1 |
< |
Updating Information for MidnightBSD users |
1 |
> |
Updating Information for MidnightBSD users. |
2 |
|
|
3 |
< |
Items affecting the mports and packages system can be found in |
4 |
< |
/usr/mports/UPDATING. |
3 |
> |
20150825: |
4 |
> |
kernel: |
5 |
> |
fix a security issue on amd64 where the GS segment CPU register can be changed via |
6 |
> |
userland value in kernel mode by using an IRET with #SS or #NP exceptions. |
7 |
|
|
8 |
+ |
openssh: |
9 |
+ |
A programming error in the privileged monitor process of the sshd(8) |
10 |
+ |
service may allow the username of an already-authenticated user to be |
11 |
+ |
overwritten by the unprivileged child process. |
12 |
+ |
|
13 |
+ |
A use-after-free error in the privileged monitor process of he sshd(8) |
14 |
+ |
service may be deterministically triggered by the actions of a |
15 |
+ |
compromised unprivileged child process. |
16 |
+ |
|
17 |
+ |
A use-after-free error in the session multiplexing code in the sshd(8) |
18 |
+ |
service may result in unintended termination of the connection. |
19 |
+ |
|
20 |
+ |
20150818: |
21 |
+ |
expat security fix |
22 |
+ |
|
23 |
+ |
20150815: |
24 |
+ |
libc changes: |
25 |
+ |
setmode(3) now returns errno consistently on error. |
26 |
+ |
libc will compile without error using clang |
27 |
+ |
|
28 |
+ |
20150814: |
29 |
+ |
wait6 system call added. |
30 |
+ |
|
31 |
+ |
date(1) now handles non numeric numbers passed to -r |
32 |
+ |
like GNU coreutils for improved compatibility. |
33 |
+ |
|
34 |
+ |
20150811: |
35 |
+ |
ata(4) AMD Hudson2 SATA controller support. |
36 |
+ |
Intel lynxpoint SATA. |
37 |
+ |
|
38 |
+ |
Fix some const warnings when building several device drivers |
39 |
+ |
with llvm/clang. |
40 |
+ |
|
41 |
+ |
Sync cas(4) with FreeBSD 9-stable. |
42 |
+ |
|
43 |
+ |
Fix some minor issues with ath(4). |
44 |
+ |
|
45 |
+ |
20150809: |
46 |
+ |
xz 5.0.8 |
47 |
+ |
|
48 |
+ |
20150808: |
49 |
+ |
libmport now logs installation and removal of packages to syslog. |
50 |
+ |
|
51 |
+ |
20150805: |
52 |
+ |
routed - fix a potential security issue where traffic from outside |
53 |
+ |
the network can disrupt routing. |
54 |
+ |
|
55 |
+ |
bsd patch - fix a bug with ed(1) scripts allowing unsanitized input |
56 |
+ |
to run. |
57 |
+ |
|
58 |
+ |
20150802: |
59 |
+ |
jansson 2.7 library added. (libjansson is a JSON library in C) |
60 |
+ |
|
61 |
+ |
20150728: |
62 |
+ |
Heimdal 1.5.2 (kerberos implementation) |
63 |
+ |
|
64 |
+ |
OpenSSL 1.0.1o |
65 |
+ |
|
66 |
+ |
cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2. |
67 |
+ |
|
68 |
+ |
TCP Resassemly resource exhaustion bug: |
69 |
+ |
There is a mistake with the introduction of VNET, which converted the |
70 |
+ |
global limit on the number of segments that could belong to reassembly |
71 |
+ |
queues into a per-VNET limit. Because mbufs are allocated from a |
72 |
+ |
global pool, in the presence of a sufficient number of VNETs, the |
73 |
+ |
total number of mbufs attached to reassembly queues can grow to the |
74 |
+ |
total number of mbufs in the system, at which point all network |
75 |
+ |
traffic would cease. |
76 |
+ |
Obtained from: FreeBSD 8 |
77 |
+ |
|
78 |
+ |
OpenSSH |
79 |
+ |
|
80 |
+ |
Fix two security vulnerabilities: |
81 |
+ |
OpenSSH clients does not correctly verify DNS SSHFP records when a server |
82 |
+ |
offers a certificate. [CVE-2014-2653] |
83 |
+ |
|
84 |
+ |
OpenSSH servers which are configured to allow password authentication |
85 |
+ |
using PAM (default) would allow many password attempts. A bug allows |
86 |
+ |
MaxAuthTries to be bypassed. [CVE-2015-5600] |
87 |
+ |
|
88 |
+ |
|
89 |
+ |
Switch to bsdpatch (from FreeBSD & OpenBSD) |
90 |
+ |
|
91 |
+ |
20150726: |
92 |
+ |
BSD Sort updated |
93 |
+ |
|
94 |
+ |
sqlite 3.8.10.2 |
95 |
+ |
|
96 |
+ |
20150725: |
97 |
+ |
Import reallocarray from OpenBSD's libc. |
98 |
+ |
|
99 |
+ |
The reallocarray() function is similar to realloc() except it operates on |
100 |
+ |
nmemb members of size size and checks for integer overflow in the |
101 |
+ |
calculation nmemb * size. |
102 |
+ |
|
103 |
+ |
20150722: |
104 |
+ |
Fix a bug where TCP connections transitioning to LAST_ACK |
105 |
+ |
state can get stuck. This can result in a denial of service. |
106 |
+ |
|
107 |
+ |
20150715: |
108 |
+ |
libmport now supports @shell and @sample in plists. This means that |
109 |
+ |
a shell port can automatically add an entry to /etc/shells and remove |
110 |
+ |
it upon uninstallation. For sample files, a copy is made without the |
111 |
+ |
.sample extension if one does not exist and it is removed automatically |
112 |
+ |
only if the md5 hash of the two files is the same. |
113 |
+ |
|
114 |
+ |
20150709: |
115 |
+ |
flex 2.5.39 |
116 |
+ |
|
117 |
+ |
20150702: |
118 |
+ |
ZFS in MidnightBSD now supports lz4 compression. You can enable it |
119 |
+ |
with zfs set compression=lz4 pool/path. |
120 |
+ |
|
121 |
+ |
Verify it's working with |
122 |
+ |
zfs get compressratio pool/path |
123 |
+ |
du -h -s * |
124 |
+ |
|
125 |
+ |
Note you must write new data when turning on compression to see |
126 |
+ |
changes. Existing files are not compressed. |
127 |
+ |
|
128 |
+ |
Note: While we used the same basic implementation of lz4 that |
129 |
+ |
FreeBSD and OpenZFS uses, we did not yet implement features support |
130 |
+ |
and the zfs version still reports 28. This may come in a future update |
131 |
+ |
to ZFS. |
132 |
+ |
|
133 |
+ |
20150621: |
134 |
+ |
libmport now automatically stops services when deleting packages. |
135 |
+ |
|
136 |
+ |
The package must have installed an rc.d script in /usr/local/etc |
137 |
+ |
for this to work. This is equivalent to running service <name> onestop |
138 |
+ |
|
139 |
+ |
20150618: |
140 |
+ |
Sendmail |
141 |
+ |
|
142 |
+ |
With the recent changes to OpenSSL to block 512 bit certificates, |
143 |
+ |
sendmail can't connect with TLS to some servers. |
144 |
+ |
|
145 |
+ |
Increase the default size to 1024 bit for client connections to |
146 |
+ |
match the server configuration. |
147 |
+ |
|
148 |
+ |
ZFS |
149 |
+ |
|
150 |
+ |
Added ZFS TRIM support which is enabled by default. To disable |
151 |
+ |
ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf. |
152 |
+ |
|
153 |
+ |
Creating new ZFS pools and adding new devices to existing pools |
154 |
+ |
first performs a full device level TRIM which can take a significant |
155 |
+ |
amount of time. The sysctl vfs.zfs.vdev.trim_on_init can be set to 0 |
156 |
+ |
to disable this behaviour. |
157 |
+ |
|
158 |
+ |
ZFS TRIM requires the underlying device support BIO_DELETE which |
159 |
+ |
is currently provided by methods such as ATA TRIM and SCSI UNMAP |
160 |
+ |
via CAM, which are typically supported by SSD's. |
161 |
+ |
|
162 |
+ |
