ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/src/release/0.5.7/UPDATING
Revision: 6957
Committed: Thu Dec 11 13:15:10 2014 UTC (9 years, 4 months ago) by laffer1
File size: 42094 byte(s)
Log Message: 
        0.5.7 RELEASE

        Fix a security issue with file and libmagic that can allow
        an attacker to create a denial of service attack on any
        program that uses libmagic.

File Contents

# Content
1 Updating Information for MidnightBSD users.
2
3 20141211:
4 0.5.7 RELEASE
5
6 Fix a security issue with file and libmagic that can allow
7 an attacker to create a denial of service attack on any
8 program that uses libmagic.
9
10 20141109:
11 Fix building perl during buildworld when the GDBM port is installed.
12
13 20141106:
14 0.5.6 RELEASE
15
16 Update timezone data tzdata 2014i
17
18 (plus previous security fixes)
19
20 20141104:
21 Fix two security issues:
22
23 1. sshd may link libpthread in the wrong order, shadowing libc
24 functions and causing a possible DOS attack for connecting clients.
25 2. getlogin may leak kernel memory via a buffer that is
26 copied without clearing.
27
28 20141031:
29 0.5.5 RELEASE
30
31 tnftp 20141031 fixes a security vulnerability with tnftp,
32 CVE-2014-8517.
33
34 20141027:
35 0.5.4 RELEASE
36
37 libmport fix for packages
38
39 20141021:
40 0.5.3 RELEASE
41
42 Fix several security vulnerabilities in OpenSSL, routed, rtsold,
43 and namei with respect to Capsicum sandboxes looking up
44 nonexistent path names and leaking memory.
45
46 OpenSSL update adds some workarounds for the recent
47 poodle vulnerability reported by Google.
48
49 The input path in routed(8) will accept queries from any source and
50 attempt to answer them. However, the output path assumes that the
51 destination address for the response is on a directly connected
52 network.
53
54 Due to a missing length check in the code that handles DNS parameters,
55 a malformed router advertisement message can result in a stack buffer
56 overflow in rtsold(8).
57
58 20141011:
59 0.5.2 RELEASE
60
61 mksh R50d - R50c had a regression with field splitting.
62
63 20141004:
64 0.5.1 RELEASE
65
66 mksh R50c is a minor security update to fix an issue with the
67 handling of environment variables that could provide a limited
68 attack vector.
69
70 20140919:
71 0.5-RELEASE
72
73 20140916:
74 Fix a security issue with TCP SYN.
75
76 When a segment with the SYN flag for an already existing connection arrives,
77 the TCP stack tears down the connection, bypassing a check that the
78 sequence number in the segment is in the expected window.
79
80 20140909:
81 Fixed a bug with clearenv(3) that could result in a segfault.
82
83 OpenSSL security patch:
84
85 The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
86 to consume large amounts of memory. [CVE-2014-3506]
87
88 The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
89 memory. [CVE-2014-3507]
90
91 A flaw in OBJ_obj2txt may cause pretty printing functions such as
92 X509_name_oneline, X509_name_print_ex et al. to leak some information from
93 the stack. [CVE-2014-3508]
94
95 OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
96 a denial of service attack. [CVE-2014-3510]
97
98 20140903:
99 0.5-PRERELEASE
100
101 20140827:
102 Perl 5.18.2
103
104 20140728:
105 Jails now run shutdown scripts.
106
107 20140710:
108 Fix a vulnerability in the control message API. A buffer is not properly cleared
109 before sharing with userland.
110
111 20140701:
112 MKSH R50
113
114 20140630:
115 File 5.19
116
117 20140605:
118 Fix four security issues with OpenSSL
119
120 20140604:
121 Sendmail failed to properly set close-on-exec for open file descriptors.
122
123 ktrace page fault kernel trace entries were set to an incorrect size which resulted
124 in a leak of information.
125
126 20140430:
127 Fix a TCP reassembly bug that could result in a DOS attack
128 of the system. It may be possible to obtain portions
129 of kernel memory as well.
130
131 20140411:
132 Update zlib to 1.2.7
133
134 20140122:
135 Support for username with length 32. Previous limit was 16
136
137 20140114:
138 Fix two security vulnerabilities.
139
140 bsnmpd contains a stack overflow when sent certain queries.
141
142 bind 9.8 when using NSEC3-signed zones zones, will crash with special
143 crafted packets.
144
145 20131228:
146 Imported FreeBSD 9.2 usb stack (plus z87 patches from stable)
147
148 Updated em(4), igb(4) and ixgbe(4)
149
150 MidnightBSD now works with Z87 Intel chipsets.
151
152 20131207:
153 Remove sparc64 architecture. It hasn't been working for awhile
154 and it's not useful for desktops anymore.
155
156 20131205:
157 OpenSSH 6.4p1
158
159 20131203:
160 Perl 5.18.1 imported.
161
162 Update less to v458
163
164 20131130:
165 Remove named from base. We still include the client utilities for
166 now until replacements can be found.
167
168 20131004:
169 rarpd supports vlan(4) and has a pid flag. (from FreeBSD)
170
171 20130917:
172 Support for 65,536 routing tables was added. A new fib specific
173 field has been added to mbuf. This is an increase from 16.
174
175 20130910:
176 Security updates: (kern.osreldate 5001)
177
178 nullfs(5)
179
180 The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
181 check whether the source and target of the link are both in the same
182 nullfs instance. It is therefore possible to create a hardlink from a
183 location in one nullfs instance to a file in another, as long as the
184 underlying (source) filesystem is the same.
185
186 ifioctl
187
188 As is commonly the case, the IPv6 and ATM network layer ioctl request
189 handlers are written in such a way that an unrecognized request is
190 passed on unmodified to the link layer, which will either handle it or
191 return an error code.
192
193 Network interface drivers, however, assume that the SIOCSIFADDR,
194 SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
195 handled at the network layer, and therefore do not perform input
196 validation or verify the caller's credentials. Typical link-layer
197 actions for these requests may include marking the interface as "up"
198 and resetting the underlying hardware.
199
200 20130824:
201 Fix a bug in sendmail 8.14.7 that interferes with how it
202 handles AAAA records interoperating with Microsoft DNS servers.
203 FreeBSD has already reported this to Sendmail and a fix
204 will be included in the next release.
205
206 Subversion 1.8.1 is now in the base system as a static
207 binary. It has limited functionality, but can be used to
208 checkout/commit code. It is named svnlite.
209
210 20130822:
211 Fix two security vulnerabilities.
212
213 Fix an integer overflow in IP_MSFILTER (IP MULTICAST).
214 This could be exploited to read memory by a user process.
215
216 When initializing the SCTP state cookie being sent in INIT-ACK chunks,
217 a buffer allocated from the kernel stack is not completely initialized.
218
219 Import xz 5.0.4
220
221 Import sqlite 3.7.17
222
223 Import BIND 9.8.5-P2
224
225 20130814:
226 mksh R48 imported.
227
228 Sendmail 8.14.7 imported.
229
230 20130717:
231 libmport bug was fixed causing hash verification to fail.
232
233 virtio(4) imported from FreeBSD 9-stable. SCSI support not
234 included.
235
236 20130612:
237 RELENG_0_4 created for 0.4. Development continues on 0.5.
238
239 20130402:
240 Update BIND and OpenSSL to resolve security advisories.
241
242 20130305:
243 MKSH R44 imported.
244
245 20130213:
246 MKSH R42b imported
247
248 20130211:
249 MKSH R42 imported
250
251 20130125:
252 MKSH R41 imported
253
254 20130122:
255 OpenSSH 5.8p2 imported
256
257 SQLite 3.7.15.2 imported
258
259 Fixed a longstanding bug in libmport extrating new index files.
260
261 20120710:
262 BSD licensed sort imported from FreeBSD-CURRENT
263
264 For now, GNU sort is installed as gnusort, but it will
265 go away in time.
266
267 20120708:
268 tcsh 6.18.01 imported.
269
270 NetBSD's iconv imported.
271
272 libc gains strnlen(3), memrchr(3), stpncpy(3).
273
274 20120612:
275 BIND security update related to CVE-2012-1667.
276
277 Zero length resource records can cause BIND to crash resulting
278 in a DOS attack or information disclosure.
279
280 20120407:
281 mksh R40f (fixes regression)
282
283 20120328:
284 mksh R40e
285
286 Perl 5.14.2
287
288 20120229:
289 cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable.
290
291 20120209:
292 mDNSResponder 333.10 imported
293
294 20111227:
295 import raid5 module for GEOM, graid5(8)
296
297 This is experimental and known to use a lot of kernel
298 memory.
299
300 20111223:
301 telnetd: fix a root exploit from a fixed buffer that was not checked
302
303 pam: don't allow escape from policy path. Exploitable in KDE, etc.
304
305 Fix pam_ssh module:
306
307 If the pam_ssh module is enabled, attackers may be able to gain access
308 to user accounts which have unencrypted SSH private keys.
309
310 This has to due with the way that openssl works. It ignores unencrpted data.
311
312 Fix security issue with chroot and ftpd.
313
314 nsdispatch(3) doesn't know it's working in a chroot and some
315 operations can cause files to get reloaded causing a security
316 hole in things like ftpd.
317
318 20111217:
319 libdialog/dialog upgraded to an lgpl version. As it's not
320 backwardly compatable, include the old libdialog as libodialog
321
322 20111212:
323 mksh r40d imported
324
325 20111210:
326 re(4) and rl(4) updated to support new chips.
327
328 GEOM synced with FreeBSD 7-stable.
329
330 MidnightBSD GPT partition types created in sys/gpt.h and
331 setup in boot loader and GEOM.
332
333 amdsbwd(4) (amd watchdog for south bridge) updated to support
334 8xx series chipset.
335
336 20111207:
337 import bsd grep from FreeBSD/OpenBSD.
338
339 MK_BSD_GREP controls which grep is installed
340 as grep with the other as bsdgrep or gnugrep.
341
342 20111122:
343 mksh vR40c imported.
344
345 20111117:
346 BIND 9.6 ESV R5 P1
347
348 20111107:
349 tzdata 2011n
350
351 20111026:
352 mDNSResponder v320
353
354 BIND 9.6 ESV R5
355
356 20111022:
357 cflow 0.0.6 imported
358
359 20111020:
360 less v436 imported
361
362 amdsbwd(4) AMD southbridge watchdog
363
364 20111019:
365 awk 20110810 imported
366
367 et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but
368 not included in GENERIC kernel. The kernel module needs
369 testing before we can include it in GENERIC.
370
371 intr_bind code ported to allow an IRQ to be bound to one
372 specific CPU core.
373
374 20111017:
375 Time Zone Data v. 2011l (Released 10 October 2011)
376
377 Updated list of countries (iso3166) to work with new timezone data.
378
379 20111015:
380 Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used
381 to control which core or group of cores can be used for a given
382 process. Several new system calls were added to support this
383 functionality in the running kernel and for 32bit binary
384 compatibility on amd64.
385
386 The scheduler default has been changed to ULE in i386 and
387 amd64. Changes were made to both schedulers (4BSD AND ULE)
388 for this feature.
389
390 This work is based on Jeff Roberson's FreeBSD 7.1 patches.
391
392 20111004:
393 Fix a problem with unix socket handling caused by the recent
394 patch to unix socket path handling. This allows network
395 apps to work under the linuxolator again.
396
397 20111001:
398 Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is
399 now default and an environment variable must be set to use
400 active.
401
402 20110930:
403 Introduce quirks handling for several umass devices including
404 USB cameras. Add workaround for Cyberpower UPS devices.
405
406 Bring in further bug fixes from FreeBSD and NetBSD for alc(4).
407 Stale ip/tcp header pointers are no longer used, lockups fixed
408 when network cable is unplugged on bootup, enable TX checksum
409 offloading.
410
411 Add a new man page for gcache(8), a useful geom class when
412 working with large raid3 sets.
413
414 Restore previous workaround for Cypress pata storage controller.
415
416 20110929:
417 Sync ath(4) with FreeBSD 7.3.
418
419 The following modules are no longer available, and should be
420 removed from loader.conf:
421 ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
422
423 alc(4) would hibernate when a cable was unplugged and often
424 required bring the interface down and up to "wake up" so that
425 a connection could be established. Disable hibernation.
426
427 20110928:
428 Fix security issues with gzip and compress related to .Z
429 files that are corrupted.
430
431 Fix path validation with unix domain sockets.
432
433 20110917:
434 Remove dependance on mports perl for generating releases as
435 it's in the base system.
436
437 20110914:
438 Import xz 5.0.3 with liblzma 5.0.3
439
440 20110813:
441 synced the sparc64 GENERIC kernel configuration with amd64.
442
443 20110806:
444 sqlite 3.7.7.1 imported
445
446 msearch(1), libmsearch and msearch.import added. msearch(1) provides
447 a full text search command line tool. libmsearch can also be used
448 to build a graphical based search in the future. You can enable
449 index building for msearch in periodic.conf or manually run the
450 /usr/libexec/msearch.index tool. Full text indexes take considerable
451 space in /var. I'm using approximately 500MB currently.
452
453 Fix a long standing bug with the periodic script to check package
454 versions. This will be obsolete with mport though.
455
456 20110710:
457 kdb_enter_why added to MidnightBSD to allow the kernel debugger to
458 know why it's in use and thus script can be run.
459
460 Yet another problem with the perl manifest was fixed
461
462 20110709:
463 cpufreq(1) is a new utility to monitor CPU frequency which may change
464 with use of powerd(8) and cpufreq(4).
465
466 20110612:
467 Update mksh to R40
468
469 Catch up ObsoleteFiles.inc to remove Perl 5.10.x. Good to run when
470 updating current (cd /usr/src && make check-old)
471
472 20110528:
473 Fix CVE-2011-1910 in BIND 9.6.x. This affects caching resolvers.
474
475 20110526:
476 newfs:
477 Raised the default blocksize for UFS/FFS filesystems from
478 16K to 32K and the default fragment size from 2K to 4K.
479
480 This should slightly imporve performance on "advanced format"
481 hard drives such as the WD EARS drives. Drives of this type
482 have emulation modes that slow down with lower sizes. Of course
483 the drive must still be aligned properly when using fdisk.
484
485 20110521:
486 mport tool now has a deleteall command. This can be used to remove
487 all packages from a system.
488
489 A few bugs with the perl 5.14 import have been fixed.
490
491 20110518:
492 Perl 5.14.0
493
494 20110517:
495 Sendmail 8.14.5
496
497 20110314:
498 DRM/DRI code updated to support newer video cards. (FreeBSD 7.1)
499
500 cdevpriv wrappers added
501
502 nss_mdns hack introduced to work around linking problem.
503
504 dnsextd fixed after update to mDNSResponder code.
505
506 20110308:
507 Introduce liblzma & xz 5.0.1 to the base system
508
509 Patch for OpenSSL security issue CVE-2011-0014.
510
511 "OSREVISION 4004"
512
513 nsswitch module for multicast dns (nss_mdns) added.
514
515 tzdata2011c
516
517 20110220:
518 cam(4) syncronized with FreeBSD 7.3.
519
520 20110219:
521 amdtemp(4) updated to support sensors framework.
522
523 20110217:
524 Perl 5.10.1 imported
525
526 20110216:
527 Introduce igb(4) and split Intel Gigabit Ethernet adapters between
528 igb(4) and em(4). Newer devices use igb(4). The code has moved
529 to sys/dev/e1000 for both devices in the kernel. igb(4) has
530 been placed in GENERIC on i386 and amd64.
531
532 Update bfe(4) to support newer devices and WOL.
533
534 20110215:
535 age(4) added.
536
537 20110208:
538 BIND 9.6.3 which fixes a bug with DNSSEC records getting added.
539
540 20110206:
541 eeemon(4) added to monitor Asus Eee PC.
542
543 20110205:
544 OpenSSH 5.7p1
545
546 GNU sort 6.9 (coreutils)
547
548 20110203:
549 one true awk 20100523 imported
550
551 sqlite 3.7.5
552
553 OpenSSL 0.9.8q
554
555 20110202:
556 tcsh 6.17.00
557
558 file 5.05
559
560 20110122:
561 Import it(4) and lm(4), with support for Super I/O hardware monitors. This
562 uses the sensors framework ported by Constantine A. Murenin (GSOC2007)
563
564 20110120:
565 BIND 9.6.2-P3
566
567 sudo 1.7.4-p6
568
569 20110115:
570 Add experimental jme(4) for Jmicron ethernet devices.
571
572 20101130:
573 A double free exists in the SSL client ECDH handling code, when
574 processing specially crafted public keys with invalid prime
575 numbers. [CVE-2010-2939]
576
577 20101120:
578 Several portions of the kernel and userland code related to UFS file
579 systems (and UFS2) cannot properly handle inode counts above 2^31 due
580 to use of int types. Based on a patch from FreeBSD, I've modified
581 our UFS2 implementation to handle unsigned values for inode counts
582 which should allow for file systems greater than 16TB.
583
584 newfs and growfs was also modified.
585
586 20101110:
587 Fix a security issue with pseudofs which could result in running code in kernel
588 context or a kernel panic depending on system configuration. This affects file
589 systems such as procfs for instance.
590
591 20101021:
592 sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily.
593 This is similar to functions present in many linux distros. The utility was
594 written by Devin Teske for FreeBSD.
595
596 20100920:
597 bzip2 security patch for integer overflow.
598
599 20100905:
600 MidnightBSD RELENG_0_3 branch created. Aggressive development continues here
601 for 0.4.
602
603 20100902:
604 Fix a security issue with libutil that allows users to bypass cpu limits in
605 login.conf in some cases. This combined with OpenSSH for example can allow
606 the user to get more resources than they're allowed.
607
608 20100822:
609 Import Apple's mDNSResponder (mdnsd).
610
611 20100814:
612 libdispatch added to MidnightBSD. This provides functionality found in
613 Mac OS X's GCD. We do not have blocks support yet. As this code is
614 licensed under Apache 2, we create a new MK_APACHE option so that
615 it's not required for all users to run code under a license they
616 may not like.
617
618 20100713:
619 mbuf readonly fix related to sendfile(2) data corruption.
620
621 20100704:
622 brainfuck(1) imported from MirBSD.
623
624 20100505:
625 zlib 1.2.5
626
627 20100430:
628 Sudo 1.7.2p6 imported
629
630 20100321:
631 Update zlib to 1.2.4
632
633 20100319:
634 Removed i586 from default i386 generic kernel.
635
636 20100317:
637 Update to tzdata2010e (time zones). This includes changes in
638 Mexico.
639
640 Add support for several newer sound cards via hda including
641 ATI and Realtek chipsets.
642
643 20100313:
644 CPU detection has been changed. VIA Padlock detection added.
645
646 20100312:
647 Fix a number of bugs and compiler warnings in libmport. Handle
648 plus signs in paths for mport.check-fake
649
650 20100311:
651 mksh R39c
652
653 20100309:
654 Sudo 1.7.2p5
655
656 sqlite3 3.6.23
657
658 mksh R39b
659
660 libffi (ffi) 3.0.9
661
662 20100206:
663 WITHOUT_LIB32 is no longer needed on AMD64. GCC was fixed to
664 properly pass arguments to ld.
665
666 re(4) and rl(4) have been updated to support several new
667 realtek chipsets. Performance has been improved on re(4).
668
669 20100204:
670 Fix a bug cropping up on AMD64 MidnightBSD with sftp
671 segfaulting.
672
673 20100116:
674 Import ash changes from FreeBSD (bin/sh) 8-Stable.
675
676 BIND 9.6.1-P2
677
678 20100110:
679 Import Sendmail 8.14.4. Fix for SSL vulnerability.
680
681 posix_spawn(3) added to MidnightBSD libc. Users may need to build and
682 install libc before doing a full buildworld when upating from 0.2 or
683 older current systems.
684
685 kqueue(2) was modified to support portions of libdispatch functionality.
686
687 20100106:
688 Bind security update. Fix a bug with DNSSEC that causes negative
689 cache entries and thus a possible DNS cache poisoning attack.
690
691 Fix a bug in ZFS that can reset permissions on system crashes.
692
693 20091228:
694 amdtemp(4) was added. It allows one to monitor to the temperature
695 of an AMD CPU such as a Phenom.
696
697 20091205:
698 OpenSSL security fix
699
700 The SSL version 3 and TLS protocols support session renegotiation without
701 cryptographically tying the new session parameters to the old parameters.
702
703 20091128:
704 OpenBSD sensors framework imported including sensorsd(8)
705
706 20091126:
707 OpenNTPD 4.4 import
708
709 Update OpenSSH to 5.3p1
710
711 mksh R39
712
713 20091124:
714 cpdup updated from DragonFly to 1.15
715
716 tzdata2009s updated with latest timezone data for November 2009.
717
718 20091010:
719 amd64 users should use WITHOUT_LIB32=yes in /etc/make.conf for now
720 to test current.
721
722 Revert unicode filename fixes from ntfs code. This was causing chaos
723 on amd64 systems.
724
725 20091006:
726 Update timezone data with tzdata2009n with the Pakistan and
727 Argentina changes.
728
729 Sync several userland utilities with versions from FreeBSD 7.0 in
730 sbin and usr.sbin.
731
732 20090919:
733 Update timezone data with tzdate2009m from September 2009.
734
735 20090729:
736 Patch for Bind 9 security vulnerability. a dynmaic update packet
737 can trigger an assertion and cause named to exit
738
739 20090606:
740 Remove PCC from the base system. This compiler will not work
741 as a system compiler for us as we've got some userland investment
742 in C++ code and may have Objective-C in the future. We're stuck
743 with a solution that supports these three languages at a minimum.
744
745 I had wanted to keep it as an optional compiler because it is
746 fast, however too many users want to try to use it for the base
747 system which makes no sense.
748
749 A hack was added for Cypress based usb hard drive enclosures to
750 the kernel. This should cut down on commands it claims to support
751 but does not (at the cam layer). Found while testing ZFS on
752 an external device.
753
754 20090520:
755 The powerd daemon no longer starts automatically to improve
756 compatibility with many systems. However, there is a new
757 installer option in the startup section to enable it. This
758 makes it easier to enable for users that have working systems. I thought it was only a problem on older hardware, but it freaks
759 out my new Phenom too.
760
761 20090502:
762 OpenSSH 5.2p1 import
763
764 ale(4) connected to the build. (kernel module only)
765
766 20090501:
767 Imported makefs utility from NetBSD/FreeBSD
768
769 20090422:
770 OpenSSL security update
771
772 The function ASN1_STRING_print_ex does not properly validate the lengths
773 of BMPString or UniversalString objects before attempting to print them.
774
775 20090415:
776 Created a Symbol.map for libc/ohash symbols
777
778 Updated several usr/bin usr/sbin utilities.
779
780 Corrected a bug with Makefile.inc1 causing the bootstrap
781 tools to fail.
782
783 20090405:
784 xorg 7.4 wants to configure its input devices via hald which does not
785 yet work with USB. If the keyboard/mouse does not work in xorg then
786 add
787 Option "AllowEmptyInput" "off"
788 to your ServerLayout section. This will cause X to use the configured
789 kbd and mouse sections from your xorg.conf
790
791 20090403:
792 mksh was disconnected a few day ago do to bugs with
793 buildworld and mports. Now, connect it back
794 for use as /bin/sh with a conditional called
795 MK_ASH. By default, ash is the standard /bin/sh
796 but we may change this later. This will allow further
797 testing by users and developers of mksh without
798 causing an unpleasant default experience. In the
799 long run, we need to fix mksh compatibility.
800
801 20090328:
802 Bring in mksh R37 from CVS. The dot.mkshrc files for root
803 and skel were changed. mksh(1) now replaces ash aka sh(1)
804 as the default /bin/sh. Please report bugs with
805 ports, etc. The ash code will remain in the repo for awhile
806 as I decide if we'll add something like MK_SHELL_ASH as
807 an optional build parameter.
808
809 ahd was disconnected from the lint environment until
810 the compiler bug is sorted (by updating gcc?)
811
812 Remove freebsd-tips from fortune files and change the
813 default for login and profile.
814
815 20090327:
816 Update libarchive to 2.5.5, tar, and add bsdcpio.
817
818 Also previously, ctriv has been connecting Perl 5.10
819 to the build (part of os). This will have an impact
820 on mports.
821
822 20090325:
823 Update Bind to 9.4.3-P1
824
825 Update mksh to R36b
826
827 Update tcpdump to 3.9.8, fix libpcap to work with current.
828
829 Update pnpinfo, sync with FreeBSD.
830
831 20090115:
832 Fix a problem with DNSSEC and BIND.
833
834 20090110:
835 For applications using OpenSSL for SSL connections, an invalid SSL
836 certificate may be interpreted as valid. This could for example be
837 used by an attacker to perform a man-in-the-middle attack.
838
839 Other applications which use the OpenSSL EVP API may similarly be
840 affected.
841
842 Stop cross site request forgery attacks in lukemftpd
843
844 20090104:
845 Import GNU libreadline 5.2
846
847 20090101:
848 Update time zone data to 2008i.
849
850 20081231:
851 Correct a problem where bluetooth and netgraph sockets are not
852 properly initialized.
853
854 Happy 2009.
855
856 20081206:
857 Due to the massive change in the underlying system under way,
858 we're naming the next release 1.0. The sys/sys/param.h was
859 changed accordingly. ipfilter and ncurses were corrected
860 using __MidnightBSD__ tests in the code.
861
862 The GENERIC kernel config was caught up on i386 today. Consider
863 i386 still broken, but amd64 is running again.
864
865 mdoc.local was updated with the new MidnightBSD version info.
866
867 batt(1) was rewritten in C. It now supports several flags and
868 runs about 8 times faster on my laptop. The default output
869 shows the number of minutes of battery life remaining and the
870 percentage. You can use -u to display the number of batteries or
871 -c to get script friendly output. Consult the man page for more.
872
873 20081204:
874 Work has completed on importing ZFS, jemalloc, several
875 new devices, SCTP, updated pf, a new tempfs, linuxolator 2.6 kernel
876 support, improved locking for file desc., audit (openbsm),
877 openssl .98e, nfe, imporved intel high def audio, midi, updated
878 intel gigabit (em), support for several wifi cards (intel), ...
879
880 Renamed 0.3-CURRENT officially. Switched to using MidnightBSD version
881 data from param.h instead of the FreeBSD version. This means
882 testing is now possible in the ports tree for the version
883 and that any ports or code relying on the FreeBSD version from
884 sys/sys/param.h will need to be fixed.
885
886 20080905:
887 update nve(4) to support new hardware.
888
889 20080801:
890 Import OpenBSM 1.0
891
892 Modify src/release to create 3 isos instead of 2 for packages.
893
894 etc/rc.d/firstboot now enables kdm, gnustep + slim and bsdstats.
895
896 Many ia64, alpha, powerpc items were removed.
897
898 The recent diffutils 2.8.7 import was fixed.
899
900 20080703:
901 pcc was not installed properly when setting DESTDIR for live cds,
902 or posibly jails.
903
904 20080627:
905 Add firmware(9), WEP, CCMP, TKIP to GENERIC.
906
907 Add glabel to GENERIC.
908
909 Intel ICH8 mobile chipset used on some iMacs included with ata.
910
911 pcc connected to the build on i386. (alternative compiler)
912
913 ath added to GENERIC. (Atheros wireless NICs) on amd64/i386
914
915 20080528:
916 Sendmail 8.14.3
917
918 20080516:
919 ssh-vulnkey allows you to look for vulnerable ssh keys that
920 were generated on Debian and Ubuntu hosts over the last
921 few years. sshd can block offending keys with a configuration
922 option.
923
924 The elf note on binaries is now set to MidnightBSD.
925
926 20080514:
927 Fixed a number of problems with pcc. It is not yet connected
928 to the build, but usable on i386 hosts. You may use it
929 by make; make install in /usr/src/usr.bin/pcc. It will
930 install in /usr/local as some of the files conflict with
931 GCC versions. __MidnightBSD__ is defined in PCC as well.
932
933 System headers were fixed to allow pcc to compile many binaries
934 on MidnightBSD. bin/cp will work now for instance.
935
936 20080430:
937 __MidnightBSD__ is now defined via gcc. This can be tested
938 to determine we're running on MidnightBSD in the preprocessor.
939
940 20080429:
941 Import bind 9.4.2 with threading
942
943 libpthread (KSE) and libthr are built earlier
944
945 pcvt(4) removed!
946
947 Alias added for core2 cpus.
948
949 Alpha and PC98 only utilities removed from usr/sbin
950
951 syslogd, adduser, rmuser, mergemaster and mailwrapper have been
952 improved. See the man pages for info.
