ViewVC Help

View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing

root/src/trunk/UPDATING

Comparing trunk/UPDATING (file contents):
Revision 3199 by laffer1, Sat Nov 28 22:44:36 2009 UTC vs.
Revision 6032 by laffer1, Tue Sep 10 23:03:58 2013 UTC

#	Line 1 | Line 1
1	<	Updating Information for MidnightBSD users
1	>	Updating Information for MidnightBSD users.
2
3	<	20091028:
3	>	20130910:
4	>	Security updates: (kern.osreldate 5001)
5	>
6	>	nullfs(5)
7	>
8	>	The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
9	>	check whether the source and target of the link are both in the same
10	>	nullfs instance.  It is therefore possible to create a hardlink from a
11	>	location in one nullfs instance to a file in another, as long as the
12	>	underlying (source) filesystem is the same.
13	>
14	>	ifioctl
15	>
16	>	As is commonly the case, the IPv6 and ATM network layer ioctl request
17	>	handlers are written in such a way that an unrecognized request is
18	>	passed on unmodified to the link layer, which will either handle it or
19	>	return an error code.
20	>
21	>	Network interface drivers, however, assume that the SIOCSIFADDR,
22	>	SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
23	>	handled at the network layer, and therefore do not perform input
24	>	validation or verify the caller's credentials.  Typical link-layer
25	>	actions for these requests may include marking the interface as "up"
26	>	and resetting the underlying hardware.
27	>
28	>	20130824:
29	>	Fix a bug in sendmail 8.14.7 that interferes with how it
30	>	handles AAAA records interoperating with Microsoft DNS servers.
31	>	FreeBSD has already reported this to Sendmail and a fix
32	>	will be included in the next release.
33	>
34	>	Subversion 1.8.1 is now in the base system as a static
35	>	binary.  It has limited functionality, but can be used to
36	>	checkout/commit code.  It is named svnlite.
37	>
38	>	20130822:
39	>	Fix two security vulnerabilities.
40	>
41	>	Fix an integer overflow in IP_MSFILTER (IP MULTICAST).
42	>	This could be exploited to read memory by a user process.
43	>
44	>	When initializing the SCTP state cookie being sent in INIT-ACK chunks,
45	>	a buffer allocated from the kernel stack is not completely initialized.
46	>
47	>	Import xz 5.0.4
48	>
49	>	Import sqlite 3.7.17
50	>
51	>	Import BIND 9.8.5-P2
52	>
53	>	20130814:
54	>	mksh R48 imported.
55	>
56	>	Sendmail 8.14.7 imported.
57	>
58	>	20130717:
59	>	libmport bug was fixed causing hash verification to fail.
60	>
61	>	virtio(4) imported from FreeBSD 9-stable. SCSI support not
62	>	included.
63	>
64	>	20130612:
65	>	RELENG_0_4 created for 0.4. Development continues on 0.5.
66	>
67	>	20130402:
68	>	Update BIND and OpenSSL to resolve security advisories.
69	>
70	>	20130305:
71	>	MKSH R44 imported.
72	>
73	>	20130213:
74	>	MKSH R42b imported
75	>
76	>	20130211:
77	>	MKSH R42 imported
78	>
79	>	20130125:
80	>	MKSH R41 imported
81	>
82	>	20130122:
83	>	OpenSSH 5.8p2 imported
84	>
85	>	SQLite 3.7.15.2 imported
86	>
87	>	Fixed a longstanding bug in libmport extrating new index files.
88	>
89	>	20120710:
90	>	BSD licensed sort imported from FreeBSD-CURRENT
91	>
92	>	For now, GNU sort is installed as gnusort, but it will
93	>	go away in time.
94	>
95	>	20120708:
96	>	tcsh 6.18.01 imported.
97	>
98	>	NetBSD's iconv imported.
99	>
100	>	libc gains strnlen(3), memrchr(3), stpncpy(3).
101	>
102	>	20120612:
103	>	BIND security update related to CVE-2012-1667.
104	>
105	>	Zero length resource records can cause BIND to crash resulting
106	>	in a DOS attack or information disclosure.
107	>
108	>	20120407:
109	>	mksh R40f (fixes regression)
110	>
111	>	20120328:
112	>	mksh R40e
113	>
114	>	Perl 5.14.2
115	>
116	>	20120229:
117	>	cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable.
118	>
119	>	20120209:
120	>	mDNSResponder 333.10 imported
121	>
122	>	20111227:
123	>	import raid5 module for GEOM, graid5(8)
124	>
125	>	This is experimental and known to use a lot of kernel
126	>	memory.
127	>
128	>	20111223:
129	>	telnetd: fix a root exploit from a fixed buffer that was not checked
130	>
131	>	pam: don't allow escape from policy path.  Exploitable in KDE, etc.
132	>
133	>	Fix pam_ssh module:
134	>
135	>	If the pam_ssh module is enabled, attackers may be able to gain access
136	>	to user accounts which have unencrypted SSH private keys.
137	>
138	>	This has to due with the way that openssl works.  It ignores unencrpted data.
139	>
140	>	Fix security issue with chroot and ftpd.
141	>
142	>	nsdispatch(3) doesn't know it's working in a chroot and some
143	>	operations can cause files to get reloaded causing a security
144	>	hole in things like ftpd.
145	>
146	>	20111217:
147	>	libdialog/dialog upgraded to an lgpl version. As it's not
148	>	backwardly compatable, include the old libdialog as libodialog
149	>
150	>	20111212:
151	>	mksh r40d imported
152	>
153	>	20111210:
154	>	re(4) and rl(4) updated to support new chips.
155	>
156	>	GEOM synced with FreeBSD 7-stable.
157	>
158	>	MidnightBSD GPT partition types created in sys/gpt.h and
159	>	setup in boot loader and GEOM.
160	>
161	>	amdsbwd(4) (amd watchdog for south bridge) updated to support
162	>	8xx series chipset.
163	>
164	>	20111207:
165	>	import bsd grep from FreeBSD/OpenBSD.
166	>
167	>	MK_BSD_GREP controls which grep is installed
168	>	as grep with the other as bsdgrep or gnugrep.
169	>
170	>	20111122:
171	>	mksh vR40c imported.
172	>
173	>	20111117:
174	>	BIND 9.6 ESV R5 P1
175	>
176	>	20111107:
177	>	tzdata 2011n
178	>
179	>	20111026:
180	>	mDNSResponder v320
181	>
182	>	BIND 9.6 ESV R5
183	>
184	>	20111022:
185	>	cflow 0.0.6 imported
186	>
187	>	20111020:
188	>	less v436 imported
189	>
190	>	amdsbwd(4) AMD southbridge watchdog
191	>
192	>	20111019:
193	>	awk 20110810 imported
194	>
195	>	et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but
196	>	not included in GENERIC kernel.  The kernel module needs
197	>	testing before we can include it in GENERIC.
198	>
199	>	intr_bind code ported to allow an IRQ to be bound to one
200	>	specific CPU core.
201	>
202	>	20111017:
203	>	Time Zone Data v. 2011l (Released 10 October 2011)
204	>
205	>	Updated list of countries (iso3166) to work with new timezone data.
206	>
207	>	20111015:
208	>	Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used
209	>	to control which core or group of cores can be used for a given
210	>	process. Several new system calls were added to support this
211	>	functionality in the running kernel and for 32bit binary
212	>	compatibility on amd64.
213	>
214	>	The scheduler default has been changed to ULE in i386 and
215	>	amd64.  Changes were made to both schedulers (4BSD AND ULE)
216	>	for this feature.
217	>
218	>	This work is based on Jeff Roberson's FreeBSD 7.1 patches.
219	>
220	>	20111004:
221	>	Fix a problem with unix socket handling caused by the recent
222	>	patch to unix socket path handling. This allows network
223	>	apps to work under the linuxolator again.
224	>
225	>	20111001:
226	>	Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is
227	>	now default and an environment variable must be set to use
228	>	active.
229	>
230	>	20110930:
231	>	Introduce quirks handling for several umass devices including
232	>	USB cameras.  Add workaround for Cyberpower UPS devices.
233	>
234	>	Bring in further bug fixes from FreeBSD and NetBSD for alc(4).
235	>	Stale ip/tcp header pointers are no longer used, lockups fixed
236	>	when network cable is unplugged on bootup, enable TX checksum
237	>	offloading.
238	>
239	>	Add a new man page for gcache(8), a useful geom class when
240	>	working with large raid3 sets.
241	>
242	>	Restore previous workaround for Cypress pata storage controller.
243	>
244	>	20110929:
245	>	Sync ath(4) with FreeBSD 7.3.
246	>
247	>	The following modules are no longer available, and should be
248	>	removed from loader.conf:
249	>	ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
250	>
251	>	alc(4) would hibernate when a cable was unplugged and often
252	>	required bring the interface down and up to "wake up" so that
253	>	a connection could be established.  Disable hibernation.
254	>
255	>	20110928:
256	>	Fix security issues with gzip and compress related to .Z
257	>	files that are corrupted.
258	>
259	>	Fix path validation with unix domain sockets.
260	>
261	>	20110917:
262	>	Remove dependance on mports perl for generating releases as
263	>	it's in the base system.
264	>
265	>	20110914:
266	>	Import xz 5.0.3 with liblzma 5.0.3
267	>
268	>	20110813:
269	>	synced the sparc64 GENERIC kernel configuration with amd64.
270	>
271	>	20110806:
272	>	sqlite 3.7.7.1 imported
273	>
274	>	msearch(1), libmsearch and msearch.import added.  msearch(1) provides
275	>	a full text search command line tool.  libmsearch can also be used
276	>	to build a graphical based search in the future. You can enable
277	>	index building for msearch in periodic.conf or manually run the
278	>	/usr/libexec/msearch.index tool.  Full text indexes take considerable
279	>	space in /var.  I'm using approximately 500MB currently.
280	>
281	>	Fix a long standing bug with the periodic script to check package
282	>	versions.  This will be obsolete with mport though.
283	>
284	>	20110710:
285	>	kdb_enter_why added to MidnightBSD to allow the kernel debugger to
286	>	know why it's in use and thus script can be run.
287	>
288	>	Yet another problem with the perl manifest was fixed
289	>
290	>	20110709:
291	>	cpufreq(1) is a new utility to monitor CPU frequency which may change
292	>	with use of powerd(8) and cpufreq(4).
293	>
294	>	20110612:
295	>	Update mksh to R40
296	>
297	>	Catch up ObsoleteFiles.inc to remove Perl 5.10.x.  Good to run when
298	>	updating current (cd /usr/src && make check-old)
299	>
300	>	20110528:
301	>	Fix CVE-2011-1910 in BIND 9.6.x.  This affects caching resolvers.
302	>
303	>	20110526:
304	>	newfs:
305	>	Raised the default blocksize for UFS/FFS filesystems from
306	>	16K to 32K and the default fragment size from 2K to 4K.
307	>
308	>	This should slightly imporve performance on "advanced format"
309	>	hard drives such as the WD EARS drives. Drives of this type
310	>	have emulation modes that slow down with lower sizes.  Of course
311	>	the drive must still be aligned properly when using fdisk.
312	>
313	>	20110521:
314	>	mport tool now has a deleteall command.  This can be used to remove
315	>	all packages from a system.
316	>
317	>	A few bugs with the perl 5.14 import have been fixed.
318	>
319	>	20110518:
320	>	Perl 5.14.0
321	>
322	>	20110517:
323	>	Sendmail 8.14.5
324	>
325	>	20110314:
326	>	DRM/DRI code updated to support newer video cards. (FreeBSD 7.1)
327	>
328	>	cdevpriv wrappers added
329	>
330	>	nss_mdns hack introduced to work around linking problem.
331	>
332	>	dnsextd fixed after update to mDNSResponder code.
