ViewVC Help

View File | Revision Log | Show Annotations | Revision Graph | Download File | Root Listing

root/midnightbsd-cvs/src/UPDATING

Comparing src/UPDATING (file contents):
Revision 1.20.2.10 by raven, Fri Oct 3 02:30:00 2008 UTC vs.
Revision 1.38.2.19 by laffer1, Wed Jun 10 15:49:25 2009 UTC

#	Line 3 | Line 3 | Updating Information for MidnightBSD users
3		Items affecting the mports and packages system can be found in
4		/usr/mports/UPDATING.
5
6	+	20090610:
7	+	MidnightBSD 0.2.1-RELEASE-p10
8	+
9	+	This should be applied to all systems running 0.2.1. Users on
10	+	p9 simply should update their kernels. No world update is required.
11	+
12	+	ipv6:
13	+	The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check.
14	+	Don't let everyone on the planet (with local access) change the
15	+	properties on the ipv6 interfaces.
16	+
17	+	anonymous pipes:
18	+	Stop unprivileged processes from reading pages of memory belonging
19	+	to other processes with anonymous pipes.
20	+
21	+	20090521:
22	+	MidnightBSD 0.2.1-RELEASE-p9
23	+
24	+	This fix is only in configuration files for ssh and sshd.  Users on
25	+	p8 should simply add
26	+
27	+	Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
28	+
29	+	to their configuration files for sshd_config and ssh_config in etc/ssh
30	+
31	+	20090422:
32	+	MindightBSD 0.2.1-RELEASE-p8
33	+
34	+	The function ASN1_STRING_print_ex does not properly validate the lengths
35	+	of BMPString or UniversalString objects before attempting to print them.
36	+
37	+	20090326:
38	+	MidnightBSD 0.2.1-RELEASE-p7
39	+
40	+	Fix several security problems with sudo.  It is now 1.6.9-p20
41	+
42	+	20090115:
43	+	MidnightBSD 0.2.1-RELEASE-p6
44	+
45	+	Correct an issue with BIND that allows for DNSSEC spoofing
46	+	attacks.
47	+
48	+	20090110:
49	+	MidnightBSD 0.2.1-RELEASE-p5
50	+
51	+	For applications using OpenSSL for SSL connections, an invalid SSL
52	+	certificate may be interpreted as valid.  This could for example be
53	+	used by an attacker to perform a man-in-the-middle attack.
54	+
55	+	Other applications which use the OpenSSL EVP API may similarly be
56	+	affected.
57	+
58	+	Stop cross site request forgery attacks in lukemftpd
59	+
60	+	20081231:
61	+	MidnightBSD 0.2.1-RELEASE-p4
62	+
63	+	Correct a problem where function pointers for netgraph
64	+	and bluetooth sockets are not initialized properly.
65	+
66	+	20081124:
67	+	MidnightBSD 0.2.1-RELEASE-p3
68	+
69	+	Correct a problem in arc4random which causes the device
70	+	not get get enough entropy for system services.  Geom
71	+	classes initialized at startup will still have problems.
72	+
73		20081002:
74	+	MidnightBSD 0.2.1-RELEASE-p2
75	+
76		IPv6 Neighbor Discovery Protocol routing vulnerability
77
78	+	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476
79	+	http://www.kb.cert.org/vuls/id/472363
80	+
81	+	This fix causes IPv6 Neighbor Discovery Neighbor Solicitation
82	+	messages to be ignored from non-neighbors.
83	+
84	+	This can be re-enabled, if needed, by setting the newly added
85	+	net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to 1.
86	+
87		20080929:
88	<	Fix an issue with ftpd's command buffer.
88	>	MidnightBSD 0.2.1-RELEASE-p1
89
90	<	20080419:
91	<	Fix a security issue with OpenSSH as reported by the Debian project.
90	>	Fix a defect in ftpd.  The command buffer was split which allowed
91	>	attackers to send arbritrary commands over the network.
92
93	<	20071104:
94	<	0.1.1-RELEASE
93	>	20080905:
94	>	Update nve(4) to support newer hardware.
95
96	<	20071006:
97	<	Version bumped in param.h.  We've recently fixed a security issue in
98	<	openssl.
96	>	20080903:
97	>	Correct two defects in MidnightBSD.  AMD64/EMT64 systems had a
98	>	privledge escalation issue.  CVE-2008-3890
99
100	+	In case of an incoming ICMPv6 'Packet Too Big Message', there is an
101	+	insufficient check on the proposed new MTU for a path to the
102	+	destination.
103	+	CVE-2008-3530
104	+
105	+	20080830:
106	+	MidnightBSD 0.2.1-RELEASE
107	+
108	+	Oops, fix some bugs with sysinstall's handling of packages found
109	+	on the release ISOs.  Tweak etc/firstboot while where here.
110	+
111	+	20080829:
112	+	MidnightBSD 0.2-RELEASE
113	+
114	+	20080703:
115	+	Correct problem with pcc and DESTDIR that affected creating live cds
116	+	and jails.
117	+
118	+	sysinstall would incorrectly truncate DHCP info when configuring
119	+	ipv4 networking.  This was the result of a bad patch several months
120	+	ago.  Fix this error.  Found via testing a snapshot.
121	+
122	+	20080627:
123	+	Add firmware(9), WEP, CCMP, TKIP to GENERIC.
124	+
125	+	Add glabel to GENERIC.
126	+
127	+	Intel ICH8 mobile chipset used on some iMacs included with ata.
128	+
129	+	pcc connected to the build on i386. (alternative compiler)
130	+
131	+	20080613:
132	+	Begin work for MidnightBSD 0.2-PRERELEASE
133	+
134	+	20080528:
135	+	Sendmail 8.14.3
136	+
137	+	20080516:
138	+	ssh-vulnkey allows you to look for vulnerable ssh keys that
139	+	were generated on Debian and Ubuntu hosts over the last
140	+	few years.  sshd can block offending keys with a configuration
141	+	option.
142	+
143	+	The elf note on binaries is now set to MidnightBSD.
144	+
145	+	20080514:
146	+	Fixed a number of problems with pcc.  It is not yet connected
147	+	to the build, but usable on i386 hosts.  You may use it
148	+	by make; make install in /usr/src/usr.bin/pcc.  It will
149	+	install in /usr/local as some of the files conflict with
150	+	GCC versions. __MidnightBSD__ is defined in PCC as well.
151	+
152	+	System headers were fixed to allow pcc to compile many binaries
153	+	on MidnightBSD.  bin/cp will work now for instance.
154	+
155	+	20080430:
156	+	__MidnightBSD__ is now defined via gcc.  This can be tested
157	+	to determine we're running on MidnightBSD in the preprocessor.
158	+
159	+	20080429:
160	+	Import bind 9.4.2 with threading
161	+
162	+	libpthread (KSE) and libthr are built earlier
163	+
164	+	pcvt(4) removed!
165	+
166	+	Alias added for core2 cpus.
167	+
168	+	Alpha and PC98 only utilities removed from usr/sbin
169	+
170	+	syslogd, adduser, rmuser, mergemaster and mailwrapper have been
171	+	improved.  See the man pages for info.
172	+
173	+	periodic scripts will not send emails with empty message bodies.
174	+	See mailwrapper fix.
175	+
176	+	20080410:
177	+	Sync cpdup with DragonFly.  Add parallel transaction support and
178	+	-l flag to line-buffer stdout and stderr.
179	+
180	+	20080406:
181	+	Import bzip2 1.05
182	+	Import OpenSSH 4.9p1
183	+
184	+	20080322:
185	+	The default umask was changed to 022.
186	+
187	+	/usr/X11R6 paths were removed from several config files.
188	+
189	+	.mkshrc files are now installed for root.
190	+
191	+	20080316:
192	+	FIx a problem with gif0 tunnels and neighbors with IPV6.
193	+
194	+	20080312:
195	+	Add lndir from X.org.  This aides in the porting of MirPorts.
196	+
197	+	New OS versions were added to the mapage code (groff)
198	+
199	+	20080310:
200	+	Correct a buffer overflow in ppp.
201	+
202	+	20080308:
203	+	Remove /usr/X11R6 from manpath config.
204	+
205	+	20080307:
206	+	Atheros driver no longer has several options set
207	+	which corrects building in tinderbox on all three platforms.
208	+
209	+	Added a new macro to sx.h which returns true if the current
210	+	thread holds an exclusive lock on a specifix sx.
211	+
212	+	Removed OS/2's HPFS file system.   It's not maintained and
213	+	I don't know anyone using OS/2 or ecomstation these days.
214	+	My copy is in the closet collecting dust.
215	+
216	+	20080306:
217	+	Synced tinderbox with FreeBSD.  Modified it for MidnightBSD.
218	+	Developers can now use it to check src builds.
219	+
220	+	20080303:
221	+	Add mksh to /etc/shells, made some adjustments to options
222	+	for mksh builds per suggestion upstream.
223	+
224	+	USB HID table updated with modern hardware list.
225	+
226	+	Updated BSD family true (we're not in there yet)
227	+
228	+	iso3166 file updated and import of tzdata2007k for
229	+	new time zones.
230	+
231	+	Updated mksh to latest version R33.
232	+
233	+	20080228:
234	+	Remplaced the random IP id generation code with a new
235	+	version by Amit Klein.
236	+
237	+	20080221:
238	+	Sendfile write only permissions fix.
239	+
240	+	Removed some HPFS and PC98 code.
241	+
242	+	iso639 file sycned with DragonFly.
243	+
244	+	20080128:
245	+	Changed NTP configuration so that ips aren't cached
246	+	so multiple servers are used.
247	+
248	+	Fix an issue with fork() in libpthread.
249	+
250	+	20080121:
251	+	Add virtualization detection to set the HZ rate
252	+	according to a VM present.  VMWare and Parallels
253	+	should work better like this.
254	+
255	+	Change to full x11 install in sysinstall.  Add
256	+	xorg 7 support.
257	+
258	+	20080115:
259	+	Fix the handling of PTY's.  CVE-2008-0216
260	+
261	+	20080105:
262	+	mport delete code added, USE_MPORT_TOOLS knob aded.
263	+
264	+	20080101:
265	+	Happy New Year
266	+
267	+	20071123:
268	+	Update sendmail to 8.14.2
269	+
270	+	20071120:
271	+	Update system compiler to gcc 3.4.6.
272	+
273	+	20071023:
274	+	Updated mksh to R31d.
275	+
276		20070911:
277	<	libpthread output intended as an error is now written to
24	<	stderr instead of stdout.
277	>	Updated mksh to version R31b.
278
279	<	bzip2 updated to 1.0.4
279	>	Fixed stderr output in libpthread.  Previously it was
280	>	written to stdout.
281
282	<	find:
283	<	Add -Btime, -Bnewer, -Bmin, -newerB[Bacmt], -newer[acmt]B options to
284	<	work with the st_birthtime field of struct stat.
31	<
32	<	'B' has been chosen to match the format specifier from stat(1).
282	>	20070831:
283	>	Added dot.mkshrc file to support the recent change to
284	>	mksh from OpenBSD's ksh derived from pdksh.
285
286	<	20070810:
287	<	src/usr.sbin/pkg_install was updated to work with
288	<	mports properly.  If you get errors with plists
289	<	with lines about dirrmtry, this will fix it.
286	>	Added new firewall configuration.  ipfw is enabled by default
287	>	with a "desktop" configuration.  Consult /etc/rc.firewall
288	>	or ipfw show to see the ruleset used.  You can disable
289	>	ipfw by setting firewall_enable="NO" in /etc/rc.conf This
290	>	change only effects IPv4.  IPv6 does not have a firewall
291	>	enabled by default.
292
293	+	20070814:
294	+	Removed GNU tar source.  We've been using BSD tar
295	+	for awhile.
296	+
297		20070806:
298	<	/usr/share/mk/bsd.port.mk was not merged from current
41	<	before 0.1 was released.  This caused the wrong
42	<	file in /usr/mport/mk to be sourced when a port's
43	<	makefile sourced bsd.port.mk.  Many ports where broken as
44	<	a result.
298	>	Finished removing umapfs and autofs from the tree.
299
46	–
300		20070804:
301	<	0.1-RELEASE
49	<
50	<	BIND 9.3.4-p1 security patch.
301	>	BIND and Tcpdump have been patched for recent vulnerabilities.
302
303	<	Tcpdump was patched.
303	>	We switched to BSD cpio (pax).
304
305	+	20070719:
306	+	Imported cpdup from DragonFly as /bin/cpdup
307	+
308	+	20070716:
309	+	Update GNU cpio to 2.8.
310	+
311	+	20070410:
312	+	cvs was updated to 1.12.13.  cvsbug was removed.
313	+	cvs now behaves similarly to DragonFly's cvs with
314	+	most of their local changes.
315	+
316	+	20070409:
317	+	RELENG_0_1 was created. More aggresive changes will
318	+	continue here.
319	+
320		20070406:
321		Back out propolice.  propolice caused several problems
322		with our threading libraries libthr and libpthread.
#	Line 427 | Line 693 | Contact Warner Losh if you have any questions about yo
693		this document.
694
695		$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
696	<	$MidnightBSD: src/UPDATING,v 1.20.2.9 2008/09/30 04:17:04 laffer1 Exp $
696	>	$MidnightBSD: src/UPDATING,v 1.38.2.18 2009/05/21 23:11:43 laffer1 Exp $

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines