FreeBSD The Power to Serve

FreeBSD Status Report Third Quarter 2023

Here is the third 2023 status report, with 32 entries.

This is the summer quarter and thus it includes many interesting news from Google Summer of Code. Of course, we also have our usual team reports and many projects share with us their latest news. Much important work has been done for the first release of FreeBSD 14.

Have a nice read.

Lorenzo Salvadore, on behalf of the Status Team.

FreeBSD Team Reports

Entries from the various official and semi-official teams, as found in the Administration Page.

FreeBSD Core Team

Contact: FreeBSD Core Team <>

The FreeBSD Core Team is the governing body of FreeBSD.

Demise of Hans Petter Selasky

The FreeBSD Core Team would like to thank Hans Petter Selasky for his years of service. We were saddened by his death and joined the community in mourning.

Meetings with The FreeBSD Foundation

The Core Team and The FreeBSD Foundation continue to meet to discuss the next steps to take for the management, development, and future of FreeBSD. The Core Team had two meetings with the Board of Directors, and employees of, the Foundation. They discussed how the Foundation can help the Core Team and the Project in general.

Portmgr termlimits

The Core Team discussed with the Ports Management Team the introduction of a time limit in which a developer can belong to the team. The proposal was approved by the Ports Management Team and will take effect at the beginning of 2024, with regular lurker programs to have a steady stream of new Ports Management Team members.

Deprecation of 32-bit platforms for FreeBSD 15

Work is underway to mark support for 32-bit platforms as "deprecated" for FreeBSD 15.

Matrix IM

The testing of the Matrix instance and the Element-web client is still in progress.

The beta is planned to be released after EuroBSDCon in September.

Improve Commit Bit Expiration Policy

The Core Team will clarify how to update the PGP key once a developer has become Alumni.


Core Team members met with the FreeBSD Foundation in Coimbra during EuroBSDcon to discuss the direction of the Project.

FreeBSD Foundation

Contact: Deb Goodkin <>

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting and promoting the FreeBSD Project and community worldwide. Donations from individuals and corporations fund and manage software development projects, conferences, and developer summits. We also provide travel grants to FreeBSD contributors, purchase and support hardware to improve and maintain FreeBSD infrastructure, and provide resources to improve security, quality assurance, and cluster administration efforts. We publish marketing material to promote, educate, and advocate for FreeBSD, facilitate collaboration between commercial vendors and FreeBSD developers, and finally, represent the FreeBSD Project in executing contracts, license agreements, and other legal arrangements that require a recognized legal entity.

This quarter we helped FreeBSD celebrate its 30th anniversary! This excitement has propelled us to accelerate our efforts to move FreeBSD forward in growth and innovation, which has focused us on identifying key areas we can invest our resources. At our board meeting in September, we refined our goals to focus on increasing FreeBSD adoption and visibility, diversifying our funding stream, and investing in the community health and long-term stability of the Project. We are in the process of identifying the key audiences and markets to target, while putting measurable outcomes to these goals.

In this status report, you will read more about our work to help further FreeBSD’s growth and innovation. We will highlight all the technical work we are doing to improve FreeBSD, both by our internal staff of software developers, as well as external project funding efforts. You will read about our advocacy work to promote FreeBSD to audiences outside of our community. Finally, you will see the great efforts made to connect with current and potential commercial users.


We would like to express our sincere gratitude to all those who generously donated to support our work. In addition to numerous individual contributions, we are especially grateful for the significant donations from NetApp, Netflix, and ARM. In Q3 alone, we received $183,842, bringing our total for the year to $375,000. This year our budget is around $2,230,000, which includes increased spending toward FreeBSD advocacy and software development. More than half of our budget is allocated toward work directly related to improving FreeBSD and keeping it secure. By providing a dedicated individual focused on partnerships, we can effectively emphasize the significance of investing in our efforts and underscore the long-term viability of FreeBSD to companies. Your support is crucial to our mission, and we deeply appreciate your commitment to the FreeBSD community. Please consider making a donation toward our 2023 fundraising campaign! For our larger commercial donors, check out our updated FreeBSD Foundation Partnership Program.

Partnerships and Research

For Partnerships and Research this quarter, progress was made in three key areas:

First, the Enterprise Working Group started to gather steam with growth up to 58 participants and active projects in four work streams. These are cloud native, Samba, bhyve manageability, and support for AI workloads. There is interest in several additional areas and I expect that by the end of this year and Q1 of next year, we will see meaningful feature updates in multiple areas of focus.

Second, we made good progress working with other open source community members and organizations, notably the Open Source Initiative, to advance proposals and technology from the FreeBSD community. Working with the Open Source Initiative’s Open Policy Alliance, we are submitting a response to the US government’s request for information on how the US government can support open source security and sustainability. As part of this, Greg Wallace participated on a panel organized by the Open Policy Alliance at the recent All Things Open conference in Raleigh, North Carolina. Greg Wallace has also been tracking how the US government incorporates CHERI into its policy recommendations for security by default, such as this recent report from US and global government security agencies. On Page 28, CHERI is listed right after Rust as a key 'Secure by Design' tactic.

Finally, we continue to strengthen partnerships with a growing number of companies using FreeBSD. Several conferences aided these relationships, including EuroBSDCon, Open Source Summit, and All Things Open. We have also developed a new program to support vendor/cloud users that work with the US government. The program details will be announced at the FreeBSD Vendor Summit.


Much of our effort is dedicated to the FreeBSD Project advocacy. This may involve highlighting interesting FreeBSD work, producing literature and video tutorials, attending events, or giving presentations. The goal of the literature we produce is to teach people FreeBSD basics and help make their path to adoption or contribution easier. Other than attending and presenting at events, we encourage and help community members run their own FreeBSD events, give presentations, or staff FreeBSD tables.

The FreeBSD Foundation sponsors many conferences, events, and summits around the globe. These events can be BSD-related, open source, or technology events geared towards underrepresented groups. We support the FreeBSD-focused events to help provide a venue for sharing knowledge, working together on projects, and facilitating collaboration between developers and commercial users. This all helps provide a healthy ecosystem. We support the non-FreeBSD events to promote and raise awareness of FreeBSD, to increase the use of FreeBSD in different applications, and to recruit more contributors to the Project. We continue to add new events to our yearly roster. This July, we held a workshop and staffed a table at FOSSY, a new open source conference in Portland, Oregon. In addition to attending and planning conferences, we are continually working on new training initiatives and updating our selection of how-to guides to facilitate getting more folks to try out FreeBSD.

