Updating Information for MidnightBSD users. 20161015: libarchive 3.2.1 xz 5.2.2 20161013: Sync ZFS code with Illuminos/FreeBSD 9.2. Added support for feature flags, pool version 5000. This also includes some bug fixes and performance optimizations. 20160925: Import NetBSD vis(3) and unvis(3) as well as mtree. one-true-awk 20121220 inetd now honors kern.ipc.somaxconn value. netmap synced with FreeBSD 9.2 linuxolator now has dtrace probes. bsdgrep now correctly handles -m to exclude only one file. UFS file systems can now be resized in read-write mode due to the new write suspension feature. Basic support added for Intel Raid Recover Technology. GMIRROR & GRAID3 now mark volumes clean on shutdown earlier to help with ZFS issues. Highpoint hpt27xx now in GENERIC kernel. 20160923: Security update for OpenSSL A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. [CVE-2016-6304] An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. [CVE-2016-6303] If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. [CVE-2016-6302] The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed. [CVE-2016-2182] The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. [CVE-2016-2180] Some calculations of limits in OpenSSL have used undefined pointer arithmetic. This could cause problems with some malloc implementations. [CVE-2016-2177] Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. [CVE-2016-2178] In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. [CVE-2016-2179] A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection. [CVE-2016-2181] In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. [CVE-2016-6306] 20160918: With the addition of auditdistd(8), a new auditdistd user is now depended on during installworld. "mergemaster -p" can be used to add the user prior to installworld. The VFS KBI was changed with the merge of several nullfs optimizations and fixes. All filesystem modules must be recompiled. 20160916: The random(4) support for the VIA hardware random number generator (`PADLOCK') is no longer enabled unconditionally. Add the PADLOCK_RNG option in the custom kernel config if needed. The GENERIC kernels on i386 and amd64 do include the option, so the change only affects the custom kernel configurations. A new version of ZFS (pool version 5000) has been merged. Starting with this version the old system of ZFS pool versioning is superseded by "feature flags". This concept enables forward compatibility against certain future changes in functionality of ZFS pools. The first two read-only compatible "feature flags" for ZFS pools are "com.delphix:async_destroy" and "com.delphix:empty_bpobj". For more information read the new zpool-features(7) manual page. Please refer to the "ZFS notes" section of this file for information on upgrading boot ZFS pools. 20160906: Add support for the MosChip MCS9904 four serial ports controller. Add support for walltimestamp in DTrace. Various gdb improvments. ZFS Import the zio nop-write improvement from Illumos. To reduce I/O, nop-write omits overwriting data if the checksum (cryptographically secure) of new data matches the checksum of existing data. It also saves space if snapshots are in use. It currently works only on datasets with enabled compression, disabled deduplication and sha256 checksums. Add loader(8) tunable to enable/disable nopwrite functionality: vfs.zfs.nopwrite_enabled Introduce a new dataset aclmode setting "restricted" to protect ACL's being destroyed or corrupted by a drive-by chmod. New loader-only tunables: vfs.zfs.sync_pass_deferred_free vfs.zfs.sync_pass_dont_compress vfs.zfs.sync_pass_rewrite chkgrp(8) add support for q flag Fix problem with the Samsung 840 PRO series SSD detection. The device reports support for SATA Asynchronous Notification in its IDENTIFY data, but returns error on attempt to enable that feature. Make SATA XPT of CAM only report these errors, but not fail the device. 20160905: Add a resource limit for the total number of kqueues available to the user. Kqueue now saves the ucred of the allocating thread, to correctly decrement the counter on close. Based on FreeBSD SVN 256849 Import netcat from OpenBSD 5.2 20160904: Introduced experimental TCP sysctls starting with net.inet.tcp.experimental.initcwnd10 20160814: switched default desktop port to midnightbsd-desktop. This gives us flexibility to change it in the release after the fact. tzdata 2016a 20160811: libdispatch 210 Added quirks for several models of SSDs to enable advanced format/4k mode. List includes Samsung 830, 840, 850 and 750 series, Intel x25 and a few Toshiba models. Also added WD Red drives. Updated list of pci device vendors. Updated list of usb devices. 20160807: Implement several changes to libmport to fix some memory corruption issues. 20160806: sqlite3 3.13.0 20160805: Merged fixes for libmport that improve error handling when installing packages. Also support mkdir -p like behavior for plist entries. 20160531: Fix four security issues with MidnightBSD. The implementation of TIOCGSERIAL ioctl(2) does not clear the output struct before sending to userland in the linux emulation layer. The compat 43 stat(2) system call exposes kernel stack to userland. libarchive - CVE-2015-2304 and CVE-2013-0211 fix issues with cpio directory traversal and an integer signedness error in the archive write zip data routine. 20160528: Fixed minor issues with mined(1) and msearch(1). 20160526: Add support for Ivybridge and Haswell Intel CPUs to hwpmc(4). Fix libpmc(3) build with clang compiler. 20160519: Kernel Security updates atkbd(4) - Incorrect signedness comparison in the ioctl(2) handler allows a malicious local user to overwrite a portion of the kernel memory. Incorrect argument handling in sendmsg(2) Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. 20160505: OpenSSL security patch The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109] 20160412: 0.8 stable branch created. Continue development as 0.9. Fix several issues with wait6 system call addition. 20160409: libmport now supports two new plist formats: @(root,wheel,4775) myfile @dir(root,wheel,775) mydir On delete, absoluate paths are now handled properly. 20160317: OpenSSH doesn't have the luck of the Irish. Fix a security issue with OpenSSH X11 forwarding that can allow an attacker run shell commands on the call to xauth. Incorrect argument validation in sysarch(2) A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. Patch obtained from FreeBSD. 20160229: top now displays information on ZFS arc cache. 20160228: llvm + clang 3.3 is now the default compiler in MidnightBSD. 20160222: Introduce pipe2 to linux emulation layer. 20160114: OpenSSL The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. [CVE-2015-3194] When presented with a malformed X509_ATTRIBUTE structure, OpenSSL will leak memory. [CVE-2015-3195] If PSK identity hints are received by a multi-threaded client then the values are incorrectly updated in the parent SSL_CTX structure. [CVE-2015-3196] Fix security on bsnmpd configuration file during installation. TCP MD5 signature denial of service A programming error in processing a TCP connection with both TCP_MD5SIG and TCP_NOOPT socket options may lead to kernel crash. SCTP A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. 20160102: Happy New Year 20151101: Increase kern.ipc.somaxconn default to 256. 20151017: Add initial statistics api to libmport and a driver to print it in mport(1). 20151002: Revised rpcbind(8) patch to fix issues with NIS 20150930: In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon. 20150926: libmport now supports @preexec, @postexec, @preunexec and @postunexec to replace @exec and @unexec. pre exec runs afer pre-install scripts but before actual installation post exec runs after install but before post install scripts and pkg message. pre unexec runs before pre uninstall scripts post unexec runs before de-install scripts and after file removal. 20150917: Fix kqueue write events for files > 2GB 20150825: kernel: fix a security issue on amd64 where the GS segment CPU register can be changed via userland value in kernel mode by using an IRET with #SS or #NP exceptions. openssh: A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection. 20150818: expat security fix 20150815: libc changes: setmode(3) now returns errno consistently on error. libc will compile without error using clang 20150814: wait6 system call added. date(1) now handles non numeric numbers passed to -r like GNU coreutils for improved compatibility. 20150811: ata(4) AMD Hudson2 SATA controller support. Intel lynxpoint SATA. Fix some const warnings when building several device drivers with llvm/clang. Sync cas(4) with FreeBSD 9-stable. Fix some minor issues with ath(4). 20150809: xz 5.0.8 20150808: libmport now logs installation and removal of packages to syslog. 20150805: routed - fix a potential security issue where traffic from outside the network can disrupt routing. bsd patch - fix a bug with ed(1) scripts allowing unsanitized input to run. 20150802: jansson 2.7 library added. (libjansson is a JSON library in C) 20150728: Heimdal 1.5.2 (kerberos implementation) OpenSSL 1.0.1o cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2. TCP Resassemly resource exhaustion bug: There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. Obtained from: FreeBSD 8 OpenSSH Fix two security vulnerabilities: OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. [CVE-2014-2653] OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts. A bug allows MaxAuthTries to be bypassed. [CVE-2015-5600] Switch to bsdpatch (from FreeBSD & OpenBSD) 20150726: BSD Sort updated sqlite 3.8.10.2 20150725: Import reallocarray from OpenBSD's libc. The reallocarray() function is similar to realloc() except it operates on nmemb members of size size and checks for integer overflow in the calculation nmemb * size. 20150722: Fix a bug where TCP connections transitioning to LAST_ACK state can get stuck. This can result in a denial of service. 20150715: libmport now supports @shell and @sample in plists. This means that a shell port can automatically add an entry to /etc/shells and remove it upon uninstallation. For sample files, a copy is made without the .sample extension if one does not exist and it is removed automatically only if the md5 hash of the two files is the same. 20150709: flex 2.5.39 20150702: ZFS in MidnightBSD now supports lz4 compression. You can enable it with zfs set compression=lz4 pool/path. Verify it's working with zfs get compressratio pool/path du -h -s * Note you must write new data when turning on compression to see changes. Existing files are not compressed. Note: While we used the same basic implementation of lz4 that FreeBSD and OpenZFS uses, we did not yet implement features support and the zfs version still reports 28. This may come in a future update to ZFS. 20150621: libmport now automatically stops services when deleting packages. The package must have installed an rc.d script in /usr/local/etc for this to work. This is equivalent to running service onestop 20150618: Sendmail With the recent changes to OpenSSL to block 512 bit certificates, sendmail can't connect with TLS to some servers. Increase the default size to 1024 bit for client connections to match the server configuration. ZFS Added ZFS TRIM support which is enabled by default. To disable ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf. Creating new ZFS pools and adding new devices to existing pools first performs a full device level TRIM which can take a significant amount of time. The sysctl vfs.zfs.vdev.trim_on_init can be set to 0 to disable this behaviour. ZFS TRIM requires the underlying device support BIO_DELETE which is currently provided by methods such as ATA TRIM and SCSI UNMAP via CAM, which are typically supported by SSD's. Stats for ZFS TRIM can be monitored by looking at the sysctl's under kstat.zfs.misc.zio_trim. rc.d Reworked handling of cleanvar and FILESYSTEMS so that FILESYSTEMS implies everything is mounted and ready to go. Changed how ip6addressctl maps IPv6 on startup. 20150613: tzdata 2015d 20150612: OpenSSL 0.9.8zg 20150419: MidnightBSD 0.6 stable branch created. Continue 0.7 development. 20150418: sqlite 3.8.9 20150407: Fix two security vulnerabilities: The previous fix for IGMP had an overflow issue. This has been corrected. ipv6: The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the MidnightBSD system. 