333	>
334	>	20110308:
335	>	Introduce liblzma & xz 5.0.1 to the base system
336	>
337	>	Patch for OpenSSL security issue CVE-2011-0014.
338	>
339	>	"OSREVISION 4004"
340	>
341	>	nsswitch module for multicast dns (nss_mdns) added.
342	>
343	>	tzdata2011c
344	>
345	>	20110220:
346	>	cam(4) syncronized with FreeBSD 7.3.
347	>
348	>	20110219:
349	>	amdtemp(4) updated to support sensors framework.
350	>
351	>	20110217:
352	>	Perl 5.10.1 imported
353	>
354	>	20110216:
355	>	Introduce igb(4) and split Intel Gigabit Ethernet adapters between
356	>	igb(4) and em(4).  Newer devices use igb(4).  The code has moved
357	>	to sys/dev/e1000 for both devices in the kernel. igb(4) has
358	>	been placed in GENERIC on i386 and amd64.
359	>
360	>	Update bfe(4) to support newer devices and WOL.
361	>
362	>	20110215:
363	>	age(4) added.
364	>
365	>	20110208:
366	>	BIND 9.6.3 which fixes a bug with DNSSEC records getting added.
367	>
368	>	20110206:
369	>	eeemon(4) added to monitor Asus Eee PC.
370	>
371	>	20110205:
372	>	OpenSSH 5.7p1
373	>
374	>	GNU sort 6.9 (coreutils)
375	>
376	>	20110203:
377	>	one true awk 20100523 imported
378	>
379	>	sqlite 3.7.5
380	>
381	>	OpenSSL 0.9.8q
382	>
383	>	20110202:
384	>	tcsh 6.17.00
385	>
386	>	file 5.05
387	>
388	>	20110122:
389	>	Import it(4) and lm(4), with support for Super I/O hardware monitors. This
390	>	uses the sensors framework ported by Constantine A. Murenin (GSOC2007)
391	>
392	>	20110120:
393	>	BIND 9.6.2-P3
394	>
395	>	sudo 1.7.4-p6
396	>
397	>	20110115:
398	>	Add experimental jme(4) for Jmicron ethernet devices.
399	>
400	>	20101130:
401	>	A double free exists in the SSL client ECDH handling code, when
402	>	processing specially crafted public keys with invalid prime
403	>	numbers. [CVE-2010-2939]
404	>
405	>	20101120:
406	>	Several portions of the kernel and userland code related to UFS file
407	>	systems (and UFS2) cannot properly handle inode counts above 2^31 due
408	>	to use of int types.  Based on a patch from FreeBSD, I've modified
409	>	our UFS2 implementation to handle unsigned values for inode counts
410	>	which should allow for file systems greater than 16TB.
411	>
412	>	newfs and growfs was also modified.
413	>
414	>	20101110:
415	>	Fix a security issue with pseudofs which could result in running code in kernel
416	>	context or a kernel panic depending on system configuration.  This affects file
417	>	systems such as procfs for instance.
418	>
419	>	20101021:
420	>	sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily.
421	>	This is similar to functions present in many linux distros. The utility was
422	>	written by Devin Teske for FreeBSD.
423	>
424	>	20100920:
425	>	bzip2 security patch for integer overflow.
426	>
427	>	20100905:
428	>	MidnightBSD RELENG_0_3 branch created.  Aggressive development continues here
429	>	for 0.4.
430	>
431	>	20100902:
432	>	Fix a security issue with libutil that allows users to bypass cpu limits in
433	>	login.conf in some cases.  This combined with OpenSSH for example can allow
434	>	the user to get more resources than they're allowed.
435	>
436	>	20100822:
437	>	Import Apple's mDNSResponder (mdnsd).
438	>
439	>	20100814:
440	>	libdispatch added to MidnightBSD.  This provides functionality found in
441	>	Mac OS X's GCD.  We do not have blocks support yet.  As this code is
442	>	licensed under Apache 2, we create a new MK_APACHE option so that
443	>	it's not required for all users to run code under a license they
444	>	may not like.
445	>
446	>	20100713:
447	>	mbuf readonly fix related to sendfile(2) data corruption.
448	>
449	>	20100704:
450	>	brainfuck(1) imported from MirBSD.
451	>
452	>	20100505:
453	>	zlib 1.2.5
454	>
455	>	20100430:
456	>	Sudo 1.7.2p6 imported
457	>
458	>	20100321:
459	>	Update zlib to 1.2.4
460	>
461	>	20100319:
462	>	Removed i586 from default i386 generic kernel.
463	>
464	>	20100317:
465	>	Update to tzdata2010e (time zones).  This includes changes in
466	>	Mexico.
467	>
468	>	Add support for several newer sound cards via hda including
469	>	ATI and Realtek chipsets.
470	>
471	>	20100313:
472	>	CPU detection has been changed.  VIA Padlock detection added.
473	>
474	>	20100312:
475	>	Fix a number of bugs and compiler warnings in libmport. Handle
476	>	plus signs in paths for mport.check-fake
477	>
478	>	20100311:
479	>	mksh R39c
480	>
481	>	20100309:
482	>	Sudo 1.7.2p5
483	>
484	>	sqlite3 3.6.23
485	>
486	>	mksh R39b
487	>
488	>	libffi (ffi) 3.0.9
489	>
490	>	20100206:
491	>	WITHOUT_LIB32 is no longer needed on AMD64.  GCC was fixed to
492	>	properly pass arguments to ld.
493	>
494	>	re(4) and rl(4) have been updated to support several new
495	>	realtek chipsets.  Performance has been improved on re(4).
496	>
497	>	20100204:
498	>	Fix a bug cropping up on AMD64 MidnightBSD with sftp
499	>	segfaulting.
500	>
501	>	20100116:
502	>	Import ash changes from FreeBSD (bin/sh) 8-Stable.
503	>
504	>	BIND 9.6.1-P2
505	>
506	>	20100110:
507	>	Import Sendmail 8.14.4. Fix for SSL vulnerability.
508	>
509	>	posix_spawn(3) added to MidnightBSD libc.  Users may need to build and
510	>	install libc before doing a full buildworld when upating from 0.2 or
511	>	older current systems.
512	>
513	>	kqueue(2) was modified to support portions of libdispatch functionality.
514	>
515	>	20100106:
516	>	Bind security update.  Fix a bug with DNSSEC that causes negative
517	>	cache entries and thus a possible DNS cache poisoning attack.
518	>
519	>	Fix a bug in ZFS that can reset permissions on system crashes.
520	>
521	>	20091228:
522	>	amdtemp(4) was added.  It allows one to monitor to the temperature
523	>	of an AMD CPU such as a Phenom.
524	>
525	>	20091205:
526	>	OpenSSL security fix
527	>
528	>	The SSL version 3 and TLS protocols support session renegotiation without
529	>	cryptographically tying the new session parameters to the old parameters.
530	>
531	>	20091128:
532		OpenBSD sensors framework imported including sensorsd(8)
533
534	<	20091026:
534	>	20091126:
535		OpenNTPD 4.4 import
536
537		Update OpenSSH to 5.3p1
538
539		mksh R39
540
541	<	20091024:
541	>	20091124:
542		cpdup updated from DragonFly to 1.15
543
544		tzdata2009s updated with latest timezone data for November 2009.
#	Line 774 | Line 1302 | Contact Warner Losh if you have any questions about yo
1302		this document.
1303
1304		$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
1305	<	$MidnightBSD: src/UPDATING,v 1.71 2009/11/26 18:25:29 laffer1 Exp $
1305	>	$MidnightBSD: src/UPDATING,v 1.180 2013/08/24 20:13:37 laffer1 Exp $

Comparing trunk/UPDATING (property cvs2svn:cvs-rev):
Revision 3199 by laffer1, Sat Nov 28 22:44:36 2009 UTC vs.
Revision 6032 by laffer1, Tue Sep 10 23:03:58 2013 UTC

#	Line 1 | Line 1
1	<	1.72
1	>	1.181

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines