Tag: PKG

FreeBSD Changes and Updates – Week of April 4, 2026

admin Leave a comment

Executive Summary

FreeBSD 14.4-RELEASE, announced on March 10, 2026, represents a significant milestone in the stable/14 branch with substantial improvements in security, virtualization, and cloud integration. This comprehensive overview covers the latest developments, security advisories, and technical enhancements in the FreeBSD ecosystem.

FreeBSD 14.4-RELEASE: Major Features

OpenSSH 10.0p2 with Post-Quantum Cryptography

The most notable security enhancement in FreeBSD 14.4 is the upgrade to OpenSSH 10.0p2, which introduces:

Hybrid Post-Quantum Algorithm: Default use of mlkem768x25519-sha256, combining traditional elliptic curve cryptography with post-quantum Kyber-based algorithms
Enhanced Key Exchange: Protection against future quantum computing threats while maintaining compatibility with existing infrastructure
Improved Authentication: Stronger security posture for SSH connections in enterprise environments

OpenZFS 2.2.9 Storage Enhancements

The OpenZFS filesystem receives significant updates:

Performance Improvements: Optimized ARC implementation and reduced memory overhead
Metadata Handling: Faster directory operations and improved metadata caching
Compression Enhancements: Better zstd compression ratios and performance
Snapshot Management: More efficient incremental send/receive operations

bhyve Virtualization: p9fs Integration

A groundbreaking feature for virtualization environments:

9P Filesystem Support: Native implementation of the 9P2000 protocol (p9fs) enables direct filesystem sharing between bhyve hosts and guests
Usage Examples:

# Mount p9fs share in guest
mount -t virtfs sharename /mnt

# Use as root filesystem (advanced)
vfs.root.mountfrom="p9fs:sharename" in /boot/loader.conf

Benefits: Simplified file sharing, reduced overhead compared to NFS/SMB, and improved security through protocol isolation

Cloud Integration: nuageinit Improvements

Enhanced cloud-init compatibility addresses enterprise deployment needs:

Better Metadata Handling: Improved parsing of cloud provider metadata formats
Network Configuration: More reliable network interface configuration in cloud environments
User Data Processing: Enhanced support for cloud-init user-data scripts and configurations

Security Enhancements

Encrypted Swap Support: Native encryption of swap space using geli(8) encryption system
Jail Security: Improved isolation and resource controls for FreeBSD jails
MAC Framework: Enhanced Mandatory Access Control policies and utilities

Recent Security Advisories

FreeBSD-SA-26:09.pf (March 26, 2026)

Severity: High
Affected Versions: FreeBSD 14.x, 15.0
CVE: CVE-2026-4652

Issue: The pf firewall silently ignores certain rule configurations, potentially allowing unintended network access

Resolution:

  • Patches available for all supported branches
  • Immediate upgrade recommended via:
freebsd-update fetch
freebsd-update install
# Or using packages
pkg upgrade

Workaround: Temporarily rewrite affected rules using tables or labels instead of direct interface specifications

FreeBSD-SA-26:07.nvmf (March 25, 2026)

Severity: Medium
Affected Versions: FreeBSD 15.0

Issue: Security vulnerability in NVMe over Fabrics subsystem implementation

Patches Released:

  • stable/15 branch: March 25, 2026 01:29 UTC
  • releng/15.0 branch: March 26, 2026 01:11 UTC

Ports and Packages Updates

pkgsrc-2026Q1 Branch (March 27, 2026)

The new quarterly branch brings:

Software Updates: Latest versions of popular applications and libraries
Security Fixes: Patches for vulnerable packages in the ports collection
Dependency Resolution: Improved handling of complex dependency chains

Notable Package Upgrades

  • OpenSSL 3.5: Multiple security fixes and performance improvements
  • PostgreSQL 17: Enhanced query optimization and replication features
  • Python 3.12: New language features and runtime optimizations
  • pkg 2.6.2_1: Improved package management with better dependency resolution

Development and Community News

Google Summer of Code 2026

FreeBSD has been selected for Google Summer of Code 2026, with focus areas including:

Kernel Development: Performance optimization and new driver support
Tooling Improvements: Enhanced developer tools and debugging utilities
Documentation: Comprehensive documentation updates and translations

Release Engineering Changes

The FreeBSD project has adopted a new release strategy:

Quarterly Releases: Every 3 months for regular feature updates
Biennial Releases: Every 2 years for long-term support versions
Benefits: More predictable release cycles, better security maintenance, and improved stability

System Administration Guidance

Upgrade Recommendations

For systems running FreeBSD 14.x:

# Standard upgrade process
freebsd-update fetch
freebsd-update install

# Rebuild third-party packages if necessary
pkg upgrade

Security Best Practices

  1. Regular Updates: Schedule weekly security update checks
  2. Firewall Review: Audit pf rulesets for potential issues
  3. Monitoring: Implement comprehensive system monitoring
  4. Backup Strategy: Ensure regular ZFS snapshots and offsite backups

Performance Monitoring Commands

# ZFS performance
zpool iostat -v 1
zfs get all poolname

# Network monitoring  
pfctl -s info
pfctl -s rules

# System health
vmstat 1
iostat 1

Support Timeline

FreeBSD 14.4-RELEASE: Supported until December 31, 2026
FreeBSD 13.x: Entering end-of-life phase, migration to 14.x recommended
FreeBSD 15.0: Current development branch, production use with caution

International Security Notices

BSI (Germany): Multiple advisories regarding FreeBSD vulnerabilities
Canadian Centre for Cyber Security: AV26-179 advisory for critical fixes
DFN-CERT: DFN-CERT-2026-0689 covering local privilege escalation issues

Resources and References

  • Official Security Advisories: https://www.freebsd.org/security/advisories/
  • Release Notes: https://www.freebsd.org/releases/14.4R/relnotes/
  • Mailing Lists: https://lists.freebsd.org/
  • Community Support: https://forums.freebsd.org/
  • Documentation: https://docs.freebsd.org/en/books/handbook/

Upcoming Events

  • FreeBSD Developer Summit: April 15-16, 2026 (Virtual)
  • Google Summer of Code: Coding period begins May 1, 2026
  • Next Quarterly Release: FreeBSD 14.5 expected June 2026

FreeBSD in the Last Seven Days: Between 14.4 Reality, ZFS Concerns, and Small pkg Ideas

Thorsten Geppert Leave a comment

Those waiting for FreeBSD to make a big splash often wait a long time. That’s one of the things I both appreciate and occasionally find frustrating about the system. I appreciate it because you’re not bombarded with marketing hype every other day. But it’s frustrating because you often have to piece together the most interesting developments from mailing lists, release notes, and passing remarks.

Looking back at the past seven days, the core picture is quite typical for FreeBSD: outwardly, it’s relatively quiet, but beneath the surface, discussions are happening in precisely the areas that make operating systems either pleasant or frustrating in daily use—software build performance, ZFS stability and memory behavior, and how to make pkg more practical in a PKGBASE environment.

FreeBSD 14.4 Remains the Dominant Topic

The most important official news in the observed period is still the release of FreeBSD 14.4-RELEASE on March 10. While it falls just outside the seven-day window, it has clearly shaped discussions this week—and for good reason.

Key highlights of 14.4 include:

  • OpenSSH 10.0p2
  • Hybrid post-quantum algorithm mlkem768x25519-sha256 enabled by default
  • OpenZFS 2.2.9
  • Improved cloud-init/nuageinit compatibility
  • A new p9fs(4) for filesystem sharing between host and bhyve guests
  • Enhancements to manpages and their tools

Overall, this is a solid release. No revolution, but exactly the kind of version FreeBSD is known for: evolutionary, pragmatic, and focused on meaningful maintenance rather than spectacle.

Also worth mentioning is the dedication of this release to Ken Smith, who passed away late last year and played a key role in FreeBSD’s release engineering for many years. Such acknowledgments often get lost in technical announcements, but they matter—they remind us that behind all the code, there are people.

Early Feedback on 14.4: Build Times Cause Frustration

More interesting than the release announcement itself were this week’s real-world reports. On the mailing list, a case was described where, after upgrading from 14.3 to 14.4, build times with poudriere had increased—sometimes doubling in duration.

This isn’t a minor detail. For those who build ports, maintain packages, or compile locally, this isn’t just a cosmetic issue—it’s a daily pain. If a full build suddenly takes two days instead of one, that’s no longer a footnote.

The discussion pointed to a known performance issue and noted that a workaround exists to restore the previous behavior. That’s the good news. The less good news is that such problems only surface in practice, and users have to dig through threads and commit messages to find solutions.

This is, unfortunately, not uncommon with FreeBSD: the technology is often solid, but communication about it can be less user-friendly than it could be.

ZFS Remains Excellent—and Sometimes Frustrating

Things got really interesting in a discussion about ZFS deadlocks and memory accounting issues on NFS servers. A scenario was described where machines, despite having plenty of free RAM, came under memory pressure, started swapping, and in the worst cases, hit OOM (out-of-memory) conditions. This is particularly frustrating because large storage and file-serving systems running FreeBSD are often chosen precisely because ZFS is supposed to excel in such environments.

The reported case involved systems with very high RAM capacity, where ARC memory appeared evictable, yet the system still entered a problematic state. There were also reports of blocked processes and wait states around ARC and dbuf mechanisms. Of course, this is just one case from a mailing list—not a universal statement about all 14.x installations. But it’s exactly the kind of signal that should make administrators take notice.

Such issues aren’t problematic because they’re spectacular; they’re problematic because they often disguise themselves as “odd behavior” for a long time. A little swap here, some load there, a few hanging processes—and suddenly, a system that, by superficial metrics, shouldn’t be struggling at all, is in trouble.

FreeBSD still has strong arguments in the storage space. But when reports like this emerge, they should be taken seriously—not hysterically, but seriously.

A Small pkg Discussion, But with Practical Relevance

Less dramatic but still practically relevant was a discussion about pkg and its interaction with PKGBASE. Specifically, the desire to cleanly separate upgrades for third-party packages and the base system.

Proposed additions included aliases like:

  • pkg upgrade-packages
  • pkg upgrade-base

The idea is simple and reasonable: in daily use, users don’t always want to lump everything together. Instead, they want to consciously decide whether to update only ports packages or only the base system.

This isn’t the kind of news that inspires excitement, but it’s a good example of how FreeBSD evolves: often in small, unassuming, yet practical steps. In the end, such improvements often make more of a difference than some grand, heavily promoted project.

At the same time, the discussion highlights a typical problem: naming and clarity aren’t trivial. If you say “packages” when, technically, everything is a package, confusion is almost built in. It’s not a disaster, but it’s not a detail that should be ignored either.

What Stands Out from This Week?

Summing up the past seven days around FreeBSD, this is the picture that emerges:

FreeBSD often appears quiet—almost too quiet—on the surface. But beneath that calm, the discussions revolve around precisely the issues that matter most to users and administrators:

  • How well does a new release perform in real-world use?
  • Are there performance regressions?
  • Is ZFS as stable under real-world load as expected?
  • Are tools like pkg becoming more usable in daily operations?

That, in the end, might be what’s most likable about FreeBSD. The most interesting news is rarely just “New! Bigger! Faster!” Instead, it’s often about where practice clashes with theory—and that’s where a system earns long-term trust.

14.4-RELEASE is undoubtedly the most significant recent development. But the subsequent discussions about build performance and ZFS show that a release isn’t finished when it’s published. That’s when the phase begins where it becomes clear how well things actually work outside of release notes and announcements.

And that phase was the truly interesting part of the last seven days.

Sources

  • FreeBSD News Flash: https://www.freebsd.org/news/newsflash/
  • FreeBSD News RSS Feed: https://www.freebsd.org/news/feed.xml
  • FreeBSD 14.4-RELEASE Announcement: https://lists.freebsd.org/archives/freebsd-announce/2026-March/000228.html
  • FreeBSD-announce Archiv März 2026: https://lists.freebsd.org/archives/freebsd-announce/2026-March/date.html
  • Thread: „Huge build times increase after updating from 14.3 to 14.4“: https://lists.freebsd.org/archives/freebsd-stable/2026-March/003900.html
  • Antwort von Olivier Certner zum bekannten Performance-Problem: https://lists.freebsd.org/archives/freebsd-stable/2026-March/003901.html
  • Nachfrage von Philip Paeps zu den Package-Buildern: https://lists.freebsd.org/archives/freebsd-stable/2026-March/003907.html
  • Thread: „ZFS deadlocks/memory accounting issues“: https://lists.freebsd.org/archives/freebsd-stable/2026-March/003910.html
  • Antwort von Alan Somers im ZFS-Thread: https://lists.freebsd.org/archives/freebsd-stable/2026-March/003911.html
  • Thread/Proposal zu pkg-Aliases: https://lists.freebsd.org/archives/freebsd-stable/2026-March/003942.html
  • Rückfrage zur Benennung der pkg-Aliases: https://lists.freebsd.org/archives/freebsd-stable/2026-March/003944.html
  • FreeBSD-stable Archiv März 2026: https://lists.freebsd.org/archives/freebsd-stable/2026-March/date.html