ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/src/trunk/UPDATING
Revision: 7467
Committed: Thu Mar 17 12:34:11 2016 UTC (8 years, 2 months ago) by laffer1
File size: 50661 byte(s)
Log Message: 
        OpenSSH doesn't have the luck of the Irish.

        Fix a security issue with OpenSSH X11 forwarding that can allow an attacker
        run shell commands on the call to xauth.

File Contents

# Content
1 Updating Information for MidnightBSD users.
2
3 20160317:
4 OpenSSH doesn't have the luck of the Irish.
5
6 Fix a security issue with OpenSSH X11 forwarding that can allow an attacker
7 run shell commands on the call to xauth.
8
9 20160229:
10 top now displays information on ZFS arc cache.
11
12 20160228:
13 llvm + clang 3.3 is now the default compiler in MidnightBSD.
14
15 20160222:
16 Introduce pipe2 to linux emulation layer.
17
18 20160114:
19 OpenSSL
20
21 The signature verification routines will crash with a NULL pointer dereference
22 if presented with an ASN.1 signature using the RSA PSS algorithm and absent
23 mask generation function parameter. [CVE-2015-3194]
24
25 When presented with a malformed X509_ATTRIBUTE structure, OpenSSL will leak
26 memory. [CVE-2015-3195]
27
28 If PSK identity hints are received by a multi-threaded client then the values
29 are incorrectly updated in the parent SSL_CTX structure. [CVE-2015-3196]
30
31 Fix security on bsnmpd configuration file during installation.
32
33 TCP MD5 signature denial of service
34
35 A programming error in processing a TCP connection with both TCP_MD5SIG
36 and TCP_NOOPT socket options may lead to kernel crash.
37
38 SCTP
39
40 A lack of proper input checks in the ICMPv6 processing in the SCTP stack
41 can lead to either a failed kernel assertion or to a NULL pointer
42 dereference. In either case, a kernel panic will follow.
43
44 20160102:
45 Happy New Year
46
47 20151101:
48 Increase kern.ipc.somaxconn default to 256.
49
50 20151017:
51 Add initial statistics api to libmport and a driver to print
52 it in mport(1).
53
54 20151002:
55 Revised rpcbind(8) patch to fix issues with NIS
56
57 20150930:
58 In rpcbind(8), netbuf structures are copied directly, which would result in
59 two netbuf structures that reference to one shared address buffer. When one
60 of the two netbuf structures is freed, access to the other netbuf structure
61 would result in an undefined result that may crash the rpcbind(8) daemon.
62
63 20150926:
64 libmport now supports @preexec, @postexec, @preunexec and @postunexec
65 to replace @exec and @unexec.
66
67 pre exec runs afer pre-install scripts but before actual installation
68
69 post exec runs after install but before post install scripts and
70 pkg message.
71
72 pre unexec runs before pre uninstall scripts
73
74 post unexec runs before de-install scripts and after file removal.
75
76 20150917:
77 Fix kqueue write events for files > 2GB
78
79 20150825:
80 kernel:
81 fix a security issue on amd64 where the GS segment CPU register can be changed via
82 userland value in kernel mode by using an IRET with #SS or #NP exceptions.
83
84 openssh:
85 A programming error in the privileged monitor process of the sshd(8)
86 service may allow the username of an already-authenticated user to be
87 overwritten by the unprivileged child process.
88
89 A use-after-free error in the privileged monitor process of he sshd(8)
90 service may be deterministically triggered by the actions of a
91 compromised unprivileged child process.
92
93 A use-after-free error in the session multiplexing code in the sshd(8)
94 service may result in unintended termination of the connection.
95
96 20150818:
97 expat security fix
98
99 20150815:
100 libc changes:
101 setmode(3) now returns errno consistently on error.
102 libc will compile without error using clang
103
104 20150814:
105 wait6 system call added.
106
107 date(1) now handles non numeric numbers passed to -r
108 like GNU coreutils for improved compatibility.
109
110 20150811:
111 ata(4) AMD Hudson2 SATA controller support.
112 Intel lynxpoint SATA.
113
114 Fix some const warnings when building several device drivers
115 with llvm/clang.
116
117 Sync cas(4) with FreeBSD 9-stable.
118
119 Fix some minor issues with ath(4).
120
121 20150809:
122 xz 5.0.8
123
124 20150808:
125 libmport now logs installation and removal of packages to syslog.
126
127 20150805:
128 routed - fix a potential security issue where traffic from outside
129 the network can disrupt routing.
130
131 bsd patch - fix a bug with ed(1) scripts allowing unsanitized input
132 to run.
133
134 20150802:
135 jansson 2.7 library added. (libjansson is a JSON library in C)
136
137 20150728:
138 Heimdal 1.5.2 (kerberos implementation)
139
140 OpenSSL 1.0.1o
141
142 cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2.
143
144 TCP Resassemly resource exhaustion bug:
145 There is a mistake with the introduction of VNET, which converted the
146 global limit on the number of segments that could belong to reassembly
147 queues into a per-VNET limit. Because mbufs are allocated from a
148 global pool, in the presence of a sufficient number of VNETs, the
149 total number of mbufs attached to reassembly queues can grow to the
150 total number of mbufs in the system, at which point all network
151 traffic would cease.
152 Obtained from: FreeBSD 8
153
154 OpenSSH
155
156 Fix two security vulnerabilities:
157 OpenSSH clients does not correctly verify DNS SSHFP records when a server
158 offers a certificate. [CVE-2014-2653]
159
160 OpenSSH servers which are configured to allow password authentication
161 using PAM (default) would allow many password attempts. A bug allows
162 MaxAuthTries to be bypassed. [CVE-2015-5600]
163
164
165 Switch to bsdpatch (from FreeBSD & OpenBSD)
166
167 20150726:
168 BSD Sort updated
169
170 sqlite 3.8.10.2
171
172 20150725:
173 Import reallocarray from OpenBSD's libc.
174
175 The reallocarray() function is similar to realloc() except it operates on
176 nmemb members of size size and checks for integer overflow in the
177 calculation nmemb * size.
178
179 20150722:
180 Fix a bug where TCP connections transitioning to LAST_ACK
181 state can get stuck. This can result in a denial of service.
182
183 20150715:
184 libmport now supports @shell and @sample in plists. This means that
185 a shell port can automatically add an entry to /etc/shells and remove
186 it upon uninstallation. For sample files, a copy is made without the
187 .sample extension if one does not exist and it is removed automatically
188 only if the md5 hash of the two files is the same.
189
190 20150709:
191 flex 2.5.39
192
193 20150702:
194 ZFS in MidnightBSD now supports lz4 compression. You can enable it
195 with zfs set compression=lz4 pool/path.
196
197 Verify it's working with
198 zfs get compressratio pool/path
199 du -h -s *
200
201 Note you must write new data when turning on compression to see
202 changes. Existing files are not compressed.
203
204 Note: While we used the same basic implementation of lz4 that
205 FreeBSD and OpenZFS uses, we did not yet implement features support
206 and the zfs version still reports 28. This may come in a future update
207 to ZFS.
208
209 20150621:
210 libmport now automatically stops services when deleting packages.
211
212 The package must have installed an rc.d script in /usr/local/etc
213 for this to work. This is equivalent to running service <name> onestop
214
215 20150618:
216 Sendmail
217
218 With the recent changes to OpenSSL to block 512 bit certificates,
219 sendmail can't connect with TLS to some servers.
220
221 Increase the default size to 1024 bit for client connections to
222 match the server configuration.
223
224 ZFS
225
226 Added ZFS TRIM support which is enabled by default. To disable
227 ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf.
228
229 Creating new ZFS pools and adding new devices to existing pools
230 first performs a full device level TRIM which can take a significant
231 amount of time. The sysctl vfs.zfs.vdev.trim_on_init can be set to 0
232 to disable this behaviour.
233
234 ZFS TRIM requires the underlying device support BIO_DELETE which
235 is currently provided by methods such as ATA TRIM and SCSI UNMAP
236 via CAM, which are typically supported by SSD's.
237
238 Stats for ZFS TRIM can be monitored by looking at the sysctl's
239 under kstat.zfs.misc.zio_trim.
240
241 rc.d
242
243 Reworked handling of cleanvar and FILESYSTEMS so that FILESYSTEMS
244 implies everything is mounted and ready to go.
245
246 Changed how ip6addressctl maps IPv6 on startup.
247
248 20150613:
249 tzdata 2015d
250
251 20150612:
252 OpenSSL 0.9.8zg
253
254 20150419:
255 MidnightBSD 0.6 stable branch created. Continue 0.7
256 development.
257
258 20150418:
259 sqlite 3.8.9
260
261 20150407:
262 Fix two security vulnerabilities:
263
264 The previous fix for IGMP had an overflow issue. This has been corrected.
265
266 ipv6: The Neighbor Discover Protocol allows a local router to advertise a
267 suggested Current Hop Limit value of a link, which will replace
268 Current Hop Limit on an interface connected to the link on the MidnightBSD
269 system.
270
271 20150319:
272 OpenSSL 0.9.8.zf
273
274 mksh R50e
275
276 Apple mDNSResponder 561.1.1
277
278 20150306:
279 Upgrade OpenSSL to 0.9.8ze
280
281 20150225:
282 Fix two security vulnerabilities.
283
284 1. BIND servers which are configured to perform DNSSEC validation and which
285 are using managed keys (which occurs implicitly when using
286 "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
287 unpredictable behavior due to the use of an improperly initialized
288 variable.
289
290 CVE-2015-1349
291
292 2. An integer overflow in computing the size of IGMPv3 data buffer can result
293 in a buffer which is too small for the requested operation.
294
295 This can result in a DOS attack.
296
297 20141211:
298 Fix a security issue with file and libmagic that can allow
299 an attacker to create a denial of service attack on any
300 program that uses libmagic.
301
302 20141109:
303 Fix building perl during buildworld when the GDBM port is installed.
304
305 20141106:
306 tzdata 2014i
307
308 20141102:
309 serf 1.3.8
310
311 20141031:
312 tnftp 20141031 fixes a security vulnerability with tnftp,
313 CVE-2014-8517.
314
315 20141028:
316 OpenSSL 0.9.8zc
317
318 20141021:
319 Fix several security vulnerabilities in routed, rtsold,
320 and namei with respect to Capsicum sandboxes looking up
321 nonexistent path names and leaking memory.
322
323 The input path in routed(8) will accept queries from any source and
324 attempt to answer them. However, the output path assumes that the
325 destination address for the response is on a directly connected
326 network.
327
328 Due to a missing length check in the code that handles DNS parameters,
329 a malformed router advertisement message can result in a stack buffer
330 overflow in rtsold(8).
331
332 20141011:
333 mksh R50d - fix field splitting regression and null
334 pointer dereference
335
336 xz 5.0.7
337
338 OpenSSH 6.6p1
339
340 20141004:
341 mksh R50c - security update for environment var bug with
342 foo vs foo+
343
344 20141002:
345 sqlite 3.8.6
346
347 sudo 1.7.8 - some issues with the current version, but we're slowly
348 getting up to date.
349
350 20141001:
351 mksh R50b
352
353 libmport now supports plist commands @dir, @owner, @group, @mode.
354
355 sudo 1.7.6p2
356
357 20140916:
358 Fix a security issue with TCP SYN.
359
360 When a segment with the SYN flag for an already existing connection arrives,
361 the TCP stack tears down the connection, bypassing a check that the
362 sequence number in the segment is in the expected window.
363
364 20140909:
365 Fixed a bug with our clearenv(3) implementation that caused segfaults
366 with some programs including Dovecot.
367
368 OpenSSL security patch:
369
370 The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
371 to consume large amounts of memory. [CVE-2014-3506]
372
373 The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
374 memory. [CVE-2014-3507]
375
376 A flaw in OBJ_obj2txt may cause pretty printing functions such as
377 X509_name_oneline, X509_name_print_ex et al. to leak some information from
378 the stack. [CVE-2014-3508]
379
380 OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
381 a denial of service attack. [CVE-2014-3510]
382
383 20140902:
384 We're now 0.6-CURRENT
385
386 Update USB quirks to support K70 Corsair keyboard, and several
387 other devices.
388
389 20140827:
390 Perl 5.18.2
391
392 20140728:
393 Jails now run shutdown scripts.
394
395 20140710:
396 Fix a vulnerability in the control message API. A buffer is not properly cleared
397 before sharing with userland.
398
399 20140701:
400 MKSH R50
401
402 20140630:
403 File 5.19
404
405 20140605:
406 Fix four security issues with OpenSSL
407
408 20140604:
409 Sendmail failed to properly set close-on-exec for open file descriptors.
410
411 ktrace page fault kernel trace entries were set to an incorrect size which resulted
412 in a leak of information.
413
414 20140430:
415 Fix a TCP reassembly bug that could result in a DOS attack
416 of the system. It may be possible to obtain portions
417 of kernel memory as well.
418
419 20140411:
420 Update zlib to 1.2.7
421
422 20140122:
423 Support for username with length 32. Previous limit was 16
424
425 20140114:
426 Fix two security vulnerabilities.
427
428 bsnmpd contains a stack overflow when sent certain queries.
429
430 bind 9.8 when using NSEC3-signed zones zones, will crash with special
431 crafted packets.
432
433 20131228:
434 Imported FreeBSD 9.2 usb stack (plus z87 patches from stable)
435
436 Updated em(4), igb(4) and ixgbe(4)
437
438 MidnightBSD now works with Z87 Intel chipsets.
439
440 20131207:
441 Remove sparc64 architecture. It hasn't been working for awhile
442 and it's not useful for desktops anymore.
443
444 20131205:
445 OpenSSH 6.4p1
446
447 20131203:
448 Perl 5.18.1 imported.
449
450 Update less to v458
451
452 20131130:
453 Remove named from base. We still include the client utilities for
454 now until replacements can be found.
455
456 20131004:
457 rarpd supports vlan(4) and has a pid flag. (from FreeBSD)
458
459 20130917:
460 Support for 65,536 routing tables was added. A new fib specific
461 field has been added to mbuf. This is an increase from 16.
462
463 20130910:
464 Security updates: (kern.osreldate 5001)
465
466 nullfs(5)
467
468 The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
469 check whether the source and target of the link are both in the same
470 nullfs instance. It is therefore possible to create a hardlink from a
471 location in one nullfs instance to a file in another, as long as the
472 underlying (source) filesystem is the same.
473
474 ifioctl
475
476 As is commonly the case, the IPv6 and ATM network layer ioctl request
477 handlers are written in such a way that an unrecognized request is
478 passed on unmodified to the link layer, which will either handle it or
479 return an error code.
480
481 Network interface drivers, however, assume that the SIOCSIFADDR,
482 SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
483 handled at the network layer, and therefore do not perform input
484 validation or verify the caller's credentials. Typical link-layer
485 actions for these requests may include marking the interface as "up"
486 and resetting the underlying hardware.
487
488 20130824:
489 Fix a bug in sendmail 8.14.7 that interferes with how it
490 handles AAAA records interoperating with Microsoft DNS servers.
491 FreeBSD has already reported this to Sendmail and a fix
492 will be included in the next release.
493
494 Subversion 1.8.1 is now in the base system as a static
495 binary. It has limited functionality, but can be used to
496 checkout/commit code. It is named svnlite.
497
498 20130822:
499 Fix two security vulnerabilities.
500
501 Fix an integer overflow in IP_MSFILTER (IP MULTICAST).
502 This could be exploited to read memory by a user process.
503
504 When initializing the SCTP state cookie being sent in INIT-ACK chunks,
505 a buffer allocated from the kernel stack is not completely initialized.
506
507 Import xz 5.0.4
508
509 Import sqlite 3.7.17
510
511 Import BIND 9.8.5-P2
512
513 20130814:
514 mksh R48 imported.
515
516 Sendmail 8.14.7 imported.
517
518 20130717:
519 libmport bug was fixed causing hash verification to fail.
520
521 virtio(4) imported from FreeBSD 9-stable. SCSI support not
522 included.
523
524 20130612:
525 RELENG_0_4 created for 0.4. Development continues on 0.5.
526
527 20130402:
528 Update BIND and OpenSSL to resolve security advisories.
529
530 20130305:
531 MKSH R44 imported.
532
533 20130213:
534 MKSH R42b imported
535
536 20130211:
537 MKSH R42 imported
538
539 20130125:
540 MKSH R41 imported
541
542 20130122:
543 OpenSSH 5.8p2 imported
544
545 SQLite 3.7.15.2 imported
546
547 Fixed a longstanding bug in libmport extrating new index files.
548
549 20120710:
550 BSD licensed sort imported from FreeBSD-CURRENT
551
552 For now, GNU sort is installed as gnusort, but it will
553 go away in time.
554
555 20120708:
556 tcsh 6.18.01 imported.
557
558 NetBSD's iconv imported.
559
560 libc gains strnlen(3), memrchr(3), stpncpy(3).
561
562 20120612:
563 BIND security update related to CVE-2012-1667.
564
565 Zero length resource records can cause BIND to crash resulting
566 in a DOS attack or information disclosure.
567
568 20120407:
569 mksh R40f (fixes regression)
570
571 20120328:
572 mksh R40e
573
574 Perl 5.14.2
575
576 20120229:
577 cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable.
578
579 20120209:
580 mDNSResponder 333.10 imported
581
582 20111227:
583 import raid5 module for GEOM, graid5(8)
584
585 This is experimental and known to use a lot of kernel
586 memory.
587
588 20111223:
589 telnetd: fix a root exploit from a fixed buffer that was not checked
590
591 pam: don't allow escape from policy path. Exploitable in KDE, etc.
592
593 Fix pam_ssh module:
594
595 If the pam_ssh module is enabled, attackers may be able to gain access
596 to user accounts which have unencrypted SSH private keys.
597
598 This has to due with the way that openssl works. It ignores unencrpted data.
599
600 Fix security issue with chroot and ftpd.
601
602 nsdispatch(3) doesn't know it's working in a chroot and some
603 operations can cause files to get reloaded causing a security
604 hole in things like ftpd.
605
606 20111217:
607 libdialog/dialog upgraded to an lgpl version. As it's not
608 backwardly compatable, include the old libdialog as libodialog
609
610 20111212:
611 mksh r40d imported
612
613 20111210:
614 re(4) and rl(4) updated to support new chips.
615
616 GEOM synced with FreeBSD 7-stable.
617
618 MidnightBSD GPT partition types created in sys/gpt.h and
619 setup in boot loader and GEOM.
620
621 amdsbwd(4) (amd watchdog for south bridge) updated to support
622 8xx series chipset.
623
624 20111207:
625 import bsd grep from FreeBSD/OpenBSD.
626
627 MK_BSD_GREP controls which grep is installed
628 as grep with the other as bsdgrep or gnugrep.
629
630 20111122:
631 mksh vR40c imported.
632
633 20111117:
634 BIND 9.6 ESV R5 P1
635
636 20111107:
637 tzdata 2011n
638
639 20111026:
640 mDNSResponder v320
641
642 BIND 9.6 ESV R5
643
644 20111022:
645 cflow 0.0.6 imported
646
647 20111020:
648 less v436 imported
649
650 amdsbwd(4) AMD southbridge watchdog
651
652 20111019:
653 awk 20110810 imported
654
655 et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but
656 not included in GENERIC kernel. The kernel module needs
657 testing before we can include it in GENERIC.
658
659 intr_bind code ported to allow an IRQ to be bound to one
660 specific CPU core.
661
662 20111017:
663 Time Zone Data v. 2011l (Released 10 October 2011)
664
665 Updated list of countries (iso3166) to work with new timezone data.
666
667 20111015:
668 Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used
669 to control which core or group of cores can be used for a given
670 process. Several new system calls were added to support this
671 functionality in the running kernel and for 32bit binary
672 compatibility on amd64.
673
674 The scheduler default has been changed to ULE in i386 and
675 amd64. Changes were made to both schedulers (4BSD AND ULE)
676 for this feature.
677
678 This work is based on Jeff Roberson's FreeBSD 7.1 patches.
679
680 20111004:
681 Fix a problem with unix socket handling caused by the recent
682 patch to unix socket path handling. This allows network
683 apps to work under the linuxolator again.
684
685 20111001:
686 Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is
687 now default and an environment variable must be set to use
688 active.
689
690 20110930:
691 Introduce quirks handling for several umass devices including
692 USB cameras. Add workaround for Cyberpower UPS devices.
693
694 Bring in further bug fixes from FreeBSD and NetBSD for alc(4).
695 Stale ip/tcp header pointers are no longer used, lockups fixed
696 when network cable is unplugged on bootup, enable TX checksum
697 offloading.
698
699 Add a new man page for gcache(8), a useful geom class when
700 working with large raid3 sets.
701
702 Restore previous workaround for Cypress pata storage controller.
703
704 20110929:
705 Sync ath(4) with FreeBSD 7.3.
706
707 The following modules are no longer available, and should be
708 removed from loader.conf:
709 ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
710
711 alc(4) would hibernate when a cable was unplugged and often
712 required bring the interface down and up to "wake up" so that
713 a connection could be established. Disable hibernation.
714
715 20110928:
716 Fix security issues with gzip and compress related to .Z
717 files that are corrupted.
718
719 Fix path validation with unix domain sockets.
720
721 20110917:
722 Remove dependance on mports perl for generating releases as
723 it's in the base system.
724
725 20110914:
726 Import xz 5.0.3 with liblzma 5.0.3
727
728 20110813:
729 synced the sparc64 GENERIC kernel configuration with amd64.
730
731 20110806:
732 sqlite 3.7.7.1 imported
733
734 msearch(1), libmsearch and msearch.import added. msearch(1) provides
735 a full text search command line tool. libmsearch can also be used
736 to build a graphical based search in the future. You can enable
737 index building for msearch in periodic.conf or manually run the
738 /usr/libexec/msearch.index tool. Full text indexes take considerable
739 space in /var. I'm using approximately 500MB currently.
740
741 Fix a long standing bug with the periodic script to check package
742 versions. This will be obsolete with mport though.
743
744 20110710:
745 kdb_enter_why added to MidnightBSD to allow the kernel debugger to
746 know why it's in use and thus script can be run.
747
748 Yet another problem with the perl manifest was fixed
749
750 20110709:
751 cpufreq(1) is a new utility to monitor CPU frequency which may change
752 with use of powerd(8) and cpufreq(4).
753
754 20110612:
755 Update mksh to R40
756
757 Catch up ObsoleteFiles.inc to remove Perl 5.10.x. Good to run when
758 updating current (cd /usr/src && make check-old)
759
760 20110528:
761 Fix CVE-2011-1910 in BIND 9.6.x. This affects caching resolvers.
762
763 20110526:
764 newfs:
765 Raised the default blocksize for UFS/FFS filesystems from
766 16K to 32K and the default fragment size from 2K to 4K.
767
768 This should slightly imporve performance on "advanced format"
769 hard drives such as the WD EARS drives. Drives of this type
770 have emulation modes that slow down with lower sizes. Of course
771 the drive must still be aligned properly when using fdisk.
772
773 20110521:
774 mport tool now has a deleteall command. This can be used to remove
775 all packages from a system.
776
777 A few bugs with the perl 5.14 import have been fixed.
778
779 20110518:
780 Perl 5.14.0
781
782 20110517:
783 Sendmail 8.14.5
784
785 20110314:
786 DRM/DRI code updated to support newer video cards. (FreeBSD 7.1)
787
788 cdevpriv wrappers added
789
790 nss_mdns hack introduced to work around linking problem.
791
792 dnsextd fixed after update to mDNSResponder code.
793
794 20110308:
795 Introduce liblzma & xz 5.0.1 to the base system
796
797 Patch for OpenSSL security issue CVE-2011-0014.
798
799 "OSREVISION 4004"
800
801 nsswitch module for multicast dns (nss_mdns) added.
802
803 tzdata2011c
804
805 20110220:
806 cam(4) syncronized with FreeBSD 7.3.
807
808 20110219:
809 amdtemp(4) updated to support sensors framework.
810
811 20110217:
812 Perl 5.10.1 imported
813
814 20110216:
815 Introduce igb(4) and split Intel Gigabit Ethernet adapters between
816 igb(4) and em(4). Newer devices use igb(4). The code has moved
817 to sys/dev/e1000 for both devices in the kernel. igb(4) has
818 been placed in GENERIC on i386 and amd64.
819
820 Update bfe(4) to support newer devices and WOL.
821
822 20110215:
823 age(4) added.
824
825 20110208:
826 BIND 9.6.3 which fixes a bug with DNSSEC records getting added.
827
828 20110206:
829 eeemon(4) added to monitor Asus Eee PC.
830
831 20110205:
832 OpenSSH 5.7p1
833
834 GNU sort 6.9 (coreutils)
835
836 20110203:
837 one true awk 20100523 imported
838
839 sqlite 3.7.5
840
841 OpenSSL 0.9.8q
842
843 20110202:
844 tcsh 6.17.00
845
846 file 5.05
847
848 20110122:
849 Import it(4) and lm(4), with support for Super I/O hardware monitors. This
850 uses the sensors framework ported by Constantine A. Murenin (GSOC2007)
851
852 20110120:
853 BIND 9.6.2-P3
854
855 sudo 1.7.4-p6
856
857 20110115:
858 Add experimental jme(4) for Jmicron ethernet devices.
859
860 20101130:
861 A double free exists in the SSL client ECDH handling code, when
862 processing specially crafted public keys with invalid prime
863 numbers. [CVE-2010-2939]
864
865 20101120:
866 Several portions of the kernel and userland code related to UFS file
867 systems (and UFS2) cannot properly handle inode counts above 2^31 due
868 to use of int types. Based on a patch from FreeBSD, I've modified
869 our UFS2 implementation to handle unsigned values for inode counts
870 which should allow for file systems greater than 16TB.
871
872 newfs and growfs was also modified.
873
874 20101110:
875 Fix a security issue with pseudofs which could result in running code in kernel
876 context or a kernel panic depending on system configuration. This affects file
877 systems such as procfs for instance.
878
879 20101021:
880 sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily.
881 This is similar to functions present in many linux distros. The utility was
882 written by Devin Teske for FreeBSD.
883
884 20100920:
885 bzip2 security patch for integer overflow.
886
887 20100905:
888 MidnightBSD RELENG_0_3 branch created. Aggressive development continues here
889 for 0.4.
890
891 20100902:
892 Fix a security issue with libutil that allows users to bypass cpu limits in
893 login.conf in some cases. This combined with OpenSSH for example can allow
894 the user to get more resources than they're allowed.
895
896 20100822:
897 Import Apple's mDNSResponder (mdnsd).
898
899 20100814:
900 libdispatch added to MidnightBSD. This provides functionality found in
901 Mac OS X's GCD. We do not have blocks support yet. As this code is
902 licensed under Apache 2, we create a new MK_APACHE option so that
903 it's not required for all users to run code under a license they
904 may not like.
905
906 20100713:
907 mbuf readonly fix related to sendfile(2) data corruption.
908
909 20100704:
910 brainfuck(1) imported from MirBSD.
911
912 20100505:
913 zlib 1.2.5
914
915 20100430:
916 Sudo 1.7.2p6 imported
917
918 20100321:
919 Update zlib to 1.2.4
920
921 20100319:
922 Removed i586 from default i386 generic kernel.
923
924 20100317:
925 Update to tzdata2010e (time zones). This includes changes in
926 Mexico.
927
928 Add support for several newer sound cards via hda including
929 ATI and Realtek chipsets.
930
931 20100313:
932 CPU detection has been changed. VIA Padlock detection added.
933
934 20100312:
935 Fix a number of bugs and compiler warnings in libmport. Handle
936 plus signs in paths for mport.check-fake
937
938 20100311:
939 mksh R39c
940
941 20100309:
942 Sudo 1.7.2p5
943
944 sqlite3 3.6.23
945
946 mksh R39b
947
948 libffi (ffi) 3.0.9
949
950 20100206:
951 WITHOUT_LIB32 is no longer needed on AMD64. GCC was fixed to
952 properly pass arguments to ld.
953
954 re(4) and rl(4) have been updated to support several new
955 realtek chipsets. Performance has been improved on re(4).
956
957 20100204:
958 Fix a bug cropping up on AMD64 MidnightBSD with sftp
959 segfaulting.
960
961 20100116:
962 Import ash changes from FreeBSD (bin/sh) 8-Stable.
963
964 BIND 9.6.1-P2
965
966 20100110:
967 Import Sendmail 8.14.4. Fix for SSL vulnerability.
968
969 posix_spawn(3) added to MidnightBSD libc. Users may need to build and
970 install libc before doing a full buildworld when upating from 0.2 or
971 older current systems.
972
973 kqueue(2) was modified to support portions of libdispatch functionality.
974
975 20100106:
976 Bind security update. Fix a bug with DNSSEC that causes negative
977 cache entries and thus a possible DNS cache poisoning attack.
978
979 Fix a bug in ZFS that can reset permissions on system crashes.
980
981 20091228:
982 amdtemp(4) was added. It allows one to monitor to the temperature
983 of an AMD CPU such as a Phenom.
984
985 20091205:
986 OpenSSL security fix
987
988 The SSL version 3 and TLS protocols support session renegotiation without
989 cryptographically tying the new session parameters to the old parameters.
990
991 20091128:
992 OpenBSD sensors framework imported including sensorsd(8)
993
994 20091126:
995 OpenNTPD 4.4 import
996
997 Update OpenSSH to 5.3p1
998
999 mksh R39
1000
1001 20091124:
1002 cpdup updated from DragonFly to 1.15
1003
1004 tzdata2009s updated with latest timezone data for November 2009.
1005
1006 20091010:
1007 amd64 users should use WITHOUT_LIB32=yes in /etc/make.conf for now
1008 to test current.
1009
1010 Revert unicode filename fixes from ntfs code. This was causing chaos
1011 on amd64 systems.
1012
1013 20091006:
1014 Update timezone data with tzdata2009n with the Pakistan and
1015 Argentina changes.
1016
1017 Sync several userland utilities with versions from FreeBSD 7.0 in
1018 sbin and usr.sbin.
1019
1020 20090919:
1021 Update timezone data with tzdate2009m from September 2009.
1022
1023 20090729:
1024 Patch for Bind 9 security vulnerability. a dynmaic update packet
1025 can trigger an assertion and cause named to exit
1026
1027 20090606:
1028 Remove PCC from the base system. This compiler will not work
1029 as a system compiler for us as we've got some userland investment
1030 in C++ code and may have Objective-C in the future. We're stuck
1031 with a solution that supports these three languages at a minimum.
1032
1033 I had wanted to keep it as an optional compiler because it is
1034 fast, however too many users want to try to use it for the base
1035 system which makes no sense.
1036
1037 A hack was added for Cypress based usb hard drive enclosures to
1038 the kernel. This should cut down on commands it claims to support
1039 but does not (at the cam layer). Found while testing ZFS on
1040 an external device.
1041
1042 20090520:
1043 The powerd daemon no longer starts automatically to improve
1044 compatibility with many systems. However, there is a new
1045 installer option in the startup section to enable it. This
1046 makes it easier to enable for users that have working systems. I thought it was only a problem on older hardware, but it freaks
1047 out my new Phenom too.
1048
1049 20090502:
1050 OpenSSH 5.2p1 import
1051
1052 ale(4) connected to the build. (kernel module only)
1053
1054 20090501:
1055 Imported makefs utility from NetBSD/FreeBSD
1056
1057 20090422:
1058 OpenSSL security update
1059
1060 The function ASN1_STRING_print_ex does not properly validate the lengths
1061 of BMPString or UniversalString objects before attempting to print them.
1062
1063 20090415:
1064 Created a Symbol.map for libc/ohash symbols
1065
1066 Updated several usr/bin usr/sbin utilities.
1067
1068 Corrected a bug with Makefile.inc1 causing the bootstrap
1069 tools to fail.
1070
1071 20090405:
1072 xorg 7.4 wants to configure its input devices via hald which does not
1073 yet work with USB. If the keyboard/mouse does not work in xorg then
1074 add
1075 Option "AllowEmptyInput" "off"
1076 to your ServerLayout section. This will cause X to use the configured
1077 kbd and mouse sections from your xorg.conf
1078
1079 20090403:
1080 mksh was disconnected a few day ago do to bugs with
1081 buildworld and mports. Now, connect it back
1082 for use as /bin/sh with a conditional called
1083 MK_ASH. By default, ash is the standard /bin/sh
1084 but we may change this later. This will allow further
1085 testing by users and developers of mksh without
1086 causing an unpleasant default experience. In the
1087 long run, we need to fix mksh compatibility.
1088
1089 20090328:
1090 Bring in mksh R37 from CVS. The dot.mkshrc files for root
1091 and skel were changed. mksh(1) now replaces ash aka sh(1)
1092 as the default /bin/sh. Please report bugs with
1093 ports, etc. The ash code will remain in the repo for awhile
1094 as I decide if we'll add something like MK_SHELL_ASH as
1095 an optional build parameter.
1096
1097 ahd was disconnected from the lint environment until
1098 the compiler bug is sorted (by updating gcc?)
1099
1100 Remove freebsd-tips from fortune files and change the
1101 default for login and profile.
1102
1103 20090327:
1104 Update libarchive to 2.5.5, tar, and add bsdcpio.
1105
1106 Also previously, ctriv has been connecting Perl 5.10
1107 to the build (part of os). This will have an impact
1108 on mports.
1109
1110 20090325:
1111 Update Bind to 9.4.3-P1
1112
1113 Update mksh to R36b
1114
1115 Update tcpdump to 3.9.8, fix libpcap to work with current.
1116
1117 Update pnpinfo, sync with FreeBSD.
1118
1119 20090115:
1120 Fix a problem with DNSSEC and BIND.
1121
1122 20090110:
1123 For applications using OpenSSL for SSL connections, an invalid SSL
1124 certificate may be interpreted as valid. This could for example be
1125 used by an attacker to perform a man-in-the-middle attack.
1126
1127 Other applications which use the OpenSSL EVP API may similarly be
1128 affected.
1129
1130 Stop cross site request forgery attacks in lukemftpd
1131
1132 20090104:
1133 Import GNU libreadline 5.2
1134
1135 20090101:
1136 Update time zone data to 2008i.
1137
1138 20081231:
1139 Correct a problem where bluetooth and netgraph sockets are not
1140 properly initialized.
1141
1142 Happy 2009.
1143
1144 20081206:
1145 Due to the massive change in the underlying system under way,
1146 we're naming the next release 1.0. The sys/sys/param.h was
1147 changed accordingly. ipfilter and ncurses were corrected
1148 using __MidnightBSD__ tests in the code.
1149
1150 The GENERIC kernel config was caught up on i386 today. Consider
1151 i386 still broken, but amd64 is running again.
1152
1153 mdoc.local was updated with the new MidnightBSD version info.
1154
1155 batt(1) was rewritten in C. It now supports several flags and
1156 runs about 8 times faster on my laptop. The default output
1157 shows the number of minutes of battery life remaining and the
1158 percentage. You can use -u to display the number of batteries or
1159 -c to get script friendly output. Consult the man page for more.
1160
1161 20081204:
1162 Work has completed on importing ZFS, jemalloc, several
1163 new devices, SCTP, updated pf, a new tempfs, linuxolator 2.6 kernel
1164 support, improved locking for file desc., audit (openbsm),
1165 openssl .98e, nfe, imporved intel high def audio, midi, updated
1166 intel gigabit (em), support for several wifi cards (intel), ...
1167
1168 Renamed 0.3-CURRENT officially. Switched to using MidnightBSD version
1169 data from param.h instead of the FreeBSD version. This means
1170 testing is now possible in the ports tree for the version
1171 and that any ports or code relying on the FreeBSD version from
1172 sys/sys/param.h will need to be fixed.
1173
1174 20080905:
1175 update nve(4) to support new hardware.
1176
1177 20080801:
1178 Import OpenBSM 1.0
1179
1180 Modify src/release to create 3 isos instead of 2 for packages.
1181
1182 etc/rc.d/firstboot now enables kdm, gnustep + slim and bsdstats.
1183
1184 Many ia64, alpha, powerpc items were removed.
1185
1186 The recent diffutils 2.8.7 import was fixed.
1187
1188 20080703:
1189 pcc was not installed properly when setting DESTDIR for live cds,
1190 or posibly jails.
1191
1192 20080627:
1193 Add firmware(9), WEP, CCMP, TKIP to GENERIC.
1194
1195 Add glabel to GENERIC.
1196
1197 Intel ICH8 mobile chipset used on some iMacs included with ata.
1198
1199 pcc connected to the build on i386. (alternative compiler)
1200
1201 ath added to GENERIC. (Atheros wireless NICs) on amd64/i386
1202
1203 20080528:
1204 Sendmail 8.14.3
1205
1206 20080516:
1207 ssh-vulnkey allows you to look for vulnerable ssh keys that
1208 were generated on Debian and Ubuntu hosts over the last
1209 few years. sshd can block offending keys with a configuration
1210 option.
1211
1212 The elf note on binaries is now set to MidnightBSD.
1213
1214 20080514:
1215 Fixed a number of problems with pcc. It is not yet connected
1216 to the build, but usable on i386 hosts. You may use it
1217 by make; make install in /usr/src/usr.bin/pcc. It will
1218 install in /usr/local as some of the files conflict with
1219 GCC versions. __MidnightBSD__ is defined in PCC as well.
1220
1221 System headers were fixed to allow pcc to compile many binaries
1222 on MidnightBSD. bin/cp will work now for instance.
1223
1224 20080430:
1225 __MidnightBSD__ is now defined via gcc. This can be tested
1226 to determine we're running on MidnightBSD in the preprocessor.
1227
1228 20080429:
1229 Import bind 9.4.2 with threading
1230
1231 libpthread (KSE) and libthr are built earlier
1232
1233 pcvt(4) removed!
1234
1235 Alias added for core2 cpus.
1236
1237 Alpha and PC98 only utilities removed from usr/sbin
1238
1239 syslogd, adduser, rmuser, mergemaster and mailwrapper have been
1240 improved. See the man pages for info.
1241
1242 periodic scripts will not send emails with empty message bodies.
1243 See mailwrapper fix.
1244
1245 20080410:
1246 Sync cpdup with DragonFly. Add parallel transaction support and
1247 -l flag to line-buffer stdout and stderr.
1248
1249 20080406:
1250 Import bzip2 1.05
1251 Import OpenSSH 4.9p1
1252
1253 20080322:
1254 The default umask was changed to 022.
1255
1256 /usr/X11R6 paths were removed from several config files.
1257
1258 .mkshrc files are now installed for root.
1259
1260 20080316:
1261 FIx a problem with gif0 tunnels and neighbors with IPV6.
1262
1263 20080312:
1264 Add lndir from X.org. This aides in the porting of MirPorts.
1265
1266 New OS versions were added to the mapage code (groff)
1267
1268 20080310:
1269 Correct a buffer overflow in ppp.
1270
1271 20080308:
1272 Remove /usr/X11R6 from manpath config.
1273
1274 20080307:
1275 Atheros driver no longer has several options set
1276 which corrects building in tinderbox on all three platforms.
1277
1278 Added a new macro to sx.h which returns true if the current
1279 thread holds an exclusive lock on a specifix sx.
1280
1281 Removed OS/2's HPFS file system. It's not maintained and
1282 I don't know anyone using OS/2 or ecomstation these days.
1283 My copy is in the closet collecting dust.
1284
1285 20080306:
1286 Synced tinderbox with FreeBSD. Modified it for MidnightBSD.
1287 Developers can now use it to check src builds.
1288
1289 20080303:
1290 Add mksh to /etc/shells, made some adjustments to options
1291 for mksh builds per suggestion upstream.
1292
1293 USB HID table updated with modern hardware list.
1294
1295 Updated BSD family true (we're not in there yet)
1296
1297 iso3166 file updated and import of tzdata2007k for
1298 new time zones.
1299
1300 Updated mksh to latest version R33.
1301
1302 20080228:
1303 Remplaced the random IP id generation code with a new
1304 version by Amit Klein.
1305
1306 20080221:
1307 Sendfile write only permissions fix.
1308
1309 Removed some HPFS and PC98 code.
1310
1311 iso639 file sycned with DragonFly.
1312
1313 20080128:
1314 Changed NTP configuration so that ips aren't cached
1315 so multiple servers are used.
1316
1317 Fix an issue with fork() in libpthread.
1318
1319 20080121:
1320 Add virtualization detection to set the HZ rate
1321 according to a VM present. VMWare and Parallels
1322 should work better like this.
1323
1324 Change to full x11 install in sysinstall. Add
1325 xorg 7 support.
1326
1327 20080115:
1328 Fix the handling of PTY's. CVE-2008-0216
1329
1330 20080105:
1331 mport delete code added, USE_MPORT_TOOLS knob aded.
1332
1333 20080101:
1334 Happy New Year
1335
1336 20071123:
1337 Update sendmail to 8.14.2
1338
1339 20071120:
1340 Update system compiler to gcc 3.4.6.
1341
1342 20071023:
1343 Updated mksh to R31d.
1344
1345 20070911:
1346 Updated mksh to version R31b.
1347
1348 Fixed stderr output in libpthread. Previously it was
1349 written to stdout.
1350
1351 20070831:
1352 Added dot.mkshrc file to support the recent change to
1353 mksh from OpenBSD's ksh derived from pdksh.
1354
1355 Added new firewall configuration. ipfw is enabled by default
1356 with a "desktop" configuration. Consult /etc/rc.firewall
1357 or ipfw show to see the ruleset used. You can disable
1358 ipfw by setting firewall_enable="NO" in /etc/rc.conf This
1359 change only effects IPv4. IPv6 does not have a firewall
1360 enabled by default.
1361
1362 20070814:
1363 Removed GNU tar source. We've been using BSD tar
1364 for awhile.
1365
1366 20070806:
1367 Finished removing umapfs and autofs from the tree.
1368
1369 20070804:
1370 BIND and Tcpdump have been patched for recent vulnerabilities.
1371
1372 We switched to BSD cpio (pax).
1373
1374 20070719:
1375 Imported cpdup from DragonFly as /bin/cpdup
1376
1377 20070716:
1378 Update GNU cpio to 2.8.
1379
1380 20070410:
1381 cvs was updated to 1.12.13. cvsbug was removed.
1382 cvs now behaves similarly to DragonFly's cvs with
1383 most of their local changes.
1384
1385 20070409:
1386 RELENG_0_1 was created. More aggresive changes will
1387 continue here.
1388
1389 20070406:
1390 Back out propolice. propolice caused several problems
1391 with our threading libraries libthr and libpthread.
1392 curthread was often NULL after the patch and many
1393 multithreaded applications would crash. We plan to
1394 work on either bringing in gcc 4.1 or developing a new
1395 patch which also corrects our threading issues later.
1396
1397 It is more important to have a stable system for our
1398 mport work and other projects at this time.
1399
1400 This is not a clean removal. It is recommended that you
1401 have a recently SNAP CD handy. You can either reinstall
1402 or perform a make buildworld and make buildkernel and
1403 make installkernel. Reboot on the cd and copy the contents
1404 of /bin, /sbin, /lib, /libexec, and /usr/bin, /usr/sbin,
1405 /usr/lib, and /usr/libexec to the respective directories on
1406 your disk. Then you should be able to boot into single user
1407 mode and run make installworld. You will need to run
1408 chflags noschg on some of the files if you can't overwrite
1409 them.
1410
1411 You will get __guard missing errors since we had to remove
1412 this from libc.
1413
1414 You will need to rebuild any ports built while propolice was
1415 installed.
1416
1417 20070401:
1418 Importing propolice into MidnightBSD. Propolice is going to
1419 provide us with much greater security and stability in the
1420 long run. If upgrading from a pre-propolice system, please
1421 follow the these instructions:
1422
1423 cd /usr/src/lib/libc && make obj && make && make install
1424 cd /usr/src/gnu/usr.bin/cc && make obj && make && make install
1425 cd /usr/src/lib/libpthread && make obj && make && make install
1426 cd /usr/src/lib/libthr && make obj && make && make install
1427 buildworld and kernel
1428
1429 It is adviced that any mports which were installed and/or built
1430 prior to the propolice update also be updated. If any errors
1431 or issue are encounted, please contact security@midnightbsd.org
1432 and we will be sure to investigate and come up with an expeditious
1433 fix.
1434
1435 20070314:
1436 Remove send-pr from src.
1437
1438 Switch to NetBSD's gzip.
1439
1440 Bump MBSD minor revision.
1441
1442 20070313:
1443 Imported OpenSSH 4.6p1.
1444
1445 Imported FreeBSD's libarchive and updated tar to work with it.
1446
1447 Disabled debug statements cluttering up /var/log/messages for
1448 the tcp autobuf patch applied previously.
1449
1450 20070312:
1451 Synced several audio changes from FreeBSD 6.1. Removed the
1452 BSD Daemon files from src/share.
1453
1454 20070308:
1455 Added mfi which supports LSI Logic MegaRAID SAS devices including
1456 the Dell perc5i.
1457
1458 20070206:
1459 Imported OpenBSD's sudo into source. Please install
1460 /usr/src/usr.bin/sudo/lib first before building.
1461
1462 Those who install from a snapshot after this date
1463 will not be effected.
1464
1465 20070119:
1466 Added audit group. Be sure to add audit to your /etc/group file
1467 before installing world.
1468
1469 hostapd was updated to 0.4.8.
1470
1471 An accidental commit in usr.sbin/bluetooth/hccontrol was fixed to
1472 unbreak world.
1473
1474 wpa_supplicant was updated.
1475
1476 For stability and compatibility reasons, it was decided that MidnightBSD
1477 sync with FreeBSD 6.1 Release. Nearly every change between the original
1478 fork date of February 24, 2006 and the release of FreeBSD 6.1 in May
1479 2006 will be merged. Beyond this, MidnightBSD will be a "real" fork and
1480 will not sync every little change with FreeBSD.
1481
1482 20061231:
1483 Updated COPYRIGHT for 2007.
1484
1485 Updated and bumped libutil after importing NetBSD efun(3) functions.
1486
1487 Added MidnightBSD_version and bumped the FreeBSD version as we've
1488 synced all commits between the fork and that version. It is now safe
1489 to assume MidnightBSD is compatible with FreeBSD RELENG_6 from
1490 Feb 26, 2006.
1491
1492 Added spell(1) and deroff(1) from NetBSD. Also added additional
1493 dict files to work with it. /usr/share/dict/american,
1494 /usr/share/dict/british and /usr/share/dict/special/math
1495
1496 Numerous man page and bug fixes.
1497
1498 20061226:
1499 Setup /usr/share/examples/cvsup SUPfiles for the new
1500 MidnightBSD CVSup server.
1501
1502 Fix a bug in burncd where it would continue forever while
1503 erasing CDRW media.
1504
1505 Add csup to /usr/bin. csup is a CVSup replacement written
1506 in C.
1507
1508 Fixed a bug with bsnmpd build from Oct 30.
1509
1510 Corrected some race conditions and fixed a few bugs in
1511 geom. Imported changes from FreeBSD RELENG_6.
1512
1513 20061225:
1514 Fixed a typo in src/lib/libc/sparc64/fpu/fpu_implode.c
1515 that caused long double to long and long long
1516 conversion of negative numbers to always result in -1.
1517
1518 20061221:
1519 Fixed acpi_battery.c to not report an ERROR if no
1520 batteries are present.
1521
1522 Performed some minor updates on the RL and RE NIC drivers.
1523 RL should no longer panic when trying to print errors.
1524
1525 Corrected a bug with TTY.
1526
1527 20061218:
1528 Corrected a bug with libpthread where newly created suspended
1529 threads don't get scheduled.
1530
1531 20061206:
1532 Fixed a typo with the firewire security patch.
1533
1534 20061129:
1535 Minor cleanups to utilities in bin.
1536
1537 Fixed msdos file system short file name behavior to match
1538 FreeBSD.
1539
1540 20061031:
1541 Updated man pages in section 7.
1542
1543 20061030:
1544 Updated sys/dev/drm to support intel 915 and radeon
1545 r300 cards properly.
1546
1547 Synced snmpd with FreeBSD-stable.
1548
1549 Fixed a bug in rm which could cause data loss.
1550
1551 20061027:
1552 Added Intel ICH8 and nForce 5 support to ATA. cam, mpt,
1553 random, kbdmux, atkbd, and usb were updated. Changes
1554 to clearing registers on SSE enabled processors (i386)
1555 commited.
1556
1557 lukemftpd updated.
1558
1559 openssh rc script was altered which effects initial
1560 seeding.
1561
1562 20061014:
1563 Workaround for em driver problem on shared IRQ.
1564
1565 Started removal of alpha support.
1566
1567 20061013:
1568 ATA driver was updated. USB/USB1/USB2 types added.
1569
1570 20061010:
1571 OpenSSH was updated to 4.4p1.
1572
1573 20060909:
1574 OpenNTPD was added to MidnightBSD. Run make delete-old to remove
1575 the old ntpd daemon.
1576
1577 cat has a new option -D which allows you to timestamp output
1578 on a per line basis.
1579
1580 The kernel has a keyboard mux which allows you to have multiple
1581 keyboard connected simultaneously. USB keyboard support was also
1582 improved with this patch.
1583
1584 The Intel em driver was updated. Network performance was greatly
1585 increased on many systems. Additional models are supported.
1586
1587 The ATA driver was patched to fix a potential deadlock.
1588
1589 Bind was patched to fix a potential denial of service condition.
1590
1591 20060817:
1592 ksh has been added to the base system. If you previously had
1593 the port installed, it will be overwritten on the next buildworld.
1594
1595
1596
1597 To build a kernel
1598 -----------------
1599 If you are updating from a prior version of MidnightBSD (even one just
1600 a few days old), you should follow this procedure. With a
1601 /usr/obj tree with a fresh buildworld,
1602 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1603 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1604
1605 To test a kernel once
1606 ---------------------
1607 If you just want to boot a kernel once (because you are not sure
1608 if it works, or if you want to boot a known bad kernel to provide
1609 debugging information) run
1610 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1611 nextboot -k testkernel
1612
1613 To just build a kernel when you know that it won't mess you up
1614 --------------------------------------------------------------
1615 This assumes you are already running a 6.X system. Replace
1616 ${arch} with the architecture of your machine (e.g. "i386",
1617 "amd64", "ia64", "pc98", "sparc64", etc).
1618
1619 cd src/sys/${arch}/conf
1620 config KERNEL_NAME_HERE
1621 cd ../compile/KERNEL_NAME_HERE
1622 make depend
1623 make
1624 make install
1625
1626 If this fails, go to the "To build a kernel" section.
1627
1628 To rebuild everything and install it on the current system.
1629 -----------------------------------------------------------
1630 # Note: sometimes if you are running current you gotta do more than
1631 # is listed here if you are upgrading from a really old current.
1632
1633 <make sure you have good level 0 dumps>
1634 make buildworld
1635 make kernel KERNCONF=YOUR_KERNEL_HERE
1636 [1]
1637 <reboot in single user> [3]
1638 mergemaster -p [5]
1639 make installworld
1640 make delete-old
1641 mergemaster [4]
1642 <reboot>
1643
1644
1645 To cross-install current onto a separate partition
1646 --------------------------------------------------
1647 # In this approach we use a separate partition to hold
1648 # current's root, 'usr', and 'var' directories. A partition
1649 # holding "/", "/usr" and "/var" should be about 2GB in
1650 # size.
1651
1652 <make sure you have good level 0 dumps>
1653 <boot into -stable>
1654 make buildworld
1655 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1656 <maybe newfs current's root partition>
1657 <mount current's root partition on directory ${CURRENT_ROOT}>
1658 make installworld DESTDIR=${CURRENT_ROOT}
1659 cd src/etc; make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1660 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1661 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1662 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1663 <reboot into current>
1664 <do a "native" rebuild/install as described in the previous section>
1665 <maybe install compatibility libraries from src/lib/compat>
1666 <reboot>
1667
1668
1669 To upgrade in-place from 5.x-stable or higher to 6.x-stable
1670 -----------------------------------------------------------
1671 <make sure you have good level 0 dumps>
1672 make buildworld [9]
1673 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1674 [1]
1675 <reboot in single user> [3]
1676 mergemaster -p [5]
1677 make installworld
1678 make delete-old
1679 mergemaster -i [4]
1680 <reboot>
1681
1682 Make sure that you've read the UPDATING file to understand the
1683 tweaks to various things you need. At this point in the life
1684 cycle of current, things change often and you are on your own
1685 to cope. The defaults can also change, so please read ALL of
1686 the UPDATING entries.
1687
1688 Also, if you are tracking -current, you must be subscribed to
1689 freebsd-current@freebsd.org. Make sure that before you update
1690 your sources that you have read and understood all the recent
1691 messages there. If in doubt, please track -stable which has
1692 much fewer pitfalls.
1693
1694 [1] If you have third party modules, such as vmware, you
1695 should disable them at this point so they don't crash your
1696 system on reboot.
1697
1698 [3] From the bootblocks, boot -s, and then do
1699 fsck -p
1700 mount -u /
1701 mount -a
1702 cd src
1703 adjkerntz -i # if CMOS is wall time
1704 Also, when doing a major release upgrade, it is required that
1705 you boot into single user mode to do the installworld.
1706
1707 [4] Note: This step is non-optional. Failure to do this step
1708 can result in a significant reduction in the functionality of the
1709 system. Attempting to do it by hand is not recommended and those
1710 that pursue this avenue should read this file carefully, as well
1711 as the archives of freebsd-current and freebsd-hackers mailing lists
1712 for potential gotchas.
1713
1714 [5] Usually this step is a noop. However, from time to time
1715 you may need to do this if you get unknown user in the following
1716 step. It never hurts to do it all the time.
1717
1718 [8] In order to have a kernel that can run the 5.x binaries
1719 needed to do an installworld, you must include the COMPAT_FREEBSD5
1720 option in your kernel. Failure to do so may leave you with a system
1721 that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5
1722 is required to run the 5.x binaries on more recent kernels.
1723
1724 Make sure that you merge any new devices from GENERIC since the
1725 last time you updated your kernel config file.
1726
1727 [9] When checking out sources, you must include the -P flag to have
1728 cvs prune empty directories.
1729
1730 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1731 "?=" instead of the "=" assignment operator, so that buildworld can
1732 override the CPUTYPE if it needs to.
1733
1734 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1735 not on the command line, or in /etc/make.conf. buildworld will
1736 warn if it is improperly defined.
1737
1738 Copyright information:
1739
1740 Copyright 1998-2005 M. Warner Losh. All Rights Reserved.
1741
1742 Redistribution, publication, translation and use, with or without
1743 modification, in full or in part, in any form or format of this
1744 document are permitted without further permission from the author.
1745
1746 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1747 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1748 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1749 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1750 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1751 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1752 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1753 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1754 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1755 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1756 POSSIBILITY OF SUCH DAMAGE.
1757
1758 If you find this document useful, and you want to, you may buy the
1759 author a beer.
1760
1761 Contact Warner Losh if you have any questions about your use of
1762 this document.
1763
1764 $FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
1765 $MidnightBSD$

Properties

Name Value
svn:keywords MidnightBSD=%H