ProHoster > Blog > internet news > FreeBSD 14.4 release

FreeBSD 14.4 release

After nine months of development, FreeBSD 14.4 has been released. Installation images are available for the amd64, i386, aarch64, armv7, powerpc, powerpc64, and riscv64 architectures. Additionally, builds have been prepared for virtualization systems (QCOW2, VHD, VMDK, raw) and cloud environments such as Amazon EC2, Google Compute Engine, and Vagrant.

The next FreeBSD 14.5 update is scheduled for September 2026. The current FreeBSD 14.4 release will be supported until December 31, 2026, and the previous FreeBSD 14.3 release will be supported until June 30, 2026. Overall, the FreeBSD 14 branch will be supported until November 30, 2028, and the FreeBSD 13.x branch until April 30, 2026. The FreeBSD 15 branch is being developed in parallel, with the next release (15.1) scheduled for June 2, 2026.

Major changes in FreeBSD 14.4:

  • Added sndctl utility for managing sound card settings.
  • The swapon utility has been updated to support encrypted swap files, which can be identified via fstab using md devices with the ".eli" suffix.
  • In the nuageinit utility, which performs initialization virtual machinesAdded support for cloud-init, network configuration, and package management. For cloud-init compatibility, the following commands have been added: 'runcmd', 'packages', 'fqdn', 'hostname', 'sudo', 'write_files', 'nameservers', 'tzsetup', and 'doas'. A full-featured YAML parser has been implemented. Logging is enabled. The following commands have been implemented: 'chpasswd', 'wakeonlan', 'set-name', and 'match.driver'.
  • The Spleen console font has been updated to version 2.2.0 and expanded with additional characters (em dash, en dash, hyphen, angle brackets, white square, cross, and double cross). Character alignment has been improved on high-density screens. The Gallant console font, which now includes over 4300 glyphs, now supports Cyrillic characters and sets with mathematical symbols, arrows, currencies, and frames.
  • The package includes the 9P file system (p9fs), which can be used with virtio-9p devices and the Bhyve hypervisor to provide access to the host file system contents from virtual machines. To load the driver, use the "virtio_p9fs_load=YES" setting in loader.conf.
  • The tarfs file system has been optimized to handle files larger than 4 GB.
  • In unionfs and nullfs FS, the checking of root vnodes has been strengthened when processing paths with ".." to block potential vulnerabilities that allow traversal beyond the root directory of the jail environment.
  • The Jail subsystem restricts unprivileged users from the parent jail from debugging, configuring the scheduler, and sending signals to processes running in child jails. Separate privileges PRIV_SCHED_DIFFJAIL, PRIV_DEBUG_DIFFJAIL, and PRIV_SIGNAL_DIFFJAIL are provided for these operations. To restore the legacy behavior of process management, the "allow.nounprivileged_parent_tampering" setting has been added to Jail.
  • The Jail subsystem now supports the "met" and "env" parameters, which allow arbitrary string metadata and environment data to be bound to jail environments. Parameters can be set during jail creation, modified with the "jail -cm" command, and viewed with the jls command. For example, 'jail -cm … meta="tag1=value1 tag2=value2" env="configuration"'. The "security.jail.meta_maxbufsize" sysctl setting is now available to limit the maximum size of data in parameters.
  • The "-j" flag has been added to the ngctl utility for running commands within a specified jail environment. This flag allows manipulation of netgraph nodes in jailed environments where ngctl is not installed.
  • The mdo utility has expanded its capabilities, allowing commands to be run under a different user, similar to the su utility, but using the mac_do kernel module and the setcred system call instead of setuid. The new version implements options for managing user and group IDs in launched processes: -k to preserve current users; -g and -G to set primary and additional groups; -s to change additional groups; --euid, --ruid, --svuid, --egid, --rgid, and --svgid to override the specified IDs.
  • The kadmin Kerberos management utility has been updated with the -f option to dump the Heimdal KDC database in a format compatible with MIT KDC, allowing migration from Heimdal Kerberos to MIT Kerberos without completely recreating the database.
  • In the stripped-down version of the pkg(7) package manager included in the base system, option parsing has been unified with the full version of the pkg(8) toolset. The order of options for commands in pkg(7) should now match the behavior of pkg(8); for example, instead of "pkg -f bootstrap," you should use "pkg bootstrap -f."
  • The bsdinstall installer no longer supports installations using the ZFS file system on MBR-based disks (ZFS can only be used on GPT-based disks). The loader.efi bootloader is now copied to all ESPs (EFI System Partitions) created on ZFS-based disks, in case the primary disk fails.
  • The freebsd-update utility ensures a strict order for installing shared libraries: libsys, libc, libthr, and then the rest, which eliminates problems when upgrading from FreeBSD 14.x to the 15.x branch.
  • The "-u" flag has been added to the newfs utility to disable the "soft updates" mechanism and journaling for UFS2 FS by default.
  • PAM libraries (Pluggable Authentication Modules) are now able to search for modules in the ${LOCALBASE}/lib/security directory in addition to the ${LOCALBASE}/lib directory.
  • The net80211 wireless stack has been updated to support the VHT160 and VHT80P80 channels used in modern access points.
  • Expanded hardware support. ACPI support has been added to the iwlwifi driver for Intel wireless adapters. The ix and ixv drivers have been updated to support the Intel Ethernet E610 2.5G/5G/10G family of network cards. The mfi and mrsas drivers have been updated to support Fujitsu SAS 6Gbit/s 1GB RAID controllers (D3116), used on серверах Fujitsu PRIMERGY.
  • Support for Raspberry Pi Zero 2W boards has been added to the generated SD card images.
  • The blacklistd background process, which provides dynamic blocking of network ports to protect against DoS attacks, has been updated and renamed to blocklistd.
  • The base system includes a package with Lua bindings for libyaml.
  • OpenSSH has been updated from release 9.9p2 to 10.0p2, enabling the quantum-resistant hybrid mlkem768x25519-sha256 algorithm by default.
  • Updated versions of third-party components: OpenZFS 2.2.9 (was 2.2.7), OpenSSL 3.0.16, SQLite 3.50.4, unbound 1.24.1, libucl 0.9.2, expat 2.7.3, libyaml 0.2.5, libarchive 3.8.5, xz 5.8.2, less 685, bmake 20251111, bc 7.1.0.
  • The base installation media (bootonly) has been updated to include firmware packages for wireless devices, allowing the use of a wireless connection to retrieve installation files over the network.
  • The sbin/ipfw15 executable has been added, compiled with the new KBI (Kernel Binary Interface) for compatibility with the FreeBSD 15 kernel. The original ipfw utility automatically detects the presence of the new KBI and runs ipfw15 if necessary to correctly load packet filter rules when upgrading to FreeBSD 15.
  • Support for the RIP routing protocol (routed, rtquery, route6d, rip6query) has been deprecated and is scheduled for removal. It is recommended to use the 'bird' or 'quagga' packages from the ports collection instead of 'routed'.
  • The built-in MIDI sequencer implementation in the kernel has been deprecated.
  • Removed code for compatibility with versions of the ipfw packet filter that shipped before FreeBSD 8.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers 🔥 Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster