ViewVC Help

View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing

root/src/trunk/UPDATING

Comparing trunk/UPDATING (file contents):
Revision 6 by laffer1, Sat Feb 25 02:38:42 2006 UTC vs.
Revision 7467 by laffer1, Thu Mar 17 12:34:11 2016 UTC

#	Line 1 | Line 1
1	<	Updating Information for FreeBSD STABLE users
1	>	Updating Information for MidnightBSD users.
2
3	<	This file is maintained and copyrighted by M. Warner Losh
4	<	<imp@village.org>.  See end of file for further details.  For commonly
5	<	done items, please see the COMMON ITEMS: section later in the file.
3	>	20160317:
4	>	OpenSSH doesn't have the luck of the Irish.
5
6	<	Items affecting the ports and packages system can be found in
7	<	/usr/ports/UPDATING.  Please read that file before running
9	<	portupgrade.
6	>	Fix a security issue with OpenSSH X11 forwarding that can allow an attacker
7	>	run shell commands on the call to xauth.
8
9	<	20060211:
10	<	An IPv6 support of ipfw was enabled by default.  If you don't
13	<	want to filter an IPv6 by ipfw, please add following line into
14	<	your ipfw rule:
9	>	20160229:
10	>	top now displays information on ZFS arc cache.
11
12	<	pass ip6 from any to any
12	>	20160228:
13	>	llvm + clang 3.3 is now the default compiler in MidnightBSD.
14
15	<	20060210:
16	<	Now most modules get their build-time options from the kernel
20	<	configuration file.  A few modules still have fixed options
21	<	due to their non-conformant implementation, but they will be
22	<	corrected eventually.  You may need to review the options of
23	<	the modules in use, explicitly specify the non-default options
24	<	in the kernel configuration file, and rebuild the kernel and
25	<	modules afterwards.
15	>	20160222:
16	>	Introduce pipe2 to linux emulation layer.
17
18	<	20060122:
19	<	/etc/rc.d/ppp-user has been renamed to /etc/rc.d/ppp.
29	<	Its /etc/rc.conf.d configuration file has been `ppp' from
30	<	the beginning, and hence there is no need to touch it.
18	>	20160114:
19	>	OpenSSL
20
21	<	20060113:
22	<	si(4)'s device files now contain the unit number.
23	<	Uses of {cua,tty}A[0-9a-f] should be replaced by {cua,tty}A0[0-9a-f].
21	>	The signature verification routines will crash with a NULL pointer dereference
22	>	if presented with an ASN.1 signature using the RSA PSS algorithm and absent
23	>	mask generation function parameter. [CVE-2015-3194]
24	>
25	>	When presented with a malformed X509_ATTRIBUTE structure, OpenSSL will leak
26	>	memory. [CVE-2015-3195]
27	>
28	>	If PSK identity hints are received by a multi-threaded client then the values
29	>	are incorrectly updated in the parent SSL_CTX structure.  [CVE-2015-3196]
30	>
31	>	Fix security on bsnmpd configuration file during installation.
32	>
33	>	TCP MD5 signature denial of service
34	>
35	>	A programming error in processing a TCP connection with both TCP_MD5SIG
36	>	and TCP_NOOPT socket options may lead to kernel crash.
37	>
38	>	SCTP
39	>
40	>	A lack of proper input checks in the ICMPv6 processing in the SCTP stack
41	>	can lead to either a failed kernel assertion or to a NULL pointer
42	>	dereference.  In either case, a kernel panic will follow.
43	>
44	>	20160102:
45	>	Happy New Year
46	>
47	>	20151101:
48	>	Increase kern.ipc.somaxconn default to 256.
49	>
50	>	20151017:
51	>	Add initial statistics api to libmport and a driver to print
52	>	it in mport(1).
53	>
54	>	20151002:
55	>	Revised rpcbind(8) patch to fix issues with NIS
56	>
57	>	20150930:
58	>	In rpcbind(8), netbuf structures are copied directly, which would result in
59	>	two netbuf structures that reference to one shared address buffer.  When one
60	>	of the two netbuf structures is freed, access to the other netbuf structure
61	>	would result in an undefined result that may crash the rpcbind(8) daemon.
62	>
63	>	20150926:
64	>	libmport now supports @preexec, @postexec, @preunexec and @postunexec
65	>	to replace @exec and @unexec.
66	>
67	>	pre exec runs afer pre-install scripts but before actual installation
68	>
69	>	post exec runs after install but before post install scripts and
70	>	pkg message.
71	>
72	>	pre unexec runs before pre uninstall scripts
73	>
74	>	post unexec runs before de-install scripts and after file removal.
75	>
76	>	20150917:
77	>	Fix kqueue write events for files > 2GB
78	>
79	>	20150825:
80	>	kernel:
81	>	fix a security issue on amd64 where the GS segment CPU register can be changed via
82	>	userland value in kernel mode by using an IRET with #SS or #NP exceptions.
83	>
84	>	openssh:
85	>	A programming error in the privileged monitor process of the sshd(8)
86	>	service may allow the username of an already-authenticated user to be
87	>	overwritten by the unprivileged child process.
88	>
89	>	A use-after-free error in the privileged monitor process of he sshd(8)
90	>	service may be deterministically triggered by the actions of a
91	>	compromised unprivileged child process.
92	>
93	>	A use-after-free error in the session multiplexing code in the sshd(8)
94	>	service may result in unintended termination of the connection.
95	>
96	>	20150818:
97	>	expat security fix
98	>
99	>	20150815:
100	>	libc changes:
101	>	setmode(3) now returns errno consistently on error.
102	>	libc will compile without error using clang
103	>
104	>	20150814:
105	>	wait6 system call added.
106	>
107	>	date(1) now handles non numeric numbers passed to -r
108	>	like GNU coreutils for improved compatibility.
109	>
110	>	20150811:
111	>	ata(4) AMD Hudson2 SATA controller support.
112	>	Intel lynxpoint SATA.
113	>
114	>	Fix some const warnings when building several device drivers
115	>	with llvm/clang.
116	>
117	>	Sync cas(4) with FreeBSD 9-stable.
118	>
119	>	Fix some minor issues with ath(4).
120	>
121	>	20150809:
122	>	xz 5.0.8
123	>
124	>	20150808:
125	>	libmport now logs installation and removal of packages to syslog.
126	>
127	>	20150805:
128	>	routed - fix a potential security issue where traffic from outside
129	>	the network can disrupt routing.
130	>
131	>	bsd patch - fix a bug with ed(1) scripts allowing unsanitized input
132	>	to run.
133	>
134	>	20150802:
135	>	jansson 2.7 library added. (libjansson is a JSON library in C)
136	>
137	>	20150728:
138	>	Heimdal 1.5.2 (kerberos implementation)
139	>
140	>	OpenSSL 1.0.1o
141	>
142	>	cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2.
143	>
144	>	TCP Resassemly resource exhaustion bug:
145	>	There is a mistake with the introduction of VNET, which converted the
146	>	global limit on the number of segments that could belong to reassembly
147	>	queues into a per-VNET limit.  Because mbufs are allocated from a
148	>	global pool, in the presence of a sufficient number of VNETs, the
149	>	total number of mbufs attached to reassembly queues can grow to the
150	>	total number of mbufs in the system, at which point all network
151	>	traffic would cease.
152	>	Obtained from: FreeBSD 8
153	>
154	>	OpenSSH
155	>
156	>	Fix two security vulnerabilities:
157	>	OpenSSH clients does not correctly verify DNS SSHFP records when a server
158	>	offers a certificate. [CVE-2014-2653]
159	>
160	>	OpenSSH servers which are configured to allow password authentication
161	>	using PAM (default) would allow many password attempts. A bug allows
162	>	MaxAuthTries to be bypassed. [CVE-2015-5600]
163	>
164	>
165	>	Switch to bsdpatch (from FreeBSD & OpenBSD)
166	>
167	>	20150726:
168	>	BSD Sort updated
169	>
170	>	sqlite 3.8.10.2
171	>
172	>	20150725:
173	>	Import reallocarray from OpenBSD's libc.
174	>
175	>	The reallocarray() function is similar to realloc() except it operates on
176	>	nmemb members of size size and checks for integer overflow in the
177	>	calculation nmemb * size.
178	>
179	>	20150722:
180	>	Fix a bug where TCP connections transitioning to LAST_ACK
181	>	state can get stuck. This can result in a denial of service.
182	>
183	>	20150715:
184	>	libmport now supports @shell and @sample in plists. This means that
185	>	a shell port can automatically add an entry to /etc/shells and remove
186	>	it upon uninstallation. For sample files, a copy is made without the
187	>	.sample extension if one does not exist and it is removed automatically
188	>	only if the md5 hash of the two files is the same.
189	>
190	>	20150709:
191	>	flex 2.5.39
192	>
193	>	20150702:
194	>	ZFS in MidnightBSD now supports lz4 compression. You can enable it
195	>	with zfs set compression=lz4 pool/path.
196	>
197	>	Verify it's working with
198	>	zfs get compressratio pool/path
199	>	du -h -s *
200	>
201	>	Note you must write new data when turning on compression to see
202	>	changes. Existing files are not compressed.
