3 |
|
Items affecting the mports and packages system can be found in |
4 |
|
/usr/mports/UPDATING. |
5 |
|
|
6 |
+ |
20090610: |
7 |
+ |
MidnightBSD 0.2.1-RELEASE-p10 |
8 |
+ |
|
9 |
+ |
This should be applied to all systems running 0.2.1. Users on |
10 |
+ |
p9 simply should update their kernels. No world update is required. |
11 |
+ |
|
12 |
+ |
ipv6: |
13 |
+ |
The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. |
14 |
+ |
Don't let everyone on the planet (with local access) change the |
15 |
+ |
properties on the ipv6 interfaces. |
16 |
+ |
|
17 |
+ |
anonymous pipes: |
18 |
+ |
Stop unprivileged processes from reading pages of memory belonging |
19 |
+ |
to other processes with anonymous pipes. |
20 |
+ |
|
21 |
+ |
20090521: |
22 |
+ |
MidnightBSD 0.2.1-RELEASE-p9 |
23 |
+ |
|
24 |
+ |
This fix is only in configuration files for ssh and sshd. Users on |
25 |
+ |
p8 should simply add |
26 |
+ |
|
27 |
+ |
Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc |
28 |
+ |
|
29 |
+ |
to their configuration files for sshd_config and ssh_config in etc/ssh |
30 |
+ |
|
31 |
+ |
20090422: |
32 |
+ |
MindightBSD 0.2.1-RELEASE-p8 |
33 |
+ |
|
34 |
+ |
The function ASN1_STRING_print_ex does not properly validate the lengths |
35 |
+ |
of BMPString or UniversalString objects before attempting to print them. |
36 |
+ |
|
37 |
+ |
20090326: |
38 |
+ |
MidnightBSD 0.2.1-RELEASE-p7 |
39 |
+ |
|
40 |
+ |
Fix several security problems with sudo. It is now 1.6.9-p20 |
41 |
+ |
|
42 |
+ |
20090115: |
43 |
+ |
MidnightBSD 0.2.1-RELEASE-p6 |
44 |
+ |
|
45 |
+ |
Correct an issue with BIND that allows for DNSSEC spoofing |
46 |
+ |
attacks. |
47 |
+ |
|
48 |
+ |
20090110: |
49 |
+ |
MidnightBSD 0.2.1-RELEASE-p5 |
50 |
+ |
|
51 |
+ |
For applications using OpenSSL for SSL connections, an invalid SSL |
52 |
+ |
certificate may be interpreted as valid. This could for example be |
53 |
+ |
used by an attacker to perform a man-in-the-middle attack. |
54 |
+ |
|
55 |
+ |
Other applications which use the OpenSSL EVP API may similarly be |
56 |
+ |
affected. |
57 |
+ |
|
58 |
+ |
Stop cross site request forgery attacks in lukemftpd |
59 |
+ |
|
60 |
+ |
20081231: |
61 |
+ |
MidnightBSD 0.2.1-RELEASE-p4 |
62 |
+ |
|
63 |
+ |
Correct a problem where function pointers for netgraph |
64 |
+ |
and bluetooth sockets are not initialized properly. |
65 |
+ |
|
66 |
+ |
20081124: |
67 |
+ |
MidnightBSD 0.2.1-RELEASE-p3 |
68 |
+ |
|
69 |
+ |
Correct a problem in arc4random which causes the device |
70 |
+ |
not get get enough entropy for system services. Geom |
71 |
+ |
classes initialized at startup will still have problems. |
72 |
+ |
|
73 |
+ |
20081002: |
74 |
+ |
MidnightBSD 0.2.1-RELEASE-p2 |
75 |
+ |
|
76 |
+ |
IPv6 Neighbor Discovery Protocol routing vulnerability |
77 |
+ |
|
78 |
+ |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476 |
79 |
+ |
http://www.kb.cert.org/vuls/id/472363 |
80 |
+ |
|
81 |
+ |
This fix causes IPv6 Neighbor Discovery Neighbor Solicitation |
82 |
+ |
messages to be ignored from non-neighbors. |
83 |
+ |
|
84 |
+ |
This can be re-enabled, if needed, by setting the newly added |
85 |
+ |
net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to 1. |
86 |
+ |
|
87 |
+ |
20080929: |
88 |
+ |
MidnightBSD 0.2.1-RELEASE-p1 |
89 |
+ |
|
90 |
+ |
Fix a defect in ftpd. The command buffer was split which allowed |
91 |
+ |
attackers to send arbritrary commands over the network. |
92 |
+ |
|
93 |
+ |
20080905: |
94 |
+ |
Update nve(4) to support newer hardware. |
95 |
+ |
|
96 |
+ |
20080903: |
97 |
+ |
Correct two defects in MidnightBSD. AMD64/EMT64 systems had a |
98 |
+ |
privledge escalation issue. CVE-2008-3890 |
99 |
+ |
|
100 |
+ |
In case of an incoming ICMPv6 'Packet Too Big Message', there is an |
101 |
+ |
insufficient check on the proposed new MTU for a path to the |
102 |
+ |
destination. |
103 |
+ |
CVE-2008-3530 |
104 |
+ |
|
105 |
+ |
20080830: |
106 |
+ |
MidnightBSD 0.2.1-RELEASE |
107 |
+ |
|
108 |
+ |
Oops, fix some bugs with sysinstall's handling of packages found |
109 |
+ |
on the release ISOs. Tweak etc/firstboot while where here. |
110 |
+ |
|
111 |
+ |
20080829: |
112 |
+ |
MidnightBSD 0.2-RELEASE |
113 |
+ |
|
114 |
+ |
20080703: |
115 |
+ |
Correct problem with pcc and DESTDIR that affected creating live cds |
116 |
+ |
and jails. |
117 |
+ |
|
118 |
+ |
sysinstall would incorrectly truncate DHCP info when configuring |
119 |
+ |
ipv4 networking. This was the result of a bad patch several months |
120 |
+ |
ago. Fix this error. Found via testing a snapshot. |
121 |
+ |
|
122 |
+ |
20080627: |
123 |
+ |
Add firmware(9), WEP, CCMP, TKIP to GENERIC. |
124 |
+ |
|
125 |
+ |
Add glabel to GENERIC. |
126 |
+ |
|
127 |
+ |
Intel ICH8 mobile chipset used on some iMacs included with ata. |
128 |
+ |
|
129 |
+ |
pcc connected to the build on i386. (alternative compiler) |
130 |
+ |
|
131 |
+ |
20080613: |
132 |
+ |
Begin work for MidnightBSD 0.2-PRERELEASE |
133 |
+ |
|
134 |
+ |
20080528: |
135 |
+ |
Sendmail 8.14.3 |
136 |
+ |
|
137 |
+ |
20080516: |
138 |
+ |
ssh-vulnkey allows you to look for vulnerable ssh keys that |
139 |
+ |
were generated on Debian and Ubuntu hosts over the last |
140 |
+ |
few years. sshd can block offending keys with a configuration |
141 |
+ |
option. |
142 |
+ |
|
143 |
+ |
The elf note on binaries is now set to MidnightBSD. |
144 |
+ |
|
145 |
+ |
20080514: |
146 |
+ |
Fixed a number of problems with pcc. It is not yet connected |
147 |
+ |
to the build, but usable on i386 hosts. You may use it |
148 |
+ |
by make; make install in /usr/src/usr.bin/pcc. It will |
149 |
+ |
install in /usr/local as some of the files conflict with |
150 |
+ |
GCC versions. __MidnightBSD__ is defined in PCC as well. |
151 |
+ |
|
152 |
+ |
System headers were fixed to allow pcc to compile many binaries |
153 |
+ |
on MidnightBSD. bin/cp will work now for instance. |
154 |
+ |
|
155 |
+ |
20080430: |
156 |
+ |
__MidnightBSD__ is now defined via gcc. This can be tested |
157 |
+ |
to determine we're running on MidnightBSD in the preprocessor. |
158 |
+ |
|
159 |
+ |
20080429: |
160 |
+ |
Import bind 9.4.2 with threading |
161 |
+ |
|
162 |
+ |
libpthread (KSE) and libthr are built earlier |
163 |
+ |
|
164 |
+ |
pcvt(4) removed! |
165 |
+ |
|
166 |
+ |
Alias added for core2 cpus. |
167 |
+ |
|
168 |
+ |
Alpha and PC98 only utilities removed from usr/sbin |
169 |
+ |
|
170 |
+ |
syslogd, adduser, rmuser, mergemaster and mailwrapper have been |
171 |
+ |
improved. See the man pages for info. |
172 |
+ |
|
173 |
+ |
periodic scripts will not send emails with empty message bodies. |
174 |
+ |
See mailwrapper fix. |
175 |
+ |
|
176 |
+ |
20080410: |
177 |
+ |
Sync cpdup with DragonFly. Add parallel transaction support and |
178 |
+ |
-l flag to line-buffer stdout and stderr. |
179 |
+ |
|
180 |
+ |
20080406: |
181 |
+ |
Import bzip2 1.05 |
182 |
+ |
Import OpenSSH 4.9p1 |
183 |
+ |
|
184 |
+ |
20080322: |
185 |
+ |
The default umask was changed to 022. |
186 |
+ |
|
187 |
+ |
/usr/X11R6 paths were removed from several config files. |
188 |
+ |
|
189 |
+ |
.mkshrc files are now installed for root. |
190 |
+ |
|
191 |
+ |
20080316: |
192 |
+ |
FIx a problem with gif0 tunnels and neighbors with IPV6. |
193 |
+ |
|
194 |
+ |
20080312: |
195 |
+ |
Add lndir from X.org. This aides in the porting of MirPorts. |
196 |
+ |
|
197 |
+ |
New OS versions were added to the mapage code (groff) |
198 |
+ |
|
199 |
+ |
20080310: |
200 |
+ |
Correct a buffer overflow in ppp. |
201 |
+ |
|
202 |
+ |
20080308: |
203 |
+ |
Remove /usr/X11R6 from manpath config. |
204 |
+ |
|
205 |
+ |
20080307: |
206 |
+ |
Atheros driver no longer has several options set |
207 |
+ |
which corrects building in tinderbox on all three platforms. |
208 |
+ |
|
209 |
+ |
Added a new macro to sx.h which returns true if the current |
210 |
+ |
thread holds an exclusive lock on a specifix sx. |
211 |
+ |
|
212 |
+ |
Removed OS/2's HPFS file system. It's not maintained and |
213 |
+ |
I don't know anyone using OS/2 or ecomstation these days. |
214 |
+ |
My copy is in the closet collecting dust. |
215 |
+ |
|
216 |
+ |
20080306: |
217 |
+ |
Synced tinderbox with FreeBSD. Modified it for MidnightBSD. |
218 |
+ |
Developers can now use it to check src builds. |
219 |
+ |
|
220 |
+ |
20080303: |
221 |
+ |
Add mksh to /etc/shells, made some adjustments to options |
222 |
+ |
for mksh builds per suggestion upstream. |
223 |
+ |
|
224 |
+ |
USB HID table updated with modern hardware list. |
225 |
+ |
|
226 |
+ |
Updated BSD family true (we're not in there yet) |
227 |
+ |
|
228 |
+ |
iso3166 file updated and import of tzdata2007k for |
229 |
+ |
new time zones. |
230 |
+ |
|
231 |
+ |
Updated mksh to latest version R33. |
232 |
+ |
|
233 |
+ |
20080228: |
234 |
+ |
Remplaced the random IP id generation code with a new |
235 |
+ |
version by Amit Klein. |
236 |
+ |
|
237 |
+ |
20080221: |
238 |
+ |
Sendfile write only permissions fix. |
239 |
+ |
|
240 |
+ |
Removed some HPFS and PC98 code. |
241 |
+ |
|
242 |
+ |
iso639 file sycned with DragonFly. |
243 |
+ |
|
244 |
+ |
20080128: |
245 |
+ |
Changed NTP configuration so that ips aren't cached |
246 |
+ |
so multiple servers are used. |
247 |
+ |
|
248 |
+ |
Fix an issue with fork() in libpthread. |
249 |
+ |
|
250 |
+ |
20080121: |
251 |
+ |
Add virtualization detection to set the HZ rate |
252 |
+ |
according to a VM present. VMWare and Parallels |
253 |
+ |
should work better like this. |
254 |
+ |
|
255 |
+ |
Change to full x11 install in sysinstall. Add |
256 |
+ |
xorg 7 support. |
257 |
+ |
|
258 |
+ |
20080115: |
259 |
+ |
Fix the handling of PTY's. CVE-2008-0216 |
260 |
+ |
|
261 |
+ |
20080105: |
262 |
+ |
mport delete code added, USE_MPORT_TOOLS knob aded. |
263 |
+ |
|
264 |
+ |
20080101: |
265 |
+ |
Happy New Year |
266 |
+ |
|
267 |
+ |
20071123: |
268 |
+ |
Update sendmail to 8.14.2 |
269 |
+ |
|
270 |
+ |
20071120: |
271 |
+ |
Update system compiler to gcc 3.4.6. |
272 |
+ |
|
273 |
+ |
20071023: |
274 |
+ |
Updated mksh to R31d. |
275 |
+ |
|
276 |
+ |
20070911: |
277 |
+ |
Updated mksh to version R31b. |
278 |
+ |
|
279 |
+ |
Fixed stderr output in libpthread. Previously it was |
280 |
+ |
written to stdout. |
281 |
+ |
|
282 |
+ |
20070831: |
283 |
+ |
Added dot.mkshrc file to support the recent change to |
284 |
+ |
mksh from OpenBSD's ksh derived from pdksh. |
285 |
+ |
|
286 |
+ |
Added new firewall configuration. ipfw is enabled by default |
287 |
+ |
with a "desktop" configuration. Consult /etc/rc.firewall |
288 |
+ |
or ipfw show to see the ruleset used. You can disable |
289 |
+ |
ipfw by setting firewall_enable="NO" in /etc/rc.conf This |
290 |
+ |
change only effects IPv4. IPv6 does not have a firewall |
291 |
+ |
enabled by default. |
292 |
+ |
|
293 |
+ |
20070814: |
294 |
+ |
Removed GNU tar source. We've been using BSD tar |
295 |
+ |
for awhile. |
296 |
+ |
|
297 |
+ |
20070806: |
298 |
+ |
Finished removing umapfs and autofs from the tree. |
299 |
+ |
|
300 |
+ |
20070804: |
301 |
+ |
BIND and Tcpdump have been patched for recent vulnerabilities. |
302 |
+ |
|
303 |
+ |
We switched to BSD cpio (pax). |
304 |
+ |
|
305 |
+ |
20070719: |
306 |
+ |
Imported cpdup from DragonFly as /bin/cpdup |
307 |
+ |
|
308 |
+ |
20070716: |
309 |
+ |
Update GNU cpio to 2.8. |
310 |
+ |
|
311 |
+ |
20070410: |
312 |
+ |
cvs was updated to 1.12.13. cvsbug was removed. |
313 |
+ |
cvs now behaves similarly to DragonFly's cvs with |
314 |
+ |
most of their local changes. |
315 |
+ |
|
316 |
+ |
20070409: |
317 |
+ |
RELENG_0_1 was created. More aggresive changes will |
318 |
+ |
continue here. |
319 |
+ |
|
320 |
|
20070406: |
321 |
|
Back out propolice. propolice caused several problems |
322 |
|
with our threading libraries libthr and libpthread. |
328 |
|
It is more important to have a stable system for our |
329 |
|
mport work and other projects at this time. |
330 |
|
|
331 |
+ |
This is not a clean removal. It is recommended that you |
332 |
+ |
have a recently SNAP CD handy. You can either reinstall |
333 |
+ |
or perform a make buildworld and make buildkernel and |
334 |
+ |
make installkernel. Reboot on the cd and copy the contents |
335 |
+ |
of /bin, /sbin, /lib, /libexec, and /usr/bin, /usr/sbin, |
336 |
+ |
/usr/lib, and /usr/libexec to the respective directories on |
337 |
+ |
your disk. Then you should be able to boot into single user |
338 |
+ |
mode and run make installworld. You will need to run |
339 |
+ |
chflags noschg on some of the files if you can't overwrite |
340 |
+ |
them. |
341 |
+ |
|
342 |
+ |
You will get __guard missing errors since we had to remove |
343 |
+ |
this from libc. |
344 |
+ |
|
345 |
+ |
You will need to rebuild any ports built while propolice was |
346 |
+ |
installed. |
347 |
+ |
|
348 |
|
20070401: |
349 |
|
Importing propolice into MidnightBSD. Propolice is going to |
350 |
|
provide us with much greater security and stability in the |
693 |
|
this document. |
694 |
|
|
695 |
|
$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $ |
696 |
< |
$MidnightBSD: src/UPDATING,v 1.18 2007/04/03 17:48:34 laffer1 Exp $ |
696 |
> |
$MidnightBSD: src/UPDATING,v 1.38.2.18 2009/05/21 23:11:43 laffer1 Exp $ |