October 4, 2024
Introduction
FreeBSD has long been a premier choice for those seeking a modern, enterprise-class open source operating system. Its permissive licensing, superior security, exceptional performance, and rock-solid stability make it ideal for businesses and organizations of all sizes.
FreeBSD 13.4-RELEASE significantly enhances infrastructure, hardware compatibility, and security, further demonstrating its value to the industry. This version builds upon the strong foundation established by previous versions within the 13.x series and aligns with the development timeline that includes the FreeBSD 14 branch, introduced in November 2023.
FreeBSD 13.x Overview
A Foundation of Innovation
FreeBSD 13.0-RELEASE brought significant improvements that set new system robustness and performance standards. Among these were strategic shifts in the toolchain, fully transitioning to LLVM/Clang as the default compiler, which streamlined development processes and enhanced system stability. Additionally, WireGuard, a modern VPN protocol, significantly enhanced FreeBSD’s network security, providing a simpler and faster alternative to IPSec and OpenVPN.
As the 13.x series progressed, each release introduced critical enhancements to the userland and kernel, addressing important security vulnerabilities and ensuring the system remained resilient against evolving threats. With expanded hardware support and networking capabilities, the 13.x series reinforces the Project’s commitment to adaptability and forward-thinking, catering to a broad range of users—from server administrators to desktop users.
Key Enhancements in FreeBSD 13.x
Networking Advancements
General Network Improvements
- mbuf Type Enhancements: Introduction of a new mbuf type capable of representing multiple unmapped physical pages as a single buffer. This enhancement, sponsored by Netflix, improved the performance of sendfile operations and underscores FreeBSD’s commitment to network performance.
- Safe Memory Reclamation (SMR): Integrating SMR into the kernel improved memory management in multithreaded environments, optimizing overall system performance.
Transport Layer Security (TLS) Enhancements
- Kernel-Based TLS: Implementation of kernel-based framing and encryption of TLS data on TCP sockets for TLS versions 1.0 through 1.3. This includes transmit offload via in-kernel crypto drivers for AES-CBC and AES-GCM cipher suites and receive offload for AES-GCM in TLS 1.2. These enhancements, sponsored by Netflix and Chelsio Communications, reinforce FreeBSD’s commitment to secure and efficient data transmission.
Proportional Rate Reduction (PRR)
- TCP Improvements: Enabled PRR in TCP to enhance loss recovery during burst loss and ACK thinning scenarios. This feature improves loss recovery performance and prevents retransmit timeout (RTO) stalls, offering a more robust networking experience.
Routing Stack Revamp
- Rewritten Routing Stack: Introduction of a new routing stack based on nexthops, holding all necessary state information for routing packets efficiently to their destinations. This allows for more efficient and scalable routing operations.
- Enhanced Multipath Routing Support: Re-engineered multipath routing support with 64-wide multipath routes and O(1) lookup time, significantly improving scalability and performance in multipath routing scenarios.
- Custom Route Lookup Algorithms: Support for custom route lookup algorithms decouples control-plane and data-plane operations, allowing for faster lookups and better convergence times under load.
Quality of Service (QoS) and Congestion Control
- QoS Enhancements: The ping utility now supports setting network Quality of Service (QoS) with IP DSCP and Ethernet PCP, facilitating more granular traffic management and prioritization. (Introduced in FreeBSD 13.3)
- Congestion Control Algorithm Improvements: The cc_cubic TCP congestion control algorithm has been updated to align more closely with the standard outlined in RFC 8312, optimizing TCP congestion control behavior. (Introduced in FreeBSD 13.3)
Stream Control Transmission Protocol (SCTP) and Advanced Networking
- SCTP as Loadable Kernel Module: SCTP support has been transitioned to a new sctp.ko kernel module, making it optional and no longer compiled into GENERIC by default, allowing for more flexible deployment scenarios.
- Stacked VLAN (802.1ad) Support: Introduction of support for stacked VLANs enhances the flexibility and scalability of VLAN configurations in complex networking environments.
- Advanced Networking Features: Enhancements to the TCP/IP stack, such as PRR for improved SACK loss recovery, showcase FreeBSD’s dedication to maintaining a competitive edge in network performance and reliability.
Storage and Virtualization Improvements
Storage Enhancements
- Network QoS in ctld: The ctld utility now supports network QoS specifications using DiffServ Codepoints and Ethernet Priority Code Point, allowing FreeBSD to deliver high-performance storage solutions. (Introduced in FreeBSD 13.3)
- Updated NFS Support: The NFS client and server have been updated to support NFSv4.2, including extended attributes, demonstrating FreeBSD’s continued commitment to compatibility and feature richness.
- Secure NFS over TLS: FreeBSD supports configuring NFS over TLS, focusing on secure storage solutions.
- Migration to OpenZFS: ZFS, a cornerstone of FreeBSD’s storage capabilities, is now provided by OpenZFS 2.1.14, ensuring that FreeBSD benefits from the latest developments in this powerful filesystem.
Virtualization Enhancements
- Enhanced Guest Support in Bhyve: The vmm kernel module now supports more than 16 vCPUs in a guest, allowing guests to use the CPU resources of the host more effectively. Additionally, Bhyve has introduced support for virtio-input device emulation, improving interaction with virtualized environments by facilitating the injection of keyboard and mouse input events into a guest.
Userland and Kernel Enhancements
Userland Improvements
- Process Management Enhancements: Users can now set process priorities and umask values directly from ~/.login_conf, offering refined control over process management and file permissions. (Introduced in FreeBSD 13.3)
- Reporting and Configuration Enhancements: Streamlining periodic outputs and updates to utilities such as head and tail for consistent -q (quiet) and -v (verbose) options and adopting SI suffixes for numeric arguments enhance system usability and configuration flexibility. (Introduced in FreeBSD 13.3)
- Enhanced Authentication: The libtacplus library now adheres to POSIX shell syntax rules, improving TACACS+ authentication’s security and configurability. (Introduced in FreeBSD 13.3)
Kernel Enhancements
- Security Improvements: Implementation of Address Space Layout Randomization (ASLR) for 64-bit executables enhances security by randomizing memory address spaces, mitigating certain types of attacks. Additionally, workarounds for hardware page invalidation issues on specific Intel CPUs underscore FreeBSD’s commitment to security. (Introduced in FreeBSD 13.3)
- Debugging Enhancements: The new SPLIT_KERNEL_DEBUG configuration option allows for separate kernel and module debug data handling, streamlining debugging processes without compromising system performance.
Cryptographic Framework and Driver Updates
- Enhanced Cryptographic Versatility with libmd: Added support for SHA-512/224, a truncated version of the SHA-512 hash function, offering a compact yet secure hash alternative. (Introduced in FreeBSD 13.3)
- Revamped Cryptographic Framework: The in-kernel cryptographic framework has undergone significant overhauls to improve support for modern cryptographic algorithms and simplify interfaces for device drivers and framework consumers. Deprecated algorithms have been removed to enhance security.
- Driver Support Enhancements: The inclusion of the aesni driver in GENERIC kernels for AMD64 and i386 architectures boosts software cryptography and security through hardware-accelerated encryption capabilities.
Hardware Support Improvements
- Ethernet Controller Support: Introduction of the igc driver for Intel I225 Ethernet controllers offers support for various speeds and advanced features like checksum offload and multi-queue operation.
- Driver Updates: The ice driver has added firmware logging and initial Data Center Bridging (DCB) support, further enhancing FreeBSD’s capabilities in managing and optimizing network interfaces. (Introduced in FreeBSD 13.3)
- Processor Support: Extended support to Intel Alder Lake 12th-generation CPUs, integrating within the hwpmc framework to leverage CPU advancements.
Deprecated Features and Removed Support in 13.x
Throughout the FreeBSD 13.x series, several features and supports were deprecated or removed, reflecting the project’s forward-looking approach and dedication to embracing modern technologies and standards.
Userland and Kernel Changes
- Toolchain Modernization: Obsolete binutils 2.17 and GCC 4.2.1 were removed, marking the full transition to the LLVM/Clang toolchain for all supported architectures. This shift underscores FreeBSD’s commitment to leveraging modern toolchains for enhanced system stability and development flexibility.
- Licensing and Software Updates: The GPL-licensed version of dtc was replaced by a BSD-licensed variant. Additionally, the BSD version of grep has supplanted the GNU version. The bc and dc utilities were replaced with versions developed by Gavin D. Howard, which do not depend on an external large-number library and offer GNU bc extensions. (Introduced in FreeBSD 13.3)
- Deprecated Utilities: Utilities like ctm and the amd automount daemon were removed. Modern alternatives like autofs have superseded their functionalities. (Introduced in FreeBSD 13.3)
Network Driver Deprecation
- Outdated Network Drivers: Several outdated network drivers no longer in use were removed to simplify support for newer and more commonly used hardware. This allows for a greater focus on improving support for modern network interfaces.
Virtualization Deprecation
- Bhyve Refinements: FreeBSD refined Bhyve, its native hypervisor, by removing deprecated device models and supporting newer features like VirtIO-9p filesystem sharing and virtual machine snapshots.
Forward-Looking Changes
- CPU Type Change: The default CPUTYPE for the i386 architecture shifted from 486 to 686, requiring a 686-class CPU. This aligns with industry standards moving to i686 as a baseline. (Introduced in FreeBSD 13.3)
FreeBSD 13.4-RELEASE Highlights
FreeBSD 13.4-RELEASE is the latest version in the 13-STABLE branch. It includes bug fixes, security patches, and updated drivers to enhance user experience and system stability.
Upgrading from Previous Releases
Users upgrading from earlier versions of FreeBSD will find the transition smooth, with comprehensive documentation available to navigate the upgrade process. Before proceeding with the installation, it’s recommended to consult the release errata for any late-breaking issues.
Security and Errata
Security Advisories
The release addresses several critical security vulnerabilities:
Advisory |
Date |
Topic |
FreeBSD-SA-24:03.unbound |
28 March 2024 |
Multiple vulnerabilities in Unbound |
FreeBSD-SA-24:04.openssh |
01 July 2024 |
OpenSSH pre-authentication remote code execution |
FreeBSD-SA-24:05.pf |
07 August 2024 |
pf incorrectly matches different ICMPv6 states in the state table |
FreeBSD-SA-24:06.ktrace |
07 August 2024 |
ktrace(2) fails to detach when executing a setuid binary |
FreeBSD-SA-24:07.nfsclient |
07 August 2024 |
NFS client accepts file names containing path separators |
FreeBSD-SA-24:08.openssh |
07 August 2024 |
OpenSSH pre-authentication async signal safety issue |
FreeBSD-SA-24:09.libnv |
04 September 2024 |
Multiple vulnerabilities in libnv |
FreeBSD-SA-24:10.bhyve |
04 September 2024 |
bhyve(8) privileged guest escape via TPM device passthrough |
FreeBSD-SA-24:11.ctl |
04 September 2024 |
Multiple issues in ctl(4) CAM Target Layer |
FreeBSD-SA-24:12.bhyve |
04 September 2024 |
bhyve(8) privileged guest escape via USB controller |
FreeBSD-SA-24:13.openssl |
04 September 2024 |
Possible DoS in X.509 name checks in OpenSSL |
FreeBSD-SA-24:14.umtx |
04 September 2024 |
umtx Kernel panic or Use-After-Free |
Errata Notices
Important fixes include:
Errata |
Date |
Topic |
FreeBSD-EN-24:05.tty |
28 March 2024 |
TTY Kernel panic |
FreeBSD-EN-24:06.wireguard |
28 March 2024 |
Insufficient barriers in WireGuard if_wg(4) |
FreeBSD-EN-24:07.clang |
28 March 2024 |
Clang crash when certain optimization is enabled |
FreeBSD-EN-24:08.kerberos |
28 March 2024 |
Kerberos segfaults when using weak crypto |
FreeBSD-EN-24:09.zfs |
24 April 2024 |
High CPU usage by kernel threads related to ZFS |
FreeBSD-EN-24:10.zfs |
19 June 2024 |
Kernel memory leak in ZFS |
FreeBSD-EN-24:11.ldns |
19 June 2024 |
ldns uses nameserver commented out in resolv.conf |
FreeBSD-EN-24:12.killpg |
19 June 2024 |
Lock order reversal in killpg causing livelock |
FreeBSD-EN-24:13.libc++ |
19 June 2024 |
Incorrect size passed to heap-allocated std::string delete |
FreeBSD-EN-24:14.ifconfig |
07 August 2024 |
Incorrect ifconfig netmask assignment |
FreeBSD-EN-24:15.calendar |
04 September 2024 |
cron(8) / periodic(8) session login issue |
Userland Application Changes
- Performance Improvements: libcapsicum has been improved to cache more time zone information, reducing calls to tzset(3) and improving performance.
- Contributed Software Updates:
- SQLite3: Upgraded to version 3.46.0.
- OpenSSH: Upgraded to version 9.7p1. This release focuses on bug fixes and makes support for the DSA signature algorithm a compile-time option, with plans to disable it upstream later this year and remove support entirely in 2025.
- LLVM/Clang: Upgraded to version 18.1.5.
- bc: Updated to version 6.7.6.
- atf: Updated to 0.22 snapshot 55c21b2c.
- libarchive: Updated to 3.7.4.
- capsicum-test: Updated to snapshot eab7a83b.
Devices and Drivers
- Driver Updates:
- irdma and ice: Both drivers have been updated for improved performance and stability.
- u3g Support: Added support for SIM7600G devices, expanding hardware compatibility for mobile networking.
- Wireless Drivers: Numerous stability fixes have been applied to native and LinuxKPI-based wireless drivers, enhancing FreeBSD’s wireless networking performance (sponsored by The FreeBSD Foundation).
Networking Updates
- SCTP Improvements: Added support for SCTP checksum offload on the loopback interface, along with general performance improvements and bug fixes for the SCTP stack.
Hardware Support
- Processor Support: Added support for AMD Ryzen 7 “Phoenix” processors to the amdsmn and amdtemp drivers, enabling temperature readings via sysctl.
Documentation Updates
- Man Pages: References to the legacy disklabel utility have been removed in favor of gpart. Future FreeBSD releases will remove this tool entirely, promoting modern disk management practices.
Ports Collection and Package Infrastructure
- Packaging Changes:
- Modernized DVD Package Set: Reflects current software packaging trends.
- Removed Ports:
- archivers/unzip (now included in base).
- emulators/linux_base-c7 (unlikely to be useful without other Linux packages).
- ports-mgmt/portmaster (discouraged in favor of pkg and binary packages).
- x11-drivers/xf86-video-vmware (no longer useful with the current version of xorg-server).
- Replaced Port:
- devel/git has been replaced with devel/git@lite as it’s sufficient for most purposes.
- Added Ports:
- sysutils/seatd and x11-wm/sway for Wayland support.
On Future Releases and Development Strategy
As FreeBSD continues to evolve, the Project’s development strategy and roadmap for future releases reflect a commitment to embracing modern computing architectures while ensuring broad compatibility and support. FreeBSD 15.0 will mark a pivotal point in this journey, with several key decisions shaping the direction of the operating system:
- Phasing Out 32-bit Platform Support: FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7, signaling a strategic shift towards focusing on 64-bit computing. The armv6, i386, and powerpc platforms are deprecated and slated for removal, though 64-bit systems will retain the capability to run older 32-bit binaries.
- armv7 Architecture Status: The armv7 architecture is anticipated to be supported as a Tier 2 architecture in FreeBSD 15.0 and the stable/15 branch. However, there is an expectation that armv7 support may be discontinued in FreeBSD 16.0, with updates on the status of armv7 support to be provided around the time of the 15.0 release.
- Continued Support for 32-bit Binaries and Applications: Despite the shift towards 64-bit platforms, FreeBSD will continue to support the execution of 32-bit binaries on 64-bit platforms through the COMPAT_FREEBSD32 option for at least the stable/15 and stable/16 branches. Moreover, the compilation of individual 32-bit applications will be supported in the stable/15 branch, ensuring compatibility with a broad range of software.
- Ports and Package Infrastructure: Future releases, starting from FreeBSD 15.0, will not include support for building packages from ports for deprecated 32-bit platforms. This decision reflects the broader industry trend of moving away from 32-bit architectures and focuses development efforts on more widely used 64-bit platforms.
- End of Life (EOL) for 32-bit Support: The stable/14 branch will retain support for 32-bit kernel and world, along with the ports system’s support for 32-bit systems, until it reaches end of life (EOL) five years after the release of FreeBSD 14.0. This timeline provides a transition period for users and developers relying on 32-bit platforms to migrate to supported architectures.
- Community Feedback and Future Decisions: The FreeBSD Project acknowledges the importance of community feedback and committed efforts in shaping the support strategy for deprecated platforms. The community’s needs and contributions will inform decisions regarding extending support for certain platforms in FreeBSD 15.0 or later.
Conclusion
The FreeBSD 13.x series exemplifies the Project’s dedication to continuous improvement, security, and modernization. FreeBSD has consistently enhanced system robustness, security, and hardware compatibility, keeping up with and sometimes surpassing technological advancements in other operating systems. FreeBSD 13.4-RELEASE is a testament to FreeBSD’s unwavering commitment to meeting the evolving needs of its users, reinforcing its position as one of the top choices among open source operating systems.
References
For those interested in exploring FreeBSD’s detailed evolution through the 13.x series, the official FreeBSD documentation and release notes offer comprehensive insights into each version’s advancements and improvements.
- Official Release Notes:
- Additional Resources:
Contribute to the FreeBSD Project
Whether you’re mentoring, promoting FreeBSD, or participating in forums and mailing lists, your efforts drive innovation and growth of the Project. Support the FreeBSD project today by joining our vibrant community and helping build our long-standing and growing open source ecosystem! Enhance FreeBSD by improving documentation, addressing bug reports, submitting code, and engaging in discussions. Every contribution, big or small, helps evolve FreeBSD into a more stable, secure, and performant open source operating system.