203	>
204	>	Note: While we used the same basic implementation of lz4 that
205	>	FreeBSD and OpenZFS uses, we did not yet implement features support
206	>	and the zfs version still reports 28. This may come in a future update
207	>	to ZFS.
208	>
209	>	20150621:
210	>	libmport now automatically stops services when deleting packages.
211	>
212	>	The package must have installed an rc.d script in /usr/local/etc
213	>	for this to work. This is equivalent to running service <name> onestop
214	>
215	>	20150618:
216	>	Sendmail
217	>
218	>	With the recent changes to OpenSSL to block 512 bit certificates,
219	>	sendmail can't connect with TLS to some servers.
220	>
221	>	Increase the default size to 1024 bit for client connections to
222	>	match the server configuration.
223	>
224	>	ZFS
225	>
226	>	Added ZFS TRIM support which is enabled by default. To disable
227	>	ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf.
228	>
229	>	Creating new ZFS pools and adding new devices to existing pools
230	>	first performs a full device level TRIM which can take a significant
231	>	amount of time. The sysctl vfs.zfs.vdev.trim_on_init can be set to 0
232	>	to disable this behaviour.
233	>
234	>	ZFS TRIM requires the underlying device support BIO_DELETE which
235	>	is currently provided by methods such as ATA TRIM and SCSI UNMAP
236	>	via CAM, which are typically supported by SSD's.
237	>
238	>	Stats for ZFS TRIM can be monitored by looking at the sysctl's
239	>	under kstat.zfs.misc.zio_trim.
240	>
241	>	rc.d
242	>
243	>	Reworked handling of cleanvar and FILESYSTEMS so that FILESYSTEMS
244	>	implies everything is mounted and ready to go.
245	>
246	>	Changed how ip6addressctl maps IPv6 on startup.
247	>
248	>	20150613:
249	>	tzdata 2015d
250	>
251	>	20150612:
252	>	OpenSSL 0.9.8zg
253	>
254	>	20150419:
255	>	MidnightBSD 0.6 stable branch created. Continue 0.7
256	>	development.
257	>
258	>	20150418:
259	>	sqlite 3.8.9
260	>
261	>	20150407:
262	>	Fix two security vulnerabilities:
263	>
264	>	The previous fix for IGMP had an overflow issue. This has been corrected.
265	>
266	>	ipv6: The Neighbor Discover Protocol allows a local router to advertise a
267	>	suggested Current Hop Limit value of a link, which will replace
268	>	Current Hop Limit on an interface connected to the link on the MidnightBSD
269	>	system.
270	>
271	>	20150319:
272	>	OpenSSL 0.9.8.zf
273	>
274	>	mksh R50e
275	>
276	>	Apple mDNSResponder 561.1.1
277	>
278	>	20150306:
279	>	Upgrade OpenSSL to 0.9.8ze
280	>
281	>	20150225:
282	>	Fix two security vulnerabilities.
283	>
284	>	1. BIND servers which are configured to perform DNSSEC validation and which
285	>	are using managed keys (which occurs implicitly when using
286	>	"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
287	>	unpredictable behavior due to the use of an improperly initialized
288	>	variable.
289	>
290	>	CVE-2015-1349
291	>
292	>	2. An integer overflow in computing the size of IGMPv3 data buffer can result
293	>	in a buffer which is too small for the requested operation.
294	>
295	>	This can result in a DOS attack.
296	>
297	>	20141211:
298	>	Fix a security issue with file and libmagic that can allow
299	>	an attacker to create a denial of service attack on any
300	>	program that uses libmagic.
301	>
302	>	20141109:
303	>	Fix building perl during buildworld when the GDBM port is installed.
304	>
305	>	20141106:
306	>	tzdata 2014i
307	>
308	>	20141102:
309	>	serf 1.3.8
310	>
311	>	20141031:
312	>	tnftp 20141031 fixes a security vulnerability with tnftp,
313	>	CVE-2014-8517.
314	>
315	>	20141028:
316	>	OpenSSL 0.9.8zc
317	>
318	>	20141021:
319	>	Fix several security vulnerabilities in routed, rtsold,
320	>	and namei with respect to Capsicum sandboxes looking up
321	>	nonexistent path names and leaking memory.
322	>
323	>	The input path in routed(8) will accept queries from any source and
324	>	attempt to answer them.  However, the output path assumes that the
325	>	destination address for the response is on a directly connected
326	>	network.
327	>
328	>	Due to a missing length check in the code that handles DNS parameters,
329	>	a malformed router advertisement message can result in a stack buffer
330	>	overflow in rtsold(8).
331	>
332	>	20141011:
333	>	mksh R50d - fix field splitting regression and null
334	>	pointer dereference
335	>
336	>	xz 5.0.7
337	>
338	>	OpenSSH 6.6p1
339	>
340	>	20141004:
341	>	mksh R50c - security update for environment var bug with
342	>	foo vs foo+
343	>
344	>	20141002:
345	>	sqlite 3.8.6
346	>
347	>	sudo 1.7.8 - some issues with the current version, but we're slowly
348	>	getting up to date.
349	>
350	>	20141001:
351	>	mksh R50b
352	>
353	>	libmport now supports plist commands @dir, @owner, @group, @mode.
354	>
355	>	sudo 1.7.6p2
356	>
357	>	20140916:
358	>	Fix a security issue with TCP SYN.
359	>
360	>	When a segment with the SYN flag for an already existing connection arrives,
361	>	the TCP stack tears down the connection, bypassing a check that the
362	>	sequence number in the segment is in the expected window.
363	>
364	>	20140909:
365	>	Fixed a bug with our clearenv(3) implementation that caused segfaults
366	>	with some programs including Dovecot.
367	>
368	>	OpenSSL security patch:
369	>
370	>	The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
371	>	to consume large amounts of memory. [CVE-2014-3506]
372	>
373	>	The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
374	>	memory. [CVE-2014-3507]
375	>
376	>	A flaw in OBJ_obj2txt may cause pretty printing functions such as
377	>	X509_name_oneline, X509_name_print_ex et al. to leak some information from
378	>	the stack. [CVE-2014-3508]
379	>
380	>	OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
381	>	a denial of service attack. [CVE-2014-3510]
382	>
383	>	20140902:
384	>	We're now 0.6-CURRENT
385	>
386	>	Update USB quirks to support K70 Corsair keyboard, and several
387	>	other devices.
388	>
389	>	20140827:
390	>	Perl 5.18.2
391	>
392	>	20140728:
393	>	Jails now run shutdown scripts.
394	>
395	>	20140710:
396	>	Fix a vulnerability in the control message API. A buffer is not properly cleared
397	>	before sharing with userland.
398	>
399	>	20140701:
400	>	MKSH R50
401	>
402	>	20140630:
403	>	File 5.19
404	>
405	>	20140605:
406	>	Fix four security issues with OpenSSL
407	>
408	>	20140604:
409	>	Sendmail failed to properly set close-on-exec for open file descriptors.
410	>
411	>	ktrace page fault kernel trace entries were set to an incorrect size which resulted
412	>	in a leak of information.
413	>
414	>	20140430:
415	>	Fix a TCP reassembly bug that could result in a DOS attack
416	>	of the system. It may be possible to obtain portions
417	>	of kernel memory as well.
418	>
419	>	20140411:
420	>	Update zlib to 1.2.7
421	>
422	>	20140122:
423	>	Support for username with length 32. Previous limit was 16
424	>
425	>	20140114:
426	>	Fix two security vulnerabilities.
427	>
428	>	bsnmpd contains a stack overflow when sent certain queries.
429	>
430	>	bind 9.8 when using NSEC3-signed zones zones, will crash with special
431	>	crafted packets.
432	>
433	>	20131228:
434	>	Imported FreeBSD 9.2 usb stack (plus z87 patches from stable)
435	>
436	>	Updated em(4), igb(4) and ixgbe(4)
437	>
438	>	MidnightBSD now works with Z87 Intel chipsets.
439	>
440	>	20131207:
441	>	Remove sparc64 architecture. It hasn't been working for awhile
442	>	and it's not useful for desktops anymore.
443	>
444	>	20131205:
445	>	OpenSSH 6.4p1
446	>
447	>	20131203:
448	>	Perl 5.18.1 imported.
449	>
450	>	Update less to v458
451	>
452	>	20131130:
453	>	Remove named from base. We still include the client utilities for
454	>	now until replacements can be found.
455	>
456	>	20131004:
457	>	rarpd supports vlan(4) and has a pid flag. (from FreeBSD)
458	>
459	>	20130917:
460	>	Support for 65,536 routing tables was added.  A new fib specific
461	>	field has been added to mbuf.  This is an increase from 16.
462	>
463	>	20130910:
464	>	Security updates: (kern.osreldate 5001)
465	>
466	>	nullfs(5)
467	>
468	>	The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
469	>	check whether the source and target of the link are both in the same
470	>	nullfs instance.  It is therefore possible to create a hardlink from a
471	>	location in one nullfs instance to a file in another, as long as the
472	>	underlying (source) filesystem is the same.
473	>
474	>	ifioctl
475	>
476	>	As is commonly the case, the IPv6 and ATM network layer ioctl request
477	>	handlers are written in such a way that an unrecognized request is
478	>	passed on unmodified to the link layer, which will either handle it or
479	>	return an error code.
480	>
481	>	Network interface drivers, however, assume that the SIOCSIFADDR,
482	>	SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
483	>	handled at the network layer, and therefore do not perform input
484	>	validation or verify the caller's credentials.  Typical link-layer
485	>	actions for these requests may include marking the interface as "up"
486	>	and resetting the underlying hardware.
487	>
488	>	20130824:
489	>	Fix a bug in sendmail 8.14.7 that interferes with how it
490	>	handles AAAA records interoperating with Microsoft DNS servers.
491	>	FreeBSD has already reported this to Sendmail and a fix
492	>	will be included in the next release.
493	>
494	>	Subversion 1.8.1 is now in the base system as a static
495	>	binary.  It has limited functionality, but can be used to
496	>	checkout/commit code.  It is named svnlite.
497	>
498	>	20130822:
499	>	Fix two security vulnerabilities.
500	>
501	>	Fix an integer overflow in IP_MSFILTER (IP MULTICAST).
502	>	This could be exploited to read memory by a user process.
503	>
504	>	When initializing the SCTP state cookie being sent in INIT-ACK chunks,
505	>	a buffer allocated from the kernel stack is not completely initialized.
506	>
507	>	Import xz 5.0.4
508	>
509	>	Import sqlite 3.7.17
510	>
511	>	Import BIND 9.8.5-P2
512	>
513	>	20130814:
514	>	mksh R48 imported.
515	>
516	>	Sendmail 8.14.7 imported.
517	>
518	>	20130717:
519	>	libmport bug was fixed causing hash verification to fail.
520	>
521	>	virtio(4) imported from FreeBSD 9-stable. SCSI support not
522	>	included.
523	>
524	>	20130612:
525	>	RELENG_0_4 created for 0.4. Development continues on 0.5.
526	>
527	>	20130402:
528	>	Update BIND and OpenSSL to resolve security advisories.
529	>
530	>	20130305:
531	>	MKSH R44 imported.
532	>
533	>	20130213:
534	>	MKSH R42b imported
535	>
536	>	20130211:
537	>	MKSH R42 imported
538	>
539	>	20130125:
540	>	MKSH R41 imported
541	>
542	>	20130122:
543	>	OpenSSH 5.8p2 imported
544	>
545	>	SQLite 3.7.15.2 imported
546	>
547	>	Fixed a longstanding bug in libmport extrating new index files.
548	>
549	>	20120710:
550	>	BSD licensed sort imported from FreeBSD-CURRENT
551	>
552	>	For now, GNU sort is installed as gnusort, but it will
553	>	go away in time.
554	>
555	>	20120708:
556	>	tcsh 6.18.01 imported.
557	>
558	>	NetBSD's iconv imported.
559	>
560	>	libc gains strnlen(3), memrchr(3), stpncpy(3).
561	>
562	>	20120612:
563	>	BIND security update related to CVE-2012-1667.
564	>
565	>	Zero length resource records can cause BIND to crash resulting
566	>	in a DOS attack or information disclosure.
567	>
568	>	20120407:
569	>	mksh R40f (fixes regression)
570	>
571	>	20120328:
572	>	mksh R40e
573	>
574	>	Perl 5.14.2
575	>
576	>	20120229:
577	>	cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable.
578	>
579	>	20120209:
580	>	mDNSResponder 333.10 imported
581	>
582	>	20111227:
583	>	import raid5 module for GEOM, graid5(8)
584	>
585	>	This is experimental and known to use a lot of kernel
586	>	memory.
587	>
588	>	20111223:
589	>	telnetd: fix a root exploit from a fixed buffer that was not checked
590	>
591	>	pam: don't allow escape from policy path.  Exploitable in KDE, etc.
592	>
593	>	Fix pam_ssh module:
594	>
595	>	If the pam_ssh module is enabled, attackers may be able to gain access
596	>	to user accounts which have unencrypted SSH private keys.
597	>
598	>	This has to due with the way that openssl works.  It ignores unencrpted data.
599	>
600	>	Fix security issue with chroot and ftpd.
601	>
602	>	nsdispatch(3) doesn't know it's working in a chroot and some
603	>	operations can cause files to get reloaded causing a security
604	>	hole in things like ftpd.
605	>
606	>	20111217:
607	>	libdialog/dialog upgraded to an lgpl version. As it's not
608	>	backwardly compatable, include the old libdialog as libodialog
609	>
610	>	20111212:
611	>	mksh r40d imported
612	>
613	>	20111210:
614	>	re(4) and rl(4) updated to support new chips.
615	>
616	>	GEOM synced with FreeBSD 7-stable.
617	>
618	>	MidnightBSD GPT partition types created in sys/gpt.h and
619	>	setup in boot loader and GEOM.
620	>
621	>	amdsbwd(4) (amd watchdog for south bridge) updated to support
622	>	8xx series chipset.
623	>
624	>	20111207:
625	>	import bsd grep from FreeBSD/OpenBSD.
626	>
627	>	MK_BSD_GREP controls which grep is installed
628	>	as grep with the other as bsdgrep or gnugrep.
629	>
630	>	20111122:
631	>	mksh vR40c imported.
632	>
633	>	20111117:
634	>	BIND 9.6 ESV R5 P1
635	>
636	>	20111107:
637	>	tzdata 2011n
638	>
639	>	20111026:
640	>	mDNSResponder v320
641	>
642	>	BIND 9.6 ESV R5
643	>
644	>	20111022:
645	>	cflow 0.0.6 imported
646	>
647	>	20111020:
648	>	less v436 imported
649	>
650	>	amdsbwd(4) AMD southbridge watchdog
651	>
652	>	20111019:
653	>	awk 20110810 imported
654	>
655	>	et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but
656	>	not included in GENERIC kernel.  The kernel module needs
657	>	testing before we can include it in GENERIC.
658	>
659	>	intr_bind code ported to allow an IRQ to be bound to one
660	>	specific CPU core.
661	>
662	>	20111017:
663	>	Time Zone Data v. 2011l (Released 10 October 2011)
664	>
665	>	Updated list of countries (iso3166) to work with new timezone data.
666	>
667	>	20111015:
668	>	Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used
669	>	to control which core or group of cores can be used for a given
670	>	process. Several new system calls were added to support this
671	>	functionality in the running kernel and for 32bit binary
672	>	compatibility on amd64.
673	>
674	>	The scheduler default has been changed to ULE in i386 and
675	>	amd64.  Changes were made to both schedulers (4BSD AND ULE)
676	>	for this feature.
677	>
678	>	This work is based on Jeff Roberson's FreeBSD 7.1 patches.
679	>
680	>	20111004:
681	>	Fix a problem with unix socket handling caused by the recent
682	>	patch to unix socket path handling. This allows network
683	>	apps to work under the linuxolator again.
684	>
685	>	20111001:
686	>	Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is
687	>	now default and an environment variable must be set to use
688	>	active.
689	>
690	>	20110930:
691	>	Introduce quirks handling for several umass devices including
692	>	USB cameras.  Add workaround for Cyberpower UPS devices.
693	>
694	>	Bring in further bug fixes from FreeBSD and NetBSD for alc(4).
695	>	Stale ip/tcp header pointers are no longer used, lockups fixed
696	>	when network cable is unplugged on bootup, enable TX checksum
697	>	offloading.
698	>
699	>	Add a new man page for gcache(8), a useful geom class when
700	>	working with large raid3 sets.
701	>
702	>	Restore previous workaround for Cypress pata storage controller.
703	>
704	>	20110929:
705	>	Sync ath(4) with FreeBSD 7.3.
706	>
707	>	The following modules are no longer available, and should be
708	>	removed from loader.conf:
709	>	ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
710	>
711	>	alc(4) would hibernate when a cable was unplugged and often
712	>	required bring the interface down and up to "wake up" so that
713	>	a connection could be established.  Disable hibernation.
714	>
715	>	20110928:
716	>	Fix security issues with gzip and compress related to .Z
717	>	files that are corrupted.
718	>
719	>	Fix path validation with unix domain sockets.
720	>
721	>	20110917:
722	>	Remove dependance on mports perl for generating releases as
723	>	it's in the base system.
724	>
725	>	20110914:
726	>	Import xz 5.0.3 with liblzma 5.0.3
727	>
728	>	20110813:
729	>	synced the sparc64 GENERIC kernel configuration with amd64.
730	>
731	>	20110806:
732	>	sqlite 3.7.7.1 imported
733	>
734	>	msearch(1), libmsearch and msearch.import added.  msearch(1) provides
735	>	a full text search command line tool.  libmsearch can also be used
736	>	to build a graphical based search in the future. You can enable
737	>	index building for msearch in periodic.conf or manually run the
738	>	/usr/libexec/msearch.index tool.  Full text indexes take considerable
739	>	space in /var.  I'm using approximately 500MB currently.
740	>
741	>	Fix a long standing bug with the periodic script to check package
742	>	versions.  This will be obsolete with mport though.
743	>
744	>	20110710:
745	>	kdb_enter_why added to MidnightBSD to allow the kernel debugger to
746	>	know why it's in use and thus script can be run.
747	>
748	>	Yet another problem with the perl manifest was fixed
749	>
750	>	20110709:
751	>	cpufreq(1) is a new utility to monitor CPU frequency which may change
752	>	with use of powerd(8) and cpufreq(4).
753	>
754	>	20110612:
755	>	Update mksh to R40
756	>
757	>	Catch up ObsoleteFiles.inc to remove Perl 5.10.x.  Good to run when
758	>	updating current (cd /usr/src && make check-old)
759	>
760	>	20110528:
761	>	Fix CVE-2011-1910 in BIND 9.6.x.  This affects caching resolvers.
762	>
763	>	20110526:
764	>	newfs:
765	>	Raised the default blocksize for UFS/FFS filesystems from
766	>	16K to 32K and the default fragment size from 2K to 4K.
767	>
768	>	This should slightly imporve performance on "advanced format"
769	>	hard drives such as the WD EARS drives. Drives of this type
770	>	have emulation modes that slow down with lower sizes.  Of course
771	>	the drive must still be aligned properly when using fdisk.
772	>
773	>	20110521:
774	>	mport tool now has a deleteall command.  This can be used to remove
775	>	all packages from a system.
776	>
777	>	A few bugs with the perl 5.14 import have been fixed.
778	>
779	>	20110518:
780	>	Perl 5.14.0
781	>
782	>	20110517:
783	>	Sendmail 8.14.5
784	>
785	>	20110314:
786	>	DRM/DRI code updated to support newer video cards. (FreeBSD 7.1)
787	>
788	>	cdevpriv wrappers added
789	>
790	>	nss_mdns hack introduced to work around linking problem.
791	>
792	>	dnsextd fixed after update to mDNSResponder code.
793	>
794	>	20110308:
795	>	Introduce liblzma & xz 5.0.1 to the base system
796	>
797	>	Patch for OpenSSL security issue CVE-2011-0014.
798	>
799	>	"OSREVISION 4004"
800	>
801	>	nsswitch module for multicast dns (nss_mdns) added.
802	>
803	>	tzdata2011c
804	>
805	>	20110220:
806	>	cam(4) syncronized with FreeBSD 7.3.
807	>
808	>	20110219:
809	>	amdtemp(4) updated to support sensors framework.
810	>
811	>	20110217:
812	>	Perl 5.10.1 imported
813	>
814	>	20110216:
815	>	Introduce igb(4) and split Intel Gigabit Ethernet adapters between
816	>	igb(4) and em(4).  Newer devices use igb(4).  The code has moved
817	>	to sys/dev/e1000 for both devices in the kernel. igb(4) has
818	>	been placed in GENERIC on i386 and amd64.
819	>
820	>	Update bfe(4) to support newer devices and WOL.
821	>
822	>	20110215:
823	>	age(4) added.
824	>
825	>	20110208:
826	>	BIND 9.6.3 which fixes a bug with DNSSEC records getting added.
827	>
828	>	20110206:
829	>	eeemon(4) added to monitor Asus Eee PC.
830	>
831	>	20110205:
832	>	OpenSSH 5.7p1
833	>
834	>	GNU sort 6.9 (coreutils)
835	>
836	>	20110203:
837	>	one true awk 20100523 imported
838	>
839	>	sqlite 3.7.5
840	>
841	>	OpenSSL 0.9.8q
842	>
843	>	20110202:
844	>	tcsh 6.17.00
845	>
846	>	file 5.05
847	>
848	>	20110122:
849	>	Import it(4) and lm(4), with support for Super I/O hardware monitors. This
850	>	uses the sensors framework ported by Constantine A. Murenin (GSOC2007)
851	>
852	>	20110120:
853	>	BIND 9.6.2-P3
854	>
855	>	sudo 1.7.4-p6
856	>
857	>	20110115:
858	>	Add experimental jme(4) for Jmicron ethernet devices.
859	>
860	>	20101130:
861	>	A double free exists in the SSL client ECDH handling code, when
862	>	processing specially crafted public keys with invalid prime
863	>	numbers. [CVE-2010-2939]
864	>
865	>	20101120:
866	>	Several portions of the kernel and userland code related to UFS file
867	>	systems (and UFS2) cannot properly handle inode counts above 2^31 due
868	>	to use of int types.  Based on a patch from FreeBSD, I've modified
869	>	our UFS2 implementation to handle unsigned values for inode counts
870	>	which should allow for file systems greater than 16TB.
871	>
872	>	newfs and growfs was also modified.
873	>
874	>	20101110:
875	>	Fix a security issue with pseudofs which could result in running code in kernel
876	>	context or a kernel panic depending on system configuration.  This affects file
877	>	systems such as procfs for instance.
878	>
879	>	20101021:
880	>	sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily.
881	>	This is similar to functions present in many linux distros. The utility was
882	>	written by Devin Teske for FreeBSD.
883	>
884	>	20100920:
885	>	bzip2 security patch for integer overflow.
886	>
887	>	20100905:
888	>	MidnightBSD RELENG_0_3 branch created.  Aggressive development continues here
889	>	for 0.4.
890	>
891	>	20100902:
892	>	Fix a security issue with libutil that allows users to bypass cpu limits in
893	>	login.conf in some cases.  This combined with OpenSSH for example can allow
894	>	the user to get more resources than they're allowed.
895	>
896	>	20100822:
897	>	Import Apple's mDNSResponder (mdnsd).
898	>
899	>	20100814:
900	>	libdispatch added to MidnightBSD.  This provides functionality found in
901	>	Mac OS X's GCD.  We do not have blocks support yet.  As this code is
902	>	licensed under Apache 2, we create a new MK_APACHE option so that
903	>	it's not required for all users to run code under a license they
904	>	may not like.
905	>
906	>	20100713:
907	>	mbuf readonly fix related to sendfile(2) data corruption.
908	>
909	>	20100704:
910	>	brainfuck(1) imported from MirBSD.
911	>
912	>	20100505:
913	>	zlib 1.2.5
914	>
915	>	20100430:
916	>	Sudo 1.7.2p6 imported
917	>
918	>	20100321:
919	>	Update zlib to 1.2.4
920	>
921	>	20100319:
922	>	Removed i586 from default i386 generic kernel.
923	>
924	>	20100317:
925	>	Update to tzdata2010e (time zones).  This includes changes in
926	>	Mexico.
927	>
928	>	Add support for several newer sound cards via hda including
929	>	ATI and Realtek chipsets.
930	>
931	>	20100313:
932	>	CPU detection has been changed.  VIA Padlock detection added.
933	>
934	>	20100312:
935	>	Fix a number of bugs and compiler warnings in libmport. Handle
936	>	plus signs in paths for mport.check-fake
937	>
938	>	20100311:
939	>	mksh R39c
940	>
941	>	20100309:
942	>	Sudo 1.7.2p5
943	>
944	>	sqlite3 3.6.23
945	>
946	>	mksh R39b
947	>
948	>	libffi (ffi) 3.0.9
949	>
950	>	20100206:
951	>	WITHOUT_LIB32 is no longer needed on AMD64.  GCC was fixed to
952	>	properly pass arguments to ld.
953	>
954	>	re(4) and rl(4) have been updated to support several new
955	>	realtek chipsets.  Performance has been improved on re(4).
956	>
957	>	20100204:
958	>	Fix a bug cropping up on AMD64 MidnightBSD with sftp
959	>	segfaulting.
960	>
961	>	20100116:
962	>	Import ash changes from FreeBSD (bin/sh) 8-Stable.
963	>
964	>	BIND 9.6.1-P2
965	>
966	>	20100110:
967	>	Import Sendmail 8.14.4. Fix for SSL vulnerability.
968	>
969	>	posix_spawn(3) added to MidnightBSD libc.  Users may need to build and
970	>	install libc before doing a full buildworld when upating from 0.2 or
971	>	older current systems.
972	>
973	>	kqueue(2) was modified to support portions of libdispatch functionality.
974	>
975	>	20100106:
976	>	Bind security update.  Fix a bug with DNSSEC that causes negative
977	>	cache entries and thus a possible DNS cache poisoning attack.
978	>
979	>	Fix a bug in ZFS that can reset permissions on system crashes.
980	>
981	>	20091228:
982	>	amdtemp(4) was added.  It allows one to monitor to the temperature
983	>	of an AMD CPU such as a Phenom.
984	>
985	>	20091205:
986	>	OpenSSL security fix
987	>
988	>	The SSL version 3 and TLS protocols support session renegotiation without
989	>	cryptographically tying the new session parameters to the old parameters.
990	>
991	>	20091128:
992	>	OpenBSD sensors framework imported including sensorsd(8)
993	>
994	>	20091126:
995	>	OpenNTPD 4.4 import
996	>
997	>	Update OpenSSH to 5.3p1
998	>
999	>	mksh R39
1000	>
1001	>	20091124:
1002	>	cpdup updated from DragonFly to 1.15
1003	>
1004	>	tzdata2009s updated with latest timezone data for November 2009.
1005	>
1006	>	20091010:
1007	>	amd64 users should use WITHOUT_LIB32=yes in /etc/make.conf for now
1008	>	to test current.
1009	>
1010	>	Revert unicode filename fixes from ntfs code.  This was causing chaos
1011	>	on amd64 systems.
1012	>
1013	>	20091006:
1014	>	Update timezone data with tzdata2009n with the Pakistan and
1015	>	Argentina changes.
1016	>
1017	>	Sync several userland utilities with versions from FreeBSD 7.0 in
1018	>	sbin and usr.sbin.
1019	>
1020	>	20090919:
1021	>	Update timezone data with tzdate2009m from September 2009.
1022	>
1023	>	20090729:
1024	>	Patch for Bind 9 security vulnerability. a dynmaic update packet
1025	>	can trigger an assertion and cause named to exit
1026	>
1027	>	20090606:
1028	>	Remove PCC from the base system.  This compiler will not work
1029	>	as a system compiler for us as we've got some userland investment
1030	>	in C++ code and may have Objective-C in the future.  We're stuck
1031	>	with a solution that supports these three languages at a minimum.
1032	>
1033	>	I had wanted to keep it as an optional compiler because it is
1034	>	fast, however too many users want to try to use it for the base
1035	>	system which makes no sense.
1036	>
1037	>	A hack was added for Cypress based usb hard drive enclosures to
1038	>	the kernel.  This should cut down on commands it claims to support
1039	>	but does not (at the cam layer).  Found while testing ZFS on
1040	>	an external device.
1041	>
1042	>	20090520:
1043	>	The powerd daemon no longer starts automatically to improve
1044	>	compatibility with many systems.  However, there is a new
1045	>	installer option in the startup section to enable it. This
1046	>	makes it easier to enable for users that have working systems. I                thought it was only a problem on older hardware, but it freaks
1047	>	out my new Phenom too.
1048	>
1049	>	20090502:
1050	>	OpenSSH 5.2p1 import
1051	>
1052	>	ale(4) connected to the build. (kernel module only)
1053	>
1054	>	20090501:
1055	>	Imported makefs utility from NetBSD/FreeBSD
1056	>
1057	>	20090422:
1058	>	OpenSSL security update
1059	>
1060	>	The function ASN1_STRING_print_ex does not properly validate the lengths
1061	>	of BMPString or UniversalString objects before attempting to print them.
1062	>
1063	>	20090415:
1064	>	Created a Symbol.map for libc/ohash symbols
1065	>
1066	>	Updated several usr/bin usr/sbin utilities.
1067	>
1068	>	Corrected a bug with Makefile.inc1 causing the bootstrap
1069	>	tools to fail.
1070	>
1071	>	20090405:
1072	>	xorg 7.4 wants to configure its input devices via hald which does not
1073	>	yet work with USB. If the keyboard/mouse does not work in xorg then
1074	>	add
1075	>	Option "AllowEmptyInput" "off"
1076	>	to your ServerLayout section.  This will cause X to use the configured
1077	>	kbd and mouse sections from your xorg.conf
1078	>
1079	>	20090403:
1080	>	mksh was disconnected a few day ago do to bugs with
1081	>	buildworld and mports.  Now, connect it back
1082	>	for use as /bin/sh with a conditional called
1083	>	MK_ASH.  By default, ash is the standard /bin/sh
1084	>	but we may change this later.  This will allow further
1085	>	testing by users and developers of mksh without
1086	>	causing an unpleasant default experience.  In the
1087	>	long run, we need to fix mksh compatibility.
1088	>
1089	>	20090328:
1090	>	Bring in mksh R37 from CVS. The dot.mkshrc files for root
1091	>	and skel were changed.  mksh(1) now replaces ash aka sh(1)
1092	>	as the default /bin/sh.  Please report bugs with
1093	>	ports, etc. The ash code will remain in the repo for awhile
1094	>	as I decide if we'll add something like MK_SHELL_ASH as
1095	>	an optional build parameter.
1096	>
1097	>	ahd was disconnected from the lint environment until
1098	>	the compiler bug is sorted (by updating gcc?)
1099	>
1100	>	Remove freebsd-tips from fortune files and change the
1101	>	default for login and profile.
1102	>
1103	>	20090327:
1104	>	Update libarchive to 2.5.5, tar, and add bsdcpio.
1105	>
1106	>	Also previously, ctriv has been connecting Perl 5.10
1107	>	to the build (part of os).  This will have an impact
1108	>	on mports.
1109	>
1110	>	20090325:
1111	>	Update Bind to 9.4.3-P1
1112	>
1113	>	Update mksh to R36b
1114	>
1115	>	Update tcpdump to 3.9.8, fix libpcap to work with current.
1116	>
1117	>	Update pnpinfo, sync with FreeBSD.
1118	>
1119	>	20090115:
1120	>	Fix a problem with DNSSEC and BIND.
1121	>
1122	>	20090110:
1123	>	For applications using OpenSSL for SSL connections, an invalid SSL
1124	>	certificate may be interpreted as valid.  This could for example be
1125	>	used by an attacker to perform a man-in-the-middle attack.
1126	>
1127	>	Other applications which use the OpenSSL EVP API may similarly be
1128	>	affected.
1129	>
1130	>	Stop cross site request forgery attacks in lukemftpd
1131	>
1132	>	20090104:
1133	>	Import GNU libreadline 5.2
1134	>
1135	>	20090101:
1136	>	Update time zone data to 2008i.
1137	>
1138	>	20081231:
1139	>	Correct a problem where bluetooth and netgraph sockets are not
1140	>	properly initialized.
1141	>
1142	>	Happy 2009.
1143	>
1144	>	20081206:
1145	>	Due to the massive change in the underlying system under way,
1146	>	we're naming the next release 1.0.  The sys/sys/param.h was
1147	>	changed accordingly.  ipfilter and ncurses were corrected
1148	>	using __MidnightBSD__ tests in the code.
1149	>
1150	>	The GENERIC kernel config was caught up on i386 today.  Consider
1151	>	i386 still broken, but amd64 is running again.
1152	>
1153	>	mdoc.local was updated with the new MidnightBSD version info.
1154	>
1155	>	batt(1) was rewritten in C.  It now supports several flags and
1156	>	runs about 8 times faster on my laptop.  The default output
1157	>	shows the number of minutes of battery life remaining and the
1158	>	percentage.  You can use -u to display the number of batteries or
1159	>	-c to get script friendly output.  Consult the man page for more.
1160	>
1161	>	20081204:
1162	>	Work has completed on importing ZFS, jemalloc, several
1163	>	new devices, SCTP, updated pf, a new tempfs, linuxolator 2.6 kernel
1164	>	support, improved locking for file desc., audit (openbsm),
1165	>	openssl .98e, nfe, imporved intel high def audio, midi, updated
1166	>	intel gigabit (em), support for several wifi cards (intel), ...
1167	>
1168	>	Renamed 0.3-CURRENT officially. Switched to using MidnightBSD version
1169	>	data from param.h instead of the FreeBSD version.  This means
1170	>	testing is now possible in the ports tree for the version
1171	>	and that any ports or code relying on the FreeBSD version from
1172	>	sys/sys/param.h will need to be fixed.
1173	>
1174	>	20080905:
1175	>	update nve(4) to support new hardware.
1176	>
1177	>	20080801:
1178	>	Import OpenBSM 1.0
1179	>
1180	>	Modify src/release to create 3 isos instead of 2 for packages.
1181	>
1182	>	etc/rc.d/firstboot now enables kdm, gnustep + slim and bsdstats.
1183	>
1184	>	Many ia64, alpha, powerpc items were removed.
1185	>
1186	>	The recent diffutils 2.8.7 import was fixed.
1187	>
1188	>	20080703:
1189	>	pcc was not installed properly when setting DESTDIR for live cds,
1190	>	or posibly jails.
1191	>
1192	>	20080627:
1193	>	Add firmware(9), WEP, CCMP, TKIP to GENERIC.
1194	>
1195	>	Add glabel to GENERIC.
1196	>
1197	>	Intel ICH8 mobile chipset used on some iMacs included with ata.
1198	>
1199	>	pcc connected to the build on i386. (alternative compiler)
1200	>
1201	>	ath added to GENERIC.  (Atheros wireless NICs) on amd64/i386
1202	>
1203	>	20080528:
1204	>	Sendmail 8.14.3
1205	>
1206	>	20080516:
1207	>	ssh-vulnkey allows you to look for vulnerable ssh keys that
1208	>	were generated on Debian and Ubuntu hosts over the last
1209	>	few years.  sshd can block offending keys with a configuration
1210	>	option.
1211	>
1212	>	The elf note on binaries is now set to MidnightBSD.
1213	>
1214	>	20080514:
1215	>	Fixed a number of problems with pcc.  It is not yet connected
1216	>	to the build, but usable on i386 hosts.  You may use it
1217	>	by make; make install in /usr/src/usr.bin/pcc.  It will
1218	>	install in /usr/local as some of the files conflict with
1219	>	GCC versions. __MidnightBSD__ is defined in PCC as well.
1220	>
1221	>	System headers were fixed to allow pcc to compile many binaries
1222	>	on MidnightBSD.  bin/cp will work now for instance.
1223	>
1224	>	20080430:
1225	>	__MidnightBSD__ is now defined via gcc.  This can be tested
1226	>	to determine we're running on MidnightBSD in the preprocessor.
1227	>
1228	>	20080429:
1229	>	Import bind 9.4.2 with threading
1230	>
1231	>	libpthread (KSE) and libthr are built earlier
1232
1233	<	20051230:
37	<	A lot of fixes and new features in the soundsystem. To get all
38	<	benefits, you may want to recompile mplayer (if installed) after
39	<	booting the new world.
1233	>	pcvt(4) removed!
1234
1235	<	20051222:
42	<	Bug fixes to the trimdomain(3) function in libutil may result in
43	<	slight changes to the host names appearing in log files under
44	<	relatively rare circumstances.
1235	>	Alias added for core2 cpus.
1236
1237	<	20051220:
47	<	Scripts in the local_startup directories (as defined in
48	<	/etc/defaults/rc.conf) that have the new rc.d semantics will
49	<	now be run as part of the base system rcorder. If there are
50	<	errors or problems with one of these local scripts, it could
51	<	cause boot problems. If you encounter such problems, boot in
52	<	single user mode, remove that script from the */rc.d directory.
53	<	Please report the problem to the port's maintainer, and the
54	<	freebsd-ports@freebsd.org mailing list.
1237	>	Alpha and PC98 only utilities removed from usr/sbin
1238
1239	<	20051215:
1240	<	The setkey(8) utility was moved from /usr/sbin/setkey to /sbin/setkey.
58	<	You may want to update scripts which depend on its location.
1239	>	syslogd, adduser, rmuser, mergemaster and mailwrapper have been
1240	>	improved.  See the man pages for info.
1241
1242	<	20051108:
1243	<	rp(4)'s device files now contain the unit number.
62	<	Uses of {cua,tty}R[0-9a-f] should be replaced by {cua,tty}R0[0-9a-f].
1242	>	periodic scripts will not send emails with empty message bodies.
1243	>	See mailwrapper fix.
1244
1245	<	20051101:
1246	<	FreeBSD 6.0-RELEASE
1245	>	20080410:
1246	>	Sync cpdup with DragonFly.  Add parallel transaction support and
1247	>	-l flag to line-buffer stdout and stderr.
1248
1249	<	20051001:
1250	<	kern.polling.enable sysctl MIB is now deprecated. Use ifconfig(8)
1251	<	to turn polling(4) on your interfaces.
1249	>	20080406:
1250	>	Import bzip2 1.05
1251	>	Import OpenSSH 4.9p1
1252
1253	<	20050722:
1254	<	The ai_addrlen of a struct addrinfo was changed to a socklen_t
1255	<	to conform to POSIX-2001.  This change broke an ABI
1256	<	compatibility on 64 bit architecture.  You have to recompile
75	<	userland programs that use getaddrinfo(3) on 64 bit
76	<	architecture.
1253	>	20080322:
1254	>	The default umask was changed to 022.
1255	>
1256	>	/usr/X11R6 paths were removed from several config files.
1257
1258	<	20050711:
79	<	RELENG_6 branched here.
1258	>	.mkshrc files are now installed for root.
1259
1260	<	20050629:
1261	<	The pccard_ifconfig rc.conf variable has been removed and a new
83	<	variable, ifconfig_DEFAULT has been introduced.  Unlike
84	<	pccard_ifconfig, ifconfig_DEFAULT applies to ALL interfaces that
85	<	do not have ifconfig_ifn entries rather than just those in
86	<	removable_interfaces.
1260	>	20080316:
1261	>	FIx a problem with gif0 tunnels and neighbors with IPV6.
1262
1263	<	20050616:
1264	<	Some previous versions of PAM have permitted the use of
90	<	non-absolute paths in /etc/pam.conf or /etc/pam.d/* when referring
91	<	to third party PAM modules in /usr/local/lib.  A change has been
92	<	made to require the use of absolute paths in order to avoid
93	<	ambiguity and dependence on library path configuration, which may
94	<	affect existing configurations.
1263	>	20080312:
1264	>	Add lndir from X.org.  This aides in the porting of MirPorts.
1265
1266	<	20050610:
97	<	Major changes to network interface API.  All drivers must be
98	<	recompiled.  Drivers not in the base system will need to be
99	<	updated to the new APIs.
1266	>	New OS versions were added to the mapage code (groff)
1267
1268	<	20050609:
1269	<	Changes were made to kinfo_proc in sys/user.h.  Please recompile
103	<	userland, or commands like `fstat', `pkill', `ps', `top' and `w'
104	<	will not behave correctly.
1268	>	20080310:
1269	>	Correct a buffer overflow in ppp.
1270
1271	<	The API and ABI for hwpmc(4) have changed with the addition
1272	<	of sampling support.  Please recompile lib/libpmc(3) and
108	<	usr.sbin/{pmcstat,pmccontrol}.
1271	>	20080308:
1272	>	Remove /usr/X11R6 from manpath config.
1273
1274	<	20050606:
1275	<	The OpenBSD dhclient was imported in place of the ISC dhclient
1276	<	and the network interface configuration scripts were updated
113	<	accordingly.  If you use DHCP to configure your interfaces, you
114	<	must now run devd.  Also, DNS updating was lost so you will need
115	<	to find a workaround if you use this feature.
1274	>	20080307:
1275	>	Atheros driver no longer has several options set
1276	>	which corrects building in tinderbox on all three platforms.
1277
1278	<	20050605:
1279	<	if_bridge was added to the tree. This has changed struct ifnet.
119	<	Please recompile userland and all network related modules.
1278	>	Added a new macro to sx.h which returns true if the current
1279	>	thread holds an exclusive lock on a specifix sx.
1280
1281	<	20050603:
1282	<	The n_net of a struct netent was changed to an uint32_t, and
1283	<	1st argument of getnetbyaddr() was changed to an uint32_t, to
124	<	conform to POSIX-2001.  These changes broke an ABI
125	<	compatibility on 64 bit architecture.  With these changes,
126	<	shlib major of libpcap was bumped.  You have to recompile
127	<	userland programs that use getnetbyaddr(3), getnetbyname(3),
128	<	getnetent(3) and/or libpcap on 64 bit architecture.
1281	>	Removed OS/2's HPFS file system.   It's not maintained and
1282	>	I don't know anyone using OS/2 or ecomstation these days.
1283	>	My copy is in the closet collecting dust.
1284
1285	<	20050528:
1286	<	Kernel parsing of extra options on '#!' first lines of shell
1287	<	scripts has changed.  Lines with multiple options likely will
133	<	fail after this date.  For full details, please see
134	<	http://people.freebsd.org/~gad/Updating-20050528.txt
1285	>	20080306:
1286	>	Synced tinderbox with FreeBSD.  Modified it for MidnightBSD.
1287	>	Developers can now use it to check src builds.
1288
1289	<	20050503:
1290	<	The packet filter (pf) code has been updated to OpenBSD 3.7
1291	<	Please note the changed anchor syntax and the fact that
139	<	authpf(8) now needs a mounted fdescfs(5) to function.
1289	>	20080303:
1290	>	Add mksh to /etc/shells, made some adjustments to options
1291	>	for mksh builds per suggestion upstream.
1292
1293	<	20050415:
142	<	The NO_MIXED_MODE kernel option has been removed from the i386
143	<	amd64 platforms as its use has been superceded by the new local
144	<	APIC timer code.  Any kernel config files containing this option
145	<	should be updated.
1293	>	USB HID table updated with modern hardware list.
1294
1295	<	20050227:
148	<	The on-disk format of LC_CTYPE files was changed to be machine
149	<	independent.  Please make sure NOT to use NO_CLEAN buildworld
150	<	when crossing this point. Crossing this point also requires
151	<	recompile or reinstall of all locale depended packages.
1295	>	Updated BSD family true (we're not in there yet)
1296
1297	<	20050225:
1298	<	The ifi_epoch member of struct if_data has been changed to
155	<	contain the uptime at which the interface was created or the
156	<	statistics zeroed rather then the wall clock time because
157	<	wallclock time may go backwards.  This should have no impact
158	<	unless an snmp implementation is using this value (I know of
159	<	none at this point.)
1297	>	iso3166 file updated and import of tzdata2007k for
1298	>	new time zones.
1299
1300	<	20050224:
162	<	The acpi_perf and acpi_throttle drivers are now part of the
163	<	acpi(4) main module.  They are no longer built separately.
1300	>	Updated mksh to latest version R33.
1301
1302	<	20050223:
1303	<	The layout of struct image_params has changed. You have to
1304	<	recompile all compatibility modules (linux, svr4, etc) for use
168	<	with the new kernel.
1302	>	20080228:
1303	>	Remplaced the random IP id generation code with a new
1304	>	version by Amit Klein.
1305
1306	<	20050223:
1307	<	The p4tcc driver has been merged into cpufreq(4).  This makes
172	<	"options CPU_ENABLE_TCC" obsolete.  Please load cpufreq.ko or
173	<	compile in "device cpufreq" to restore this functionality.
1306	>	20080221:
1307	>	Sendfile write only permissions fix.
1308
1309	<	20050220:
176	<	The responsibility of recomputing the file system summary of
177	<	a SoftUpdates-enabled dirty volume has been transferred to the
178	<	background fsck.  A rebuild of fsck(8) utility is recommended
179	<	if you have updated the kernel.
1309	>	Removed some HPFS and PC98 code.
1310
1311	<	To get the old behavior (recompute file system summary at mount
182	<	time), you can set vfs.ffs.compute_summary_at_mount=1 before
183	<	mounting the new volume.
1311	>	iso639 file sycned with DragonFly.
1312
1313	<	20050206:
1314	<	The cpufreq import is complete.  As part of this, the sysctls for
1315	<	acpi(4) throttling have been removed.  The power_profile script
188	<	has been updated, so you can use performance/economy_cpu_freq in
189	<	rc.conf(5) to set AC on/offline cpu frequencies.
1313	>	20080128:
1314	>	Changed NTP configuration so that ips aren't cached
1315	>	so multiple servers are used.
1316
1317	<	20050206:
192	<	NG_VERSION has been increased. Recompiling kernel (or ng_socket.ko)
193	<	requires recompiling libnetgraph and userland netgraph utilities.
1317	>	Fix an issue with fork() in libpthread.
1318
1319	<	20050114:
1320	<	Support for abbreviated forms of a number of ipfw options is
1321	<	now deprecated.  Warnings are printed to stderr indicating the
1322	<	correct full form when a match occurs.  Some abbreviations may
199	<	be supported at a later date based on user feedback.  To be
200	<	considered for support, abbreviations must be in use prior to
201	<	this commit and unlikely to be confused with current key words.
1319	>	20080121:
1320	>	Add virtualization detection to set the HZ rate
1321	>	according to a VM present.  VMWare and Parallels
1322	>	should work better like this.
1323
1324	<	20041221:
1325	<	By a popular demand, a lot of NOFOO options were renamed
205	<	to NO_FOO (see bsd.compat.mk for a full list).  The old
206	<	spellings are still supported, but will cause annoying
207	<	warnings on stderr.  Make sure you upgrade properly (see
208	<	the COMMON ITEMS: section later in this file).
1324	>	Change to full x11 install in sysinstall.  Add
1325	>	xorg 7 support.
1326
1327	<	20041219:
1328	<	Auto-loading of ancillary wlan modules such as wlan_wep has
212	<	been temporarily disabled; you need to statically configure
213	<	the modules you need into your kernel or explicitly load them
214	<	prior to use.  Specifically, if you intend to use WEP encryption
215	<	with an 802.11 device load/configure wlan_wep; if you want to
216	<	use WPA with the ath driver load/configure wlan_tkip, wlan_ccmp,
217	<	and wlan_xauth as required.
1327	>	20080115:
1328	>	Fix the handling of PTY's.  CVE-2008-0216
1329
1330	<	20041213:
1331	<	The behaviour of ppp(8) has changed slightly.  If lqr is enabled
221	<	(``enable lqr''), older versions would revert to LCP ECHO mode on
222	<	negotiation failure.  Now, ``enable echo'' is required for this
223	<	behaviour.  The ppp version number has been bumped to 3.4.2 to
224	<	reflect the change.
1330	>	20080105:
1331	>	mport delete code added, USE_MPORT_TOOLS knob aded.
1332
1333	<	20041201:
1334	<	The wlan support has been updated to split the crypto support
228	<	into separate modules.  For static WEP you must configure the
229	<	wlan_wep module in your system or build and install the module
230	<	in place where it can be loaded (the kernel will auto-load
231	<	the module when a wep key is configured).
1333	>	20080101:
1334	>	Happy New Year
1335
1336	<	20041201:
1337	<	The ath driver has been updated to split the tx rate control
235	<	algorithm into a separate module.  You need to include either
236	<	ath_rate_onoe or ath_rate_amrr when configuring the kernel.
1336	>	20071123:
1337	>	Update sendmail to 8.14.2
1338
1339	<	20041116:
1340	<	Support for systems with an 80386 CPU has been removed.  Please
240	<	use FreeBSD 5.x or earlier on systems with an 80386.
1339	>	20071120:
1340	>	Update system compiler to gcc 3.4.6.
1341
1342	<	20041110:
1343	<	We have had a hack which would mount the root filesystem
244	<	R/W if the device were named 'md*'.  As part of the vnode
245	<	work I'm doing I have had to remove this hack.  People
246	<	building systems which use preloaded MD root filesystems
247	<	may need to insert a "/sbin/mount -u -o rw /dev/md0 /" in
248	<	their /etc/rc scripts.
1342	>	20071023:
1343	>	Updated mksh to R31d.
1344
1345	<	20041104:
1346	<	FreeBSD 5.3 shipped here.
1345	>	20070911:
1346	>	Updated mksh to version R31b.
1347
1348	<	20041102:
1349	<	The size of struct tcpcb has changed again due to the removal
255	<	of RFC1644 T/TCP.  You have to recompile userland programs that
256	<	read kmem for tcp sockets directly (netstat, sockstat, etc.)
1348	>	Fixed stderr output in libpthread.  Previously it was
1349	>	written to stdout.
1350
1351	<	20041022:
1352	<	The size of struct tcpcb has changed.  You have to recompile
1353	<	userland programs that read kmem for tcp sockets directly
261	<	(netstat, sockstat, etc.)
1351	>	20070831:
1352	>	Added dot.mkshrc file to support the recent change to
1353	>	mksh from OpenBSD's ksh derived from pdksh.
1354
1355	<	20041016:
1356	<	RELENG_5 branched here.  For older entries, please see updating
1357	<	in the RELENG_5 branch.
1355	>	Added new firewall configuration.  ipfw is enabled by default
1356	>	with a "desktop" configuration.  Consult /etc/rc.firewall
1357	>	or ipfw show to see the ruleset used.  You can disable
1358	>	ipfw by setting firewall_enable="NO" in /etc/rc.conf This
1359	>	change only effects IPv4.  IPv6 does not have a firewall
1360	>	enabled by default.
1361
1362	<	COMMON ITEMS:
1362	>	20070814:
1363	>	Removed GNU tar source.  We've been using BSD tar
1364	>	for awhile.
1365
1366	<	General Notes
1367	<	-------------
271	<	Avoid using make -j when upgrading.  From time to time in the
272	<	past there have been problems using -j with buildworld and/or
273	<	installworld.  This is especially true when upgrading between
274	<	"distant" versions (eg one that cross a major release boundary
275	<	or several minor releases, or when several months have passed
276	<	on the -current branch).
1366	>	20070806:
1367	>	Finished removing umapfs and autofs from the tree.
1368
1369	<	Sometimes, obscure build problems are the result of environment
1370	<	poisoning.  This can happen because the make utility reads its
280	<	environment when searching for values for global variables.
281	<	To run your build attempts in an "environmental clean room",
282	<	prefix all make commands with 'env -i '.  See the env(1) manual
283	<	page for more details.
1369	>	20070804:
1370	>	BIND and Tcpdump have been patched for recent vulnerabilities.
1371
1372	<	Due to several updates to the build infrastructure, source
286	<	upgrades from versions prior to 5.3 no longer supported.
1372	>	We switched to BSD cpio (pax).
1373
1374	<	When upgrading from one major version to another it is generally
1375	<	best to upgrade to the latest code in the currently installed branch
290	<	first, then do an upgrade to the new branch. This is the best-tested
291	<	upgrade path, and has the highest probability of being successful.
292	<	Please try this approach before reporting problems with a major
293	<	version upgrade.
1374	>	20070719:
1375	>	Imported cpdup from DragonFly as /bin/cpdup
1376
1377	+	20070716:
1378	+	Update GNU cpio to 2.8.
1379	+
1380	+	20070410:
1381	+	cvs was updated to 1.12.13.  cvsbug was removed.
1382	+	cvs now behaves similarly to DragonFly's cvs with
1383	+	most of their local changes.
1384	+
1385	+	20070409:
1386	+	RELENG_0_1 was created. More aggresive changes will
1387	+	continue here.
1388	+
1389	+	20070406:
1390	+	Back out propolice.  propolice caused several problems
1391	+	with our threading libraries libthr and libpthread.
1392	+	curthread was often NULL after the patch and many
1393	+	multithreaded applications would crash.  We plan to
1394	+	work on either bringing in gcc 4.1 or developing a new
1395	+	patch which also corrects our threading issues later.
1396	+
1397	+	It is more important to have a stable system for our
1398	+	mport work and other projects at this time.
1399	+
1400	+	This is not a clean removal.  It is recommended that you
1401	+	have a recently SNAP CD handy.  You can either reinstall
1402	+	or perform a make buildworld and make buildkernel and
1403	+	make installkernel.  Reboot on the cd and copy the contents
1404	+	of /bin, /sbin, /lib, /libexec, and /usr/bin, /usr/sbin,
1405	+	/usr/lib, and /usr/libexec to the respective directories on
1406	+	your disk.  Then you should be able to boot into single user
1407	+	mode and run make installworld.  You will need to run
1408	+	chflags noschg on some of the files if you can't overwrite
1409	+	them.
1410	+
1411	+	You will get __guard missing errors since we had to remove
1412	+	this from libc.
1413	+
1414	+	You will need to rebuild any ports built while propolice was
1415	+	installed.
1416	+
1417	+	20070401:
1418	+	Importing propolice into MidnightBSD. Propolice is going to
1419	+	provide us with much greater security and stability in the
1420	+	long run. If upgrading from a pre-propolice system, please
1421	+	follow the these instructions:
1422	+
1423	+	cd /usr/src/lib/libc && make obj && make && make install
1424	+	cd /usr/src/gnu/usr.bin/cc && make obj && make && make install
1425	+	cd /usr/src/lib/libpthread && make obj && make && make install
1426	+	cd /usr/src/lib/libthr && make obj && make && make install
1427	+	buildworld and kernel
1428	+
1429	+	It is adviced that any mports which were installed and/or built
1430	+	prior to the propolice update also be updated. If any errors
1431	+	or issue are encounted, please contact security@midnightbsd.org
1432	+	and we will be sure to investigate and come up with an expeditious
1433	+	fix.
1434	+
1435	+	20070314:
1436	+	Remove send-pr from src.
1437	+
1438	+	Switch to NetBSD's gzip.
1439	+
1440	+	Bump MBSD minor revision.
1441	+
1442	+	20070313:
1443	+	Imported OpenSSH 4.6p1.
1444	+
1445	+	Imported FreeBSD's libarchive and updated tar to work with it.
1446	+
1447	+	Disabled debug statements cluttering up /var/log/messages for
1448	+	the tcp autobuf patch applied previously.
1449	+
1450	+	20070312:
1451	+	Synced several audio changes from FreeBSD 6.1. Removed the
1452	+	BSD Daemon files from src/share.
1453	+
1454	+	20070308:
1455	+	Added mfi which supports LSI Logic MegaRAID SAS devices including
1456	+	the Dell perc5i.
1457	+
1458	+	20070206:
1459	+	Imported OpenBSD's sudo into source. Please install
1460	+	/usr/src/usr.bin/sudo/lib first before building.
1461	+
1462	+	Those who install from a snapshot after this date
1463	+	will not be effected.
1464	+
1465	+	20070119:
1466	+	Added audit group.  Be sure to add audit to your /etc/group file
1467	+	before installing world.
1468	+
1469	+	hostapd was updated to 0.4.8.
1470	+
1471	+	An accidental commit in usr.sbin/bluetooth/hccontrol was fixed to
1472	+	unbreak world.
1473	+
1474	+	wpa_supplicant was updated.
1475	+
1476	+	For stability and compatibility reasons, it was decided that MidnightBSD
1477	+	sync with FreeBSD 6.1 Release.  Nearly every change between the original
1478	+	fork date of February 24, 2006 and the release of FreeBSD 6.1 in May
1479	+	2006 will be merged.  Beyond this, MidnightBSD will be a "real" fork and
1480	+	will not sync every little change with FreeBSD.
1481	+
1482	+	20061231:
1483	+	Updated COPYRIGHT for 2007.
1484	+
1485	+	Updated and bumped libutil after importing NetBSD efun(3) functions.
1486	+
1487	+	Added MidnightBSD_version and bumped the FreeBSD version as we've
1488	+	synced all commits between the fork and that version.  It is now safe
1489	+	to assume MidnightBSD is compatible with FreeBSD RELENG_6 from
1490	+	Feb 26, 2006.
1491	+
1492	+	Added spell(1) and deroff(1) from NetBSD.  Also added additional
1493	+	dict files to work with it. /usr/share/dict/american,
1494	+	/usr/share/dict/british and /usr/share/dict/special/math
1495	+
1496	+	Numerous man page and bug fixes.
1497	+
1498	+	20061226:
1499	+	Setup /usr/share/examples/cvsup SUPfiles for the new
1500	+	MidnightBSD CVSup server.
1501	+
1502	+	Fix a bug in burncd where it would continue forever while
1503	+	erasing CDRW media.
1504	+
1505	+	Add csup to /usr/bin.  csup is a CVSup replacement written
1506	+	in C.
1507	+
1508	+	Fixed a bug with bsnmpd build from Oct 30.
1509	+
1510	+	Corrected some race conditions and fixed a few bugs in
1511	+	geom.  Imported changes from FreeBSD RELENG_6.
1512	+
1513	+	20061225:
1514	+	Fixed a typo in src/lib/libc/sparc64/fpu/fpu_implode.c
1515	+	that caused long double to long and long long
1516	+	conversion of negative numbers to always result in -1.
1517	+
1518	+	20061221:
1519	+	Fixed acpi_battery.c to not report an ERROR if no
1520	+	batteries are present.
1521	+
1522	+	Performed some minor updates on the RL and RE NIC drivers.
1523	+	RL should no longer panic when trying to print errors.
1524	+
1525	+	Corrected a bug with TTY.
1526	+
1527	+	20061218:
1528	+	Corrected a bug with libpthread where newly created suspended
1529	+	threads don't get scheduled.
1530	+
1531	+	20061206:
1532	+	Fixed a typo with the firewire security patch.
1533	+
1534	+	20061129:
1535	+	Minor cleanups to utilities in bin.
1536	+
1537	+	Fixed msdos file system short file name behavior to match
1538	+	FreeBSD.
1539	+
1540	+	20061031:
1541	+	Updated man pages in section 7.
1542	+
1543	+	20061030:
1544	+	Updated sys/dev/drm to support intel 915 and radeon
1545	+	r300 cards properly.
1546	+
1547	+	Synced snmpd with FreeBSD-stable.
1548	+
1549	+	Fixed a bug in rm which could cause data loss.
1550	+
1551	+	20061027:
1552	+	Added Intel ICH8 and nForce 5 support to ATA. cam, mpt,
1553	+	random, kbdmux, atkbd, and usb were updated.  Changes
1554	+	to clearing registers on SSE enabled processors (i386)
1555	+	commited.
1556	+
1557	+	lukemftpd updated.
1558	+
1559	+	openssh rc script was altered which effects initial
1560	+	seeding.
1561	+
1562	+	20061014:
1563	+	Workaround for em driver problem on shared IRQ.
1564	+
1565	+	Started removal of alpha support.
1566	+
1567	+	20061013:
1568	+	ATA driver was updated.  USB/USB1/USB2 types added.
1569	+
1570	+	20061010:
1571	+	OpenSSH was updated to 4.4p1.
1572	+
1573	+	20060909:
1574	+	OpenNTPD was added to MidnightBSD.  Run make delete-old to remove
1575	+	the old ntpd daemon.
1576	+
1577	+	cat has a new option -D which allows you to timestamp output
1578	+	on a per line basis.
1579	+
1580	+	The kernel has a keyboard mux which allows you to have multiple
1581	+	keyboard connected simultaneously.  USB keyboard support was also
1582	+	improved with this patch.
1583	+
1584	+	The Intel em driver was updated.  Network performance was greatly
1585	+	increased on many systems.  Additional models are supported.
1586	+
1587	+	The ATA driver was patched to fix a potential deadlock.
1588	+
1589	+	Bind was patched to fix a potential denial of service condition.
1590	+
1591	+	20060817:
1592	+	ksh has been added to the base system.  If you previously had
1593	+	the port installed, it will be overwritten on the next buildworld.
1594	+
1595	+
1596	+
1597		To build a kernel
1598		-----------------
1599	<	If you are updating from a prior version of FreeBSD (even one just
1599	>	If you are updating from a prior version of MidnightBSD (even one just
1600		a few days old), you should follow this procedure. With a
1601		/usr/obj tree with a fresh buildworld,
1602		make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
#	Line 312 | Line 1614 | COMMON ITEMS:
1614		--------------------------------------------------------------
1615		This assumes you are already running a 6.X system.  Replace
1616		${arch} with the architecture of your machine (e.g. "i386",
1617	<	"alpha", "amd64", "ia64", "pc98", "sparc64", etc).
1617	>	"amd64", "ia64", "pc98", "sparc64", etc).
1618
1619		cd src/sys/${arch}/conf
1620		config KERNEL_NAME_HERE
#	Line 432 | Line 1734 | COMMON ITEMS:
1734		MAKEOBJDIRPREFIX must be defined in an environment variable, and
1735		not on the command line, or in /etc/make.conf.  buildworld will
1736		warn if it is improperly defined.
435	–	FORMAT:
1737
437	–	This file contains a list, in reverse chronological order, of major
438	–	breakages in tracking -STABLE.  Not all things will be listed here,
439	–	and it only starts on October 16, 2004.  Updating files can found in
440	–	previous releases if your system is older than this.
441	–
1738		Copyright information:
1739
1740		Copyright 1998-2005 M. Warner Losh.  All Rights Reserved.
#	Line 466 | Line 1762 | Contact Warner Losh if you have any questions about yo
1762		this document.
1763
1764		$FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $
1765	+	$MidnightBSD$

Comparing trunk/UPDATING (property cvs2svn:cvs-rev):
Revision 6 by laffer1, Sat Feb 25 02:38:42 2006 UTC vs.
Revision 7467 by laffer1, Thu Mar 17 12:34:11 2016 UTC

#	Line 1 | Line 0
1	–	1.1.1.2

Comparing trunk/UPDATING (property svn:keywords):
Revision 6 by laffer1, Sat Feb 25 02:38:42 2006 UTC vs.
Revision 7467 by laffer1, Thu Mar 17 12:34:11 2016 UTC

#	Line 0 | Line 1
1	+	MidnightBSD=%H

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines