FreeBSD Monitor - Feeds::freebsd_updating 2015-07-06T23:59:59Z FreeBSD Monitor freebsd_updating 2015-07-06T23:59:59Z sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0<br />and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by<br />default, i.e., they will not contain "::". For example, instead<br />of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet<br />to have a more specific match, such as different map entries for<br />IPv6:0:0 vs IPv6:0. This change requires that configuration<br />data (including maps, files, classes, custom ruleset, etc.) must<br />use the same format, so make certain such configuration data is<br />upgrading. As a very simple check search for patterns like<br />'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old<br />behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or<br />the cf option UseCompressedIPv6Addresses. freebsd_updating 2015-06-30T23:59:59Z The default kernel entropy-processing algorithm is now<br />Fortuna, replacing Yarrow.<br /><br />Assuming you have 'device random' in your kernel config<br />file, the configurations allow a kernel option to override<br />this default. You may choose *ONE* of:<br /><br />options RANDOM_YARROW # Legacy /dev/random algorithm.<br />options RANDOM_DUMMY # Blocking-only driver.<br /><br />If you have neither, you get Fortuna. For most people,<br />read no further, Fortuna will give a /dev/random that works<br />like it always used to, and the difference will be irrelevant.<br /><br />If you remove 'device random', you get *NO* kernel-processed<br />entopy at all. This may be acceptable to folks building<br />embedded systems, but has complications. Carry on reading,<br />and it is assumed you know what you need.<br /><br />*PLEASE* read random(4) and random(9) if you are in the<br />habit of tweeking kernel configs, and/or if you are a member<br />of the embedded community, wanting specific and not-usual<br />behaviour from your security subsystems.<br /><br />NOTE!! If you use RANDOM_DUMMY and/or have no 'device<br />random', you will NOT have a functioning /dev/random, and<br />many cryptographic features will not work, including SSH.<br />You may also find strange behaviour from the random(3) set<br />of library functions, in particular sranddev(3), srandomdev(3)<br />and arc4random(3). The reason for this is that the KERN_ARND<br />sysctl only returns entropy if it thinks it has some to<br />share, and with RANDOM_DUMMY or no 'device random' this<br />will never happen. freebsd_updating 2015-06-23T23:59:59Z An additional fix for the issue described in the 20150614 sendmail<br />entry below has been been committed in revision 284717. freebsd_updating 2015-06-16T23:59:59Z FreeBSD's old make (fmake) has been removed from the system. It is<br />available as the devel/fmake port or via pkg install fmake. freebsd_updating 2015-06-16T23:59:59Z /etc/make.conf now included earlier.<br /> now includes /etc/make.conf and {local,src} earlier<br />than previously.<br />This makes it simple to interpose external toolchains etc.<br />However it may cause problems for users who have things like::<br /><br /> INSTALL+= something<br /><br />in /etc/make.conf, since INSTALL is not yet defined.<br />A safe fix for that is to have::<br /><br /> INSTALL?= install<br /> INSTALL+= something<br /><br />which is equivalent to previous behavior. freebsd_updating 2015-06-15T23:59:59Z The fix for the issue described in the 20150614 sendmail entry<br />below has been been committed in revision 284436. The work<br />around described in that entry is no longer needed unless the<br />default setting is overridden by a confDH_PARAMETERS configuration<br />setting of '5' or pointing to a 512 bit DH parameter file. freebsd_updating 2015-06-14T23:59:59Z The import of openssl to address the FreeBSD-SA-15:10.openssl<br />security advisory includes a change which rejects handshakes<br />with DH parameters below 768 bits. sendmail releases prior<br />to 8.15.2 (not yet released), defaulted to a 512 bit<br />DH parameter setting for client connections. To work around<br />this interoperability, sendmail can be configured to use a<br />2048 bit DH parameter by:<br /><br />1. Edit /etc/mail/`hostname`.mc <br />2. If a setting for confDH_PARAMETERS does not exist or<br /> exists and is set to a string beginning with '5',<br /> replace it with '2'.<br />3. If a setting for confDH_PARAMETERS exists and is set to<br /> a file path, create a new file with:<br /> openssl dhparam -out /path/to/file 2048<br />4. Rebuild the .cf file:<br /> cd /etc/mail/; make; make install<br />5. Restart sendmail:<br /> cd /etc/mail/; make restart<br /><br />A sendmail patch is coming, at which time this file will be<br />updated. freebsd_updating 2015-06-14T23:59:59Z ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from<br /> (included from Please upgrade devel/atf<br />and devel/kyua to version 0.20+ and adjust any calling code to work<br />with Kyuafile and kyua. freebsd_updating 2015-06-04T23:59:59Z Generation of legacy formatted entries have been disabled by default<br />in pwd_mkdb(8), as all base system consumers of the legacy formatted<br />entries were converted to use the new format by default when the new,<br />machine independent format have been added and supported since FreeBSD<br />5.x.<br /><br />Please see the pwd_mkdb(8) manual page for further details. freebsd_updating 2015-05-25T23:59:59Z Clang and llvm have been upgraded to 3.6.1 release. Please see the<br />20141231 entry below for information about prerequisites and upgrading,<br />if you are not already using 3.5.0 or higher. freebsd_updating 2015-05-23T23:59:59Z chmod, chflags, chown and chgrp now affect symlinks in -R mode as<br />defined in symlink(7); previously symlinks were silently ignored. freebsd_updating 2015-05-21T23:59:59Z TI platform code switched to using vendor DTS files and this update<br />may break existing systems running on Beaglebone, Beaglebone Black,<br />and Pandaboard:<br /><br />- dtb files should be regenerated/reinstalled. Filenames are the<br />same but content is different now<br />- GPIO addressing was changed, now each GPIO bank (32 pins per bank)<br />has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old<br />addressing scheme is now pin 25 on /dev/gpioc3.<br />- Pandaboard: /etc/ttys should be updated, serial console device is<br />now /dev/ttyu2, not /dev/ttyu0 freebsd_updating 2015-05-01T23:59:59Z soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.<br />If you need the GNU extension from groff soelim(1), install groff<br />from package: pkg install groff, or via ports: textproc/groff. freebsd_updating 2015-04-23T23:59:59Z chmod, chflags, chown and chgrp now affect symlinks in -R mode as<br />defined in symlink(7); previously symlinks were silently ignored. freebsd_updating 2015-04-16T23:59:59Z Libraries specified by LIBADD in Makefiles must have a corresponding<br />DPADD_&lt;lib&gt; variable to ensure correct dependencies. This is now<br />enforced in freebsd_updating 2015-04-15T23:59:59Z The const qualifier has been removed from iconv(3) to comply with<br />POSIX. The ports tree is aware of this from r384038 onwards. freebsd_updating 2015-03-24T23:59:59Z From legacy ata(4) driver was removed support for SATA controllers<br />supported by more functional drivers ahci(4), siis(4) and mvs(4).<br />Kernel modules ataahci and ataadaptec were removed completely,<br />replaced by ahci and mvs modules respectively. freebsd_updating 2015-03-15T23:59:59Z Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see<br />the 20141231 entry below for information about prerequisites and<br />upgrading, if you are not already using 3.5.0 or higher. freebsd_updating 2015-03-07T23:59:59Z The 32-bit PowerPC kernel has been changed to a position-independent<br />executable. This can only be booted with a version of loader(8)<br />newer than January 31, 2015, so make sure to update both world and<br />kernel before rebooting. freebsd_updating 2015-02-17T23:59:59Z If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),<br />but before r278950, the RNG was not seeded properly. Immediately<br />upgrade the kernel to r278950 or later and regenerate any keys (e.g.<br />ssh keys or openssl keys) that were generated w/ a kernel from that<br />range. This does not effect programs that directly used /dev/random<br />or /dev/urandom. All userland uses of arc4random(3) are effected.