FreeBSD Monitor - Feeds::freebsd_updating http://fbsdmon.org/feed/freebsd_updating 2015-08-27T23:59:59Z FreeBSD Monitor freebsd_updating http://fbsdmon.org/feed/freebsd_updating/e2bb39652dab0f59e1c4 2015-08-27T23:59:59Z pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl'<br />These configurations are now automatically interpreted as<br />'scrub fragment reassemble'. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/9849f406a922168c42b4 2015-08-27T23:59:59Z The wireless drivers had undergone changes that remove the 'parent<br />interface' from the ifconfig -l output. The rc.d network scripts<br />used to check presence of a parent interface in the list, so old<br />scripts would fail to start wireless networking. Thus, etcupdate(3)<br />or mergemaster(8) run is required after kernel update, to update your<br />rc.d scripts in /etc. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/8b15a40d031065cc9459 2015-08-17T23:59:59Z Kernel-loadable modules for the random(4) device are back. To use<br />them, the kernel must have<br /><br />device random<br />options RANDOM_LOADABLE<br /><br />kldload(8) can then be used to load random_fortuna.ko<br />or random_yarrow.ko. Please note that due to the indirect<br />function calls that the loadable modules need to provide,<br />the build-in variants will be slightly more efficient.<br /><br />The random(4) kernel option RANDOM_DUMMY has been retired due to<br />unpopularity. It was not all that useful anyway. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/8d8834f10fa220abc846 2015-08-13T23:59:59Z The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired.<br />Control over building the ELF Tool Chain tools is now provided by<br />the WITHOUT_TOOLCHAIN knob. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/a48175097246de174749 2015-08-10T23:59:59Z The polarity of Pulse Per Second (PPS) capture events with the<br />uart(4) driver has been corrected. Prior to this change the PPS<br />"assert" event corresponded to the trailing edge of a positive PPS<br />pulse and the "clear" event was the leading edge of the next pulse.<br /><br />As the width of a PPS pulse in a typical GPS receiver is on the<br />order of 1 millisecond, most users will not notice any significant<br />difference with this change.<br /><br />Anyone who has compensated for the historical polarity reversal by<br />configuring a negative offset equal to the pulse width will need to<br />remove that workaround. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/ba7fe49dfbdc729ee94d 2015-08-09T23:59:59Z The default group assigned to /dev/dri entries has been changed<br />from 'wheel' to 'video' with the id of '44'. If you want to have<br />access to the dri devices please add yourself to the video group<br />with:<br /><br /># pw groupmod video -m $USER freebsd_updating http://fbsdmon.org/feed/freebsd_updating/9bb2b765e7f6a136cf97 2015-08-06T23:59:59Z The menu.rc and loader.rc files will now be replaced during <br />upgrades. Please migrate local changes to menu.rc.local and<br />loader.rc.local instead. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/93f4631fd6ca15991343 2015-08-05T23:59:59Z GNU Binutils versions of addr2line, c++filt, nm, readelf, size,<br />strings and strip have been removed. The src.conf(5) knob<br />WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/1d5dc66b40223aacdd79 2015-07-28T23:59:59Z As ZFS requires more kernel stack pages than is the default on some<br />architectures e.g. i386, it now warns if KSTACK_PAGES is less than<br />ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).<br /><br />Please consider using 'options KSTACK_PAGES=X' where X is greater<br />than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/ea6472c7728652389456 2015-07-06T23:59:59Z sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0<br />and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by<br />default, i.e., they will not contain "::". For example, instead<br />of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet<br />to have a more specific match, such as different map entries for<br />IPv6:0:0 vs IPv6:0. This change requires that configuration<br />data (including maps, files, classes, custom ruleset, etc.) must<br />use the same format, so make certain such configuration data is<br />upgrading. As a very simple check search for patterns like<br />'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old<br />behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or<br />the cf option UseCompressedIPv6Addresses. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/09196b8ded5f7c065fa5 2015-06-30T23:59:59Z The default kernel entropy-processing algorithm is now<br />Fortuna, replacing Yarrow.<br /><br />Assuming you have 'device random' in your kernel config<br />file, the configurations allow a kernel option to override<br />this default. You may choose *ONE* of:<br /><br />options RANDOM_YARROW # Legacy /dev/random algorithm.<br />options RANDOM_DUMMY # Blocking-only driver.<br /><br />If you have neither, you get Fortuna. For most people,<br />read no further, Fortuna will give a /dev/random that works<br />like it always used to, and the difference will be irrelevant.<br /><br />If you remove 'device random', you get *NO* kernel-processed<br />entopy at all. This may be acceptable to folks building<br />embedded systems, but has complications. Carry on reading,<br />and it is assumed you know what you need.<br /><br />*PLEASE* read random(4) and random(9) if you are in the<br />habit of tweeking kernel configs, and/or if you are a member<br />of the embedded community, wanting specific and not-usual<br />behaviour from your security subsystems.<br /><br />NOTE!! If you use RANDOM_DUMMY and/or have no 'device<br />random', you will NOT have a functioning /dev/random, and<br />many cryptographic features will not work, including SSH.<br />You may also find strange behaviour from the random(3) set<br />of library functions, in particular sranddev(3), srandomdev(3)<br />and arc4random(3). The reason for this is that the KERN_ARND<br />sysctl only returns entropy if it thinks it has some to<br />share, and with RANDOM_DUMMY or no 'device random' this<br />will never happen. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/4c218b847dec953f089f 2015-06-23T23:59:59Z An additional fix for the issue described in the 20150614 sendmail<br />entry below has been been committed in revision 284717. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/4ee6506c7652f0c74821 2015-06-16T23:59:59Z FreeBSD's old make (fmake) has been removed from the system. It is<br />available as the devel/fmake port or via pkg install fmake. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/d19c447a97861e747085 2015-06-16T23:59:59Z /etc/make.conf now included earlier.<br />sys.mk now includes /etc/make.conf and {local,src}.sys.mk earlier<br />than previously.<br />This makes it simple to interpose external toolchains etc.<br />However it may cause problems for users who have things like::<br /><br /> INSTALL+= something<br /><br />in /etc/make.conf, since INSTALL is not yet defined.<br />A safe fix for that is to have::<br /><br /> INSTALL?= install<br /> INSTALL+= something<br /><br />which is equivalent to previous behavior. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/8a92a9543df6edd054dc 2015-06-15T23:59:59Z The fix for the issue described in the 20150614 sendmail entry<br />below has been been committed in revision 284436. The work<br />around described in that entry is no longer needed unless the<br />default setting is overridden by a confDH_PARAMETERS configuration<br />setting of '5' or pointing to a 512 bit DH parameter file. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/1c64bbd2f251ffab4cd2 2015-06-14T23:59:59Z The import of openssl to address the FreeBSD-SA-15:10.openssl<br />security advisory includes a change which rejects handshakes<br />with DH parameters below 768 bits. sendmail releases prior<br />to 8.15.2 (not yet released), defaulted to a 512 bit<br />DH parameter setting for client connections. To work around<br />this interoperability, sendmail can be configured to use a<br />2048 bit DH parameter by:<br /><br />1. Edit /etc/mail/`hostname`.mc<br />2. If a setting for confDH_PARAMETERS does not exist or<br /> exists and is set to a string beginning with '5',<br /> replace it with '2'.<br />3. If a setting for confDH_PARAMETERS exists and is set to<br /> a file path, create a new file with:<br /> openssl dhparam -out /path/to/file 2048<br />4. Rebuild the .cf file:<br /> cd /etc/mail/; make; make install<br />5. Restart sendmail:<br /> cd /etc/mail/; make restart<br /><br />A sendmail patch is coming, at which time this file will be<br />updated. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/79fdf2315f429ccdb42f 2015-06-14T23:59:59Z The import of openssl to address the FreeBSD-SA-15:10.openssl<br />security advisory includes a change which rejects handshakes<br />with DH parameters below 768 bits. sendmail releases prior<br />to 8.15.2 (not yet released), defaulted to a 512 bit<br />DH parameter setting for client connections. To work around<br />this interoperability, sendmail can be configured to use a<br />2048 bit DH parameter by:<br /><br />1. Edit /etc/mail/`hostname`.mc <br />2. If a setting for confDH_PARAMETERS does not exist or<br /> exists and is set to a string beginning with '5',<br /> replace it with '2'.<br />3. If a setting for confDH_PARAMETERS exists and is set to<br /> a file path, create a new file with:<br /> openssl dhparam -out /path/to/file 2048<br />4. Rebuild the .cf file:<br /> cd /etc/mail/; make; make install<br />5. Restart sendmail:<br /> cd /etc/mail/; make restart<br /><br />A sendmail patch is coming, at which time this file will be<br />updated. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/f66ac7e307d5757c037b 2015-06-14T23:59:59Z ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from<br />atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf<br />and devel/kyua to version 0.20+ and adjust any calling code to work<br />with Kyuafile and kyua. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/81b32ca79d37ac59c4f6 2015-06-04T23:59:59Z Generation of legacy formatted entries have been disabled by default<br />in pwd_mkdb(8), as all base system consumers of the legacy formatted<br />entries were converted to use the new format by default when the new,<br />machine independent format have been added and supported since FreeBSD<br />5.x.<br /><br />Please see the pwd_mkdb(8) manual page for further details. freebsd_updating http://fbsdmon.org/feed/freebsd_updating/f67507b6472117d071ad 2015-05-25T23:59:59Z Clang and llvm have been upgraded to 3.6.1 release. Please see the<br />20141231 entry below for information about prerequisites and upgrading,<br />if you are not already using 3.5.0 or higher.