aboutsummaryrefslogtreecommitdiffstats
path: root/UPDATING
blob: cede9016bbf1cf4b1cb78e75bbc1e4765a1b3204 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
Updating Information for FreeBSD STABLE users

This file is maintained and copyrighted by M. Warner Losh
<imp@village.org>.  See end of file for further details.  For commonly
done items, please see the COMMON ITEMS: section later in the file.

Items affecting the ports and packages system can be found in
/usr/ports/UPDATING.  Please read that file before running
portupgrade.

20070214:	p18	FreeBSD-EN-07:01.nfs
	Correct problems with locking, namei leakage, and symlink
	creation in the NFS subsystem.

20070111:	p17	FreeBSD-SA-07:01.jail
	Correct jail rc.d script privilege escalation.

20061206:	p16	FreeBSD-SA-06:25.kmem
	Correct a signedness bug which allowed members of the operator
	group to read kernel memory.

20060930:	p15	FreeBSD-SA-06:22.openssh
	Correct multiple vulnerabilities in sshd(8).

20060929:	p14	FreeBSD-SA-06:23.openssl
	Correct problem in the 2006-09-28 patch concerning the handling of
	excessively large DH moduli.

20060928:	p13	FreeBSD-SA-06:23.openssl
	Correct multiple vulnerabilities in crypto(3).
	Limit the size of public keys used in order to protect applications
	from a denial of service via insane key sizes.

20060919:	p12	FreeBSD-SA-06:21.gzip
	Correct multiple vulnerabilities in gzip(1).

20060906:	p11	FreeBSD-SA-06:19.openssl, FreeBSD-SA-06:20.bind
	Correct incorrect PKCS#1 v1.5 padding validation in
	crypto(3). [06:19]

	Correct multiple denial-of-service vulnerabilities in BIND related to
	SIG Query Processing and Excessive Recursive Queries. [06:20]

20060823:	p10	FreeBSD-SA-06:18.ppp
	Correct buffer overflow in the handling of LCP options in ppp(4).

20060614:	p9	FreeBSD-SA-06:17.sendmail
	Correct a bug in the handling of multipart messages by sendmail(8)
	which can allow a malformed message to crash a sendmail queue
	processing process.

20060531:	p8	FreeBSD-SA-06:15.ypserv, FreeBSD-SA-06:16.smbfs
	Enable inadvertantly disabled "securenet" access controls in
	ypserv. [06:15]

	Correct a bug in the handling of backslash characters in smbfs
	which can allow an attacker to escape from a chroot(2). [06:16]

20060419:	p7	FreeBSD-SA-06:14.fpu
	Correct a local information leakage bug affecting AMD FPUs.

20060322:	p6	FreeBSD-SA-06:11.ipsec, FreeBSD-SA-06:12.opie,
			FreeBSD-SA-06:13.sendmail
	Add missing code needed for the detection of IPSec packet
	replays. [06:11]

	Correctly identify the user running opiepasswd(1) when the login
	name differs from the account name. [06:12]

	Modify timeout handling logic in sendmail(8) to correct a reported
	signal handling race condition. [06:13]

20060301:	p5	FreeBSD-SA-06:10.nfs
	Correct a remote kernel panic when processing zero-length RPC
	records via TCP.

20060125:	p4	FreeBSD-SA-06:06.kmem, FreeBSD-SA-06:07.pf
	Make sure buffers in if_bridge are fully initialized before
	copying them to userland.  Correct a logic error which could
	allow too much data to be copied into userland. [06:06]

	Correct an error in pf handling of IP packet fragments which
	could result in a kernel panic. [06:07]

20060118:	p3	FreeBSD-SA-06:05.80211
	Correct a buffer overflow when scanning for 802.11 wireless
	networks which can be provoked by corrupt beacon or probe
	response frames.

20060111:	p2	FreeBSD-SA-06:01.texindex, FreeBSD-SA-06:02.ee,
			FreeBSD-SA-06:03.cpio, FreeBSD-SA-06:04.ipfw
	Correct insecure temporary file usage in texindex. [06:01]

	Correct insecure temporary file usage in ee. [06:02]

	Correct a race condition when setting file permissions,
	sanitize file names by default, and fix a buffer overflow
	when handling files larger than 4GB in cpio. [06:03]

	Fix an error in the handling of IP fragments in ipfw which
	can cause a kernel panic. [06:04]

20051219:	p1	FreeBSD-EN-05:04.nfs
	Correct a locking issue in nfs_lookup() where a call to vrele()
	might be made while holding the vnode mutex, which resulted
	in kernel panics under certain load patterns.

20051101:
	FreeBSD 6.0-RELEASE

20051011:		FreeBSD-SA-05:21.openssl
	Correct a man-in-the-middle SSL version rollback vulnerability.

20051001:
	kern.polling.enable sysctl MIB is now deprecated. Use ifconfig(8)
	to turn polling(4) on your interfaces.

20050722:
	The ai_addrlen of a struct addrinfo was changed to a socklen_t
	to conform to POSIX-2001.  This change broke an ABI
	compatibility on 64 bit architecture.  You have to recompile
	userland programs that use getaddrinfo(3) on 64 bit
	architecture.

20050711:
	RELENG_6 branched here.

20050629:
	The pccard_ifconfig rc.conf variable has been removed and a new
	variable, ifconfig_DEFAULT has been introduced.  Unlike
	pccard_ifconfig, ifconfig_DEFAULT applies to ALL interfaces that
	do not have ifconfig_ifn entries rather than just those in
	removable_interfaces.

20050616:
	Some previous versions of PAM have permitted the use of
	non-absolute paths in /etc/pam.conf or /etc/pam.d/* when referring
	to third party PAM modules in /usr/local/lib.  A change has been
	made to require the use of absolute paths in order to avoid
	ambiguity and dependence on library path configuration, which may
	affect existing configurations.

20050610:
	Major changes to network interface API.  All drivers must be
	recompiled.  Drivers not in the base system will need to be
	updated to the new APIs.

20050609:
	Changes were made to kinfo_proc in sys/user.h.  Please recompile
	userland, or commands like `fstat', `pkill', `ps', `top' and `w'
	will not behave correctly.

	The API and ABI for hwpmc(4) have changed with the addition
	of sampling support.  Please recompile lib/libpmc(3) and
	usr.sbin/{pmcstat,pmccontrol}.

20050606:
	The OpenBSD dhclient was imported in place of the ISC dhclient
	and the network interface configuration scripts were updated
	accordingly.  If you use DHCP to configure your interfaces, you
	must now run devd.  Also, DNS updating was lost so you will need
	to find a workaround if you use this feature.

20050605:
	if_bridge was added to the tree. This has changed struct ifnet.
	Please recompile userland and all network related modules.

20050603:
	The n_net of a struct netent was changed to an uint32_t, and
	1st argument of getnetbyaddr() was changed to an uint32_t, to
	conform to POSIX-2001.  These changes broke an ABI
	compatibility on 64 bit architecture.  With these changes,
	shlib major of libpcap was bumped.  You have to recompile
	userland programs that use getnetbyaddr(3), getnetbyname(3),
	getnetent(3) and/or libpcap on 64 bit architecture.

20050528:
	Kernel parsing of extra options on '#!' first lines of shell
	scripts has changed.  Lines with multiple options likely will
	fail after this date.  For full details, please see
		http://people.freebsd.org/~gad/Updating-20050528.txt

20050503:
	The packet filter (pf) code has been updated to OpenBSD 3.7
	Please note the changed anchor syntax and the fact that
	authpf(8) now needs a mounted fdescfs(5) to function.

20050415:
	The NO_MIXED_MODE kernel option has been removed from the i386
	amd64 platforms as its use has been superceded by the new local
	APIC timer code.  Any kernel config files containing this option
	should be updated.

20050227:
	The on-disk format of LC_CTYPE files was changed to be machine
	independent.  Please make sure NOT to use NO_CLEAN buildworld
	when crossing this point.

20050225:
	The ifi_epoch member of struct if_data has been changed to
	contain the uptime at which the interface was created or the
	statistics zeroed rather then the wall clock time because
	wallclock time may go backwards.  This should have no impact
	unless an snmp implementation is using this value (I know of
	none at this point.)

20050224:
	The acpi_perf and acpi_throttle drivers are now part of the
	acpi(4) main module.  They are no longer built separately.

20050223:
	The layout of struct image_params has changed. You have to
	recompile all compatibility modules (linux, svr4, etc) for use
	with the new kernel.

20050223:
	The p4tcc driver has been merged into cpufreq(4).  This makes
	"options CPU_ENABLE_TCC" obsolete.  Please load cpufreq.ko or
	compile in "device cpufreq" to restore this functionality.

20050220:
	The responsibility of recomputing the file system summary of
	a SoftUpdates-enabled dirty volume has been transferred to the
	background fsck.  A rebuild of fsck(8) utility is recommended
	if you have updated the kernel.

	To get the old behavior (recompute file system summary at mount
	time), you can set vfs.ffs.compute_summary_at_mount=1 before
	mounting the new volume.

20050206:
	The cpufreq import is complete.  As part of this, the sysctls for
	acpi(4) throttling have been removed.  The power_profile script
	has been updated, so you can use performance/economy_cpu_freq in
	rc.conf(5) to set AC on/offline cpu frequencies.

20050206:
	NG_VERSION has been increased. Recompiling kernel (or ng_socket.ko)
	requires recompiling libnetgraph and userland netgraph utilities.

20050114:
	Support for abbreviated forms of a number of ipfw options is
	now deprecated.  Warnings are printed to stderr indicating the
	correct full form when a match occurs.  Some abbreviations may
	be supported at a later date based on user feedback.  To be
	considered for support, abbreviations must be in use prior to
	this commit and unlikely to be confused with current key words.

20041221:
	By a popular demand, a lot of NOFOO options were renamed
	to NO_FOO (see bsd.compat.mk for a full list).  The old
	spellings are still supported, but will cause annoying
	warnings on stderr.  Make sure you upgrade properly (see
	the COMMON ITEMS: section later in this file).

20041219:
	Auto-loading of ancillary wlan modules such as wlan_wep has
	been temporarily disabled; you need to statically configure
	the modules you need into your kernel or explicitly load them
	prior to use.  Specifically, if you intend to use WEP encryption
	with an 802.11 device load/configure wlan_wep; if you want to
	use WPA with the ath driver load/configure wlan_tkip, wlan_ccmp,
	and wlan_xauth as required.

20041213:
	The behaviour of ppp(8) has changed slightly.  If lqr is enabled
	(``enable lqr''), older versions would revert to LCP ECHO mode on
	negotiation failure.  Now, ``enable echo'' is required for this
	behaviour.  The ppp version number has been bumped to 3.4.2 to
	reflect the change.

20041201:
	The wlan support has been updated to split the crypto support
	into separate modules.  For static WEP you must configure the
	wlan_wep module in your system or build and install the module
	in place where it can be loaded (the kernel will auto-load
	the module when a wep key is configured).

20041201:
	The ath driver has been updated to split the tx rate control
	algorithm into a separate module.  You need to include either
	ath_rate_onoe or ath_rate_amrr when configuring the kernel.

20041116:
	Support for systems with an 80386 CPU has been removed.  Please
	use FreeBSD 5.x or earlier on systems with an 80386.

20041110:
	We have had a hack which would mount the root filesystem
	R/W if the device were named 'md*'.  As part of the vnode
	work I'm doing I have had to remove this hack.  People
	building systems which use preloaded MD root filesystems
	may need to insert a "/sbin/mount -u -o rw /dev/md0 /" in
	their /etc/rc scripts.

20041104:
	FreeBSD 5.3 shipped here.

20041102:
	The size of struct tcpcb has changed again due to the removal
	of RFC1644 T/TCP.  You have to recompile userland programs that
	read kmem for tcp sockets directly (netstat, sockstat, etc.)

20041022:
	The size of struct tcpcb has changed.  You have to recompile
	userland programs that read kmem for tcp sockets directly
	(netstat, sockstat, etc.)

20041016:
	RELENG_5 branched here.  For older entries, please see updating
	in the RELENG_5 branch.

COMMON ITEMS:

	General Notes
	-------------
	Avoid using make -j when upgrading.  From time to time in the
	past there have been problems using -j with buildworld and/or
	installworld.  This is especially true when upgrading between
	"distant" versions (eg one that cross a major release boundary
	or several minor releases, or when several months have passed
	on the -current branch).

	Sometimes, obscure build problems are the result of environment
	poisoning.  This can happen because the make utility reads its
	environment when searching for values for global variables.
	To run your build attempts in an "environmental clean room",
	prefix all make commands with 'env -i '.  See the env(1) manual
	page for more details.

	Due to several updates to the build infrastructure, source
	upgrades from versions prior to 5.3 no longer supported.

	To build a kernel
	-----------------
	If you are updating from a prior version of FreeBSD (even one just
	a few days old), you should follow this procedure. With a
	/usr/obj tree with a fresh buildworld,
	make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
	make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE

	To test a kernel once
	---------------------
	If you just want to boot a kernel once (because you are not sure
	if it works, or if you want to boot a known bad kernel to provide
	debugging information) run
	make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
	nextboot -k testkernel

	To just build a kernel when you know that it won't mess you up
	--------------------------------------------------------------
	This assumes you are already running a 6.X system.  Replace
	${arch} with the architecture of your machine (e.g. "i386",
	"alpha", "amd64", "ia64", "pc98", "sparc64", etc).

	cd src/sys/${arch}/conf
	config KERNEL_NAME_HERE
	cd ../compile/KERNEL_NAME_HERE
	make depend
	make
	make install

	If this fails, go to the "To build a kernel" section.

	To rebuild everything and install it on the current system.
	-----------------------------------------------------------
	# Note: sometimes if you are running current you gotta do more than
	# is listed here if you are upgrading from a really old current.

	<make sure you have good level 0 dumps>
	make buildworld
	make kernel KERNCONF=YOUR_KERNEL_HERE
							[1]
	<reboot in single user>				[3]
	mergemaster -p					[5]
	make installworld
	mergemaster					[4]
	<reboot>


	To cross-install current onto a separate partition
	--------------------------------------------------
	# In this approach we use a separate partition to hold
	# current's root, 'usr', and 'var' directories.   A partition
	# holding "/", "/usr" and "/var" should be about 2GB in
	# size.

	<make sure you have good level 0 dumps>
	<boot into -stable>
	make buildworld
	make buildkernel KERNCONF=YOUR_KERNEL_HERE
	<maybe newfs current's root partition>
	<mount current's root partition on directory ${CURRENT_ROOT}>
	make installworld DESTDIR=${CURRENT_ROOT}
	cd src/etc; make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
	make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
	cp /etc/fstab ${CURRENT_ROOT}/etc/fstab 		   # if newfs'd
	<edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
	<reboot into current>
	<do a "native" rebuild/install as described in the previous section>
	<maybe install compatibility libraries from src/lib/compat>
 	<reboot>


	To upgrade in-place from 5.x-stable or higher to 6.x-stable
	-----------------------------------------------------------
	<make sure you have good level 0 dumps>
	make buildworld					[9]
	make kernel KERNCONF=YOUR_KERNEL_HERE		[8]
							[1]
	<reboot in single user>				[3]
	mergemaster -p					[5]
	make installworld
	mergemaster -i					[4]
	<reboot>

	Make sure that you've read the UPDATING file to understand the
	tweaks to various things you need.  At this point in the life
	cycle of current, things change often and you are on your own
	to cope.  The defaults can also change, so please read ALL of
	the UPDATING entries.

	Also, if you are tracking -current, you must be subscribed to
	freebsd-current@freebsd.org.  Make sure that before you update
	your sources that you have read and understood all the recent
	messages there.  If in doubt, please track -stable which has
	much fewer pitfalls.

	[1] If you have third party modules, such as vmware, you
	should disable them at this point so they don't crash your
	system on reboot.

	[3] From the bootblocks, boot -s, and then do
		fsck -p
		mount -u /
		mount -a
		cd src
		adjkerntz -i		# if CMOS is wall time
	Also, when doing a major release upgrade, it is required that
	you boot into single user mode to do the installworld.

	[4] Note: This step is non-optional.  Failure to do this step
	can result in a significant reduction in the functionality of the
	system.  Attempting to do it by hand is not recommended and those
	that pursue this avenue should read this file carefully, as well
	as the archives of freebsd-current and freebsd-hackers mailing lists
	for potential gotchas.

	[5] Usually this step is a noop.  However, from time to time
	you may need to do this if you get unknown user in the following
	step.  It never hurts to do it all the time.

	[8] In order to have a kernel that can run the 5.x binaries
	needed to do an installworld, you must include the COMPAT_FREEBSD5
	option in your kernel.  Failure to do so may leave you with a system
	that is hard to boot to recover.

	Make sure that you merge any new devices from GENERIC since the
	last time you updated your kernel config file.

	[9] When checking out sources, you must include the -P flag to have
	cvs prune empty directories.

	If CPUTYPE is defined in your /etc/make.conf, make sure to use the
	"?=" instead of the "=" assignment operator, so that buildworld can
	override the CPUTYPE if it needs to.

	MAKEOBJDIRPREFIX must be defined in an environment variable, and
	not on the command line, or in /etc/make.conf.  buildworld will
	warn if it is improperly defined.
FORMAT:

This file contains a list, in reverse chronological order, of major
breakages in tracking -STABLE.  Not all things will be listed here,
and it only starts on October 16, 2004.  Updating files can found in
previous releases if your system is older than this.

Copyright information:

Copyright 1998-2005 M. Warner Losh.  All Rights Reserved.

Redistribution, publication, translation and use, with or without
modification, in full or in part, in any form or format of this
document are permitted without further permission from the author.

THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.  IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

If you find this document useful, and you want to, you may buy the
author a beer.

Contact Warner Losh if you have any questions about your use of
this document.

$FreeBSD$