ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/src/trunk/UPDATING
(Generate patch)

Comparing trunk/UPDATING (file contents):
Revision 6652 by laffer1, Wed Apr 30 12:20:44 2014 UTC vs.
Revision 7255 by laffer1, Sat Aug 15 13:30:00 2015 UTC

# Line 1 | Line 1
1   Updating Information for MidnightBSD users.
2  
3 + 20160815:
4 +        libc changes:
5 +        setmode(3) now returns errno consistently on error.
6 +        libc will compile without error using clang
7 +
8 + 20160814:
9 +        wait6 system call added.
10 +
11 +        date(1) now handles non numeric numbers passed to -r
12 +        like GNU coreutils for improved compatibility.
13 +
14 + 20160811:
15 +        ata(4) AMD Hudson2 SATA controller support.
16 +        Intel lynxpoint SATA.
17 +
18 +        Fix some const warnings when building several device drivers
19 +        with llvm/clang.
20 +
21 +        Sync cas(4) with FreeBSD 9-stable.
22 +
23 +        Fix some minor issues with ath(4).
24 +
25 + 20160809:
26 +        xz 5.0.8
27 +
28 + 20160808:
29 +        libmport now logs installation and removal of packages to syslog.
30 +
31 + 20160805:
32 +        routed - fix a potential security issue where traffic from outside
33 +        the network can disrupt routing.
34 +
35 +        bsd patch - fix a bug with ed(1) scripts allowing unsanitized input
36 +        to run.
37 +
38 + 20160802:
39 +        jansson 2.7 library added. (libjansson is a JSON library in C)
40 +
41 + 20160728:
42 +        Heimdal 1.5.2 (kerberos implementation)
43 +
44 +        OpenSSL 1.0.1o
45 +
46 +        cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2.
47 +
48 +        TCP Resassemly resource exhaustion bug:
49 +        There is a mistake with the introduction of VNET, which converted the
50 +        global limit on the number of segments that could belong to reassembly
51 +        queues into a per-VNET limit.  Because mbufs are allocated from a
52 +        global pool, in the presence of a sufficient number of VNETs, the
53 +        total number of mbufs attached to reassembly queues can grow to the
54 +        total number of mbufs in the system, at which point all network
55 +        traffic would cease.
56 +        Obtained from: FreeBSD 8
57 +
58 +        OpenSSH
59 +
60 +        Fix two security vulnerabilities:
61 +        OpenSSH clients does not correctly verify DNS SSHFP records when a server
62 +        offers a certificate. [CVE-2014-2653]
63 +
64 +        OpenSSH servers which are configured to allow password authentication
65 +        using PAM (default) would allow many password attempts. A bug allows
66 +        MaxAuthTries to be bypassed. [CVE-2015-5600]
67 +
68 +
69 +        Switch to bsdpatch (from FreeBSD & OpenBSD)
70 +
71 + 20160726:
72 +        BSD Sort updated
73 +
74 +        sqlite 3.8.10.2
75 +
76 + 20160725:
77 +        Import reallocarray from OpenBSD's libc.  
78 +
79 +        The reallocarray() function is similar to realloc() except it operates on
80 +        nmemb members of size size and checks for integer overflow in the
81 +        calculation nmemb * size.
82 +
83 + 20150722:
84 +        Fix a bug where TCP connections transitioning to LAST_ACK
85 +        state can get stuck. This can result in a denial of service.
86 +
87 + 20150715:
88 +        libmport now supports @shell and @sample in plists. This means that
89 +        a shell port can automatically add an entry to /etc/shells and remove
90 +        it upon uninstallation. For sample files, a copy is made without the
91 +        .sample extension if one does not exist and it is removed automatically
92 +        only if the md5 hash of the two files is the same.
93 +
94 + 20150709:
95 +        flex 2.5.39
96 +
97 + 20150702:
98 +        ZFS in MidnightBSD now supports lz4 compression. You can enable it
99 +        with zfs set compression=lz4 pool/path.
100 +
101 +        Verify it's working with
102 +        zfs get compressratio pool/path
103 +        du -h -s *
104 +
105 +        Note you must write new data when turning on compression to see
106 +        changes. Existing files are not compressed.
107 +
108 +        Note: While we used the same basic implementation of lz4 that
109 +        FreeBSD and OpenZFS uses, we did not yet implement features support
110 +        and the zfs version still reports 28. This may come in a future update
111 +        to ZFS.
112 +
113 + 20150621:
114 +        libmport now automatically stops services when deleting packages.
115 +
116 +        The package must have installed an rc.d script in /usr/local/etc
117 +        for this to work. This is equivalent to running service <name> onestop
118 +
119 + 20150618:
120 +        Sendmail
121 +
122 +        With the recent changes to OpenSSL to block 512 bit certificates,
123 +        sendmail can't connect with TLS to some servers.
124 +
125 +        Increase the default size to 1024 bit for client connections to
126 +        match the server configuration.
127 +
128 +        ZFS
129 +
130 +        Added ZFS TRIM support which is enabled by default. To disable
131 +        ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf.
132 +
133 +        Creating new ZFS pools and adding new devices to existing pools
134 +        first performs a full device level TRIM which can take a significant
135 +        amount of time. The sysctl vfs.zfs.vdev.trim_on_init can be set to 0
136 +        to disable this behaviour.
137 +
138 +        ZFS TRIM requires the underlying device support BIO_DELETE which
139 +        is currently provided by methods such as ATA TRIM and SCSI UNMAP
140 +        via CAM, which are typically supported by SSD's.
141 +
142 +        Stats for ZFS TRIM can be monitored by looking at the sysctl's
143 +        under kstat.zfs.misc.zio_trim.
144 +
145 +        rc.d
146 +