Stats for ZFS TRIM can be monitored by looking at the sysctl's |
163 |
+ |
under kstat.zfs.misc.zio_trim. |
164 |
+ |
|
165 |
+ |
rc.d |
166 |
+ |
|
167 |
+ |
Reworked handling of cleanvar and FILESYSTEMS so that FILESYSTEMS |
168 |
+ |
implies everything is mounted and ready to go. |
169 |
+ |
|
170 |
+ |
Changed how ip6addressctl maps IPv6 on startup. |
171 |
+ |
|
172 |
+ |
20150613: |
173 |
+ |
tzdata 2015d |
174 |
+ |
|
175 |
+ |
20150612: |
176 |
+ |
OpenSSL 0.9.8zg |
177 |
+ |
|
178 |
+ |
20150419: |
179 |
+ |
MidnightBSD 0.6 stable branch created. Continue 0.7 |
180 |
+ |
development. |
181 |
+ |
|
182 |
+ |
20150418: |
183 |
+ |
sqlite 3.8.9 |
184 |
+ |
|
185 |
+ |
20150407: |
186 |
+ |
Fix two security vulnerabilities: |
187 |
+ |
|
188 |
+ |
The previous fix for IGMP had an overflow issue. This has been corrected. |
189 |
+ |
|
190 |
+ |
ipv6: The Neighbor Discover Protocol allows a local router to advertise a |
191 |
+ |
suggested Current Hop Limit value of a link, which will replace |
192 |
+ |
Current Hop Limit on an interface connected to the link on the MidnightBSD |
193 |
+ |
system. |
194 |
+ |
|
195 |
+ |
20150319: |
196 |
+ |
OpenSSL 0.9.8.zf |
197 |
+ |
|
198 |
+ |
mksh R50e |
199 |
+ |
|
200 |
+ |
Apple mDNSResponder 561.1.1 |
201 |
+ |
|
202 |
+ |
20150306: |
203 |
+ |
Upgrade OpenSSL to 0.9.8ze |
204 |
+ |
|
205 |
+ |
20150225: |
206 |
+ |
Fix two security vulnerabilities. |
207 |
+ |
|
208 |
+ |
1. BIND servers which are configured to perform DNSSEC validation and which |
209 |
+ |
are using managed keys (which occurs implicitly when using |
210 |
+ |
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit |
211 |
+ |
unpredictable behavior due to the use of an improperly initialized |
212 |
+ |
variable. |
213 |
+ |
|
214 |
+ |
CVE-2015-1349 |
215 |
+ |
|
216 |
+ |
2. An integer overflow in computing the size of IGMPv3 data buffer can result |
217 |
+ |
in a buffer which is too small for the requested operation. |
218 |
+ |
|
219 |
+ |
This can result in a DOS attack. |
220 |
+ |
|
221 |
+ |
20141211: |
222 |
+ |
Fix a security issue with file and libmagic that can allow |
223 |
+ |
an attacker to create a denial of service attack on any |
224 |
+ |
program that uses libmagic. |
225 |
+ |
|
226 |
+ |
20141109: |
227 |
+ |
Fix building perl during buildworld when the GDBM port is installed. |
228 |
+ |
|
229 |
+ |
20141106: |
230 |
+ |
tzdata 2014i |
231 |
+ |
|
232 |
+ |
20141102: |
233 |
+ |
serf 1.3.8 |
234 |
+ |
|
235 |
+ |
20141031: |
236 |
+ |
tnftp 20141031 fixes a security vulnerability with tnftp, |
237 |
+ |
CVE-2014-8517. |
238 |
+ |
|
239 |
+ |
20141028: |
240 |
+ |
OpenSSL 0.9.8zc |
241 |
+ |
|
242 |
+ |
20141021: |
243 |
+ |
Fix several security vulnerabilities in routed, rtsold, |
244 |
+ |
and namei with respect to Capsicum sandboxes looking up |
245 |
+ |
nonexistent path names and leaking memory. |
246 |
+ |
|
247 |
+ |
The input path in routed(8) will accept queries from any source and |
248 |
+ |
attempt to answer them. However, the output path assumes that the |
249 |
+ |
destination address for the response is on a directly connected |
250 |
+ |
network. |
251 |
+ |
|
252 |
+ |
Due to a missing length check in the code that handles DNS parameters, |
253 |
+ |
a malformed router advertisement message can result in a stack buffer |
254 |
+ |
overflow in rtsold(8). |
255 |
+ |
|
256 |
+ |
20141011: |
257 |
+ |
mksh R50d - fix field splitting regression and null |
258 |
+ |
pointer dereference |
259 |
+ |
|
260 |
+ |
xz 5.0.7 |
261 |
+ |
|
262 |
+ |
OpenSSH 6.6p1 |
263 |
+ |
|
264 |
+ |
20141004: |
265 |
+ |
mksh R50c - security update for environment var bug with |
266 |
+ |
foo vs foo+ |
267 |
+ |
|
268 |
+ |
20141002: |
269 |
+ |
sqlite 3.8.6 |
270 |
+ |
|
271 |
+ |
sudo 1.7.8 - some issues with the current version, but we're slowly |
272 |
+ |
getting up to date. |
273 |
+ |
|
274 |
+ |
20141001: |
275 |
+ |
mksh R50b |
276 |
+ |
|
277 |
+ |
libmport now supports plist commands @dir, @owner, @group, @mode. |
278 |
+ |
|
279 |
+ |
sudo 1.7.6p2 |
280 |
+ |
|
281 |
+ |
20140916: |
282 |
+ |
Fix a security issue with TCP SYN. |
283 |
+ |
|
284 |
+ |
When a segment with the SYN flag for an already existing connection arrives, |
285 |
+ |
the TCP stack tears down the connection, bypassing a check that the |
286 |
+ |
sequence number in the segment is in the expected window. |
287 |
+ |
|
288 |
+ |
20140909: |
289 |
+ |
Fixed a bug with our clearenv(3) implementation that caused segfaults |
290 |
+ |
with some programs including Dovecot. |
291 |
+ |
|
292 |
+ |
OpenSSL security patch: |
293 |
+ |
|
294 |
+ |
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL |
295 |
+ |
to consume large amounts of memory. [CVE-2014-3506] |
296 |
+ |
|
297 |
+ |
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak |
298 |
+ |
memory. [CVE-2014-3507] |
299 |
+ |
|
300 |
+ |
A flaw in OBJ_obj2txt may cause pretty printing functions such as |
301 |
+ |
X509_name_oneline, X509_name_print_ex et al. to leak some information from |
302 |
+ |
the stack. [CVE-2014-3508] |
303 |
+ |
|
304 |
+ |
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to |
305 |
+ |
a denial of service attack. [CVE-2014-3510] |
306 |
+ |
|
307 |
+ |
20140902: |
308 |
+ |
We're now 0.6-CURRENT |
309 |
+ |
|
310 |
+ |
Update USB quirks to support K70 Corsair keyboard, and several |
311 |
+ |
other devices. |
312 |
+ |
|
313 |
+ |
20140827: |
314 |
+ |
Perl 5.18.2 |
315 |
+ |
|
316 |
+ |
20140728: |
317 |
+ |
Jails now run shutdown scripts. |
318 |
+ |
|
319 |
+ |
20140710: |
320 |
+ |
Fix a vulnerability in the control message API. A buffer is not properly cleared |
321 |
+ |
before sharing with userland. |
322 |
+ |
|
323 |
+ |
20140701: |
324 |
+ |
MKSH R50 |
325 |
+ |
|
326 |
+ |
20140630: |
327 |
+ |
File 5.19 |
328 |
+ |
|
329 |
+ |
20140605: |
330 |
+ |
Fix four security issues with OpenSSL |
331 |
+ |
|
332 |
+ |
20140604: |
333 |
+ |
Sendmail failed to properly set close-on-exec for open file descriptors. |
334 |
+ |
|
335 |
+ |
ktrace page fault kernel trace entries were set to an incorrect size which resulted |
336 |
+ |
in a leak of information. |
337 |
+ |
|
338 |
+ |
20140430: |
339 |
+ |
Fix a TCP reassembly bug that could result in a DOS attack |
340 |
+ |
of the system. It may be possible to obtain portions |
341 |
+ |
of kernel memory as well. |
342 |
+ |
|
343 |
+ |
20140411: |
344 |
+ |
Update zlib to 1.2.7 |
345 |
+ |
|
346 |
+ |
20140122: |
347 |
+ |
Support for username with length 32. Previous limit was 16 |
348 |
+ |
|
349 |
+ |
20140114: |
350 |
+ |
Fix two security vulnerabilities. |
351 |
+ |
|
352 |
+ |
bsnmpd contains a stack overflow when sent certain queries. |
353 |
+ |
|
354 |
+ |
bind 9.8 when using NSEC3-signed zones zones, will crash with special |
355 |
+ |
