notes/0.6/index.html

<!DOCTYPE html>
<html lang="en-US">
        <head>
                <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                <meta name="viewport" content="width=device-width, initial-scale=1">
                <title>MidnightBSD Release Notes</title>
                <link rel="shortcut icon" href="/favicon.ico" />
                <style type="text/css" media="all">
                        @import url("../../css/essence.css");
                        #text ul li { font-size: 11pt; margin-bottom: 5px; }
                        .note { font-size: 80%; color: #aaa; padding: 15px; margin-top: 15px; }
                        .update h4 { color: #15a9ed; text-align: center; padding-top: 0.4em; margin-bottom: 0; display: block; }
                        .update { background: #f2fbff; border: 2px solid #dff2fb; font-size: 80%; width: 40%; float: left; margin-right: 2.4em; color: #555; }
                        .ast { color: #1373ce; }
                        #list ul { margin-left: 2em; padding-left: 1em; list-style-position: inside; }
                </style>
                <!-- Begin Cookie Consent plugin by Silktide - http://silktide.com/cookieconsent -->
                <script type="text/javascript">
                        window.cookieconsent_options = {
                                "message": "This website uses cookies to ensure you get the best experience on our website",
                                "dismiss": "Got it!",
                                "learnMore": "More info",
                                "link": null,
                                "theme": "dark-top"
                        };
                </script>
                <script type="text/javascript" src="//s3.amazonaws.com/cc.silktide.com/cookieconsent.latest.min.js"></script>
                <!-- End Cookie Consent plugin -->
        </head>
        
        <body>
                <div id="globe">
                        <div id="header"><h1 title="MidnightBSD Home"><a href="../" title="MidnightBSD Home">MidnightBSD: The BSD For Everyone</a></h1></div>
                <!--#include virtual="/menu.html"-->
                                        <div class="clear"></div>
                        <div id="text">
                                <h2 class="icon"><img src="../../images/oxygen/notes32.png" alt="" /> MidnightBSD Release Notes</h2>
                                <div class="devupdate fleft">
                                        <h4>Late breaking information:</h4>
                                        <blockquote>
                                        0.6 changed the output of uname.  Historically, we followed the FreeBSD approach of 0.5-RELEASE, 0.6-CURRENT, etc.
                                        Now, we only use version numbers. Most scripts don't know how to parse 0.6-RELEASE properly from uname.
                                        </blockquote>
                                        <h4>Previous Release Notes</h4>
                                        <ul>
                                                <li><a href="../0.1/index.html">0.1-RELEASE</a></li>
                                                <li><a href="../0.1.1/index.html">0.1.1-RELEASE</a></li>
                                                <li><a href="../0.2/index.html">0.2.1-RELEASE</a></li>
                                                <li><a href="../0.3/index.html">0.3-RELEASE</a></li>
                                                <li><a href="../0.4/index.html">0.4-RELEASE</a></li>
                                                <li><a href="../0.5/index.html">0.5-RELEASE</a></li>
                                        </ul>
                                </div>
                                <h3>(04/26/2015) MidnightBSD 0.6-RELEASE</h3>

<p>This release is primarily a security fix and mport package tool release. 

<h4>Security</h4>

<p>OpenSSL: 
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]

<p>The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]

<p>A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]

<p>OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]

<p>TCP SYN:
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.

<p>Fix several security vulnerabilities in routed, rtsold, and namei with respect to Capsicum sandboxes looking up nonexistent path names and leaking memory.

<p>The input path in routed(8) will accept queries from any source and attempt to answer them.  However, the output path assumes that the destination address for the response is on a directly connected network.

<p>Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8).

<p>tnftp 20141031 fixes a security vulnerability with tnftp, CVE-2014-8517.

<p>Fix a security issue with file and libmagic that can allow an attacker to create a denial of service attack on any program that uses libmagic.

<p>BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable.

<p>CVE-2015-1349 An integer overflow in computing the size of IGMPv3 data buffer can result  in a buffer which is too small for the requested operation. This can result in a DOS attack.

<p>IPv6: The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the MidnightBSD system.

<p>sqlite 3.8.9 - Fix a potential 32-bit integer overflow problem in the sqlite3_blob_read() and sqlite3_blob_write() interfaces.

<h4>Enhancements</h4>

<p>Fix building perl during buildworld when the GDBM port is installed.

<p>Fixed a bug with our clearenv(3) implementation that caused segfaults with some programs including Dovecot.

<p>Update USB quirks to support K70 Corsair keyboard, and several other devices.