20150319: OpenSSL 0.9.8.zf mksh R50e Apple mDNSResponder 561.1.1 20150306: Upgrade OpenSSL to 0.9.8ze 20150225: Fix two security vulnerabilities. 1. BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable. CVE-2015-1349 2. An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. This can result in a DOS attack. 20141211: Fix a security issue with file and libmagic that can allow an attacker to create a denial of service attack on any program that uses libmagic. 20141109: Fix building perl during buildworld when the GDBM port is installed. 20141106: tzdata 2014i 20141102: serf 1.3.8 20141031: tnftp 20141031 fixes a security vulnerability with tnftp, CVE-2014-8517. 20141028: OpenSSL 0.9.8zc 20141021: Fix several security vulnerabilities in routed, rtsold, and namei with respect to Capsicum sandboxes looking up nonexistent path names and leaking memory. The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8). 20141011: mksh R50d - fix field splitting regression and null pointer dereference xz 5.0.7 OpenSSH 6.6p1 20141004: mksh R50c - security update for environment var bug with foo vs foo+ 20141002: sqlite 3.8.6 sudo 1.7.8 - some issues with the current version, but we're slowly getting up to date. 20141001: mksh R50b libmport now supports plist commands @dir, @owner, @group, @mode. sudo 1.7.6p2 20140916: Fix a security issue with TCP SYN. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. 20140909: Fixed a bug with our clearenv(3) implementation that caused segfaults with some programs including Dovecot. OpenSSL security patch: The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506] The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507] A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508] OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510] 20140902: We're now 0.6-CURRENT Update USB quirks to support K70 Corsair keyboard, and several other devices. 20140827: Perl 5.18.2 20140728: Jails now run shutdown scripts. 20140710: Fix a vulnerability in the control message API. A buffer is not properly cleared before sharing with userland. 20140701: MKSH R50 20140630: File 5.19 20140605: Fix four security issues with OpenSSL 20140604: Sendmail failed to properly set close-on-exec for open file descriptors. ktrace page fault kernel trace entries were set to an incorrect size which resulted in a leak of information. 20140430: Fix a TCP reassembly bug that could result in a DOS attack of the system. It may be possible to obtain portions of kernel memory as well. 20140411: Update zlib to 1.2.7 20140122: Support for username with length 32. Previous limit was 16 20140114: Fix two security vulnerabilities. bsnmpd contains a stack overflow when sent certain queries. bind 9.8 when using NSEC3-signed zones zones, will crash with special crafted packets. 20131228: Imported FreeBSD 9.2 usb stack (plus z87 patches from stable) Updated em(4), igb(4) and ixgbe(4) MidnightBSD now works with Z87 Intel chipsets. 20131207: Remove sparc64 architecture. It hasn't been working for awhile and it's not useful for desktops anymore. 20131205: OpenSSH 6.4p1 20131203: Perl 5.18.1 imported. Update less to v458 20131130: Remove named from base. We still include the client utilities for now until replacements can be found. 20131004: rarpd supports vlan(4) and has a pid flag. (from FreeBSD) 20130917: Support for 65,536 routing tables was added. A new fib specific field has been added to mbuf. This is an increase from 16. 20130910: Security updates: (kern.osreldate 5001) nullfs(5) The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the underlying (source) filesystem is the same. ifioctl As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume that the SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been handled at the network layer, and therefore do not perform input validation or verify the caller's credentials. Typical link-layer actions for these requests may include marking the interface as "up" and resetting the underlying hardware. 20130824: Fix a bug in sendmail 8.14.7 that interferes with how it handles AAAA records interoperating with Microsoft DNS servers. FreeBSD has already reported this to Sendmail and a fix will be included in the next release. Subversion 1.8.1 is now in the base system as a static binary. It has limited functionality, but can be used to checkout/commit code. It is named svnlite. 20130822: Fix two security vulnerabilities. Fix an integer overflow in IP_MSFILTER (IP MULTICAST). This could be exploited to read memory by a user process. When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Import xz 5.0.4 Import sqlite 3.7.17 Import BIND 9.8.5-P2 20130814: mksh R48 imported. Sendmail 8.14.7 imported. 20130717: libmport bug was fixed causing hash verification to fail. virtio(4) imported from FreeBSD 9-stable. SCSI support not included. 20130612: RELENG_0_4 created for 0.4. Development continues on 0.5. 20130402: Update BIND and OpenSSL to resolve security advisories. 20130305: MKSH R44 imported. 20130213: MKSH R42b imported 20130211: MKSH R42 imported 20130125: MKSH R41 imported 20130122: OpenSSH 5.8p2 imported SQLite 3.7.15.2 imported Fixed a longstanding bug in libmport extrating new index files. 20120710: BSD licensed sort imported from FreeBSD-CURRENT For now, GNU sort is installed as gnusort, but it will go away in time. 20120708: tcsh 6.18.01 imported. NetBSD's iconv imported. libc gains strnlen(3), memrchr(3), stpncpy(3). 20120612: BIND security update related to CVE-2012-1667. Zero length resource records can cause BIND to crash resulting in a DOS attack or information disclosure. 20120407: mksh R40f (fixes regression) 20120328: mksh R40e Perl 5.14.2 20120229: cpucontrol(8) and cpuctl(4) added from FreeBSD 7-stable. 20120209: mDNSResponder 333.10 imported 20111227: import raid5 module for GEOM, graid5(8) This is experimental and known to use a lot of kernel memory. 20111223: telnetd: fix a root exploit from a fixed buffer that was not checked pam: don't allow escape from policy path. Exploitable in KDE, etc. Fix pam_ssh module: If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys. This has to due with the way that openssl works. It ignores unencrpted data. Fix security issue with chroot and ftpd. nsdispatch(3) doesn't know it's working in a chroot and some operations can cause files to get reloaded causing a security hole in things like ftpd. 20111217: libdialog/dialog upgraded to an lgpl version. As it's not backwardly compatable, include the old libdialog as libodialog 20111212: mksh r40d imported 20111210: re(4) and rl(4) updated to support new chips. GEOM synced with FreeBSD 7-stable. MidnightBSD GPT partition types created in sys/gpt.h and setup in boot loader and GEOM. amdsbwd(4) (amd watchdog for south bridge) updated to support 8xx series chipset. 20111207: import bsd grep from FreeBSD/OpenBSD. MK_BSD_GREP controls which grep is installed as grep with the other as bsdgrep or gnugrep. 20111122: mksh vR40c imported. 20111117: BIND 9.6 ESV R5 P1 20111107: tzdata 2011n 20111026: mDNSResponder v320 BIND 9.6 ESV R5 20111022: cflow 0.0.6 imported 20111020: less v436 imported amdsbwd(4) AMD southbridge watchdog 20111019: awk 20110810 imported et(4) Agere Gigabit Ethernet/Fast Ethernet driver added, but not included in GENERIC kernel. The kernel module needs testing before we can include it in GENERIC. intr_bind code ported to allow an IRQ to be bound to one specific CPU core. 20111017: Time Zone Data v. 2011l (Released 10 October 2011) Updated list of countries (iso3166) to work with new timezone data. 20111015: Introduce CPU Affinity in MidnightBSD. cpuset(1) can be used to control which core or group of cores can be used for a given process. Several new system calls were added to support this functionality in the running kernel and for 32bit binary compatibility on amd64. The scheduler default has been changed to ULE in i386 and amd64. Changes were made to both schedulers (4BSD AND ULE) for this feature. This work is based on Jeff Roberson's FreeBSD 7.1 patches. 20111004: Fix a problem with unix socket handling caused by the recent patch to unix socket path handling. This allows network apps to work under the linuxolator again. 20111001: Import libfetch & fetch(1) from FreeBSD 9. Passive FTP is now default and an environment variable must be set to use active. 20110930: Introduce quirks handling for several umass devices including USB cameras. Add workaround for Cyberpower UPS devices. Bring in further bug fixes from FreeBSD and NetBSD for alc(4). Stale ip/tcp header pointers are no longer used, lockups fixed when network cable is unplugged on bootup, enable TX checksum offloading. Add a new man page for gcache(8), a useful geom class when working with large raid3 sets. Restore previous workaround for Cypress pata storage controller. 20110929: Sync ath(4) with FreeBSD 7.3. The following modules are no longer available, and should be removed from loader.conf: ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample alc(4) would hibernate when a cable was unplugged and often required bring the interface down and up to "wake up" so that a connection could be established. Disable hibernation. 20110928: Fix security issues with gzip and compress related to .Z files that are corrupted. Fix path validation with unix domain sockets. 20110917: Remove dependance on mports perl for generating releases as it's in the base system. 20110914: Import xz 5.0.3 with liblzma 5.0.3 20110813: synced the sparc64 GENERIC kernel configuration with amd64. 20110806: sqlite 3.7.7.1 imported msearch(1), libmsearch and msearch.import added. msearch(1) provides a full text search command line tool. libmsearch can also be used to build a graphical based search in the future. You can enable index building for msearch in periodic.conf or manually run the /usr/libexec/msearch.index tool. Full text indexes take considerable space in /var. I'm using approximately 500MB currently. Fix a long standing bug with the periodic script to check package versions. This will be obsolete with mport though. 20110710: kdb_enter_why added to MidnightBSD to allow the kernel debugger to know why it's in use and thus script can be run. Yet another problem with the perl manifest was fixed 20110709: cpufreq(1) is a new utility to monitor CPU frequency which may change with use of powerd(8) and cpufreq(4). 20110612: Update mksh to R40 Catch up ObsoleteFiles.inc to remove Perl 5.10.x. Good to run when updating current (cd /usr/src && make check-old) 20110528: Fix CVE-2011-1910 in BIND 9.6.x. This affects caching resolvers. 20110526: newfs: Raised the default blocksize for UFS/FFS filesystems from 16K to 32K and the default fragment size from 2K to 4K. This should slightly imporve performance on "advanced format" hard drives such as the WD EARS drives. Drives of this type have emulation modes that slow down with lower sizes. Of course the drive must still be aligned properly when using fdisk. 20110521: mport tool now has a deleteall command. This can be used to remove all packages from a system. A few bugs with the perl 5.14 import have been fixed. 20110518: Perl 5.14.0 20110517: Sendmail 8.14.5 20110314: DRM/DRI code updated to support newer video cards. (FreeBSD 7.1) cdevpriv wrappers added nss_mdns hack introduced to work around linking problem. dnsextd fixed after update to mDNSResponder code. 20110308: Introduce liblzma & xz 5.0.1 to the base system Patch for OpenSSL security issue CVE-2011-0014. "OSREVISION 4004" nsswitch module for multicast dns (nss_mdns) added. tzdata2011c 20110220: cam(4) syncronized with FreeBSD 7.3. 20110219: amdtemp(4) updated to support sensors framework. 20110217: Perl 5.10.1 imported 20110216: Introduce igb(4) and split Intel Gigabit Ethernet adapters between igb(4) and em(4). Newer devices use igb(4). The code has moved to sys/dev/e1000 for both devices in the kernel. igb(4) has been placed in GENERIC on i386 and amd64. Update bfe(4) to support newer devices and WOL. 20110215: age(4) added. 20110208: BIND 9.6.3 which fixes a bug with DNSSEC records getting added. 20110206: eeemon(4) added to monitor Asus Eee PC. 20110205: OpenSSH 5.7p1 GNU sort 6.9 (coreutils) 20110203: one true awk 20100523 imported sqlite 3.7.5 OpenSSL 0.9.8q 20110202: tcsh 6.17.00 file 5.05 20110122: Import it(4) and lm(4), with support for Super I/O hardware monitors. This uses the sensors framework ported by Constantine A. Murenin (GSOC2007) 20110120: BIND 9.6.2-P3 sudo 1.7.4-p6 20110115: Add experimental jme(4) for Jmicron ethernet devices. 20101130: A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939] 20101120: Several portions of the kernel and userland code related to UFS file systems (and UFS2) cannot properly handle inode counts above 2^31 due to use of int types. Based on a patch from FreeBSD, I've modified our UFS2 implementation to handle unsigned values for inode counts which should allow for file systems greater than 16TB. newfs and growfs was also modified. 20101110: Fix a security issue with pseudofs which could result in running code in kernel context or a kernel panic depending on system configuration. This affects file systems such as procfs for instance. 20101021: sysrc is a utility to print and modify name/value pairs in /etc/rc.conf easily. This is similar to functions present in many linux distros. The utility was written by Devin Teske for FreeBSD. 20100920: bzip2 security patch for integer overflow. 20100905: MidnightBSD RELENG_0_3 branch created. Aggressive development continues here for 0.4. 20100902: Fix a security issue with libutil that allows users to bypass cpu limits in login.conf in some cases. This combined with OpenSSH for example can allow the user to get more resources than they're allowed. 20100822: Import Apple's mDNSResponder (mdnsd). 20100814: libdispatch added to MidnightBSD. This provides functionality found in Mac OS X's GCD. We do not have blocks support yet. As this code is licensed under Apache 2, we create a new MK_APACHE option so that it's not required for all users to run code under a license they may not like. 20100713: mbuf readonly fix related to sendfile(2) data corruption. 20100704: brainfuck(1) imported from MirBSD. 20100505: zlib 1.2.5 20100430: Sudo 1.7.2p6 imported 20100321: Update zlib to 1.2.4 20100319: Removed i586 from default i386 generic kernel. 20100317: Update to tzdata2010e (time zones). This includes changes in Mexico. Add support for several newer sound cards via hda including ATI and Realtek chipsets. 20100313: CPU detection has been changed. VIA Padlock detection added. 20100312: Fix a number of bugs and compiler warnings in libmport. Handle plus signs in paths for mport.check-fake 20100311: mksh R39c 20100309: Sudo 1.7.2p5 sqlite3 3.6.23 mksh R39b libffi (ffi) 3.0.9 20100206: WITHOUT_LIB32 is no longer needed on AMD64. GCC was fixed to properly pass arguments to ld. re(4) and rl(4) have been updated to support several new realtek chipsets. Performance has been improved on re(4). 20100204: Fix a bug cropping up on AMD64 MidnightBSD with sftp segfaulting. 20100116: Import ash changes from FreeBSD (bin/sh) 8-Stable. BIND 9.6.1-P2 20100110: Import Sendmail 8.14.4. Fix for SSL vulnerability. posix_spawn(3) added to MidnightBSD libc. Users may need to build and install libc before doing a full buildworld when upating from 0.2 or older current systems. kqueue(2) was modified to support portions of libdispatch functionality. 20100106: Bind security update. Fix a bug with DNSSEC that causes negative cache entries and thus a possible DNS cache poisoning attack. Fix a bug in ZFS that can reset permissions on system crashes. 20091228: amdtemp(4) was added. It allows one to monitor to the temperature of an AMD CPU such as a Phenom. 20091205: OpenSSL security fix The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters. 20091128: OpenBSD sensors framework imported including sensorsd(8) 20091126: OpenNTPD 4.4 import Update OpenSSH to 5.3p1 mksh R39 20091124: cpdup updated from DragonFly to 1.15 tzdata2009s updated with latest timezone data for November 2009. 20091010: amd64 users should use WITHOUT_LIB32=yes in /etc/make.conf for now to test current. Revert unicode filename fixes from ntfs code. This was causing chaos on amd64 systems. 20091006: Update timezone data with tzdata2009n with the Pakistan and Argentina changes. Sync several userland utilities with versions from FreeBSD 7.0 in sbin and usr.sbin. 20090919: Update timezone data with tzdate2009m from September 2009. 20090729: Patch for Bind 9 security vulnerability. a dynmaic update packet can trigger an assertion and cause named to exit 20090606: Remove PCC from the base system. This compiler will not work as a system compiler for us as we've got some userland investment in C++ code and may have Objective-C in the future. We're stuck with a solution that supports these three languages at a minimum. I had wanted to keep it as an optional compiler because it is fast, however too many users want to try to use it for the base system which makes no sense. A hack was added for Cypress based usb hard drive enclosures to the kernel. This should cut down on commands it claims to support but does not (at the cam layer). Found while testing ZFS on an external device. 20090520: The powerd daemon no longer starts automatically to improve compatibility with many systems. However, there is a new installer option in the startup section to enable it. This makes it easier to enable for users that have working systems. I thought it was only a problem on older hardware, but it freaks out my new Phenom too. 20090502: OpenSSH 5.2p1 import ale(4) connected to the build. (kernel module only) 20090501: Imported makefs utility from NetBSD/FreeBSD 20090422: OpenSSL security update The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. 20090415: Created a Symbol.map for libc/ohash symbols Updated several usr/bin usr/sbin utilities. Corrected a bug with Makefile.inc1 causing the bootstrap tools to fail. 20090405: xorg 7.4 wants to configure its input devices via hald which does not yet work with USB. If the keyboard/mouse does not work in xorg then add Option "AllowEmptyInput" "off" to your ServerLayout section. This will cause X to use the configured kbd and mouse sections from your xorg.conf 20090403: mksh was disconnected a few day ago do to bugs with buildworld and mports. Now, connect it back for use as /bin/sh with a conditional called MK_ASH. By default, ash is the standard /bin/sh but we may change this later. This will allow further testing by users and developers of mksh without causing an unpleasant default experience. In the long run, we need to fix mksh compatibility. 20090328: Bring in mksh R37 from CVS. The dot.mkshrc files for root and skel were changed. mksh(1) now replaces ash aka sh(1) as the default /bin/sh. Please report bugs with ports, etc. The ash code will remain in the repo for awhile as I decide if we'll add something like MK_SHELL_ASH as an optional build parameter. ahd was disconnected from the lint environment until the compiler bug is sorted (by updating gcc?) Remove freebsd-tips from fortune files and change the default for login and profile. 20090327: Update libarchive to 2.5.5, tar, and add bsdcpio. Also previously, ctriv has been connecting Perl 5.10 to the build (part of os). This will have an impact on mports. 20090325: Update Bind to 9.4.3-P1 Update mksh to R36b Update tcpdump to 3.9.8, fix libpcap to work with current. Update pnpinfo, sync with FreeBSD. 20090115: Fix a problem with DNSSEC and BIND. 20090110: For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack. Other applications which use the OpenSSL EVP API may similarly be affected. Stop cross site request forgery attacks in lukemftpd 20090104: Import GNU libreadline 5.2 20090101: Update time zone data to 2008i. 20081231: Correct a problem where bluetooth and netgraph sockets are not properly initialized. Happy 2009. 20081206: Due to the massive change in the underlying system under way, we're naming the next release 1.0. The sys/sys/param.h was changed accordingly. ipfilter and ncurses were corrected using __MidnightBSD__ tests in the code. The GENERIC kernel config was caught up on i386 today. Consider i386 still broken, but amd64 is running again. mdoc.local was updated with the new MidnightBSD version info. batt(1) was rewritten in C. It now supports several flags and runs about 8 times faster on my laptop. The default output shows the number of minutes of battery life remaining and the percentage. You can use -u to display the number of batteries or -c to get script friendly output. Consult the man page for more. 20081204: Work has completed on importing ZFS, jemalloc, several new devices, SCTP, updated pf, a new tempfs, linuxolator 2.6 kernel support, improved locking for file desc., audit (openbsm), openssl .98e, nfe, imporved intel high def audio, midi, updated intel gigabit (em), support for several wifi cards (intel), ... Renamed 0.3-CURRENT officially. Switched to using MidnightBSD version data from param.h instead of the FreeBSD version. This means testing is now possible in the ports tree for the version and that any ports or code relying on the FreeBSD version from sys/sys/param.h will need to be fixed. 20080905: update nve(4) to support new hardware. 20080801: Import OpenBSM 1.0 Modify src/release to create 3 isos instead of 2 for packages. etc/rc.d/firstboot now enables kdm, gnustep + slim and bsdstats. Many ia64, alpha, powerpc items were removed. The recent diffutils 2.8.7 import was fixed. 20080703: pcc was not installed properly when setting DESTDIR for live cds, or posibly jails. 20080627: Add firmware(9), WEP, CCMP, TKIP to GENERIC. Add glabel to GENERIC. Intel ICH8 mobile chipset used on some iMacs included with ata. pcc connected to the build on i386. (alternative compiler) ath added to GENERIC. (Atheros wireless NICs) on amd64/i386 20080528: Sendmail 8.14.3 20080516: ssh-vulnkey allows you to look for vulnerable ssh keys that were generated on Debian and Ubuntu hosts over the last few years. sshd can block offending keys with a configuration option. The elf note on binaries is now set to MidnightBSD. 20080514: Fixed a number of problems with pcc. It is not yet connected to the build, but usable on i386 hosts. You may use it by make; make install in /usr/src/usr.bin/pcc. It will install in /usr/local as some of the files conflict with GCC versions. __MidnightBSD__ is defined in PCC as well. System headers were fixed to allow pcc to compile many binaries on MidnightBSD. bin/cp will work now for instance. 20080430: __MidnightBSD__ is now defined via gcc. This can be tested to determine we're running on MidnightBSD in the preprocessor. 20080429: Import bind 9.4.2 with threading libpthread (KSE) and libthr are built earlier pcvt(4) removed! Alias added for core2 cpus. Alpha and PC98 only utilities removed from usr/sbin syslogd, adduser, rmuser, mergemaster and mailwrapper have been improved. See the man pages for info. periodic scripts will not send emails with empty message bodies. See mailwrapper fix. 20080410: Sync cpdup with DragonFly. Add parallel transaction support and -l flag to line-buffer stdout and stderr. 20080406: Import bzip2 1.05 Import OpenSSH 4.9p1 20080322: The default umask was changed to 022. /usr/X11R6 paths were removed from several config files. .mkshrc files are now installed for root. 20080316: FIx a problem with gif0 tunnels and neighbors with IPV6. 20080312: Add lndir from X.org. This aides in the porting of MirPorts. New OS versions were added to the mapage code (groff) 20080310: Correct a buffer overflow in ppp. 20080308: Remove /usr/X11R6 from manpath config. 20080307: Atheros driver no longer has several options set which corrects building in tinderbox on all three platforms. Added a new macro to sx.h which returns true if the current thread holds an exclusive lock on a specifix sx. Removed OS/2's HPFS file system. It's not maintained and I don't know anyone using OS/2 or ecomstation these days. My copy is in the closet collecting dust. 20080306: Synced tinderbox with FreeBSD. Modified it for MidnightBSD. Developers can now use it to check src builds. 20080303: Add mksh to /etc/shells, made some adjustments to options for mksh builds per suggestion upstream. USB HID table updated with modern hardware list. Updated BSD family true (we're not in there yet) iso3166 file updated and import of tzdata2007k for new time zones. Updated mksh to latest version R33. 20080228: Remplaced the random IP id generation code with a new version by Amit Klein. 20080221: Sendfile write only permissions fix. Removed some HPFS and PC98 code. iso639 file sycned with DragonFly. 20080128: Changed NTP configuration so that ips aren't cached so multiple servers are used. Fix an issue with fork() in libpthread. 20080121: Add virtualization detection to set the HZ rate according to a VM present. VMWare and Parallels should work better like this. Change to full x11 install in sysinstall. Add xorg 7 support. 20080115: Fix the handling of PTY's. CVE-2008-0216 20080105: mport delete code added, USE_MPORT_TOOLS knob aded. 20080101: Happy New Year 20071123: Update sendmail to 8.14.2 20071120: Update system compiler to gcc 3.4.6. 20071023: Updated mksh to R31d. 20070911: Updated mksh to version R31b. Fixed stderr output in libpthread. Previously it was written to stdout. 20070831: Added dot.mkshrc file to support the recent change to mksh from OpenBSD's ksh derived from pdksh. Added new firewall configuration. ipfw is enabled by default with a "desktop" configuration. Consult /etc/rc.firewall or ipfw show to see the ruleset used. You can disable ipfw by setting firewall_enable="NO" in /etc/rc.conf This change only effects IPv4. IPv6 does not have a firewall enabled by default. 20070814: Removed GNU tar source. We've been using BSD tar for awhile. 20070806: Finished removing umapfs and autofs from the tree. 20070804: BIND and Tcpdump have been patched for recent vulnerabilities. We switched to BSD cpio (pax). 20070719: Imported cpdup from DragonFly as /bin/cpdup 20070716: Update GNU cpio to 2.8. 20070410: cvs was updated to 1.12.13. cvsbug was removed. cvs now behaves similarly to DragonFly's cvs with most of their local changes. 20070409: RELENG_0_1 was created. More aggresive changes will continue here. 20070406: Back out propolice. propolice caused several problems with our threading libraries libthr and libpthread. curthread was often NULL after the patch and many multithreaded applications would crash. We plan to work on either bringing in gcc 4.1 or developing a new patch which also corrects our threading issues later. It is more important to have a stable system for our mport work and other projects at this time. This is not a clean removal. It is recommended that you have a recently SNAP CD handy. You can either reinstall or perform a make buildworld and make buildkernel and make installkernel. Reboot on the cd and copy the contents of /bin, /sbin, /lib, /libexec, and /usr/bin, /usr/sbin, /usr/lib, and /usr/libexec to the respective directories on your disk. Then you should be able to boot into single user mode and run make installworld. You will need to run chflags noschg on some of the files if you can't overwrite them. You will get __guard missing errors since we had to remove this from libc. You will need to rebuild any ports built while propolice was installed. 20070401: Importing propolice into MidnightBSD. Propolice is going to provide us with much greater security and stability in the long run. If upgrading from a pre-propolice system, please follow the these instructions: cd /usr/src/lib/libc && make obj && make && make install cd /usr/src/gnu/usr.bin/cc && make obj && make && make install cd /usr/src/lib/libpthread && make obj && make && make install cd /usr/src/lib/libthr && make obj && make && make install buildworld and kernel It is adviced that any mports which were installed and/or built prior to the propolice update also be updated. If any errors or issue are encounted, please contact security@midnightbsd.org and we will be sure to investigate and come up with an expeditious fix. 20070314: Remove send-pr from src. Switch to NetBSD's gzip. Bump MBSD minor revision. 20070313: Imported OpenSSH 4.6p1. Imported FreeBSD's libarchive and updated tar to work with it. Disabled debug statements cluttering up /var/log/messages for the tcp autobuf patch applied previously. 20070312: Synced several audio changes from FreeBSD 6.1. Removed the BSD Daemon files from src/share. 20070308: Added mfi which supports LSI Logic MegaRAID SAS devices including the Dell perc5i. 20070206: Imported OpenBSD's sudo into source. Please install /usr/src/usr.bin/sudo/lib first before building. Those who install from a snapshot after this date will not be effected. 20070119: Added audit group. Be sure to add audit to your /etc/group file before installing world. hostapd was updated to 0.4.8. An accidental commit in usr.sbin/bluetooth/hccontrol was fixed to unbreak world. wpa_supplicant was updated. For stability and compatibility reasons, it was decided that MidnightBSD sync with FreeBSD 6.1 Release. Nearly every change between the original fork date of February 24, 2006 and the release of FreeBSD 6.1 in May 2006 will be merged. Beyond this, MidnightBSD will be a "real" fork and will not sync every little change with FreeBSD. 20061231: Updated COPYRIGHT for 2007. Updated and bumped libutil after importing NetBSD efun(3) functions. Added MidnightBSD_version and bumped the FreeBSD version as we've synced all commits between the fork and that version. It is now safe to assume MidnightBSD is compatible with FreeBSD RELENG_6 from Feb 26, 2006. Added spell(1) and deroff(1) from NetBSD. Also added additional dict files to work with it. /usr/share/dict/american, /usr/share/dict/british and /usr/share/dict/special/math Numerous man page and bug fixes. 20061226: Setup /usr/share/examples/cvsup SUPfiles for the new MidnightBSD CVSup server. Fix a bug in burncd where it would continue forever while erasing CDRW media. Add csup to /usr/bin. csup is a CVSup replacement written in C. Fixed a bug with bsnmpd build from Oct 30. Corrected some race conditions and fixed a few bugs in geom. Imported changes from FreeBSD RELENG_6. 20061225: Fixed a typo in src/lib/libc/sparc64/fpu/fpu_implode.c that caused long double to long and long long conversion of negative numbers to always result in -1. 20061221: Fixed acpi_battery.c to not report an ERROR if no batteries are present. Performed some minor updates on the RL and RE NIC drivers. RL should no longer panic when trying to print errors. Corrected a bug with TTY. 20061218: Corrected a bug with libpthread where newly created suspended threads don't get scheduled. 20061206: Fixed a typo with the firewire security patch. 20061129: Minor cleanups to utilities in bin. Fixed msdos file system short file name behavior to match FreeBSD. 20061031: Updated man pages in section 7. 20061030: Updated sys/dev/drm to support intel 915 and radeon r300 cards properly. Synced snmpd with FreeBSD-stable. Fixed a bug in rm which could cause data loss. 20061027: Added Intel ICH8 and nForce 5 support to ATA. cam, mpt, random, kbdmux, atkbd, and usb were updated. Changes to clearing registers on SSE enabled processors (i386) commited. lukemftpd updated. openssh rc script was altered which effects initial seeding. 20061014: Workaround for em driver problem on shared IRQ. Started removal of alpha support. 20061013: ATA driver was updated. USB/USB1/USB2 types added. 20061010: OpenSSH was updated to 4.4p1. 20060909: OpenNTPD was added to MidnightBSD. Run make delete-old to remove the old ntpd daemon. cat has a new option -D which allows you to timestamp output on a per line basis. The kernel has a keyboard mux which allows you to have multiple keyboard connected simultaneously. USB keyboard support was also improved with this patch. The Intel em driver was updated. Network performance was greatly increased on many systems. Additional models are supported. The ATA driver was patched to fix a potential deadlock. Bind was patched to fix a potential denial of service condition. 20060817: ksh has been added to the base system. If you previously had the port installed, it will be overwritten on the next buildworld. To build a kernel ----------------- If you are updating from a prior version of MidnightBSD (even one just a few days old), you should follow this procedure. With a /usr/obj tree with a fresh buildworld, make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE To test a kernel once --------------------- If you just want to boot a kernel once (because you are not sure if it works, or if you want to boot a known bad kernel to provide debugging information) run make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel nextboot -k testkernel To just build a kernel when you know that it won't mess you up -------------------------------------------------------------- This assumes you are already running a 6.X system. Replace ${arch} with the architecture of your machine (e.g. "i386", "amd64", "ia64", "pc98", "sparc64", etc). cd src/sys/${arch}/conf config KERNEL_NAME_HERE cd ../compile/KERNEL_NAME_HERE make depend make make install If this fails, go to the "To build a kernel" section. To rebuild everything and install it on the current system. ----------------------------------------------------------- # Note: sometimes if you are running current you gotta do more than # is listed here if you are upgrading from a really old current. make buildworld make kernel KERNCONF=YOUR_KERNEL_HERE [1] [3] mergemaster -p [5] make installworld make delete-old mergemaster [4] To cross-install current onto a separate partition -------------------------------------------------- # In this approach we use a separate partition to hold # current's root, 'usr', and 'var' directories. A partition # holding "/", "/usr" and "/var" should be about 2GB in # size. make buildworld make buildkernel KERNCONF=YOUR_KERNEL_HERE make installworld DESTDIR=${CURRENT_ROOT} cd src/etc; make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT} cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd To upgrade in-place from 5.x-stable or higher to 6.x-stable ----------------------------------------------------------- make buildworld [9] make kernel KERNCONF=YOUR_KERNEL_HERE [8] [1] [3] mergemaster -p [5] make installworld make delete-old mergemaster -i [4] Make sure that you've read the UPDATING file to understand the tweaks to various things you need. At this point in the life cycle of current, things change often and you are on your own to cope. The defaults can also change, so please read ALL of the UPDATING entries. Also, if you are tracking -current, you must be subscribed to freebsd-current@freebsd.org. Make sure that before you update your sources that you have read and understood all the recent messages there. If in doubt, please track -stable which has much fewer pitfalls. [1] If you have third party modules, such as vmware, you should disable them at this point so they don't crash your system on reboot. [3] From the bootblocks, boot -s, and then do fsck -p mount -u / mount -a cd src adjkerntz -i # if CMOS is wall time Also, when doing a major release upgrade, it is required that you boot into single user mode to do the installworld. [4] Note: This step is non-optional. Failure to do this step can result in a significant reduction in the functionality of the system. Attempting to do it by hand is not recommended and those that pursue this avenue should read this file carefully, as well as the archives of freebsd-current and freebsd-hackers mailing lists for potential gotchas. [5] Usually this step is a noop. However, from time to time you may need to do this if you get unknown user in the following step. It never hurts to do it all the time. [8] In order to have a kernel that can run the 5.x binaries needed to do an installworld, you must include the COMPAT_FREEBSD5 option in your kernel. Failure to do so may leave you with a system that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is required to run the 5.x binaries on more recent kernels. Make sure that you merge any new devices from GENERIC since the last time you updated your kernel config file. [9] When checking out sources, you must include the -P flag to have cvs prune empty directories. If CPUTYPE is defined in your /etc/make.conf, make sure to use the "?=" instead of the "=" assignment operator, so that buildworld can override the CPUTYPE if it needs to. MAKEOBJDIRPREFIX must be defined in an environment variable, and not on the command line, or in /etc/make.conf. buildworld will warn if it is improperly defined. Copyright information: Copyright 1998-2005 M. Warner Losh. All Rights Reserved. Redistribution, publication, translation and use, with or without modification, in full or in part, in any form or format of this document are permitted without further permission from the author. THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. If you find this document useful, and you want to, you may buy the author a beer. Contact Warner Losh if you have any questions about your use of this document. $FreeBSD: src/UPDATING,v 1.416.2.18 2006/02/22 11:51:57 yar Exp $ $MidnightBSD$