crafted packets. |
356 |
+ |
|
357 |
+ |
20131228: |
358 |
+ |
Imported FreeBSD 9.2 usb stack (plus z87 patches from stable) |
359 |
+ |
|
360 |
+ |
Updated em(4), igb(4) and ixgbe(4) |
361 |
+ |
|
362 |
+ |
MidnightBSD now works with Z87 Intel chipsets. |
363 |
+ |
|
364 |
+ |
20131207: |
365 |
+ |
Remove sparc64 architecture. It hasn't been working for awhile |
366 |
+ |
and it's not useful for desktops anymore. |
367 |
+ |
|
368 |
+ |
20131205: |
369 |
+ |
OpenSSH 6.4p1 |
370 |
+ |
|
371 |
+ |
20131203: |
372 |
+ |
Perl 5.18.1 imported. |
373 |
+ |
|
374 |
+ |
Update less to v458 |
375 |
+ |
|
376 |
+ |
20131130: |
377 |
+ |
Remove named from base. We still include the client utilities for |
378 |
+ |
now until replacements can be found. |
379 |
+ |
|
380 |
+ |
20131004: |
381 |
+ |
rarpd supports vlan(4) and has a pid flag. (from FreeBSD) |
382 |
+ |
|
383 |
+ |
20130917: |
384 |
+ |
Support for 65,536 routing tables was added. A new fib specific |
385 |
+ |
field has been added to mbuf. This is an increase from 16. |
386 |
+ |
|
387 |
+ |
20130910: |
388 |
+ |
Security updates: (kern.osreldate 5001) |
389 |
+ |
|
390 |
+ |
nullfs(5) |
391 |
+ |
|
392 |
+ |
The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not |
393 |
+ |
check whether the source and target of the link are both in the same |
394 |
+ |
nullfs instance. It is therefore possible to create a hardlink from a |
395 |
+ |
location in one nullfs instance to a file in another, as long as the |
396 |
+ |
underlying (source) filesystem is the same. |
397 |
+ |
|
398 |
+ |
ifioctl |
399 |
+ |
|
400 |
+ |
As is commonly the case, the IPv6 and ATM network layer ioctl request |
401 |
+ |
handlers are written in such a way that an unrecognized request is |
402 |
+ |
passed on unmodified to the link layer, which will either handle it or |
403 |
+ |
return an error code. |
404 |
+ |
|
405 |
+ |
Network interface drivers, however, assume that the SIOCSIFADDR, |
406 |
+ |
SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been |
407 |
+ |
handled at the network layer, and therefore do not perform input |
408 |
+ |
validation or verify the caller's credentials. Typical link-layer |
409 |
+ |
actions for these requests may include marking the interface as "up" |
410 |
+ |
and resetting the underlying hardware. |
411 |
+ |
|
412 |
+ |
20130824: |
413 |
+ |
Fix a bug in sendmail 8.14.7 that interferes with how it |
414 |
+ |
handles AAAA records interoperating with Microsoft DNS servers. |
415 |
+ |
FreeBSD has already reported this to Sendmail and a fix |
416 |
+ |
will be included in the next release. |
417 |
+ |
|
418 |
+ |
Subversion 1.8.1 is now in the base system as a static |
419 |
+ |
binary. It has limited functionality, but can be used to |
420 |
+ |
checkout/commit code. It is named svnlite. |
421 |
+ |
|
422 |
+ |
20130822: |
423 |
+ |
Fix two security vulnerabilities. |
424 |
+ |
|
425 |
+ |
Fix an integer overflow in IP_MSFILTER (IP MULTICAST). |
426 |
+ |
This could be exploited to read memory by a user process. |
427 |
+ |
|
428 |
+ |
When initializing the SCTP state cookie being sent in INIT-ACK chunks, |
429 |
+ |
a buffer allocated from the kernel stack is not completely initialized. |
430 |
+ |
|
431 |
+ |
Import xz 5.0.4 |
432 |
+ |
|
433 |
+ |
Import sqlite 3.7.17 |
434 |
+ |
|
435 |
+ |
Import BIND 9.8.5-P2 |
436 |
+ |
|
437 |
+ |
20130814: |
438 |
+ |
mksh R48 imported. |
439 |
+ |
|
440 |
+ |
Sendmail 8.14.7 imported. |
441 |
+ |
|
442 |
+ |
20130717: |
443 |
+ |
libmport bug was fixed causing hash verification to fail. |
444 |
+ |
|
445 |
+ |
virtio(4) imported from FreeBSD 9-stable. SCSI support not |
446 |
+ |
included. |
447 |
+ |
|
448 |
+ |
20130612: |
449 |
+ |
RELENG_0_4 created for 0.4. Development continues on 0.5. |
450 |
+ |
|
451 |
+ |
20130402: |
452 |
+ |
Update BIND and OpenSSL to resolve security advisories. |
453 |
+ |
|
454 |
+ |
20130305: |
455 |
+ |
MKSH R44 imported. |
456 |
+ |
|
457 |
+ |
20130213: |
458 |
+ |
MKSH R42b imported |
459 |
+ |
|
460 |
+ |
20130211: |
461 |
+ |
MKSH R42 imported |
462 |
+ |
|
463 |
+ |
20130125: |
464 |
+ |
MKSH R41 imported |
465 |
+ |
|
466 |
+ |
20130122: |
467 |
+ |
OpenSSH 5.8p2 imported |
468 |
+ |
|
469 |
+ |
SQLite 3.7.15.2 imported |
470 |
+ |
|
471 |
+ |
Fixed a longstanding bug in libmport extrating new index files. |
472 |
+ |
|
473 |
+ |
20120710: |
474 |
+ |
BSD licensed sort imported from FreeBSD-CURRENT |
475 |
+ |
|
476 |
+ |
For now, GNU sort is installed as gnusort, but it will |
477 |
+ |
go away in time. |
478 |
+ |
|
479 |
+ |
20120708: |
480 |
+ |
tcsh 6.18.01 imported. |
481 |
+ |
|
482 |
+ |
NetBSD's iconv imported. |
483 |
+ |
|
484 |
+ |
libc gains strnlen(3), memrchr(3), stpncpy(3). |
485 |
+ |
|
486 |
+ |
20120612: |
487 |
+ |
BIND security update related to CVE-2012-1667. |
488 |
+ |
|
489 |
+ |
Zero length resource records can cause BIND to crash resulting |
490 |
+ |
in a DOS attack or information disclosure. |
491 |
+ |
|
492 |
+ |
20120407: |
493 |
+ |
mksh R40f (fixes regression) |
494 |
+ |
|
495 |
+ |
20120328: |
496 |
+ |
mksh R40e |
497 |
+ |
|
498 |
+ |
Perl 5.14.2 |
499 |
+ |
|
500 |
+ |
20120229: |
501 |
+ |
cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable. |
502 |
+ |
|
503 |
+ |
20120209: |
504 |
+ |
mDNSResponder 333.10 imported |
505 |
+ |
|
506 |
+ |
20111227: |
507 |
+ |
import raid5 module for GEOM, graid5(8) |
508 |
+ |
|
509 |
+ |
This is experimental and known to use a lot of kernel |
510 |
+ |
memory. |
511 |
+ |
|
512 |
+ |
20111223: |
513 |
+ |
telnetd: fix a root exploit from a fixed buffer that was not checked |
514 |
+ |
|
515 |
+ |
pam: don't allow escape from policy path. Exploitable in KDE, etc. |
516 |
+ |
|
517 |
+ |
Fix pam_ssh module: |
518 |
+ |
|
519 |
+ |
If the pam_ssh module is enabled, attackers may be able to gain access |
520 |
+ |
to user accounts which have unencrypted SSH private keys. |
521 |
+ |
|
522 |
+ |
This has to due with the way that openssl works. It ignores unencrpted data. |
523 |
+ |
|
524 |
+ |
Fix security issue with chroot and ftpd. |
525 |
+ |
|
526 |
+ |
nsdispatch(3) doesn't know it's working in a chroot and some |
527 |
+ |
operations can cause files to get reloaded causing a security |
528 |
+ |
hole in things like ftpd. |
529 |
+ |
|
530 |
+ |
20111217: |
531 |
+ |
libdialog/dialog upgraded to an lgpl version. As it's not |
532 |
+ |
backwardly compatable, include the old libdialog as libodialog |
533 |
+ |
|
534 |
+ |
20111212: |
535 |
+ |
mksh r40d imported |
536 |
+ |
|
537 |
+ |
20111210: |
538 |
+ |
re(4) and rl(4) updated to support new chips. |
539 |
+ |
|
540 |
+ |
GEOM synced with FreeBSD 7-stable. |
541 |
+ |
|
542 |
+ |
MidnightBSD GPT partition types created in sys/gpt.h and |
543 |
+ |
setup in boot loader and GEOM. |
544 |