Check out some of our advocacy work:

We help educate the world about FreeBSD by publishing the professionally produced FreeBSD Journal. As we mentioned previously, the FreeBSD Journal is now a free publication. Find out more and access the latest issues at

You can find out more about events we attended and upcoming events at

OS Improvements

During the third quarter of 2023, 282 src, 652 ports, and 24 doc tree commits identified The FreeBSD Foundation as a sponsor. Some of this Foundation-sponsored work is described in separate report entries:

Members of the Technology Team attended EuroBSDCon 2023 in Coimbra, Portugal. Li-Wen Hsu gave a tutorial to help newcomers contribute to FreeBSD. Before the conference, the FreeBSD Developer Summit took place, where the team presented a short update on their recent work.

Six summer internships or projects wrapped up.

For more information about current and past Foundation-contracted work, visit the Foundation Projects page.

Here is a sampling of other Foundation-sponsored work completed over the quarter:

  • Improved riscv64 CPU identity and feature detection

  • Rewrote intro(9) man page from scratch

  • Performed code maintenance and fixed bugs in the hwpmc(4) module and the pmc(3) library and tools

  • Committed various freebsd-update(8) fixes in preparation for FreeBSD 14.0

  • Committed many (37) updates and fixes to the LinuxKPI, iwlwifi, and net802.11 code

  • Updated SSH first to OpenSSH 9.3p2, then 9.4p1

  • Patched ssh-keygen to generate Ed25519 keys when invoked without arguments

  • Added a clean-room implementation of the Linux membarrier(2) system call

  • Increased MAXCPU to 1024 on amd64 and arm64

  • Committed fixes for automatic Zenbleed misbehavior/data leaks prevention on affected machines (via chicken bit)

  • Reviewed the use of scheduling priorities throughout the kernel for work in progress to harden the rtprio() system call and make it more useful in some cases.

Supporting FreeBSD Infrastructure

The Foundation provides hardware and two staff members to help support the FreeBSD cluster. With your donations, the Foundation, in coordination with the Cluster Administration Team, purchased five new package builders, three new web servers, a new firewall/router, two package mirrors, and two new servers for continuous integration. With the exception of one of the package mirrors, all the new hardware will be located on the east coast of the USA.

Continuous Integration and Quality Assurance

The Foundation provides a full-time staff member and funds projects to improve continuous integration, automated testing, and overall quality assurance efforts for the FreeBSD project. You can read more about CI work in a dedicated report entry.

Legal/FreeBSD IP

The Foundation owns the FreeBSD trademarks, and it is our responsibility to protect them. We also provide legal support for the core team to investigate questions that arise.

Go to to find more about how we support FreeBSD and how we can help you!

FreeBSD Release Engineering Team

Contact: FreeBSD Release Engineering Team, <>

The FreeBSD Release Engineering Team is responsible for setting and publishing release schedules for official project releases of FreeBSD, announcing code freezes and maintaining the respective branches, among other things.

During the third quarter of the year, the FreeBSD Release Engineering Team started work on the upcoming 14.0-RELEASE cycle. As of this writing, BETA3 had been released, with BETA4 to follow shortly after.

The Release Engineering Team continued providing weekly development snapshot builds for the main and stable/13 branches.

Sponsor: Tarsnap
Sponsor: The FreeBSD Foundation

Continuous Integration

Contact: Jenkins Admin <>
Contact: Li-Wen Hsu <>
Contact: freebsd-testing Mailing List
Contact: IRC #freebsd-ci channel on EFNet

In the third quarter of 2023, we worked with the project contributors and developers to address their testing requirements. Concurrently, we collaborated with external projects and companies to enhance their products by testing more on FreeBSD.

Important completed tasks:

  • Add jobs for stable/14 branch

  • Update the "Tinderbox" view of the CI results, now includes test results and the "starting point" of the current failing or unstable series.

  • This is mainly done by the Foundation intern, Yan-Hao Wang. His other contributions are in the other entry of this report.

Work in progress tasks:

  • Designing and implementing pre-commit CI building and testing and pull/merged-request based system (to support the workflow working group)

  • Proof of concept system is in progress.

  • Designing and implementing use of CI cluster to build release artifacts as release engineering does

  • Simplifying CI/test environment setting up for contributors and developers

  • Setting up the CI stage environment and putting the experimental jobs on it

  • Improving the hardware test lab and adding more hardware for testing

  • Merge

  • Merge

Open or queued tasks:

  • Collecting and sorting CI tasks and ideas

  • Setting up public network access for the VM guest running tests

  • Implementing use of bare-metal hardware to run test suites

  • Adding drm ports building tests against -CURRENT

  • Planning to run ztest tests

  • Helping more software get FreeBSD support in its CI pipeline (Wiki pages: 3rdPartySoftwareCI, HostedCI)

  • Working with hosted CI providers to have better FreeBSD support

Please see freebsd-testing@ related tickets for more WIP information, and do not hesitate to join the effort!

Sponsor: The FreeBSD Foundation

Ports Collection

Contact: René Ladan <>
Contact: FreeBSD Ports Management Team <>

The Ports Management Team is responsible for overseeing the overall direction of the Ports Tree, building packages, and personnel matters. Below is what happened in the last quarter.

  • According to INDEX, there are currently 34,600 ports in the Ports Collection. There are currently 3,000 open ports PRs of which some 730 are unassigned. The last quarter saw 11,454 commits by 130 committers on the main branch and 828 commits by 37 committers on the 2023Q3 branch. Compared to last quarter, this means a slight decrease in the number of unassigned PRs, a 10% increase in the number of commits on the main branch but also less backports to the quarterly branch. The number of ports also grew a bit.

During Q3 we welcomed Joel Bodenmann (jbo@) as a new ports committer, granted a ports commit bit to mizhka@ who was already a src committer, and took the commit bits of knu@ and uqs@ in for safe-keeping after a year of inactivity.

Portgmr discussed and worked on the following things during Q3:

  • Some progress has been made on sub-packages and a lightning talk was given by pizzamig@ at EuroBSDCon

  • Overhauling some parts of the ports tree (LIB_DEPENDS, PREFIX, MANPREFIX, MANPATH)

Support for FreeBSD 13.1 was removed from the ports tree as it reached its end-of-life on August 1st.

The following happened on the infrastructure side:

  • USES for ebur128 and guile were added

  • Default versions for Mono, Perl, and PostgreSQL were updated to respectively 5.20, 5.34, and 15

  • Default versions for ebur128, guile, and pycryptography were added at respectively "rust", 2.2, and "rust"

  • Updates to major ports that happened were:

    • pkg to 1.20.7

    • chromium to 117.0.5938.132

    • Firefox to 118.0.1

    • KDE to 5.27.8

    • Rust to 1.72.0

    • Wine to 8.0.2

During the last quarter, pgkmgr@ ran 18 exp-runs to test various ports upgrades, updates to default versions of ports, and changes to pycryptography.


Projects that span multiple categories, from the kernel and userspace to the Ports Collection or external projects.

Filling gaps in the FreeBSD desktop experience

Contact: Jason Bacon <>

The sysutils/desktop-installer port, available for over a decade now, quickly configures a bare FreeBSD system with any desktop environment or window manager. However, the FreeBSD base and ports collection has been missing some common features that end users expect from a desktop OS.

The desktop-installer battery monitor script has been enhanced to display popup notifications at various levels of charge/discharge.

deskutils/qmediamanager, in conjunction with sysutils/devd-mount and sysutils/npmount, mounts inserted media upon notification from devd, and displays a popup window offering the user options to show filesystem information, open a file manager, reformat, copy a disk image to the device, or unmount. It provides a convenient and secure way to work with external media such as USB sticks.

A fourth new port — deskutils/freebsd-update-notify — displays a popup when new base updates are available, or when a configurable time limit has elapsed. If the user chooses to proceed with updates, the entire system is updated (packages, ports, and base) with auto-update-system(1) (a feature of sysutils/auto-admin).

These new tools bring the FreeBSD desktop experience a step closer to the convenience of the most popular desktop operating systems.

The tools are effectively prototypes, stable and reliable, but in need of review. Feedback from users regarding default behavior and configuration options will be appreciated.

LLDB Kernel Module Improvement

Contact: Sheng-Yi Hong <>

The LLDB Kernel Module Improvement Project described in the previous quarter report implements DynamicLoader Plugin for FreeBSD Kernel on LLDB.

All of the work is done — that is, this plugin can correctly load all kernel modules and their debug files extracted from kernel coredump.

This plugin has been tested on both x86-64 for relocatable type kernel module and arm64(EC2) for shared library type kernel module. Both of these platforms show this plugin works well.

Currently, this plugin prepares to be landed to LLVM codebase in LLVM PullRequest

Sponsor: The Google Summer of Code '23 program


Changes affecting the base system and programs in it.

OpenSSL 3 in base — Improved

Contact: Pierre Pronchery <>

The most obvious updates since the previous report are certainly the 3.0.10 and then 3.0.11 releases, fixing CVE issues with low to medium severity (CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-4807).

However these are not the only changes, and this quarter some issues specific to the integration were fixed, most of which were found while building ports with OpenSSL 3 in the base system.

Fixes included:

  • Linking the engines and the legacy provider with the shared object, for proper visibility of symbols, and for which a hack was required in the build system.

  • Correcting the list of source files for the FIPS provider.

  • Ensuring backward compatibility for the deprecated 0.9.8 API, which was notably helpful for the PAM authentication module from security/pam_ssh_agent_auth, based on OpenSSH’s ssh-agent(1) authentication mechanism.

Login Classes Fixes and Improvements

Contact: Olivier Certner <>


Login classes are a mechanism mainly used to set various process properties and attributes at login, depending on the user logging in and the login class he is a member of. A login class typically specifies resource limits, environment variables and process properties such as scheduling priority and umask. See login.conf(5) for more information.


The priority and umask capabilities now accept the inherit special value to explicitly request property inheritance from the login process. This is useful, e.g., when temporarily logging in as another user from a process with a non-default priority to ensure that processes launched by this user still have the same priority level.

Users can now override the global setting for the priority capability (in /etc/login.conf) in their local configuration file (~/.login_conf). Note however that they cannot increase their priority if they are not privileged, and that using inherit in this context makes no sense, since the global setting is always applied first.


  • Fix a bug where, when the priority capability specifies a realtime priority, the final priority used was off-by-one (and the numerically highest priority in the real time class (31) could never be set).

  • Security: Prevent a setuid/setgid process from applying directives from some user’s ~/.login_conf (directives there that cannot be applied because of a lack of privileges could suddenly become applicable in such a process).

We have also updated the relevant manual pages to reflect the new functionality, and improved the description of the priority and umask capabilities in login.conf(5).


Some of the patches in the series have been reviewed thanks to Konstantin Belousov and Warner Losh. Other patches are waiting for reviews (and reviewers, volunteers welcome!), which are not expected to be labored.

We plan to improve consistency by deprecating the priority reset to 0 when no value for the capability priority is explicitly specified, which has been the case for umask for 15+ years.

Sponsor: Kumacom SAS (for development work)
Sponsor: The FreeBSD Foundation (for some reviews)


Updates to kernel subsystems/features, driver support, filesystems, and more.

Enabling Snapshots on Filesystems Using Journaled Soft Updates

Contact: Marshall Kirk McKusick <>

This project has made UFS/FFS filesystem snapshots available when running with journaled soft updates. The details of this project were described in the 2022 fourth quarter report.

This project had two milestones:

The first milestone of this project was to make it possible to take snapshots when running with journaled soft updates and to use them for doing background dumps on a live filesystem. Background dumps are requested by using the -L flag to dump(8). This milestone was completed in Q4 of 2022 and was made available in the 13.2 release as described in the 2023 first quarter report.

The second milestone of this project was to do a background check using a snapshot on a filesystem running with journaled soft updates. This milestone was completed in the third quarter of 2023 in time to be included as part of the 14.0 release. It was also made available in the 13.2-STABLE release.

Sponsored by: The FreeBSD Foundation

SquashFS driver for FreeBSD kernel

Contact: Raghav Sharma <>

This quarter we finished SquashFS driver work for the kernel. We now can mount SquashFS archives on FreeBSD 13.2-RELEASE or greater, and perform all basic read-only filesystem operations.

Code work includes:

  • Implementing vop_lookup() and vop_readdir() hooks for directory read support.

  • Implementing vop_read() and vop_strategy() hooks for files read support.

  • Implementing vop_readlink() hook for symlinks read support.

We also implemented extended attributes interface functions for SquashFS. All that remains is to implement their kernel interface hooks.

There were a lot of bug fixes as well. One major issue was to find out why we can not list the first entry of the root directory, it transpires that SquashFS could have inode_number as zero, which the kernel, for some reason, skips while listing dirents. For now, we fixed it by passing dummy inode_number, instead of zero, to dirent.

The code review is currently ongoing with my mentor Chuck Tuffli.

I am happy to say that SquashFS will find its place in upcoming FreeBSD releases.

Sponsor: The Google Summer of Code 2023 program

Process Visibility Security Policies

Contact: Olivier Certner <>


FreeBSD implements three built-in security policies that limit which processes are visible to particular users, with the goal of preventing information leaks and unwanted interactions.

The first one can prevent an unprivileged user from seeing or interacting with processes that do not have the user’s UID as their real UID. It can be activated by setting the sysctl security.bsd.see_other_uids to 0 (default is 1).

The second one can prevent an unprivileged user from seeing or interacting with processes whose credentials do not have any group that the user is a member of. It can be activated by setting the sysctl security.bsd.see_other_gids to 0 (default is 1).

The third one can prevent an unprivileged user’s process from seeing or interacting with processes that are in a jail that is a strict sub-jail of the former. The jail subsystem already prevents such a process to see processes in jails that are not descendant of its own (see jail(8) and in particular the section "Hierarchical Jails"). One possible use of this policy is, in conjunction with the first one above, to hide processes in sub-jails that have the same real UID as some user in an ancestor jail, because users having identical UIDs in these different jails are logically considered as different users. It can be activated by setting the sysctl security.bsd.see_jail_proc to 0 (default is 1).

After a review of these policies' code and real world testing, we noticed a number of problems and limitations which prompted us to work on this topic.


The policy controlled by the security.bsd.see_jail_proc sysctl has received the following fixes and improvements:

  • Harden the security.bsd.see_jail_proc policy by preventing unauthorized users from attempting to kill, change priority of or debug processes with same (real) UID in a sub-jail at random, which, provided the PID of such a process is guessed correctly, would succeed even if these processes are not visible to them.

  • Make this policy overridable by MAC policies, as are the others.

The policy controlled by security.bsd.see_other_gids was fixed to consider the real group of a process instead of its effective group when determining whether the user trying to access the process is a member of one of the process' groups. The rationale is that some user should continue to see processes it has launched even when they acquire further privileges by virtue of the setgid bit. Conversely, they should not see processes launched by a privileged user that temporarily enters the user’s primary group. This new behavior is consistent with what security.bsd.see_other_uids has always been doing for user IDs (i.e., considering some process' real user ID and not the effective ID).

We have updated manual pages related to these security policies, including security(7), sysctl(8), and ptrace(2). Several manual pages of internal functions either implementing or leveraging these policies have also been revamped.


Thanks to the help of Mitchell Horne, Pau Amma, Benedict Reuschling and Ed Maste, most of the submitted changes have been reviewed and approved, so they should reach the tree soon. The patch series starts with review D40626. From there, click on the "Stack" tab to see the full list of reviews implementing the changes.

As a later step, we are considering turning the security.bsd.see_jail_proc policy on by default (i.e., the default value of the sysctl would become 0) unless there are objections.

Sponsor: Kumacom SAS (for development work)
Sponsor: The FreeBSD Foundation (for most of the reviews)

Linux compatibility layer update

Contact: Dmitry Chagin <>

The goal of this project is to improve FreeBSD’s ability to execute unmodified linux(4) binaries.

As of 22dca7acf775, xattr system calls are implemented. That makes it possible to use Linux rsync.

As of bbe017e0415a, ioprio system calls are implemented. That makes it possible to debootstrap Ubuntu 23.04.


Updating platform-specific features and bringing in support for new hardware platforms.

NXP DPAA2 support

Contact: Dmitry Salychev <>
Contact: Bjoern A. Zeeb <>

What is DPAA2?

DPAA2 is a hardware-level networking architecture found in some NXP SoCs which contains hardware blocks including Management Complex (MC, a command interface to manipulate DPAA2 objects), Wire Rate I/O processor (WRIOP, packets distribution, queuing, drop decisions), Queues and Buffers Manager (QBMan, Rx/Tx queues control, Rx buffer pools) and others. The Management Complex runs NXP-supplied firmware which provides DPAA2 objects as an abstraction layer over those blocks to simplify access to the underlying hardware.

Changes from the previous report

Work in Progress

Work on dev/sff started to support SFF/SFP modules in order to test DPAA2 drivers on links above 1 Gbit/s.


  • Heavy network load tests (2.5 Gbit/s, 10 Gbit/s) and bottlenecks mitigation.

  • Cached memory-backed software portals.

  • Driver resources de-allocation to unload dpaa2.ko properly.

  • Further parts (DPSW, DCE, etc.) supported by the hardware.

Sponsor: Traverse Technologies (providing Ten64 HW for testing)

SIMD enhancements for amd64

Contact: Robert Clausecker <>

SIMD instruction set extensions such as SSE, AVX, and NEON are ubiquitous on modern computers and offer performance advantages for many applications. The goal of this project is to provide SIMD-enhanced versions of common libc functions (mostly those described in string(3)), speeding up most C programs.

For each function optimised, up to four implementations will be provided:

  • a scalar implementation optimised for amd64, but without any SIMD usage,

  • either a baseline implementation using SSE and SSE2, or an x86-64-v2 implementation using all SSE extensions up to SSE4.2,

  • an x86-64-v3 implementation using AVX and AVX2, and

  • an x86-64-v4 implementation using AVX-512F/BW/CD/DQ.

Users will be able to select which level of SIMD enhancements to use by setting the ARCHLEVEL environment variable.

While the current project only concerns amd64, the work may be expanded to other architectures like arm64 in the future.

During the last few months, significant progress has been made on this project. SIMD-enhanced versions of bcmp(3), index(3), memchr(3), memcmp(3), stpcpy(3), strchr(3), strchrnul(3), strcpy(3), strcspn(3), strlen(3), strnlen(3), and strspn(3) have landed. Functions memcpy(3), memmove(3), strcmp(3), timingsafe_bcmp(3) (see D41673), and timingsafe_memcmp(3) (see D41696) are work in progress. Unfortunately, the work has not made the cut for FreeBSD 14.0, but it is slated to be part of FreeBSD 14.1.

Sponsor: The FreeBSD Foundation

Integrate mfsBSD into the Release Building Tools

Contact: Soobin Rho <>

What is mfsBSD?

"mfsBSD is a toolset to create small-sized but full-featured mfsroot based distributions of FreeBSD that store all files in memory (MFS) [Memory File System] and load from hard drive, USB storage device, or optical medium. It can be used for a variety of purposes, including diskless systems, recovery partitions and remotely overwriting other operating systems."

Martin Matuška is the creator of mfsBSD. He is also author of the original (2009) mfsBSD white paper, from which the excerpt above is taken. Upstream mfsBSD is maintained in the repository on GitHub.

Purpose of this Project

This project integrates mfsBSD into the FreeBSD release tool set, creating an additional target of mfsBSD images (.img and .iso files) in /usr/src/release/Makefile. Prior to integration, mfsBSD only existed outside the FreeBSD release tool chain, and only -RELEASE versions were produced.

With this project, mfsBSD images will be available at the official FreeBSD release page. You will also be able to build mfsBSD yourself by invoking cd /usr/src/release && make release WITH_MFSBSD=1, which will then create mfsbsd-se.img and mfsbsd-se.iso at /usr/obj/usr/src/${ARCH}/release/.

Changes from last quarter

The code is ready, and is currently under review. If you would like to get involved with the review process, please feel free to do so! Here is my revision.

Sponsor: Google, Inc. (GSoC 2023)


Updating cloud-specific features and bringing in support for new cloud platforms.

OpenStack on FreeBSD

Contact: Chih-Hsin Chang <>
Contact: Li-Wen Hsu <>

OpenStack, an open-source cloud operating system, has been a valuable resource for deploying various resource types on cloud platforms. However, the challenge has been running OpenStack’s control plane on FreeBSD hosts. Our project’s mission is to enable FreeBSD to function seamlessly as an OpenStack host.

Throughout this quarter, we focused on the last bit of the entire proof of concept (POC), the VM console integration. The goal is to let users get serial consoles via the OpenStack client to access the VM instances running on the FreeBSD-based OpenStack cluster. This is also important because right now we do not have a port for the managed DHCP service in Neutron. Users need to manually configure the correct IP addresses for the VM instances to have network connectivity. However, bhyve(8) does not natively expose serial consoles, so we need to instead export the nmdm(4) device over the network. This is done by a custom proxy called socat-manager, and yes, we leverage socat(1) to listen on specific ports allocated by OpenStack nova-compute to be integrated into their workflow. With the aid of another critical part, the custom Libvirt hook for bhyve, we can connect the two endpoints and make the consoles accessible to the users. During development of the hook script, we found that the hook interface provided by Libvirt specifically for bhyve was not well implemented. Fortunately, the Libvirt developer fixed the issue promptly, and we plan to refine our hook script when the fix is released in the future.

We also addressed the nested bhyve issue (running bhyve VMs on top of Linux KVM) in our development environment mentioned in the last quarterly report. It is caused by the APIC emulation of the two VT-x features: VID and PostIntr.

Our host’s CPUs have these two features so we need to disable them at the L1 guest, which acts as a bhyve host, in /boot/loader.conf to make L2 guests not hanging. It is crucial for us to be able to work on the project in a fully virtualized environment due to the lack of physical resources. This could be equally important for people interested in the project, lowering the bar for them to try out or validate the entire POC on their environment without too demanding setup requirements.

Looking ahead to Q4, our focus is wrapping up the POC with revised documentation and porting to FreeBSD 14.0-RELEASE. Dependencies that lack the corresponding FreeBSD packages will be ported one by one. We also aim to rebase our work with OpenStack 2023.1 Antelope. We invite those interested to explore our documentation and contribute to this project’s success.

Sponsor: The FreeBSD Foundation

FreeBSD on Microsoft HyperV and Azure

Contact: Microsoft FreeBSD Integration Services Team <>
Contact: freebsd-cloud Mailing List
Contact: The FreeBSD Azure Release Engineering Team <>
Contact: Wei Hu <>
Contact: Souradeep Chakrabarti <>
Contact: Li-Wen Hsu <>

In this quarter, we have worked mainly on ARM64 architecture support and building and publishing both UFS and ZFS based images to Azure community gallery. There are some testing images available in the project’s testing public gallery, named FreeBSDCGTest-d8a43fa5-745a-4910-9f71-0c9da2ac22bf:

  • FreeBSD-CURRENT-testing

  • FreeBSD-CURRENT-gen2-testing

  • FreeBSD-CURRENT-arm64-testing

  • FreeBSD-CURRENT-zfs-testing

  • FreeBSD-CURRENT-zfs-gen1-testing

To use them, when creating a virtual machine:

  1. In Select an Image step, choose Community Images in Other items

  2. Search FreeBSD

We are aiming to provide all those images for 14.0-RELEASE.

Work in progress tasks:

  • Automating the image building and publishing process and merge to src/release/.

  • Building and publishing all supported VM images to Azure Marketplace

  • Building and publishing snapshot builds to Azure community gallery

The above tasks are sponsored by The FreeBSD Foundation, with resources provided by Microsoft.

Wei Hu and Souradeep Chakrabarti have fixed several critical bugs in arm64:

And continue working on improving Microsoft Azure Network Adapter (MANA) support.

Open tasks:

Sponsor: Microsoft for people in Microsoft, and for resources for the rest
Sponsor: The FreeBSD Foundation for everything else

FreeBSD on EC2

Contact: Colin Percival <>

FreeBSD is available on both x86 (Intel and AMD) and ARM64 (Graviton) EC2 instances. Work continues to ensure that upcoming instance types will be supported.

Weekly FreeBSD snapshots now include experimental ZFS-root AMIs for 14.0 and 15.0. This change will be present in FreeBSD 14.0-RELEASE.

Work is underway to start publishing experimental "cloud-init" AMIs. This is expected to arrive in time for FreeBSD 14.0-RELEASE.

This work is supported by Colin’s FreeBSD/EC2 Patreon.


Noteworthy changes in the documentation tree, manual pages, or new external books/documents.

Documentation Engineering Team

Contact: FreeBSD Doceng Team <>

The doceng@ team is a body to handle some of the meta-project issues associated with the FreeBSD Documentation Project; for more information, see the FreeBSD Doceng Team Charter.

During this quarter:

  • The search functionality of the documentation portal was moved from DuckDuckGo to our own search engine; for more information, see this commit

  • grahamperrin@'s doc commit bit was taken for safekeeping as per his request

  • pluknet@'s doc commit bit was taken for safekeeping as per his request.

Porter’s Handbook

New USES knobs have been added to the Handbook:

FreeBSD Translations on Weblate

Q3 2023 Status
  • 17 team languages

  • 189 registered users

Four new translators joined Weblate:

  • minso in Korean (ko) and French (fr_FR)

  • strgalt-t in German (de_DE)

  • bsdmeg in German (de_DE)

  • mvsf in Portuguese (pt_BR)

  • Chinese (Simplified) (zh-cn) (progress: 7%)

  • Chinese (Traditional) (zh-tw) (progress: 3%)

  • Dutch (nl) (progress: 1%)

  • French (fr) (progress: 1%)

  • German (de) (progress: 1%)

  • Indonesian (id) (progress: 1%)

  • Italian (it) (progress: 5%)

  • Korean (ko) (progress: 33%)

  • Norwegian (nb-no) (progress: 1%)

  • Persian (fa-ir) (progress: 2%)

  • Polish (progress: 1%)

  • Portuguese (progress: 0%)

  • Portuguese (pt-br) (progress: 22%)

  • Spanish (es) (progress: 35%)

  • Turkish (tr) (progress: 2%)

We want to thank everyone that contributed, translating or reviewing documents.

And please, help promote this effort on your local user group, we always need more volunteers.

FreeBSD Handbook Working Group

Contact: Sergio Carlavilla <>

FAQ Working Group

Contact: Sergio Carlavilla <>

The idea is to write a new FAQ. Will be released alongside FreeBSD 14.0.

FreeBSD Website Revamp — WebApps Working Group

Contact: Sergio Carlavilla <>

Working group in charge of creating the new FreeBSD Documentation Portal and redesigning the FreeBSD main website and its components. FreeBSD developers can follow and join the working group on the FreeBSD Slack channel #wg-www21. The work will be divided into three phases:

  1. Redesign of the Manual Pages on web

    Scripts to generate the HTML pages using mandoc. (Complete, Approved by Doceng, Deploy Date Not Decided Yet) Public instance on

  2. Redesign of the FreeBSD main website

    New design, responsive and dark theme. (Almost Complete, Presented at EuroBSDCon)

  3. Redesign of the Ports page on web

    Ports scripts to create an applications portal. (Work in progress)

FreeBSD Online Editor and Man Page Editor

Contact: Yan-Hao Wang <>
Contact: Li-Wen Hsu <>

Currently, our document translation process involves using Weblate and direct editing of the doc repository. We acknowledge that this process can be somewhat cumbersome, so we are striving to offer a more convenient alternative, similar to what the wiki community does. Introducing the Online Document Editor and Man Page Editor, a user-friendly, WYSIWYG static site designed for translating documents and man pages. Our goal is to consolidate all translation functions within a single platform, making the translation process as straightforward as possible.

However, we still require assistance with these two projects, as follows:

  1. The Document editor and Man page editor were developed using simple JavaScript. We are seeking a web developer to assess the code’s efficiency since I (Yan-Hao Wang) am not well-versed in front-end development.

  2. We are also seeking a cybersecurity developer to assist us in identifying and addressing security issues within these two projects. This is crucial to ensure the secure hosting of these projects and mitigate any potential vulnerabilities.

  3. As there is currently no existing JavaScript library to render mandoc, I had to create my own. However, there are still some concealed errors during the editing process. We are in need of a JavaScript developer to help rectify these rendering issues.

Sponsor: FreeBSD Foundation

FreeBSD Expert System

Contact: Yan-Hao Wang <>
Contact: Li-Wen Hsu <>

Machine Learning and Deep Learning technologies have become increasingly prevalent in today’s world, much like the proliferation of ChatGPT. We are working on developing a ChatGPT plugin that can access the latest FreeBSD data, transforming ChatGPT into a FreeBSD expert system. We have already scripted data cleaning and built an embedded model to search for relevant information.

Nevertheless, we require assistance for the following aspect of this project:

  • While I am not an expert in Machine Learning or Deep Learning, we encounter numerous challenges in these domains, such as the adequacy of data cleaning and uncertainties in the final plugin development process. We would appreciate guidance in this regard.

Sponsor: FreeBSD Foundation


Changes affecting the Ports Collection, whether sweeping changes that touch most of the tree, or individual ports themselves.

KDE on FreeBSD

Contact: Adriaan de Groot <>

The KDE on FreeBSD project packages CMake, Qt, and software from the KDE Community, for the FreeBSD ports tree. The software includes a full desktop environment called KDE Plasma (for both X11 and Wayland) and hundreds of applications that can be used on any FreeBSD machine.

The KDE team (kde@) is part of desktop@ and x11@, building the software stack to make FreeBSD beautiful and usable as a daily-driver graphical desktop workstation. The notes below describe mostly ports for KDE, but also include items that are important for the entire desktop stack.


Qt5 is now on long-term support and updates only rarely. There was an update to 5.15.10 in this quarter. Qt6 is now updated with the regular upstream releases, with the 6.5.2 release landing at the end of July and 6.5.3 following later.

CMake saw no updates this quarter, so we are now lagging by at least one minor release. The changelog for the latest releases does not have much for FreeBSD, so there is no special reason to upgrade.

sysutils/polkit and sysutils/consolekit2 were both updated, bringing improved security policy and console handling to the FreeBSD desktop. x11/sddm was updated to provide a better graphical login manager.

multimedia/pipewire was updated to version 0.3.81. This provides multimedia support for desktops such as KDE and GNOME.

KDE Stack

KDE Gear releases happen every quarter, KDE Plasma updates once a month, and KDE Frameworks have a new release every month as well. These (large) updates land shortly after their upstream release and are not listed separately.

  • KDE Frameworks reached version 5.110. The KDE Frameworks 5 series is winding down, although it will be six months or so before it enters long-term support upstream.

  • KDE Plasma Desktop was updated to version 5.27.8. Just like frameworks, work on KDE Plasma 5 is winding down upstream in favor of KDE Plasma 6.

  • KDE Gear updated to 23.08.1.

The KDE ecosystem includes a wide range of ports — most maintained by kde@, all building on a shared base of Qt and KDE Frameworks. The kde@ team updates them all as needed. This quarter, for instance, tcberner@ and arrowd@ updated or fixed (much more than) this selection of ports:

Thanks to jhale@, devel/qtcreator was updated to 11.0.3, providing another featureful integrated development environment for creating Qt and KDE applications.


Web browsers are huge, and have a considerable security surface. The venerable www/qt5-webkit WebKit port has been slated for removal and consumers have been moved to WebEngine. The fork of WebKit that we relied on is no longer actively maintained.

Pantheon desktop on FreeBSD

Contact: Olivier Duchateau <>

The Pantheon desktop environment is designed for elementary OS. It builds on GNOME technologies (such as Mutter, GTK 3 and 4) and it is written in Vala. The goal is to have a complete desktop environment for end users.

13.2-RELEASE or higher is required, because several core components depend on deskutils/xdg-desktop-portal.

The repository contains a file called for the Mk/Uses framework, official applications, and curated ports which depend on x11-toolkits/granite7.

I have submitted several patches in order to keep these ports up-to-date:

The bug reports for updating the following ports are still open on bugzilla:

In the same time, I have also worked on updating the GNOME stack (especially WebKitGTK, libwnck, Mutter, Vala). I noticed several regressions particularly with x11/plank (it is related to monitoring open applications).

Three new applications have been added to the development repository:

  • deskutils/atlas, a map viewer

  • deskutils/nimbus, a weather applet

  • audio/leopod, podcasts client

FreeBSD Office Team

Contact: FreeBSD Office team ML <>
Contact: Dima Panov <>
Contact: Li-Wen Hsu <>

The FreeBSD Office team works on a number of office-related software suites and tools such as OpenOffice and LibreOffice.

Work during this quarter was focused on providing the latest stable release of LibreOffice suite and companion apps to all FreeBSD users.

During the 2023Q3 period we pushed maintenance patches for the LibreOffice port and brought the latest, 7.6.2, release and all companion libraries such as MDDS, libIxion and more to the ports tree. All prerelease development of LibreOffice ports is carried out in the in LibreOffice WIP repo.

Together with LibreOffice, we also updated Boost to the latest, 1.83 release. Everyone interested in Boost porting can submit patches to the Boost WIP repository.

We are looking for people to help with the open tasks:

Patches, comments and objections are always welcome in the mailing list and Bugzilla.

Wifibox: Use Linux to Drive your Wireless Card on FreeBSD

Contact: PÁLI Gábor János <>

Wifibox is an experimental project for exploring the ways of deploying a virtualized Linux guest to drive wireless networking cards on the FreeBSD host system. There have been guides to describe how to set this up manually, and Wifibox aims to implement those ideas as a single easy-to-use software package.

  • It uses bhyve(8) to run the embedded Linux system. This helps to achieve low resource footprint. It requires an x64 CPU with I/O MMU (AMD-Vi, Intel VT-d), ~150 MB physical memory, and some disk space available for the guest virtual disk image, which can be even ~30 MB only in certain cases. It works with FreeBSD 12 and later, some cards may require FreeBSD 13 though.

  • The guest is constructed using Alpine Linux, a security-oriented, lightweight distribution based on musl libc and BusyBox, with some custom extensions and patches imported from Arch Linux most notably. It is shipped with a number of diagnostic tools for better management of the hardware in use. The recent version features Linux 6.1, but Linux 6.5 is also available as an alternative.

  • Configuration files are shared with the host system. The guest uses wpa_supplicant(8) or hostapd(8) (depending on the configuration) so it is possible to import the host’s wpa_supplicant.conf(5) or hostapd.conf(5) file without any changes.

  • When configured, wpa_supplicant(8) and hostapd(8) control sockets could be exposed by the guest, which enables use of related utilities directly from the host, such as wpa_cli(8) or wpa_gui(8) from the net/wpa_supplicant_gui package, or hostapd_cli(8).

  • Everything is shipped in a single package that can be easily installed and removed. This comes with an rc(8) system service that automatically launches the guest on boot and stops it on shutdown.

  • It can be configured to forward IPv6 traffic, which is currently an experimental option but turned on by default.

Wifibox has been mainly tested with Intel chipsets, and it has shown great performance and stability. Therefore, it might serve as an interim solution whilst FreeBSD matures its support for these chipsets.

It was confirmed that Wifibox works with Atheros, Realtek, and Mediatek chipsets too, and feedback is more than welcome about others. Broadcom chips (that are often found in MacBook Pros) can also work, but there are known stability issues.

GCC on FreeBSD

Contact: Lorenzo Salvadore <>

The process to update GCC default version to GCC 13 has started with an exp-run. Thanks to Antoine Brodin who ran the exp-run and to all other developers and ports maintainers involved.

The same exp-run contains additional patches as anticipated in last quarterly status report. In particular, it contains patches to update

The reader might remember that I had planned to update GCC default version to GCC 13 as soon as 13.1.0 was out, but as it can be noted the GCC developers were faster to release 13.2.0 than I was working on the GCC ports.

Most of the bugs reported in the exp-run are due to the same error: error: expected identifier before '__is_convertible'. It seems that the issue is an incompatibility between FreeBSD 12’s libcxx and GCC 13 headers. Please check the discussion in the exp-run for more information and to provide your feedback.