953
954 periodic scripts will not send emails with empty message bodies.
955 See mailwrapper fix.
956
957 20080410:
958 Sync cpdup with DragonFly. Add parallel transaction support and
959 -l flag to line-buffer stdout and stderr.
960
961 20080406:
962 Import bzip2 1.05
963 Import OpenSSH 4.9p1
964
965 20080322:
966 The default umask was changed to 022.
967
968 /usr/X11R6 paths were removed from several config files.
969
970 .mkshrc files are now installed for root.
971
972 20080316:
973 FIx a problem with gif0 tunnels and neighbors with IPV6.
974
975 20080312:
976 Add lndir from X.org. This aides in the porting of MirPorts.
977
978 New OS versions were added to the mapage code (groff)
979
980 20080310:
981 Correct a buffer overflow in ppp.
982
983 20080308:
984 Remove /usr/X11R6 from manpath config.
985
986 20080307:
987 Atheros driver no longer has several options set
988 which corrects building in tinderbox on all three platforms.
989
990 Added a new macro to sx.h which returns true if the current
991 thread holds an exclusive lock on a specifix sx.
992
993 Removed OS/2's HPFS file system. It's not maintained and
994 I don't know anyone using OS/2 or ecomstation these days.
995 My copy is in the closet collecting dust.
996
997 20080306:
998 Synced tinderbox with FreeBSD. Modified it for MidnightBSD.
999 Developers can now use it to check src builds.
1000
1001 20080303:
1002 Add mksh to /etc/shells, made some adjustments to options
1003 for mksh builds per suggestion upstream.
1004
1005 USB HID table updated with modern hardware list.
1006
1007 Updated BSD family true (we're not in there yet)
1008
1009 iso3166 file updated and import of tzdata2007k for
1010 new time zones.
1011
1012 Updated mksh to latest version R33.
1013
1014 20080228:
1015 Remplaced the random IP id generation code with a new
1016 version by Amit Klein.
1017
1018 20080221:
1019 Sendfile write only permissions fix.
1020
1021 Removed some HPFS and PC98 code.
1022
1023 iso639 file sycned with DragonFly.
1024
1025 20080128:
1026 Changed NTP configuration so that ips aren't cached
1027 so multiple servers are used.
1028
1029 Fix an issue with fork() in libpthread.
1030
1031 20080121:
1032 Add virtualization detection to set the HZ rate
1033 according to a VM present. VMWare and Parallels
1034 should work better like this.
1035
1036 Change to full x11 install in sysinstall. Add
1037 xorg 7 support.
1038
1039 20080115:
1040 Fix the handling of PTY's. CVE-2008-0216
1041
1042 20080105:
1043 mport delete code added, USE_MPORT_TOOLS knob aded.
1044
1045 20080101:
1046 Happy New Year
1047
1048 20071123:
1049 Update sendmail to 8.14.2
1050
1051 20071120:
1052 Update system compiler to gcc 3.4.6.
1053
1054 20071023:
1055 Updated mksh to R31d.
1056
1057 20070911:
1058 Updated mksh to version R31b.
1059
1060 Fixed stderr output in libpthread. Previously it was
1061 written to stdout.
1062
1063 20070831:
1064 Added dot.mkshrc file to support the recent change to
1065 mksh from OpenBSD's ksh derived from pdksh.
1066
1067 Added new firewall configuration. ipfw is enabled by default
1068 with a "desktop" configuration. Consult /etc/rc.firewall
1069 or ipfw show to see the ruleset used. You can disable
1070 ipfw by setting firewall_enable="NO" in /etc/rc.conf This
1071 change only effects IPv4. IPv6 does not have a firewall
1072 enabled by default.
1073
1074 20070814:
1075 Removed GNU tar source. We've been using BSD tar
1076 for awhile.
1077
1078 20070806:
1079 Finished removing umapfs and autofs from the tree.
1080
1081 20070804:
1082 BIND and Tcpdump have been patched for recent vulnerabilities.
1083
1084 We switched to BSD cpio (pax).
1085
1086 20070719:
1087 Imported cpdup from DragonFly as /bin/cpdup
1088
1089 20070716:
1090 Update GNU cpio to 2.8.
1091
1092 20070410:
1093 cvs was updated to 1.12.13. cvsbug was removed.
1094 cvs now behaves similarly to DragonFly's cvs with
1095 most of their local changes.
1096
1097 20070409:
1098 RELENG_0_1 was created. More aggresive changes will
1099 continue here.
1100
1101 20070406:
1102 Back out propolice. propolice caused several problems
1103 with our threading libraries libthr and libpthread.
1104 curthread was often NULL after the patch and many
1105 multithreaded applications would crash. We plan to
1106 work on either bringing in gcc 4.1 or developing a new
1107 patch which also corrects our threading issues later.
1108
1109 It is more important to have a stable system for our
1110 mport work and other projects at this time.
1111
1112 This is not a clean removal. It is recommended that you
1113 have a recently SNAP CD handy. You can either reinstall
1114 or perform a make buildworld and make buildkernel and
1115 make installkernel. Reboot on the cd and copy the contents
1116 of /bin, /sbin, /lib, /libexec, and /usr/bin, /usr/sbin,
1117 /usr/lib, and /usr/libexec to the respective directories on
1118 your disk. Then you should be able to boot into single user
1119 mode and run make installworld. You will need to run
1120 chflags noschg on some of the files if you can't overwrite
1121 them.
1122
1123 You will get __guard missing errors since we had to remove
1124 this from libc.
1125
1126 You will need to rebuild any ports built while propolice was
1127 installed.
1128
1129 20070401:
1130 Importing propolice into MidnightBSD. Propolice is going to
1131 provide us with much greater security and stability in the
1132 long run. If upgrading from a pre-propolice system, please
1133 follow the these instructions:
1134
1135 cd /usr/src/lib/libc && make obj && make && make install
1136 cd /usr/src/gnu/usr.bin/cc && make obj && make && make install
1137 cd /usr/src/lib/libpthread && make obj && make && make install
1138 cd /usr/src/lib/libthr && make obj && make && make install
1139 buildworld and kernel
1140
1141 It is adviced that any mports which were installed and/or built
1142 prior to the propolice update also be updated. If any errors
1143 or issue are encounted, please contact security@midnightbsd.org
1144 and we will be sure to investigate and come up with an expeditious
1145 fix.
1146
1147 20070314:
1148 Remove send-pr from src.
1149
1150 Switch to NetBSD's gzip.
1151
1152 Bump MBSD minor revision.
1153
1154 20070313:
1155 Imported OpenSSH 4.6p1.
1156
1157 Imported FreeBSD's libarchive and updated tar to work with it.
1158
1159 Disabled debug statements cluttering up /var/log/messages for
1160 the tcp autobuf patch applied previously.
1161
1162 20070312:
1163 Synced several audio changes from FreeBSD 6.1. Removed the
1164 BSD Daemon files from src/share.
1165
1166 20070308:
1167 Added mfi which supports LSI Logic MegaRAID SAS devices including
1168 the Dell perc5i.
1169
1170 20070206:
1171 Imported OpenBSD's sudo into source. Please install
1172 /usr/src/usr.bin/sudo/lib first before building.
1173
1174 Those who install from a snapshot after this date
1175 will not be effected.
1176
1177 20070119:
1178 Added audit group. Be sure to add audit to your /etc/group file
1179 before installing world.
1180
1181 hostapd was updated to 0.4.8.
1182
1183 An accidental commit in usr.sbin/bluetooth/hccontrol was fixed to
1184 unbreak world.
1185
1186 wpa_supplicant was updated.
1187
1188 For stability and compatibility reasons, it was decided that MidnightBSD
1189 sync with FreeBSD 6.1 Release. Nearly every change between the original
1190 fork date of February 24, 2006 and the release of FreeBSD 6.1 in May
1191 2006 will be merged. Beyond this, MidnightBSD will be a "real" fork and
1192 will not sync every little change with FreeBSD.
1193
1194 20061231:
1195 Updated COPYRIGHT for 2007.
1196
1197 Updated and bumped libutil after importing NetBSD efun(3) functions.
1198
1199 Added MidnightBSD_version and bumped the FreeBSD version as we've
1200 synced all commits between the fork and that version. It is now safe
1201 to assume MidnightBSD is compatible with FreeBSD RELENG_6 from
1202 Feb 26, 2006.
1203
1204 Added spell(1) and deroff(1) from NetBSD. Also added additional
1205 dict files to work with it. /usr/share/dict/american,
1206 /usr/share/dict/british and /usr/share/dict/special/math
1207
1208 Numerous man page and bug fixes.
1209
1210 20061226:
1211 Setup /usr/share/examples/cvsup SUPfiles for the new
1212 MidnightBSD CVSup server.
1213
1214 Fix a bug in burncd where it would continue forever while
1215 erasing CDRW media.
1216
1217 Add csup to /usr/bin. csup is a CVSup replacement written
1218 in C.
1219
1220 Fixed a bug with bsnmpd build from Oct 30.
1221
1222 Corrected some race conditions and fixed a few bugs in
1223 geom. Imported changes from FreeBSD RELENG_6.
1224
1225 20061225:
1226 Fixed a typo in src/lib/libc/sparc64/fpu/fpu_implode.c
1227 that caused long double to long and long long
1228 conversion of negative numbers to always result in -1.
1229
1230 20061221:
1231 Fixed acpi_battery.c to not report an ERROR if no
1232 batteries are present.
1233
1234 Performed some minor updates on the RL and RE NIC drivers.
1235 RL should no longer panic when trying to print errors.
1236
1237 Corrected a bug with TTY.
1238
1239 20061218:
1240 Corrected a bug with libpthread where newly created suspended
1241 threads don't get scheduled.
1242
1243 20061206:
1244 Fixed a typo with the firewire security patch.
1245
1246 20061129:
1247 Minor cleanups to utilities in bin.
1248
1249 Fixed msdos file system short file name behavior to match
1250 FreeBSD.
1251
1252 20061031:
1253 Updated man pages in section 7.
1254
1255 20061030:
1256 Updated sys/dev/drm to support intel 915 and radeon
1257 r300 cards properly.
1258
1259 Synced snmpd with FreeBSD-stable.
1260
1261 Fixed a bug in rm which could cause data loss.
1262
1263 20061027:
1264 Added Intel ICH8 and nForce 5 support to ATA. cam, mpt,
1265 random, kbdmux, atkbd, and usb were updated. Changes
1266 to clearing registers on SSE enabled processors (i386)
1267 commited.
1268
1269 lukemftpd updated.
1270
1271 openssh rc script was altered which effects initial
1272 seeding.
1273
1274 20061014:
1275 Workaround for em driver problem on shared IRQ.
1276
1277 Started removal of alpha support.
1278
1279 20061013:
1280 ATA driver was updated. USB/USB1/USB2 types added.
1281
1282 20061010:
1283 OpenSSH was updated to 4.4p1.
1284
1285 20060909:
1286 OpenNTPD was added to MidnightBSD. Run make delete-old to remove
1287 the old ntpd daemon.
1288
1289 cat has a new option -D which allows you to timestamp output
1290 on a per line basis.
1291
1292 The kernel has a keyboard mux which allows you to have multiple
1293 keyboard connected simultaneously. USB keyboard support was also
1294 improved with this patch.
1295
1296 The Intel em driver was updated. Network performance was greatly
1297 increased on many systems. Additional models are supported.
1298
1299 The ATA driver was patched to fix a potential deadlock.
1300
1301 Bind was patched to fix a potential denial of service condition.
1302
1303 20060817:
1304 ksh has been added to the base system. If you previously had
1305 the port installed, it will be overwritten on the next buildworld.