+ |
|
545 |
+ |
amdsbwd(4) (amd watchdog for south bridge) updated to support |
546 |
+ |
8xx series chipset. |
547 |
+ |
|
548 |
+ |
20111207: |
549 |
+ |
import bsd grep from FreeBSD/OpenBSD. |
550 |
+ |
|
551 |
+ |
MK_BSD_GREP controls which grep is installed |
552 |
+ |
as grep with the other as bsdgrep or gnugrep. |
553 |
+ |
|
554 |
+ |
20111122: |
555 |
+ |
mksh vR40c imported. |
556 |
+ |
|
557 |
+ |
20111117: |
558 |
+ |
BIND 9.6 ESV R5 P1 |
559 |
+ |
|
560 |
+ |
20111107: |
561 |
+ |
tzdata 2011n |
562 |
+ |
|
563 |
+ |
20111026: |
564 |
+ |
mDNSResponder v320 |
565 |
+ |
|
566 |
+ |
BIND 9.6 ESV R5 |
567 |
+ |
|
568 |
+ |
20111022: |
569 |
+ |
cflow 0.0.6 imported |
570 |
+ |
|
571 |
+ |
20111020: |
572 |
+ |
less v436 imported |
573 |
+ |
|
574 |
+ |
amdsbwd(4) AMD southbridge watchdog |
575 |
+ |
|
576 |
+ |
20111019: |
577 |
+ |
awk 20110810 imported |
578 |
+ |
|
579 |
+ |
et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but |
580 |
+ |
not included in GENERIC kernel. The kernel module needs |
581 |
+ |
testing before we can include it in GENERIC. |
582 |
+ |
|
583 |
+ |
intr_bind code ported to allow an IRQ to be bound to one |
584 |
+ |
specific CPU core. |
585 |
+ |
|
586 |
+ |
20111017: |
587 |
+ |
Time Zone Data v. 2011l (Released 10 October 2011) |
588 |
+ |
|
589 |
+ |
Updated list of countries (iso3166) to work with new timezone data. |
590 |
+ |
|
591 |
+ |
20111015: |
592 |
+ |
Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used |
593 |
+ |
to control which core or group of cores can be used for a given |
594 |
+ |
process. Several new system calls were added to support this |
595 |
+ |
functionality in the running kernel and for 32bit binary |
596 |
+ |
compatibility on amd64. |
597 |
+ |
|
598 |
+ |
The scheduler default has been changed to ULE in i386 and |
599 |
+ |
amd64. Changes were made to both schedulers (4BSD AND ULE) |
600 |
+ |
for this feature. |
601 |
+ |
|
602 |
+ |
This work is based on Jeff Roberson's FreeBSD 7.1 patches. |
603 |
+ |
|
604 |
+ |
20111004: |
605 |
+ |
Fix a problem with unix socket handling caused by the recent |
606 |
+ |
patch to unix socket path handling. This allows network |
607 |
+ |
apps to work under the linuxolator again. |
608 |
+ |
|
609 |
+ |
20111001: |
610 |
+ |
Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is |
611 |
+ |
now default and an environment variable must be set to use |
612 |
+ |
active. |
613 |
+ |
|
614 |
+ |
20110930: |
615 |
+ |
Introduce quirks handling for several umass devices including |
616 |
+ |
USB cameras. Add workaround for Cyberpower UPS devices. |
617 |
+ |
|
618 |
+ |
Bring in further bug fixes from FreeBSD and NetBSD for alc(4). |
619 |
+ |
Stale ip/tcp header pointers are no longer used, lockups fixed |
620 |
+ |
when network cable is unplugged on bootup, enable TX checksum |
621 |
+ |
offloading. |
622 |
+ |
|
623 |
+ |
Add a new man page for gcache(8), a useful geom class when |
624 |
+ |
working with large raid3 sets. |
625 |
+ |
|
626 |
+ |
Restore previous workaround for Cypress pata storage controller. |
627 |
+ |
|
628 |
+ |
20110929: |
629 |
+ |
Sync ath(4) with FreeBSD 7.3. |
630 |
+ |
|
631 |
+ |
The following modules are no longer available, and should be |
632 |
+ |
removed from loader.conf: |
633 |
+ |
ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample |
634 |
+ |
|
635 |
+ |
alc(4) would hibernate when a cable was unplugged and often |
636 |
+ |
required bring the interface down and up to "wake up" so that |
637 |
+ |
a connection could be established. Disable hibernation. |
638 |
+ |
|
639 |
+ |
20110928: |
640 |
+ |
Fix security issues with gzip and compress related to .Z |
641 |
+ |
files that are corrupted. |
642 |
+ |
|
643 |
+ |
Fix path validation with unix domain sockets. |
644 |
+ |
|
645 |
+ |
20110917: |
646 |
+ |
Remove dependance on mports perl for generating releases as |
647 |
+ |
it's in the base system. |
648 |
+ |
|
649 |
+ |
20110914: |
650 |
+ |
Import xz 5.0.3 with liblzma 5.0.3 |
651 |
+ |
|
652 |
+ |
20110813: |
653 |
+ |
synced the sparc64 GENERIC kernel configuration with amd64. |
654 |
+ |
|
655 |
+ |
20110806: |
656 |
+ |
sqlite 3.7.7.1 imported |
657 |
+ |
|
658 |
+ |
msearch(1), libmsearch and msearch.import added. msearch(1) provides |
659 |
+ |
a full text search command line tool. libmsearch can also be used |
660 |
+ |
to build a graphical based search in the future. You can enable |
661 |
+ |
index building for msearch in periodic.conf or manually run the |
662 |
+ |
/usr/libexec/msearch.index tool. Full text indexes take considerable |
663 |
+ |
space in /var. I'm using approximately 500MB currently. |
664 |
+ |
|
665 |
+ |
Fix a long standing bug with the periodic script to check package |
666 |
+ |
versions. This will be obsolete with mport though. |
667 |
+ |
|
668 |
+ |
20110710: |
669 |
+ |
kdb_enter_why added to MidnightBSD to allow the kernel debugger to |
670 |
+ |
know why it's in use and thus script can be run. |
671 |
+ |
|
672 |
+ |
Yet another problem with the perl manifest was fixed |
673 |
+ |
|
674 |
+ |
20110709: |
675 |
+ |
cpufreq(1) is a new utility to monitor CPU frequency which may change |
676 |
+ |
with use of powerd(8) and cpufreq(4). |
677 |
+ |
|
678 |
+ |
20110612: |
679 |
+ |
Update mksh to R40 |
680 |
+ |
|
681 |
+ |
Catch up ObsoleteFiles.inc to remove Perl 5.10.x. Good to run when |
682 |
+ |
updating current (cd /usr/src && make check-old) |
683 |
+ |
|
684 |
+ |
20110528: |
685 |
+ |
Fix CVE-2011-1910 in BIND 9.6.x. This affects caching resolvers. |
686 |
+ |
|
687 |
+ |
20110526: |
688 |
+ |
newfs: |
689 |
+ |
Raised the default blocksize for UFS/FFS filesystems from |
690 |
+ |
16K to 32K and the default fragment size from 2K to 4K. |
691 |
+ |
|
692 |
+ |
This should slightly imporve performance on "advanced format" |
693 |
+ |
hard drives such as the WD EARS drives. Drives of this type |
694 |
+ |
have emulation modes that slow down with lower sizes. Of course |
695 |
+ |
the drive must still be aligned properly when using fdisk. |
696 |
+ |
|
697 |
+ |
20110521: |
698 |
+ |
mport tool now has a deleteall command. This can be used to remove |
699 |
+ |
all packages from a system. |
700 |
+ |
|
701 |
+ |
A few bugs with the perl 5.14 import have been fixed. |
702 |
+ |
|
703 |
+ |
20110518: |
704 |
+ |
Perl 5.14.0 |
705 |
+ |
|
706 |
+ |
20110517: |
707 |
+ |
Sendmail 8.14.5 |
708 |
+ |
|
709 |
+ |
20110314: |
710 |
+ |
DRM/DRI code updated to support newer video cards. (FreeBSD 7.1) |
711 |
+ |
|
712 |
+ |
cdevpriv wrappers added |
713 |
+ |
|
714 |
+ |
nss_mdns hack introduced to work around linking problem. |
715 |
+ |
|
716 |
+ |
dnsextd fixed after update to mDNSResponder code. |
717 |
+ |
|
718 |
+ |
20110308: |
719 |
+ |
Introduce liblzma & xz 5.0.1 to the base system |
720 |
+ |
|
721 |
+ |
Patch for OpenSSL security issue CVE-2011-0014. |
722 |
+ |
|
723 |
+ |
"OSREVISION 4004" |
724 |
+ |
|
725 |
+ |
nsswitch module for multicast dns (nss_mdns) added. |
726 |
+ |
|
727 |
+ |
tzdata2011c |
728 |
+ |
|
729 |
+ |
20110220: |
730 |
+ |
cam(4) syncronized with FreeBSD 7.3. |
731 |
+ |
|
732 |
+ |
20110219: |
733 |
+ |
amdtemp(4) updated to support sensors framework. |
734 |
+ |
|
735 |
+ |
20110217: |
736 |
+ |
Perl 5.10.1 imported |
737 |
+ |
|
738 |
+ |
20110216: |
739 |
+ |
Introduce igb(4) and split Intel Gigabit Ethernet adapters between |
740 |
+ |
igb(4) and em(4). Newer devices use igb(4). The code has moved |
741 |
+ |
to sys/dev/e1000 for both devices in the kernel. igb(4) has |
742 |
+ |
been placed in GENERIC on i386 and amd64. |
743 |
+ |
|
744 |
+ |
Update bfe(4) to support newer devices and WOL. |
745 |
+ |
|
746 |
+ |
20110215: |
747 |
+ |
age(4) added. |
748 |
+ |
|
749 |
+ |
20110208: |
750 |
+ |
BIND 9.6.3 which fixes a bug with DNSSEC records getting added. |
751 |
+ |
|
752 |
+ |
20110206: |
753 |
+ |
eeemon(4) added to monitor Asus Eee PC. |
754 |
+ |
|
755 |
+ |
20110205: |
756 |
+ |
OpenSSH 5.7p1 |
757 |
+ |
|
758 |
+ |
GNU sort 6.9 (coreutils) |
759 |
+ |
|
760 |
+ |
20110203: |
761 |
+ |
one true awk 20100523 imported |
762 |
+ |
|
763 |
+ |
sqlite 3.7.5 |
764 |
+ |
|
765 |
+ |
OpenSSL 0.9.8q |
766 |
+ |
|
767 |
+ |
20110202: |
768 |
+ |
tcsh 6.17.00 |
769 |
+ |
|
770 |
+ |
file 5.05 |
771 |
+ |
|
772 |
+ |
20110122: |
773 |
+ |
Import it(4) and lm(4), with support for Super I/O hardware monitors. This |
774 |
+ |
uses the sensors framework ported by Constantine A. Murenin (GSOC2007) |
775 |
+ |
|
776 |
+ |
20110120: |
777 |
+ |
BIND 9.6.2-P3 |
778 |
+ |
|
779 |
+ |
sudo 1.7.4-p6 |
780 |
+ |
|
781 |
+ |
20110115: |
782 |
+ |
Add experimental jme(4) for Jmicron ethernet devices. |
783 |
+ |
|
784 |
+ |
20101130: |
785 |
+ |
A double free exists in the SSL client ECDH handling code, when |
786 |
+ |
processing specially crafted public keys with invalid prime |
787 |
+ |
numbers. [CVE-2010-2939] |
788 |
+ |
|
789 |
+ |
20101120: |
790 |
+ |
Several portions of the kernel and userland code related to UFS file |
791 |
+ |
systems (and UFS2) cannot properly handle inode counts above 2^31 due |
792 |
+ |
to use of int types. Based on a patch from FreeBSD, I've modified |
793 |
+ |
our UFS2 implementation to handle unsigned values for inode counts |
794 |
+ |
which should allow for file systems greater than 16TB. |
795 |
+ |
|
796 |
+ |
newfs and growfs was also modified. |
797 |
+ |
|
798 |
+ |
20101110: |
799 |
+ |
Fix a security issue with pseudofs which could result in running code in kernel |
800 |
+ |
context or a kernel panic depending on system configuration. This affects file |
801 |
+ |
systems such as procfs for instance. |
802 |
+ |
|
803 |
+ |
20101021: |
804 |
+ |
sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily. |
805 |
+ |
This is similar to functions present in many linux distros. The utility was |
806 |
+ |
written by Devin Teske for FreeBSD. |
807 |
+ |
|
808 |
+ |
20100920: |
809 |
+ |
bzip2 security patch for integer overflow. |
810 |
+ |
|
811 |
+ |
20100905: |
812 |
+ |
MidnightBSD RELENG_0_3 branch created. Aggressive development continues here |
813 |
+ |
for 0.4. |
814 |
+ |
|
815 |
+ |
20100902: |
816 |
+ |
Fix a security issue with libutil that allows users to bypass cpu limits in |
817 |
+ |
login.conf in some cases. This combined with OpenSSH for example can allow |
818 |
+ |
the user to get more resources than they're allowed. |
819 |
+ |
|
820 |
+ |
20100822: |
821 |
+ |
Import Apple's mDNSResponder (mdnsd). |
822 |
+ |
|
823 |
+ |
20100814: |
824 |
+ |
libdispatch added to MidnightBSD. This provides functionality found in |
825 |
+ |
Mac OS X's GCD. We do not have blocks support yet. As this code is |
826 |
+ |
licensed under Apache 2, we create a new MK_APACHE option so that |
827 |
+ |
it's not required for all users to run code under a license they |
828 |
+ |
may not like. |
829 |
+ |
|
830 |
+ |
20100713: |
831 |
+ |
mbuf readonly fix related to sendfile(2) data corruption. |
832 |
+ |
|
833 |
+ |
20100704: |
834 |
+ |
brainfuck(1) imported from MirBSD. |
835 |
+ |
|
836 |
+ |
20100505: |
837 |
+ |
zlib 1.2.5 |
838 |
+ |
|
839 |
+ |
20100430: |
840 |
+ |
Sudo 1.7.2p6 imported |
841 |
+ |
|
842 |
+ |
20100321: |
843 |
+ |
Update zlib to 1.2.4 |
844 |
+ |
|
845 |
+ |
20100319: |
846 |
+ |
Removed i586 from default i386 generic kernel. |
847 |
+ |
|
848 |
+ |
20100317: |
849 |
+ |
Update to tzdata2010e (time zones). This includes changes in |
850 |
+ |
Mexico. |
851 |
+ |
|
852 |
+ |
Add support for several newer sound cards via hda including |
853 |
+ |
ATI and Realtek chipsets. |
854 |
+ |
|
855 |
+ |
20100313: |
856 |
+ |
CPU detection has been changed. VIA Padlock detection added. |
857 |
+ |
|
858 |
+ |
20100312: |
859 |
+ |
Fix a number of bugs and compiler warnings in libmport. Handle |
860 |
+ |
plus signs in paths for mport.check-fake |
861 |
+ |
|
862 |
+ |
20100311: |
863 |
+ |
mksh R39c |
864 |
+ |
|
865 |
+ |
20100309: |
866 |
+ |
Sudo 1.7.2p5 |
867 |
+ |
|
868 |
+ |
sqlite3 3.6.23 |
869 |
+ |
|
870 |
+ |
mksh R39b |
871 |
+ |
|
872 |
+ |
libffi (ffi) 3.0.9 |
873 |
+ |
|
874 |
+ |
20100206: |
875 |
+ |
WITHOUT_LIB32 is no longer needed on AMD64. GCC was fixed to |
876 |
+ |
properly pass arguments to ld. |
877 |
+ |
|
878 |
+ |
re(4) and rl(4) have been updated to support several new |
879 |
+ |
realtek chipsets. Performance has been improved on re(4). |
880 |
+ |
|
881 |
+ |
20100204: |
882 |
+ |
Fix a bug cropping up on AMD64 MidnightBSD with sftp |
883 |
+ |
segfaulting. |
884 |
+ |
|
885 |
+ |
20100116: |
886 |
+ |
Import ash changes from FreeBSD (bin/sh) 8-Stable. |
887 |
+ |
|
888 |
+ |
BIND 9.6.1-P2 |
889 |
+ |
|
890 |
+ |
20100110: |
891 |
+ |
Import Sendmail 8.14.4. Fix for SSL vulnerability. |
892 |
+ |
|
893 |
+ |
posix_spawn(3) added to MidnightBSD libc. Users may need to build and |
894 |
+ |
install libc before doing a full buildworld when upating from 0.2 or |
895 |
+ |
older current systems. |
896 |
+ |
|
897 |
+ |
kqueue(2) was modified to support portions of libdispatch functionality. |
898 |
+ |
|
899 |
+ |
20100106: |
900 |
+ |
Bind security update. Fix a bug with DNSSEC that causes negative |
901 |
+ |
cache entries and thus a possible DNS cache poisoning attack. |
902 |
+ |
|
903 |
+ |
Fix a bug in ZFS that can reset permissions on system crashes. |
904 |
+ |
|
905 |
+ |
20091228: |
906 |
+ |
amdtemp(4) was added. It allows one to monitor to the temperature |
907 |
+ |
of an AMD CPU such as a Phenom. |
908 |
+ |
|
909 |
+ |
20091205: |
910 |
+ |
OpenSSL security fix |
911 |
+ |
|
912 |
+ |
The SSL version 3 and TLS protocols support session renegotiation without |
913 |
+ |
cryptographically tying the new session parameters to the old parameters. |
914 |
+ |
|
915 |
+ |
20091128: |
916 |
+ |
OpenBSD sensors framework imported including sensorsd(8) |
917 |
+ |
|
918 |
+ |
20091126: |
919 |
+ |
OpenNTPD 4.4 import |
920 |
+ |
|
921 |
+ |
Update OpenSSH to 5.3p1 |
922 |
+ |
|
923 |
+ |
mksh R39 |
924 |
+ |
|
925 |
+ |
20091124: |
926 |
+ |
cpdup updated from DragonFly to 1.15 |
927 |
+ |
|
928 |
+ |
tzdata2009s updated with latest timezone data for November 2009. |
929 |
+ |
|
930 |
+ |
20091010: |
931 |
+ |
amd64 users should use WITHOUT_LIB32=yes in /etc/make.conf for now |
932 |
+ |
to test current. |
933 |
+ |
|
934 |
+ |
Revert unicode filename fixes from ntfs code. This was causing chaos |
935 |
+ |
on amd64 systems. |
936 |
+ |
|
937 |
+ |
20091006: |
938 |
+ |
Update timezone data with tzdata2009n with the Pakistan and |
939 |
+ |
Argentina changes. |
940 |
+ |
|
941 |
+ |
Sync several userland utilities with versions from FreeBSD 7.0 in |
942 |
+ |
sbin and usr.sbin. |
943 |
+ |
|
944 |
+ |
20090919: |
945 |
+ |
Update timezone data with tzdate2009m from September 2009. |
946 |
+ |
|
947 |
+ |
20090729: |
948 |
+ |
Patch for Bind 9 security vulnerability. a dynmaic update packet |
949 |
+ |
can trigger an assertion and cause named to exit |
950 |
+ |
|
951 |
+ |
20090606: |
952 |
+ |
Remove PCC from the base system. This compiler will not work |
953 |
+ |
as a system compiler for us as we've got some userland investment |
954 |
+ |
in C++ code and may have Objective-C in the future. We're stuck |
955 |
+ |
with a solution that supports these three languages at a minimum. |
956 |
+ |
|
957 |
+ |
I had wanted to keep it as an optional compiler because it is |
958 |
+ |
fast, however too many users want to try to use it for the base |
959 |
+ |
system which makes no sense. |
960 |
+ |
|
961 |
+ |
A hack was added for Cypress based usb hard drive enclosures to |
962 |
+ |
the kernel. This should cut down on commands it claims to support |
963 |
+ |
but does not (at the cam layer). Found while testing ZFS on |
964 |
+ |
an external device. |
965 |
+ |
|
966 |
+ |
20090520: |
967 |
+ |
The powerd daemon no longer starts automatically to improve |
968 |
+ |
compatibility with many systems. However, there is a new |
969 |
+ |
installer option in the startup section to enable it. This |
970 |
+ |
makes it easier to enable for users that have working systems. I thought it was only a problem on older hardware, but it freaks |
971 |
+ |
out my new Phenom too. |
972 |
+ |
|
973 |
+ |
20090502: |
974 |
+ |
OpenSSH 5.2p1 import |
975 |
+ |
|
976 |
+ |
ale(4) connected to the build. (kernel module only) |
977 |
+ |
|
978 |
+ |
20090501: |
979 |
+ |
Imported makefs utility from NetBSD/FreeBSD |
980 |
+ |
|
981 |
+ |
20090422: |
982 |
+ |
OpenSSL security update |
983 |
+ |
|
984 |
+ |
The function ASN1_STRING_print_ex does not properly validate the lengths |
985 |
+ |
of BMPString or UniversalString objects before attempting to print them. |
986 |
+ |
|
987 |
+ |
20090415: |
988 |
+ |
Created a Symbol.map for libc/ohash symbols |
989 |
+ |
|
990 |
+ |
Updated several usr/bin usr/sbin utilities. |
991 |
+ |
|
992 |
+ |
Corrected a bug with Makefile.inc1 causing the bootstrap |
993 |
+ |
tools to fail. |
994 |
+ |
|
995 |
+ |
20090405: |
996 |
+ |
xorg 7.4 wants to configure its input devices via hald which does not |
997 |
+ |
yet work with USB. If the keyboard/mouse does not work in xorg then |
998 |
+ |
add |
999 |
+ |
Option "AllowEmptyInput" "off" |
1000 |
+ |
to your ServerLayout section. This will cause X to use the configured |
1001 |
+ |
kbd and mouse sections from your xorg.conf |
1002 |
+ |
|
1003 |
+ |
20090403: |
1004 |
+ |
mksh was disconnected a few day ago do to bugs with |
1005 |
+ |
buildworld and mports. Now, connect it back |
1006 |
+ |
for use as /bin/sh with a conditional called |
1007 |
+ |
MK_ASH. By default, ash is the standard /bin/sh |
1008 |
+ |
but we may change this later. This will allow further |
1009 |
+ |
testing by users and developers of mksh without |
1010 |
+ |
causing an unpleasant default experience. In the |
1011 |
+ |
long run, we need to fix mksh compatibility. |
1012 |
+ |
|
1013 |
+ |
20090328: |
1014 |
+ |
Bring in mksh R37 from CVS. The dot.mkshrc files for root |
1015 |
+ |
and skel were changed. mksh(1) now replaces ash aka sh(1) |
1016 |
+ |
as the default /bin/sh. Please report bugs with |
1017 |
+ |
ports, etc. The ash code will remain in the repo for awhile |
1018 |
+ |
as I decide if we'll add something like MK_SHELL_ASH as |
1019 |
+ |
an optional build parameter. |
1020 |
+ |
|
1021 |
+ |
ahd was disconnected from the lint environment until |
1022 |
+ |
the compiler bug is sorted (by updating gcc?) |
1023 |
+ |
|
1024 |
+ |
Remove freebsd-tips from fortune files and change the |
1025 |
+ |
default for login and profile. |
1026 |
+ |
|
1027 |
+ |
20090327: |
1028 |
+ |
Update libarchive to 2.5.5, tar, and add bsdcpio. |
1029 |
+ |
|
1030 |
+ |
Also previously, ctriv has been connecting Perl 5.10 |
1031 |
+ |
to the build (part of os). This will have an impact |
1032 |
+ |
on mports. |
1033 |
+ |
|
1034 |
+ |
20090325: |
1035 |
+ |
Update Bind to 9.4.3-P1 |
1036 |
+ |
|
1037 |
+ |
Update mksh to R36b |
1038 |
+ |
|
1039 |
+ |
Update tcpdump to 3.9.8, fix libpcap to work with current. |
1040 |
+ |
|
1041 |
+ |
Update pnpinfo, sync with FreeBSD. |
1042 |
+ |
|
1043 |
+ |
20090115: |
1044 |
+ |
Fix a problem with DNSSEC and BIND. |
1045 |
+ |
|
1046 |
+ |
20090110: |
1047 |
+ |
For applications using OpenSSL for SSL connections, an invalid SSL |
1048 |
+ |
certificate may be interpreted as valid. This could for example be |
1049 |
+ |
used by an attacker to perform a man-in-the-middle attack. |
1050 |
+ |
|
1051 |
+ |
Other applications which use the OpenSSL EVP API may similarly be |
1052 |
+ |
affected. |
1053 |
+ |
|
1054 |
+ |
Stop cross site request forgery attacks in lukemftpd |
1055 |
+ |
|
1056 |
+ |
20090104: |
1057 |
+ |
Import GNU libreadline 5.2 |
1058 |
+ |
|
1059 |
+ |
20090101: |
1060 |
+ |
Update time zone data to 2008i. |
1061 |
+ |
|
1062 |
+ |
20081231: |
1063 |
+ |
Correct a problem where bluetooth and netgraph sockets are not |
1064 |
+ |
properly initialized. |
1065 |
+ |
|
1066 |
+ |
Happy 2009. |
1067 |
+ |
|
1068 |
+ |
20081206: |
1069 |
+ |
Due to the massive change in the underlying system under way, |
1070 |
+ |
we're naming the next release 1.0. The sys/sys/param.h was |
1071 |
+ |
changed accordingly. ipfilter and ncurses were corrected |
1072 |
+ |
using __MidnightBSD__ tests in the code. |
1073 |
+ |
|
1074 |
+ |
The GENERIC kernel config was caught up on i386 today. Consider |
1075 |
+ |
i386 still broken, but amd64 is running again. |
1076 |
+ |
|
1077 |
+ |
mdoc.local was updated with the new MidnightBSD version info. |
1078 |
+ |
|
1079 |
+ |
batt(1) was rewritten in C. It now supports several flags and |
1080 |
+ |
runs about 8 times faster on my laptop. The default output |
1081 |
+ |
shows the number of minutes of battery life remaining and the |
1082 |
+ |
percentage. You can use -u to display the number of batteries or |
1083 |
+ |
-c to get script friendly output. Consult the man page for more. |
1084 |
+ |
|
1085 |
+ |
20081204: |
1086 |
+ |
Work has completed on importing ZFS, jemalloc, several |
1087 |
+ |
new devices, SCTP, updated pf, a new tempfs, linuxolator 2.6 kernel |
1088 |
+ |
support, improved locking for file desc., audit (openbsm), |
1089 |
+ |
openssl .98e, nfe, imporved intel high def audio, midi, updated |
1090 |
+ |
intel gigabit (em), support for several wifi cards (intel), ... |
1091 |
+ |
|
1092 |
+ |
Renamed 0.3-CURRENT officially. Switched to using MidnightBSD version |
1093 |
+ |
data from param.h instead of the FreeBSD version. This means |
1094 |
+ |
testing is now possible in the ports tree for the version |
1095 |
+ |
and that any ports or code relying on the FreeBSD version from |
1096 |
+ |
sys/sys/param.h will need to be fixed. |
1097 |
+ |
|
1098 |
+ |
20080905: |
1099 |
+ |
update nve(4) to support new hardware. |
1100 |
+ |
|
1101 |
+ |
20080801: |
1102 |
+ |
Import OpenBSM 1.0 |
1103 |
+ |
|
1104 |
+ |
Modify src/release to create 3 isos instead of 2 for packages. |
1105 |
+ |
|
1106 |
+ |
etc/rc.d/firstboot now enables kdm, gnustep + slim and bsdstats. |
1107 |
+ |
|
1108 |
+ |
Many ia64, alpha, powerpc items were removed. |
1109 |
+ |
|
1110 |
+ |
The recent diffutils 2.8.7 import was fixed. |
1111 |
+ |
|
1112 |
+ |
20080703: |
1113 |
+ |
pcc was not installed properly when setting DESTDIR for live cds, |
1114 |
+ |
or posibly jails. |
1115 |
+ |
|
1116 |
+ |
20080627: |
1117 |
+ |
Add firmware(9), WEP, CCMP, TKIP to GENERIC. |
1118 |
+ |
|
1119 |
+ |
Add glabel to GENERIC. |
1120 |
+ |
|
1121 |
+ |
Intel ICH8 mobile chipset used on some iMacs included with ata. |
1122 |
+ |
|
1123 |
+ |
pcc connected to the build on i386. (alternative compiler) |
1124 |
+ |
|
1125 |
+ |
ath added to GENERIC. (Atheros wireless NICs) on amd64/i386 |
1126 |
+ |
|
1127 |
+ |
20080528: |
1128 |
+ |
Sendmail 8.14.3 |
1129 |
+ |
|
1130 |
+ |
20080516: |
1131 |
+ |
ssh-vulnkey allows you to look for vulnerable ssh keys that |
1132 |
+ |
were generated on Debian and Ubuntu hosts over the last |
1133 |
+ |
few years. sshd can block offending keys with a configuration |
1134 |
+ |
option. |
1135 |
+ |
|
1136 |
+ |
The elf note on binaries is now set to MidnightBSD. |
1137 |
+ |
|
1138 |
+ |
20080514: |
1139 |
+ |
Fixed a number of problems with pcc. It is not yet connected |
1140 |
+ |
to the build, but usable on i386 hosts. You may use it |
1141 |
+ |
by make; make install in /usr/src/usr.bin/pcc. It will |
1142 |
+ |
install in /usr/local as some of the files conflict with |
1143 |
+ |
GCC versions. __MidnightBSD__ is defined in PCC as well. |
1144 |
+ |
|
1145 |
+ |
System headers were fixed to allow pcc to compile many binaries |
1146 |
+ |
on MidnightBSD. bin/cp will work now for instance. |
1147 |
+ |
|
1148 |
+ |
20080430: |
1149 |
+ |
__MidnightBSD__ is now defined via gcc. This can be tested |
1150 |
+ |
to determine we're running on MidnightBSD in the preprocessor. |
1151 |
+ |
|
1152 |
+ |
20080429: |
1153 |
+ |
Import bind 9.4.2 with threading |
1154 |
+ |
|
1155 |
+ |
libpthread (KSE) and libthr are built earlier |
1156 |
+ |
|
1157 |
+ |
pcvt(4) removed! |
1158 |
+ |
|
1159 |
+ |
Alias added for core2 cpus. |
1160 |
+ |
|
1161 |
+ |
Alpha and PC98 only utilities removed from usr/sbin |
1162 |
+ |
|
1163 |
+ |
syslogd, adduser, rmuser, mergemaster and mailwrapper have been |
1164 |
+ |
improved. See the man pages for info. |
1165 |
+ |
|
1166 |
+ |
periodic scripts will not send emails with empty message bodies. |
1167 |
+ |
See mailwrapper fix. |
1168 |
+ |
|
1169 |
+ |
20080410: |
1170 |
+ |
Sync cpdup with DragonFly. Add parallel transaction support and |
1171 |
+ |
-l flag to line-buffer stdout and stderr. |
1172 |
+ |
|
1173 |
+ |
20080406: |
1174 |
+ |
Import bzip2 1.05 |
1175 |
+ |
Import OpenSSH 4.9p1 |
1176 |
+ |
|
1177 |
+ |
20080322: |
1178 |
+ |
The default umask was changed to 022. |
1179 |
+ |
|
1180 |
+ |
/usr/X11R6 paths were removed from several config files. |
1181 |
+ |
|
1182 |
+ |
.mkshrc files are now installed for root. |
1183 |
+ |
|
1184 |
+ |
20080316: |
1185 |
+ |
FIx a problem with gif0 tunnels and neighbors with IPV6. |
1186 |
+ |
|
1187 |
+ |
20080312: |
1188 |
+ |
Add lndir from X.org. This aides in the porting of MirPorts. |
1189 |
+ |
|
1190 |
+ |
New OS versions were added to the mapage code (groff) |
1191 |
+ |
|
1192 |
+ |
20080310: |
1193 |
+ |
Correct a buffer overflow in ppp. |
1194 |
+ |
|
1195 |
+ |
20080308: |
1196 |
+ |
Remove /usr/X11R6 from manpath config. |
1197 |
+ |
|
1198 |
+ |
20080307: |
1199 |
+ |
Atheros driver no longer has several options set |
1200 |
+ |
which corrects building in tinderbox on all three platforms. |
1201 |
+ |
|
1202 |
+ |
Added a new macro to sx.h which returns true if the current |
1203 |
+ |
thread holds an exclusive lock on a specifix sx. |
1204 |
+ |
|
1205 |
+ |
Removed OS/2's HPFS file system. It's not maintained and |
1206 |
+ |
I don't know anyone using OS/2 or ecomstation these days. |
1207 |
+ |
My copy is in the closet collecting dust. |
1208 |
+ |
|
1209 |
+ |
20080306: |
1210 |
+ |
Synced tinderbox with FreeBSD. Modified it for MidnightBSD. |
1211 |
+ |
Developers can now use it to check src builds. |
1212 |
+ |
|
1213 |
+ |
20080303: |
1214 |
+ |
Add mksh to /etc/shells, made some adjustments to options |
1215 |
+ |
for mksh builds per suggestion upstream. |
1216 |
+ |
|
1217 |
+ |
USB HID table updated with modern hardware list. |
1218 |
+ |
|
1219 |
+ |
Updated BSD family true (we're not in there yet) |
1220 |
+ |
|
1221 |
+ |
iso3166 file updated and import of tzdata2007k for |
1222 |
+ |
new time zones. |
1223 |
+ |
|
1224 |
+ |
Updated mksh to latest version R33. |
1225 |
+ |
|
1226 |
+ |
20080228: |
1227 |
+ |
Remplaced the random IP id generation code with a new |
1228 |
+ |
version by Amit Klein. |
1229 |
+ |
|
1230 |
+ |
20080221: |
1231 |
+ |
Sendfile write only permissions fix. |
1232 |
+ |
|
1233 |
+ |
Removed some HPFS and PC98 code. |
1234 |
+ |
|
1235 |
+ |
iso639 file sycned with DragonFly. |
1236 |
+ |
|
1237 |
+ |
20080128: |
1238 |
+ |
Changed NTP configuration so that ips aren't cached |
1239 |
+ |
so multiple servers are used. |
1240 |
+ |
|
1241 |
+ |
Fix an issue with fork() in libpthread. |
1242 |
+ |
|
1243 |
+ |
20080121: |
1244 |
+ |
Add virtualization detection to set the HZ rate |
1245 |
+ |
according to a VM present. VMWare and Parallels |
1246 |
+ |
should work better like this. |
1247 |
+ |
|
1248 |
+ |
Change to full x11 install in sysinstall. Add |
1249 |
+ |
xorg 7 support. |
1250 |
+ |
|
1251 |
+ |
20080115: |
1252 |
+ |
Fix the handling of PTY's. CVE-2008-0216 |
1253 |
+ |
|
1254 |
+ |
20080105: |
1255 |
+ |
mport delete code added, USE_MPORT_TOOLS knob aded. |
1256 |
+ |
|
1257 |
+ |
20080101: |
1258 |
+ |
Happy New Year |
1259 |
+ |
|
1260 |
+ |
20071123: |
1261 |
+ |
Update sendmail to 8.14.2 |
1262 |
+ |
|
1263 |
+ |
20071120: |
1264 |
+ |
Update system compiler to gcc 3.4.6. |
1265 |
+ |
|
1266 |
+ |
20071023: |
1267 |
+ |
Updated mksh to R31d. |
1268 |
+ |
|
1269 |
+ |
20070911: |
1270 |
+ |
Updated mksh to version R31b. |
1271 |
+ |
|
1272 |
+ |
Fixed stderr output in libpthread. Previously it was |
1273 |
+ |
written to stdout. |
1274 |
+ |
|
1275 |
+ |
20070831: |
1276 |
+ |
Added dot.mkshrc file to support the recent change to |
1277 |
+ |
mksh from OpenBSD's ksh derived from pdksh. |
1278 |
+ |
|
1279 |
+ |
Added new firewall configuration. ipfw is enabled by default |
1280 |
+ |
with a "desktop" configuration. Consult /etc/rc.firewall |
1281 |
+ |
or ipfw show to see the ruleset used. You can disable |
1282 |
+ |
ipfw by setting firewall_enable="NO" in /etc/rc.conf This |
1283 |
+ |
change only effects IPv4. IPv6 does not have a firewall |
1284 |
+ |
enabled by default. |
1285 |
+ |
|
1286 |
+ |
20070814: |
1287 |
+ |
Removed GNU tar source. We've been using BSD tar |
1288 |
+ |
for awhile. |
1289 |
+ |
|
1290 |
+ |
20070806: |
1291 |
+ |
Finished removing umapfs and autofs from the tree. |
1292 |
+ |
|
1293 |
+ |
20070804: |
1294 |
+ |
BIND and Tcpdump have been patched for recent vulnerabilities. |
1295 |
+ |
|
1296 |
+ |
We switched to BSD cpio (pax). |
1297 |
+ |
|
1298 |
+ |
20070719: |
1299 |
+ |
Imported cpdup from DragonFly as /bin/cpdup |
1300 |
+ |
|
1301 |
+ |
20070716: |
1302 |
+ |
Update GNU cpio to 2.8. |
1303 |
+ |
|
1304 |
+ |
20070410: |
1305 |
+ |
cvs was updated to 1.12.13. cvsbug was removed. |
1306 |
+ |
cvs now behaves similarly to DragonFly's cvs with |
1307 |
+ |
most of their local changes. |
1308 |
+ |
|
1309 |
+ |
20070409: |
1310 |
+ |
RELENG_0_1 was created. More aggresive changes will |
1311 |
+ |
continue here. |
1312 |
+ |
|
1313 |
+ |
20070406: |
1314 |
+ |
Back out propolice. propolice caused several problems |
1315 |
+ |
with our threading libraries libthr and libpthread. |
1316 |
+ |
curthread was often NULL after the patch and many |
1317 |
+ |
multithreaded applications would crash. We plan to |
1318 |
+ |
work on either bringing in gcc 4.1 or developing a new |
1319 |
+ |
patch which also corrects our threading issues later. |
1320 |
+ |
|
1321 |
+ |
It is more important to have a stable system for our |
1322 |
+ |
mport work and other projects at this time. |
1323 |
+ |
|
1324 |
+ |
This is not a clean removal. It is recommended that you |
1325 |
+ |
have a recently SNAP CD handy. You can either reinstall |
1326 |
+ |
or perform a make buildworld and make buildkernel and |
1327 |
+ |
make installkernel. Reboot on the cd and copy the contents |
1328 |
+ |
of /bin, /sbin, /lib, /libexec, and /usr/bin, /usr/sbin, |
1329 |
+ |
/usr/lib, and /usr/libexec to the respective directories on |
1330 |
+ |
your disk. Then you should be able to boot into single user |
1331 |
+ |
mode and run make installworld. You will need to run |
1332 |
+ |
chflags noschg on some of the files if you can't overwrite |
1333 |
+ |
them. |
1334 |
+ |
|
1335 |
+ |
You will get __guard missing errors since we had to remove |
1336 |
+ |
this from libc. |
1337 |
+ |
|
1338 |
+ |
You will need to rebuild any ports built while propolice was |
1339 |
+ |
installed. |
1340 |
+ |
|
1341 |
+ |
20070401: |
1342 |
+ |
Importing propolice into MidnightBSD. Propolice is going to |
1343 |
+ |
provide us with much greater security and stability in the |
1344 |
+ |
long run. If upgrading from a pre-propolice system, please |
1345 |
+ |
follow the these instructions: |
1346 |
+ |
|
1347 |
+ |
cd /usr/src/lib/libc && make obj && make && make install |
1348 |
+ |
cd /usr/src/gnu/usr.bin/cc && make obj && make && make install |
1349 |
+ |
cd /usr/src/lib/libpthread && make obj && make && make install |
1350 |
+ |
cd /usr/src/lib/libthr && make obj && make && make install |
1351 |
+ |
buildworld and kernel |
1352 |
+ |
|
1353 |
+ |
It is adviced that any mports which were installed and/or built |
1354 |
+ |
prior to the propolice update also be updated. If any errors |
1355 |
+ |
or issue are encounted, please contact security@midnightbsd.org |
1356 |
+ |
and we will be sure to investigate and come up with an expeditious |
1357 |
+ |
fix. |
1358 |
+ |
|
1359 |
+ |
20070314: |
1360 |
+ |
Remove send-pr from src. |
1361 |
+ |
|
1362 |
+ |
Switch to NetBSD's gzip. |
1363 |
+ |
|
1364 |
+ |
Bump MBSD minor revision. |
1365 |
+ |
|
1366 |
+ |
20070313: |
1367 |
+ |
Imported OpenSSH 4.6p1. |
1368 |
+ |
|
1369 |
+ |
Imported FreeBSD's libarchive and updated tar to work with it. |
1370 |
+ |
|
1371 |
+ |
Disabled debug statements cluttering up /var/log/messages for |
1372 |
+ |
the tcp autobuf patch applied previously. |
1373 |
+ |
|
1374 |
+ |
20070312: |
1375 |
+ |
Synced several audio changes from FreeBSD 6.1. Removed the |
1376 |
+ |
BSD Daemon files from src/share. |
1377 |
+ |
|
1378 |
+ |
20070308: |
1379 |
+ |
Added mfi which supports LSI Logic MegaRAID SAS devices including |
1380 |
+ |
the Dell perc5i. |
1381 |
+ |
|
1382 |
|
20070206: |
1383 |
|
Imported OpenBSD's sudo into source. Please install |
1384 |
|
/usr/src/usr.bin/sudo/lib first before building. |
1397 |
|
|
1398 |
|
wpa_supplicant was updated. |
1399 |
|
|
1400 |
< |
For stability and compatibility reasons, it was decided that MidnightBSD sync with FreeBSD 6.1 Release. Nearly every change between the original fork date of February 24, 2006 and the release of FreeBSD 6.1 in May 2006 will be merged. Beyond this, MidnightBSD will be a "real" fork and will not sync every little change with FreeBSD. |
1400 |
> |
For stability and compatibility reasons, it was decided that MidnightBSD |
1401 |
> |
sync with FreeBSD 6.1 Release. Nearly every change between the original |
1402 |
> |
fork date of February 24, 2006 and the release of FreeBSD 6.1 in May |
1403 |
> |
2006 will be merged. Beyond this, MidnightBSD will be a "real" fork and |
1404 |
> |
will not sync every little change with FreeBSD. |
1405 |
|
|
1406 |
|
20061231: |
1407 |
|
Updated COPYRIGHT for 2007. |
1686 |
|
this document. |
1687 |
|
|
1688 |
|
$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $ |
1689 |
< |
$MidnightBSD: src/UPDATING,v 1.10 2007/01/19 14:45:44 laffer1 Exp $ |
1689 |
> |
$MidnightBSD$ |