mountd(8). NGROUPS_MAX is just the minimum maximum of the number of allowed supplementary groups. The actual runtime value may be greater. Allow more groups to be specified accordingly (now that, a few commits ago, nmount(2) has been changed similarly). ca9614d8f64a (Sponsored by The FreeBSD Foundation).

Lots of improvements to the network stack, including performance improvements and bug fixes for the sctp(4) stack.

Descriptors returned by sctp_peeloff(2) now inherit capabilities from the parent socket. ae3d7e27abc9 (Sponsored by The FreeBSD Foundation)

The ifconfig(8) utility will no longer accept assigning IP addresses to the underlying member interfaces of a bridge(4). To temporarily bypass this safeguard, use the net.link.bridge.member_ifaddrs sysctl(8). This sysctl is expected to be removed in FreeBSD 16. b61850c4e6f6

ARP (arp(4)) support for 802-standard networks has been restored; it had been accidentally removed with FDDI support. (This is different than the Ethernet standard encapsulation.) d776dd5fbd48

It is possible to build a kernel with IPv6 support (INET6) without IPv4 (INET). 6df9fa1c6b83 and others

The netgraph ng_ipfw(4) module no longer truncates cookies to 16 bits, allowing a full 32 bits. dadf64c5586e

AIM(Adaptive Interrupt Moderation) support has been added to the igc(4) driver. 472a0ccf847a (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io)

This feature has also been added to the lem(4), em(4) and igb(4) drivers. A major regression in UDP performance introduced in FreeBSD 12.0, including NFS over UDP, is believed to be fixed with this change. 49f12d5b38f6 (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io)

Teach ip6addrctl(8) to attach and run itself in a jail. This will make it easier to manage address selection policies of vnet jails, especially for those light weighted OCI containers or slim jails. b709f7b38cc4

Convert PF_DEFAULT_TO_DROP into a vnet loader tunable 'net.pf.default_to_drop' for pf(4). 7f7ef494f11d introduced a compile time option PF_DEFAULT_TO_DROP to make the pf(4) default rule to drop. While this change exposes a vnet loader tunable 'net.pf.default_to_drop' so that users can change the default rule without re-compiling the pf(4) module. 3965be101c43

The LinuxKPI 802.11 compatibility layer linuxkpi_wlan(4) gained support for the Galois/Counter Mode Protocol (GCMP) from wlan_gcmp(4). (Sponsored by The FreeBSD Foundation)

The rtw88(4) driver was made to work (associate) again and a memory leak got resolved. (Sponsored by The FreeBSD Foundation)

Following other drivers iwlwififw(4) firmware was removed from the base system in favor of the ports based solution and fwget(8) support. In case of updating from earlier releases, users must install the firmware packages upfront. (Sponsored by The FreeBSD Foundation)

The NVMM hypervisor is now detected. 34f40baca641

The VNC server in bhyve(8) will now show the correct colors when using the www/novnc client. f9e09dc5b1d5

Under Hyper-V, TLB flushes are now performed using hypercalls rather than IPIs, providing up to a 40% improvement in TLB performance. 7ece5993b787 (Sponsored by Microsoft)

Several bug fixes and configuration changes collectively allow device hotplug on both x86 and arm64 ("Graviton") EC2 instances. Users upgrading EC2 instances from earlier FreeBSD releases should set hw.pci.intx_reroute=0 and debug.acpi.quirks="56" in /boot/loader.conf.

The AT_NO_AUTOMOUNT flag is now ignored for all Linuxulator stat() variants (as the behavior specified by the flag already matches FreeBSD’s), improving Linux application compatibility. 99d3ce80ba07 (Sponsored by The FreeBSD Foundation)

A new networking(7) manual page provides a quickstart guide to connecting the system to networks including Wi-Fi, and links to other manual pages and the handbook. 39f92a4c4c49

Refer to graid(8) and zfs(8) instead of gvinum(8) in ccdconfig(8)). (55cb3a33d920).

ps(1): Document change in behavior for -a/-A. Document the practical consequence of change 93a94ce731a8 that specifying -a/-A leads to printing all processes regardless of the presence of other process selection options (except for -x/-X, which command a filter). eed005b57895. (Sponsored by The FreeBSD Foundation).

ps(1): Change in behavior for option -U. 4e4739dd0745 (Sponsored by The FreeBSD Foundation).

ps(1): Change of how current user’s processes are matched. 7219648f60d1. (Sponsored by The FreeBSD Foundation).

ps(1): Match current user’s processes using effective UID. This puts ps(1) of FreeBSD in conformance with POSIX. 1e8dc267ca91. (Sponsored by The FreeBSD Foundation).

mac_do(4): Change of rules syntax; Provide hints and pointers. 0c3357dfa18f. (Sponsored by The FreeBSD Foundation).

firewire(4): Add deprecation notice. This was originally discussed as part of FreeBSD 15 planning, but did not happen in time. Add the deprecation notice now, with an expectation that it will be removed before FreeBSD 16. fc889167c319. (Sponsored by The FreeBSD Foundation).

The ethernet switch controllers, mtkswitch(4), ip17x(4), ar40xx(4), and e6000sw(4) have gained initial manual pages.

mount(8) has gained an example for remounting all filesystems read/write in single-user mode.

Manual pages for the lua loader(8) modules have had their desctiptions reworded to optimize apropos(1) results.

The manual pages style guide, style.mdoc(5), has gained a section for listing supported hardware. When listed this way, the supported hardware will be listed in the supported hardware notes. Many manuals have had this section added or reworded in this release.

Much work has gone into adding sysctl(8)s and environment variables to the manual. Try searching for them with apropos Va=here.is.the.sysctl or apropos Ev=here_is_the_environment_variable.

The intro(5) to the File Formats manual has been revised, incorporating improvements from OpenBSD.

The FreeBSD installer, bsdinstall(8), now supports downloading and installing firmware packages after the FreeBSD base system installation is complete. 03c07bdc8b31 (Sponsored by The FreeBSD Foundation)

The net/wifi-firmware-kmod@release package has been added to the DVD package set in order to provide necessary firmware for wifi drivers. 8c6df7ead19c (Sponsored by The FreeBSD Foundation)