MidnightBSD 4.0 with OpenZFS, FreeBSD ZFS/vmm/ipfw/rtsold fixes, and pkgsrc-2025Q4 with 29,000+ packages and more.
Releases
MidnightBSD 4.0: MidnightBSD 4.0 introduces significant updates for amd64 and i386 architectures, incorporating improvements from FreeBSD 13.x alongside security patches and third-party library upgrades. Key changes include the adoption of OpenZFS, enhanced NFSv4.2/TLS support, and kernel-level TLS 1.0–1.3 offloading for TCP sockets, with AES-GCM cipher suite optimizations. The release also deprecates outdated hardware drivers (e.g., ISA sound cards, ATM components) and cryptographic algorithms (e.g., Triple DES, Kerberos GSS methods), while adding support for modern hardware like Intel Alder Lake/Raptor Lake CPUs and AMD Ryzen 7 “Phoenix” processors. Notable userland updates include the BSD grep as default, mport package manager improvements (e.g., checksum repair, dependency handling), and deprecated tools like mergemaster and ctm. Virtualization enhancements in bhyve include VirtIO-9p filesystem sharing, VM snapshots (experimental), and expanded vCPU support. The release warns of potential compatibility issues with older mports due to compiler updates, particularly affecting Rust-dependent packages.
BSDSec
FreeBSD Errata Notice FreeBSD-EN-25:19.zfs: FreeBSD Errata Notice FreeBSD-EN-25:19.zfs addresses a critical flaw in the ZFS file system where invoking the fsync(2) system call on a named pipe triggers a NULL pointer dereference in the kernel, causing a system panic. The vulnerability allows unprivileged users to crash the system maliciously, while legitimate software performing the same operation could inadvertently cause the same issue. No workaround exists, but systems not using ZFS remain unaffected. The patch was applied to FreeBSD 15.0-STABLE and 15.0-RELEASE-p1, with updates available via binary patches for amd64/arm64 or manual source code patching. The correction involves specific Git commits in the stable/15 and releng/15.0 branches, with detailed instructions provided for verification and application.
FreeBSD Errata Notice FreeBSD-EN-25:20.vmm: FreeBSD Errata Notice FreeBSD-EN-25:20.vmm highlights a regression in the vmm(4) kernel module affecting bhyve(8) PCI passthru functionality on amd64 systems. The issue stems from refactoring in the IOMMU mapping code, potentially causing PCI device passthrough to fail in guest virtual machines. Only FreeBSD 15.0 users leveraging bhyve with PCI passthrough are impacted, with no workaround available. Corrections were applied to stable/15 and releng/15.0 branches on December 15–16, 2025, with updates available via binary patches or source code fixes. Systems not using this feature remain unaffected.
FreeBSD Security Advisory FreeBSD-SA-25:11.ipfw: A vulnerability in FreeBSD’s ipfw firewall (CVE-2025-14769) allows remote attackers to trigger a denial of service via maliciously crafted packets when the tcp-setmss directive is used. The issue arises from a NULL pointer dereference caused by packet data being freed prematurely while rule processing continues, potentially crashing the system if subsequent rules permit the traffic. Affected versions include FreeBSD 13 and 14, with patches released for 13.5-RELEASE-p8 and 14.3-RELEASE-p7 as of December 2025. Systems not using ipfw with tcp-setmss are unaffected, and no workaround exists beyond applying updates. Corrections involve kernel patches, requiring either a binary update via freebsd-update or manual source compilation.
FreeBSD Security Advisory FreeBSD-SA-25:12.rtsold: A critical vulnerability in FreeBSD’s rtsold(8) and rtsol(8) utilities allows remote code execution via maliciously crafted IPv6 Router Advertisement messages. The issue stems from improper validation of domain search list options, which are passed unchecked to resolvconf(8)—a shell script that executes unquoted input. Systems running these utilities are vulnerable to attacks from the same network segment, as router advertisements are not routable beyond local networks. The flaw affects all supported FreeBSD versions and was patched on December 16, 2025, with updates available via binary patches or source code fixes. No workaround exists beyond disabling IPv6 router advertisements or upgrading to corrected versions.
As always, it’s worth following BSDSec. RSS feed available.
News
pkgsrc-2025Q4 release introduces 29,000+ packages with key updates: The pkgsrc-2025Q4 release marks the 89th quarterly update of the cross-platform pkgsrc packaging system, now hosting over 29,000 packages. This version introduces 112 new packages, including firefox140, sndio (OpenBSD’s audio framework), and nodejs24, while removing older versions like Python 3.9. Major updates cover desktop environments like LXQt 2.3.0 and Xfce, development tools such as Go 1.25.5 and Rust 1.90, and multimedia software like ffmpeg 8.0.1 and Firefox 145.0.2. The release also includes updates to database systems (PostgreSQL 13.23–18.1), programming languages (PHP 8.3.28/8.4.15, Ruby 3.3.10/3.4.7), and scientific tools like QGIS 3.44.5. Binary packages are available via pkgin, with source access through CVS or tar files under the pkgsrc-2025Q4 branch.
FreeBSD Foundation 2025 progress report: The FreeBSD Foundation’s 2025 annual report highlights significant advancements in software development, infrastructure modernization, and community engagement. Key achievements included hardware enablement improvements—such as expanded wireless networking, graphics, and power management support—making FreeBSD more viable for modern laptops and workstations. Infrastructure upgrades, funded partly by the Sovereign Tech Agency, focused on zero-trust builds, CI/CD automation, and security enhancements like SBOM generation. The Foundation also advanced supply chain transparency through the Alpha-Omega initiative, completed the OpenSSL 3.5 upgrade, and supported 12 successful Google Summer of Code projects, reinforcing developer onboarding. Additionally, FreeBSD 15 saw progress in pkgbase integration and accessibility documentation, while compliance efforts addressed licensing frameworks and regulatory readiness. These efforts were driven by community contributions, with 62% of the Foundation’s budget allocated to software development.
FreeBSD infrastructure modernization completes under Sovereign Tech Agency funding: The FreeBSD Foundation concluded an infrastructure modernization program in December 2025, funded by Germany’s Sovereign Tech Agency and running from August 2024. Key achievements included implementing reproducible builds without root privileges, enhancing security through zero-trust architectures, and expanding CI/CD automation capabilities. The project also introduced OSV vulnerability data standardization, improved SBOM generation tools, and reduced technical debt through analytics dashboards and bug management initiatives. While ports tree SBOM generation is production-ready, base system SBOM capabilities remain in technical preview, with full implementation expected in early 2026 through follow-on projects.
BSD Now 642 explores SSD endurance metrics and FreeBSD adoption: Episode 642 of BSD Now examines whether DWPD (Drive Writes Per Day) remains a relevant metric for modern SSDs and discusses the practicality of migrating from Windows to FreeBSD as an alternative to Linux. The show also revisits a 1990 episode of Computer Chronicles covering Open Look, OSF/Motif, and Apple’s A/UX, while highlighting a rare case of ZFS checksum failures after years of stability. Additional topics include self-hosting with FreeBSD, timezone challenges in Phoenix, Arizona, and the discovery of the only known surviving copy of UNIX Version 4.
FreeBSD Laptop Support Project marks first-year progress with Wi-Fi, graphics, and sleep improvements: The FreeBSD Foundation’s Laptop Support & Usability Project has made significant strides in its first full year, addressing long-standing compatibility gaps for modern laptops. Key 2025 achievements include expanded Wi-Fi support (Wi-Fi 4/5 for Intel/Realtek, with Wi-Fi 6 in progress), graphics driver upgrades to Linux 6.9 (via drm-latest-kmod), and audio enhancements like sndctl(8) and automatic sound redirection. The installer now supports post-install firmware downloads and will add KDE desktop installation in FreeBSD 15.1, while sleep states (modern standby/S0i3 and hibernate/S4) are under active development. With over $750k invested, the project plans to extend support in 2026 to Wi-Fi 6, USB4/Thunderbolt, HDMI, and UVC webcams, alongside a community testing program launching in January.
FreeBSD Foundation’s 2025 Year in Review: The FreeBSD Foundation reflected on 2025 as a transformative year marked by expanded advocacy, community engagement, and growth in visibility for the FreeBSD Project. Key initiatives included educational outreach through restructured YouTube channels, social media expansion, and high-profile events like EuroBSDCon and BSDCan, which fostered global collaboration and technical innovation. The 2025 Community Survey provided critical insights into user needs, while travel grants and mentorship programs, such as Leah Budzicka’s EuroBSDCon experience, highlighted the impact of community support. The Foundation also emphasized sustainable open-source stewardship, celebrating contributions from developers, donors, and corporate sponsors, whose investments funded infrastructure, software development, and educational resources. Looking ahead to 2026, the Foundation plans to further strengthen FreeBSD’s global presence, improve contributor experiences, and expand programs for new and experienced users.
2025 BastilleBSD Annual User Survey: The 2025 Bastille Annual User Survey is now live! It will remain live for the next two weeks (until year-end) for feedback from users. The survey results allow us to guide future project development, address common pain points and ensure we continue to be aligned with our user community. They recognize that open source projects like Bastille & Rocinante wouldn’t exist without their community of users. They appreciate all your feedback and hope you have a great holiday season!
Tutorials
freebsd-wifibox: Wifibox deploys a Linux guest to drive a wireless networking card on the FreeBSD host system with the help of PCI pass-through. There have been guides on the Internet to suggest the use of such techniques to improve the wireless networking experience on FreeBSD, of which Wifibox tries to implement as a single easy-to-use software package.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!