FreeBSD 13.5-RELEASE Release Notes

libpcap has been consecutively updated to 1.10.3, 1.10.4 and 1.10.5. 7aedea868535, e6efc827e47a and 68ddf72800f8. (Sponsored by The FreeBSD Foundation)

tpcdump has been consecutively updated to 4.99.4 and 4.99.5. e5258a079df3 and 094f44ea0358. (Sponsored by The FreeBSD Foundation).

tzdata has been consecutively updated to 2024b and 2025a. 59ffae6c0c7a and 2d6dcb4f97f8.

expat has been consecutively updated to 2.6.3 and 2.6.4. bab279022ba2 and 3d46113d2196.

less has been updated to v668. eed6d080a74f.

file has been updated consecutively to 5.45 and 5.46. 90222d7fa4bb and dcb4ac96fcf6.

xz has been updated consecutively to 5.6.2 and 5.6.3. 45230e7f9298 and aa2f56a6ecd6.

Some functionalities of libusb have been merged from the 1.0.16 version. 02ef8e4061ab. (Sponsored by The FreeBSD Foundation)

tzcode has been updated to 2024b. 036ce2460cbc. (Sponsored by Klara, Inc.)

With multiple intermediary commits and version updates llvm-project has been updated to release/19.x llvmorg-19.1.7-0-gcd708029e0b2. 2611bae42b7d. This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp.

libarchive(3) has been updated to 3.7.7. 6c7993ffba96.

unbound(8) has been consecutively updated to 1.21.0, 1.21.1 and 1.22.0. 7217d74d1085, d10c9c15a3a4 and 741bb8476204.

wpa has been updated to 2.11. 87b2a3073aaf.

bc has been consecutively updated to 7.0.0 and 7.0.2. 1d669b3d15bc and bb18c65a9177.

sqlite3 has been updated to 3.46.1. bee9d305ee57.

OpenSSH has been consecutively updated to 9.8p1, 9.9p1 and 9.9p2. b74bb7f01193, cb8e164fbb15 and 31dcdee20afc. (Sponsored by The FreeBSD Foundation)

Update deprecation warning to note that gvinum(8) is removed in 15.0. 8126ed28bda6.

shar(1) has been deprecated and deprecation notice has been added. 0d946859c994. The shar(1) program is simple, but the fundamental idea of a sh archive is risky at best and one that probably should not be promoted as prominently as a program in $PATH and a manpage. The same functionality can easily be found in tar(1) instead.

While OpenSSH plans to remove support for the DSA signature algorithm in early 2025, FreeBSD 13.5-RELEASE and the stable/13 branch are not expected to receive upstream vendor code updates. However, potential security issues in imported components may necessitate the removal of DSA signature support during the branch’s lifetime.

Purism coreboot keyboards support was added. dfdcb418d7b8.

Support of Realtek 8156/8156B was moved from cdce(4) to ure(4). 1b0af7617e6c. (Sponsored by The FreeBSD Foundation)

Support for Brainboxes USB-to-Serial adapters were added. c3a377dbbb87.

agp(4) has been planned for removal in FreeBSD 15.0, and the man page now states that it is deprecated. 8375d2b9c653.

Allow to pass {NGROUPS_MAX} + 1 groups in mountd(8). 927d7d57793a. NGROUPS_MAX is just the minimum maximum of the number of allowed supplementary groups. The actual runtime value may be greater. Allow more groups to be specified accordingly. nmount(2) has been changed similarly. (Sponsored by The FreeBSD Foundation)

Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106. dfe803fdbc54.

Add microsecond precision for disk latency for gstat(8). d81b0f5e43f0. (Sponsored by Postgres Professional)

Fix cd9660 duplicate directory names. 79778b7aafc8. This issue was at first introduced in FreeBSD 14.2-RELEASE which caused it creating cd9660 images with duplicate short (level 2) names in the installer images. (Sponsored by The FreeBSD Foundation)

Convert PF_DEFAULT_TO_DROP into a vnet loader tunable net.pf.default_to_drop. cb162f659578. 7f7ef494f11d introduced a compile time option PF_DEFAULT_TO_DROP to make the pf(4) default rule to drop. While this change exposes a vnet loader tunable net.pf.default_to_drop so that users can change the default rule without re-compiling the pf(4) module. This change is similar to that for IPFW 5f17ebf94db5.

Add AIM to igc(4) driver. eaa616f02193. igc(4) is derived from igb(4) and has never had an AIM implementation. The same algorithm from e1000 is appropriate here. The AIM algorithm was re-introduced from the older igb or out of tree driver, and then modernized with permission to use Intel code from other drivers. (Sponsored by Rubicon Communications, LLC/Netgate and BBOX.io)

Re-add AIM to e1000 driver. a527aa7a7f62. (Sponsored by Rubicon Communications, LLC/Netgate and BBOX.io)

Old itr sysctl handler has been removed from the e1000 driver. a42c3e61504b. With the new AIM code, it is expected most users will not need to manually tune this. (Sponsored by BBOX.io)

Improve SFP support igb(4) driver. cf6a8711e437. (Sponsored by Nozomi Networks and BBOX.io)

igb(4) driver version has been updated to 2.5.28-fbsd. a446e9481531.

if_bypass from ixgbe(4) has been updated to ix-3.3.38. 5121d1b91209.

if_ix from ixgbe(4) has been updated with ix-3.3.38 changes. 78d9eb6de856.

ixgbe_mbx from ixgbe(4) has been updated with ix-3.3.38 changes. fa00169e26ff.

ixgbe_phy from ixgbe(4) has been updated with ix-3.3.38 changes. b1dadbcebdfd.

if_sriov from ixgbe(4) has been updated with ix-3.3.38 changes. deea1953820e.

ena(4) driver version has been updated to 2.8.0. 2e7ba5d93e2d. (Sponsored by Amazon, Inc.)

Teach sysctl(8) to attach and run itself in a jail. 5b0a5d8c1ea3. This allows the parent jail to retrieve or set kernel state when child does not have sysctl(8) installed (for example light weighted OCI containers or slim jails). This is especially useful when manipulating jail prison or vnet sysctls. For example, sysctl -j foo -Ja or sysctl -j foo net.fibs=2.

Teach ip6addrctl(8) to attach and run itself in a jail. fa9926a62ae3. This will make it easier to manage address selection policies of vnet jails, especially for those light weighted OCI containers or slim jails.

Enable vnet sysctl(9) variables to be loader tunable. d2a999c2e0a0. Completes phase two of 3da1cf1e88f8. The meaning of the flag CTLFLAG_TUN is extended to automatically check if there is a kernel environment variable which shall initialize the sysctl during early boot. In memoriam of Hans Petter Selasky.

Add flags to filter jail prison and vnet variables via sysctl(8). 09cbd68e4e47. So users do not have to contact the source code to tell whether a variable is a jail prison / vnet one or not.

Define a common mac node for jail parameters of MAC. ae2383c0dd16. To be used by MAC/do. (Sponsored by The FreeBSD Foundation)

ORACLE VMSIZE was bumped to accommodate growth. 75cd2f886164.

OCI was renamed to ORACLE in releng tooling. aad6a5f96b78. This allows future releng tooling to use OCI for the industry standard Open Container Initiative tooling, reducing potential for confusion Oracle Cloud Infrastructure. (Sponsored by SkunkWerks, GmbH)

Refer to graid(8) and zfs(8) instead of gvinum(8) in ccdconfig(8). 9e3c356f11a9.

ixgbe(4) has been renamed to ix(4). c07626eaa21a.

The KDE desktop environment has been removed from the installer images due to compatibility issues with OpenSSL 1.1.1 and upcoming package breakages.

An option was added to edit the ZFS pool creation options in bsdinstall zfsboot. 6258b5bf0670. This allows the default options (-O compress=lz4 -O atime=off) to be overridden, before the ZFS boot pool is created. For example, to set the compression algorithm to something different.

Chase location of pkg repo databases. ef6b3c58883d. pkg used to store copies of upstream repository databases in /var/db/pkg/repo-*.sqlite. About a year ago this was moved to /var/db/pkg/repos/*/, resulting in FreeBSD cloud images no longer having those databases removed. (Sponsored by Amazon)