1306
1307
1308
1309 To build a kernel
1310 -----------------
1311 If you are updating from a prior version of MidnightBSD (even one just
1312 a few days old), you should follow this procedure. With a
1313 /usr/obj tree with a fresh buildworld,
1314 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1315 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1316
1317 To test a kernel once
1318 ---------------------
1319 If you just want to boot a kernel once (because you are not sure
1320 if it works, or if you want to boot a known bad kernel to provide
1321 debugging information) run
1322 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1323 nextboot -k testkernel
1324
1325 To just build a kernel when you know that it won't mess you up
1326 --------------------------------------------------------------
1327 This assumes you are already running a 6.X system. Replace
1328 ${arch} with the architecture of your machine (e.g. "i386",
1329 "amd64", "ia64", "pc98", "sparc64", etc).
1330
1331 cd src/sys/${arch}/conf
1332 config KERNEL_NAME_HERE
1333 cd ../compile/KERNEL_NAME_HERE
1334 make depend
1335 make
1336 make install
1337
1338 If this fails, go to the "To build a kernel" section.
1339
1340 To rebuild everything and install it on the current system.
1341 -----------------------------------------------------------
1342 # Note: sometimes if you are running current you gotta do more than
1343 # is listed here if you are upgrading from a really old current.
1344
1345 <make sure you have good level 0 dumps>
1346 make buildworld
1347 make kernel KERNCONF=YOUR_KERNEL_HERE
1348 [1]
1349 <reboot in single user> [3]
1350 mergemaster -p [5]
1351 make installworld
1352 make delete-old
1353 mergemaster [4]
1354 <reboot>
1355
1356
1357 To cross-install current onto a separate partition
1358 --------------------------------------------------
1359 # In this approach we use a separate partition to hold
1360 # current's root, 'usr', and 'var' directories. A partition
1361 # holding "/", "/usr" and "/var" should be about 2GB in
1362 # size.
1363
1364 <make sure you have good level 0 dumps>
1365 <boot into -stable>
1366 make buildworld
1367 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1368 <maybe newfs current's root partition>
1369 <mount current's root partition on directory ${CURRENT_ROOT}>
1370 make installworld DESTDIR=${CURRENT_ROOT}
1371 cd src/etc; make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1372 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1373 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1374 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1375 <reboot into current>
1376 <do a "native" rebuild/install as described in the previous section>
1377 <maybe install compatibility libraries from src/lib/compat>
1378 <reboot>
1379
1380
1381 To upgrade in-place from 5.x-stable or higher to 6.x-stable
1382 -----------------------------------------------------------
1383 <make sure you have good level 0 dumps>
1384 make buildworld [9]
1385 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1386 [1]
1387 <reboot in single user> [3]
1388 mergemaster -p [5]
1389 make installworld
1390 make delete-old
1391 mergemaster -i [4]
1392 <reboot>
1393
1394 Make sure that you've read the UPDATING file to understand the
1395 tweaks to various things you need. At this point in the life
1396 cycle of current, things change often and you are on your own
1397 to cope. The defaults can also change, so please read ALL of
1398 the UPDATING entries.
1399
1400 Also, if you are tracking -current, you must be subscribed to
1401 freebsd-current@freebsd.org. Make sure that before you update
1402 your sources that you have read and understood all the recent
1403 messages there. If in doubt, please track -stable which has
1404 much fewer pitfalls.
1405
1406 [1] If you have third party modules, such as vmware, you
1407 should disable them at this point so they don't crash your
1408 system on reboot.
1409
1410 [3] From the bootblocks, boot -s, and then do
1411 fsck -p
1412 mount -u /
1413 mount -a
1414 cd src
1415 adjkerntz -i # if CMOS is wall time
1416 Also, when doing a major release upgrade, it is required that
1417 you boot into single user mode to do the installworld.
1418
1419 [4] Note: This step is non-optional. Failure to do this step
1420 can result in a significant reduction in the functionality of the
1421 system. Attempting to do it by hand is not recommended and those
1422 that pursue this avenue should read this file carefully, as well
1423 as the archives of freebsd-current and freebsd-hackers mailing lists
1424 for potential gotchas.
1425
1426 [5] Usually this step is a noop. However, from time to time
1427 you may need to do this if you get unknown user in the following
1428 step. It never hurts to do it all the time.
1429
1430 [8] In order to have a kernel that can run the 5.x binaries
1431 needed to do an installworld, you must include the COMPAT_FREEBSD5
1432 option in your kernel. Failure to do so may leave you with a system
1433 that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5
1434 is required to run the 5.x binaries on more recent kernels.
1435
1436 Make sure that you merge any new devices from GENERIC since the
1437 last time you updated your kernel config file.
1438
1439 [9] When checking out sources, you must include the -P flag to have
1440 cvs prune empty directories.
1441
1442 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1443 "?=" instead of the "=" assignment operator, so that buildworld can
1444 override the CPUTYPE if it needs to.
1445
1446 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1447 not on the command line, or in /etc/make.conf. buildworld will
1448 warn if it is improperly defined.
1449
1450 Copyright information:
1451
1452 Copyright 1998-2005 M. Warner Losh. All Rights Reserved.
1453
1454 Redistribution, publication, translation and use, with or without
1455 modification, in full or in part, in any form or format of this
1456 document are permitted without further permission from the author.
1457
1458 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1459 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1460 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1461 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1462 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1463 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1464 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1465 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1466 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1467 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1468 POSSIBILITY OF SUCH DAMAGE.
1469
1470 If you find this document useful, and you want to, you may buy the
1471 author a beer.
1472
1473 Contact Warner Losh if you have any questions about your use of
1474 this document.
1475
1476 $FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
1477 $MidnightBSD$

Properties

Name Value
svn:keywords MidnightBSD=%H