After a year of development FreeBSD 13.1 Available to download, FreeBSD 13.1 updated Install images are available for the amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64, and riscv64 architectures. Additionally prepared assemblies for virtualization systems (QCOW2, VHD, VMDK, raw) and Amazon EC2, Google Compute Engine and Vagrant cloud environments.
What’s New in FreeBSD 13. :
- An iwlwifi driver for Intel wireless cards with support for new chips and the 802.11ac standard has been proposed. The driver is based on the Linux driver and code from the net80211 Linux subsystem, which runs on FreeBSD using the linuxkpi layer.
- The implementation of the ZFS file system has been updated to the release of OpenZFS 2.1 with support for dRAID (Distributed Spare RAID) technology and significant performance optimizations.
- A new rc script zfskeys has been added, with which you can organize automatic decryption of encrypted ZFS partitions at the boot stage.
- the networking stack Changed for IPv4 addresses with a trailing zero (xxx0) that can now be used as a host and not broadcast by default. The old behavior can be reverted using sysctl net.inet.ip.broadcast_lowest.
- For 64-bit architectures, building the base system using PIE (Position Independent Executable) mode is enabled by default. To disable, the WITHOUT_PIE setting is provided.
- Added the ability to call chroot by an unprivileged process for which the NO_NEW_PRIVS flag is set. The mode is enabled using sysctl security.bsd.unprivileged_chroot. Added “-n” option to the chroot utility to set the NO_NEW_PRIVS flag to a process before isolating it.
- bsdinstall installer added , which allows you to connect partitioning scripts for different disk names that work without user intervention. The proposed feature simplifies the creation of fully automatic installation media for systems and virtual machines with different disks.
- Improved boot support on UEFI systems. The bootloader has automatic configuration of the copy_staging parameter, depending on the capabilities of the kernel being loaded.
- Work has been done to improve the performance of the bootloader, nvme, rtsold, initialize the pseudo-random number generator and calibrate the timer, which led to a reduction in boot time.
- Added support for NFS over an encrypted communication channel based on TLS 1.3. The new implementation uses the kernel-provided TLS stack to enable hardware acceleration. Assembly of rpc.tlsclntd and rpc.tlsservd processes with client and server implementation NFS-over-TLS, enabled by default for amd64 and arm64 architectures.
- For NFSv4.1 and 4.2, the nconnect mount option is implemented, which determines the number of TCP connections established with the server. The first connection is used for small RPC messages, and the rest for balancing traffic with transmitted data.
- Added sysctl vfs.nfsd.srvmaxio for NFS server to change maximum I/O block size (128Kb by default).
- Improved hardware support. Support added to igc driver Ethernet controller Intel I225. Improved support for Big-endian systems. Added mgb driver for Microchip devices LAN7430 PCIe Gigabit Ethernet Ethernet controller
- The ice driver used for Intel E800 Ethernet controllers has been updated to version 1.34.2-k, which adds support for reflection in the firmware event log and adds an initial implementation of DCB (Data center bridging ) protocol extensions.
- Images for Amazon EC2 are enabled by default to boot using UEFI instead of BIOS.
- The bhyve hypervisor has updated NVMe drive emulation components to support the NVMe 1.4 specification. Fixed issues with NVMe iovec under heavy I/O.
- The CAM library has been switched to use the realpath call when processing device names, which allows the use of symbolic links to devices in the camcontrol and smartctl utilities. Problems with downloading firmware to devices have been solved in camcontrol.
- Stopped building the svnlite utility on the base system.
- Added Linux versions of utilities for calculating checksums (md5sum, sha1sum, etc.) which are implemented by calling existing BSD utilities (md5, sha1, etc.) with the “-r” option.
- Support for NCQ management has been added to the mpsutil utility, and adapter information has been displayed.
- /etc/defaults/rc.conf defaults to using the “-i” option when calling the rtsol and rtsold processes responsible for sending ICMPv6 RS (Router Solicitation) messages. The specified option disables the random delay before sending the message.
- For the riscv64 and riscv64sf architectures, the assembly of libraries with ASAN (address sanitizer), UBSAN (Undefined Behavior Sanitizer), OpenMP and OFED (Open Fabrics Enterprise Distribution) is enabled.
- Problems with the detection of cryptographic hardware acceleration tools supported by ARMv7 and ARM64 processors have been resolved, which made it possible to significantly speed up the operation of the aes-256-gcm and sha256 algorithms on ARM systems.
- included in the main structure LLDB , developed by the LLVM project, is
- The OpenSSL library has been updated to version 1.1.1o and extended with assembler optimizations for the powerpc, powerpc64 and powerpc64le architectures.
- SSH server and client updated to OpenSSH 8.8p1 with rsa-sha digital signature support disabled and two -factor authentication support for FIDO/U2F based devices. New key types “ecdsa-sk” and “ed25519-sk” have been added to interact with FIDO/U2F devices, which use the ECDSA and Ed25519 digital signature algorithms in combination with a SHA-256 hash.
- Updated versions of third-party applications included in the base system: awk 20210215 (with patches to disable locale usage for ranges and improve compatibility with gawk and mawk), zlib 1.2.12, libarchive 3.6.0.
Leave a Reply