ViewVC Help

View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing

root/src/trunk/UPDATING

Comparing trunk/UPDATING (file contents):
Revision 3199 by laffer1, Sat Nov 28 22:44:36 2009 UTC vs.
Revision 7418 by laffer1, Thu Jan 14 13:13:04 2016 UTC

#	Line 1 | Line 1
1	<	Updating Information for MidnightBSD users
1	>	Updating Information for MidnightBSD users.
2
3	<	20091028:
3	>	20160114:
4	>	Fix security on bsnmpd configuration file during installation.
5	>
6	>
7	>
8	>	20160102:
9	>	Happy New Year
10	>
11	>	20151101:
12	>	Increase kern.ipc.somaxconn default to 256.
13	>
14	>	20151017:
15	>	Add initial statistics api to libmport and a driver to print
16	>	it in mport(1).
17	>
18	>	20151002:
19	>	Revised rpcbind(8) patch to fix issues with NIS
20	>
21	>	20150930:
22	>	In rpcbind(8), netbuf structures are copied directly, which would result in
23	>	two netbuf structures that reference to one shared address buffer.  When one
24	>	of the two netbuf structures is freed, access to the other netbuf structure
25	>	would result in an undefined result that may crash the rpcbind(8) daemon.
26	>
27	>	20150926:
28	>	libmport now supports @preexec, @postexec, @preunexec and @postunexec
29	>	to replace @exec and @unexec.
30	>
31	>	pre exec runs afer pre-install scripts but before actual installation
32	>
33	>	post exec runs after install but before post install scripts and
34	>	pkg message.
35	>
36	>	pre unexec runs before pre uninstall scripts
37	>
38	>	post unexec runs before de-install scripts and after file removal.
39	>
40	>	20150917:
41	>	Fix kqueue write events for files > 2GB
42	>
43	>	20150825:
44	>	kernel:
45	>	fix a security issue on amd64 where the GS segment CPU register can be changed via
46	>	userland value in kernel mode by using an IRET with #SS or #NP exceptions.
47	>
48	>	openssh:
49	>	A programming error in the privileged monitor process of the sshd(8)
50	>	service may allow the username of an already-authenticated user to be
51	>	overwritten by the unprivileged child process.
52	>
53	>	A use-after-free error in the privileged monitor process of he sshd(8)
54	>	service may be deterministically triggered by the actions of a
55	>	compromised unprivileged child process.
56	>
57	>	A use-after-free error in the session multiplexing code in the sshd(8)
58	>	service may result in unintended termination of the connection.
59	>
60	>	20150818:
61	>	expat security fix
62	>
63	>	20150815:
64	>	libc changes:
65	>	setmode(3) now returns errno consistently on error.
66	>	libc will compile without error using clang
67	>
68	>	20150814:
69	>	wait6 system call added.
70	>
71	>	date(1) now handles non numeric numbers passed to -r
72	>	like GNU coreutils for improved compatibility.
73	>
74	>	20150811:
75	>	ata(4) AMD Hudson2 SATA controller support.
76	>	Intel lynxpoint SATA.
77	>
78	>	Fix some const warnings when building several device drivers
79	>	with llvm/clang.
80	>
81	>	Sync cas(4) with FreeBSD 9-stable.
82	>
83	>	Fix some minor issues with ath(4).
84	>
85	>	20150809:
86	>	xz 5.0.8
87	>
88	>	20150808:
89	>	libmport now logs installation and removal of packages to syslog.
90	>
91	>	20150805:
92	>	routed - fix a potential security issue where traffic from outside
93	>	the network can disrupt routing.
94	>
95	>	bsd patch - fix a bug with ed(1) scripts allowing unsanitized input
96	>	to run.
97	>
98	>	20150802:
99	>	jansson 2.7 library added. (libjansson is a JSON library in C)
100	>
101	>	20150728:
102	>	Heimdal 1.5.2 (kerberos implementation)
103	>
104	>	OpenSSL 1.0.1o
105	>
106	>	cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2.
107	>
108	>	TCP Resassemly resource exhaustion bug:
109	>	There is a mistake with the introduction of VNET, which converted the
110	>	global limit on the number of segments that could belong to reassembly
111	>	queues into a per-VNET limit.  Because mbufs are allocated from a
112	>	global pool, in the presence of a sufficient number of VNETs, the
113	>	total number of mbufs attached to reassembly queues can grow to the
114	>	total number of mbufs in the system, at which point all network
115	>	traffic would cease.
116	>	Obtained from: FreeBSD 8
117	>
118	>	OpenSSH
119	>
120	>	Fix two security vulnerabilities:
121	>	OpenSSH clients does not correctly verify DNS SSHFP records when a server
122	>	offers a certificate. [CVE-2014-2653]
123	>
124	>	OpenSSH servers which are configured to allow password authentication
125	>	using PAM (default) would allow many password attempts. A bug allows
126	>	MaxAuthTries to be bypassed. [CVE-2015-5600]
127	>
128	>
129	>	Switch to bsdpatch (from FreeBSD & OpenBSD)
130	>
131	>	20150726:
132	>	BSD Sort updated
133	>
134	>	sqlite 3.8.10.2
135	>
136	>	20150725:
137	>	Import reallocarray from OpenBSD's libc.
138	>
139	>	The reallocarray() function is similar to realloc() except it operates on
140	>	nmemb members of size size and checks for integer overflow in the
141	>	calculation nmemb * size.
142	>
143	>	20150722:
144	>	Fix a bug where TCP connections transitioning to LAST_ACK
145	>	state can get stuck. This can result in a denial of service.
146	>
147	>	20150715:
148	>	libmport now supports @shell and @sample in plists. This means that
149	>	a shell port can automatically add an entry to /etc/shells and remove
150	>	it upon uninstallation. For sample files, a copy is made without the
151	>	.sample extension if one does not exist and it is removed automatically
152	>	only if the md5 hash of the two files is the same.
153	>
154	>	20150709:
155	>	flex 2.5.39
156	>
157	>	20150702:
158	>	ZFS in MidnightBSD now supports lz4 compression. You can enable it
159	>	with zfs set compression=lz4 pool/path.
160	>
161	>	Verify it's working with
162	>	zfs get compressratio pool/path
163	>	du -h -s *
164	>
165	>	Note you must write new data when turning on compression to see
166	>	changes. Existing files are not compressed.
167	>
168	>	Note: While we used the same basic implementation of lz4 that
169	>	FreeBSD and OpenZFS uses, we did not yet implement features support
170	>	and the zfs version still reports 28. This may come in a future update
171	>	to ZFS.
172	>
173	>	20150621:
174	>	libmport now automatically stops services when deleting packages.
175	>
176	>	The package must have installed an rc.d script in /usr/local/etc
177	>	for this to work. This is equivalent to running service <name> onestop
178	>
179	>	20150618:
180	>	Sendmail
181	>
182	>	With the recent changes to OpenSSL to block 512 bit certificates,
183	>	sendmail can't connect with TLS to some servers.
184	>
185	>	Increase the default size to 1024 bit for client connections to
186	>	match the server configuration.
187	>
188	>	ZFS
189	>
190	>	Added ZFS TRIM support which is enabled by default. To disable
191	>	ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf.
192	>
193	>	Creating new ZFS pools and adding new devices to existing pools
194	>	first performs a full device level TRIM which can take a significant
195	>	amount of time. The sysctl vfs.zfs.vdev.trim_on_init can be set to 0
196	>	to disable this behaviour.
197	>
198	>	ZFS TRIM requires the underlying device support BIO_DELETE which
199	>	is currently provided by methods such as ATA TRIM and SCSI UNMAP
200	>	via CAM, which are typically supported by SSD's.
201	>
202	>	Stats for ZFS TRIM can be monitored by looking at the sysctl's
203	>	under kstat.zfs.misc.zio_trim.
204	>
205	>	rc.d
206	>
207	>	Reworked handling of cleanvar and FILESYSTEMS so that FILESYSTEMS
208	>	implies everything is mounted and ready to go.
209	>
210	>	Changed how ip6addressctl maps IPv6 on startup.
211	>
212	>	20150613:
213	>	tzdata 2015d
214	>
215	>	20150612:
216	>	OpenSSL 0.9.8zg
217	>
218	>	20150419:
219	>	MidnightBSD 0.6 stable branch created. Continue 0.7
220	>	development.
221	>
222	>	20150418:
223	>	sqlite 3.8.9
224	>
225	>	20150407:
226	>	Fix two security vulnerabilities:
227	>
228	>	The previous fix for IGMP had an overflow issue. This has been corrected.
229	>
230	>	ipv6: The Neighbor Discover Protocol allows a local router to advertise a
231	>	suggested Current Hop Limit value of a link, which will replace
232	>	Current Hop Limit on an interface connected to the link on the MidnightBSD
233	>	system.
234	>
235	>	20150319:
236	>	OpenSSL 0.9.8.zf
237	>
238	>	mksh R50e
239	>
240	>	Apple mDNSResponder 561.1.1
241	>
242	>	20150306:
243	>	Upgrade OpenSSL to 0.9.8ze
244	>
245	>	20150225:
246	>	Fix two security vulnerabilities.
247	>
248	>	1. BIND servers which are configured to perform DNSSEC validation and which
249	>	are using managed keys (which occurs implicitly when using
250	>	"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
251	>	unpredictable behavior due to the use of an improperly initialized
252	>	variable.
253	>
254	>	CVE-2015-1349
255	>
256	>	2. An integer overflow in computing the size of IGMPv3 data buffer can result
257	>	in a buffer which is too small for the requested operation.
258	>
259	>	This can result in a DOS attack.
260	>
261	>	20141211:
262	>	Fix a security issue with file and libmagic that can allow
263	>	an attacker to create a denial of service attack on any
264	>	program that uses libmagic.
265	>
266	>	20141109:
267	>	Fix building perl during buildworld when the GDBM port is installed.
268	>
269	>	20141106:
270	>	tzdata 2014i
271	>
272	>	20141102:
273	>	serf 1.3.8
274	>
275	>	20141031:
276	>	tnftp 20141031 fixes a security vulnerability with tnftp,
277	>	CVE-2014-8517.
278	>
279	>	20141028:
280	>	OpenSSL 0.9.8zc
281	>
282	>	20141021:
283	>	Fix several security vulnerabilities in routed, rtsold,
284	>	and namei with respect to Capsicum sandboxes looking up
285	>	nonexistent path names and leaking memory.
286	>
287	>	The input path in routed(8) will accept queries from any source and
288	>	attempt to answer them.  However, the output path assumes that the
289	>	destination address for the response is on a directly connected
290	>	network.
291	>
292	>	Due to a missing length check in the code that handles DNS parameters,
293	>	a malformed router advertisement message can result in a stack buffer
294	>	overflow in rtsold(8).
295	>
296	>	20141011:
297	>	mksh R50d - fix field splitting regression and null
298	>	pointer dereference
299	>
300	>	xz 5.0.7
301	>
302	>	OpenSSH 6.6p1
303	>
304	>	20141004:
305	>	mksh R50c - security update for environment var bug with
306	>	foo vs foo+
307	>
308	>	20141002:
309	>	sqlite 3.8.6
310	>
311	>	sudo 1.7.8 - some issues with the current version, but we're slowly
312	>	getting up to date.
313	>
314	>	20141001:
315	>	mksh R50b
316	>
317	>	libmport now supports plist commands @dir, @owner, @group, @mode.
318	>
319	>	sudo 1.7.6p2
320	>
321	>	20140916:
322	>	Fix a security issue with TCP SYN.
323	>
324	>	When a segment with the SYN flag for an already existing connection arrives,
325	>	the TCP stack tears down the connection, bypassing a check that the
326	>	sequence number in the segment is in the expected window.
327	>
328	>	20140909:
329	>	Fixed a bug with our clearenv(3) implementation that caused segfaults
330	>	with some programs including Dovecot.
331	>
332	>	OpenSSL security patch:
333	>
334	>	The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
335	>	to consume large amounts of memory. [CVE-2014-3506]
336	>
337	>	The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
338	>	memory. [CVE-2014-3507]
339	>
340	>	A flaw in OBJ_obj2txt may cause pretty printing functions such as
341	>	X509_name_oneline, X509_name_print_ex et al. to leak some information from
342	>	the stack. [CVE-2014-3508]
343	>
344	>	OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
345	>	a denial of service attack. [CVE-2014-3510]
346	>
347	>	20140902:
348	>	We're now 0.6-CURRENT
349	>
350	>	Update USB quirks to support K70 Corsair keyboard, and several
351	>	other devices.
352	>
353	>	20140827:
354	>	Perl 5.18.2
355	>
356	>	20140728:
357	>	Jails now run shutdown scripts.
358	>
359	>	20140710:
360	>	Fix a vulnerability in the control message API. A buffer is not properly cleared
361	>	before sharing with userland.
362	>
363	>	20140701:
364	>	MKSH R50
365	>
366	>	20140630:
367	>	File 5.19
368	>
369	>	20140605:
370	>	Fix four security issues with OpenSSL
371	>
372	>	20140604:
373	>	Sendmail failed to properly set close-on-exec for open file descriptors.
374	>
375	>	ktrace page fault kernel trace entries were set to an incorrect size which resulted
376	>	in a leak of information.
377	>
378	>	20140430:
379	>	Fix a TCP reassembly bug that could result in a DOS attack
380	>	of the system. It may be possible to obtain portions
381	>	of kernel memory as well.
382	>
383	>	20140411:
384	>	Update zlib to 1.2.7
385	>
386	>	20140122:
387	>	Support for username with length 32. Previous limit was 16
388	>
389	>	20140114:
390	>	Fix two security vulnerabilities.
391	>
392	>	bsnmpd contains a stack overflow when sent certain queries.
393	>
394	>	bind 9.8 when using NSEC3-signed zones zones, will crash with special
395	>	crafted packets.
396	>
397	>	20131228:
398	>	Imported FreeBSD 9.2 usb stack (plus z87 patches from stable)
399	>
400	>	Updated em(4), igb(4) and ixgbe(4)
401	>
402	>	MidnightBSD now works with Z87 Intel chipsets.
403	>
404	>	20131207:
405	>	Remove sparc64 architecture. It hasn't been working for awhile
406	>	and it's not useful for desktops anymore.
407	>
408	>	20131205:
409	>	OpenSSH 6.4p1
410	>
411	>	20131203:
412	>	Perl 5.18.1 imported.
413	>
414	>	Update less to v458
415	>
416	>	20131130:
417	>	Remove named from base. We still include the client utilities for
418	>	now until replacements can be found.
419	>
420	>	20131004:
421	>	rarpd supports vlan(4) and has a pid flag. (from FreeBSD)
422	>
423	>	20130917:
424	>	Support for 65,536 routing tables was added.  A new fib specific
425	>	field has been added to mbuf.  This is an increase from 16.
426	>
427	>	20130910:
428	>	Security updates: (kern.osreldate 5001)
429	>
430	>	nullfs(5)
431	>
432	>	The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
433	>	check whether the source and target of the link are both in the same
434	>	nullfs instance.  It is therefore possible to create a hardlink from a
435	>	location in one nullfs instance to a file in another, as long as the
436	>	underlying (source) filesystem is the same.
437	>
438	>	ifioctl
439	>
440	>	As is commonly the case, the IPv6 and ATM network layer ioctl request
441	>	handlers are written in such a way that an unrecognized request is
442	>	passed on unmodified to the link layer, which will either handle it or
443	>	return an error code.
444	>
445	>	Network interface drivers, however, assume that the SIOCSIFADDR,
446	>	SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
447	>	handled at the network layer, and therefore do not perform input
448	>	validation or verify the caller's credentials.  Typical link-layer
449	>	actions for these requests may include marking the interface as "up"
450	>	and resetting the underlying hardware.
451	>
452	>	20130824:
453	>	Fix a bug in sendmail 8.14.7 that interferes with how it
454	>	handles AAAA records interoperating with Microsoft DNS servers.
455	>	FreeBSD has already reported this to Sendmail and a fix
456	>	will be included in the next release.
457	>
458	>	Subversion 1.8.1 is now in the base system as a static
459	>	binary.  It has limited functionality, but can be used to
460	>	checkout/commit code.  It is named svnlite.
461	>
462	>	20130822:
463	>	Fix two security vulnerabilities.
464	>
465	>	Fix an integer overflow in IP_MSFILTER (IP MULTICAST).
466	>	This could be exploited to read memory by a user process.
467	>
468	>	When initializing the SCTP state cookie being sent in INIT-ACK chunks,
469	>	a buffer allocated from the kernel stack is not completely initialized.
470	>
471	>	Import xz 5.0.4
472	>
473	>	Import sqlite 3.7.17
474	>
475	>	Import BIND 9.8.5-P2
476	>
477	>	20130814:
478	>	mksh R48 imported.
479	>
480	>	Sendmail 8.14.7 imported.
481	>
482	>	20130717:
483	>	libmport bug was fixed causing hash verification to fail.
484	>
485	>	virtio(4) imported from FreeBSD 9-stable. SCSI support not
486	>	included.
487	>
488	>	20130612:
489	>	RELENG_0_4 created for 0.4. Development continues on 0.5.
490	>
491	>	20130402:
492	>	Update BIND and OpenSSL to resolve security advisories.
493	>
494	>	20130305:
495	>	MKSH R44 imported.
496	>
497	>	20130213:
498	>	MKSH R42b imported
499	>
500	>	20130211:
501	>	MKSH R42 imported
502	>
503	>	20130125:
504	>	MKSH R41 imported
505	>
506	>	20130122:
507	>	OpenSSH 5.8p2 imported
508	>
509	>	SQLite 3.7.15.2 imported
510	>
511	>	Fixed a longstanding bug in libmport extrating new index files.
512	>
513	>	20120710:
514	>	BSD licensed sort imported from FreeBSD-CURRENT
515	>
516	>	For now, GNU sort is installed as gnusort, but it will
517	>	go away in time.
518	>
519	>	20120708:
520	>	tcsh 6.18.01 imported.
521	>
522	>	NetBSD's iconv imported.
523	>
524	>	libc gains strnlen(3), memrchr(3), stpncpy(3).
525	>
526	>	20120612:
527	>	BIND security update related to CVE-2012-1667.
528	>
529	>	Zero length resource records can cause BIND to crash resulting
530	>	in a DOS attack or information disclosure.
531	>
532	>	20120407:
533	>	mksh R40f (fixes regression)
534	>
535	>	20120328:
536	>	mksh R40e
537	>
538	>	Perl 5.14.2
539	>
540	>	20120229:
541	>	cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable.
542	>
543	>	20120209:
544	>	mDNSResponder 333.10 imported
545	>
546	>	20111227:
547	>	import raid5 module for GEOM, graid5(8)
548	>
549	>	This is experimental and known to use a lot of kernel
550	>	memory.
551	>
552	>	20111223:
553	>	telnetd: fix a root exploit from a fixed buffer that was not checked
554	>
555	>	pam: don't allow escape from policy path.  Exploitable in KDE, etc.
556	>
557	>	Fix pam_ssh module:
558	>
559	>	If the pam_ssh module is enabled, attackers may be able to gain access
560	>	to user accounts which have unencrypted SSH private keys.
561	>
562	>	This has to due with the way that openssl works.  It ignores unencrpted data.
563	>
564	>	Fix security issue with chroot and ftpd.
565	>
566	>	nsdispatch(3) doesn't know it's working in a chroot and some
567	>	operations can cause files to get reloaded causing a security
568	>	hole in things like ftpd.
569	>
570	>	20111217:
571	>	libdialog/dialog upgraded to an lgpl version. As it's not
572	>	backwardly compatable, include the old libdialog as libodialog
573	>
574	>	20111212:
575	>	mksh r40d imported
576	>
577	>	20111210:
578	>	re(4) and rl(4) updated to support new chips.
579	>
580	>	GEOM synced with FreeBSD 7-stable.
581	>
582	>	MidnightBSD GPT partition types created in sys/gpt.h and
583	>	setup in boot loader and GEOM.
584	>
585	>	amdsbwd(4) (amd watchdog for south bridge) updated to support
586	>	8xx series chipset.
587	>
588	>	20111207:
589	>	import bsd grep from FreeBSD/OpenBSD.
590	>
591	>	MK_BSD_GREP controls which grep is installed
592	>	as grep with the other as bsdgrep or gnugrep.
593	>
594	>	20111122:
595	>	mksh vR40c imported.
596	>
597	>	20111117:
598	>	BIND 9.6 ESV R5 P1
599	>
600	>	20111107:
601	>	tzdata 2011n
602	>
603	>	20111026:
604	>	mDNSResponder v320
605	>
606	>	BIND 9.6 ESV R5
607	>
608	>	20111022:
609	>	cflow 0.0.6 imported
610	>
611	>	20111020:
612	>	less v436 imported
613	>
614	>	amdsbwd(4) AMD southbridge watchdog
615	>
616	>	20111019:
617	>	awk 20110810 imported
618	>
619	>	et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but
620	>	not included in GENERIC kernel.  The kernel module needs
621	>	testing before we can include it in GENERIC.
622	>
623	>	intr_bind code ported to allow an IRQ to be bound to one
624	>	specific CPU core.
625	>
626	>	20111017:
627	>	Time Zone Data v. 2011l (Released 10 October 2011)
628	>
629	>	Updated list of countries (iso3166) to work with new timezone data.
630	>
631	>	20111015:
632	>	Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used
633	>	to control which core or group of cores can be used for a given
634	>	process. Several new system calls were added to support this
635	>	functionality in the running kernel and for 32bit binary
636	>	compatibility on amd64.
637	>
638	>	The scheduler default has been changed to ULE in i386 and
639	>	amd64.  Changes were made to both schedulers (4BSD AND ULE)
640	>	for this feature.
641	>
642	>	This work is based on Jeff Roberson's FreeBSD 7.1 patches.
643	>
644	>	20111004:
645	>	Fix a problem with unix socket handling caused by the recent
646	>	patch to unix socket path handling. This allows network
647	>	apps to work under the linuxolator again.
648	>
649	>	20111001:
650	>	Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is
651	>	now default and an environment variable must be set to use
652	>	active.
653	>
654	>	20110930:
655	>	Introduce quirks handling for several umass devices including
656	>	USB cameras.  Add workaround for Cyberpower UPS devices.
657	>
658	>	Bring in further bug fixes from FreeBSD and NetBSD for alc(4).
659	>	Stale ip/tcp header pointers are no longer used, lockups fixed
660	>	when network cable is unplugged on bootup, enable TX checksum
661	>	offloading.
662	>
663	>	Add a new man page for gcache(8), a useful geom class when
664	>	working with large raid3 sets.
665	>
666	>	Restore previous workaround for Cypress pata storage controller.
667	>
668	>	20110929:
669	>	Sync ath(4) with FreeBSD 7.3.
670	>
671	>	The following modules are no longer available, and should be
672	>	removed from loader.conf:
673	>	ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
674	>
675	>	alc(4) would hibernate when a cable was unplugged and often
676	>	required bring the interface down and up to "wake up" so that
677	>	a connection could be established.  Disable hibernation.
678	>
679	>	20110928:
680	>	Fix security issues with gzip and compress related to .Z
681	>	files that are corrupted.
682	>
683	>	Fix path validation with unix domain sockets.
684	>
685	>	20110917:
686	>	Remove dependance on mports perl for generating releases as
687	>	it's in the base system.
688	>
689	>	20110914:
690	>	Import xz 5.0.3 with liblzma 5.0.3
691	>
692	>	20110813:
693	>	synced the sparc64 GENERIC kernel configuration with amd64.
694	>
695	>	20110806:
696	>	sqlite 3.7.7.1 imported
697	>
698	>	msearch(1), libmsearch and msearch.import added.  msearch(1) provides
699	>	a full text search command line tool.  libmsearch can also be used
700	>	to build a graphical based search in the future. You can enable
701	>	index building for msearch in periodic.conf or manually run the
702	>	/usr/libexec/msearch.index tool.  Full text indexes take considerable
703	>	space in /var.  I'm using approximately 500MB currently.
704	>
705	>	Fix a long standing bug with the periodic script to check package
706	>	versions.  This will be obsolete with mport though.
707	>
708	>	20110710:
709	>	kdb_enter_why added to MidnightBSD to allow the kernel debugger to
710	>	know why it's in use and thus script can be run.
711	>
712	>	Yet another problem with the perl manifest was fixed
713	>
714	>	20110709:
715	>	cpufreq(1) is a new utility to monitor CPU frequency which may change
716	>	with use of powerd(8) and cpufreq(4).
717	>
718	>	20110612:
719	>	Update mksh to R40
720	>
721	>	Catch up ObsoleteFiles.inc to remove Perl 5.10.x.  Good to run when
722	>	updating current (cd /usr/src && make check-old)
723	>
724	>	20110528:
725	>	Fix CVE-2011-1910 in BIND 9.6.x.  This affects caching resolvers.
726	>
727	>	20110526:
728	>	newfs:
729	>	Raised the default blocksize for UFS/FFS filesystems from
730	>	16K to 32K and the default fragment size from 2K to 4K.
731	>
732	>	This should slightly imporve performance on "advanced format"
733	>	hard drives such as the WD EARS drives. Drives of this type
734	>	have emulation modes that slow down with lower sizes.  Of course
735	>	the drive must still be aligned properly when using fdisk.
736	>
737	>	20110521:
738	>	mport tool now has a deleteall command.  This can be used to remove
739	>	all packages from a system.
740	>
741	>	A few bugs with the perl 5.14 import have been fixed.
742	>
743	>	20110518:
744	>	Perl 5.14.0
745	>
746	>	20110517:
747	>	Sendmail 8.14.5
748	>
749	>	20110314:
750	>	DRM/DRI code updated to support newer video cards. (FreeBSD 7.1)
751	>
752	>	cdevpriv wrappers added
753	>
754	>	nss_mdns hack introduced to work around linking problem.
755	>
756	>	dnsextd fixed after update to mDNSResponder code.
757	>
758	>	20110308:
759	>	Introduce liblzma & xz 5.0.1 to the base system
760	>
761	>	Patch for OpenSSL security issue CVE-2011-0014.
762	>
763	>	"OSREVISION 4004"
764	>
765	>	nsswitch module for multicast dns (nss_mdns) added.
766	>
767	>	tzdata2011c
768	>
769	>	20110220:
770	>	cam(4) syncronized with FreeBSD 7.3.
771	>
772	>	20110219:
773	>	amdtemp(4) updated to support sensors framework.
774	>
775	>	20110217:
776	>	Perl 5.10.1 imported
777	>
778	>	20110216:
779	>	Introduce igb(4) and split Intel Gigabit Ethernet adapters between
780	>	igb(4) and em(4).  Newer devices use igb(4).  The code has moved
781	>	to sys/dev/e1000 for both devices in the kernel. igb(4) has
782	>	been placed in GENERIC on i386 and amd64.
783	>
784	>	Update bfe(4) to support newer devices and WOL.
785	>
786	>	20110215:
787	>	age(4) added.
788	>
789	>	20110208:
790	>	BIND 9.6.3 which fixes a bug with DNSSEC records getting added.
791	>
792	>	20110206:
793	>	eeemon(4) added to monitor Asus Eee PC.
794	>
795	>	20110205:
796	>	OpenSSH 5.7p1
797	>
798	>	GNU sort 6.9 (coreutils)
799	>
800	>	20110203:
801	>	one true awk 20100523 imported
802	>
803	>	sqlite 3.7.5
804	>
805	>	OpenSSL 0.9.8q
806	>
807	>	20110202:
808	>	tcsh 6.17.00
809	>
810	>	file 5.05
811	>
812	>	20110122:
813	>	Import it(4) and lm(4), with support for Super I/O hardware monitors. This
814	>	uses the sensors framework ported by Constantine A. Murenin (GSOC2007)
815	>
816	>	20110120:
817	>	BIND 9.6.2-P3
818	>
819	>	sudo 1.7.4-p6
820	>
821	>	20110115:
822	>	Add experimental jme(4) for Jmicron ethernet devices.
823	>
824	>	20101130:
825	>	A double free exists in the SSL client ECDH handling code, when
826	>	processing specially crafted public keys with invalid prime
827	>	numbers. [CVE-2010-2939]
828	>
829	>	20101120:
830	>	Several portions of the kernel and userland code related to UFS file
831	>	systems (and UFS2) cannot properly handle inode counts above 2^31 due
832	>	to use of int types.  Based on a patch from FreeBSD, I've modified
833	>	our UFS2 implementation to handle unsigned values for inode counts
834	>	which should allow for file systems greater than 16TB.
835	>
836	>	newfs and growfs was also modified.
837	>
838	>	20101110:
839	>	Fix a security issue with pseudofs which could result in running code in kernel
840	>	context or a kernel panic depending on system configuration.  This affects file
841	>	systems such as procfs for instance.
842	>
843	>	20101021:
844	>	sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily.
845	>	This is similar to functions present in many linux distros. The utility was
846	>	written by Devin Teske for FreeBSD.
847	>
848	>	20100920:
849	>	bzip2 security patch for integer overflow.
850	>
851	>	20100905:
852	>	MidnightBSD RELENG_0_3 branch created.  Aggressive development continues here
853	>	for 0.4.
854	>
855	>	20100902:
856	>	Fix a security issue with libutil that allows users to bypass cpu limits in
857	>	login.conf in some cases.  This combined with OpenSSH for example can allow
858	>	the user to get more resources than they're allowed.
859	>
860	>	20100822:
861	>	Import Apple's mDNSResponder (mdnsd).
862	>
863	>	20100814:
864	>	libdispatch added to MidnightBSD.  This provides functionality found in
865	>	Mac OS X's GCD.  We do not have blocks support yet.  As this code is
866	>	licensed under Apache 2, we create a new MK_APACHE option so that
867	>	it's not required for all users to run code under a license they
868	>	may not like.
869	>
870	>	20100713:
871	>	mbuf readonly fix related to sendfile(2) data corruption.
872	>
873	>	20100704:
874	>	brainfuck(1) imported from MirBSD.
875	>
876	>	20100505:
877	>	zlib 1.2.5
878	>
879	>	20100430:
880	>	Sudo 1.7.2p6 imported
881	>
882	>	20100321:
883	>	Update zlib to 1.2.4
884	>
885	>	20100319:
886	>	Removed i586 from default i386 generic kernel.
887	>
888	>	20100317:
889	>	Update to tzdata2010e (time zones).  This includes changes in
890	>	Mexico.
891	>
892	>	Add support for several newer sound cards via hda including
893	>	ATI and Realtek chipsets.
894	>
895	>	20100313:
896	>	CPU detection has been changed.  VIA Padlock detection added.
897	>
898	>	20100312:
899	>	Fix a number of bugs and compiler warnings in libmport. Handle
900	>	plus signs in paths for mport.check-fake
901	>
902	>	20100311:
903	>	mksh R39c
904	>
905	>	20100309:
906	>	Sudo 1.7.2p5
907	>
908	>	sqlite3 3.6.23
909	>
910	>	mksh R39b
911	>
912	>	libffi (ffi) 3.0.9
913	>
914	>	20100206:
915	>	WITHOUT_LIB32 is no longer needed on AMD64.  GCC was fixed to
916	>	properly pass arguments to ld.
917	>
918	>	re(4) and rl(4) have been updated to support several new
919	>	realtek chipsets.  Performance has been improved on re(4).
920	>
921	>	20100204:
922	>	Fix a bug cropping up on AMD64 MidnightBSD with sftp
923	>	segfaulting.
924	>
925	>	20100116:
926	>	Import ash changes from FreeBSD (bin/sh) 8-Stable.
927	>
928	>	BIND 9.6.1-P2
929	>
930	>	20100110:
931	>	Import Sendmail 8.14.4. Fix for SSL vulnerability.
932	>
933	>	posix_spawn(3) added to MidnightBSD libc.  Users may need to build and
934	>	install libc before doing a full buildworld when upating from 0.2 or
935	>	older current systems.
936	>
937	>	kqueue(2) was modified to support portions of libdispatch functionality.
938	>
939	>	20100106:
940	>	Bind security update.  Fix a bug with DNSSEC that causes negative
941	>	cache entries and thus a possible DNS cache poisoning attack.
942	>
943	>	Fix a bug in ZFS that can reset permissions on system crashes.
944	>
945	>	20091228:
946	>	amdtemp(4) was added.  It allows one to monitor to the temperature
947	>	of an AMD CPU such as a Phenom.
948	>
949	>	20091205:
950	>	OpenSSL security fix
951	>
952	>	The SSL version 3 and TLS protocols support session renegotiation without
953	>	cryptographically tying the new session parameters to the old parameters.
954	>
955	>	20091128:
956		OpenBSD sensors framework imported including sensorsd(8)
957
958	<	20091026:
958	>	20091126:
959		OpenNTPD 4.4 import
960
961		Update OpenSSH to 5.3p1
962
963		mksh R39
964
965	<	20091024:
965	>	20091124:
966		cpdup updated from DragonFly to 1.15
967
968		tzdata2009s updated with latest timezone data for November 2009.
#	Line 774 | Line 1726 | Contact Warner Losh if you have any questions about yo
1726		this document.
1727
1728		$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
1729	<	$MidnightBSD: src/UPDATING,v 1.71 2009/11/26 18:25:29 laffer1 Exp $
1729	>	$MidnightBSD$

Comparing trunk/UPDATING (property cvs2svn:cvs-rev):
Revision 3199 by laffer1, Sat Nov 28 22:44:36 2009 UTC vs.
Revision 7418 by laffer1, Thu Jan 14 13:13:04 2016 UTC

#	Line 1 | Line 0
1	–	1.72

Comparing trunk/UPDATING (property svn:keywords):
Revision 3199 by laffer1, Sat Nov 28 22:44:36 2009 UTC vs.
Revision 7418 by laffer1, Thu Jan 14 13:13:04 2016 UTC

#	Line 0 | Line 1
1	+	MidnightBSD=%H

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines