==========================================================================
Ubuntu Security Notice USN-7714-1
August 24, 2025
open-vm-tools vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Open VM Tools.
Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware
Details:
Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)
Dolev Farhi discovered that Open VM Tools incorrectly handled certain file
permissions. A local attacker could possibly use this issue to setup a
symlink
attack and override files without authorization. (CVE-2014-4199)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
open-vm-tools 2:9.4.0-1280544-5ubuntu6.4+esm1
Available with Ubuntu Pro
open-vm-tools-desktop 2:9.4.0-1280544-5ubuntu6.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7714-1
CVE-2014-4199, CVE-2023-34059
Sunday, August 31, 2025
Saturday, August 30, 2025
FreeBSD Status Report - Second Quarter 2025
FreeBSD Status Report Second Quarter 2025
Here is the second 2025 status report, with 32 entries.
As for the preceding quarters, this report is published just a few days before
calls for 2025Q3 report submissions are sent. Indeed, although according to our
timeline we should have published this report in July (general rule is
publication should happen within the month just after the calls for reports are
sent), we kept receiving important reports until the end of August. This is
both a positive and a negative thing. On one hand, it means that our FreeBSD
community is busy fixing existing issues and implementing new features, making
the OS we love better and better every day; it means that the community works
so intensely that very little time remains for reporting. On the other hand, it
means that news in these reports is always two months old when published. Two
months is not bad, especially if we consider that FreeBSD communication happens
on many other channels too, but it would be nice if we could improve it.
If you are a late submitter, please take some time to evaluate if there is
anything you can do to improve your report submission punctuality. The Status
Team is always glad to ease the submission process: if there is something we
can do for you, just ask. If you are a contributor or just a FreeBSD user,
please consider contributing more, if you can. Even working on a single small
simple task is useful, it can help to lower the pressure on other developers,
for whom it might thus become easier to find the time to document their work.
Have a nice reading!
Lorenzo Salvadore, on behalf of the Status Team.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
A rendered version of this report is available here:
https://www.freebsd.org/status/report-2025-04-2025-06/
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Table of Contents
• FreeBSD Team Reports
□ FreeBSD Core Team
□ FreeBSD Foundation
□ FreeBSD Release Engineering Team
□ Ports Collection
□ Bugmeister Team
□ Source Management Team
• Projects
□ Infrastructure Modernization
□ Support for pkgbase in the FreeBSD installer
□ BSD-USER 4 LINUX
□ Sylve — A Unified System Management Platform for FreeBSD
□ Hackathon 202506 Kitchener-Waterloo, Canada
• Userland
□ ucred / group changes in FreeBSD 15.0
□ MIT Kerberos Import into FreeBSD
□ SysctlTui
□ Geomman Development
• Kernel
□ Audio Stack Improvements
□ DRM drivers
□ Suspend/Resume Improvement
□ Named attribute support (Solaris style extended attributes)
□ Packrat — NFS client caching on non-volatile storage
□ LinuxKPI 802.11 and Native Wireless Update
□ USB Kernel Debugging
□ Porting HFS+ to FreeBSD
• Architectures
□ Pinephone Pro Support
• Cloud
□ FreeBSD on EC2
• Documentation
□ Documentation Engineering Team
□ FreeBSD Wiki
□ Vision Accessibility
• Ports
□ Security Hardening Compiler Options for the Ports Collection
□ Improve OpenJDK on FreeBSD
□ GCC on FreeBSD
• Third Party Projects
□ Chinese FreeBSD Community (CFC)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Team Reports
Entries from the various official and semi-official teams, as found in the
Administration Page.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Core Team
Contact: FreeBSD Core Team <core@FreeBSD.org>
The FreeBSD Core Team is the governing body of FreeBSD.
Project roadmap
Core is collecting ideas and comments to draft Project's roadmap. It is an item
core.13 thinks is worth to continue from core.12. The roadmap is not about
restricting or limiting what developers and contributors can do, but about the
compiled goals and expectations of the Project and things the community can
collaborate on. It will also let the FreeBSD Foundation help the Project more
effectively, so, this is an important discussion item for the meetings between
core and the FreeBSD Foundation.
Policy on generative AI created code and documentation
Core is investigating setting up a policy for LLM/AI usage (including but not
limited to generating code). The result will be added to the Contributors Guide
in the doc repository. AI can be useful for translations (which seems faster
than doing the work manually), explaining long/obscure documents, tracking down
bugs, or helping to understand large code bases. We currently tend to not use
it to generate code because of license concerns. The discussion continues at
the core session at BSDCan 2025 developer summit, and core is still collecting
feedback and working on the policy.
Work in Progress
Core is currently working on the following items:
• Core and the FreeBSD Foundation are working on the 2025 edition of the
Community survey
• Privacy-friendly web analytics, proposed by the Foundation. An idea is to
compare traffic flows between freebsd.org and freebsdfoundation.org
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Foundation
Links:
FreeBSD Foundation URL: https://freebsdfoundation.org/
Technology Roadmap URL: https://freebsdfoundation.org/blog/technology-roadmap/
Donate URL: https://freebsdfoundation.org/donate/
Foundation Partnership Program URL:
https://freebsdfoundation.org/our-donors/freebsd-foundation-partnership-program/
FreeBSD Journal URL: https://freebsdfoundation.org/journal/
Foundation Events URL: https://freebsdfoundation.org/our-work/events/
Contact: Deb Goodkin <deb@FreeBSDFoundation.org>
The FreeBSD Foundation is a 501(c)(3) non-profit dedicated to advancing FreeBSD
through both technical and non-technical support. Funded entirely by donations,
the Foundation supports software development, infrastructure, security, and
collaboration efforts; organizes events and developer summits; provides
educational resources; and represents the FreeBSD Project in legal matters.
Here are some of the ways we supported FreeBSD in the second quarter of 2025.
Advocacy
Advocacy work in the 2nd quarter of 2025 included hosting events, launching a
new series of video guides and bringing on a new Marketing Coordinator. Florine
Kamdem brings social media, branding, and IT skills. She uses storytelling to
craft digital campaigns that spark interest and build connection within the
community. Read more about Florine, and check out just a few of the ways the
Foundation helped advocate for FreeBSD in Q2 of 2025:
• Held the June 2025 FreeBSD Developer Summit June 11-12, 2025, co-located
with BSDCan 2025. Videos of the all day stream are available on the
Project's YouTube Channel, and videos of the individual talks will be
available in the coming weeks.
• Finalized our Silver Sponsorship of EuroBSDcon 2025, held in Zagreb,
Croatia; September 25-28, 2025. Travel Grants are now available. The
application deadline is Aug 5, 2025.
• Provided updates and announcements about our Software Development work
including:
□ The Road to Better Wi-Fi on FreeBSD
□ April 2025 Laptop Support and Usability Project Update
□ FreeBSD Ports and Packages Security Project
□ Software Bill of Materials (SBOM) for FreeBSD Project
• Published the following blogs and videos to help inform and educate the
community:
□ The Hidden Costs of Stagnation: Why Running EOL Software is a Ticking
Time Bomb
□ How to Unlock High Speed Wi-Fi on FreeBSD 14
□ The Report of My Death Was an Exaggeration
□ ZFS automatic snapshots with Sanoid on FreeBSD
□ Three Ways to Try FreeBSD in Under Five Minutes
• Published the March/April 2025 and May 2025 FreeBSD Foundation Newsletters.
• Released the January/February/March 2025 issue of the FreeBSD Journal with
HTML versions of the articles.
OS Improvements
The Foundation continued to support two major initiatives: the Laptop Support
and Usability project (in collaboration with Quantum Leap Research) and an
infrastructure modernization project commissioned by the Sovereign Tech Agency.
For background on both efforts, see the 2025Q1 quarterly status report.
Throughout the quarter, there were 536 src, 64 ports, and 41 doc commits that
identified the FreeBSD Foundation as a sponsor.
Here is a sampling of that work and other sponsored efforts:
• Various improvements to libvirt's support for bhyve, including:
□ An initial port of the libvirt integration testing project,
libvirt-tck, enabling test execution against libvirt's bhyve driver on
FreeBSD.
□ Enhancements to the bhyve driver to improve compatibility and
testability.
□ Support for virtio-rnd devices, NVRAM configuration, and extended
domain usage statistics (under review).
□ Initial support for pf(4)-based NAT networking (under review).
• Improved handling of tlsbase (thread-local storage) on amd64, making it
more reliable across context switches and benefiting applications that
manually manage TLS, such as Wine.
• Runtime linker improvements, including support for the -z initfirst flag.
This addresses longstanding issues with RTLD_DEEPBIND and provides better
control over symbol resolution and initialization order in dynamically
linked applications.
• Enhanced ptrace usability by enabling transient PT_ATTACH behavior. This
reduces friction for debugging tools and eliminates spurious EINTR errors
that could interrupt or break tracing workflows.
• kqueue introspection support by extending procstat(1) to report kqueue
state, improving observability into how processes use kernel event
notification mechanisms
• Design and implementation of EXTERROR, a mechanism that reports extended
error information to userspace, augmenting the usual errno value. This
enables applications to retrieve more detailed diagnostics beyond standard
error codes.
Other sponsored efforts are covered in separate report entries:
• Vision Accessibility
• Suspend/Resume Improvements
• LinuxKPI 802.11 and Native Wireless Update
• Audio Stack Improvements
• Improve OpenJDK on FreeBSD
• Sylve — A Unified System Management Platform for FreeBSD
• Support for pkgbase in the FreeBSD Installer
• DRM drivers
• MIT Kerberos Import into FreeBSD
• USB Kernel Debugging
• Bugmeister Team
The Foundation is managing FreeBSD's participation in the Google Summer of Code
(GSoC) program. Twelve projects were accepted this year.
Continuous Integration and Workflow Improvement
As part of our continued support of the FreeBSD Project, the Foundation
supports a full-time staff member dedicated to improving the Project's
continuous integration system and test infrastructure.
Legal/FreeBSD IP
The Foundation owns the FreeBSD trademarks, and it is our responsibility to
protect them. We also provide legal support for the core team to investigate
questions that arise.
Go to https://freebsdfoundation.org to find more about how we support FreeBSD
and how we can help you!
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Release Engineering Team
Links:
FreeBSD 14.3-RELEASE announcement URL: https://www.freebsd.org/releases/14.3R/announce/
FreeBSD 15.0-RELEASE schedule URL: https://www.freebsd.org/releases/15.0R/schedule/
FreeBSD releases URL: https://download.freebsd.org/releases/ISO-IMAGES/
FreeBSD development snapshots URL: https://download.freebsd.org/snapshots/ISO-IMAGES/
Contact: FreeBSD Release Engineering Team, <re@FreeBSD.org>
The FreeBSD Release Engineering Team is responsible for setting and publishing
release schedules for official project releases of FreeBSD, announcing code
freezes and maintaining the respective branches, among other things.
The Team managed 14.3-RELEASE, leading to the official RELEASE build and
announcement in June. Planning has started for the upcoming 15.0-RELEASE, which
is due to arrive in December.
The OCI Container Images built by the Release Engineering Team are now being
uploaded to Docker and GitHub repositories in addition to being available on
the FreeBSD download site.
The Team gained a new member, Jake Freeland, and three members have departed:
Konstantin Belousov, John Hixson, Doug Rabson. We thank them for their
contributions.
The Release Engineering Team continued providing weekly development snapshot
builds for the main, stable/14, and stable/13 branches.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Ports Collection
Links:
About FreeBSD Ports URL:https://www.FreeBSD.org/ports/
Contributing to Ports URL: https://docs.freebsd.org/en/articles/contributing/#ports-contributing
Ports Management Team URL: https://www.freebsd.org/portmgr/
Ports Tarball URL: http://ftp.freebsd.org/pub/FreeBSD/ports/ports/
Contact: Tobias C. Berner <portmgr-secretary@FreeBSD.org>
Contact: FreeBSD Ports Management Team <portmgr@FreeBSD.org>
The Ports Management Team is responsible for overseeing the overall direction
of the Ports Tree, building packages, and personnel matters. Below is what
happened in the last quarter.
During the last quarter, we welcomed Älven (alven@) and Jesús Daniel Colmenares
Oviedo (dtxdf@) as new ports committers, and said goodbye to one committer.
According to INDEX, there are currently 36,605 (up from 36,450) ports in the
Ports Collection. There are currently about 3,330 (down from 3,333) open ports
PRs, of which 832 are unassigned. The last quarter saw 10,294 (down from
10,733) commits by 157 (down from 158) committers on the main branch and 770
(up from 707) commits by 56 (up from 54) committers on the 2025Q2 branch.
The most active committers to main were:
• 3541 sunpoet@FreeBSD.org
• 503 yuri@FreeBSD.org
• 439 vvd@FreeBSD.org
• 345 bofh@FreeBSD.org
• 315 rene@FreeBSD.org
• 301 arrowd@FreeBSD.org
• 240 tagattie@FreeBSD.org
• 240 jbeich@FreeBSD.org
• 183 diizzy@FreeBSD.org
• 178 bapt@FreeBSD.org
A lot has happened in the ports tree in the last three months, an excerpt of
the major software upgrades are:
• pkg 2.2.1
• Default version of Go switched to 1.24
• Default version of Lazarus (non-aarch64) switched to 4.0
• Default version of Linux (non-i386) switched to Rocky Linux 9 (rl9)
• Default version of Perl switched to 5.40
• Default version of PostgreSQL switched to 17
• Default version of Ruby switched to 3.3
• Chromium 137.0.7151.119
• Electron 35.* and 36.*
• Firefox 140.0.2
• Firefox-esr 128.12.0
• Gnome 47
• KDE Plasma 6.4.1
• KDE Framework 6.15.0
• Qt6 6.9.1
• Ruby 3.2.8, 3.3.8, 3.4.4 (new), and 3.5.0-preview1 (new)
• Rust 1.87.0
• SDL 2.32.8 and 3.2.16
• Sway 1.11
• wlroots 0.19.0 (new)
• Xorg server 21.1.18
During the last quarter, pkgmgr@ ran 22 exp-runs to test infrastructure changes
and various ports upgrades.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Bugmeister Team
Links:
FreeBSD Bugzilla URL: https://wiki.freebsd.org/Bugzilla
Contact: Bugmeister <bugmeister@FreeBSD.org>
In this quarter we stayed steady-state on the PR count.
Mark Linimon has held some voice chats on the FreeBSD Discord for "Bugmeister
Office Hours". The plan is to hold them more regularly and announce them in
advance. At the moment the schedule is Mondays at 3pm CDT (1800 UTC).
We still are doing better at triaging PRs than we are generating committer
attention to the ones we have triaged. Suggestions welcome.
We have added new search queries about Maintainer Approval (applies to
Attachments) and Maintainer Feedback (applies to an entire individual Problem
Report). These queries were not easily composable from the various web forms.
This work was funded by the FreeBSD Foundation.
Please see the new documentation.
We used these queries to close various PRs, and also to investigate inactive
maintainers. As of yet, we have not taken action on the latter.
A problem with the setup of the upgrade to Bugzilla 5.2 has been fixed. Light
testing shows no regressions. Switching to this codebase is scheduled for next
quarter.
patchQA.py still remains in beta. The patch application code is not up to its
task and must be replaced.
The other problem known with patchQA.py is that it does not know the origins of
files that are installed into /etc by installworld.
We have created dozens of new Bugzilla accounts by user request.
See also: https://wiki.freebsd.org/Bugzilla/SearchQueries
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Source Management Team
Contact: srcmgr <srcmgr@FreeBSD.org>
The srcmgr@ team aims to make src developers more productive, and works to
manage the large number of bug reports, pull requests and code reviews that we
receive. Meeting minutes are available on GitHub.
We held a bug-busting session on 2025-05-23 with about 10 attendees.
Members of srcmgr@ gave a presentation at the 2025 FreeBSD developer summit in
Ottawa.
Per the discussion at the developer summit, the i386 and 32-bit powerpc targets
have been disconnected from the build.
To help ensure continuity of the team, we introduced a "lurkers" program which
lets src committers participate in bi-weekly srcmgr meetings, giving developers
an opportunity to decide whether they are interested in officially joining
srcmgr@ without taking on any specific obligations. After soliciting interested
developers, we have five lurkers who have been joining calls over the past
couple of months:
• Jake Freeland <jfree@FreeBSD.org>
• Olivier Certner <olce@FreeBSD.org>
• Dag-Erling Smørgrav <des@FreeBSD.org>
• Bojan Novković <bnovkov@FreeBSD.org>
• Kyle Evans <kevans@FreeBSD.org>
Aside from participating in discussions, they have been working on src
development tasks — especially in preparation for FreeBSD 15.0 — and topics
such as monitoring stale Phabricator reviews, performance regression tracking,
and using git notes to track certain types of commit metadata.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Projects
Projects that span multiple categories, from the kernel and userspace to the
Ports Collection or external projects.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Infrastructure Modernization
Contact: Ed Maste <emaste@FreeBSD.org>
Contact: Alice Sowerby <alice@freebsdfoundation.org>
The project started in Q3 of 2024 and was commissioned by the Sovereign Tech
Agency with a budget of $745,000, to be spent over about one year. The main
goals are to improve security tools for the base system, ports, and packages,
update the project's infrastructure to speed up development, enhance build
security, and make it easier for new developers to get started.
Q2 update
All five work packages are now in progress and will run until the end of
December 2025, at which time the project will close.
Work Package A: Technical Debt reduction
The majority of the work in this work package is complete, with a small number
of hours allocated each month to help support FreeBSD Project's Source
Management team to embed their new processes to make bug management easier and
more sustainable. The bug backlog dashboard https://grimoire.freebsd.org
remains available to help make the backlog easier to understand.
We have also been upgrading Bugzilla by applying patches from 2023 onward and
improving the upgrade process to ensure smoother future updates.
A panel discussion at Open Source Summit Europe in August will share this work
with a wider audience. Two members of the Foundation project staff will be
present, along with two representatives from Bitergia who delivered the
GrimoireLab implementation for this project. (Members of the FreeBSD Project
Source Management team were not available to attend.)
Progress is being made to reduce technical debt by creating an automated method
for evaluating patches (code improvements) attached to existing pull requests
for source and ports trees to see whether they are still relevant, and applying
them if they are. This tool is in beta.
Work Package B: Zero Trust Builds
This work package intends to improve tooling and processes to support Zero
Trust Builds of FreeBSD by extending the current components to enable the
project to build release artifacts (package sets, ISO images, etc.) without
requiring any special privilege.
The detailed scope was co-created with core@, srcmgr@, secteam@. Work items are
as follows:
• Must
□ No-root for all source release build cases/artifacts (in progress)
□ Src artifacts to build reproducibly (in progress)
□ Formalize and document make world and release.sh (in progress)
• Should
□ Remove privilege from orchestration tooling (not started)
□ Move build scripts into the public repository (not started)
• Could
□ Environment Standardization (not started)
□ Ports to build reproducibly (not started)
□ CI to verify reproducibility (in progress)
□ Documentation to allow 3rd parties to confirm reproducibility (not
started)
Work Package C: CI/CD Automation
This work package intends to improve CI/CD automation to streamline software
delivery and operations for new and existing software by modernizing and
securitizing the existing CI/CD system and extending it to cover the third
party packages in the FreeBSD Ports Collection.
The detailed scope was co-created with core@, srcmgr@, portmgr@, doceng@.
• Must
□ Improve quality of incoming commits (completed)
□ Pre-merge CI (completed)
□ Environment Metadata (not started)
□ Extend CI to the Ports tree (in progress)
□ CI Threat Model (not started)
□ CI Management Process (in progress)
□ Documentation (not started)
• Should
□ 3rd-party Interoperability (in progress)
□ Automated analysis in tests (in progress)
□ Test Case Management (not started)
• Could
□ Granular Debugging (not started)
Work Package D: Ports and Packages security improvements
This work package intends to modernize and extend security controls in the
FreeBSD Ports and Package Collection by:
• migrating from our VuXML Vulnerability Database to OSV or similar
contemporary format
• developing a package audit backend and server to reliably fetch
vulnerability data from global agency databases in any format (JSON - NIST)
and produce insight
• improving CI tooling for FreeBSD Ports.
The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@.
• Must
□ New Database Format (in progress)
□ Set up 2+ Database Instances (not started)
□ Migrate Data from old to new database (in progress)
□ Add support for new format in pkg(8) (in progress)
□ Upstream engagement (not started)
□ SBOM on demand (not started)
□ Document how to set up build and test targets (not started)
□ Integrate 3rd party test targets (not started)
□ Continuous Testing (not started)
• Could
□ Make CI artifacts available (not started)
Work Package E: SBOM improvements
This work package intends to improve existing, and implement new, tooling and
processes for FreeBSD Software Bill of Materials (SBOM) by implementing:
tooling to roll up the individual provenance data/markers from across the tree
into a higher-level view; developing tooling to parse/review/inspect the
FreeBSD source tree and produce a comprehensive/holistic report to act as a
SBOM for the full software stack and; extending pkg to enable this capability
for software installed from ports/packages.
The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@,
releng@
• Must
□ Evaluate projects/solutions available in the wider ecosystem (in
progress)
□ Propose the target solution for SBOM (not started)
□ Produce an SBOM in CI (e.g. weekly builds) (in progress)
□ Produce an SBOM as an artifact as part of the release process (in
progress)
□ SBOM artifact on demand (in progress)
□ Roll up existing data (not started)
□ Record and explain decisions made (not started)
• Could
□ Engage with other similar projects (not started)
Commissioning body: Sovereign Tech Agency
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Support for pkgbase in the FreeBSD installer
Contact: Isaac Freund <ifreund@freebsdfoundation.org>
The FreeBSD installer now supports installing a pkgbase system.
Recent FreeBSD 15.0 snapshots have a new dialog in the installer that allows
the user to fetch and install packages from pkg.freebsd.org instead of using
the legacy distribution sets.
There is also support in the build system to build FreeBSD installation media
with offline pkgbase packages included, enabling fully offline installation of
a pkgbase system. These offline pkgbase packages are not yet included in 15.0
snapshot release installation however, as including both the offline legacy
distribution sets and pkgbase packages would significantly increase the size of
the installation media. There is however a -DPKGBASE build-time switch ready to
be flipped by the FreeBSD Release Engineering team, hopefully in the near
future.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
BSD-USER 4 LINUX
Contact: Maksym Sobolyev <sobomax@FreeBSD.org>
Links: Project Page URL: https://github.com/sobomax/qemu-bsd-user-l4b
Tooling URL: https://github.com/sobomax/qemu_l4b
The bsd-user-4-linux project ports BSD user-mode emulation for QEMU to Linux.
The primary goal is to enable unmodified FreeBSD binaries to run on modern
Linux systems. Additionally, the project aims to provide multi-platform
container images with a functional FreeBSD environment and ready-to-use GitHub
Actions templates.
News:
• Two new pull requests have been received since the initial project
announcement:
□ Diagnostic output cleanup;
□ kqueue() support using libkqueue library on Linux.
• The latest set of changes has been pulled from the Warner's qemu-bsd-user
project bringing Qemu version to 9.2.0 along with some fixes and
improvements.
Current Status:
• The initial port successfully runs make -jN buildworld.
• Most command-line tools are working as expected (sh(1), bash(1), find(1),
grep(1), git(1), clang(1), etc).
• A GitHub Actions pipeline builds x86_64 emulation images for:
□ linux/386
□ linux/amd64
□ linux/arm/v5
□ linux/arm64/v8
• A pre-built Docker container with FreeBSD 14.1 binary world is created and
pushed to the GitHub Container Registry.
□ FreeBSD Image @ GHCR
• Special pre-built "admin" container with Linux user-mode qemu binary for
the FreeBSD/amd64 emulation is also published at the GHCR.
□ FreeBSD binfmt Image @ GHCR
Next Steps: * Bump FreeBSD version to 14.3; * Rebase onto Qemu 10.0.x.
How You Can Help:
• Test with your preferred toolchain, report issues, or contribute fixes.
• Identify and implement missing system calls.
• Support us on Patreon.
Sponsor: Sippy Software, Inc.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Sylve — A Unified System Management Platform for FreeBSD
Links:
GitHub URL: https://github.com/AlchemillaHQ/Sylve
CI URL: https://sylve-ci.alchemilla.io
Discord URL: https://discord.gg/bJB826JvXK
Contact: Hayzam Sherif <hayzam@alchemilla.io>
Sylve is a modern, unified system management platform for FreeBSD, inspired by
Proxmox. We aim to provide an integrated web interface for managing virtual
machines (via Bhyve), Jails, ZFS storage, networking, and firewalling. The
backend is implemented in Go, while the frontend uses SvelteKit with Tailwind
CSS and ShadCN UI components.
The project emphasizes a minimal system footprint, currently requiring only
sysutils/smartmontools, sysutils/tmux, and libvirt as runtime dependencies.
Sylve continues to address a key gap in the FreeBSD ecosystem by delivering a
cohesive, user-friendly interface for system administration tasks.
Q2 Progress Highlights
Dashboard
Added dynamic charts to the main summary page, including real-time
visualization of CPU usage, RAM usage, and network throughput.
Networking
Interfaces can now be viewed in detail through the UI, with all relevant
metadata presented in a structured format.
Users can also create "switches" — simple layer 2 switches built on top of
FreeBSD bridge interfaces.
Storage
ZFS integration is nearing completion. Users can now:
• Create and destroy pools, filesystems, volumes, and snapshots.
• Delete multiple datasets at once.
• Schedule automatic (timed) snapshots.
Initial dashboard work for ZFS monitoring has started, with further
enhancements planned in Q3.
Utilities
A built-in downloader was introduced that supports both HTTP and magnet links.
This is especially useful for fetching ISO images or VM templates directly
through the interface.
Virtual Machines
VM creation and deletion with Bhyve is now supported.
Key features include:
• CPU pinning.
• Web-based VNC console access.
• PCI passthrough for devices.
• Basic CPU and RAM usage charts for each VM.
A new runtime dependency on libvirtd has been added to support VM lifecycle
operations.
Planned for Q3
• Polish and stabilize current functionality.
• Ability to edit VMs.
• Expand charting and add a basic notification system to detect hardware or
service failures.
• Implement UI and API support for managing Jails.
• Extend networking features:
□ More switch/bridge types.
□ Firewall rule configuration.
□ DHCP support via dns/dnsmasq or similar (for VMs).
□ WireGuard VPN integration.
Contributions, testing, and feedback are very welcome. If you are interested in
contributing, consider helping with:
• UI testing and accessibility feedback.
• Bug reports and feature requests via GitHub.
Sponsor: FreeBSD Foundation and Alchemilla (development and infrastructure
support)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Hackathon 202506 Kitchener-Waterloo, Canada
Links:
Hackathon/202506 Wiki Page URL: https://wiki.freebsd.org/Hackathon/202506
FreeBSD Hackathon Wiki Page URL: https://wiki.freebsd.org/Hackathon
In the week following BSDCan 2025, a hackathon took place in the
Kitchener-Waterloo area.
Thanks to Ed Maste for hosting this event at the Communitech Hub in Kitchener.
Pictures of the hackathon
Pictures of the hackathon are collected here.
National FreeBSD day landed sometime during the hackathon, so Charlie Li
treated us to a great DJ set to celebrate, mixing entirely on FreeBSD at an
arcade bar in Waterloo :)
The work done during the hackathon
WiFi Testbed (Li-Wen Hsu)
• The hardware of a proof-of-concept wireless has been set up in Foundation's
Kitchener office.
• The current setup is simple:
• One baremetal machine has multiple wireless interface and,
• One access point is also connected to the machine via a serial console and
a private testing network
• Currently we have following hardware to be passthru to bhyve VM provisioned
with the image from Artifact server of FreeBSD CI
• Intel AX210
• Realtek RTL8812AU
• The work continues on connecting it to FreeBSD CI cluster as a downstream
job after standard tests finishes.
Installer (Joseph Mingrone, Ed Maste, Aymeric Wibo)
• Go through installer step-by-step and create the Improving the Installer
wiki page with the notes we collected.
• lualoader: Add distinct brand for installer (Make it obvious to users that
the system is booting into the installer.) Patch:
https://reviews.freebsd.org/D51001
pkgbase (Ed Maste)
• bsdinstall(8): Default to pkgbase if media contains base packages Patch:
https://reviews.freebsd.org/D50467
• release(7): Add set -e to abort upon failure Patch:
https://reviews.freebsd.org/D50383
Landing scheduler run queue patches (Olivier Certner)
• Land all scheduler runqueue patches.
□ D45387
□ D45388
□ D45389
□ D45390
□ D45391
□ D45392
□ D46566
□ D46567
□ D50880
Capsicum (Ed Maste)
• Improvements to the capsicum(4) manpage. Patches:
https://reviews.freebsd.org/D50855, ce65ff203a4f
• Capsicumize beep(1) to serve as an easy example of Capsicum. Patches:
https://reviews.freebsd.org/D50709
s2idle/S0ix/USB4 (Aymeric Wibo, Sheng-Yi Hung)
• Fix some more USB4 driver panics.
• Discuss how s2idle should work w.r.t. the scheduler with Olivier & Mark,
and temporarily implement "idle" state for the scheduler (where it just
always chooses the idle thread).
• Extend amdgpio driver to service all GPIO interrupts (requirement for S0i3
on AMD). We were also looking into how we can consume GPIO interrupts in
device drivers on x86 for stuff like reducing the latency of the Framework
trackpad with Sheng-Yi.
• Implement some more S0i3 debugging features for AMD to help us debug why we
would not be entering S0i3.
Ports (Joseph Mingrone)
• Mk/Scripts/qa.sh: Fix false positives in LIB_DEPENDS warnings Patch:
https://reviews.freebsd.org/D50860
• editors/emacs-devel: Update to 2025-06-17 snapshot Patch: 4170f6575380
Miscellaneous (Ed Maste, Olivier Certner, Sheng-Yi Hung, Li-Wen Hsu)
• Enable sccache support as an alternative to ccache when building (through
WITH_CCACHE_BUILD environment variable). Commit: 10cb3979a9bd
• Discussion on the CPPC implementation (Sheng-Yi, Olivier), see in
particular D49587.
• Other various fixes. Patches: D50876, 956100d60fa8, fc77abfd1e62, D50938,
6d8cfd29d477, 4f33d073003c
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Userland
Changes affecting the base system and programs in it.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ucred / group changes in FreeBSD 15.0
Links:
freebsd-arch@ discussion URL:
https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004825.html
Primary kernel change URL:
https://cgit.freebsd.org/src/commit/sys/sys/ucred.h?id=be1f7435ef218b1df35aebf3b90dd65ffd8bbe51
Primary userspace change URL:
https://cgit.freebsd.org/src/commit/sys/kern/kern_prot.c?id=9da2fe96ff2ea227e4d5f03ef92b55aabeabb7fc
Contact: Kyle Evans <kevans@FreeBSD.org>
Contact: Olivier Certner <olce@FreeBSD.org>
FreeBSD 15.0 will change how supplementary groups are handled in both userspace
and the kernel in FreeBSD 15.0 in a way that warrants additional attention and
feedback.
For some background: FreeBSD has historically tracked the effective group-ID of
a process in the ucred(9) cr_groups array as the first element, with the rest
of the array describing its supplementary groups. The natural consequence of
this decision is that the arrays used in setgroups(2) and getgroups(2) follow
the same format, and setgroups(2) has the documented side effect of setting the
effective group-ID. The vast majority of other platforms do not exhibit this
behavior anymore, including NetBSD and OpenBSD. macOS appears to be the only
exception found in testing.
The problem is that the vast majority of software in the FreeBSD Ports
Collection comes from other platforms, where setgroups(2) and setgroups(2)
operate purely on the supplementary groups. This kind of a behavior difference
is very subtle and would need to be audited more carefully to be sure that we
have not introduced a potential security issue in ported software.
In FreeBSD 15.0, the primary user-facing change is that setgroups(2), getgroups
(2), and initgroups(3) behavior will change to match other platforms, and users
are requested to be extra vigilant in areas that may be affected as we proceed
through the release cycle. In general, the expectation is that this change may:
• Fix some small number of bugs where we would have lost either our expected
effective group membership or one of the supplementary groups we should
have been in
• (Less likely) Introduce some even smaller number of bugs where something
expected setgroups(2) to change our effective group membership but now it
is just a supplementary group and our effective group-ID is unchanged
Software included in the base system is largely unaffected or improved by this
change, with OpenSSH being a notable example of a strange bug caused by the
historical implementation.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
MIT Kerberos Import into FreeBSD
Contact: Cy Schubert <cy@FreeBSD.org>
The FreeBSD Foundation was approached to import MIT KRB5 into FreeBSD with the
intent to replace our aging Heimdal.
The Enterprise Working Group made a request to the Foundation to replace
Heimdal with MIT KRB5.
This is the first report for this project.
Tasks completed:
• MIT KRB5 has been imported into FreeBSD 15-CURRENT.
• The WITH_MITKRB5 option is disabled until a successful ports exp-run is
complete.
Additional remaining tasks:
• Fix port build errors identified by a ports exp-run.
• Produce a writeup of the new Kerberos.
• Determine if migration of the Heimdal database to an MIT database is
possible. (At the moment this appears unlikely due to the age of our
ancient Heimdal and the lack of support for old crypto in newer Heimdal
MIT).
• Produce Heimdal Kerberos database to MIT database migration documentation
(if possible).
• (Optional) Develop and discuss the import and migration options at the next
BSDCan.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SysctlTui
Link:
Project Repository URL: https://gitlab.com/alfix/sysctltui
Contact: Alfonso Sabato Siciliano <asiciliano@FreeBSD.org>
SysctlTUI is an interactive text user interface (TUI) utility for exploring and
managing sysctl(3) parameters. It presents the sysctl Management Information
Base (MIB) as a hierarchical and navigable tree, enabling users to:
• Browse metadata for each kernel parameter.
• Retrieve and display current values.
• Modify parameters interactively from within the interface.
The UI consists of three panels: a tree view of the MIB hierarchy, a detail
panel showing metadata, and a value editor. Pressing the F1 key opens a help
dialog explaining:
• When the MIB is built.
• When values are retrieved or updated.
• A link to an online guide for getting started with sysctl, including
guidance on interpreting and using the displayed data.
Although still in early development (currently at version 0.0.2), SysctlTUI
already offers functionality comparable to tools like sysutils/nsysctl and
deskutils/sysctlview. A manual page is included, with suggestions to make the
output similar to sysctl(8) or nsysctl(8). The ToDo list outlining plans for
enhancements like configuration file integration and subtree sorting by names.
SysctlTUI is open source and available via the FreeBSD Ports Collection:
sysutils/sysctltui. Note: TUIs are a known accessibility issue, as they are not
usable with most screen readers. Users who access FreeBSD using a screen reader
can use the sysutils/nsysctl package instead. It is a command line utility that
provides the same information as SysctlTUI, since both tools use the same
underlying kernel interface.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Geomman Development
Links:
Geomman GSoC wiki URL:
https://wiki.freebsd.org/SummerOfCode2025Projects/FullDiskAdministrationToolForFreeBSD
geomman Gitlab repository URL: https://gitlab.com/brauliorivas/geomman
bsddialog repository URL: https://gitlab.com/alfix/bsddialog
sade URL:
https://man.freebsd.org/cgi/man.cgi?query=sade&manpath=FreeBSD+14.3-RELEASE+and+Ports
Contact: Braulio Rivas <brauliorivas@FreeBSD.org>
Geomman is a new partition tool based on sade(8) that brings more functionality
such as moving, copying, and pasting partitions. Geomman is part of Google
Summer of Code 2025. Currently, it is available in a Gitlab repository. But at
some future time, it is expected to become a tool in the base system.
Geomman is a TUI designed to allow to growing, shrinking, moving, copying, and
pasting partitions with filesystems other than UFS. For example, users may be
able to create an exFAT partition, as well as to resize an ext4 filesystem.
This would make partition management easier, because there are tools for each
individual task (mainly depending on the filesystem), but none that
concentrates all cases in a single tool.
For the moment, geomman only allows copying and pasting partitions. However,
for the next report the tool should be almost finished.
Currently, I am working on a mechanism to move partitions using dd(1). Other
approaches may be possible, so any help is very welcome.
The next steps for geomman are:
• Develop a way of moving partitions.
• Handle duplicate UUIDs between partitions when using dd.
• Add options to create, grow, and shrink more filesystem types.
Sponsor: Google Summer of Code
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Kernel
Updates to kernel subsystems/features, driver support, filesystems, and more.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Audio Stack Improvements
Contact: Christos Margiolis <christos@FreeBSD.org>
I have been working on the audio stack since 2024Q1. Below is a list of the
previous status reports:
2024Q1 URL: https://www.freebsd.org/status/report-2024-01-2024-03/#_audio_stack_improvements
2024Q2 URL: https://www.freebsd.org/status/report-2024-04-2024-06/#_audio_stack_improvements
2024Q3 URL: https://www.freebsd.org/status/report-2024-07-2024-09/#_audio_stack_improvements
2024Q4 URL: https://www.freebsd.org/status/report-2024-10-2024-12/#_audio_stack_improvements
2025Q1 URL: https://www.freebsd.org/status/report-2025-01-2025-03/#_audio_stack_improvements
Important work since last report:
• More sound(4) cleanups, fixes and improvements.
• Committed sndctl(8) (previously mentioned as audio(8)).
• Committed AFMT_FLOAT support.
• More out-of-the-box laptop support.
• Gave up on the /dev/dsp as a router device patch in favor of D50070
(includes relevant discussions).
• Submitting series of patches to clean up the MIDI subsystem, and working on
refactoring it into a generic layer, similar to PCM.
• Gave BSDCan 2025 talk (slides).
Future work includes:
• Port virtual_oss to base.
• More bug fixes, support, optimizations and general improvements, in all
areas of the sound stack.
You can also follow the development process in freebsd-multimedia@, where I
post regular reports.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
DRM drivers
Links:
Update to Linux 6.9 DRM drivers URL: https://github.com/freebsd/drm-kmod/pull/361
Contact: Jean-Sébastien Pédron <dumbbell@FreeBSD.org>
DRM drivers are kernel drivers for integrated and discrete GPUs. They are
maintained in the Linux kernel and we port them to FreeBSD. As of this report,
we take the AMD and Intel DRM drivers only (NVIDIA FreeBSD drivers are
proprietary and provided by NVIDIA themselves).
We port them one Linux version at a time. This allows us to ship updates more
often and it eases porting and debugging because we have a smaller delta
compared to a bigger jump skipping several versions.
This quarter, we finally merged the drivers from Linux 6.7 and 6.8 that were
done during the first quarter into drm-kmod. The porting for DRM drivers from
Linux 6.9 was finished and is now ready for review and testing; see the pull
request for instructions if you want to try them. The pull request also lists
all the patches needed to linuxkpi, the Linux drivers compatibility layer in
the FreeBSD kernel. Several patches were already reviewed but there is still
work.
These updates target the FreeBSD 15-CURRENT development branch for now. Once
kernel patches are accepted and the DRM drivers updates merged, we will
evaluate if/how we can backport the kernel patches to earlier release branches
(namely 14-STABLE).
While waiting for review, we also started to work on two features which were
unsupported on FreeBSD:
• DMA_BUF_IOCTL_EXPORT_SYNC_FILE and DMA_BUF_IOCTL_IMPORT_SYNC_FILE ioctls
• DRM_IOCTL_SYNCOBJ_EVENTFD ioctl
They are apparently required to allow the use of wlroots-based Wayland
compositors with the Vulkan API (see
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286311).
wlroots will need a patch as well because it only
expects these features on Linux for now.
Both pull requests as well as the patches to linuxkpi they rely on are ready
for review and testing. The linuxkpi patches are linked in the pull requests.
This work is kindly sponsored by the FreeBSD Foundation as part of the Laptop
and Desktop Project.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Suspend/Resume Improvement
Links:
Blog URL: https://obiw.ac/s0ix/
FOSDEM talk on s2idle/S0ix URL: https://youtu.be/mBxj_EkAzV0
Working Repo URL: https://github.com/obiwac/freebsd-s0ix/tree/everything
Tip of the s2idle/S0ix + AMD SMU stack URL: https://reviews.freebsd.org/D48721
USB4 suspend stack URL: https://reviews.freebsd.org/D49453
Contact: obiwac <obiwac@FreeBSD.org>
Suspend-to-idle and support for S0ix sleep is in the process of being added to
FreeBSD.
This will allow modern Intel and AMD laptops (e.g. AMD and newer Intel
Framework laptops), some of which do not support ACPI S3 sleep, to enter low
power states to increase battery life.
The USB4 driver (which was a dependency to S0i3 entry) has been updated to
allow for the sleep routines, and all CPUs are now entering C3 during s2idle.
Scheduler work is needed to ensure CPUs stay in C3 and do not get work
scheduled to them, but a prototype solution exists and is working. This means
that S0i3 can now be entered on the Framework 13 AMD Ryzen 7040 series laptops,
albeit only on my working 14.1 branch. This does not work on -CURRENT yet.
The amdgpio driver (for the AMD GPIO controller) has been extended to service
all GPIO interrupts and suspend the controller, as that was potentially a
blocker for the CPU to enter S0i3. Nothing is being done with these GPIO
interrupts at the moment as FreeBSD does not have the infrastructure for device
drivers to register these interrupts on x86 yet.
The SMU idlemask is also now being exported as a sysctl now
(dev.amdsmu.0.idlemask), the value of which is not documented and is mostly to
help AMD debug issues with S0i3 entry on FreeBSD on their side.
A pre-built image is being built to aid in easily testing S0i3 entry on
machines.
With respect to the links, the blog post entry is outdated. A talk was given
about this at BSDCan 2025 too, but it has yet to be uploaded as a standalone
video; it will be included in the next status report.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Named attribute support (Solaris style extended attributes)
Contact: Rick Macklem <rmacklem@FreeBSD.org>
Named attributes is the NFSv4 term for what is also known as Solaris style
extended attributes. Since ZFS has its origins in Solaris, the wiring for these
exists in OpenZFS. This little project consists of connecting that wiring up.
This is not intended to replace the extended attribute support already in
FreeBSD. It provides an alternate mechanism for manipulating extended
attributes that will be supported for ZFS and NFSv4. There are a few reasons I
think this could be useful (as indicated via email discussion). This mechanism
allows for extended attributes as large as any regular file, which can be
partially updated. Some NFSv4 clients, such as MacOS and Windows, can use these
extended attributes but not the FreeBSD/Linux style ones. (I think MacOS calls
these extended attributes fork files and Windows calls them alternate data
streams.) There is software, such as bash, that know how to manipulate these
extended attributes.
The fundamental difference is that this mechanism provides a directory that is
not in the file system's namespace, but is associated with a file object. This
named attribute directory can then be read via readdir(3) to get the list of
extended attributes, which are really just regular files. These extended
attributes are then read/written like any regular file.
The top level system call interface is open(2)/openat(2) with the new
O_NAMEDATTR flag (called O_XATTR on Solaris).
Most of the work has been committed to FreeBSD's main for FreeBSD 15. Once the
ZFS patch makes it through review and gets pulled into OpenZFS, the ZFS and
NFSv4 support should work. There are also a couple of manual pages currently
under review in phabricator.
The main thing left to do is update libarchive/tar so that large extended
attributes can be archived/retrieved. (The current FreeBSD extended attribute
mechanism is supported by libarchive, but will have size constraints.)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Packrat — NFS client caching on non-volatile storage
Contact: Rick Macklem <rmacklem@freebsd.org>
NFSv4.1/4.2 provides support for a feature called delegations. When a NFSv4.1/
4.2 client holds a delegation, the client has certain rights to a file,
including a guarantee that no other client will make changes to the file unless
the delegation is recalled. As such, when a client holds a delegation for a
file, it can aggressively cache the file's data, knowing that it will not be
modified by other clients until it returns the delegation.
This project is intended to allow the NFSv4.1/4.2 client to aggressively cache
file data on client local non-volatile storage, when the client holds a
delegation for the file. I created a patch long ago to try and do this for
NFSv4.0, but it was never at a stage where it was worth using. This project is
a complete rewrite of the patch, done in part because NFSv4.1/4.2 plus other
recent NFSv4 related changes makes doing this more feasible.
The patch is getting stable now, but I am not sure if it will be ready for
inclusion in FreeBSD 15 as an experimental feature enabled via a new mount
option called "packrat".
The main thing I still need to do is code a writeback kernel thread. Right now,
dirty chunks stored on client local non-volatile storage get written back to
the NFSv4.1/4.2 server upon umount. This can result in the umount taking a long
time (as in many minutes). To alleviate this, I am planning on implementing a
writeback kernel process that will walk the non-volatile storage and write the
dirty chunks back. The trick is to make it aggressive enough that most dirty
chunks have been written back when a umount is done, but not so aggressive that
it impedes the performance of synchronous NFSv4.1/4.2 RPCs.
This will be very much an experimental feature, but it is hoped it will allow
NFS mounts to be used more effectively, particularly in WAN situations, such as
a mobile laptop.
There is still work to be done, particularly with respect to recovery of
delegations after a NFSv4.1/4.2 client restart.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
LinuxKPI 802.11 and Native Wireless Update
Links:
802.11ac support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/33
LinuxKPI TKIP and GCMP support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/64
LinuxKPI wireless suspend and resume URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/58
MediaTek mt76 PCI driver support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/66
802.11ax support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/34
net80211 updates URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/79
Tracked wireless PRs URL:https://bugs.freebsd.org/bugzilla/showdependencytree.cgi?id=277512&hide_resolved=1
Contact: Bjoern A. Zeeb <bz@FreeBSD.org>
Contact: The FreeBSD wireless mailing list <wireless@FreeBSD.org>
This report focuses on the efforts using permissively licensed Linux wireless
drivers, mostly unmodified, on FreeBSD, as well as preparing the native
net80211 stack for support of newer standards.
As announced iwlwififw(4) was removed from the source tree in favor of a ports/
package based solution. Users are asked to use fwget(8) to automatically
install the firmware along with any possible configuration.
Support for wlan_tkip(4) was added to linuxkpi(4) but has to be manually
enabled. wlan_gcmp(4) support for linuxkpi(4) followed later and is available
from FreeBSD 15 onward.
FreeBSD 14.3-RELEASE is the first release with VHT (802.11ac) support
available. Modern iwlwifi(4) chipsets are supported. There was some fallout
after the release and a few open problems, but also a lot of positive feedback.
rtw88(4) saw a fix for a NULL pointer in the driver and is now starting to be
usable. Thanks to everyone who helped track this down and test patches along
the way.
Work on suspend and resume for LinuxKPI-based wireless drivers was picked up
again, and we are getting closer to a working solution (at least for suspend it
now exists).
Work is also ongoing for Mediatek mt76-based PCIe card support.
HE (802.11ax) definitions were migrated from linuxkpi(4) to native net80211
code and corrected. ifconfig(8) was enhanced parsing more information elements
to aid debugging. Work is in progress to fix a problem with reporting signal
strength and dealing with RSSI.
Further fixes to LinuxKPI and resolving the problems we worked around by
improving native net80211 code are in the works.
Lastly, various man pages were improved or written.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
USB Kernel Debugging
Contact: Tom Jones <thj@FreeBSD.org>
XHCI USB controllers offer a mode which allows them to be used as a system
debugging interface. XHCI debug uses a special USB 3 cable with VBUS, D+ and D-
disconnected. The feature can be used to live debug the FreeBSD kernel,
enabling investigation of issues which cause the system video console to lock
up and there is not an alternative such as a serial console. This can happen
when debugging issues with graphics drivers.
Hiroki Sato developed support for the XHCI debug interface and made it
available as some in progress git branches. This implementation enables FreeBSD
to operate as both a Debug Host and a Debug Target, with support for debugging
from the loader through to the kernel.
I have been updating and testing this support along with Mitchell Horne and
together we have a WIP branch which applies to FreeBSD main. We are currently
tidying up interfaces and testing for stability with the goal of introducing
XHCI debug once 16 is branched.
In doing the XHCI debug work I rediscovered a second form of kernel debugging
implemented by Hans Petter Selasky (hselasky@) in 2009. The FreeBSD USB stack
supports using a USB serial device as a system console and includes support to
continue polling the interface once the system has entered the debugger (such
as during a panic). USB Serial debugging allows a developer with two commodity
USB serial interfaces to connect to a FreeBSD target and debug the kernel. USB
Serial debugging is available in all FreeBSD releases in FreeBSD 9, but changes
in the kernel build process mean that it is not detected in modern kernels.
In this quarter I have been working on documentation required to use this
interface and changes to make it available in GENERIC kernels for newer FreeBSD
releases.
A core part of this work has been trying to document kernel debugging
interfaces. If you use live debug interfaces other than serial or network
debugging please get in touch so I can add these to the FreeBSD Developers
Handbook.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Porting HFS+ to FreeBSD
Links:
Project Home URL: https://github.com/stupendoussuperpowers/freebsd_hfs
Contact: Sanchit Sahay <ss19723@nyu.edu>
HFS+ (Hierarchical File System) is a legacy filesystem introduced by Apple for
its BSD-based XNU operating systems. Although HFS+ has been deprecated in favor
of APFS, it is still in use on many older Apple devices, such as iPods, which
rely on HFS+ volumes for storage.
While many modern operating systems include native support for HFS+, FreeBSD
currently offers only limited functionality via FUSE. This project aims to
address that limitation by porting the original, now open-sourced HFS+
implementation to the FreeBSD kernel as a native filesystem driver.
The primary focus of this effort is to modernize the VFS layer to align with
current FreeBSD interfaces and to adapt XNU-specific logic to their FreeBSD
equivalents.
Features implemented:
• Mount support for HFS, HFS+ Volumes
• Read, stat support for directories and files
• Create support for directories and files
• mount_hfs binary
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Architectures
Updating platform-specific features and bringing in support for new hardware
platforms.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Pinephone Pro Support
Links:
Repository on Codeberg URL: https://codeberg.org/Honeyguide/freebsd-pinephonepro
Contact: Toby Kurien <toby@tobykurien.com>
The project to port FreeBSD over to the Pinephone Pro is progressing. The aim
of this project is to step by step support components of the Pinephone Pro in
FreeBSD so that the device one day might be usable as a highly mobile FreeBSD
device.
In this quarter, a new development release has been made available for flashing
and testing on a PinePhone Pro. It includes a newly added touch driver, and a
minimal desktop environment with an on-screen keyboard. You can simply flash
this build to an SD card and boot it up, provided you have the correct version
of U-boot bootloader installed (details at the repository). The image also
contains the kernel and drivers source code, along with editors/vim editor and
build tools, allowing for development of drivers on-device.
To facilitate testing and driver development, network access has been enabled
via the headphone jack (using the headphone-to-USB-serial adapter). It works by
using Point-to-Point Protocol (PPP) to access the network via your PC. Details
of setting this up are in the repository README file.
Work is now under way to develop USB and WiFi drivers. As always, contributions
in the form of testing, feedback, upstreaming, driver development, or just
words of encouragement are welcome.
See the post on the FreeBSD Forum for more:
https://forums.freebsd.org/threads/porting-freebsd-to-pinephone-pro-help-needed.95948/
Sponsor: Honeyguide Group
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Cloud
Updating cloud-specific features and bringing in support for new cloud
platforms.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD on EC2
Contact: Colin Percival <cperciva@FreeBSD.org>
FreeBSD is available on both amd64 (Intel and AMD) and arm64 (Graviton) EC2
instances.
In the past quarter, the final bits needed for "hot plug" (and unplug) landed,
allowing this to be fully functional in FreeBSD 14.3-RELEASE. FreeBSD "AMI
Builder AMIs" are now being produced as part of the FreeBSD release building
process (including for 14.3-RELEASE).
Sponsor: Amazon
Sponsor: https://www.patreon.com/cperciva
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Documentation
Noteworthy changes in the documentation tree, manual pages, or new external
books/documents.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Documentation Engineering Team
FreeBSD Documentation Project URL: https://www.freebsd.org/docproj/
FreeBSD Documentation Project Primer for New Contributors URL:
https://docs.freebsd.org/en/books/fdp-primer/
Documentation Engineering Team URL:
https://www.freebsd.org/administration/#t-doceng
Contact: FreeBSD Doceng Team <doceng@FreeBSD.org>
The doceng@ team is a body to handle some of the meta-project issues associated
with the FreeBSD Documentation Project; for more information, see FreeBSD
Doceng Team Charter.
During the last quarter the following commit bits were taken for safekeeping:
• ale
• brueffer
• danger
• glewis
• hrs
• ygy
Team changes:
• doceng@ welcomes ebrandi@ as a new member (lurker).
• carlavilla@ stepped down from doceng@. doceng@ thanks him for his service.
• dbaio@ stepped down from doceng@. doceng@ thanks him for his service.
• fernape@ stepped down from doceng@. doceng@ thanks him for his service.
Document changes
• Handbook
□ The jails chapter has been updated
□ The Wi-Fi information have been updated
• Website
□ Plausible Analytics have been added to the website
• Porter's Handbook:
□ Document Uses=gnome:gnomedesktop4
Many typos have been fixed in all related documents.
• Documentation repository:
□ Added manpages for macOS 10.12.0, 10.15.0, and 11.1
□ Updated manpages for macOS to 15.5.0
□ Added OpenIndiana manpages for 2013.08, 2015.10, 2020.10, 2022.10, and
2024.10
□ Added manpages for NetBSD 9.4
□ Added manpages for OpenBSD 7.7
□ Updated Debian manpages to 12.11.0
FreeBSD Translations on Weblate
Translate FreeBSD on Weblate URL:
https://wiki.freebsd.org/Doc/Translation/Weblate
FreeBSD Weblate Instance URL: https://translate-dev.freebsd.org/
Q2 2025 Status
• 20 team languages
• 252 registered users
6 new translators joined Weblate:
• @mohamad (fa)
• @v.popolitov (ru)
• @SochiByte
• @carlosdaniel26
• @tj (nl_NL)
• @Natthachai043 (en)
Languages
• Chinese (Simplified) (zh_CN) (progress: 7%)
• Chinese (Traditional) (zh_TW) (progress: 3%)
• Dutch (nl_NL) (progress: 1%)
• French (fr_FR) (progress: 1%)
• German (de_DE) (progress: 1%)
• Greek (progress: 1%)
• Indonesian (progress: 1%)
• Italian (it_IT) (progress: 4%)
• Korean (progress: 30%)
• Norwegian Bokmål (progress: 1%)
• Persian (progress: 3%)
• Polish (progress: 1%)
• Portuguese (progress: 0%)
• Portuguese (Brazil) (progress: 23%)
• Russian (progress: 37%)
• Spanish (progress: 35%)
• Turkish (tr_TR) (progress: 1%)
We want to thank everyone that contributed, translating or reviewing documents.
And please, help promote this effort on your local user group, we always need
more volunteers.
Packages maintained by DocEng
During this quarter the following work was done in packages maintained by
doceng@:
• www/gohugo: update to 0.147.8
Open issues
There is 1 Open PRs in Bugzilla assigned to doceng@:
• 267274 Please remove the zh-CN Handbook of the current FreeBSD website
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Wiki
Links:
FreeBSD wiki front page URL: https://wiki.freebsd.org/FrontPage
Contact: Mark Linimon <linimon@FreeBSD.org>
Contact: Wiki admin <wiki-admin@FreeBSD.org>
Since the last status report, several people have expressed an interest in
bringing the wiki up to the level it ought to be.
The ongoing discussions (mostly taking place on the FreeBSD Discord) are
concerned with the topics of:
• Defining what content we consider useful.
• Ensuring that the useful content is kept current.
• Figuring out a way to keep obsolete content away from search engines.
• Add basic analytics to existing site to see what pages, if any,are actually
being accessed.
• Decide on whether MoinMoin can still be useful for purpose in the
short-term while we consider the longer-term needs listed above.
We do not yet have consensus on these issues.
Please join us on the FreeBSD Discord #documentation under the #wiki subthread.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Vision Accessibility
Link:
Project Repository URL: https://gitlab.com/alfix/freebsd-accessibility
Contact: FreeBSD Accessibility mailing list <freebsd-accessibility@FreeBSD.org>
Contact: Alfonso Sabato Siciliano <asiciliano@FreeBSD.org>
This quarter, the review for the FreeBSD Accessibility Handbook was submitted
and is available at: https://reviews.freebsd.org/D50894. The review includes a
link to an HTML preview.
The handbook aims to document assistive technologies for vision accessibility
available in FreeBSD, covering both the BASE system and the Ports Collection.
It is divided into two parts and contains six chapters:
1. Help — Covers how to request assistance effectively through appropriate
FreeBSD communication channels.
2. Virtual Terminal — Documents vision-related accessibility features of the
FreeBSD console (vt(4)).
3. Colors — Explains how to configure color schemes, including high-contrast
themes and adjusting screen colors for ambient lighting.
4. Low Vision — Outlines accessibility tools in graphical desktop environments
for users with low vision, such as screen magnifiers, readable fonts, and
scaling.
5. Blindness — Describes assistive technologies for blind users, focusing
primarily on screen readers and compatible tools.
6. Development — Provides resources for developers to make their software
accessible, test accessibility, and improve support for users with visual
impairments.
The handbook deliberately avoids images and minimizes non-plain-text elements
to enhance compatibility with assistive technologies. Tips and new ideas are
welcome. If possible, send reports to the FreeBSD Accessibility mailing list,
to share and to track discussions in a public place.
Sponsored by: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Ports
Changes affecting the Ports Collection, whether sweeping changes that touch
most of the tree, or individual ports themselves.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Security Hardening Compiler Options for the Ports Collection
Links:
Commit of the features URL:
https://cgit.freebsd.org/ports/commit/Mk/Features/fortify.mk?id=7a489e95c51f47f5e25a5613e375ec000618e52a
FreeBSD security hardening with compiler options URL:
https://www.leidinger.net/blog/2025/05/24/freebsd-security-hardening-with-compiler-options/
Contact: Alexander Leidinger <netchild@FreeBSD.org>
The Ports Collection gained the possibility to enable some security features of
modern compilers for package builds. As not all ports are compatible with them,
this is not enabled by default.
The 3 new features which can be enabled for the Ports Collection in make.conf
are:
• WITH_FORTIFY=yes: This enables mitigations of common memory safety issues,
such as buffer overflows, by adding checks to functions like memcpy,
strcpy, sprintf, and others when the compiler can determine the size of the
destination buffer at compile time. This requires support from the FreeBSD
base system and may only be available in FreeBSD 15 onwards.
• WITH_STACK_AUTOINIT=yes: This enables a compiler specific option to
automatically initialize local (automatic) variables to prevent the use of
uninitialized memory.
• WITH_ZEROREGS=yes: Zero call-used registers at function return to increase
program security by either mitigating Return-Oriented Programming (ROP)
attacks or preventing information leakage through registers. This depends
upon support from the compiler for a given architecture. This is disabled
for python ports; currently there are issues.
The blog post referenced in the links section explains how to use them, how to
exclude certain ports if needed, and provides a more detailed explanation of
those 3 new features along the already existing build-time security options of
the Ports Collection and the basesystem build.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Improve OpenJDK on FreeBSD
Links:
Project description URL:
https://freebsdfoundation.org/project/improving-openjdk-on-freebsd/
Project repository URL: https://github.com/freebsd/openjdk
Contact:
Harald Eilertsen <haraldei@freebsdfoundation.org>
FreeBSD Java mailing list <freebsd-java@lists.freebsd.org>
The goal of this project is to improve OpenJDK support for FreeBSD/amd64 and
FreeBSD/arm64.
Java is an important runtime environment for many high performance, critical
enterprise systems. Making sure Java based applications run correctly and
efficiently on FreeBSD is important to ensure that FreeBSD will continue to be
a viable and attractive platform for enterprises, as well as businesses and
organizations of all sizes.
In this quarter the following issues/milestones were reached:
• The OpenJDK 24 port was updated to OpenJDK 24.0.1 at the beginning of the
quarter, soon after it was released by upstream.
• A recurring issue with the PPC ports was fixed (thanks to Piotr Kubaj).
• A new way of bootstrapping OpenJDK ports was suggested and discussed – this
is a prerequisite to get the FreeBSD port integrated into the OpenJDK CI
environment.
• A CI job for building and testing the jtreg test harness for FreeBSD was
integrated using GitHub Actions - in part to get familiar with the CI
framework used by OpenJDK projects, but also to make sure the test harness
builds and works on FreeBSD.
In addition, a lot of time was spent cleaning up and refactoring the BSD port
for Aarch64, fixing various issues and working towards making the BSD port up
to date with the OpenJDK mainline.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
GCC on FreeBSD
Links:
GCC Project URL: https://gcc.gnu.org/
GCC 12 release series URL: https://gcc.gnu.org/gcc-12/
GCC 13 release series URL: https://gcc.gnu.org/gcc-13/
GCC 14 release series URL: https://gcc.gnu.org/gcc-14/
GCC 15 release series URL: https://gcc.gnu.org/gcc-15/
GCC 16 release series URL: https://gcc.gnu.org/gcc-16/
Contact: Lorenzo Salvadore <salvadore@FreeBSD.org>
The exp-run to update GCC default version from 13 to 14 is still suspended. As
a reminder, it has been noticed that FreeBSD 13.4 lacks symbols that are used
by GCC 14 for linking; please see https://bugs.freebsd.org/bugzilla/
show_bug.cgi?id=284499#c0 for a more detailed explanation. The symbols are
however already present in higher FreeBSD versions. At the time this report is
written, FreeBSD 13.4 is expected to go out of support soon (on June 30th), so
it has been decided that it is preferable to suspend the exp-run until then.
Thus it will get back on track on July 1st.
Meanwhile, GCC 15 has been released. As usual, the new port package lang/gcc15
has been created, as well as lang/gcc16-devel that tracks the latest GCC
development.
More bugs have been addressed. Bug 285711 about issues with some CPUTYPE values
has been fixed with a temporary workaround. The workaround will be needed until
commit 22e564c74eb2 is included in all supported FreeBSD releases.
A build failure has been found on aarch64 machines, see bug 282797. A fix has
been found and is about to be submitted upstream.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Third Party Projects
Many projects build upon FreeBSD or incorporate components of FreeBSD into
their project. As these projects may be of interest to the broader FreeBSD
community, we sometimes include brief updates submitted by these projects in
our quarterly report. The FreeBSD project makes no representation as to the
accuracy or veracity of any claims in these submissions.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Chinese FreeBSD Community (CFC)
Chinese FreeBSD Community (CFC) URL: https://bsdcn.org/
The community currently comprises 316 members in the QQ group and 175 members
in the WeChat group.
Documentation Project
Links:
FreeBSD-Ask Documentation Project on GitHub URL: https://github.com/FreeBSD-Ask/
FreeBSD-Ask Documentation Project URL: https://book.bsdcn.org/
It is noteworthy that all prior FreeBSD documentation has been fully translated
into Chinese, including but not limited to the following materials:
• FreeBSD Release Notes (i386 or amd64)
• FreeBSD Status Reports
• FreeBSD Handbook
• FreeBSD Porters Handbook
• FreeBSD Articles
• FreeBSD Architecture Handbook
• Developers' Handbook
In addition, two classic works have been translated.
• A Quarter Century of Unix
• The UNIX-HATERS Handbook, an humoristic book written in 1994 about issues
that some users found in the UNIX operating system. It includes an
anti-foreword from Dennis Ritchie, one of the authors of UNIX, which he
wrote in a style similar to the one used in the handbook itself.
FreeBSD-Ask
Links:
FreeBSD-Ask on GitHub URL: https://github.com/FreeBSD-Ask/FreeBSD-Ask
FreeBSD-Ask on Website URL: https://book.bsdcn.org/
Contact: ykla <yklaxds@gmail.com>
Contact: Voosk <roisfrank@icloud.com>
The FreeBSD-Ask was initiated on 14 March 2021 by ykla from the Chinese FreeBSD
Community (CFC). It is an open-source publication written in Simplified Chinese
that aims to provide introductory knowledge about the FreeBSD operating system.
Quarterly Updates
• Documentation Additions:
□ Overview of FreeBSD Desktop Distributions
□ Installing databases/postgresql17-server with pgAdmin4
□ Migration Guide for Windows Users
□ FreeBSD as a Host with VirtualBox
• Rewritten Documentation:
□ Games on FreeBSD (Renpy and Minecraft)
□ Installing sysutils/podman-suite
□ Installing x11/gnome(to 47)
□ Installing net/rsync
□ Installing net/samba420
□ Graphic card drivers
□ Printing
□ Wubi Input Method(Based on textproc/fcitx5 or textproc/ibus)
□ Installing x11-wm/xfce4
• Miscellaneous:
□ The tutorials pertaining to DragonFly BSD, OpenBSD and NetBSD have
undergone comprehensive translation, updating and rewriting.
□ Several GitHub Actions have been added to verify that images are
referenced correctly.
□ We now support exporting FreeBSD-Ask to the ePub format.
□ A tutorial about the security/py-fail2ban port (utilizing ipfw(4), pf
(4), and ipf(4)) has been submitted to the FreeBSD Journal for review.
It is hoped that an increasing number of contributors will join the
documentation efforts. The primary objective of this project is to undertake a
comprehensive modernisation and rewrite of the FreeBSD Handbook with a view to
promoting the development and adoption of FreeBSD.
Ports
QQ Port on GitHub URL: https://github.com/FreeBSD-Ask/QQ-Port/
Bug 287292 - [NEW PORT] net-im/qq: consider restoring QQ port due to resumed
upstream development URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287292
In the current quarter, a port was created for QQ, one of the most popular
instant messaging applications currently in use in mainland China. The bug
report remains open and has not yet been assigned any reviewers.
Sponsors: Chinese FreeBSD Community (CFC)
Here is the second 2025 status report, with 32 entries.
As for the preceding quarters, this report is published just a few days before
calls for 2025Q3 report submissions are sent. Indeed, although according to our
timeline we should have published this report in July (general rule is
publication should happen within the month just after the calls for reports are
sent), we kept receiving important reports until the end of August. This is
both a positive and a negative thing. On one hand, it means that our FreeBSD
community is busy fixing existing issues and implementing new features, making
the OS we love better and better every day; it means that the community works
so intensely that very little time remains for reporting. On the other hand, it
means that news in these reports is always two months old when published. Two
months is not bad, especially if we consider that FreeBSD communication happens
on many other channels too, but it would be nice if we could improve it.
If you are a late submitter, please take some time to evaluate if there is
anything you can do to improve your report submission punctuality. The Status
Team is always glad to ease the submission process: if there is something we
can do for you, just ask. If you are a contributor or just a FreeBSD user,
please consider contributing more, if you can. Even working on a single small
simple task is useful, it can help to lower the pressure on other developers,
for whom it might thus become easier to find the time to document their work.
Have a nice reading!
Lorenzo Salvadore, on behalf of the Status Team.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
A rendered version of this report is available here:
https://www.freebsd.org/status/report-2025-04-2025-06/
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Table of Contents
• FreeBSD Team Reports
□ FreeBSD Core Team
□ FreeBSD Foundation
□ FreeBSD Release Engineering Team
□ Ports Collection
□ Bugmeister Team
□ Source Management Team
• Projects
□ Infrastructure Modernization
□ Support for pkgbase in the FreeBSD installer
□ BSD-USER 4 LINUX
□ Sylve — A Unified System Management Platform for FreeBSD
□ Hackathon 202506 Kitchener-Waterloo, Canada
• Userland
□ ucred / group changes in FreeBSD 15.0
□ MIT Kerberos Import into FreeBSD
□ SysctlTui
□ Geomman Development
• Kernel
□ Audio Stack Improvements
□ DRM drivers
□ Suspend/Resume Improvement
□ Named attribute support (Solaris style extended attributes)
□ Packrat — NFS client caching on non-volatile storage
□ LinuxKPI 802.11 and Native Wireless Update
□ USB Kernel Debugging
□ Porting HFS+ to FreeBSD
• Architectures
□ Pinephone Pro Support
• Cloud
□ FreeBSD on EC2
• Documentation
□ Documentation Engineering Team
□ FreeBSD Wiki
□ Vision Accessibility
• Ports
□ Security Hardening Compiler Options for the Ports Collection
□ Improve OpenJDK on FreeBSD
□ GCC on FreeBSD
• Third Party Projects
□ Chinese FreeBSD Community (CFC)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Team Reports
Entries from the various official and semi-official teams, as found in the
Administration Page.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Core Team
Contact: FreeBSD Core Team <core@FreeBSD.org>
The FreeBSD Core Team is the governing body of FreeBSD.
Project roadmap
Core is collecting ideas and comments to draft Project's roadmap. It is an item
core.13 thinks is worth to continue from core.12. The roadmap is not about
restricting or limiting what developers and contributors can do, but about the
compiled goals and expectations of the Project and things the community can
collaborate on. It will also let the FreeBSD Foundation help the Project more
effectively, so, this is an important discussion item for the meetings between
core and the FreeBSD Foundation.
Policy on generative AI created code and documentation
Core is investigating setting up a policy for LLM/AI usage (including but not
limited to generating code). The result will be added to the Contributors Guide
in the doc repository. AI can be useful for translations (which seems faster
than doing the work manually), explaining long/obscure documents, tracking down
bugs, or helping to understand large code bases. We currently tend to not use
it to generate code because of license concerns. The discussion continues at
the core session at BSDCan 2025 developer summit, and core is still collecting
feedback and working on the policy.
Work in Progress
Core is currently working on the following items:
• Core and the FreeBSD Foundation are working on the 2025 edition of the
Community survey
• Privacy-friendly web analytics, proposed by the Foundation. An idea is to
compare traffic flows between freebsd.org and freebsdfoundation.org
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Foundation
Links:
FreeBSD Foundation URL: https://freebsdfoundation.org/
Technology Roadmap URL: https://freebsdfoundation.org/blog/technology-roadmap/
Donate URL: https://freebsdfoundation.org/donate/
Foundation Partnership Program URL:
https://freebsdfoundation.org/our-donors/freebsd-foundation-partnership-program/
FreeBSD Journal URL: https://freebsdfoundation.org/journal/
Foundation Events URL: https://freebsdfoundation.org/our-work/events/
Contact: Deb Goodkin <deb@FreeBSDFoundation.org>
The FreeBSD Foundation is a 501(c)(3) non-profit dedicated to advancing FreeBSD
through both technical and non-technical support. Funded entirely by donations,
the Foundation supports software development, infrastructure, security, and
collaboration efforts; organizes events and developer summits; provides
educational resources; and represents the FreeBSD Project in legal matters.
Here are some of the ways we supported FreeBSD in the second quarter of 2025.
Advocacy
Advocacy work in the 2nd quarter of 2025 included hosting events, launching a
new series of video guides and bringing on a new Marketing Coordinator. Florine
Kamdem brings social media, branding, and IT skills. She uses storytelling to
craft digital campaigns that spark interest and build connection within the
community. Read more about Florine, and check out just a few of the ways the
Foundation helped advocate for FreeBSD in Q2 of 2025:
• Held the June 2025 FreeBSD Developer Summit June 11-12, 2025, co-located
with BSDCan 2025. Videos of the all day stream are available on the
Project's YouTube Channel, and videos of the individual talks will be
available in the coming weeks.
• Finalized our Silver Sponsorship of EuroBSDcon 2025, held in Zagreb,
Croatia; September 25-28, 2025. Travel Grants are now available. The
application deadline is Aug 5, 2025.
• Provided updates and announcements about our Software Development work
including:
□ The Road to Better Wi-Fi on FreeBSD
□ April 2025 Laptop Support and Usability Project Update
□ FreeBSD Ports and Packages Security Project
□ Software Bill of Materials (SBOM) for FreeBSD Project
• Published the following blogs and videos to help inform and educate the
community:
□ The Hidden Costs of Stagnation: Why Running EOL Software is a Ticking
Time Bomb
□ How to Unlock High Speed Wi-Fi on FreeBSD 14
□ The Report of My Death Was an Exaggeration
□ ZFS automatic snapshots with Sanoid on FreeBSD
□ Three Ways to Try FreeBSD in Under Five Minutes
• Published the March/April 2025 and May 2025 FreeBSD Foundation Newsletters.
• Released the January/February/March 2025 issue of the FreeBSD Journal with
HTML versions of the articles.
OS Improvements
The Foundation continued to support two major initiatives: the Laptop Support
and Usability project (in collaboration with Quantum Leap Research) and an
infrastructure modernization project commissioned by the Sovereign Tech Agency.
For background on both efforts, see the 2025Q1 quarterly status report.
Throughout the quarter, there were 536 src, 64 ports, and 41 doc commits that
identified the FreeBSD Foundation as a sponsor.
Here is a sampling of that work and other sponsored efforts:
• Various improvements to libvirt's support for bhyve, including:
□ An initial port of the libvirt integration testing project,
libvirt-tck, enabling test execution against libvirt's bhyve driver on
FreeBSD.
□ Enhancements to the bhyve driver to improve compatibility and
testability.
□ Support for virtio-rnd devices, NVRAM configuration, and extended
domain usage statistics (under review).
□ Initial support for pf(4)-based NAT networking (under review).
• Improved handling of tlsbase (thread-local storage) on amd64, making it
more reliable across context switches and benefiting applications that
manually manage TLS, such as Wine.
• Runtime linker improvements, including support for the -z initfirst flag.
This addresses longstanding issues with RTLD_DEEPBIND and provides better
control over symbol resolution and initialization order in dynamically
linked applications.
• Enhanced ptrace usability by enabling transient PT_ATTACH behavior. This
reduces friction for debugging tools and eliminates spurious EINTR errors
that could interrupt or break tracing workflows.
• kqueue introspection support by extending procstat(1) to report kqueue
state, improving observability into how processes use kernel event
notification mechanisms
• Design and implementation of EXTERROR, a mechanism that reports extended
error information to userspace, augmenting the usual errno value. This
enables applications to retrieve more detailed diagnostics beyond standard
error codes.
Other sponsored efforts are covered in separate report entries:
• Vision Accessibility
• Suspend/Resume Improvements
• LinuxKPI 802.11 and Native Wireless Update
• Audio Stack Improvements
• Improve OpenJDK on FreeBSD
• Sylve — A Unified System Management Platform for FreeBSD
• Support for pkgbase in the FreeBSD Installer
• DRM drivers
• MIT Kerberos Import into FreeBSD
• USB Kernel Debugging
• Bugmeister Team
The Foundation is managing FreeBSD's participation in the Google Summer of Code
(GSoC) program. Twelve projects were accepted this year.
Continuous Integration and Workflow Improvement
As part of our continued support of the FreeBSD Project, the Foundation
supports a full-time staff member dedicated to improving the Project's
continuous integration system and test infrastructure.
Legal/FreeBSD IP
The Foundation owns the FreeBSD trademarks, and it is our responsibility to
protect them. We also provide legal support for the core team to investigate
questions that arise.
Go to https://freebsdfoundation.org to find more about how we support FreeBSD
and how we can help you!
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Release Engineering Team
Links:
FreeBSD 14.3-RELEASE announcement URL: https://www.freebsd.org/releases/14.3R/announce/
FreeBSD 15.0-RELEASE schedule URL: https://www.freebsd.org/releases/15.0R/schedule/
FreeBSD releases URL: https://download.freebsd.org/releases/ISO-IMAGES/
FreeBSD development snapshots URL: https://download.freebsd.org/snapshots/ISO-IMAGES/
Contact: FreeBSD Release Engineering Team, <re@FreeBSD.org>
The FreeBSD Release Engineering Team is responsible for setting and publishing
release schedules for official project releases of FreeBSD, announcing code
freezes and maintaining the respective branches, among other things.
The Team managed 14.3-RELEASE, leading to the official RELEASE build and
announcement in June. Planning has started for the upcoming 15.0-RELEASE, which
is due to arrive in December.
The OCI Container Images built by the Release Engineering Team are now being
uploaded to Docker and GitHub repositories in addition to being available on
the FreeBSD download site.
The Team gained a new member, Jake Freeland, and three members have departed:
Konstantin Belousov, John Hixson, Doug Rabson. We thank them for their
contributions.
The Release Engineering Team continued providing weekly development snapshot
builds for the main, stable/14, and stable/13 branches.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Ports Collection
Links:
About FreeBSD Ports URL:https://www.FreeBSD.org/ports/
Contributing to Ports URL: https://docs.freebsd.org/en/articles/contributing/#ports-contributing
Ports Management Team URL: https://www.freebsd.org/portmgr/
Ports Tarball URL: http://ftp.freebsd.org/pub/FreeBSD/ports/ports/
Contact: Tobias C. Berner <portmgr-secretary@FreeBSD.org>
Contact: FreeBSD Ports Management Team <portmgr@FreeBSD.org>
The Ports Management Team is responsible for overseeing the overall direction
of the Ports Tree, building packages, and personnel matters. Below is what
happened in the last quarter.
During the last quarter, we welcomed Älven (alven@) and Jesús Daniel Colmenares
Oviedo (dtxdf@) as new ports committers, and said goodbye to one committer.
According to INDEX, there are currently 36,605 (up from 36,450) ports in the
Ports Collection. There are currently about 3,330 (down from 3,333) open ports
PRs, of which 832 are unassigned. The last quarter saw 10,294 (down from
10,733) commits by 157 (down from 158) committers on the main branch and 770
(up from 707) commits by 56 (up from 54) committers on the 2025Q2 branch.
The most active committers to main were:
• 3541 sunpoet@FreeBSD.org
• 503 yuri@FreeBSD.org
• 439 vvd@FreeBSD.org
• 345 bofh@FreeBSD.org
• 315 rene@FreeBSD.org
• 301 arrowd@FreeBSD.org
• 240 tagattie@FreeBSD.org
• 240 jbeich@FreeBSD.org
• 183 diizzy@FreeBSD.org
• 178 bapt@FreeBSD.org
A lot has happened in the ports tree in the last three months, an excerpt of
the major software upgrades are:
• pkg 2.2.1
• Default version of Go switched to 1.24
• Default version of Lazarus (non-aarch64) switched to 4.0
• Default version of Linux (non-i386) switched to Rocky Linux 9 (rl9)
• Default version of Perl switched to 5.40
• Default version of PostgreSQL switched to 17
• Default version of Ruby switched to 3.3
• Chromium 137.0.7151.119
• Electron 35.* and 36.*
• Firefox 140.0.2
• Firefox-esr 128.12.0
• Gnome 47
• KDE Plasma 6.4.1
• KDE Framework 6.15.0
• Qt6 6.9.1
• Ruby 3.2.8, 3.3.8, 3.4.4 (new), and 3.5.0-preview1 (new)
• Rust 1.87.0
• SDL 2.32.8 and 3.2.16
• Sway 1.11
• wlroots 0.19.0 (new)
• Xorg server 21.1.18
During the last quarter, pkgmgr@ ran 22 exp-runs to test infrastructure changes
and various ports upgrades.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Bugmeister Team
Links:
FreeBSD Bugzilla URL: https://wiki.freebsd.org/Bugzilla
Contact: Bugmeister <bugmeister@FreeBSD.org>
In this quarter we stayed steady-state on the PR count.
Mark Linimon has held some voice chats on the FreeBSD Discord for "Bugmeister
Office Hours". The plan is to hold them more regularly and announce them in
advance. At the moment the schedule is Mondays at 3pm CDT (1800 UTC).
We still are doing better at triaging PRs than we are generating committer
attention to the ones we have triaged. Suggestions welcome.
We have added new search queries about Maintainer Approval (applies to
Attachments) and Maintainer Feedback (applies to an entire individual Problem
Report). These queries were not easily composable from the various web forms.
This work was funded by the FreeBSD Foundation.
Please see the new documentation.
We used these queries to close various PRs, and also to investigate inactive
maintainers. As of yet, we have not taken action on the latter.
A problem with the setup of the upgrade to Bugzilla 5.2 has been fixed. Light
testing shows no regressions. Switching to this codebase is scheduled for next
quarter.
patchQA.py still remains in beta. The patch application code is not up to its
task and must be replaced.
The other problem known with patchQA.py is that it does not know the origins of
files that are installed into /etc by installworld.
We have created dozens of new Bugzilla accounts by user request.
See also: https://wiki.freebsd.org/Bugzilla/SearchQueries
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Source Management Team
Contact: srcmgr <srcmgr@FreeBSD.org>
The srcmgr@ team aims to make src developers more productive, and works to
manage the large number of bug reports, pull requests and code reviews that we
receive. Meeting minutes are available on GitHub.
We held a bug-busting session on 2025-05-23 with about 10 attendees.
Members of srcmgr@ gave a presentation at the 2025 FreeBSD developer summit in
Ottawa.
Per the discussion at the developer summit, the i386 and 32-bit powerpc targets
have been disconnected from the build.
To help ensure continuity of the team, we introduced a "lurkers" program which
lets src committers participate in bi-weekly srcmgr meetings, giving developers
an opportunity to decide whether they are interested in officially joining
srcmgr@ without taking on any specific obligations. After soliciting interested
developers, we have five lurkers who have been joining calls over the past
couple of months:
• Jake Freeland <jfree@FreeBSD.org>
• Olivier Certner <olce@FreeBSD.org>
• Dag-Erling Smørgrav <des@FreeBSD.org>
• Bojan Novković <bnovkov@FreeBSD.org>
• Kyle Evans <kevans@FreeBSD.org>
Aside from participating in discussions, they have been working on src
development tasks — especially in preparation for FreeBSD 15.0 — and topics
such as monitoring stale Phabricator reviews, performance regression tracking,
and using git notes to track certain types of commit metadata.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Projects
Projects that span multiple categories, from the kernel and userspace to the
Ports Collection or external projects.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Infrastructure Modernization
Contact: Ed Maste <emaste@FreeBSD.org>
Contact: Alice Sowerby <alice@freebsdfoundation.org>
The project started in Q3 of 2024 and was commissioned by the Sovereign Tech
Agency with a budget of $745,000, to be spent over about one year. The main
goals are to improve security tools for the base system, ports, and packages,
update the project's infrastructure to speed up development, enhance build
security, and make it easier for new developers to get started.
Q2 update
All five work packages are now in progress and will run until the end of
December 2025, at which time the project will close.
Work Package A: Technical Debt reduction
The majority of the work in this work package is complete, with a small number
of hours allocated each month to help support FreeBSD Project's Source
Management team to embed their new processes to make bug management easier and
more sustainable. The bug backlog dashboard https://grimoire.freebsd.org
remains available to help make the backlog easier to understand.
We have also been upgrading Bugzilla by applying patches from 2023 onward and
improving the upgrade process to ensure smoother future updates.
A panel discussion at Open Source Summit Europe in August will share this work
with a wider audience. Two members of the Foundation project staff will be
present, along with two representatives from Bitergia who delivered the
GrimoireLab implementation for this project. (Members of the FreeBSD Project
Source Management team were not available to attend.)
Progress is being made to reduce technical debt by creating an automated method
for evaluating patches (code improvements) attached to existing pull requests
for source and ports trees to see whether they are still relevant, and applying
them if they are. This tool is in beta.
Work Package B: Zero Trust Builds
This work package intends to improve tooling and processes to support Zero
Trust Builds of FreeBSD by extending the current components to enable the
project to build release artifacts (package sets, ISO images, etc.) without
requiring any special privilege.
The detailed scope was co-created with core@, srcmgr@, secteam@. Work items are
as follows:
• Must
□ No-root for all source release build cases/artifacts (in progress)
□ Src artifacts to build reproducibly (in progress)
□ Formalize and document make world and release.sh (in progress)
• Should
□ Remove privilege from orchestration tooling (not started)
□ Move build scripts into the public repository (not started)
• Could
□ Environment Standardization (not started)
□ Ports to build reproducibly (not started)
□ CI to verify reproducibility (in progress)
□ Documentation to allow 3rd parties to confirm reproducibility (not
started)
Work Package C: CI/CD Automation
This work package intends to improve CI/CD automation to streamline software
delivery and operations for new and existing software by modernizing and
securitizing the existing CI/CD system and extending it to cover the third
party packages in the FreeBSD Ports Collection.
The detailed scope was co-created with core@, srcmgr@, portmgr@, doceng@.
• Must
□ Improve quality of incoming commits (completed)
□ Pre-merge CI (completed)
□ Environment Metadata (not started)
□ Extend CI to the Ports tree (in progress)
□ CI Threat Model (not started)
□ CI Management Process (in progress)
□ Documentation (not started)
• Should
□ 3rd-party Interoperability (in progress)
□ Automated analysis in tests (in progress)
□ Test Case Management (not started)
• Could
□ Granular Debugging (not started)
Work Package D: Ports and Packages security improvements
This work package intends to modernize and extend security controls in the
FreeBSD Ports and Package Collection by:
• migrating from our VuXML Vulnerability Database to OSV or similar
contemporary format
• developing a package audit backend and server to reliably fetch
vulnerability data from global agency databases in any format (JSON - NIST)
and produce insight
• improving CI tooling for FreeBSD Ports.
The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@.
• Must
□ New Database Format (in progress)
□ Set up 2+ Database Instances (not started)
□ Migrate Data from old to new database (in progress)
□ Add support for new format in pkg(8) (in progress)
□ Upstream engagement (not started)
□ SBOM on demand (not started)
□ Document how to set up build and test targets (not started)
□ Integrate 3rd party test targets (not started)
□ Continuous Testing (not started)
• Could
□ Make CI artifacts available (not started)
Work Package E: SBOM improvements
This work package intends to improve existing, and implement new, tooling and
processes for FreeBSD Software Bill of Materials (SBOM) by implementing:
tooling to roll up the individual provenance data/markers from across the tree
into a higher-level view; developing tooling to parse/review/inspect the
FreeBSD source tree and produce a comprehensive/holistic report to act as a
SBOM for the full software stack and; extending pkg to enable this capability
for software installed from ports/packages.
The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@,
releng@
• Must
□ Evaluate projects/solutions available in the wider ecosystem (in
progress)
□ Propose the target solution for SBOM (not started)
□ Produce an SBOM in CI (e.g. weekly builds) (in progress)
□ Produce an SBOM as an artifact as part of the release process (in
progress)
□ SBOM artifact on demand (in progress)
□ Roll up existing data (not started)
□ Record and explain decisions made (not started)
• Could
□ Engage with other similar projects (not started)
Commissioning body: Sovereign Tech Agency
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Support for pkgbase in the FreeBSD installer
Contact: Isaac Freund <ifreund@freebsdfoundation.org>
The FreeBSD installer now supports installing a pkgbase system.
Recent FreeBSD 15.0 snapshots have a new dialog in the installer that allows
the user to fetch and install packages from pkg.freebsd.org instead of using
the legacy distribution sets.
There is also support in the build system to build FreeBSD installation media
with offline pkgbase packages included, enabling fully offline installation of
a pkgbase system. These offline pkgbase packages are not yet included in 15.0
snapshot release installation however, as including both the offline legacy
distribution sets and pkgbase packages would significantly increase the size of
the installation media. There is however a -DPKGBASE build-time switch ready to
be flipped by the FreeBSD Release Engineering team, hopefully in the near
future.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
BSD-USER 4 LINUX
Contact: Maksym Sobolyev <sobomax@FreeBSD.org>
Links: Project Page URL: https://github.com/sobomax/qemu-bsd-user-l4b
Tooling URL: https://github.com/sobomax/qemu_l4b
The bsd-user-4-linux project ports BSD user-mode emulation for QEMU to Linux.
The primary goal is to enable unmodified FreeBSD binaries to run on modern
Linux systems. Additionally, the project aims to provide multi-platform
container images with a functional FreeBSD environment and ready-to-use GitHub
Actions templates.
News:
• Two new pull requests have been received since the initial project
announcement:
□ Diagnostic output cleanup;
□ kqueue() support using libkqueue library on Linux.
• The latest set of changes has been pulled from the Warner's qemu-bsd-user
project bringing Qemu version to 9.2.0 along with some fixes and
improvements.
Current Status:
• The initial port successfully runs make -jN buildworld.
• Most command-line tools are working as expected (sh(1), bash(1), find(1),
grep(1), git(1), clang(1), etc).
• A GitHub Actions pipeline builds x86_64 emulation images for:
□ linux/386
□ linux/amd64
□ linux/arm/v5
□ linux/arm64/v8
• A pre-built Docker container with FreeBSD 14.1 binary world is created and
pushed to the GitHub Container Registry.
□ FreeBSD Image @ GHCR
• Special pre-built "admin" container with Linux user-mode qemu binary for
the FreeBSD/amd64 emulation is also published at the GHCR.
□ FreeBSD binfmt Image @ GHCR
Next Steps: * Bump FreeBSD version to 14.3; * Rebase onto Qemu 10.0.x.
How You Can Help:
• Test with your preferred toolchain, report issues, or contribute fixes.
• Identify and implement missing system calls.
• Support us on Patreon.
Sponsor: Sippy Software, Inc.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Sylve — A Unified System Management Platform for FreeBSD
Links:
GitHub URL: https://github.com/AlchemillaHQ/Sylve
CI URL: https://sylve-ci.alchemilla.io
Discord URL: https://discord.gg/bJB826JvXK
Contact: Hayzam Sherif <hayzam@alchemilla.io>
Sylve is a modern, unified system management platform for FreeBSD, inspired by
Proxmox. We aim to provide an integrated web interface for managing virtual
machines (via Bhyve), Jails, ZFS storage, networking, and firewalling. The
backend is implemented in Go, while the frontend uses SvelteKit with Tailwind
CSS and ShadCN UI components.
The project emphasizes a minimal system footprint, currently requiring only
sysutils/smartmontools, sysutils/tmux, and libvirt as runtime dependencies.
Sylve continues to address a key gap in the FreeBSD ecosystem by delivering a
cohesive, user-friendly interface for system administration tasks.
Q2 Progress Highlights
Dashboard
Added dynamic charts to the main summary page, including real-time
visualization of CPU usage, RAM usage, and network throughput.
Networking
Interfaces can now be viewed in detail through the UI, with all relevant
metadata presented in a structured format.
Users can also create "switches" — simple layer 2 switches built on top of
FreeBSD bridge interfaces.
Storage
ZFS integration is nearing completion. Users can now:
• Create and destroy pools, filesystems, volumes, and snapshots.
• Delete multiple datasets at once.
• Schedule automatic (timed) snapshots.
Initial dashboard work for ZFS monitoring has started, with further
enhancements planned in Q3.
Utilities
A built-in downloader was introduced that supports both HTTP and magnet links.
This is especially useful for fetching ISO images or VM templates directly
through the interface.
Virtual Machines
VM creation and deletion with Bhyve is now supported.
Key features include:
• CPU pinning.
• Web-based VNC console access.
• PCI passthrough for devices.
• Basic CPU and RAM usage charts for each VM.
A new runtime dependency on libvirtd has been added to support VM lifecycle
operations.
Planned for Q3
• Polish and stabilize current functionality.
• Ability to edit VMs.
• Expand charting and add a basic notification system to detect hardware or
service failures.
• Implement UI and API support for managing Jails.
• Extend networking features:
□ More switch/bridge types.
□ Firewall rule configuration.
□ DHCP support via dns/dnsmasq or similar (for VMs).
□ WireGuard VPN integration.
Contributions, testing, and feedback are very welcome. If you are interested in
contributing, consider helping with:
• UI testing and accessibility feedback.
• Bug reports and feature requests via GitHub.
Sponsor: FreeBSD Foundation and Alchemilla (development and infrastructure
support)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Hackathon 202506 Kitchener-Waterloo, Canada
Links:
Hackathon/202506 Wiki Page URL: https://wiki.freebsd.org/Hackathon/202506
FreeBSD Hackathon Wiki Page URL: https://wiki.freebsd.org/Hackathon
In the week following BSDCan 2025, a hackathon took place in the
Kitchener-Waterloo area.
Thanks to Ed Maste for hosting this event at the Communitech Hub in Kitchener.
Pictures of the hackathon
Pictures of the hackathon are collected here.
National FreeBSD day landed sometime during the hackathon, so Charlie Li
treated us to a great DJ set to celebrate, mixing entirely on FreeBSD at an
arcade bar in Waterloo :)
The work done during the hackathon
WiFi Testbed (Li-Wen Hsu)
• The hardware of a proof-of-concept wireless has been set up in Foundation's
Kitchener office.
• The current setup is simple:
• One baremetal machine has multiple wireless interface and,
• One access point is also connected to the machine via a serial console and
a private testing network
• Currently we have following hardware to be passthru to bhyve VM provisioned
with the image from Artifact server of FreeBSD CI
• Intel AX210
• Realtek RTL8812AU
• The work continues on connecting it to FreeBSD CI cluster as a downstream
job after standard tests finishes.
Installer (Joseph Mingrone, Ed Maste, Aymeric Wibo)
• Go through installer step-by-step and create the Improving the Installer
wiki page with the notes we collected.
• lualoader: Add distinct brand for installer (Make it obvious to users that
the system is booting into the installer.) Patch:
https://reviews.freebsd.org/D51001
pkgbase (Ed Maste)
• bsdinstall(8): Default to pkgbase if media contains base packages Patch:
https://reviews.freebsd.org/D50467
• release(7): Add set -e to abort upon failure Patch:
https://reviews.freebsd.org/D50383
Landing scheduler run queue patches (Olivier Certner)
• Land all scheduler runqueue patches.
□ D45387
□ D45388
□ D45389
□ D45390
□ D45391
□ D45392
□ D46566
□ D46567
□ D50880
Capsicum (Ed Maste)
• Improvements to the capsicum(4) manpage. Patches:
https://reviews.freebsd.org/D50855, ce65ff203a4f
• Capsicumize beep(1) to serve as an easy example of Capsicum. Patches:
https://reviews.freebsd.org/D50709
s2idle/S0ix/USB4 (Aymeric Wibo, Sheng-Yi Hung)
• Fix some more USB4 driver panics.
• Discuss how s2idle should work w.r.t. the scheduler with Olivier & Mark,
and temporarily implement "idle" state for the scheduler (where it just
always chooses the idle thread).
• Extend amdgpio driver to service all GPIO interrupts (requirement for S0i3
on AMD). We were also looking into how we can consume GPIO interrupts in
device drivers on x86 for stuff like reducing the latency of the Framework
trackpad with Sheng-Yi.
• Implement some more S0i3 debugging features for AMD to help us debug why we
would not be entering S0i3.
Ports (Joseph Mingrone)
• Mk/Scripts/qa.sh: Fix false positives in LIB_DEPENDS warnings Patch:
https://reviews.freebsd.org/D50860
• editors/emacs-devel: Update to 2025-06-17 snapshot Patch: 4170f6575380
Miscellaneous (Ed Maste, Olivier Certner, Sheng-Yi Hung, Li-Wen Hsu)
• Enable sccache support as an alternative to ccache when building (through
WITH_CCACHE_BUILD environment variable). Commit: 10cb3979a9bd
• Discussion on the CPPC implementation (Sheng-Yi, Olivier), see in
particular D49587.
• Other various fixes. Patches: D50876, 956100d60fa8, fc77abfd1e62, D50938,
6d8cfd29d477, 4f33d073003c
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Userland
Changes affecting the base system and programs in it.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ucred / group changes in FreeBSD 15.0
Links:
freebsd-arch@ discussion URL:
https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004825.html
Primary kernel change URL:
https://cgit.freebsd.org/src/commit/sys/sys/ucred.h?id=be1f7435ef218b1df35aebf3b90dd65ffd8bbe51
Primary userspace change URL:
https://cgit.freebsd.org/src/commit/sys/kern/kern_prot.c?id=9da2fe96ff2ea227e4d5f03ef92b55aabeabb7fc
Contact: Kyle Evans <kevans@FreeBSD.org>
Contact: Olivier Certner <olce@FreeBSD.org>
FreeBSD 15.0 will change how supplementary groups are handled in both userspace
and the kernel in FreeBSD 15.0 in a way that warrants additional attention and
feedback.
For some background: FreeBSD has historically tracked the effective group-ID of
a process in the ucred(9) cr_groups array as the first element, with the rest
of the array describing its supplementary groups. The natural consequence of
this decision is that the arrays used in setgroups(2) and getgroups(2) follow
the same format, and setgroups(2) has the documented side effect of setting the
effective group-ID. The vast majority of other platforms do not exhibit this
behavior anymore, including NetBSD and OpenBSD. macOS appears to be the only
exception found in testing.
The problem is that the vast majority of software in the FreeBSD Ports
Collection comes from other platforms, where setgroups(2) and setgroups(2)
operate purely on the supplementary groups. This kind of a behavior difference
is very subtle and would need to be audited more carefully to be sure that we
have not introduced a potential security issue in ported software.
In FreeBSD 15.0, the primary user-facing change is that setgroups(2), getgroups
(2), and initgroups(3) behavior will change to match other platforms, and users
are requested to be extra vigilant in areas that may be affected as we proceed
through the release cycle. In general, the expectation is that this change may:
• Fix some small number of bugs where we would have lost either our expected
effective group membership or one of the supplementary groups we should
have been in
• (Less likely) Introduce some even smaller number of bugs where something
expected setgroups(2) to change our effective group membership but now it
is just a supplementary group and our effective group-ID is unchanged
Software included in the base system is largely unaffected or improved by this
change, with OpenSSH being a notable example of a strange bug caused by the
historical implementation.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
MIT Kerberos Import into FreeBSD
Contact: Cy Schubert <cy@FreeBSD.org>
The FreeBSD Foundation was approached to import MIT KRB5 into FreeBSD with the
intent to replace our aging Heimdal.
The Enterprise Working Group made a request to the Foundation to replace
Heimdal with MIT KRB5.
This is the first report for this project.
Tasks completed:
• MIT KRB5 has been imported into FreeBSD 15-CURRENT.
• The WITH_MITKRB5 option is disabled until a successful ports exp-run is
complete.
Additional remaining tasks:
• Fix port build errors identified by a ports exp-run.
• Produce a writeup of the new Kerberos.
• Determine if migration of the Heimdal database to an MIT database is
possible. (At the moment this appears unlikely due to the age of our
ancient Heimdal and the lack of support for old crypto in newer Heimdal
MIT).
• Produce Heimdal Kerberos database to MIT database migration documentation
(if possible).
• (Optional) Develop and discuss the import and migration options at the next
BSDCan.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SysctlTui
Link:
Project Repository URL: https://gitlab.com/alfix/sysctltui
Contact: Alfonso Sabato Siciliano <asiciliano@FreeBSD.org>
SysctlTUI is an interactive text user interface (TUI) utility for exploring and
managing sysctl(3) parameters. It presents the sysctl Management Information
Base (MIB) as a hierarchical and navigable tree, enabling users to:
• Browse metadata for each kernel parameter.
• Retrieve and display current values.
• Modify parameters interactively from within the interface.
The UI consists of three panels: a tree view of the MIB hierarchy, a detail
panel showing metadata, and a value editor. Pressing the F1 key opens a help
dialog explaining:
• When the MIB is built.
• When values are retrieved or updated.
• A link to an online guide for getting started with sysctl, including
guidance on interpreting and using the displayed data.
Although still in early development (currently at version 0.0.2), SysctlTUI
already offers functionality comparable to tools like sysutils/nsysctl and
deskutils/sysctlview. A manual page is included, with suggestions to make the
output similar to sysctl(8) or nsysctl(8). The ToDo list outlining plans for
enhancements like configuration file integration and subtree sorting by names.
SysctlTUI is open source and available via the FreeBSD Ports Collection:
sysutils/sysctltui. Note: TUIs are a known accessibility issue, as they are not
usable with most screen readers. Users who access FreeBSD using a screen reader
can use the sysutils/nsysctl package instead. It is a command line utility that
provides the same information as SysctlTUI, since both tools use the same
underlying kernel interface.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Geomman Development
Links:
Geomman GSoC wiki URL:
https://wiki.freebsd.org/SummerOfCode2025Projects/FullDiskAdministrationToolForFreeBSD
geomman Gitlab repository URL: https://gitlab.com/brauliorivas/geomman
bsddialog repository URL: https://gitlab.com/alfix/bsddialog
sade URL:
https://man.freebsd.org/cgi/man.cgi?query=sade&manpath=FreeBSD+14.3-RELEASE+and+Ports
Contact: Braulio Rivas <brauliorivas@FreeBSD.org>
Geomman is a new partition tool based on sade(8) that brings more functionality
such as moving, copying, and pasting partitions. Geomman is part of Google
Summer of Code 2025. Currently, it is available in a Gitlab repository. But at
some future time, it is expected to become a tool in the base system.
Geomman is a TUI designed to allow to growing, shrinking, moving, copying, and
pasting partitions with filesystems other than UFS. For example, users may be
able to create an exFAT partition, as well as to resize an ext4 filesystem.
This would make partition management easier, because there are tools for each
individual task (mainly depending on the filesystem), but none that
concentrates all cases in a single tool.
For the moment, geomman only allows copying and pasting partitions. However,
for the next report the tool should be almost finished.
Currently, I am working on a mechanism to move partitions using dd(1). Other
approaches may be possible, so any help is very welcome.
The next steps for geomman are:
• Develop a way of moving partitions.
• Handle duplicate UUIDs between partitions when using dd.
• Add options to create, grow, and shrink more filesystem types.
Sponsor: Google Summer of Code
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Kernel
Updates to kernel subsystems/features, driver support, filesystems, and more.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Audio Stack Improvements
Contact: Christos Margiolis <christos@FreeBSD.org>
I have been working on the audio stack since 2024Q1. Below is a list of the
previous status reports:
2024Q1 URL: https://www.freebsd.org/status/report-2024-01-2024-03/#_audio_stack_improvements
2024Q2 URL: https://www.freebsd.org/status/report-2024-04-2024-06/#_audio_stack_improvements
2024Q3 URL: https://www.freebsd.org/status/report-2024-07-2024-09/#_audio_stack_improvements
2024Q4 URL: https://www.freebsd.org/status/report-2024-10-2024-12/#_audio_stack_improvements
2025Q1 URL: https://www.freebsd.org/status/report-2025-01-2025-03/#_audio_stack_improvements
Important work since last report:
• More sound(4) cleanups, fixes and improvements.
• Committed sndctl(8) (previously mentioned as audio(8)).
• Committed AFMT_FLOAT support.
• More out-of-the-box laptop support.
• Gave up on the /dev/dsp as a router device patch in favor of D50070
(includes relevant discussions).
• Submitting series of patches to clean up the MIDI subsystem, and working on
refactoring it into a generic layer, similar to PCM.
• Gave BSDCan 2025 talk (slides).
Future work includes:
• Port virtual_oss to base.
• More bug fixes, support, optimizations and general improvements, in all
areas of the sound stack.
You can also follow the development process in freebsd-multimedia@, where I
post regular reports.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
DRM drivers
Links:
Update to Linux 6.9 DRM drivers URL: https://github.com/freebsd/drm-kmod/pull/361
Contact: Jean-Sébastien Pédron <dumbbell@FreeBSD.org>
DRM drivers are kernel drivers for integrated and discrete GPUs. They are
maintained in the Linux kernel and we port them to FreeBSD. As of this report,
we take the AMD and Intel DRM drivers only (NVIDIA FreeBSD drivers are
proprietary and provided by NVIDIA themselves).
We port them one Linux version at a time. This allows us to ship updates more
often and it eases porting and debugging because we have a smaller delta
compared to a bigger jump skipping several versions.
This quarter, we finally merged the drivers from Linux 6.7 and 6.8 that were
done during the first quarter into drm-kmod. The porting for DRM drivers from
Linux 6.9 was finished and is now ready for review and testing; see the pull
request for instructions if you want to try them. The pull request also lists
all the patches needed to linuxkpi, the Linux drivers compatibility layer in
the FreeBSD kernel. Several patches were already reviewed but there is still
work.
These updates target the FreeBSD 15-CURRENT development branch for now. Once
kernel patches are accepted and the DRM drivers updates merged, we will
evaluate if/how we can backport the kernel patches to earlier release branches
(namely 14-STABLE).
While waiting for review, we also started to work on two features which were
unsupported on FreeBSD:
• DMA_BUF_IOCTL_EXPORT_SYNC_FILE and DMA_BUF_IOCTL_IMPORT_SYNC_FILE ioctls
• DRM_IOCTL_SYNCOBJ_EVENTFD ioctl
They are apparently required to allow the use of wlroots-based Wayland
compositors with the Vulkan API (see
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286311).
wlroots will need a patch as well because it only
expects these features on Linux for now.
Both pull requests as well as the patches to linuxkpi they rely on are ready
for review and testing. The linuxkpi patches are linked in the pull requests.
This work is kindly sponsored by the FreeBSD Foundation as part of the Laptop
and Desktop Project.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Suspend/Resume Improvement
Links:
Blog URL: https://obiw.ac/s0ix/
FOSDEM talk on s2idle/S0ix URL: https://youtu.be/mBxj_EkAzV0
Working Repo URL: https://github.com/obiwac/freebsd-s0ix/tree/everything
Tip of the s2idle/S0ix + AMD SMU stack URL: https://reviews.freebsd.org/D48721
USB4 suspend stack URL: https://reviews.freebsd.org/D49453
Contact: obiwac <obiwac@FreeBSD.org>
Suspend-to-idle and support for S0ix sleep is in the process of being added to
FreeBSD.
This will allow modern Intel and AMD laptops (e.g. AMD and newer Intel
Framework laptops), some of which do not support ACPI S3 sleep, to enter low
power states to increase battery life.
The USB4 driver (which was a dependency to S0i3 entry) has been updated to
allow for the sleep routines, and all CPUs are now entering C3 during s2idle.
Scheduler work is needed to ensure CPUs stay in C3 and do not get work
scheduled to them, but a prototype solution exists and is working. This means
that S0i3 can now be entered on the Framework 13 AMD Ryzen 7040 series laptops,
albeit only on my working 14.1 branch. This does not work on -CURRENT yet.
The amdgpio driver (for the AMD GPIO controller) has been extended to service
all GPIO interrupts and suspend the controller, as that was potentially a
blocker for the CPU to enter S0i3. Nothing is being done with these GPIO
interrupts at the moment as FreeBSD does not have the infrastructure for device
drivers to register these interrupts on x86 yet.
The SMU idlemask is also now being exported as a sysctl now
(dev.amdsmu.0.idlemask), the value of which is not documented and is mostly to
help AMD debug issues with S0i3 entry on FreeBSD on their side.
A pre-built image is being built to aid in easily testing S0i3 entry on
machines.
With respect to the links, the blog post entry is outdated. A talk was given
about this at BSDCan 2025 too, but it has yet to be uploaded as a standalone
video; it will be included in the next status report.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Named attribute support (Solaris style extended attributes)
Contact: Rick Macklem <rmacklem@FreeBSD.org>
Named attributes is the NFSv4 term for what is also known as Solaris style
extended attributes. Since ZFS has its origins in Solaris, the wiring for these
exists in OpenZFS. This little project consists of connecting that wiring up.
This is not intended to replace the extended attribute support already in
FreeBSD. It provides an alternate mechanism for manipulating extended
attributes that will be supported for ZFS and NFSv4. There are a few reasons I
think this could be useful (as indicated via email discussion). This mechanism
allows for extended attributes as large as any regular file, which can be
partially updated. Some NFSv4 clients, such as MacOS and Windows, can use these
extended attributes but not the FreeBSD/Linux style ones. (I think MacOS calls
these extended attributes fork files and Windows calls them alternate data
streams.) There is software, such as bash, that know how to manipulate these
extended attributes.
The fundamental difference is that this mechanism provides a directory that is
not in the file system's namespace, but is associated with a file object. This
named attribute directory can then be read via readdir(3) to get the list of
extended attributes, which are really just regular files. These extended
attributes are then read/written like any regular file.
The top level system call interface is open(2)/openat(2) with the new
O_NAMEDATTR flag (called O_XATTR on Solaris).
Most of the work has been committed to FreeBSD's main for FreeBSD 15. Once the
ZFS patch makes it through review and gets pulled into OpenZFS, the ZFS and
NFSv4 support should work. There are also a couple of manual pages currently
under review in phabricator.
The main thing left to do is update libarchive/tar so that large extended
attributes can be archived/retrieved. (The current FreeBSD extended attribute
mechanism is supported by libarchive, but will have size constraints.)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Packrat — NFS client caching on non-volatile storage
Contact: Rick Macklem <rmacklem@freebsd.org>
NFSv4.1/4.2 provides support for a feature called delegations. When a NFSv4.1/
4.2 client holds a delegation, the client has certain rights to a file,
including a guarantee that no other client will make changes to the file unless
the delegation is recalled. As such, when a client holds a delegation for a
file, it can aggressively cache the file's data, knowing that it will not be
modified by other clients until it returns the delegation.
This project is intended to allow the NFSv4.1/4.2 client to aggressively cache
file data on client local non-volatile storage, when the client holds a
delegation for the file. I created a patch long ago to try and do this for
NFSv4.0, but it was never at a stage where it was worth using. This project is
a complete rewrite of the patch, done in part because NFSv4.1/4.2 plus other
recent NFSv4 related changes makes doing this more feasible.
The patch is getting stable now, but I am not sure if it will be ready for
inclusion in FreeBSD 15 as an experimental feature enabled via a new mount
option called "packrat".
The main thing I still need to do is code a writeback kernel thread. Right now,
dirty chunks stored on client local non-volatile storage get written back to
the NFSv4.1/4.2 server upon umount. This can result in the umount taking a long
time (as in many minutes). To alleviate this, I am planning on implementing a
writeback kernel process that will walk the non-volatile storage and write the
dirty chunks back. The trick is to make it aggressive enough that most dirty
chunks have been written back when a umount is done, but not so aggressive that
it impedes the performance of synchronous NFSv4.1/4.2 RPCs.
This will be very much an experimental feature, but it is hoped it will allow
NFS mounts to be used more effectively, particularly in WAN situations, such as
a mobile laptop.
There is still work to be done, particularly with respect to recovery of
delegations after a NFSv4.1/4.2 client restart.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
LinuxKPI 802.11 and Native Wireless Update
Links:
802.11ac support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/33
LinuxKPI TKIP and GCMP support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/64
LinuxKPI wireless suspend and resume URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/58
MediaTek mt76 PCI driver support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/66
802.11ax support URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/34
net80211 updates URL:https://github.com/FreeBSDFoundation/proj-laptop/issues/79
Tracked wireless PRs URL:https://bugs.freebsd.org/bugzilla/showdependencytree.cgi?id=277512&hide_resolved=1
Contact: Bjoern A. Zeeb <bz@FreeBSD.org>
Contact: The FreeBSD wireless mailing list <wireless@FreeBSD.org>
This report focuses on the efforts using permissively licensed Linux wireless
drivers, mostly unmodified, on FreeBSD, as well as preparing the native
net80211 stack for support of newer standards.
As announced iwlwififw(4) was removed from the source tree in favor of a ports/
package based solution. Users are asked to use fwget(8) to automatically
install the firmware along with any possible configuration.
Support for wlan_tkip(4) was added to linuxkpi(4) but has to be manually
enabled. wlan_gcmp(4) support for linuxkpi(4) followed later and is available
from FreeBSD 15 onward.
FreeBSD 14.3-RELEASE is the first release with VHT (802.11ac) support
available. Modern iwlwifi(4) chipsets are supported. There was some fallout
after the release and a few open problems, but also a lot of positive feedback.
rtw88(4) saw a fix for a NULL pointer in the driver and is now starting to be
usable. Thanks to everyone who helped track this down and test patches along
the way.
Work on suspend and resume for LinuxKPI-based wireless drivers was picked up
again, and we are getting closer to a working solution (at least for suspend it
now exists).
Work is also ongoing for Mediatek mt76-based PCIe card support.
HE (802.11ax) definitions were migrated from linuxkpi(4) to native net80211
code and corrected. ifconfig(8) was enhanced parsing more information elements
to aid debugging. Work is in progress to fix a problem with reporting signal
strength and dealing with RSSI.
Further fixes to LinuxKPI and resolving the problems we worked around by
improving native net80211 code are in the works.
Lastly, various man pages were improved or written.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
USB Kernel Debugging
Contact: Tom Jones <thj@FreeBSD.org>
XHCI USB controllers offer a mode which allows them to be used as a system
debugging interface. XHCI debug uses a special USB 3 cable with VBUS, D+ and D-
disconnected. The feature can be used to live debug the FreeBSD kernel,
enabling investigation of issues which cause the system video console to lock
up and there is not an alternative such as a serial console. This can happen
when debugging issues with graphics drivers.
Hiroki Sato developed support for the XHCI debug interface and made it
available as some in progress git branches. This implementation enables FreeBSD
to operate as both a Debug Host and a Debug Target, with support for debugging
from the loader through to the kernel.
I have been updating and testing this support along with Mitchell Horne and
together we have a WIP branch which applies to FreeBSD main. We are currently
tidying up interfaces and testing for stability with the goal of introducing
XHCI debug once 16 is branched.
In doing the XHCI debug work I rediscovered a second form of kernel debugging
implemented by Hans Petter Selasky (hselasky@) in 2009. The FreeBSD USB stack
supports using a USB serial device as a system console and includes support to
continue polling the interface once the system has entered the debugger (such
as during a panic). USB Serial debugging allows a developer with two commodity
USB serial interfaces to connect to a FreeBSD target and debug the kernel. USB
Serial debugging is available in all FreeBSD releases in FreeBSD 9, but changes
in the kernel build process mean that it is not detected in modern kernels.
In this quarter I have been working on documentation required to use this
interface and changes to make it available in GENERIC kernels for newer FreeBSD
releases.
A core part of this work has been trying to document kernel debugging
interfaces. If you use live debug interfaces other than serial or network
debugging please get in touch so I can add these to the FreeBSD Developers
Handbook.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Porting HFS+ to FreeBSD
Links:
Project Home URL: https://github.com/stupendoussuperpowers/freebsd_hfs
Contact: Sanchit Sahay <ss19723@nyu.edu>
HFS+ (Hierarchical File System) is a legacy filesystem introduced by Apple for
its BSD-based XNU operating systems. Although HFS+ has been deprecated in favor
of APFS, it is still in use on many older Apple devices, such as iPods, which
rely on HFS+ volumes for storage.
While many modern operating systems include native support for HFS+, FreeBSD
currently offers only limited functionality via FUSE. This project aims to
address that limitation by porting the original, now open-sourced HFS+
implementation to the FreeBSD kernel as a native filesystem driver.
The primary focus of this effort is to modernize the VFS layer to align with
current FreeBSD interfaces and to adapt XNU-specific logic to their FreeBSD
equivalents.
Features implemented:
• Mount support for HFS, HFS+ Volumes
• Read, stat support for directories and files
• Create support for directories and files
• mount_hfs binary
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Architectures
Updating platform-specific features and bringing in support for new hardware
platforms.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Pinephone Pro Support
Links:
Repository on Codeberg URL: https://codeberg.org/Honeyguide/freebsd-pinephonepro
Contact: Toby Kurien <toby@tobykurien.com>
The project to port FreeBSD over to the Pinephone Pro is progressing. The aim
of this project is to step by step support components of the Pinephone Pro in
FreeBSD so that the device one day might be usable as a highly mobile FreeBSD
device.
In this quarter, a new development release has been made available for flashing
and testing on a PinePhone Pro. It includes a newly added touch driver, and a
minimal desktop environment with an on-screen keyboard. You can simply flash
this build to an SD card and boot it up, provided you have the correct version
of U-boot bootloader installed (details at the repository). The image also
contains the kernel and drivers source code, along with editors/vim editor and
build tools, allowing for development of drivers on-device.
To facilitate testing and driver development, network access has been enabled
via the headphone jack (using the headphone-to-USB-serial adapter). It works by
using Point-to-Point Protocol (PPP) to access the network via your PC. Details
of setting this up are in the repository README file.
Work is now under way to develop USB and WiFi drivers. As always, contributions
in the form of testing, feedback, upstreaming, driver development, or just
words of encouragement are welcome.
See the post on the FreeBSD Forum for more:
https://forums.freebsd.org/threads/porting-freebsd-to-pinephone-pro-help-needed.95948/
Sponsor: Honeyguide Group
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Cloud
Updating cloud-specific features and bringing in support for new cloud
platforms.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD on EC2
Contact: Colin Percival <cperciva@FreeBSD.org>
FreeBSD is available on both amd64 (Intel and AMD) and arm64 (Graviton) EC2
instances.
In the past quarter, the final bits needed for "hot plug" (and unplug) landed,
allowing this to be fully functional in FreeBSD 14.3-RELEASE. FreeBSD "AMI
Builder AMIs" are now being produced as part of the FreeBSD release building
process (including for 14.3-RELEASE).
Sponsor: Amazon
Sponsor: https://www.patreon.com/cperciva
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Documentation
Noteworthy changes in the documentation tree, manual pages, or new external
books/documents.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Documentation Engineering Team
FreeBSD Documentation Project URL: https://www.freebsd.org/docproj/
FreeBSD Documentation Project Primer for New Contributors URL:
https://docs.freebsd.org/en/books/fdp-primer/
Documentation Engineering Team URL:
https://www.freebsd.org/administration/#t-doceng
Contact: FreeBSD Doceng Team <doceng@FreeBSD.org>
The doceng@ team is a body to handle some of the meta-project issues associated
with the FreeBSD Documentation Project; for more information, see FreeBSD
Doceng Team Charter.
During the last quarter the following commit bits were taken for safekeeping:
• ale
• brueffer
• danger
• glewis
• hrs
• ygy
Team changes:
• doceng@ welcomes ebrandi@ as a new member (lurker).
• carlavilla@ stepped down from doceng@. doceng@ thanks him for his service.
• dbaio@ stepped down from doceng@. doceng@ thanks him for his service.
• fernape@ stepped down from doceng@. doceng@ thanks him for his service.
Document changes
• Handbook
□ The jails chapter has been updated
□ The Wi-Fi information have been updated
• Website
□ Plausible Analytics have been added to the website
• Porter's Handbook:
□ Document Uses=gnome:gnomedesktop4
Many typos have been fixed in all related documents.
• Documentation repository:
□ Added manpages for macOS 10.12.0, 10.15.0, and 11.1
□ Updated manpages for macOS to 15.5.0
□ Added OpenIndiana manpages for 2013.08, 2015.10, 2020.10, 2022.10, and
2024.10
□ Added manpages for NetBSD 9.4
□ Added manpages for OpenBSD 7.7
□ Updated Debian manpages to 12.11.0
FreeBSD Translations on Weblate
Translate FreeBSD on Weblate URL:
https://wiki.freebsd.org/Doc/Translation/Weblate
FreeBSD Weblate Instance URL: https://translate-dev.freebsd.org/
Q2 2025 Status
• 20 team languages
• 252 registered users
6 new translators joined Weblate:
• @mohamad (fa)
• @v.popolitov (ru)
• @SochiByte
• @carlosdaniel26
• @tj (nl_NL)
• @Natthachai043 (en)
Languages
• Chinese (Simplified) (zh_CN) (progress: 7%)
• Chinese (Traditional) (zh_TW) (progress: 3%)
• Dutch (nl_NL) (progress: 1%)
• French (fr_FR) (progress: 1%)
• German (de_DE) (progress: 1%)
• Greek (progress: 1%)
• Indonesian (progress: 1%)
• Italian (it_IT) (progress: 4%)
• Korean (progress: 30%)
• Norwegian Bokmål (progress: 1%)
• Persian (progress: 3%)
• Polish (progress: 1%)
• Portuguese (progress: 0%)
• Portuguese (Brazil) (progress: 23%)
• Russian (progress: 37%)
• Spanish (progress: 35%)
• Turkish (tr_TR) (progress: 1%)
We want to thank everyone that contributed, translating or reviewing documents.
And please, help promote this effort on your local user group, we always need
more volunteers.
Packages maintained by DocEng
During this quarter the following work was done in packages maintained by
doceng@:
• www/gohugo: update to 0.147.8
Open issues
There is 1 Open PRs in Bugzilla assigned to doceng@:
• 267274 Please remove the zh-CN Handbook of the current FreeBSD website
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FreeBSD Wiki
Links:
FreeBSD wiki front page URL: https://wiki.freebsd.org/FrontPage
Contact: Mark Linimon <linimon@FreeBSD.org>
Contact: Wiki admin <wiki-admin@FreeBSD.org>
Since the last status report, several people have expressed an interest in
bringing the wiki up to the level it ought to be.
The ongoing discussions (mostly taking place on the FreeBSD Discord) are
concerned with the topics of:
• Defining what content we consider useful.
• Ensuring that the useful content is kept current.
• Figuring out a way to keep obsolete content away from search engines.
• Add basic analytics to existing site to see what pages, if any,are actually
being accessed.
• Decide on whether MoinMoin can still be useful for purpose in the
short-term while we consider the longer-term needs listed above.
We do not yet have consensus on these issues.
Please join us on the FreeBSD Discord #documentation under the #wiki subthread.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Vision Accessibility
Link:
Project Repository URL: https://gitlab.com/alfix/freebsd-accessibility
Contact: FreeBSD Accessibility mailing list <freebsd-accessibility@FreeBSD.org>
Contact: Alfonso Sabato Siciliano <asiciliano@FreeBSD.org>
This quarter, the review for the FreeBSD Accessibility Handbook was submitted
and is available at: https://reviews.freebsd.org/D50894. The review includes a
link to an HTML preview.
The handbook aims to document assistive technologies for vision accessibility
available in FreeBSD, covering both the BASE system and the Ports Collection.
It is divided into two parts and contains six chapters:
1. Help — Covers how to request assistance effectively through appropriate
FreeBSD communication channels.
2. Virtual Terminal — Documents vision-related accessibility features of the
FreeBSD console (vt(4)).
3. Colors — Explains how to configure color schemes, including high-contrast
themes and adjusting screen colors for ambient lighting.
4. Low Vision — Outlines accessibility tools in graphical desktop environments
for users with low vision, such as screen magnifiers, readable fonts, and
scaling.
5. Blindness — Describes assistive technologies for blind users, focusing
primarily on screen readers and compatible tools.
6. Development — Provides resources for developers to make their software
accessible, test accessibility, and improve support for users with visual
impairments.
The handbook deliberately avoids images and minimizes non-plain-text elements
to enhance compatibility with assistive technologies. Tips and new ideas are
welcome. If possible, send reports to the FreeBSD Accessibility mailing list,
to share and to track discussions in a public place.
Sponsored by: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Ports
Changes affecting the Ports Collection, whether sweeping changes that touch
most of the tree, or individual ports themselves.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Security Hardening Compiler Options for the Ports Collection
Links:
Commit of the features URL:
https://cgit.freebsd.org/ports/commit/Mk/Features/fortify.mk?id=7a489e95c51f47f5e25a5613e375ec000618e52a
FreeBSD security hardening with compiler options URL:
https://www.leidinger.net/blog/2025/05/24/freebsd-security-hardening-with-compiler-options/
Contact: Alexander Leidinger <netchild@FreeBSD.org>
The Ports Collection gained the possibility to enable some security features of
modern compilers for package builds. As not all ports are compatible with them,
this is not enabled by default.
The 3 new features which can be enabled for the Ports Collection in make.conf
are:
• WITH_FORTIFY=yes: This enables mitigations of common memory safety issues,
such as buffer overflows, by adding checks to functions like memcpy,
strcpy, sprintf, and others when the compiler can determine the size of the
destination buffer at compile time. This requires support from the FreeBSD
base system and may only be available in FreeBSD 15 onwards.
• WITH_STACK_AUTOINIT=yes: This enables a compiler specific option to
automatically initialize local (automatic) variables to prevent the use of
uninitialized memory.
• WITH_ZEROREGS=yes: Zero call-used registers at function return to increase
program security by either mitigating Return-Oriented Programming (ROP)
attacks or preventing information leakage through registers. This depends
upon support from the compiler for a given architecture. This is disabled
for python ports; currently there are issues.
The blog post referenced in the links section explains how to use them, how to
exclude certain ports if needed, and provides a more detailed explanation of
those 3 new features along the already existing build-time security options of
the Ports Collection and the basesystem build.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Improve OpenJDK on FreeBSD
Links:
Project description URL:
https://freebsdfoundation.org/project/improving-openjdk-on-freebsd/
Project repository URL: https://github.com/freebsd/openjdk
Contact:
Harald Eilertsen <haraldei@freebsdfoundation.org>
FreeBSD Java mailing list <freebsd-java@lists.freebsd.org>
The goal of this project is to improve OpenJDK support for FreeBSD/amd64 and
FreeBSD/arm64.
Java is an important runtime environment for many high performance, critical
enterprise systems. Making sure Java based applications run correctly and
efficiently on FreeBSD is important to ensure that FreeBSD will continue to be
a viable and attractive platform for enterprises, as well as businesses and
organizations of all sizes.
In this quarter the following issues/milestones were reached:
• The OpenJDK 24 port was updated to OpenJDK 24.0.1 at the beginning of the
quarter, soon after it was released by upstream.
• A recurring issue with the PPC ports was fixed (thanks to Piotr Kubaj).
• A new way of bootstrapping OpenJDK ports was suggested and discussed – this
is a prerequisite to get the FreeBSD port integrated into the OpenJDK CI
environment.
• A CI job for building and testing the jtreg test harness for FreeBSD was
integrated using GitHub Actions - in part to get familiar with the CI
framework used by OpenJDK projects, but also to make sure the test harness
builds and works on FreeBSD.
In addition, a lot of time was spent cleaning up and refactoring the BSD port
for Aarch64, fixing various issues and working towards making the BSD port up
to date with the OpenJDK mainline.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
GCC on FreeBSD
Links:
GCC Project URL: https://gcc.gnu.org/
GCC 12 release series URL: https://gcc.gnu.org/gcc-12/
GCC 13 release series URL: https://gcc.gnu.org/gcc-13/
GCC 14 release series URL: https://gcc.gnu.org/gcc-14/
GCC 15 release series URL: https://gcc.gnu.org/gcc-15/
GCC 16 release series URL: https://gcc.gnu.org/gcc-16/
Contact: Lorenzo Salvadore <salvadore@FreeBSD.org>
The exp-run to update GCC default version from 13 to 14 is still suspended. As
a reminder, it has been noticed that FreeBSD 13.4 lacks symbols that are used
by GCC 14 for linking; please see https://bugs.freebsd.org/bugzilla/
show_bug.cgi?id=284499#c0 for a more detailed explanation. The symbols are
however already present in higher FreeBSD versions. At the time this report is
written, FreeBSD 13.4 is expected to go out of support soon (on June 30th), so
it has been decided that it is preferable to suspend the exp-run until then.
Thus it will get back on track on July 1st.
Meanwhile, GCC 15 has been released. As usual, the new port package lang/gcc15
has been created, as well as lang/gcc16-devel that tracks the latest GCC
development.
More bugs have been addressed. Bug 285711 about issues with some CPUTYPE values
has been fixed with a temporary workaround. The workaround will be needed until
commit 22e564c74eb2 is included in all supported FreeBSD releases.
A build failure has been found on aarch64 machines, see bug 282797. A fix has
been found and is about to be submitted upstream.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Third Party Projects
Many projects build upon FreeBSD or incorporate components of FreeBSD into
their project. As these projects may be of interest to the broader FreeBSD
community, we sometimes include brief updates submitted by these projects in
our quarterly report. The FreeBSD project makes no representation as to the
accuracy or veracity of any claims in these submissions.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Chinese FreeBSD Community (CFC)
Chinese FreeBSD Community (CFC) URL: https://bsdcn.org/
The community currently comprises 316 members in the QQ group and 175 members
in the WeChat group.
Documentation Project
Links:
FreeBSD-Ask Documentation Project on GitHub URL: https://github.com/FreeBSD-Ask/
FreeBSD-Ask Documentation Project URL: https://book.bsdcn.org/
It is noteworthy that all prior FreeBSD documentation has been fully translated
into Chinese, including but not limited to the following materials:
• FreeBSD Release Notes (i386 or amd64)
• FreeBSD Status Reports
• FreeBSD Handbook
• FreeBSD Porters Handbook
• FreeBSD Articles
• FreeBSD Architecture Handbook
• Developers' Handbook
In addition, two classic works have been translated.
• A Quarter Century of Unix
• The UNIX-HATERS Handbook, an humoristic book written in 1994 about issues
that some users found in the UNIX operating system. It includes an
anti-foreword from Dennis Ritchie, one of the authors of UNIX, which he
wrote in a style similar to the one used in the handbook itself.
FreeBSD-Ask
Links:
FreeBSD-Ask on GitHub URL: https://github.com/FreeBSD-Ask/FreeBSD-Ask
FreeBSD-Ask on Website URL: https://book.bsdcn.org/
Contact: ykla <yklaxds@gmail.com>
Contact: Voosk <roisfrank@icloud.com>
The FreeBSD-Ask was initiated on 14 March 2021 by ykla from the Chinese FreeBSD
Community (CFC). It is an open-source publication written in Simplified Chinese
that aims to provide introductory knowledge about the FreeBSD operating system.
Quarterly Updates
• Documentation Additions:
□ Overview of FreeBSD Desktop Distributions
□ Installing databases/postgresql17-server with pgAdmin4
□ Migration Guide for Windows Users
□ FreeBSD as a Host with VirtualBox
• Rewritten Documentation:
□ Games on FreeBSD (Renpy and Minecraft)
□ Installing sysutils/podman-suite
□ Installing x11/gnome(to 47)
□ Installing net/rsync
□ Installing net/samba420
□ Graphic card drivers
□ Printing
□ Wubi Input Method(Based on textproc/fcitx5 or textproc/ibus)
□ Installing x11-wm/xfce4
• Miscellaneous:
□ The tutorials pertaining to DragonFly BSD, OpenBSD and NetBSD have
undergone comprehensive translation, updating and rewriting.
□ Several GitHub Actions have been added to verify that images are
referenced correctly.
□ We now support exporting FreeBSD-Ask to the ePub format.
□ A tutorial about the security/py-fail2ban port (utilizing ipfw(4), pf
(4), and ipf(4)) has been submitted to the FreeBSD Journal for review.
It is hoped that an increasing number of contributors will join the
documentation efforts. The primary objective of this project is to undertake a
comprehensive modernisation and rewrite of the FreeBSD Handbook with a view to
promoting the development and adoption of FreeBSD.
Ports
QQ Port on GitHub URL: https://github.com/FreeBSD-Ask/QQ-Port/
Bug 287292 - [NEW PORT] net-im/qq: consider restoring QQ port due to resumed
upstream development URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287292
In the current quarter, a port was created for QQ, one of the most popular
instant messaging applications currently in use in mainland China. The bug
report remains open and has not yet been assigned any reviewers.
Sponsors: Chinese FreeBSD Community (CFC)
Friday, August 29, 2025
[USN-7710-2] Python 2.7 vulnerability
==========================================================================
Ubuntu Security Notice USN-7710-2
August 29, 2025
python2.7 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7710-1 fixed vulnerabilities in Python. This update provides the
corresponding fix for CVE-2025-8194 for Python 2.7.
Original advisory details:
It was discovered that Python inefficiently parsed maliciously crafted
HTML input. An attacker could possibly use this issue to cause a denial of
service. (CVE-2025-6069)
It was discovered that Python incorrectly parsed maliciously crafted Tar
archives. An attacker could possibly use this issue to cause a denial of
service. (CVE-2025-8194)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libpython2.7 2.7.18-13ubuntu1.5+esm7
Available with Ubuntu Pro
python2.7 2.7.18-13ubuntu1.5+esm7
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libpython2.7 2.7.18-1~20.04.7+esm8
Available with Ubuntu Pro
python2.7 2.7.18-1~20.04.7+esm8
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm12
Available with Ubuntu Pro
python2.7 2.7.17-1~18.04ubuntu1.13+esm12
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm17
Available with Ubuntu Pro
python2.7 2.7.12-1ubuntu0~16.04.18+esm17
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libpython2.7 2.7.6-8ubuntu0.6+esm26
Available with Ubuntu Pro
python2.7 2.7.6-8ubuntu0.6+esm26
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7710-2
https://ubuntu.com/security/notices/USN-7710-1
CVE-2025-8194
Ubuntu Security Notice USN-7710-2
August 29, 2025
python2.7 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7710-1 fixed vulnerabilities in Python. This update provides the
corresponding fix for CVE-2025-8194 for Python 2.7.
Original advisory details:
It was discovered that Python inefficiently parsed maliciously crafted
HTML input. An attacker could possibly use this issue to cause a denial of
service. (CVE-2025-6069)
It was discovered that Python incorrectly parsed maliciously crafted Tar
archives. An attacker could possibly use this issue to cause a denial of
service. (CVE-2025-8194)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libpython2.7 2.7.18-13ubuntu1.5+esm7
Available with Ubuntu Pro
python2.7 2.7.18-13ubuntu1.5+esm7
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libpython2.7 2.7.18-1~20.04.7+esm8
Available with Ubuntu Pro
python2.7 2.7.18-1~20.04.7+esm8
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm12
Available with Ubuntu Pro
python2.7 2.7.17-1~18.04ubuntu1.13+esm12
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm17
Available with Ubuntu Pro
python2.7 2.7.12-1ubuntu0~16.04.18+esm17
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libpython2.7 2.7.6-8ubuntu0.6+esm26
Available with Ubuntu Pro
python2.7 2.7.6-8ubuntu0.6+esm26
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7710-2
https://ubuntu.com/security/notices/USN-7710-1
CVE-2025-8194
[USN-7713-1] OpenLDAP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7713-1
August 24, 2025
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A
remote attacker could possibly use this issue to cause OpenLDAP to crash,
resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)
Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short
timestamps. A remote attacker could possibly use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2021-27212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
slapd 2.4.31-1+nmu2ubuntu8.5+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7713-1
CVE-2020-36229, CVE-2020-36230, CVE-2021-27212
Ubuntu Security Notice USN-7713-1
August 24, 2025
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A
remote attacker could possibly use this issue to cause OpenLDAP to crash,
resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)
Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short
timestamps. A remote attacker could possibly use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2021-27212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
slapd 2.4.31-1+nmu2ubuntu8.5+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7713-1
CVE-2020-36229, CVE-2020-36230, CVE-2021-27212
Thursday, August 28, 2025
[USN-7727-1] Linux kernel vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmiw6gAFAwAAAAAACgkQZ0GeRcM5nt1X
uwf9GBnX5mOgHiP2xihMkEr++yGa8DBYhL2g5SCCIqldpAOLK/qGIN3G/jS10K+O4DN8CWbdf6jI
35QKD3nYM1KLfEwVp83PIf0cfEzLTJW/jD63m0k13I07fmYMP03yVNN9YOr9wwCkZxWPktT8F+pl
2UNDLqwhr1Qbmsv1Vq1ilKHKC2w0r8tUQLofLAvXHPlKAobA8Is2qXvMYZuI618wxhKXqZORargJ
Vzn9bk1956qWEf4UB4LOmIlQij2hl0K0mLkIFsYChk439gqANZMwjYCMqTdDxuVNAI8zBxBihaeX
jUt1Y5u0glybqtxlUMkyiskHkiUIjB5Djs0Y33e2mQ==
=JL6k
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7727-1
August 28, 2025
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-kvm: Linux kernel for cloud environments
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- InfiniBand drivers;
- Media drivers;
- SPI subsystem;
- USB core drivers;
- NILFS2 file system;
- IPv6 networking;
- Network traffic control;
(CVE-2024-50051, CVE-2025-37752, CVE-2024-53130, CVE-2024-47685,
CVE-2024-27074, CVE-2023-52477, CVE-2024-50202, CVE-2021-47345,
CVE-2024-57996, CVE-2024-53131)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1148-kvm 4.4.0-1148.159
Available with Ubuntu Pro
linux-image-4.4.0-272-generic 4.4.0-272.306
Available with Ubuntu Pro
linux-image-4.4.0-272-lowlatency 4.4.0-272.306
Available with Ubuntu Pro
linux-image-generic 4.4.0.272.278
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.272.278
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1148.145
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.272.278
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.272.278
Available with Ubuntu Pro
linux-image-virtual 4.4.0.272.278
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.272.278
Available with Ubuntu Pro
Ubuntu 14.04 LTS
linux-image-4.4.0-1147-aws 4.4.0-1147.153
Available with Ubuntu Pro
linux-image-4.4.0-272-generic 4.4.0-272.306~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-272-lowlatency 4.4.0-272.306~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1147.144
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.272.306~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.272.306~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.272.306~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7727-1
CVE-2021-47345, CVE-2023-52477, CVE-2024-27074, CVE-2024-47685,
CVE-2024-50051, CVE-2024-50202, CVE-2024-53130, CVE-2024-53131,
CVE-2024-57996, CVE-2025-37752
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmiw6gAFAwAAAAAACgkQZ0GeRcM5nt1X
uwf9GBnX5mOgHiP2xihMkEr++yGa8DBYhL2g5SCCIqldpAOLK/qGIN3G/jS10K+O4DN8CWbdf6jI
35QKD3nYM1KLfEwVp83PIf0cfEzLTJW/jD63m0k13I07fmYMP03yVNN9YOr9wwCkZxWPktT8F+pl
2UNDLqwhr1Qbmsv1Vq1ilKHKC2w0r8tUQLofLAvXHPlKAobA8Is2qXvMYZuI618wxhKXqZORargJ
Vzn9bk1956qWEf4UB4LOmIlQij2hl0K0mLkIFsYChk439gqANZMwjYCMqTdDxuVNAI8zBxBihaeX
jUt1Y5u0glybqtxlUMkyiskHkiUIjB5Djs0Y33e2mQ==
=JL6k
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7727-1
August 28, 2025
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-kvm: Linux kernel for cloud environments
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- InfiniBand drivers;
- Media drivers;
- SPI subsystem;
- USB core drivers;
- NILFS2 file system;
- IPv6 networking;
- Network traffic control;
(CVE-2024-50051, CVE-2025-37752, CVE-2024-53130, CVE-2024-47685,
CVE-2024-27074, CVE-2023-52477, CVE-2024-50202, CVE-2021-47345,
CVE-2024-57996, CVE-2024-53131)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1148-kvm 4.4.0-1148.159
Available with Ubuntu Pro
linux-image-4.4.0-272-generic 4.4.0-272.306
Available with Ubuntu Pro
linux-image-4.4.0-272-lowlatency 4.4.0-272.306
Available with Ubuntu Pro
linux-image-generic 4.4.0.272.278
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.272.278
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1148.145
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.272.278
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.272.278
Available with Ubuntu Pro
linux-image-virtual 4.4.0.272.278
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.272.278
Available with Ubuntu Pro
Ubuntu 14.04 LTS
linux-image-4.4.0-1147-aws 4.4.0-1147.153
Available with Ubuntu Pro
linux-image-4.4.0-272-generic 4.4.0-272.306~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-272-lowlatency 4.4.0-272.306~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1147.144
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.272.306~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.272.306~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.272.306~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7727-1
CVE-2021-47345, CVE-2023-52477, CVE-2024-27074, CVE-2024-47685,
CVE-2024-50051, CVE-2024-50202, CVE-2024-53130, CVE-2024-53131,
CVE-2024-57996, CVE-2025-37752
Subscribe to:
Posts (Atom)