Valgrind: valgrind-devel updated for FreeBSD 15

Contact: Paul Floyd <>

devel/valgrind-devel is in the process of being updated. This contains most of what will be in the official release of Valgrind 3.22 due out in October.

memcheck has been enhanced with some more checks. It will now report usage of realloc with a size of zero. Such usage is not portable and is deprecated (C23 will make it Undefined Behaviour). memcheck now validates the values used for alignment and sized delete for memalign, posix_memalign, aligned_alloc and all aligned and sized overloads of operator new and operator delete. Reading DWARF debuginfo is now done in a lazy manner which can improve performance.

As usual there are numerous small bugfixes.

Specific to FreeBSD there is now support for FreeBSD 15. Two extra _umtx_op operations are now supported, UMTX_OP_GET_MIN_TIMEOUT and UMTX_OP_SET_MIN_TIMEOUT. There is a fix for the use of sysctl kern proc pathname with the guest pid or -1, which previously returned the path of the Valgrind host. The sysctl will now return the path of the guest. Support for the close_range system call has been added.

GitLab 16.3 Available

Contact: Matthias Fechner <>

GitLab is a DevOps platform. It brings velocity with confidence, security without sacrifice, and visibility into DevOps success.

Version 16.3 is now available on FreeBSD: please check the www/gitlab-ce port. The upgrade is very important as version 16.3 will be required for all further upgrades. Upgrade to 16.4 is only possible from GitLab 16.3.

I will wait for the upgrade to 16.4 (which will be released around 20.9. or 22.9., not sure) until ports quarterly branch 2023Q4 is created, to avoid breaking systems that do not use the main branch (latest). GitLab users should always choose the main branch, as described in the installation manual.

PortOptsCLI — Ports Collection Accessibility

Contact: Alfonso Sabato Siciliano <>
Contact: FreeBSD Accessibility mailing list <>

FreeBSD provides the Ports Collection to give users and administrators a simple way to install applications. It is possible to configure a port before the building and installation. The command make config uses ports-mgmt/dialog4ports and ports-mgmt/portconfig to set up a port interactively via a text user interface (TUI).

Unfortunately, screen readers perform poorly with a TUI; it is a well-known accessibility problem. FreeBSD provides tens of thousands of ports; port configuration is a key feature, but it is inaccessible to users with vision impairment.

PortOptsCLI (Port Options CLI) is a new utility for setting port options via a command line interface. Properly, PortOptsCLI provides commands to navigate configuration dialogues (checklists and/or radio buttons) and set up their items interactively. It is also suitable for a speech synthesizer; currently it is tested with accessibility/orca. PortOptsCLI can be installed via the ports-mgmt/portoptscli port or package.

Tips and new ideas are welcome. If possible, send reports to the FreeBSD Accessibility mailing list, to share and to track discussions in a public place.

Third Party Projects

Many projects build upon FreeBSD or incorporate components of FreeBSD into their project. As these projects may be of interest to the broader FreeBSD community, we sometimes include brief updates submitted by these projects in our quarterly report. The FreeBSD project makes no representation as to the accuracy or veracity of any claims in these submissions.

Introducing the BSD Cafe project

Contact: Stefano Marinelli <>

We are thrilled to unveil the inaugural component of the BSD Cafe project!

Months ago, when I first registered the domain, I envisioned a themed bar where friends, acquaintances, and patrons could gather for casual conversations about *BSD systems, Linux, and open-source technology. Just like any bar, our discussions can encompass a wide array of topics, all while maintaining a spirit of mutual respect.

BSD Cafe is poised to become a hub for a variety of tools and services, all powered by *BSD.

Our initial offering is a brand-new instance of Mastodon (open-source microblogging software and service), serving as a gateway to the fediverse — a federation of services, many of which use the ActivityPub decentralised social networking protocol. Registration is now open. The server operates under clearly defined guidelines that promote positive conduct and unequivocally prohibit any form of hate. Inclusiveness, respect, and constructive dialogue stand as the cornerstones of this instance.

Our primary server is currently hosted in Finland on a small VM, running on FreeBSD. Services are partitioned into VNET jails, interconnected within a local area network through a dedicated bridge. Additionally, we implement a VPN system and have the flexibility to migrate individual jails to more robust machines.

For multimedia data and cache hosting, we employ a separate physical server (also FreeBSD-based, within a jail), fronted by Cloudflare. The goal here is to cache and geodistribute data, effectively reducing network congestion on the main VPS.

Our reverse proxy (frontend), mail server, media server, and the instance itself are all accessible via IPv6.

At its inception, this Mastodon instance was devoid of preloaded content. Our intention is for it to grow organically, based on the interests and followers of its users. At this stage, we have refrained from preemptive blocks. We strongly encourage users to promptly report anything that they believe requires attention.

We invite you to join us at in order to cultivate a community that values constructive interactions and embraces inclusiveness — a secure and serene space meant for all.

Furthermore, we have established a website at, which will provide an overview of our tools, services, rules, uptime, and more.

Recently, a Miniflux installation has been performed, so the BSD Cafe users can use it as a personal RSS Feed Reader. More information:

Containers and FreeBSD: Pot, Potluck and Potman

Contact: Luca Pizzamiglio (Pot) <>
Contact: Bretton Vine (Potluck) <>
Contact: Michael Gmelin (Potman) <>

Pot is a jail management tool that also supports orchestration through Nomad.

During this quarter, Pot 0.15.6 was finished, adding custom pf(4) rule configuration hooks.

Additionally, Nomad Pot Driver 0.9.1 that allows setting Pot attributes in Nomad job descriptions was released.

Potluck aims to be to FreeBSD and Pot what Dockerhub is to Linux and Docker: a repository of Pot flavours and complete container images for usage with Pot and in many cases Nomad.

Quite a few new container images were made available, e.g. a Caddy S3 proxy, a Mastodon instance, and a Redis container. In total there are now 50 containers available that can either be downloaded as ready-made images at the Potluck image registry, if you trust our build process, or that you can build yourself from the Pot flavour files stored in the Potluck GitHub repository.

The July/August 2023 edition of the FreeBSD Journal contains Luca’s Jail Orchestration with pot and nomad article, explaining how to use Pot and Potluck together with Nomad to orchestrate containers on multiple hosts.

Last but not least, a patch (90b1184d93c8) added build cluster support to the devel/sccache port.

As always, feedback and patches are welcome.

Sponsors: Nikulipe UAB, Honeyguide Group

Last modified on: November 7, 2023 by Lorenzo Salvadore