1 |
|
Updating Information for MidnightBSD users |
2 |
|
|
3 |
< |
20111223: |
4 |
< |
pam: don't allow escape from policy path. Exploitable in KDE, etc. |
3 |
> |
20111004: |
4 |
> |
Fix a problem with unix socket handling caused by the recent |
5 |
> |
patch to unix socket path handling. This allows network |
6 |
> |
apps to work under the linuxolator again. |
7 |
|
|
8 |
< |
Fix pam_ssh module: |
8 |
> |
20111001: |
9 |
> |
Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is |
10 |
> |
now default and an environment variable must be set to use |
11 |
> |
active. |
12 |
|
|
13 |
< |
If the pam_ssh module is enabled, attackers may be able to gain access |
14 |
< |
to user accounts which have unencrypted SSH private keys. |
13 |
> |
20110930: |
14 |
> |
Introduce quirks handling for several umass devices including |
15 |
> |
USB cameras. Add workaround for Cyberpower UPS devices. |
16 |
|
|
17 |
< |
Fix security issue with chroot and ftpd. |
17 |
> |
Bring in further bug fixes from FreeBSD and NetBSD for alc(4). |
18 |
> |
Stale ip/tcp header pointers are no longer used, lockups fixed |
19 |
> |
when network cable is unplugged on bootup, enable TX checksum |
20 |
> |
offloading. |
21 |
|
|
22 |
< |
nsdispatch(3) doesn't know it's working in a chroot and some |
23 |
< |
operations can cause files to get reloaded causing a security |
15 |
< |
hole in things like ftpd. |
22 |
> |
Add a new man page for gcache(8), a useful geom class when |
23 |
> |
working with large raid3 sets. |
24 |
|
|
25 |
< |
20111004: |
18 |
< |
MidnightBSD 0.3-RELEASE-p4 |
25 |
> |
Restore previous workaround for Cypress pata storage controller. |
26 |
|
|
27 |
< |
Fix a problem with unix socket handling caused by the recent |
28 |
< |
patch to unix socket path handling. This allows network |
22 |
< |
apps to work under the linuxolator again. |
27 |
> |
20110929: |
28 |
> |
Sync ath(4) with FreeBSD 7.3. |
29 |
|
|
30 |
+ |
The following modules are no longer available, and should be |
31 |
+ |
removed from loader.conf: |
32 |
+ |
ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample |
33 |
+ |
|
34 |
+ |
alc(4) would hibernate when a cable was unplugged and often |
35 |
+ |
required bring the interface down and up to "wake up" so that |
36 |
+ |
a connection could be established. Disable hibernation. |
37 |
+ |
|
38 |
|
20110928: |
39 |
< |
MidnightBSD 0.3-RELEASE-p3 |
39 |
> |
Fix security issues with gzip and compress related to .Z |
40 |
> |
files that are corrupted. |
41 |
|
|
42 |
< |
Security hole in compress and gzip with malformed |
28 |
< |
.Z files can cause an infinite loop in these utilities. |
42 |
> |
Fix path validation with unix domain sockets. |
43 |
|
|
44 |
< |
Validate paths for unix domain sockets. |
44 |
> |
20110917: |
45 |
> |
Remove dependance on mports perl for generating releases as |
46 |
> |
it's in the base system. |
47 |
|
|
48 |
+ |
20110914: |
49 |
+ |
Import xz 5.0.3 with liblzma 5.0.3 |
50 |
+ |
|
51 |
+ |
20110813: |
52 |
+ |
synced the sparc64 GENERIC kernel configuration with amd64. |
53 |
+ |
|
54 |
+ |
20110806: |
55 |
+ |
sqlite 3.7.7.1 imported |
56 |
+ |
|
57 |
+ |
msearch(1), libmsearch and msearch.import added. msearch(1) provides |
58 |
+ |
a full text search command line tool. libmsearch can also be used |
59 |
+ |
to build a graphical based search in the future. You can enable |
60 |
+ |
index building for msearch in periodic.conf or manually run the |
61 |
+ |
/usr/libexec/msearch.index tool. Full text indexes take considerable |
62 |
+ |
space in /var. I'm using approximately 500MB currently. |
63 |
+ |
|
64 |
+ |
Fix a long standing bug with the periodic script to check package |
65 |
+ |
versions. This will be obsolete with mport though. |
66 |
+ |
|
67 |
+ |
20110710: |
68 |
+ |
kdb_enter_why added to MidnightBSD to allow the kernel debugger to |
69 |
+ |
know why it's in use and thus script can be run. |
70 |
+ |
|
71 |
+ |
Yet another problem with the perl manifest was fixed |
72 |
+ |
|
73 |
+ |
20110709: |
74 |
+ |
cpufreq(1) is a new utility to monitor CPU frequency which may change |
75 |
+ |
with use of powerd(8) and cpufreq(4). |
76 |
+ |
|
77 |
+ |
20110612: |
78 |
+ |
Update mksh to R40 |
79 |
+ |
|
80 |
+ |
Catch up ObsoleteFiles.inc to remove Perl 5.10.x. Good to run when |
81 |
+ |
updating current (cd /usr/src && make check-old) |
82 |
+ |
|
83 |
|
20110528: |
84 |
< |
MidnightBSD 0.3-RELEASE-p2 |
84 |
> |
Fix CVE-2011-1910 in BIND 9.6.x. This affects caching resolvers. |
85 |
|
|
86 |
< |
Fix a critical security hole in BIND 9.6.x, CVE-2011-1910, with caching resolvers. |
86 |
> |
20110526: |
87 |
> |
newfs: |
88 |
> |
Raised the default blocksize for UFS/FFS filesystems from |
89 |
> |
16K to 32K and the default fragment size from 2K to 4K. |
90 |
|
|
91 |
+ |
This should slightly imporve performance on "advanced format" |
92 |
+ |
hard drives such as the WD EARS drives. Drives of this type |
93 |
+ |
have emulation modes that slow down with lower sizes. Of course |
94 |
+ |
the drive must still be aligned properly when using fdisk. |
95 |
+ |
|
96 |
+ |
20110521: |
97 |
+ |
mport tool now has a deleteall command. This can be used to remove |
98 |
+ |
all packages from a system. |
99 |
+ |
|
100 |
+ |
A few bugs with the perl 5.14 import have been fixed. |
101 |
+ |
|
102 |
+ |
20110518: |
103 |
+ |
Perl 5.14.0 |
104 |
+ |
|
105 |
+ |
20110517: |
106 |
+ |
Sendmail 8.14.5 |
107 |
+ |
|
108 |
+ |
20110314: |
109 |
+ |
DRM/DRI code updated to support newer video cards. (FreeBSD 7.1) |
110 |
+ |
|
111 |
+ |
cdevpriv wrappers added |
112 |
+ |
|
113 |
+ |
nss_mdns hack introduced to work around linking problem. |
114 |
+ |
|
115 |
+ |
dnsextd fixed after update to mDNSResponder code. |
116 |
+ |
|
117 |
+ |
20110308: |
118 |
+ |
Introduce liblzma & xz 5.0.1 to the base system |
119 |
+ |
|
120 |
+ |
Patch for OpenSSL security issue CVE-2011-0014. |
121 |
+ |
|
122 |
+ |
"OSREVISION 4004" |
123 |
+ |
|
124 |
+ |
nsswitch module for multicast dns (nss_mdns) added. |
125 |
+ |
|
126 |
+ |
tzdata2011c |
127 |
+ |
|
128 |
+ |
20110220: |
129 |
+ |
cam(4) syncronized with FreeBSD 7.3. |
130 |
+ |
|
131 |
+ |
20110219: |
132 |
+ |
amdtemp(4) updated to support sensors framework. |
133 |
+ |
|
134 |
+ |
20110217: |
135 |
+ |
Perl 5.10.1 imported |
136 |
+ |
|
137 |
+ |
20110216: |
138 |
+ |
Introduce igb(4) and split Intel Gigabit Ethernet adapters between |
139 |
+ |
igb(4) and em(4). Newer devices use igb(4). The code has moved |
140 |
+ |
to sys/dev/e1000 for both devices in the kernel. igb(4) has |
141 |
+ |
been placed in GENERIC on i386 and amd64. |
142 |
+ |
|
143 |
+ |
Update bfe(4) to support newer devices and WOL. |
144 |
+ |
|
145 |
+ |
20110215: |
146 |
+ |
age(4) added. |
147 |
+ |
|
148 |
+ |
20110208: |
149 |
+ |
BIND 9.6.3 which fixes a bug with DNSSEC records getting added. |
150 |
+ |
|
151 |
+ |
20110206: |
152 |
+ |
eeemon(4) added to monitor Asus Eee PC. |
153 |
+ |
|
154 |
+ |
20110205: |
155 |
+ |
OpenSSH 5.7p1 |
156 |
+ |
|
157 |
+ |
GNU sort 6.9 (coreutils) |
158 |
+ |
|
159 |
|
20110203: |
160 |
< |
MidnightBSD 0.3-RELEASE-p1 |
160 |
> |
one true awk 20100523 imported |
161 |
|
|
162 |
< |
Fix the sqlite3.pc file so that it reports the proper version of sqlite3. This shouldn't |
41 |
< |
cause any functional changes with mports or the release. |
162 |
> |
sqlite 3.7.5 |
163 |
|
|
164 |
< |
20110128: |
44 |
< |
MidnightBSD 0.3-RELEASE |
164 |
> |
OpenSSL 0.9.8q |
165 |
|
|
166 |
< |
20110124: |
167 |
< |
pkg_add migrated to release pkg path. |
166 |
> |
20110202: |
167 |
> |
tcsh 6.17.00 |
168 |
|
|
169 |
< |
20110123: |
50 |
< |
Fix a bug in netwait that prints error messages when booting up. netwait is a |
51 |
< |
rc.conf(5) var that allows you to wait for network link to come up on a specific |
52 |
< |
interface and/or ip address before booting the system. |
169 |
> |
file 5.05 |
170 |
|
|
171 |
+ |
20110122: |
172 |
+ |
Import it(4) and lm(4), with support for Super I/O hardware monitors. This |
173 |
+ |
uses the sensors framework ported by Constantine A. Murenin (GSOC2007) |
174 |
+ |
|
175 |
+ |
20110120: |
176 |
+ |
BIND 9.6.2-P3 |
177 |
+ |
|
178 |
+ |
sudo 1.7.4-p6 |
179 |
+ |
|
180 |
+ |
20110115: |
181 |
+ |
Add experimental jme(4) for Jmicron ethernet devices. |
182 |
+ |
|
183 |
|
20101130: |
184 |
|
A double free exists in the SSL client ECDH handling code, when |
185 |
|
processing specially crafted public keys with invalid prime |
186 |
|
numbers. [CVE-2010-2939] |
187 |
|
|
188 |
+ |
20101120: |
189 |
+ |
Several portions of the kernel and userland code related to UFS file |
190 |
+ |
systems (and UFS2) cannot properly handle inode counts above 2^31 due |
191 |
+ |
to use of int types. Based on a patch from FreeBSD, I've modified |
192 |
+ |
our UFS2 implementation to handle unsigned values for inode counts |
193 |
+ |
which should allow for file systems greater than 16TB. |
194 |
+ |
|
195 |
+ |
newfs and growfs was also modified. |
196 |
+ |
|
197 |
|
20101110: |
198 |
< |
Fix a security issue with pseudofs which could result in running code in kernel |
199 |
< |
context or a kernel panic depending on system configuration. This affects file |
200 |
< |
systems such as procfs for instance. |
198 |
> |
Fix a security issue with pseudofs which could result in running code in kernel |
199 |
> |
context or a kernel panic depending on system configuration. This affects file |
200 |
> |
systems such as procfs for instance. |
201 |
|
|
202 |
< |
20101008: |
203 |
< |
A bug in glob(3) results in uncontrolled memory usage causing a possible |
204 |
< |
DOS attach in sftpd and ftpd. Rework the glob logic, fix the man page |
205 |
< |
and enable the fix in sftp.c and sftp-glob.c |
202 |
> |
20101021: |
203 |
> |
sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily. |
204 |
> |
This is similar to functions present in many linux distros. The utility was |
205 |
> |
written by Devin Teske for FreeBSD. |
206 |
|
|
207 |
|
20100920: |
208 |
< |
Security update for bzip2 integer overflow |
208 |
> |
bzip2 security patch for integer overflow. |
209 |
|
|
210 |
< |
20100906: |
211 |
< |
Remove xz from the base system. This will be developed in current. |
210 |
> |
20100905: |
211 |
> |
MidnightBSD RELENG_0_3 branch created. Aggressive development continues here |
212 |
> |
for 0.4. |
213 |
|
|
75 |
– |
RELENG_0_3 created. |
76 |
– |
|
214 |
|
20100902: |
215 |
|
Fix a security issue with libutil that allows users to bypass cpu limits in |
216 |
|
login.conf in some cases. This combined with OpenSSH for example can allow |
1085 |
|
this document. |
1086 |
|
|
1087 |
|
$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $ |
1088 |
< |
$MidnightBSD: src/UPDATING,v 1.94.2.14 2011/12/24 03:20:00 laffer1 Exp $ |
1088 |
> |
$MidnightBSD: src/UPDATING,v 1.136 2011/10/01 04:47:31 laffer1 Exp $ |