BIND / cve-2012-1667
MidnightBSD 0.3-RELEASE-p9 Bind vulnerability related to resource records. See CVE-2012-1667.
MidnightBSD 0.3-RELEASE-p8 Fix a problem with cyrpt's DES implementation when used with non 7-bit ascii passwords.
0.3-RELEASE-p7 add SGC and BUF_MEM_grow_clean(3) bug fixes.
0.3-RELEASE-p6 OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576] OpenSSL support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack. [CVE-2011-4619] If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free. [CVE-2011-4109] A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884] The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]
mksh R40f
Perl 5.14.2
mksh update
document cpucontrol(8)
Update Apple's mDNSResponder to 333.10
document new graid5(8)
0.3-release-p5
telnetd: fix a root exploit from a fixed buffer that was not checked
telnetd: fix a root exploit from a fixed buffer that was not checked
pam: don't allow escape from policy path. Exploitable in KDE, etc.
pam: don't allow escape from policy path. Exploitable in KDE, etc.
fix pam security issue with ssh module.
fix pam_ssh security issue
fix security issue with chroot and ftpd
fix security hole in ftpd/libc/
document libdialog change
mksh r40d
lots going on
Introduce BSD licensed version of grep. MK_BSD_GREP = yes turns it on as grep, otherwise gnu grep is installed as grep and bsdgrep is bsd licensed grep. In the inverse, gnu grep becomes gnugrep. For "compatibility", bsdgrep can use the gnu regex library which is also faster, but then it's not purely bsd.
mksh R40c
Update bind for ANOTHER security hole.
time zone data 2011n
Document mDNSResponder and BIND upgrades
introduce cflow
Document less v436, intr_bind, awk update, ...
awk 20110810
timezone++
Introduce CPU Affinity in MidnightBSD. The ULE scheduler is now default on i386 and amd64 architectures. cpuset(1) allows the user to limit a process to a group of CPU cores to run on using new system calls. 32bit versions of the system calls were also added to support 32bit binaries running on amd64 boxes. libc's symbol map was modified to include the cpuset* system calls to expose them to userland. This is based on work by Jeff Roberson from FreeBSD 7.1.
Fix a problem with unix socket handling caused by the recent patch to unix socket path handling. This allows network apps to work under the linuxolator again.
Fix linuxolator unix socket handling after recent security patch.
fetch(1) update
Document alc(4)work, usb umass/usbdevs
Document changes to ath(4) and alc(4).
Fix path validation with unix domain sockets.
document security updates
0.3-RELEASE-p3. Fix a security hole in compress and gzip
perl port required for release bye bye
xz 5.0.3
document sparc64 GENERIC changes
Document new msearch(1) utility.
Ack!
add cpufreq(1)
mksh updated
Fix a critical security hole in BIND 9.6.x with caching resolvers. Attackers can crash BIND. CVE-2011-1910 MidnightBSD 0.3-RELEASE-p2
Document and bump midnightbsd version for bind 9 fix
Document newfs change.
mention perl and mport changes.
Perl & sendmail have been updated.
Document recent changes.
update time zones
document nss_mdns addition
Patch for CVE-2011-0014
xz/lzma
cam(4)
Document perl update.
Document intel driver update for NICs
age(4)
Bind 9.6.3
eeemon(4) mention
Document GNU sort, openssh updates.
Document openssl update.
bump to p1 for sqlite minor issue.
sqlite 3.7.5 imported.
document awk upgrade
didn't know what year it was earlier. yes i updated file too
tcsh 6.17
0.3-RELEASE
Document recent changes
Import it(4) and lm(4) for common Super I/O hardware sensors. This is based on the 2007 Google Summer of Code project by Constantine A. Murenin and code from OpenBSD.
update sudo while we're at it.
bind ++
add jme(4) for JMicron ethernet devices. This is experimental and any bugs should be reported.
A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939]
A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939]
Several portions of the kernel and userland code related to UFS file systems (and UFS2) cannot properly handle inode counts above 2^31 due to use of int types. Based on a patch from FreeBSD, I've modified our UFS2 implementation to handle unsigned values for inode counts which should allow for file systems greater than 16TB. newfs and growfs was also modified.
I'm having a great time with pseudofs!
Drat pseudofs.
Document new sysrc utility.
Security update for globbing issue affecting ftp and sftp
Security update for bzip2 integer overflow.
Security update for bzip2.. bring to 0.2.1-p12
Security update for bzip2 integer overflow
Security update for integer overflow in bzip2
Remove xz for now
Move things along.. current is now 0.4-CURRENT. Change the man pages, osreldate and other tunables in the system accordingly. While we're here, update other bsd systems in our mdoc.local.
Document security update.
Document mdnsd
libdispatch
Denote mbuf fix
brainfuck(1)
zlib++
Sudo was updated
Document zlib 1.2.4 update
Document this mornings change.
timezones and ati updates
Document recent changes.
MKSH R39c.. missed it by a few hours.
Haven't we been busy.
Update system sudo
document re(4) and rl(4) updates. document gcc fix on amd64.
fix sftp on amd64.
BIND 9.6.1-P2, FreeBSD version of ash import
Sendmail 8.14.4
Document kqueue and posix_spawn additions.
zfs and bind security updates
Mention amdtemp(4)
Mention OpenSSL change.
Import OpenBSD's sysctl sensors framework. This is based on work by Constantine A. Murenin for the 2007 Google summer of code for FreeBSD. Includes: sample config file for sensord rc scripts documentation fixes and updates sys/kern/kern_sensors.c sys/sensors.h This is compatible with OpenBSD 4.1 and 4.2 in terms of the userland bits.
OpenNTPD 4.4
mksh and openssh updates
Mention recent updates.
Tell amd64 users how to get a working system for now.
document timezone update yesterday and some other things we've been up to
tzupdate
0.2.1-p11
mention the bind issue in updating
Add text for security advisory
mention usb changes and removal of pcc with a brief explanation.
Add updating text for ssh vulnerability.
Mention the new installer option and change for powerd to be disabled by default.
OpenSSH 5.2
makefs++
MidnightBSD 0.2.1-RELEASE-p8 OpenSSL security update The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them.
OpenSSL security update
document some of the adventures i've had in the last two days.
fix comment.
add a comment about Xorg sucking with hald and mouse/kbd problems.
mention what we did to mksh
remove comment about UPDATING in mports since we dont' have one right now.
mksh update, new /bin/sh, fortune and ahd
Mention libarchive update and ctriv's perl work.
MidnightBSD 0.2.1-RELEASE-p7 Update for sudo security issue.
Update updating, bind, mksh, tcpdump
DNSSEC bind update.
MidnightBSD 0.2.1-p6: Bind security update
Correct lukemftpd security issue
lukemftpd security fix
openssl security fix
OpenSSL security patch
Import gnu readline
timezones are fun
Update copyrights for 2009.
Correct a problem where function pointers for netgraph and bluetooth sockets are not initialized properly
MidnightBSD security update: Correct a problem where bluetooth and netgraph sockets are not initialized properly.
Explain the status of batt(1), and ongoing work.
Explain the progress we've made in the last few months. Still more to do.
Correct a problem with arc4random
IPv6 Neighbor Discovery Protocol routing vulnerability
IPv6 Neighbor Discovery Protocol routing vulnerability
Document the ftpd issue
ftpd security fix
Update nve(4) to support newer hardware.
The right section would help
Update nve(5) to support newer hardware.
MFC icmp6 and amd64 gs register patch
sysinstall, firstboot, openbsm import, src/release 3 isos
Bump version, and explain the reasoning in UPDATING.
release time
Mention pcc and sysinstall fixes.
Mention pcc fix.
Add atheros wireless NICs to GENERIC
Document recent changes
Let users know we've modified GENERIC and added pcc as a second system compiler.
Begin RELENG_0_2
sendmail 8.14.3
Explain the pcc, elf, ssh-vulnkey + blacklists changes.
Add pre-processor msg
Boy we did a lot this month.
OpenSSH fix.
Sync updating.
Import OpenSSH 4.9p1
document changes.
We haven't been maintaining UPDATING since Jan 1. Catch it up with changes since then that are relevant.
Happy New Year
Update sendmail to 8.14.2 Add comment about the older mksh update.
Update to gcc 3.4.6.
*** empty log message ***
document openssl update.
forgot to mention libpthread fix.
Document bzip2 update and find changes.
Document mksh update and the changes to libpthread.
Document the addition of the dot.mkshrc file in skel and ipfw desktop feature.
GNU tar be gone
pkg_add and friends were fixed for mports. add that to updating
Note the fix for bsd.port.mk.
Explain some of our recent changes.
Prepare for 0.1-RELEASE
Mention cpdup import
Forgot to log cpio upgrade.
Explain that we branched and begin doing real work with src again. cvs was updated to 1.12.13.
Add further directions to the propolice removal bit.
Back out propolice. More information in UPDATING. In short, propolice broke libpthread and libthr.
fix paths
Small correction to install directions for proplice. Added requirement to build libpthread and libthr first.
Importing propolice into MidnightBSD. Propolice is going to provide us with much greater security and stability in the long run. If upgrading from a pre-propolice system, please follow the these instructions: cd /usr/src/lib/libc && make obj && make && make install cd /usr/src/gnu/usr.bin/cc && make obj && make && make install buildworld and kernel It is adviced that any mports which were installed and/or built prior to the propolice update also be updated. If any errors or issue are encounted, please contact security@midnightbsd.org and we will be sure to investigate and come up with an expeditious fix.
Document today's changes.. gzip, removal of send-pr, etc.
We got a few things out of the way today.
A summary of some of today's changes.
add mfi
Updated to include instructions for installing sudo.
Explain recent changes in MidnightBSD.
We've been busy today.
Documented changes to bsnmpd, geom, etc.
Catch this up a bit with recent changes.
List recent changes and removals.
Described various src/sys/dev updates, lukemftpd and other exiting things.
Try to catch up recent commits.
*** empty log message ***
ksh was added to the base system.
Imported from FreeBSD 6.1 beta sources
Imported from FreeBSD 6.0 sources
Initial revision
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, select a symbolic revision name using the selection box, or choose 'Use Text Field' and enter a numeric revision.