ViewVC Help

View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing

root/src/trunk/UPDATING

Comparing trunk/UPDATING (file contents):
Revision 2735 by laffer1, Fri Apr 3 06:28:03 2009 UTC vs.
Revision 7338 by laffer1, Wed Sep 30 13:11:05 2015 UTC

#	Line 1 | Line 1
1	<	Updating Information for MidnightBSD users
1	>	Updating Information for MidnightBSD users.
2
3	<	200090403:
3	>	20150930:
4	>	In rpcbind(8), netbuf structures are copied directly, which would result in
5	>	two netbuf structures that reference to one shared address buffer.  When one
6	>	of the two netbuf structures is freed, access to the other netbuf structure
7	>	would result in an undefined result that may crash the rpcbind(8) daemon.
8	>
9	>	20150926:
10	>	libmport now supports @preexec, @postexec, @preunexec and @postunexec
11	>	to replace @exec and @unexec.
12	>
13	>	pre exec runs afer pre-install scripts but before actual installation
14	>
15	>	post exec runs after install but before post install scripts and
16	>	pkg message.
17	>
18	>	pre unexec runs before pre uninstall scripts
19	>
20	>	post unexec runs before de-install scripts and after file removal.
21	>
22	>	20150917:
23	>	Fix kqueue write events for files > 2GB
24	>
25	>	20150825:
26	>	kernel:
27	>	fix a security issue on amd64 where the GS segment CPU register can be changed via
28	>	userland value in kernel mode by using an IRET with #SS or #NP exceptions.
29	>
30	>	openssh:
31	>	A programming error in the privileged monitor process of the sshd(8)
32	>	service may allow the username of an already-authenticated user to be
33	>	overwritten by the unprivileged child process.
34	>
35	>	A use-after-free error in the privileged monitor process of he sshd(8)
36	>	service may be deterministically triggered by the actions of a
37	>	compromised unprivileged child process.
38	>
39	>	A use-after-free error in the session multiplexing code in the sshd(8)
40	>	service may result in unintended termination of the connection.
41	>
42	>	20150818:
43	>	expat security fix
44	>
45	>	20150815:
46	>	libc changes:
47	>	setmode(3) now returns errno consistently on error.
48	>	libc will compile without error using clang
49	>
50	>	20150814:
51	>	wait6 system call added.
52	>
53	>	date(1) now handles non numeric numbers passed to -r
54	>	like GNU coreutils for improved compatibility.
55	>
56	>	20150811:
57	>	ata(4) AMD Hudson2 SATA controller support.
58	>	Intel lynxpoint SATA.
59	>
60	>	Fix some const warnings when building several device drivers
61	>	with llvm/clang.
62	>
63	>	Sync cas(4) with FreeBSD 9-stable.
64	>
65	>	Fix some minor issues with ath(4).
66	>
67	>	20150809:
68	>	xz 5.0.8
69	>
70	>	20150808:
71	>	libmport now logs installation and removal of packages to syslog.
72	>
73	>	20150805:
74	>	routed - fix a potential security issue where traffic from outside
75	>	the network can disrupt routing.
76	>
77	>	bsd patch - fix a bug with ed(1) scripts allowing unsanitized input
78	>	to run.
79	>
80	>	20150802:
81	>	jansson 2.7 library added. (libjansson is a JSON library in C)
82	>
83	>	20150728:
84	>	Heimdal 1.5.2 (kerberos implementation)
85	>
86	>	OpenSSL 1.0.1o
87	>
88	>	cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2.
89	>
90	>	TCP Resassemly resource exhaustion bug:
91	>	There is a mistake with the introduction of VNET, which converted the
92	>	global limit on the number of segments that could belong to reassembly
93	>	queues into a per-VNET limit.  Because mbufs are allocated from a
94	>	global pool, in the presence of a sufficient number of VNETs, the
95	>	total number of mbufs attached to reassembly queues can grow to the
96	>	total number of mbufs in the system, at which point all network
97	>	traffic would cease.
98	>	Obtained from: FreeBSD 8
99	>
100	>	OpenSSH
101	>
102	>	Fix two security vulnerabilities:
103	>	OpenSSH clients does not correctly verify DNS SSHFP records when a server
104	>	offers a certificate. [CVE-2014-2653]
105	>
106	>	OpenSSH servers which are configured to allow password authentication
107	>	using PAM (default) would allow many password attempts. A bug allows
108	>	MaxAuthTries to be bypassed. [CVE-2015-5600]
109	>
110	>
111	>	Switch to bsdpatch (from FreeBSD & OpenBSD)
112	>
113	>	20150726:
114	>	BSD Sort updated
115	>
116	>	sqlite 3.8.10.2
117	>
118	>	20150725:
119	>	Import reallocarray from OpenBSD's libc.
120	>
121	>	The reallocarray() function is similar to realloc() except it operates on
122	>	nmemb members of size size and checks for integer overflow in the
123	>	calculation nmemb * size.
124	>
125	>	20150722:
126	>	Fix a bug where TCP connections transitioning to LAST_ACK
127	>	state can get stuck. This can result in a denial of service.
128	>
129	>	20150715:
130	>	libmport now supports @shell and @sample in plists. This means that
131	>	a shell port can automatically add an entry to /etc/shells and remove
132	>	it upon uninstallation. For sample files, a copy is made without the
133	>	.sample extension if one does not exist and it is removed automatically
134	>	only if the md5 hash of the two files is the same.
135	>
136	>	20150709:
137	>	flex 2.5.39
138	>
139	>	20150702:
140	>	ZFS in MidnightBSD now supports lz4 compression. You can enable it
141	>	with zfs set compression=lz4 pool/path.
142	>
143	>	Verify it's working with
144	>	zfs get compressratio pool/path
145	>	du -h -s *
146	>
147	>	Note you must write new data when turning on compression to see
148	>	changes. Existing files are not compressed.
149	>
150	>	Note: While we used the same basic implementation of lz4 that
151	>	FreeBSD and OpenZFS uses, we did not yet implement features support
152	>	and the zfs version still reports 28. This may come in a future update
153	>	to ZFS.
154	>
155	>	20150621:
156	>	libmport now automatically stops services when deleting packages.
157	>
158	>	The package must have installed an rc.d script in /usr/local/etc
159	>	for this to work. This is equivalent to running service <name> onestop
160	>
161	>	20150618:
162	>	Sendmail
163	>
164	>	With the recent changes to OpenSSL to block 512 bit certificates,
165	>	sendmail can't connect with TLS to some servers.
166	>
167	>	Increase the default size to 1024 bit for client connections to
168	>	match the server configuration.
169	>
170	>	ZFS
171	>
172	>	Added ZFS TRIM support which is enabled by default. To disable
173	>	ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf.
174	>
175	>	Creating new ZFS pools and adding new devices to existing pools
176	>	first performs a full device level TRIM which can take a significant
177	>	amount of time. The sysctl vfs.zfs.vdev.trim_on_init can be set to 0
178	>	to disable this behaviour.
179	>
180	>	ZFS TRIM requires the underlying device support BIO_DELETE which
181	>	is currently provided by methods such as ATA TRIM and SCSI UNMAP
182	>	via CAM, which are typically supported by SSD's.
183	>
184	>	Stats for ZFS TRIM can be monitored by looking at the sysctl's
185	>	under kstat.zfs.misc.zio_trim.
186	>
187	>	rc.d
188	>
189	>	Reworked handling of cleanvar and FILESYSTEMS so that FILESYSTEMS
190	>	implies everything is mounted and ready to go.
191	>
192	>	Changed how ip6addressctl maps IPv6 on startup.
193	>
194	>	20150613:
195	>	tzdata 2015d
196	>
197	>	20150612:
198	>	OpenSSL 0.9.8zg
199	>
200	>	20150419:
201	>	MidnightBSD 0.6 stable branch created. Continue 0.7
202	>	development.
203	>
204	>	20150418:
205	>	sqlite 3.8.9
206	>
207	>	20150407:
208	>	Fix two security vulnerabilities:
209	>
210	>	The previous fix for IGMP had an overflow issue. This has been corrected.
211	>
212	>	ipv6: The Neighbor Discover Protocol allows a local router to advertise a
213	>	suggested Current Hop Limit value of a link, which will replace
214	>	Current Hop Limit on an interface connected to the link on the MidnightBSD
215	>	system.
216	>
217	>	20150319:
218	>	OpenSSL 0.9.8.zf
219	>
220	>	mksh R50e
221	>
222	>	Apple mDNSResponder 561.1.1
223	>
224	>	20150306:
225	>	Upgrade OpenSSL to 0.9.8ze
226	>
227	>	20150225:
228	>	Fix two security vulnerabilities.
229	>
230	>	1. BIND servers which are configured to perform DNSSEC validation and which
231	>	are using managed keys (which occurs implicitly when using
232	>	"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
233	>	unpredictable behavior due to the use of an improperly initialized
234	>	variable.
235	>
236	>	CVE-2015-1349
237	>
238	>	2. An integer overflow in computing the size of IGMPv3 data buffer can result
239	>	in a buffer which is too small for the requested operation.
240	>
241	>	This can result in a DOS attack.
242	>
243	>	20141211:
244	>	Fix a security issue with file and libmagic that can allow
245	>	an attacker to create a denial of service attack on any
246	>	program that uses libmagic.
