FreeBSD 14.0 has been released. What has changed in the new version?

If you remember, there was this meme: “Jva waited for a year,” back from the bash. And we really waited here not even two years, but two and a half, until it came out

new release of FreeBSD 14.0

. It is already ready, and its installation images

carefully prepared

for architectures such as amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv7, aarch64 and riscv64.

This branch, by the way, is the last where 32-bit platforms will be supported. The 15th will provide support only for 64-bit ones, however, with the ability to build 32-bit programs and use the COMPAT_FREEBSD32 mode to run 32-bit executable files in a 64-bit environment. But let’s see what FreeBSD 14.0 has in store for us.

A good place to start is with the warning issued by the release manager. It lies in the possibility of problems occurring when updating from the previous branch. It is highly recommended to run the command “freebsd-update fetch install” before updating. Failure to do this may result in a failure. The reason is that the previous freebsd-update utility does not support the possibility of the same file name and directory existing in different releases. It has also been reported that there may be problems processing changes to master.passwd. Actually, all this can be avoided by following the recommendations indicated above.

What was removed from the new release?

Quite a lot of things, the new product has cleaned out many outdated systems that are no longer relevant. These include:

OPIE one-time passwords (if needed, the security/opie port will need to be installed).

Drivers for sound cards with ISA interface.

Utilities fmtree and minigzip.

Netgraph ATM components (NgATM).

Background telnetd process (net/freebsd-telnetd port can be used).

The VINUM class in geom.

Outdated amr, iscsi_initiator, iir, mn, mly, nlmrsa and twa drivers.

Support for asymmetric cryptographic operations from the kernel-level OCF (Open Cryptographic Framework) cryptographic framework.

The PROFILE assembly setting no longer exists, it has been disabled.

The mergemaster utility, which should be replaced by etcupdate.

portsnap utility (you should use “git clone” to extract ports git.FreeBSD.org/ports.git /usr/ports”).

Removed support for MIPS architecture.

What’s new?

A lot of things have been cleaned up, but we have listed the most important “liquidations” above. Everything else, for the most part, is something that many have already forgotten to think about. Well now let’s see

what changed

The default command interpreter for the root user is /bin/sh.

Activated assembly of executable files for 64-bit architectures in PIE (Position Independent Executable) mode.

For NVME devices, the nda driver is now used by default. If you need the old one, then you need to write “hw.nvme.use_nvd=1” in loader.conf.

There is a new fwget utility that allows you to determine the equipment that requires firmware. The utility installs the appropriate packages, although so far only for PCI devices and firmware for Intel and AMD GPUs.

A utility of the same name has been added to encode and decode data in base64.

Now dma (DragonFly Mail Agent) is used as the mail agent. Sendmail has been retained in the basic package and updated to version 8.17.1.

Also added support for TLS 1.3 hardware acceleration in KTLS.

By default, pw and bsdinstall create users in the “/home” directory, not in “/usr/home”.

Enabled building of executable files for 64-bit architectures in PIE (Position Independent Executable) mode.

The ability to forward access to the TPM (Trusted Platform Module) and GPU (in virtual environments for AMD and Intel chips) has been added to the Bhyve hypervisor.

More good news is that ZFS has been updated to release OpenZFS 2.2. It is now possible to create a ZFS pool that is associated with one vdev virtual disk.

The number of supported CPU cores has increased significantly – from 256 immediately to 1024, for systems on amd64 and arm64 architectures.

The tarfs file system has been introduced, which can be used with tar archives compressed with zstd.

Another piece of good news is the addition of a FIRECRACKER kernel tuning option to allow FreeBSD to run on the Firecracker virtualization system, which is designed to run virtual machines with minimal overhead.

NFS support has also been expanded, the release includes a new mount option “syskrb5” to support Kerberos in NFSv 4.1/4.2, and support for the ExchangeID operation is also implemented.

The kernel crypto subsystem now supports the XChaCha20-Poly1035 AEAD encryption algorithm, and also adds an API for using the curve25519 elliptic curve (for WireGuard).

Reboot time has been reduced. Thus, a new parameter has appeared, the sysctl parameter kern.reboot_wait_time, through which you can change the delay before the actual reboot after all diagnostic messages are output to the console.

The data transfer rate through the serial port in the kernel, bootloaders and user space has also been increased – from 9600 to 115200 bps.

By default, TCP uses the CUBIC network congestion control mechanism instead of NewReno, which allows for greater utilization of available bandwidth.

Additionally, IPv4 disables sending broadcast packets to subnet address zero unless that address is explicitly declared a broadcast address. The change allows hosts to use addresses ending in “.0”.

OpenSSH settings have been changed: in scp the SFTP protocol is enabled by default instead of scp/rcp, support for RSA/SHA-1 signatures is disabled, the VerifyHostKeyDNS and X11Forwarding parameters are set to “no”, the VersionAddendum directive is removed, support for HPN settings is removed.

It is worth paying attention to the fact that the versions of third-party applications and libraries included in the base system have been updated: OpenSSH 9.5p1, OpenSSL 3.0.12 (previously branch 1.1.1 was used), awk 2021072, bc 6.6.0, libbsdxml 2.4.7, libfido2 1.13 .0, tcpdump 4.99.4, libpcap 1.10.4, xz 5.4.3, zlib 1.3, zstd 1.5.2. The implementation of the objdump utility has been replaced by llvm-objump. The Clang compiler has been updated to branch 16.

Support for cloud systems has also been optimized. For example, experimental builds with ZFS root file system and cloud-init have been added for AWS EC2. For Azure, images are provided for arm64 and amd64 architectures, with a choice of UFS or ZFS. Added driver for gve virtual network card (Google Virtual NIC).

Actually, the most important thing has been said. If you have already installed this version, tell us how you like it – are there any glitches or problems? Or does everything work smoothly and without interruptions?