147 +        Reworked handling of cleanvar and FILESYSTEMS so that FILESYSTEMS
148 +        implies everything is mounted and ready to go.
149 +
150 +        Changed how ip6addressctl maps IPv6 on startup.
151 +
152 + 20150613:
153 +        tzdata 2015d
154 +
155 + 20150612:
156 +        OpenSSL 0.9.8zg
157 +
158 + 20150419:
159 +        MidnightBSD 0.6 stable branch created. Continue 0.7
160 +        development.
161 +
162 + 20150418:
163 +        sqlite 3.8.9
164 +
165 + 20150407:
166 +        Fix two security vulnerabilities:
167 +
168 +        The previous fix for IGMP had an overflow issue. This has been corrected.
169 +
170 +        ipv6: The Neighbor Discover Protocol allows a local router to advertise a
171 +        suggested Current Hop Limit value of a link, which will replace
172 +        Current Hop Limit on an interface connected to the link on the MidnightBSD
173 +        system.
174 +
175 + 20150319:
176 +        OpenSSL 0.9.8.zf
177 +
178 +        mksh R50e
179 +
180 +        Apple mDNSResponder 561.1.1
181 +
182 + 20150306:
183 +        Upgrade OpenSSL to 0.9.8ze
184 +
185 + 20150225:
186 +        Fix two security vulnerabilities.
187 +
188 +        1. BIND servers which are configured to perform DNSSEC validation and which
189 +        are using managed keys (which occurs implicitly when using
190 +        "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
191 +        unpredictable behavior due to the use of an improperly initialized
192 +        variable.
193 +
194 +        CVE-2015-1349
195 +
196 +        2. An integer overflow in computing the size of IGMPv3 data buffer can result
197 +        in a buffer which is too small for the requested operation.
198 +
199 +        This can result in a DOS attack.
200 +
201 + 20141211:
202 +        Fix a security issue with file and libmagic that can allow
203 +        an attacker to create a denial of service attack on any
204 +        program that uses libmagic.
205 +
206 + 20141109:
207 +        Fix building perl during buildworld when the GDBM port is installed.
208 +
209 + 20141106:
210 +        tzdata 2014i
211 +
212 + 20141102:
213 +        serf 1.3.8
214 +
215 + 20141031:
216 +        tnftp 20141031 fixes a security vulnerability with tnftp,
217 +        CVE-2014-8517.
218 +
219 + 20141028:
220 +        OpenSSL 0.9.8zc
221 +
222 + 20141021:
223 +        Fix several security vulnerabilities in routed, rtsold,
224 +        and namei with respect to Capsicum sandboxes looking up
225 +        nonexistent path names and leaking memory.
226 +
227 +        The input path in routed(8) will accept queries from any source and
228 +        attempt to answer them.  However, the output path assumes that the
229 +        destination address for the response is on a directly connected
230 +        network.
231 +
232 +        Due to a missing length check in the code that handles DNS parameters,
233 +        a malformed router advertisement message can result in a stack buffer
234 +        overflow in rtsold(8).
235 +
236 + 20141011:
237 +        mksh R50d - fix field splitting regression and null
238 +        pointer dereference
239 +
240 +        xz 5.0.7
241 +
242 +        OpenSSH 6.6p1
243 +
244 + 20141004:
245 +        mksh R50c - security update for environment var bug with
246 +        foo vs foo+    
247 +
248 + 20141002:
249 +        sqlite 3.8.6
250 +
251 +        sudo 1.7.8 - some issues with the current version, but we're slowly
252 +        getting up to date.
253 +
254 + 20141001:
255 +        mksh R50b
256 +
257 +        libmport now supports plist commands @dir, @owner, @group, @mode.
258 +
259 +        sudo 1.7.6p2
260 +
261 + 20140916:
262 +        Fix a security issue with TCP SYN.
263 +
264 +        When a segment with the SYN flag for an already existing connection arrives,
265 +        the TCP stack tears down the connection, bypassing a check that the
266 +        sequence number in the segment is in the expected window.
267 +
268 + 20140909:
269 +        Fixed a bug with our clearenv(3) implementation that caused segfaults
270 +        with some programs including Dovecot.
271 +
272 +        OpenSSL security patch:
273 +
274 +        The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
275 +        to consume large amounts of memory. [CVE-2014-3506]
276 +
277 +        The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
278 +        memory. [CVE-2014-3507]
279 +
280 +        A flaw in OBJ_obj2txt may cause pretty printing functions such as
281 +        X509_name_oneline, X509_name_print_ex et al. to leak some information from
282 +        the stack. [CVE-2014-3508]
283 +
284 +        OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
285 +        a denial of service attack. [CVE-2014-3510]
286 +
287 + 20140902:
288 +        We're now 0.6-CURRENT
289 +
290 +        Update USB quirks to support K70 Corsair keyboard, and several
291 +        other devices.
292 +
293 + 20140827:
294 +        Perl 5.18.2
295 +
296 + 20140728:
297 +        Jails now run shutdown scripts.
298 +
299 + 20140710:
300 +        Fix a vulnerability in the control message API. A buffer is not properly cleared
301 +        before sharing with userland.
302 +
303 + 20140701:
304 +        MKSH R50
305 +
306 + 20140630:
307 +        File 5.19
308 +
309 + 20140605:
310 +        Fix four security issues with OpenSSL
311 +
312 + 20140604:
313 +        Sendmail failed to properly set close-on-exec for open file descriptors.
314 +
315 +        ktrace page fault kernel trace entries were set to an incorrect size which resulted
316 +        in a leak of information.
317 +
318   20140430:
319          Fix a TCP reassembly bug that could result in a DOS attack
320          of the system. It may be possible to obtain portions

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines