FreeBSD 15.0-RELEASE with pkgbase, OpenZFS 2.4.0, and security fixes for local-unbound DNS vulnerability and more.
Releases
FreeBSD 15.0-RELEASE: FreeBSD 15.0-RELEASE marks the debut of the stable/15 branch, introducing a packaged base system (“pkgbase”) that allows installation and management of the core OS via the pkg(8) package manager alongside the traditional freebsd-update method. Key updates include a native inotify implementation for directory monitoring, OpenZFS 2.4.0-rc4, OpenSSL 3.5.4 with QUIC and quantum-resistant algorithms (ML-KEM, ML-DSA, SLH-DSA), and OpenSSH 10.0p2 with default quantum-resistant key exchange. The release supports amd64, aarch64, armv7, powerpc64, powerpc64le, and riscv64 architectures, with installation options ranging from ISO/DVD images to cloud platforms like AWS, Google Compute Engine, and Azure. All release artifacts were built without root privileges, and the pkgbase method is positioned as the future standard for base system management. Support for FreeBSD 15.0-RELEASE will continue until September 2026, with the 15.x series supported until December 2029.
BSDSec
FreeBSD Security Advisory FreeBSD-SA-25:10.unbound: A vulnerability in FreeBSD’s local-unbound service allows cache poisoning via malicious NS RRSets in DNS replies, enabling attackers to manipulate delegation information for zones. The flaw, identified as CVE-2025-11411, affects all supported FreeBSD versions and was reported by researchers from Tsinghua and Peking Universities. Patches have been released for FreeBSD 15.0, 14.3, and 13.5, addressing both the original issue and an additional mitigation for YXDOMAIN/nodata attacks. Systems not using local-unbound are unaffected, but no workaround exists for vulnerable configurations. Updates are available via binary patches or source code fixes, with detailed instructions provided for both methods.
As always, it’s worth following BSDSec. RSS feed available.
News
Valuable News – 2025/12/01: The Valuable News weekly roundup for December 1, 2025, curates notable updates and resources across UNIX/BSD/Linux ecosystem. Highlights include FreeBSD 15.0-RC4’s release due to last-minute fixes, insights into ZFS optimizations like the written dataset property, and KDE’s shift to prioritize Wayland over X11. The edition also covers a FreeBSD-focused love letter from a user, and tutorials for setting up services like Jellyfin and DokuWiki on FreeBSD.
FreeBSD Q3 2025 Status Report: The FreeBSD Q3 2025 Status Report highlights key developments across the project, including kernel improvements, userland updates, and ports collection changes. The FreeBSD Foundation sponsored 451 src, 71 ports, and 25 doc commits, focusing on suspend/resume improvements, audio stack enhancements, and OpenJDK updates. The Core Team addressed governance issues like AI policy drafting, committer mentorship, and staggered election terms, while the Release Engineering Team prepared for FreeBSD 15.0-RELEASE. Notable projects include Framework Laptop support, infrastructure modernization, and the Alpha-Omega Beach Cleaning initiative. The Ports Collection saw 37,163 ports, with updates to KDE, GCC, and Valgrind, alongside new tools like the Wi-Fi management utility wutil. The report also covers documentation updates, including translations and the Russian Documentation Project’s progress.
FreeBSD 15.0 key improvements and updates: The FreeBSD 15.0-RELEASE introduces significant enhancements across multiple areas, including a new PKGBASE system for managing the base OS via the pkg(8) tool, OpenZFS 2.4.0-RC4 with the rewrite feature, and performance optimizations through SIMD extensions in the C library. Networking improvements include OpenBSD-style NAT syntax in pf(4), native Linux inotify(2) support, and a new networking(7) man page for setup guidance. Cloud integration expands with cloud-init(1) support, OCI-compatible containers, and faster EC2 boot times, particularly on ARM64 Graviton instances. WiFi advancements feature updated Realtek (rtw88(4), rtw89(4)) and Intel (iwlwifi(4), iwx(4)) drivers, while sound enhancements include dynamic vchan allocation and hotplug support for USB audio devices. The release also deprecates legacy tools like fdisk(8) and gvinum(8) while adding safety features such as the precious_machine rc.conf(5) option to prevent accidental shutdowns.
BSD Now 639: Reproducible builds, Highly available ZFS Pools, Self Hosting on a Framework Laptop, and more.
Tutorials
Setting up Jellyfin media server in a FreeBSD jail: This guide details the process of deploying Jellyfin, an open-source media server, within a FreeBSD jail using Bastille for isolation and security. The setup begins with creating a dedicated jail named “media” on FreeBSD 14.3-RELEASE, configuring necessary permissions like allow.mlock, and mounting media directories via nullfs for read-only access. Inside the jail, Jellyfin is installed from the official package repository, enabled as a service, and started to listen on port 8096. The guide then directs users to complete the setup via Jellyfin’s web-based wizard, emphasizing the flexibility of FreeBSD jails for isolating services while maintaining easy access to media libraries. The approach ensures a clean, secure environment for media streaming without exposing the host system.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!