247	>
248	>	20141109:
249	>	Fix building perl during buildworld when the GDBM port is installed.
250	>
251	>	20141106:
252	>	tzdata 2014i
253	>
254	>	20141102:
255	>	serf 1.3.8
256	>
257	>	20141031:
258	>	tnftp 20141031 fixes a security vulnerability with tnftp,
259	>	CVE-2014-8517.
260	>
261	>	20141028:
262	>	OpenSSL 0.9.8zc
263	>
264	>	20141021:
265	>	Fix several security vulnerabilities in routed, rtsold,
266	>	and namei with respect to Capsicum sandboxes looking up
267	>	nonexistent path names and leaking memory.
268	>
269	>	The input path in routed(8) will accept queries from any source and
270	>	attempt to answer them.  However, the output path assumes that the
271	>	destination address for the response is on a directly connected
272	>	network.
273	>
274	>	Due to a missing length check in the code that handles DNS parameters,
275	>	a malformed router advertisement message can result in a stack buffer
276	>	overflow in rtsold(8).
277	>
278	>	20141011:
279	>	mksh R50d - fix field splitting regression and null
280	>	pointer dereference
281	>
282	>	xz 5.0.7
283	>
284	>	OpenSSH 6.6p1
285	>
286	>	20141004:
287	>	mksh R50c - security update for environment var bug with
288	>	foo vs foo+
289	>
290	>	20141002:
291	>	sqlite 3.8.6
292	>
293	>	sudo 1.7.8 - some issues with the current version, but we're slowly
294	>	getting up to date.
295	>
296	>	20141001:
297	>	mksh R50b
298	>
299	>	libmport now supports plist commands @dir, @owner, @group, @mode.
300	>
301	>	sudo 1.7.6p2
302	>
303	>	20140916:
304	>	Fix a security issue with TCP SYN.
305	>
306	>	When a segment with the SYN flag for an already existing connection arrives,
307	>	the TCP stack tears down the connection, bypassing a check that the
308	>	sequence number in the segment is in the expected window.
309	>
310	>	20140909:
311	>	Fixed a bug with our clearenv(3) implementation that caused segfaults
312	>	with some programs including Dovecot.
313	>
314	>	OpenSSL security patch:
315	>
316	>	The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
317	>	to consume large amounts of memory. [CVE-2014-3506]
318	>
319	>	The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
320	>	memory. [CVE-2014-3507]
321	>
322	>	A flaw in OBJ_obj2txt may cause pretty printing functions such as
323	>	X509_name_oneline, X509_name_print_ex et al. to leak some information from
324	>	the stack. [CVE-2014-3508]
325	>
326	>	OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
327	>	a denial of service attack. [CVE-2014-3510]
328	>
329	>	20140902:
330	>	We're now 0.6-CURRENT
331	>
332	>	Update USB quirks to support K70 Corsair keyboard, and several
333	>	other devices.
334	>
335	>	20140827:
336	>	Perl 5.18.2
337	>
338	>	20140728:
339	>	Jails now run shutdown scripts.
340	>
341	>	20140710:
342	>	Fix a vulnerability in the control message API. A buffer is not properly cleared
343	>	before sharing with userland.
344	>
345	>	20140701:
346	>	MKSH R50
347	>
348	>	20140630:
349	>	File 5.19
350	>
351	>	20140605:
352	>	Fix four security issues with OpenSSL
353	>
354	>	20140604:
355	>	Sendmail failed to properly set close-on-exec for open file descriptors.
356	>
357	>	ktrace page fault kernel trace entries were set to an incorrect size which resulted
358	>	in a leak of information.
359	>
360	>	20140430:
361	>	Fix a TCP reassembly bug that could result in a DOS attack
362	>	of the system. It may be possible to obtain portions
363	>	of kernel memory as well.
364	>
365	>	20140411:
366	>	Update zlib to 1.2.7
367	>
368	>	20140122:
369	>	Support for username with length 32. Previous limit was 16
370	>
371	>	20140114:
372	>	Fix two security vulnerabilities.
373	>
374	>	bsnmpd contains a stack overflow when sent certain queries.
375	>
376	>	bind 9.8 when using NSEC3-signed zones zones, will crash with special
377	>	crafted packets.
378	>
379	>	20131228:
380	>	Imported FreeBSD 9.2 usb stack (plus z87 patches from stable)
381	>
382	>	Updated em(4), igb(4) and ixgbe(4)
383	>
384	>	MidnightBSD now works with Z87 Intel chipsets.
385	>
386	>	20131207:
387	>	Remove sparc64 architecture. It hasn't been working for awhile
388	>	and it's not useful for desktops anymore.
389	>
390	>	20131205:
391	>	OpenSSH 6.4p1
392	>
393	>	20131203:
394	>	Perl 5.18.1 imported.
395	>
396	>	Update less to v458
397	>
398	>	20131130:
399	>	Remove named from base. We still include the client utilities for
400	>	now until replacements can be found.
401	>
402	>	20131004:
403	>	rarpd supports vlan(4) and has a pid flag. (from FreeBSD)
404	>
405	>	20130917:
406	>	Support for 65,536 routing tables was added.  A new fib specific
407	>	field has been added to mbuf.  This is an increase from 16.
408	>
409	>	20130910:
410	>	Security updates: (kern.osreldate 5001)
411	>
412	>	nullfs(5)
413	>
414	>	The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
415	>	check whether the source and target of the link are both in the same
416	>	nullfs instance.  It is therefore possible to create a hardlink from a
417	>	location in one nullfs instance to a file in another, as long as the
418	>	underlying (source) filesystem is the same.
419	>
420	>	ifioctl
421	>
422	>	As is commonly the case, the IPv6 and ATM network layer ioctl request
423	>	handlers are written in such a way that an unrecognized request is
424	>	passed on unmodified to the link layer, which will either handle it or
425	>	return an error code.
426	>
427	>	Network interface drivers, however, assume that the SIOCSIFADDR,
428	>	SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
429	>	handled at the network layer, and therefore do not perform input
430	>	validation or verify the caller's credentials.  Typical link-layer
431	>	actions for these requests may include marking the interface as "up"
432	>	and resetting the underlying hardware.
433	>
434	>	20130824:
435	>	Fix a bug in sendmail 8.14.7 that interferes with how it
436	>	handles AAAA records interoperating with Microsoft DNS servers.
437	>	FreeBSD has already reported this to Sendmail and a fix
438	>	will be included in the next release.
439	>
440	>	Subversion 1.8.1 is now in the base system as a static
441	>	binary.  It has limited functionality, but can be used to
442	>	checkout/commit code.  It is named svnlite.
443	>
444	>	20130822:
445	>	Fix two security vulnerabilities.
446	>
447	>	Fix an integer overflow in IP_MSFILTER (IP MULTICAST).
448	>	This could be exploited to read memory by a user process.
449	>
450	>	When initializing the SCTP state cookie being sent in INIT-ACK chunks,
451	>	a buffer allocated from the kernel stack is not completely initialized.
452	>
453	>	Import xz 5.0.4
454	>
455	>	Import sqlite 3.7.17
456	>
457	>	Import BIND 9.8.5-P2
458	>
459	>	20130814:
460	>	mksh R48 imported.
461	>
462	>	Sendmail 8.14.7 imported.
463	>
464	>	20130717:
465	>	libmport bug was fixed causing hash verification to fail.
466	>
467	>	virtio(4) imported from FreeBSD 9-stable. SCSI support not
468	>	included.
469	>
470	>	20130612:
471	>	RELENG_0_4 created for 0.4. Development continues on 0.5.
472	>
473	>	20130402:
474	>	Update BIND and OpenSSL to resolve security advisories.
475	>
476	>	20130305:
477	>	MKSH R44 imported.
478	>
479	>	20130213:
480	>	MKSH R42b imported
481	>
482	>	20130211:
483	>	MKSH R42 imported
484	>
485	>	20130125:
486	>	MKSH R41 imported
487	>
488	>	20130122:
489	>	OpenSSH 5.8p2 imported
490	>
491	>	SQLite 3.7.15.2 imported
492	>
493	>	Fixed a longstanding bug in libmport extrating new index files.
494	>
495	>	20120710:
496	>	BSD licensed sort imported from FreeBSD-CURRENT
497	>
498	>	For now, GNU sort is installed as gnusort, but it will
499	>	go away in time.
500	>
501	>	20120708:
502	>	tcsh 6.18.01 imported.
503	>
504	>	NetBSD's iconv imported.
505	>
506	>	libc gains strnlen(3), memrchr(3), stpncpy(3).
507	>
508	>	20120612:
509	>	BIND security update related to CVE-2012-1667.
510	>
511	>	Zero length resource records can cause BIND to crash resulting
512	>	in a DOS attack or information disclosure.
513	>
514	>	20120407:
515	>	mksh R40f (fixes regression)
516	>
517	>	20120328:
518	>	mksh R40e
519	>
520	>	Perl 5.14.2
521	>
522	>	20120229:
523	>	cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable.
524	>
525	>	20120209:
526	>	mDNSResponder 333.10 imported
527	>
528	>	20111227:
529	>	import raid5 module for GEOM, graid5(8)
530	>
531	>	This is experimental and known to use a lot of kernel
532	>	memory.
533	>
534	>	20111223:
535	>	telnetd: fix a root exploit from a fixed buffer that was not checked
536	>
537	>	pam: don't allow escape from policy path.  Exploitable in KDE, etc.
538	>
539	>	Fix pam_ssh module:
540	>
541	>	If the pam_ssh module is enabled, attackers may be able to gain access
542	>	to user accounts which have unencrypted SSH private keys.
543	>
544	>	This has to due with the way that openssl works.  It ignores unencrpted data.
545	>
546	>	Fix security issue with chroot and ftpd.
547	>
548	>	nsdispatch(3) doesn't know it's working in a chroot and some
549	>	operations can cause files to get reloaded causing a security
550	>	hole in things like ftpd.
551	>
552	>	20111217:
553	>	libdialog/dialog upgraded to an lgpl version. As it's not
554	>	backwardly compatable, include the old libdialog as libodialog
555	>
556	>	20111212:
557	>	mksh r40d imported
558	>
559	>	20111210:
560	>	re(4) and rl(4) updated to support new chips.
561	>
562	>	GEOM synced with FreeBSD 7-stable.
563	>
564	>	MidnightBSD GPT partition types created in sys/gpt.h and
565	>	setup in boot loader and GEOM.
566	>
567	>	amdsbwd(4) (amd watchdog for south bridge) updated to support
568	>	8xx series chipset.
569	>
570	>	20111207:
571	>	import bsd grep from FreeBSD/OpenBSD.
572	>
573	>	MK_BSD_GREP controls which grep is installed
574	>	as grep with the other as bsdgrep or gnugrep.
575	>
576	>	20111122:
577	>	mksh vR40c imported.
578	>
579	>	20111117:
580	>	BIND 9.6 ESV R5 P1
581	>
582	>	20111107:
583	>	tzdata 2011n
584	>
585	>	20111026:
586	>	mDNSResponder v320
587	>
588	>	BIND 9.6 ESV R5
589	>
590	>	20111022:
591	>	cflow 0.0.6 imported
592	>
593	>	20111020:
594	>	less v436 imported
595	>
596	>	amdsbwd(4) AMD southbridge watchdog
597	>
598	>	20111019:
599	>	awk 20110810 imported
600	>
601	>	et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but
602	>	not included in GENERIC kernel.  The kernel module needs
603	>	testing before we can include it in GENERIC.
604	>
605	>	intr_bind code ported to allow an IRQ to be bound to one
606	>	specific CPU core.
607	>
608	>	20111017:
609	>	Time Zone Data v. 2011l (Released 10 October 2011)
610	>
611	>	Updated list of countries (iso3166) to work with new timezone data.
612	>
613	>	20111015:
614	>	Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used
615	>	to control which core or group of cores can be used for a given
616	>	process. Several new system calls were added to support this
617	>	functionality in the running kernel and for 32bit binary
618	>	compatibility on amd64.
619	>
620	>	The scheduler default has been changed to ULE in i386 and
621	>	amd64.  Changes were made to both schedulers (4BSD AND ULE)
622	>	for this feature.
623	>
624	>	This work is based on Jeff Roberson's FreeBSD 7.1 patches.
625	>
626	>	20111004:
627	>	Fix a problem with unix socket handling caused by the recent
628	>	patch to unix socket path handling. This allows network
629	>	apps to work under the linuxolator again.
630	>
631	>	20111001:
632	>	Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is
633	>	now default and an environment variable must be set to use
634	>	active.
635	>
636	>	20110930:
637	>	Introduce quirks handling for several umass devices including
638	>	USB cameras.  Add workaround for Cyberpower UPS devices.
639	>
640	>	Bring in further bug fixes from FreeBSD and NetBSD for alc(4).
641	>	Stale ip/tcp header pointers are no longer used, lockups fixed
642	>	when network cable is unplugged on bootup, enable TX checksum
643	>	offloading.
644	>
645	>	Add a new man page for gcache(8), a useful geom class when
646	>	working with large raid3 sets.
647	>
648	>	Restore previous workaround for Cypress pata storage controller.
649	>
650	>	20110929:
651	>	Sync ath(4) with FreeBSD 7.3.
652	>
653	>	The following modules are no longer available, and should be
654	>	removed from loader.conf:
655	>	ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
656	>
657	>	alc(4) would hibernate when a cable was unplugged and often
658	>	required bring the interface down and up to "wake up" so that
659	>	a connection could be established.  Disable hibernation.
660	>
661	>	20110928:
662	>	Fix security issues with gzip and compress related to .Z
663	>	files that are corrupted.
664	>
665	>	Fix path validation with unix domain sockets.
666	>
667	>	20110917:
668	>	Remove dependance on mports perl for generating releases as
669	>	it's in the base system.
670	>
671	>	20110914:
672	>	Import xz 5.0.3 with liblzma 5.0.3
673	>
674	>	20110813:
675	>	synced the sparc64 GENERIC kernel configuration with amd64.
676	>
677	>	20110806:
678	>	sqlite 3.7.7.1 imported
679	>
680	>	msearch(1), libmsearch and msearch.import added.  msearch(1) provides
681	>	a full text search command line tool.  libmsearch can also be used
682	>	to build a graphical based search in the future. You can enable
683	>	index building for msearch in periodic.conf or manually run the
684	>	/usr/libexec/msearch.index tool.  Full text indexes take considerable
685	>	space in /var.  I'm using approximately 500MB currently.
686	>
687	>	Fix a long standing bug with the periodic script to check package
688	>	versions.  This will be obsolete with mport though.
689	>
690	>	20110710:
691	>	kdb_enter_why added to MidnightBSD to allow the kernel debugger to
692	>	know why it's in use and thus script can be run.
693	>
694	>	Yet another problem with the perl manifest was fixed
695	>
696	>	20110709:
697	>	cpufreq(1) is a new utility to monitor CPU frequency which may change
698	>	with use of powerd(8) and cpufreq(4).
699	>
700	>	20110612:
701	>	Update mksh to R40
702	>
703	>	Catch up ObsoleteFiles.inc to remove Perl 5.10.x.  Good to run when
704	>	updating current (cd /usr/src && make check-old)
705	>
706	>	20110528:
707	>	Fix CVE-2011-1910 in BIND 9.6.x.  This affects caching resolvers.
708	>
709	>	20110526:
710	>	newfs:
711	>	Raised the default blocksize for UFS/FFS filesystems from
712	>	16K to 32K and the default fragment size from 2K to 4K.
713	>
714	>	This should slightly imporve performance on "advanced format"
715	>	hard drives such as the WD EARS drives. Drives of this type
716	>	have emulation modes that slow down with lower sizes.  Of course
717	>	the drive must still be aligned properly when using fdisk.
718	>
719	>	20110521:
720	>	mport tool now has a deleteall command.  This can be used to remove
721	>	all packages from a system.
722	>
723	>	A few bugs with the perl 5.14 import have been fixed.
724	>
725	>	20110518:
726	>	Perl 5.14.0
727	>
728	>	20110517:
729	>	Sendmail 8.14.5
730	>
731	>	20110314:
732	>	DRM/DRI code updated to support newer video cards. (FreeBSD 7.1)
733	>
734	>	cdevpriv wrappers added
735	>
736	>	nss_mdns hack introduced to work around linking problem.
737	>
738	>	dnsextd fixed after update to mDNSResponder code.
739	>
740	>	20110308:
741	>	Introduce liblzma & xz 5.0.1 to the base system
742	>
743	>	Patch for OpenSSL security issue CVE-2011-0014.
744	>
745	>	"OSREVISION 4004"
746	>
747	>	nsswitch module for multicast dns (nss_mdns) added.
748	>
749	>	tzdata2011c
750	>
751	>	20110220:
752	>	cam(4) syncronized with FreeBSD 7.3.
753	>
754	>	20110219:
755	>	amdtemp(4) updated to support sensors framework.
756	>
757	>	20110217:
758	>	Perl 5.10.1 imported
759	>
760	>	20110216:
761	>	Introduce igb(4) and split Intel Gigabit Ethernet adapters between
762	>	igb(4) and em(4).  Newer devices use igb(4).  The code has moved
763	>	to sys/dev/e1000 for both devices in the kernel. igb(4) has
764	>	been placed in GENERIC on i386 and amd64.
765	>
766	>	Update bfe(4) to support newer devices and WOL.
767	>
768	>	20110215:
769	>	age(4) added.
770	>
771	>	20110208:
772	>	BIND 9.6.3 which fixes a bug with DNSSEC records getting added.
773	>
774	>	20110206:
775	>	eeemon(4) added to monitor Asus Eee PC.
776	>
777	>	20110205:
778	>	OpenSSH 5.7p1
779	>
780	>	GNU sort 6.9 (coreutils)
781	>
782	>	20110203:
783	>	one true awk 20100523 imported
784	>
785	>	sqlite 3.7.5
786	>
787	>	OpenSSL 0.9.8q
788	>
789	>	20110202:
790	>	tcsh 6.17.00
791	>
792	>	file 5.05
793	>
794	>	20110122:
795	>	Import it(4) and lm(4), with support for Super I/O hardware monitors. This
796	>	uses the sensors framework ported by Constantine A. Murenin (GSOC2007)
797	>
798	>	20110120:
799	>	BIND 9.6.2-P3
800	>
801	>	sudo 1.7.4-p6
802	>
803	>	20110115:
804	>	Add experimental jme(4) for Jmicron ethernet devices.
805	>
806	>	20101130:
807	>	A double free exists in the SSL client ECDH handling code, when
808	>	processing specially crafted public keys with invalid prime
809	>	numbers. [CVE-2010-2939]
810	>
811	>	20101120:
812	>	Several portions of the kernel and userland code related to UFS file
813	>	systems (and UFS2) cannot properly handle inode counts above 2^31 due
814	>	to use of int types.  Based on a patch from FreeBSD, I've modified
815	>	our UFS2 implementation to handle unsigned values for inode counts
816	>	which should allow for file systems greater than 16TB.
817	>
818	>	newfs and growfs was also modified.
819	>
820	>	20101110:
821	>	Fix a security issue with pseudofs which could result in running code in kernel
822	>	context or a kernel panic depending on system configuration.  This affects file
823	>	systems such as procfs for instance.
824	>
825	>	20101021:
826	>	sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily.
827	>	This is similar to functions present in many linux distros. The utility was
828	>	written by Devin Teske for FreeBSD.
829	>
830	>	20100920:
831	>	bzip2 security patch for integer overflow.
832	>
833	>	20100905:
834	>	MidnightBSD RELENG_0_3 branch created.  Aggressive development continues here
835	>	for 0.4.
836	>
837	>	20100902:
838	>	Fix a security issue with libutil that allows users to bypass cpu limits in
839	>	login.conf in some cases.  This combined with OpenSSH for example can allow
840	>	the user to get more resources than they're allowed.
841	>
842	>	20100822:
843	>	Import Apple's mDNSResponder (mdnsd).
844	>
845	>	20100814:
846	>	libdispatch added to MidnightBSD.  This provides functionality found in
847	>	Mac OS X's GCD.  We do not have blocks support yet.  As this code is
848	>	licensed under Apache 2, we create a new MK_APACHE option so that
849	>	it's not required for all users to run code under a license they
850	>	may not like.
851	>
852	>	20100713:
853	>	mbuf readonly fix related to sendfile(2) data corruption.
854	>
855	>	20100704:
856	>	brainfuck(1) imported from MirBSD.
857	>
858	>	20100505:
859	>	zlib 1.2.5
860	>
861	>	20100430:
862	>	Sudo 1.7.2p6 imported
863	>
864	>	20100321:
865	>	Update zlib to 1.2.4
866	>
867	>	20100319:
868	>	Removed i586 from default i386 generic kernel.
869	>
870	>	20100317:
871	>	Update to tzdata2010e (time zones).  This includes changes in
872	>	Mexico.
873	>
874	>	Add support for several newer sound cards via hda including
875	>	ATI and Realtek chipsets.
876	>
877	>	20100313:
878	>	CPU detection has been changed.  VIA Padlock detection added.
879	>
880	>	20100312:
881	>	Fix a number of bugs and compiler warnings in libmport. Handle
882	>	plus signs in paths for mport.check-fake
883	>
884	>	20100311:
885	>	mksh R39c
886	>
887	>	20100309:
888	>	Sudo 1.7.2p5
889	>
890	>	sqlite3 3.6.23
891	>
892	>	mksh R39b
893	>
894	>	libffi (ffi) 3.0.9
895	>
896	>	20100206:
897	>	WITHOUT_LIB32 is no longer needed on AMD64.  GCC was fixed to
898	>	properly pass arguments to ld.
899	>
900	>	re(4) and rl(4) have been updated to support several new
901	>	realtek chipsets.  Performance has been improved on re(4).
902	>
903	>	20100204:
904	>	Fix a bug cropping up on AMD64 MidnightBSD with sftp
905	>	segfaulting.
906	>
907	>	20100116:
908	>	Import ash changes from FreeBSD (bin/sh) 8-Stable.
909	>
910	>	BIND 9.6.1-P2
911	>
912	>	20100110:
913	>	Import Sendmail 8.14.4. Fix for SSL vulnerability.
914	>
915	>	posix_spawn(3) added to MidnightBSD libc.  Users may need to build and
916	>	install libc before doing a full buildworld when upating from 0.2 or
917	>	older current systems.
918	>
919	>	kqueue(2) was modified to support portions of libdispatch functionality.
920	>
921	>	20100106:
922	>	Bind security update.  Fix a bug with DNSSEC that causes negative
923	>	cache entries and thus a possible DNS cache poisoning attack.
924	>
925	>	Fix a bug in ZFS that can reset permissions on system crashes.
926	>
927	>	20091228:
928	>	amdtemp(4) was added.  It allows one to monitor to the temperature
929	>	of an AMD CPU such as a Phenom.
930	>
931	>	20091205:
932	>	OpenSSL security fix
933	>
934	>	The SSL version 3 and TLS protocols support session renegotiation without
935	>	cryptographically tying the new session parameters to the old parameters.
936	>
937	>	20091128:
938	>	OpenBSD sensors framework imported including sensorsd(8)
939	>
940	>	20091126:
941	>	OpenNTPD 4.4 import
942	>
943	>	Update OpenSSH to 5.3p1
944	>
945	>	mksh R39
946	>
947	>	20091124:
948	>	cpdup updated from DragonFly to 1.15
949	>
950	>	tzdata2009s updated with latest timezone data for November 2009.
951	>
952	>	20091010:
953	>	amd64 users should use WITHOUT_LIB32=yes in /etc/make.conf for now
954	>	to test current.
955	>
956	>	Revert unicode filename fixes from ntfs code.  This was causing chaos
957	>	on amd64 systems.
958	>
959	>	20091006:
960	>	Update timezone data with tzdata2009n with the Pakistan and
961	>	Argentina changes.
962	>
963	>	Sync several userland utilities with versions from FreeBSD 7.0 in
964	>	sbin and usr.sbin.
965	>
966	>	20090919:
967	>	Update timezone data with tzdate2009m from September 2009.
968	>
969	>	20090729:
970	>	Patch for Bind 9 security vulnerability. a dynmaic update packet
971	>	can trigger an assertion and cause named to exit
972	>
973	>	20090606:
974	>	Remove PCC from the base system.  This compiler will not work
975	>	as a system compiler for us as we've got some userland investment
976	>	in C++ code and may have Objective-C in the future.  We're stuck
977	>	with a solution that supports these three languages at a minimum.
978	>
979	>	I had wanted to keep it as an optional compiler because it is
980	>	fast, however too many users want to try to use it for the base
981	>	system which makes no sense.
982	>
983	>	A hack was added for Cypress based usb hard drive enclosures to
984	>	the kernel.  This should cut down on commands it claims to support
985	>	but does not (at the cam layer).  Found while testing ZFS on
986	>	an external device.
987	>
988	>	20090520:
989	>	The powerd daemon no longer starts automatically to improve
990	>	compatibility with many systems.  However, there is a new
991	>	installer option in the startup section to enable it. This
992	>	makes it easier to enable for users that have working systems. I                thought it was only a problem on older hardware, but it freaks
993	>	out my new Phenom too.
994	>
995	>	20090502:
996	>	OpenSSH 5.2p1 import
997	>
998	>	ale(4) connected to the build. (kernel module only)
999	>
1000	>	20090501:
1001	>	Imported makefs utility from NetBSD/FreeBSD
1002	>
1003	>	20090422:
1004	>	OpenSSL security update
1005	>
1006	>	The function ASN1_STRING_print_ex does not properly validate the lengths
1007	>	of BMPString or UniversalString objects before attempting to print them.
1008	>
1009	>	20090415:
1010	>	Created a Symbol.map for libc/ohash symbols
1011	>
1012	>	Updated several usr/bin usr/sbin utilities.
1013	>
1014	>	Corrected a bug with Makefile.inc1 causing the bootstrap
1015	>	tools to fail.
1016	>
1017	>	20090405:
1018	>	xorg 7.4 wants to configure its input devices via hald which does not
1019	>	yet work with USB. If the keyboard/mouse does not work in xorg then
1020	>	add
1021	>	Option "AllowEmptyInput" "off"
1022	>	to your ServerLayout section.  This will cause X to use the configured
1023	>	kbd and mouse sections from your xorg.conf
1024	>
1025	>	20090403:
1026		mksh was disconnected a few day ago do to bugs with
1027		buildworld and mports.  Now, connect it back
1028		for use as /bin/sh with a conditional called
#	Line 686 | Line 1708 | Contact Warner Losh if you have any questions about yo
1708		this document.
1709
1710		$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
1711	<	$MidnightBSD: src/UPDATING,v 1.55 2009/03/29 03:14:06 laffer1 Exp $
1711	>	$MidnightBSD$

Comparing trunk/UPDATING (property cvs2svn:cvs-rev):
Revision 2735 by laffer1, Fri Apr 3 06:28:03 2009 UTC vs.
Revision 7338 by laffer1, Wed Sep 30 13:11:05 2015 UTC

#	Line 1 | Line 0
1	–	1.56

Comparing trunk/UPDATING (property svn:keywords):
Revision 2735 by laffer1, Fri Apr 3 06:28:03 2009 UTC vs.
Revision 7338 by laffer1, Wed Sep 30 13:11:05 2015 UTC

#	Line 0 | Line 1
1	+	MidnightBSD=%H

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines