--- title: "FreeBSD 14.2-RELEASE Release Notes" sidenav: download --- :localRel: 14.2 :releaseCurrent: 14.2-RELEASE :releaseBranch: 14-STABLE :releasePrev: 14.1-RELEASE :releaseNext: 14.3-RELEASE :releaseType: "release" include::shared/en/urls.adoc[] = FreeBSD {releaseCurrent} Release Notes :doctype: article :toc: macro :toclevels: 1 :icons: font == Abstract [.abstract-title] The release notes for FreeBSD {releaseCurrent} contain a summary of the changes made to the FreeBSD base system on the {releaseBranch} development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented. [[intro]] == Introduction This document contains the release notes for FreeBSD {releaseCurrent}. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD. The {releaseType} distribution to which these release notes apply represents the latest point along the {releaseBranch} development branch since {releaseBranch} was created. Information regarding pre-built, binary {releaseType} distributions along this branch can be found at https://www.FreeBSD.org/releases/[]. This distribution of FreeBSD {releaseCurrent} is a {releaseType} distribution. It can be found at https://www.FreeBSD.org/releases/[] or any of its mirrors. More information on obtaining this (or other) {releaseType} distributions of FreeBSD can be found in the link:{handbook}/mirrors[Obtaining FreeBSD appendix] to the link:{handbook}/[FreeBSD Handbook]. All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with "late-breaking" information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD {releaseCurrent} can be found on the FreeBSD Web site. This document describes the most user-visible new or changed features in FreeBSD since {releasePrev}. In general, changes described here are unique to the {releaseBranch} branch unless specifically marked as MERGED features. Typical release note items document recent security advisories issued after {releasePrev}, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. [[upgrade]] == Upgrading from Previous Releases of FreeBSD Binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the man:freebsd-update[8] utility. See the release-specific upgrade procedure, link:../installation/#upgrade-binary[FreeBSD {releaseCurrent} upgrade information], with more details in the FreeBSD handbook link:{handbook}cutting-edge/#freebsdupdate-upgrade[binary upgrade procedure]. This will update unmodified userland utilities, as well as unmodified GENERIC kernels distributed as a part of an official FreeBSD release. The man:freebsd-update[8] utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the FreeBSD base system from source code) from previous versions are supported, according to the instructions in [.filename]#/usr/src/UPDATING#. [IMPORTANT] ==== Upgrading FreeBSD should only be attempted after backing up _all_ data and configuration files. ==== [[security-errata]] == Security and Errata This section lists the various Security Advisories and Errata Notices since {releasePrev}. [[security]] === Security Advisories [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Advisory | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc[FreeBSD-SA-24:04.openssh] |01 July 2024 |OpenSSH pre-authentication remote code execution |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc[FreeBSD-SA-24:05.pf] |07 August 2024 |pf incorrectly matches different ICMPv6 states in the state table |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc[FreeBSD-SA-24:06.ktrace] |07 August 2024 |man:ktrace[2] fails to detach when executing a setuid binary |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc[FreeBSD-SA-24:07.nfsclient] |07 August 2024 |NFS client accepts file names containing path separators |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc[FreeBSD-SA-24:08.openssh] |07 August 2024 |OpenSSH pre-authentication async signal safety issue |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv] |04 September 2024 |Multiple vulnerabilities in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via TPM device passthrough |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl] |04 September 2024 |Multiple issues in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve] |04 September 2024 |man:bhyve[8] privileged guest escape via USB controller |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc[FreeBSD-SA-24:13.openssl] |04 September 2024 |Possible DoS in X.509 name checks in OpenSSL |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx] |04 September 2024 |umtx Kernel panic or Use-After-Free |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve] |19 September 2024 |man:bhyve[8] out-of-bounds read access via XHCI emulation |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv] |19 September 2024 |Integer overflow in libnv |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:17.bhyve.asc[FreeBSD-SA-24:17.bhyve] |29 October 2024 |Multiple issues in the bhyve hypervisor |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc[FreeBSD-SA-24:18.ctl] |29 October 2024 |Unbounded allocation in man:ctl[4] CAM Target Layer |https://www.freebsd.org/security/advisories/FreeBSD-SA-24:19.fetch.asc[FreeBSD-SA-24:19.fetch] |29 October 2024 |Certificate revocation list man:fetch[1] option fails |=== [[errata]] === Errata Notices [.informaltable] [cols="1,1,1", frame="none", options="header"] |=== | Errata | Date | Topic |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:10.zfs.asc[FreeBSD-EN-24:10.zfs] |19 June 2024 |Kernel memory leak in ZFS |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:11.ldns.asc[FreeBSD-EN-24:11.ldns] |19 June 2024 |LDNS uses nameserver commented out in resolv.conf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:12.killpg.asc[FreeBSD-EN-24:12.killpg] |19 June 2024 |Lock order reversal in killpg causing livelock |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libcpass:[++].asc[FreeBSD-EN-24:13.libc++] |19 June 2024 |Incorrect size passed to heap allocated std::string delete |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:14.ifconfig.asc[FreeBSD-EN-24:14.ifconfig] |07 August 2024 |Incorrect ifconfig netmask assignment |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc[FreeBSD-EN-24:15.calendar] |04 September 2024 |man:cron[8] / man:periodic[8] session login |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc[FreeBSD-EN-24:16.pf] |19 September 2024 |Incorrect ICMPv6 state handling in pf |https://www.freebsd.org/security/advisories/FreeBSD-EN-24:17.pam_xdg.asc[FreeBSD-EN-24:17.pam_xdg] |29 October 2024 |XDG runtime directory's file descriptor leak at login |=== [[userland]] == Userland This section covers changes and additions to userland applications, contributed software, and system utilities. [[userland-programs]] === Userland Application Changes An option has been added to change the directory in man:env[1] which closely resembles the feature in the GNU version of env although it does not support long options. gitref:08e8554c4a39[repository=src] (Sponsored by Klara, Inc.) [[userland-contrib]] === Contributed Software `bc` has been upgraded to 7.0.2. gitref:90ea553a0d30[repository=src] `libarchive` has been upgraded to 3.7.7. gitref:2ae238160f20[repository=src] `libcbor` has been upgraded to 0.11.0. gitref:1755b9daa693[repository=src] (Sponsored by The FreeBSD Foundation) `libcxxrt` has been upgraded to vendor snapshot 6f2fdfebcd62. gitref:d0dcee46d971[repository=src] `libfido2` has been upgraded to 1.14.0. gitref:128bace5102e[repository=src] (Sponsored by The FreeBSD Foundation) `libpcap` has been upgraded to 1.10.5. gitref:26f21a6494b4[repository=src] (Sponsored by The FreeBSD Foundation) `llvm` has been upgraded to 18.1.6. gitref:f1e3279983d6[repository=src] `openssl` has been upgraded to 3.0.15. gitref:cc43f991ab3e[repository=src] `tcpdump` has been upgraded to 4.99.5. gitref:ec3da16d8bc1[repository=src] (Sponsored by The FreeBSD Foundation) `unbound` has been upgraded to 1.22.0. gitref:0a096a7b3ae8[repository=src] [[userland-libraries]] === Runtime Libraries and API man:fma[3] now returns correctly-signed zero when provided certain small inputs (as observed in the Python test suite). gitref:dc39004bc670[repository=src] (Sponsored by The FreeBSD Foundation) The `cap_rights_is_empty` function has been added. It reports whether a `cap_rights_t` has no rights set. gitref:e77813f7e4a3[repository=src] (Sponsored by The FreeBSD Foundation) [[userland-deprecated-programs]] === Deprecated Applications man:fdisk[8] has been deprecated in favor of man:gpart[8] for a long time but has not been removed, running this application will show a warning to migrate to man:gpart[8]. gitref:3958be5c29da[repository=src] (Sponsored by The FreeBSD Foundation) The accuracy of man:asinf[3] and man:acosf[3] has improved. gitref:33c82f11c267[repository=src] [[cloud]] == Cloud Support This section covers changes in support for cloud environments. The `nuageinit` startup script now supports OpenStack network config. gitref:ea310d18b222[repository=src] (Sponsored by OVHCloud) The FreeBSD project is now publishing OCI-compatible container images. gitref:8a688fcc242e[repository=src] The FreeBSD project is now publishing Oracle Cloud Infrastructure images. See the link:https://cloudmarketplace.oracle.com/marketplace/app/freebsd-release[Oracle Cloud Infrastructure FreeBSD Listing] for more information. gitref:77b296a2582b[repository=src] The "shutdown" and "reboot" API in the Amazon EC2 cloud now work for arm64 instances. Older instances upgraded to FreeBSD {releaseCurrent} will need to have `debug.acpi.quirks="8"` set in `/boot/loader.conf`. gitref:28b881840df7[repository=src] (Sponsored by Amazon) The FreeBSD projects now publishes "small" EC2 images; these are the "base" images minus debug symbols, tests, 32-bit libraries, the LLDB debugger, the Amazon SSM Agent, and the AWS CLI. gitref:953142d6baf3[repository=src] (Sponsored by Amazon) [[drivers]] == Devices and Drivers This section covers changes and additions to devices and device drivers since {releasePrev}. [[drivers-device]] === Device Drivers `ena` has been upgraded to 2.8.0. gitref:6bf02434bd9a[repository=src] (Sponsored by Amazon, Inc.) `ice` has been upgraded to 1.43.2-k. gitref:38a1655adcb3[repository=src] (Sponsored by Intel Corporation) `ice_ddp` has been upgraded to 1.3.41.0. gitref:a9d78bb714e3[repository=src] (Sponsored by Intel Corporation) Tiger Lake-H support has been added to the man:hda[4] driver. gitref:dbb6f488df6e[repository=src] Meteor Lake support has been added to the man:ichsmb[4] driver. gitref:14c22e28e4ee[repository=src] (Sponsored by Framework Computer Inc) (Sponsored by The FreeBSD Foundation) Meteor Lake support has been added to the man:ig4[4] driver. gitref:56f0fc0011c2[repository=src] A new wireless driver supporting some Realtek chipsets is available: man:rtw89[4]. gitref:a2d1e07f6451[repository=src] (Sponsored by The FreeBSD Foundation) Support for Realtek 8156/8156B has been moved from from man:cdce[4] to man:ure[4] for improved performance and reliability. gitref:630077a84186[repository=src] (Sponsored by The FreeBSD Foundation) Support for ACPI GPIO _AEI objects has been added. gitref:1db6ffb2a482[repository=src] (Sponsored by Amazon) man:nvme[4] and man:nvmecontrol[8] have been enabled on all architectures. gitref:24687a65dd7f[repository=src], gitref:aba2d7f89dcf[repository=src] (Sponsored by Chelsio Communications and Netflix) [[drivers-removals]] === Deprecated and Removed Drivers man:agp[4] has been planned for removal in FreeBSD 15.0, and the man page now states that it is deprecated. gitref:92af7c97e197[repository=src] man:syscons[4] has been planned for removal in future releases, and has been noted as deprecated in the man pages to notify users to migrate to man:vt[4]. gitref:2bc5b1d60512[repository=src] (Sponsored by The FreeBSD Foundation) [[storage]] == Storage This section covers changes and additions to file systems and other storage subsystems, both local and networked. [[storage-zfs]] === ZFS OpenZFS has been upgraded to version 2.2.6. gitref:755e773877e9[repository=src] [[boot]] == Boot Loader Changes This section covers the boot loader, boot menu, and other boot-related changes. [[boot-loader]] === Boot Loader Changes The BIOS boot loader added back support for gzip and bzip2, but removed support for graphics mode (by default) to address size problems. (The EFI boot loader is unchanged with support for all of those.) gitref:4d3b05a8530e[repository=src] (Sponsored by Netflix) [[network]] == Networking This section describes changes that affect networking in FreeBSD. [[network-protocols]] === Network Protocols Lots of improvements to the network stack, including performance improvements and bug fixes for the man:sctp[4] stack. Descriptors returned by man:sctp_peeloff[2] now inherit capabilities from the parent socket. gitref:ae3d7e27abc9[repository=src] (Sponsored by The FreeBSD Foundation) [[network-general]] === General Network AIM(Adaptive Interrupt Moderation) support has been added to the man:igc[4] driver. gitref:472a0ccf847a[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io) This feature has also been added to the man:lem[4], man:em[4] and man:igb[4] drivers. A major regression in UDP performance introduced in FreeBSD 12.0, including NFS over UDP, is believed to be fixed with this change. gitref:49f12d5b38f6[repository=src] (Sponsored by Rubicon Communications, LLC ("Netgate") and BBOX.io) [[wireless-networking]] === Wireless Networking The LinuxKPI, particularly for 802.11, has been enhanced to improve the stability of wireless drivers such as man:iwlwifi[4]. (Sponsored by The FreeBSD Foundation) [[hardware]] == Hardware Support This section covers general hardware support for physical machines, hypervisors, and virtualization environments, as well as hardware changes and updates that do not otherwise fit in other sections of this document. Please see link:https://www.freebsd.org/releases/{localRel}R/hardware[the list of hardware] supported by {releaseCurrent}, as well as link:https://www.freebsd.org/platforms/[the platforms page] for the complete list of supported CPU architectures. [[processor]] === Processor Support The maximum IOAPIC ID has been increased to 255, fixing a boot failure on certain high-core-count AMD CPUs. gitref:18119e711f1c[repository=src] (Sponsored by The FreeBSD Foundation) Nominal support for POWER10 and POWER11 has been added. gitref:f9f006df1535[repository=src] [[hardware-virtualization]] === Virtualization Support The NVMM hypervisor is now detected. gitref:34f40baca641[repository=src] The VNC server in man:bhyve[8] will now show the correct colors when using the package:www/novnc[] client. gitref:f9e09dc5b1d5[repository=src] Under Hyper-V, TLB flushes are now performed using hypercalls rather than IPIs, providing up to a 40% improvement in TLB performance. gitref:7ece5993b787[repository=src] (Sponsored by Microsoft) [[linuxulator]] === Linux Binary Compatibility The `AT_NO_AUTOMOUNT` flag is now ignored for all Linuxulator stat() variants (as the behavior specified by the flag already matches FreeBSD's), improving Linux application compatibility. gitref:99d3ce80ba07[repository=src] (Sponsored by The FreeBSD Foundation) [[multimedia]] == Multimedia Many improvements to the audio stack including support for hot-swapping in man:mixer[8], and the addition of man:mididump[1]. gitref:cf9d2fb18433[repository=src] (Sponsored by The FreeBSD Foundation) gitref:7224e9f2d4af[repository=src] (Sponsored by The FreeBSD Foundation) [[ports]] == Ports Collection and Package Infrastructure This section covers changes to the FreeBSD Ports Collection, package infrastructure, and package maintenance and installation tools. [[Installer]] === Installer The FreeBSD installer, man:bsdinstall[8], now supports downloading and installing firmware packages after the FreeBSD base system installation is complete. gitref:03c07bdc8b31[repository=src] (Sponsored by The FreeBSD Foundation) [[ports-packages]] === Packaging Changes The package:net/wifi-firmware-kmod@release[] package has been added to the DVD package set in order to provide necessary firmware for wifi drivers. gitref:8c6df7ead19c[repository=src] (Sponsored by The FreeBSD Foundation) [[future-releases]] == General Notes Regarding Future FreeBSD Releases FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries. The FreeBSD Project expects to support armv7 as a Tier 2 architecture in FreeBSD 15.0 and stable/15. However, the Project also anticipates that armv7 may be removed in FreeBSD 16.0. The Project will provide an update on the status of armv7 for both 15.x and 16.x at the time of 15.0 release. Support for executing 32-bit binaries on 64-bit platforms via the `COMPAT_FREEBSD32` option will continue for at least the stable/15 and stable/16 branches. Support for compiling individual 32-bit applications via `cc -m32` will also continue for at least the stable/15 branch, which includes suitable headers in [.filename]#/usr/include# and libraries in [.filename]#/usr/lib32#. Ports will not include support for deprecated 32-bit platforms for FreeBSD 15.0 and later releases. These future releases will not include binary packages or support for building packages from ports for deprecated 32-bit platforms. The FreeBSD stable/14 and earlier branches will retain existing 32-bit kernel and world support. Ports will retain existing support for building ports and packages for 32-bit systems on stable/14 and earlier branches as long as those branches are supported by the ports system. However, all 32-bit platforms are Tier-2 or Tier-3, and support for individual ports should be expected to degrade as upstreams deprecate 32-bit platforms. With the current support schedule, stable/14 will reach end of life (EOL) around 5 years after the release of FreeBSD 14.0-RELEASE. The EOL of stable/14 will mark the end of support for deprecated 32-bit platforms, including source releases, pre-built packages, and support for building applications from ports. With the release of 14.0-RELEASE in November 2023, support for deprecated 32-bit platforms will end in November 2028. The Project may choose to alter this approach when FreeBSD 15.0 is released by extending some level of support for one or more of the deprecated platforms in 15.0 or later. Any alterations will be driven by community feedback and committed efforts to support these platforms.