<h4>Removed Features</h4>

<p>none

<h4>New Software Versions</h4>

<ul>
<li>Apple mDNSResponder 561.1.1
<li>mksh R50e
<li>OpenSSH 6.6p1
<li>OpenSSL 0.9.8.zf
<li>serf 1.3.8
<li>sudo 1.7.8
<li>sqlite 3.8.9 
<li>tnftp 20141031
<li>tzdata 2014i
<li>xz 5.0.7
</ul>

<h4>mports & package tools</h4>

<p>libmport now supports plist commands @dir, @owner, @group, @mode and @sample. This allows pkg-plist files to set permissions and handle creation and removal of directories. Previously, @dirrm only allowed the removal of directory on uninstall. This required some plists to contain mkdir commands built in. The new process is cleaner and faster.

<p>This also means that ports that have been updated are not compatible with MidnightBSD 0.5 and lower mport tools any longer. 

<p>libmport attempts to detect an interactive tty is in use and will silence certain status messages when run in a non-interactive session.

<p>There are several new asset types in plists including ASSET_DIR and ASSET_SAMPLE. Clients consuming libmport may need changes if they were altering behavior with handling plist files.

<p>The database version for mport packages was updated (package version) and new columns for CPE were added to the database. This information is also exposed via the mport info command and many mports now provide this information.  You can use mport cpe to list a summary for installed packages.

<p>Regarding packages, the current selection is not great. There are currently 1500 packages for i386 and 1400 for amd64. This is due to major refactoring to the mports system in progress. Available package count has doubled since January and we expect more to be available soon.  Some items will need to be built manually using mports rather than binary package. This is unfortunately true for xorg-server currently. We are working on getting X11 packages available for binary installation as a top priority.  

<p>If you are updating an existing system, after installing 0.6, you can use mport upgrade to update packages with 0.6 versions. It is recommended that you delete /usr/mports/Packages and run mport clean to remove old package remnants.

<p>You may use svnlite (part of the base system) to checkout mports or src, if you do not wish to install the svn package.   

<p>e.g. 
<br>cd /usr/ && svnlite co http://svn.midnightbsd.org/svn/mports/trunk mports 

</div>
<!--#include virtual="/footer.html"-->
        </body>
</html>

Revision:	642
Committed:	Fri Oct 9 21:29:01 2015 UTC (8 years, 6 months ago) by laffer1
Content type:	text/html
File size:	7731 byte(s)
Log Message:	add languages back to website files
#	Content
1	<!DOCTYPE html>
2	<html lang="en-US">
3	<head>
4	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5	<meta name="viewport" content="width=device-width, initial-scale=1">
6	<title>MidnightBSD Release Notes</title>
7	<link rel="shortcut icon" href="/favicon.ico" />
8	<style type="text/css" media="all">
9	@import url("../../css/essence.css");
10	#text ul li { font-size: 11pt; margin-bottom: 5px; }
11	.note { font-size: 80%; color: #aaa; padding: 15px; margin-top: 15px; }
12	.update h4 { color: #15a9ed; text-align: center; padding-top: 0.4em; margin-bottom: 0; display: block; }
13	.update { background: #f2fbff; border: 2px solid #dff2fb; font-size: 80%; width: 40%; float: left; margin-right: 2.4em; color: #555; }
14	.ast { color: #1373ce; }
15	#list ul { margin-left: 2em; padding-left: 1em; list-style-position: inside; }
16	</style>
17	<!-- Begin Cookie Consent plugin by Silktide - http://silktide.com/cookieconsent -->
18	<script type="text/javascript">
19	window.cookieconsent_options = {
20	"message": "This website uses cookies to ensure you get the best experience on our website",
21	"dismiss": "Got it!",
22	"learnMore": "More info",
23	"link": null,
24	"theme": "dark-top"
25	};
26	</script>
27	<script type="text/javascript" src="//s3.amazonaws.com/cc.silktide.com/cookieconsent.latest.min.js"></script>
28	<!-- End Cookie Consent plugin -->
29	</head>
30
31	<body>
32	<div id="globe">
33	<div id="header"><h1 title="MidnightBSD Home"><a href="../" title="MidnightBSD Home">MidnightBSD: The BSD For Everyone</a></h1></div>
34	<!--#include virtual="/menu.html"-->
35	<div class="clear"></div>
36	<div id="text">
37	<h2 class="icon"><img src="../../images/oxygen/notes32.png" alt="" /> MidnightBSD Release Notes</h2>
38	<div class="devupdate fleft">
39	<h4>Late breaking information:</h4>
40	<blockquote>
41	0.6 changed the output of uname. Historically, we followed the FreeBSD approach of 0.5-RELEASE, 0.6-CURRENT, etc.
42	Now, we only use version numbers. Most scripts don't know how to parse 0.6-RELEASE properly from uname.
43	</blockquote>
44	<h4>Previous Release Notes</h4>
45	<ul>
46	<li><a href="../0.1/index.html">0.1-RELEASE</a></li>
47	<li><a href="../0.1.1/index.html">0.1.1-RELEASE</a></li>
48	<li><a href="../0.2/index.html">0.2.1-RELEASE</a></li>
49	<li><a href="../0.3/index.html">0.3-RELEASE</a></li>
50	<li><a href="../0.4/index.html">0.4-RELEASE</a></li>
51	<li><a href="../0.5/index.html">0.5-RELEASE</a></li>
52	</ul>
53	</div>
54	<h3>(04/26/2015) MidnightBSD 0.6-RELEASE</h3>
55
56	<p>This release is primarily a security fix and mport package tool release.
57
58	<h4>Security</h4>
59
60	<p>OpenSSL:
61	The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
62	to consume large amounts of memory. [CVE-2014-3506]
63
64	<p>The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
65	memory. [CVE-2014-3507]
66
67	<p>A flaw in OBJ_obj2txt may cause pretty printing functions such as
68	X509_name_oneline, X509_name_print_ex et al. to leak some information from
69	the stack. [CVE-2014-3508]
70
71	<p>OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
72	a denial of service attack. [CVE-2014-3510]
73
74	<p>TCP SYN:
75	When a segment with the SYN flag for an already existing connection arrives,
76	the TCP stack tears down the connection, bypassing a check that the
77	sequence number in the segment is in the expected window.
78
79	<p>Fix several security vulnerabilities in routed, rtsold, and namei with respect to Capsicum sandboxes looking up nonexistent path names and leaking memory.
80
81	<p>The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.
82
83	<p>Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8).
84
85	<p>tnftp 20141031 fixes a security vulnerability with tnftp, CVE-2014-8517.
86
87	<p>Fix a security issue with file and libmagic that can allow an attacker to create a denial of service attack on any program that uses libmagic.
88
89	<p>BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable.
90
91	<p>CVE-2015-1349 An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. This can result in a DOS attack.
92
93	<p>IPv6: The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the MidnightBSD system.
94
95	<p>sqlite 3.8.9 - Fix a potential 32-bit integer overflow problem in the sqlite3_blob_read() and sqlite3_blob_write() interfaces.
96
97	<h4>Enhancements</h4>
98
99	<p>Fix building perl during buildworld when the GDBM port is installed.
100
101	<p>Fixed a bug with our clearenv(3) implementation that caused segfaults with some programs including Dovecot.
102
103	<p>Update USB quirks to support K70 Corsair keyboard, and several other devices.
104
105	<h4>Removed Features</h4>
106
107	<p>none
108
109	<h4>New Software Versions</h4>
110
111	<ul>
112	<li>Apple mDNSResponder 561.1.1
113	<li>mksh R50e
114	<li>OpenSSH 6.6p1
115	<li>OpenSSL 0.9.8.zf
116	<li>serf 1.3.8
117	<li>sudo 1.7.8
118	<li>sqlite 3.8.9
119	<li>tnftp 20141031
120	<li>tzdata 2014i
121	<li>xz 5.0.7
122	</ul>
123
124	<h4>mports & package tools</h4>
125
126	<p>libmport now supports plist commands @dir, @owner, @group, @mode and @sample. This allows pkg-plist files to set permissions and handle creation and removal of directories. Previously, @dirrm only allowed the removal of directory on uninstall. This required some plists to contain mkdir commands built in. The new process is cleaner and faster.
127
128	<p>This also means that ports that have been updated are not compatible with MidnightBSD 0.5 and lower mport tools any longer.
129
130	<p>libmport attempts to detect an interactive tty is in use and will silence certain status messages when run in a non-interactive session.
131
132	<p>There are several new asset types in plists including ASSET_DIR and ASSET_SAMPLE. Clients consuming libmport may need changes if they were altering behavior with handling plist files.
133
134	<p>The database version for mport packages was updated (package version) and new columns for CPE were added to the database. This information is also exposed via the mport info command and many mports now provide this information. You can use mport cpe to list a summary for installed packages.
135
136	<p>Regarding packages, the current selection is not great. There are currently 1500 packages for i386 and 1400 for amd64. This is due to major refactoring to the mports system in progress. Available package count has doubled since January and we expect more to be available soon. Some items will need to be built manually using mports rather than binary package. This is unfortunately true for xorg-server currently. We are working on getting X11 packages available for binary installation as a top priority.
137
138	<p>If you are updating an existing system, after installing 0.6, you can use mport upgrade to update packages with 0.6 versions. It is recommended that you delete /usr/mports/Packages and run mport clean to remove old package remnants.
139
140	<p>You may use svnlite (part of the base system) to checkout mports or src, if you do not wish to install the svn package.
141
142	<p>e.g.
143	<br>cd /usr/ && svnlite co http://svn.midnightbsd.org/svn/mports/trunk mports
144
145	</div>
146	<!--#include virtual="/footer.html"-->
147	</body>
148	</html>
149