ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Download File | Root Listing
root/midnightbsd-cvs/src/UPDATING
Revision: 1.161
Committed: Tue Jun 12 14:41:14 2012 UTC (11 years, 9 months ago) by laffer1
Branch: MAIN
CVS Tags: HEAD
Changes since 1.160: +7 -1 lines
Log Message:
BIND / cve-2012-1667

File Contents

# Content
1 Updating Information for MidnightBSD users.
2
3 20120612:
4 BIND security update related to CVE-2012-1667.
5
6 Zero length resource records can cause BIND to crash resulting
7 in a DOS attack or information disclosure.
8
9 20120407:
10 mksh R40f (fixes regression)
11
12 20120328:
13 mksh R40e
14
15 Perl 5.14.2
16
17 20120229:
18 cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable.
19
20 20120209:
21 mDNSResponder 333.10 imported
22
23 20111227:
24 import raid5 module for GEOM, graid5(8)
25
26 This is experimental and known to use a lot of kernel
27 memory.
28
29 20111223:
30 telnetd: fix a root exploit from a fixed buffer that was not checked
31
32 pam: don't allow escape from policy path. Exploitable in KDE, etc.
33
34 Fix pam_ssh module:
35
36 If the pam_ssh module is enabled, attackers may be able to gain access
37 to user accounts which have unencrypted SSH private keys.
38
39 This has to due with the way that openssl works. It ignores unencrpted data.
40
41 Fix security issue with chroot and ftpd.
42
43 nsdispatch(3) doesn't know it's working in a chroot and some
44 operations can cause files to get reloaded causing a security
45 hole in things like ftpd.
46
47 20111217:
48 libdialog/dialog upgraded to an lgpl version. As it's not
49 backwardly compatable, include the old libdialog as libodialog
50
51 20111212:
52 mksh r40d imported
53
54 20111210:
55 re(4) and rl(4) updated to support new chips.
56
57 GEOM synced with FreeBSD 7-stable.
58
59 MidnightBSD GPT partition types created in sys/gpt.h and
60 setup in boot loader and GEOM.
61
62 amdsbwd(4) (amd watchdog for south bridge) updated to support
63 8xx series chipset.
64
65 20111207:
66 import bsd grep from FreeBSD/OpenBSD.
67
68 MK_BSD_GREP controls which grep is installed
69 as grep with the other as bsdgrep or gnugrep.
70
71 20111122:
72 mksh vR40c imported.
73
74 20111117:
75 BIND 9.6 ESV R5 P1
76
77 20111107:
78 tzdata 2011n
79
80 20111026:
81 mDNSResponder v320
82
83 BIND 9.6 ESV R5
84
85 20111022:
86 cflow 0.0.6 imported
87
88 20111020:
89 less v436 imported
90
91 amdsbwd(4) AMD southbridge watchdog
92
93 20111019:
94 awk 20110810 imported
95
96 et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but
97 not included in GENERIC kernel. The kernel module needs
98 testing before we can include it in GENERIC.
99
100 intr_bind code ported to allow an IRQ to be bound to one
101 specific CPU core.
102
103 20111017:
104 Time Zone Data v. 2011l (Released 10 October 2011)
105
106 Updated list of countries (iso3166) to work with new timezone data.
107
108 20111015:
109 Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used
110 to control which core or group of cores can be used for a given
111 process. Several new system calls were added to support this
112 functionality in the running kernel and for 32bit binary
113 compatibility on amd64.
114
115 The scheduler default has been changed to ULE in i386 and
116 amd64. Changes were made to both schedulers (4BSD AND ULE)
117 for this feature.
118
119 This work is based on Jeff Roberson's FreeBSD 7.1 patches.
120
121 20111004:
122 Fix a problem with unix socket handling caused by the recent
123 patch to unix socket path handling. This allows network
124 apps to work under the linuxolator again.
125
126 20111001:
127 Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is
128 now default and an environment variable must be set to use
129 active.
130
131 20110930:
132 Introduce quirks handling for several umass devices including
133 USB cameras. Add workaround for Cyberpower UPS devices.
134
135 Bring in further bug fixes from FreeBSD and NetBSD for alc(4).
136 Stale ip/tcp header pointers are no longer used, lockups fixed
137 when network cable is unplugged on bootup, enable TX checksum
138 offloading.
139
140 Add a new man page for gcache(8), a useful geom class when
141 working with large raid3 sets.
142
143 Restore previous workaround for Cypress pata storage controller.
144
145 20110929:
146 Sync ath(4) with FreeBSD 7.3.
147
148 The following modules are no longer available, and should be
149 removed from loader.conf:
150 ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
151
152 alc(4) would hibernate when a cable was unplugged and often
153 required bring the interface down and up to "wake up" so that
154 a connection could be established. Disable hibernation.
155
156 20110928:
157 Fix security issues with gzip and compress related to .Z
158 files that are corrupted.
159
160 Fix path validation with unix domain sockets.
161
162 20110917:
163 Remove dependance on mports perl for generating releases as
164 it's in the base system.
165
166 20110914:
167 Import xz 5.0.3 with liblzma 5.0.3
168
169 20110813:
170 synced the sparc64 GENERIC kernel configuration with amd64.
171
172 20110806:
173 sqlite 3.7.7.1 imported
174
175 msearch(1), libmsearch and msearch.import added. msearch(1) provides
176 a full text search command line tool. libmsearch can also be used
177 to build a graphical based search in the future. You can enable
178 index building for msearch in periodic.conf or manually run the
179 /usr/libexec/msearch.index tool. Full text indexes take considerable
180 space in /var. I'm using approximately 500MB currently.
181
182 Fix a long standing bug with the periodic script to check package
183 versions. This will be obsolete with mport though.
184
185 20110710:
186 kdb_enter_why added to MidnightBSD to allow the kernel debugger to
187 know why it's in use and thus script can be run.
188
189 Yet another problem with the perl manifest was fixed
190
191 20110709:
192 cpufreq(1) is a new utility to monitor CPU frequency which may change
193 with use of powerd(8) and cpufreq(4).
194
195 20110612:
196 Update mksh to R40
197
198 Catch up ObsoleteFiles.inc to remove Perl 5.10.x. Good to run when
199 updating current (cd /usr/src && make check-old)
200
201 20110528:
202 Fix CVE-2011-1910 in BIND 9.6.x. This affects caching resolvers.
203
204 20110526:
205 newfs:
206 Raised the default blocksize for UFS/FFS filesystems from
207 16K to 32K and the default fragment size from 2K to 4K.
208
209 This should slightly imporve performance on "advanced format"
210 hard drives such as the WD EARS drives. Drives of this type
211 have emulation modes that slow down with lower sizes. Of course
212 the drive must still be aligned properly when using fdisk.
213
214 20110521:
215 mport tool now has a deleteall command. This can be used to remove
216 all packages from a system.
217
218 A few bugs with the perl 5.14 import have been fixed.
219
220 20110518:
221 Perl 5.14.0
222
223 20110517:
224 Sendmail 8.14.5
225
226 20110314:
227 DRM/DRI code updated to support newer video cards. (FreeBSD 7.1)
228
229 cdevpriv wrappers added
230
231 nss_mdns hack introduced to work around linking problem.
232
233 dnsextd fixed after update to mDNSResponder code.
234
235 20110308:
236 Introduce liblzma & xz 5.0.1 to the base system
237
238 Patch for OpenSSL security issue CVE-2011-0014.
239
240 "OSREVISION 4004"
241
242 nsswitch module for multicast dns (nss_mdns) added.
243
244 tzdata2011c
245
246 20110220:
247 cam(4) syncronized with FreeBSD 7.3.
248
249 20110219:
250 amdtemp(4) updated to support sensors framework.
251
252 20110217:
253 Perl 5.10.1 imported
254
255 20110216:
256 Introduce igb(4) and split Intel Gigabit Ethernet adapters between
257 igb(4) and em(4). Newer devices use igb(4). The code has moved
258 to sys/dev/e1000 for both devices in the kernel. igb(4) has
259 been placed in GENERIC on i386 and amd64.
260
261 Update bfe(4) to support newer devices and WOL.
262
263 20110215:
264 age(4) added.
265
266 20110208:
267 BIND 9.6.3 which fixes a bug with DNSSEC records getting added.
268
269 20110206:
270 eeemon(4) added to monitor Asus Eee PC.
271
272 20110205:
273 OpenSSH 5.7p1
274
275 GNU sort 6.9 (coreutils)
276
277 20110203:
278 one true awk 20100523 imported
279
280 sqlite 3.7.5
281
282 OpenSSL 0.9.8q
283
284 20110202:
285 tcsh 6.17.00
286
287 file 5.05
288
289 20110122:
290 Import it(4) and lm(4), with support for Super I/O hardware monitors. This
291 uses the sensors framework ported by Constantine A. Murenin (GSOC2007)
292
293 20110120:
294 BIND 9.6.2-P3
295
296 sudo 1.7.4-p6
297
298 20110115:
299 Add experimental jme(4) for Jmicron ethernet devices.
300
301 20101130:
302 A double free exists in the SSL client ECDH handling code, when
303 processing specially crafted public keys with invalid prime
304 numbers. [CVE-2010-2939]
305
306 20101120:
307 Several portions of the kernel and userland code related to UFS file
308 systems (and UFS2) cannot properly handle inode counts above 2^31 due
309 to use of int types. Based on a patch from FreeBSD, I've modified
310 our UFS2 implementation to handle unsigned values for inode counts
311 which should allow for file systems greater than 16TB.
312
313 newfs and growfs was also modified.
314
315 20101110:
316 Fix a security issue with pseudofs which could result in running code in kernel
317 context or a kernel panic depending on system configuration. This affects file
318 systems such as procfs for instance.
319
320 20101021:
321 sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily.
322 This is similar to functions present in many linux distros. The utility was
323 written by Devin Teske for FreeBSD.
324
325 20100920:
326 bzip2 security patch for integer overflow.
327
328 20100905:
329 MidnightBSD RELENG_0_3 branch created. Aggressive development continues here
330 for 0.4.
331
332 20100902:
333 Fix a security issue with libutil that allows users to bypass cpu limits in
334 login.conf in some cases. This combined with OpenSSH for example can allow
335 the user to get more resources than they're allowed.
336
337 20100822:
338 Import Apple's mDNSResponder (mdnsd).
339
340 20100814:
341 libdispatch added to MidnightBSD. This provides functionality found in
342 Mac OS X's GCD. We do not have blocks support yet. As this code is
343 licensed under Apache 2, we create a new MK_APACHE option so that
344 it's not required for all users to run code under a license they
345 may not like.
346
347 20100713:
348 mbuf readonly fix related to sendfile(2) data corruption.
349
350 20100704:
351 brainfuck(1) imported from MirBSD.
352
353 20100505:
354 zlib 1.2.5
355
356 20100430:
357 Sudo 1.7.2p6 imported
358
359 20100321:
360 Update zlib to 1.2.4
361
362 20100319:
363 Removed i586 from default i386 generic kernel.
364
365 20100317:
366 Update to tzdata2010e (time zones). This includes changes in
367 Mexico.
368
369 Add support for several newer sound cards via hda including
370 ATI and Realtek chipsets.
371
372 20100313:
373 CPU detection has been changed. VIA Padlock detection added.
374
375 20100312:
376 Fix a number of bugs and compiler warnings in libmport. Handle
377 plus signs in paths for mport.check-fake
378
379 20100311:
380 mksh R39c
381
382 20100309:
383 Sudo 1.7.2p5
384
385 sqlite3 3.6.23
386
387 mksh R39b
388
389 libffi (ffi) 3.0.9
390
391 20100206:
392 WITHOUT_LIB32 is no longer needed on AMD64. GCC was fixed to
393 properly pass arguments to ld.
394
395 re(4) and rl(4) have been updated to support several new
396 realtek chipsets. Performance has been improved on re(4).
397
398 20100204:
399 Fix a bug cropping up on AMD64 MidnightBSD with sftp
400 segfaulting.
401
402 20100116:
403 Import ash changes from FreeBSD (bin/sh) 8-Stable.
404
405 BIND 9.6.1-P2
406
407 20100110:
408 Import Sendmail 8.14.4. Fix for SSL vulnerability.
409
410 posix_spawn(3) added to MidnightBSD libc. Users may need to build and
411 install libc before doing a full buildworld when upating from 0.2 or
412 older current systems.
413
414 kqueue(2) was modified to support portions of libdispatch functionality.
415
416 20100106:
417 Bind security update. Fix a bug with DNSSEC that causes negative
418 cache entries and thus a possible DNS cache poisoning attack.
419
420 Fix a bug in ZFS that can reset permissions on system crashes.
421
422 20091228:
423 amdtemp(4) was added. It allows one to monitor to the temperature
424 of an AMD CPU such as a Phenom.
425
426 20091205:
427 OpenSSL security fix
428
429 The SSL version 3 and TLS protocols support session renegotiation without
430 cryptographically tying the new session parameters to the old parameters.
431
432 20091128:
433 OpenBSD sensors framework imported including sensorsd(8)
434
435 20091126:
436 OpenNTPD 4.4 import
437
438 Update OpenSSH to 5.3p1
439
440 mksh R39
441
442 20091124:
443 cpdup updated from DragonFly to 1.15
444
445 tzdata2009s updated with latest timezone data for November 2009.
446
447 20091010:
448 amd64 users should use WITHOUT_LIB32=yes in /etc/make.conf for now
449 to test current.
450
451 Revert unicode filename fixes from ntfs code. This was causing chaos
452 on amd64 systems.
453
454 20091006:
455 Update timezone data with tzdata2009n with the Pakistan and
456 Argentina changes.
457
458 Sync several userland utilities with versions from FreeBSD 7.0 in
459 sbin and usr.sbin.
460
461 20090919:
462 Update timezone data with tzdate2009m from September 2009.
463
464 20090729:
465 Patch for Bind 9 security vulnerability. a dynmaic update packet
466 can trigger an assertion and cause named to exit
467
468 20090606:
469 Remove PCC from the base system. This compiler will not work
470 as a system compiler for us as we've got some userland investment
471 in C++ code and may have Objective-C in the future. We're stuck
472 with a solution that supports these three languages at a minimum.
473
474 I had wanted to keep it as an optional compiler because it is
475 fast, however too many users want to try to use it for the base
476 system which makes no sense.
477
478 A hack was added for Cypress based usb hard drive enclosures to
479 the kernel. This should cut down on commands it claims to support
480 but does not (at the cam layer). Found while testing ZFS on
481 an external device.
482
483 20090520:
484 The powerd daemon no longer starts automatically to improve
485 compatibility with many systems. However, there is a new
486 installer option in the startup section to enable it. This
487 makes it easier to enable for users that have working systems. I thought it was only a problem on older hardware, but it freaks
488 out my new Phenom too.
489
490 20090502:
491 OpenSSH 5.2p1 import
492
493 ale(4) connected to the build. (kernel module only)
494
495 20090501:
496 Imported makefs utility from NetBSD/FreeBSD
497
498 20090422:
499 OpenSSL security update
500
501 The function ASN1_STRING_print_ex does not properly validate the lengths
502 of BMPString or UniversalString objects before attempting to print them.
503
504 20090415:
505 Created a Symbol.map for libc/ohash symbols
506
507 Updated several usr/bin usr/sbin utilities.
508
509 Corrected a bug with Makefile.inc1 causing the bootstrap
510 tools to fail.
511
512 20090405:
513 xorg 7.4 wants to configure its input devices via hald which does not
514 yet work with USB. If the keyboard/mouse does not work in xorg then
515 add
516 Option "AllowEmptyInput" "off"
517 to your ServerLayout section. This will cause X to use the configured
518 kbd and mouse sections from your xorg.conf
519
520 20090403:
521 mksh was disconnected a few day ago do to bugs with
522 buildworld and mports. Now, connect it back
523 for use as /bin/sh with a conditional called
524 MK_ASH. By default, ash is the standard /bin/sh
525 but we may change this later. This will allow further
526 testing by users and developers of mksh without
527 causing an unpleasant default experience. In the
528 long run, we need to fix mksh compatibility.
529
530 20090328:
531 Bring in mksh R37 from CVS. The dot.mkshrc files for root
532 and skel were changed. mksh(1) now replaces ash aka sh(1)
533 as the default /bin/sh. Please report bugs with
534 ports, etc. The ash code will remain in the repo for awhile
535 as I decide if we'll add something like MK_SHELL_ASH as
536 an optional build parameter.
537
538 ahd was disconnected from the lint environment until
539 the compiler bug is sorted (by updating gcc?)
540
541 Remove freebsd-tips from fortune files and change the
542 default for login and profile.
543
544 20090327:
545 Update libarchive to 2.5.5, tar, and add bsdcpio.
546
547 Also previously, ctriv has been connecting Perl 5.10
548 to the build (part of os). This will have an impact
549 on mports.
550
551 20090325:
552 Update Bind to 9.4.3-P1
553
554 Update mksh to R36b
555
556 Update tcpdump to 3.9.8, fix libpcap to work with current.
557
558 Update pnpinfo, sync with FreeBSD.
559
560 20090115:
561 Fix a problem with DNSSEC and BIND.
562
563 20090110:
564 For applications using OpenSSL for SSL connections, an invalid SSL
565 certificate may be interpreted as valid. This could for example be
566 used by an attacker to perform a man-in-the-middle attack.
567
568 Other applications which use the OpenSSL EVP API may similarly be
569 affected.
570
571 Stop cross site request forgery attacks in lukemftpd
572
573 20090104:
574 Import GNU libreadline 5.2
575
576 20090101:
577 Update time zone data to 2008i.
578
579 20081231:
580 Correct a problem where bluetooth and netgraph sockets are not
581 properly initialized.
582
583 Happy 2009.
584
585 20081206:
586 Due to the massive change in the underlying system under way,
587 we're naming the next release 1.0. The sys/sys/param.h was
588 changed accordingly. ipfilter and ncurses were corrected
589 using __MidnightBSD__ tests in the code.
590
591 The GENERIC kernel config was caught up on i386 today. Consider
592 i386 still broken, but amd64 is running again.
593
594 mdoc.local was updated with the new MidnightBSD version info.
595
596 batt(1) was rewritten in C. It now supports several flags and
597 runs about 8 times faster on my laptop. The default output
598 shows the number of minutes of battery life remaining and the
599 percentage. You can use -u to display the number of batteries or
600 -c to get script friendly output. Consult the man page for more.
601
602 20081204:
603 Work has completed on importing ZFS, jemalloc, several
604 new devices, SCTP, updated pf, a new tempfs, linuxolator 2.6 kernel
605 support, improved locking for file desc., audit (openbsm),
606 openssl .98e, nfe, imporved intel high def audio, midi, updated
607 intel gigabit (em), support for several wifi cards (intel), ...
608
609 Renamed 0.3-CURRENT officially. Switched to using MidnightBSD version
610 data from param.h instead of the FreeBSD version. This means
611 testing is now possible in the ports tree for the version
612 and that any ports or code relying on the FreeBSD version from
613 sys/sys/param.h will need to be fixed.
614
615 20080905:
616 update nve(4) to support new hardware.
617
618 20080801:
619 Import OpenBSM 1.0
620
621 Modify src/release to create 3 isos instead of 2 for packages.
622
623 etc/rc.d/firstboot now enables kdm, gnustep + slim and bsdstats.
624
625 Many ia64, alpha, powerpc items were removed.
626
627 The recent diffutils 2.8.7 import was fixed.
628
629 20080703:
630 pcc was not installed properly when setting DESTDIR for live cds,
631 or posibly jails.
632
633 20080627:
634 Add firmware(9), WEP, CCMP, TKIP to GENERIC.
635
636 Add glabel to GENERIC.
637
638 Intel ICH8 mobile chipset used on some iMacs included with ata.
639
640 pcc connected to the build on i386. (alternative compiler)
641
642 ath added to GENERIC. (Atheros wireless NICs) on amd64/i386
643
644 20080528:
645 Sendmail 8.14.3
646
647 20080516:
648 ssh-vulnkey allows you to look for vulnerable ssh keys that
649 were generated on Debian and Ubuntu hosts over the last
650 few years. sshd can block offending keys with a configuration
651 option.
652
653 The elf note on binaries is now set to MidnightBSD.
654
655 20080514:
656 Fixed a number of problems with pcc. It is not yet connected
657 to the build, but usable on i386 hosts. You may use it
658 by make; make install in /usr/src/usr.bin/pcc. It will
659 install in /usr/local as some of the files conflict with
660 GCC versions. __MidnightBSD__ is defined in PCC as well.
661
662 System headers were fixed to allow pcc to compile many binaries
663 on MidnightBSD. bin/cp will work now for instance.
664
665 20080430:
666 __MidnightBSD__ is now defined via gcc. This can be tested
667 to determine we're running on MidnightBSD in the preprocessor.
668
669 20080429:
670 Import bind 9.4.2 with threading
671
672 libpthread (KSE) and libthr are built earlier
673
674 pcvt(4) removed!
675
676 Alias added for core2 cpus.
677
678 Alpha and PC98 only utilities removed from usr/sbin
679
680 syslogd, adduser, rmuser, mergemaster and mailwrapper have been
681 improved. See the man pages for info.
682
683 periodic scripts will not send emails with empty message bodies.
684 See mailwrapper fix.
685
686 20080410:
687 Sync cpdup with DragonFly. Add parallel transaction support and
688 -l flag to line-buffer stdout and stderr.
689
690 20080406:
691 Import bzip2 1.05
692 Import OpenSSH 4.9p1
693
694 20080322:
695 The default umask was changed to 022.
696
697 /usr/X11R6 paths were removed from several config files.
698
699 .mkshrc files are now installed for root.
700
701 20080316:
702 FIx a problem with gif0 tunnels and neighbors with IPV6.
703
704 20080312:
705 Add lndir from X.org. This aides in the porting of MirPorts.
706
707 New OS versions were added to the mapage code (groff)
708
709 20080310:
710 Correct a buffer overflow in ppp.
711
712 20080308:
713 Remove /usr/X11R6 from manpath config.
714
715 20080307:
716 Atheros driver no longer has several options set
717 which corrects building in tinderbox on all three platforms.
718
719 Added a new macro to sx.h which returns true if the current
720 thread holds an exclusive lock on a specifix sx.
721
722 Removed OS/2's HPFS file system. It's not maintained and
723 I don't know anyone using OS/2 or ecomstation these days.
724 My copy is in the closet collecting dust.
725
726 20080306:
727 Synced tinderbox with FreeBSD. Modified it for MidnightBSD.
728 Developers can now use it to check src builds.
729
730 20080303:
731 Add mksh to /etc/shells, made some adjustments to options
732 for mksh builds per suggestion upstream.
733
734 USB HID table updated with modern hardware list.
735
736 Updated BSD family true (we're not in there yet)
737
738 iso3166 file updated and import of tzdata2007k for
739 new time zones.
740
741 Updated mksh to latest version R33.
742
743 20080228:
744 Remplaced the random IP id generation code with a new
745 version by Amit Klein.
746
747 20080221:
748 Sendfile write only permissions fix.
749
750 Removed some HPFS and PC98 code.
751
752 iso639 file sycned with DragonFly.
753
754 20080128:
755 Changed NTP configuration so that ips aren't cached
756 so multiple servers are used.
757
758 Fix an issue with fork() in libpthread.
759
760 20080121:
761 Add virtualization detection to set the HZ rate
762 according to a VM present. VMWare and Parallels
763 should work better like this.
764
765 Change to full x11 install in sysinstall. Add
766 xorg 7 support.
767
768 20080115:
769 Fix the handling of PTY's. CVE-2008-0216
770
771 20080105:
772 mport delete code added, USE_MPORT_TOOLS knob aded.
773
774 20080101:
775 Happy New Year
776
777 20071123:
778 Update sendmail to 8.14.2
779
780 20071120:
781 Update system compiler to gcc 3.4.6.
782
783 20071023:
784 Updated mksh to R31d.
785
786 20070911:
787 Updated mksh to version R31b.
788
789 Fixed stderr output in libpthread. Previously it was
790 written to stdout.
791
792 20070831:
793 Added dot.mkshrc file to support the recent change to
794 mksh from OpenBSD's ksh derived from pdksh.
795
796 Added new firewall configuration. ipfw is enabled by default
797 with a "desktop" configuration. Consult /etc/rc.firewall
798 or ipfw show to see the ruleset used. You can disable
799 ipfw by setting firewall_enable="NO" in /etc/rc.conf This
800 change only effects IPv4. IPv6 does not have a firewall
801 enabled by default.
802
803 20070814:
804 Removed GNU tar source. We've been using BSD tar
805 for awhile.
806
807 20070806:
808 Finished removing umapfs and autofs from the tree.
809
810 20070804:
811 BIND and Tcpdump have been patched for recent vulnerabilities.
812
813 We switched to BSD cpio (pax).
814
815 20070719:
816 Imported cpdup from DragonFly as /bin/cpdup
817
818 20070716:
819 Update GNU cpio to 2.8.
820
821 20070410:
822 cvs was updated to 1.12.13. cvsbug was removed.
823 cvs now behaves similarly to DragonFly's cvs with
824 most of their local changes.
825
826 20070409:
827 RELENG_0_1 was created. More aggresive changes will
828 continue here.
829
830 20070406:
831 Back out propolice. propolice caused several problems
832 with our threading libraries libthr and libpthread.
833 curthread was often NULL after the patch and many
834 multithreaded applications would crash. We plan to
835 work on either bringing in gcc 4.1 or developing a new
836 patch which also corrects our threading issues later.
837
838 It is more important to have a stable system for our
839 mport work and other projects at this time.
840
841 This is not a clean removal. It is recommended that you
842 have a recently SNAP CD handy. You can either reinstall
843 or perform a make buildworld and make buildkernel and
844 make installkernel. Reboot on the cd and copy the contents
845 of /bin, /sbin, /lib, /libexec, and /usr/bin, /usr/sbin,
846 /usr/lib, and /usr/libexec to the respective directories on
847 your disk. Then you should be able to boot into single user
848 mode and run make installworld. You will need to run
849 chflags noschg on some of the files if you can't overwrite
850 them.
851
852 You will get __guard missing errors since we had to remove
853 this from libc.
854
855 You will need to rebuild any ports built while propolice was
856 installed.
857
858 20070401:
859 Importing propolice into MidnightBSD. Propolice is going to
860 provide us with much greater security and stability in the
861 long run. If upgrading from a pre-propolice system, please
862 follow the these instructions:
863
864 cd /usr/src/lib/libc && make obj && make && make install
865 cd /usr/src/gnu/usr.bin/cc && make obj && make && make install
866 cd /usr/src/lib/libpthread && make obj && make && make install
867 cd /usr/src/lib/libthr && make obj && make && make install
868 buildworld and kernel
869
870 It is adviced that any mports which were installed and/or built
871 prior to the propolice update also be updated. If any errors
872 or issue are encounted, please contact security@midnightbsd.org
873 and we will be sure to investigate and come up with an expeditious
874 fix.
875
876 20070314:
877 Remove send-pr from src.
878
879 Switch to NetBSD's gzip.
880
881 Bump MBSD minor revision.
882
883 20070313:
884 Imported OpenSSH 4.6p1.
885
886 Imported FreeBSD's libarchive and updated tar to work with it.
887
888 Disabled debug statements cluttering up /var/log/messages for
889 the tcp autobuf patch applied previously.
890
891 20070312:
892 Synced several audio changes from FreeBSD 6.1. Removed the
893 BSD Daemon files from src/share.
894
895 20070308:
896 Added mfi which supports LSI Logic MegaRAID SAS devices including
897 the Dell perc5i.
898
899 20070206:
900 Imported OpenBSD's sudo into source. Please install
901 /usr/src/usr.bin/sudo/lib first before building.
902
903 Those who install from a snapshot after this date
904 will not be effected.
905
906 20070119:
907 Added audit group. Be sure to add audit to your /etc/group file
908 before installing world.
909
910 hostapd was updated to 0.4.8.
911
912 An accidental commit in usr.sbin/bluetooth/hccontrol was fixed to
913 unbreak world.
914
915 wpa_supplicant was updated.
916
917 For stability and compatibility reasons, it was decided that MidnightBSD
918 sync with FreeBSD 6.1 Release. Nearly every change between the original
919 fork date of February 24, 2006 and the release of FreeBSD 6.1 in May
920 2006 will be merged. Beyond this, MidnightBSD will be a "real" fork and
921 will not sync every little change with FreeBSD.
922
923 20061231:
924 Updated COPYRIGHT for 2007.
925
926 Updated and bumped libutil after importing NetBSD efun(3) functions.
927
928 Added MidnightBSD_version and bumped the FreeBSD version as we've
929 synced all commits between the fork and that version. It is now safe
930 to assume MidnightBSD is compatible with FreeBSD RELENG_6 from
931 Feb 26, 2006.
932
933 Added spell(1) and deroff(1) from NetBSD. Also added additional
934 dict files to work with it. /usr/share/dict/american,
935 /usr/share/dict/british and /usr/share/dict/special/math
936
937 Numerous man page and bug fixes.
938
939 20061226:
940 Setup /usr/share/examples/cvsup SUPfiles for the new
941 MidnightBSD CVSup server.
942
943 Fix a bug in burncd where it would continue forever while
944 erasing CDRW media.
945
946 Add csup to /usr/bin. csup is a CVSup replacement written
947 in C.
948
949 Fixed a bug with bsnmpd build from Oct 30.
950
951 Corrected some race conditions and fixed a few bugs in
952 geom. Imported changes from FreeBSD RELENG_6.
953
954 20061225:
955 Fixed a typo in src/lib/libc/sparc64/fpu/fpu_implode.c
956 that caused long double to long and long long
957 conversion of negative numbers to always result in -1.
958
959 20061221:
960 Fixed acpi_battery.c to not report an ERROR if no
961 batteries are present.
962
963 Performed some minor updates on the RL and RE NIC drivers.
964 RL should no longer panic when trying to print errors.
965
966 Corrected a bug with TTY.
967
968 20061218:
969 Corrected a bug with libpthread where newly created suspended
970 threads don't get scheduled.
971
972 20061206:
973 Fixed a typo with the firewire security patch.
974
975 20061129:
976 Minor cleanups to utilities in bin.
977
978 Fixed msdos file system short file name behavior to match
979 FreeBSD.
980
981 20061031:
982 Updated man pages in section 7.
983
984 20061030:
985 Updated sys/dev/drm to support intel 915 and radeon
986 r300 cards properly.
987
988 Synced snmpd with FreeBSD-stable.
989
990 Fixed a bug in rm which could cause data loss.
991
992 20061027:
993 Added Intel ICH8 and nForce 5 support to ATA. cam, mpt,
994 random, kbdmux, atkbd, and usb were updated. Changes
995 to clearing registers on SSE enabled processors (i386)
996 commited.
997
998 lukemftpd updated.
999
1000 openssh rc script was altered which effects initial
1001 seeding.
1002
1003 20061014:
1004 Workaround for em driver problem on shared IRQ.
1005
1006 Started removal of alpha support.
1007
1008 20061013:
1009 ATA driver was updated. USB/USB1/USB2 types added.
1010
1011 20061010:
1012 OpenSSH was updated to 4.4p1.
1013
1014 20060909:
1015 OpenNTPD was added to MidnightBSD. Run make delete-old to remove
1016 the old ntpd daemon.
1017
1018 cat has a new option -D which allows you to timestamp output
1019 on a per line basis.
1020
1021 The kernel has a keyboard mux which allows you to have multiple
1022 keyboard connected simultaneously. USB keyboard support was also
1023 improved with this patch.
1024
1025 The Intel em driver was updated. Network performance was greatly
1026 increased on many systems. Additional models are supported.
1027
1028 The ATA driver was patched to fix a potential deadlock.
1029
1030 Bind was patched to fix a potential denial of service condition.
1031
1032 20060817:
1033 ksh has been added to the base system. If you previously had
1034 the port installed, it will be overwritten on the next buildworld.
1035
1036
1037
1038 To build a kernel
1039 -----------------
1040 If you are updating from a prior version of MidnightBSD (even one just
1041 a few days old), you should follow this procedure. With a
1042 /usr/obj tree with a fresh buildworld,
1043 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1044 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1045
1046 To test a kernel once
1047 ---------------------
1048 If you just want to boot a kernel once (because you are not sure
1049 if it works, or if you want to boot a known bad kernel to provide
1050 debugging information) run
1051 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1052 nextboot -k testkernel
1053
1054 To just build a kernel when you know that it won't mess you up
1055 --------------------------------------------------------------
1056 This assumes you are already running a 6.X system. Replace
1057 ${arch} with the architecture of your machine (e.g. "i386",
1058 "amd64", "ia64", "pc98", "sparc64", etc).
1059
1060 cd src/sys/${arch}/conf
1061 config KERNEL_NAME_HERE
1062 cd ../compile/KERNEL_NAME_HERE
1063 make depend
1064 make
1065 make install
1066
1067 If this fails, go to the "To build a kernel" section.
1068
1069 To rebuild everything and install it on the current system.
1070 -----------------------------------------------------------
1071 # Note: sometimes if you are running current you gotta do more than
1072 # is listed here if you are upgrading from a really old current.
1073
1074 <make sure you have good level 0 dumps>
1075 make buildworld
1076 make kernel KERNCONF=YOUR_KERNEL_HERE
1077 [1]
1078 <reboot in single user> [3]
1079 mergemaster -p [5]
1080 make installworld
1081 make delete-old
1082 mergemaster [4]
1083 <reboot>
1084
1085
1086 To cross-install current onto a separate partition
1087 --------------------------------------------------
1088 # In this approach we use a separate partition to hold
1089 # current's root, 'usr', and 'var' directories. A partition
1090 # holding "/", "/usr" and "/var" should be about 2GB in
1091 # size.
1092
1093 <make sure you have good level 0 dumps>
1094 <boot into -stable>
1095 make buildworld
1096 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1097 <maybe newfs current's root partition>
1098 <mount current's root partition on directory ${CURRENT_ROOT}>
1099 make installworld DESTDIR=${CURRENT_ROOT}
1100 cd src/etc; make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1101 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1102 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1103 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1104 <reboot into current>
1105 <do a "native" rebuild/install as described in the previous section>
1106 <maybe install compatibility libraries from src/lib/compat>
1107 <reboot>
1108
1109
1110 To upgrade in-place from 5.x-stable or higher to 6.x-stable
1111 -----------------------------------------------------------
1112 <make sure you have good level 0 dumps>
1113 make buildworld [9]
1114 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1115 [1]
1116 <reboot in single user> [3]
1117 mergemaster -p [5]
1118 make installworld
1119 make delete-old
1120 mergemaster -i [4]
1121 <reboot>
1122
1123 Make sure that you've read the UPDATING file to understand the
1124 tweaks to various things you need. At this point in the life
1125 cycle of current, things change often and you are on your own
1126 to cope. The defaults can also change, so please read ALL of
1127 the UPDATING entries.
1128
1129 Also, if you are tracking -current, you must be subscribed to
1130 freebsd-current@freebsd.org. Make sure that before you update
1131 your sources that you have read and understood all the recent
1132 messages there. If in doubt, please track -stable which has
1133 much fewer pitfalls.
1134
1135 [1] If you have third party modules, such as vmware, you
1136 should disable them at this point so they don't crash your
1137 system on reboot.
1138
1139 [3] From the bootblocks, boot -s, and then do
1140 fsck -p
1141 mount -u /
1142 mount -a
1143 cd src
1144 adjkerntz -i # if CMOS is wall time
1145 Also, when doing a major release upgrade, it is required that
1146 you boot into single user mode to do the installworld.
1147
1148 [4] Note: This step is non-optional. Failure to do this step
1149 can result in a significant reduction in the functionality of the
1150 system. Attempting to do it by hand is not recommended and those
1151 that pursue this avenue should read this file carefully, as well
1152 as the archives of freebsd-current and freebsd-hackers mailing lists
1153 for potential gotchas.
1154
1155 [5] Usually this step is a noop. However, from time to time
1156 you may need to do this if you get unknown user in the following
1157 step. It never hurts to do it all the time.
1158
1159 [8] In order to have a kernel that can run the 5.x binaries
1160 needed to do an installworld, you must include the COMPAT_FREEBSD5
1161 option in your kernel. Failure to do so may leave you with a system
1162 that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5
1163 is required to run the 5.x binaries on more recent kernels.
1164
1165 Make sure that you merge any new devices from GENERIC since the
1166 last time you updated your kernel config file.
1167
1168 [9] When checking out sources, you must include the -P flag to have
1169 cvs prune empty directories.
1170
1171 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1172 "?=" instead of the "=" assignment operator, so that buildworld can
1173 override the CPUTYPE if it needs to.
1174
1175 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1176 not on the command line, or in /etc/make.conf. buildworld will
1177 warn if it is improperly defined.
1178
1179 Copyright information:
1180
1181 Copyright 1998-2005 M. Warner Losh. All Rights Reserved.
1182
1183 Redistribution, publication, translation and use, with or without
1184 modification, in full or in part, in any form or format of this
1185 document are permitted without further permission from the author.
1186
1187 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1188 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1189 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1190 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1191 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1192 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1193 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1194 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1195 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1196 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1197 POSSIBILITY OF SUCH DAMAGE.
1198
1199 If you find this document useful, and you want to, you may buy the
1200 author a beer.
1201
1202 Contact Warner Losh if you have any questions about your use of
1203 this document.
1204
1205 $FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
1206 $MidnightBSD: src/UPDATING,v 1.160 2012/04/07 15:16:24 laffer1 Exp $