mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-23 13:41:08 +01:00
443 lines
16 KiB
Plaintext
443 lines
16 KiB
Plaintext
Updating Information for FreeBSD current users
|
|
|
|
This file is maintained by imp@village.org. Please send new entries
|
|
directly to him. See end of file for further details. For commonly
|
|
done items, please see the end of the file. Search for 'COMMON
|
|
ITEMS:'
|
|
|
|
20001005:
|
|
This weekend the ports tree will be updated to a new layout.
|
|
It will be in an inconsistant state until noted in the UPDATING
|
|
file, or with asami-san's message to the relevant mailing
|
|
lists. With this new layout, you'll need to update the whole
|
|
tree for anything to work.
|
|
|
|
20000916:
|
|
/boot/kernel/kernel.ko -> /boot/kernel/kernel change has taken
|
|
place. Please update boot loader (not the boot blocks) at the
|
|
same time as your kernel.
|
|
|
|
20000914:
|
|
The new pmtimer device is necessary for laptops. Failure to
|
|
include the device will cause suspended laptops losing time
|
|
when they resume. Include
|
|
device pmtimer
|
|
in your config file and
|
|
hint.pmtimer.0.at="isa"
|
|
to your /boot/device.hints file.
|
|
|
|
20000911:
|
|
The random device has been turned into a (pseudo-)device,
|
|
rather than an option. The supplied kernel config files have
|
|
been updated. You will need to do something similar in your
|
|
own kernel config file.
|
|
Remove:
|
|
options RANDOMDEV
|
|
Add:
|
|
device random
|
|
If you prefer to load the loadable module, you need to do
|
|
nothing.
|
|
|
|
20000909:
|
|
The random device module has been renamed from randomdev.ko to
|
|
random.ko. You will need to edit your /boot/loader.conf to
|
|
reflect this if you load this module at boot time.
|
|
The line should read:
|
|
random_load="YES"
|
|
|
|
20000907:
|
|
The SMPNG commit has happened. It should work, but if it
|
|
doesn't, fallback to the PRE_SMPNG CVS tag. There are likely
|
|
to be a variety of minor issues. Please see 20000905 to make
|
|
sure you don't have model loading problems which might at
|
|
first blush appear related to SMP.
|
|
|
|
20000906:
|
|
nsswitch has been imported from NetBSD. Among other things,
|
|
this means that /etc/host.conf is no longer used. See
|
|
nsswitch.conf(5) instead. Note that at boot time rc.network
|
|
will attempt to produce a new nsswitch.conf file for you if you
|
|
don't have one, and you have host.conf.
|
|
|
|
20000905:
|
|
The ucred structure changed size. This breaks the interface
|
|
that mountd uses. Trying to use an older mountd with a newer
|
|
kernel guarantees a panic. This means that you need to use
|
|
kernels newer than today only with matching mountd, but you
|
|
needed to do that anyway with the boot loader changes.
|
|
|
|
20000905:
|
|
The boot loader has been updated. The new default kernel is
|
|
now /boot/kernel/kernel.ko. The new default module location
|
|
is /boot/kernel.
|
|
|
|
You *MUST* upgrade your boot loader and kernel at the same time.
|
|
The easiest way to do this is to do the buildworld/buildkernel/
|
|
installkernel/installworld dance.
|
|
|
|
Furthermore, you are urged to delete your old /modules directory
|
|
before booting the new kernel, since kldload will find stale
|
|
modules in that directory instead of finding them in the correct
|
|
path, /boot/kernel. The most common complaint that this cures
|
|
is that the linux module crashes your machine after the update.
|
|
|
|
if [ ! -d /boot/kernel.old ]; then
|
|
mv /modules.old /boot/kernel.old
|
|
chflags noschg /kernel.old
|
|
mv /kernel.old /boot/kernel.old/kernel.ko
|
|
chflags schg /boot/kernel.old/kernel.ko
|
|
fi
|
|
|
|
20000904:
|
|
A new issue with the sendmail upgrade has come to light.
|
|
/etc/aliases has moved to /etc/mail/aliases. Mergemaster will
|
|
incorrectly install the default aliases in /etc/mail rather than
|
|
move the old one from /etc. So you'll need to manually move the
|
|
file, create a symbolic link, remove the old /etc/aliases.db and
|
|
run newaliases. For safety sake, you should stop sendmail
|
|
while doing this and run the upgrade when locally sourced email
|
|
is not likely to be generated.
|
|
|
|
20000825:
|
|
/boot/device.hints is now required for installkernel to
|
|
succeed. You should copy GENERIC.hints for your architecture
|
|
into /boot/device.hints. If and only if you compile hints
|
|
into your kernel, then this file may be empty. Please note,
|
|
if you have an empty or missing /boot/device.hints file and
|
|
you neglected to compile hints into your kernel, no boot
|
|
messages will appear after the boot loader tries to start the
|
|
kernel.
|
|
|
|
20000821:
|
|
If you do NOT have ``options RANDOMDEV'' in your kernel and
|
|
you DO want the random device then add randomdev_load="YES" to
|
|
/boot/loader.conf.
|
|
|
|
20000812:
|
|
suidperl is now always built and installed on the system, but
|
|
with permissions of 511. If you have applications that use
|
|
this program, you are now required to add ENABLE_SUIDPERL=true
|
|
to /etc/make.conf. If you forget to do this,
|
|
chmod 4511 /usr/bin/suidperl
|
|
will fix this until the next build.
|
|
|
|
20000812:
|
|
sendmail has been updated from 8.9.3 to 8.11.0. Some of the more
|
|
visible changes that may immediately affect your configuration
|
|
include:
|
|
- New default file locations from src/contrib/sendmail/cf/README
|
|
- newaliases limited to root and trusted users
|
|
- MSA port (587) turned on by default
|
|
- New queue file naming system so can't go from 8.11 -> 8.9
|
|
- FEATURE(`rbl') renamed to FEATURE(`dnsbl')
|
|
- FEATURE(`nullclient') is more full featured
|
|
- FEATURE(`nouucp') requires an argument: `reject' or `nospecial'
|
|
- mail.local FreeBSD-only -b option changed to -B
|
|
- See src/contrib/sendmail/RELEASE_NOTES for more info
|
|
|
|
20000810:
|
|
suidperl (aka sperl) is no longer build by default. You must
|
|
specifically define BUILD_SUIDPERL to "true" for it to be build.
|
|
Furthermore, we recommend that you remove /usr/bin/sperl* and
|
|
/usr/bin/suidperl files from your system unless you have a
|
|
specific use for it.
|
|
|
|
20000729:
|
|
Networking defaults have been tightened. Anybody upgrading
|
|
/etc/defaults/rc.conf needs to add the following lines to
|
|
/etc/rc.conf if they want to have the same setup
|
|
afterwards (unless the variables already are set, of course):
|
|
# Enable network daemons for user convenience.
|
|
inetd_enable="YES"
|
|
portmap_enable="YES"
|
|
sendmail_enable="YES"
|
|
|
|
20000728:
|
|
If you have null_load="YES" in your /boot/loader.conf, you
|
|
will need to change that to nullfs_load="YES".
|
|
|
|
20000728:
|
|
The "installkernel" target has changed slightly. Now even if
|
|
you override KERNEL e.g. 'make installkernel KERNEL=MYKERNEL'
|
|
it will install the MYKERNEL file (built with the buildkernel
|
|
target) as /kernel rather than /MYKERNEL. Those who have
|
|
updated their /boot/loader.conf files to point to /MYKERNEL
|
|
should remove that entry or perform manual rename of /kernel
|
|
to /MYKERNEL.
|
|
|
|
20000711:
|
|
If you use CVSUP or CTM to get CVS trees, AND you used to get
|
|
the old crypto files from internat.freebsd.org AND you check
|
|
out files from the CVS tree with the cvs command, please read
|
|
http://people.freebsd.org/~imp/internat.txt
|
|
for details on potential problems that you might have and how
|
|
to get around them.
|
|
|
|
If you are merely a mirror, or don't answer yes to each of the
|
|
clauses above, you needn't worry.
|
|
|
|
20000711:
|
|
/etc/security has been updated to print the inode number of
|
|
setuid programs that have changed. You will see a large spike
|
|
in the number of changed programs the first time when you run
|
|
mergemaster to get a new /etc/security.
|
|
|
|
20000710:
|
|
/dev/random now has good entropy collection (from the keyboard
|
|
and sysmouse drivers). Please ensure that either `options
|
|
RANDOMDEV' is present in your kernel config file or that
|
|
`randomdev_load="YES"' is in your /boot/loader.conf. If you do
|
|
not have the /dev/random driver, OpenSSL (and consequently
|
|
lots of crypto tools (like SSH)) will fail with strange
|
|
errors. (see below, 20000624).
|
|
|
|
FreeBSD-current is safe again to run Crypto.
|
|
|
|
20000709:
|
|
phk made the malloc default options AJ. This may slow things
|
|
down and uncover other latent bugs in the code. If you need to
|
|
run at full speed, you can disable this by doing the following:
|
|
ln -s aj /etc/malloc.conf
|
|
|
|
20000706:
|
|
libftpio's version was accidentally bumped a few days ago. This
|
|
has been corrected. You may need to remove /usr/lib/libftpio.so.6
|
|
before doing your next buildworld/installworld pair. It certainly
|
|
won't hurt to remove it before the update procedure. It will
|
|
break fetch until a new one is built, but ftp can be used in the
|
|
interim if needed.
|
|
|
|
20000705:
|
|
The crypto packages have changed for the cvsup. This has been done
|
|
in a backward compatible way, but the old packages will go away at
|
|
some point in the future. Look at /usr/share/examples/cvsup for
|
|
details.
|
|
|
|
20000704:
|
|
With the new sys/modules/sound/drivers/*, you will need to
|
|
set SYSDIR until you do an installworld after July 7th.
|
|
|
|
20000704:
|
|
rc.shutdown and rc will now call the rc.d scripts with start
|
|
or stop. This may cause some harmless warnings from older
|
|
rc.d scripts that haven't been updated.
|
|
|
|
20000630:
|
|
The libfetch based version of fetch has gone into the tree.
|
|
Minor problems may result on some of the less popular sites,
|
|
which should be reported to des@freebsd.org.
|
|
|
|
20000625:
|
|
From approximately this date forward, one must have the crypto
|
|
system installed in order to build the system and kernel.
|
|
While not technically strictly true, one should treat it as
|
|
required and grab the crypto bits. If you are grabbing CVS
|
|
trees, src-all and cvs-crypto should be treated as if they
|
|
were required. You should check with the latest collections
|
|
to make sure that these haven't changed.
|
|
|
|
20000624:
|
|
Mark Murray just committed the first parts of a cleanup of
|
|
/dev/zero, et al. This is also cleaning up /dev/random.
|
|
The entropy is disconnected, so DO NOT USE VERSIONS OF FREEBSD
|
|
-CURRENT FROM THIS POINT FORWARD for cryptographic services
|
|
until Mark can merge in the fixes to this work in progress.
|
|
openssh and openssl should not be used to generate keys from this
|
|
date to the completion of the work.
|
|
|
|
If you must operate at this reduced level of security, add '
|
|
options RANDOMDEV' to your kernel or modload the randomdev
|
|
module. You may also need to copy a new MAKEDEV to /dev and
|
|
recreate the random and urandom devices.
|
|
|
|
20000622:
|
|
The license on the softupdates is now a standard 2 clause
|
|
BSD license. You may need to remove your symbolic links
|
|
that used to be required when updating.
|
|
|
|
20000621:
|
|
Scott Flatman <sf@aracnet.com> sent in a decent write-up on
|
|
the config file update procedure.
|
|
http://people.freebsd.org/~imp/config-upd.html
|
|
NOTE: LINT is gone. It has been replaced with NOTES. NOTES
|
|
isn't buildable. However, you can generate a LINT file.
|
|
|
|
20000620:
|
|
Binutils 2.10 have hit the tree, or will shortly. As soon
|
|
as they do, the problem noted in 20000522 will be resolved and
|
|
that workaround will no longer be required.
|
|
|
|
20000615:
|
|
phk removed the compatibility creation of wd devices in the
|
|
ad driver. If you haven't done so already, you must update
|
|
your fstab, etc to use the ad devices instead of the wd
|
|
devices.
|
|
|
|
In addition, you'll need to update your boot blocks to a
|
|
more modern version, if you haven't already done so. Modern
|
|
here means 4.0 release or newer (although older releases
|
|
may work).
|
|
|
|
20000612:
|
|
Peter took an axe to config(8). Be sure that you read his mail
|
|
on the topic before even thinking about updating. You will
|
|
need to create a /boot/device.hints or add a hints directive
|
|
to your config file to compile them in statically. The format
|
|
of the config file has changed as well. Please see GENERIC or
|
|
NEWCARD for examples of the new format.
|
|
|
|
20000522:
|
|
A new set of binutils went into the tree today. Anybody
|
|
building a kernel after this point is advised that they need
|
|
to rebuild their binutils (or better yet do a
|
|
buildworld/installworld) before building a new kernel.
|
|
|
|
Due to bugs in binutils, using malloc options (eg /etc/malloc.conf
|
|
or MALLOC_OPTIONS env var) J will cause ld to dump core. It
|
|
is recommended that you don't set this option until the problem
|
|
is resolved.
|
|
|
|
20000513:
|
|
The ethernet drivers were all updated to clean up the BPF handling.
|
|
|
|
20000510:
|
|
The problems with boot blocks on the alphas have been corrected.
|
|
This will require some care in updating alphas. A new libstand
|
|
is requires for the boot blocks to build properly.
|
|
|
|
20000503:
|
|
Recompile all kld modules. Proper version dependency info
|
|
is now available.
|
|
|
|
20000502:
|
|
Modules have been disconnected from the buildworld tree and
|
|
connected to the kernel building instead.
|
|
|
|
2000427:
|
|
You may need to build gperf
|
|
cd /usr/src/gnu/usr.bin/gperf && make depend all install
|
|
when upgrading from 4.0 -> current. The build system now uses
|
|
an option only in -current.
|
|
|
|
20000417:
|
|
The method that we brand ELF binaries has changed to be more
|
|
acceptable to the binutils maintainers. You will need to
|
|
rebrand your ELF binaries that aren't native. One problem
|
|
binary is the Linux ldconfig. After your make world, but
|
|
before you reboot, you'll need to issue:
|
|
brandelf -t Linux /compat/linux/sbin/ldconfig
|
|
if you have Linux compatibility enabled on your machine.
|
|
|
|
20000320:
|
|
If you have really bad/marginal IDE drives, you may find they
|
|
don't work well. Use pio mode instead. The easiest way to
|
|
cope if you have a problem combination is to add:
|
|
/sbin/sysctl -w hw.atamodes=pio,pio,pio,pio
|
|
to the start of /etc/rc.conf.
|
|
|
|
20000319:
|
|
The ISA and PCI compatibility shims have been connected to the
|
|
options COMPAT_OLDISA and COMPAT_OLDPCI. If you are using old
|
|
style PCI or ISA drivers (i.e. tx, voxware, etc.) you must
|
|
include the appropriate option in your kernel config. Drivers
|
|
using the shims should be updated or they won't ship with
|
|
5.0-RELEASE, targeted for 2001.
|
|
|
|
20000318:
|
|
We've entered the traditional post release dumping party.
|
|
Large kernel changes are being committed and are in the
|
|
works. It is important to keep the systems' klds and kernel
|
|
in sync as kernel interfaces and structures are changing.
|
|
Before reporting kernel panics, make sure that all modules
|
|
that you are loading are up to date.
|
|
|
|
20000315:
|
|
If you are upgrading from an older version of FreeBSD, you
|
|
need to update your boot blocks as well. 'disklabel -B ad0'
|
|
will do the trick. This isn't critical until you remove your
|
|
wd device entries in /dev, at which point your system will not
|
|
boot.
|
|
|
|
20000315:
|
|
4.0 RELEASE shipped. Please see the 4.0 UPDATING file for how
|
|
to upgrade to 4.0 from 3.x.
|
|
|
|
COMMON ITEMS:
|
|
|
|
General Notes
|
|
-------------
|
|
Avoid using make -j when upgrading. From time to time in the
|
|
past there have been problems using -j with buildworld and/or
|
|
installworld. This is especially true when upgrading between
|
|
"distant" versions (eg one that cross a major release boundary
|
|
or several minor releases, or when several months have passed
|
|
on the -current branch).
|
|
|
|
To build a kernel
|
|
-----------------
|
|
If you are updating from a prior version of FreeBSD (even one just
|
|
a few days old), you should follow this procedure. With a
|
|
/usr/obj tree with a fresh buildworld,
|
|
make buildkernel KERNEL=YOUR_KERNEL_HERE
|
|
make installkernel KERNEL=YOUR_KERNEL_HERE
|
|
|
|
To just build a kernel when you know that it won't mess you up
|
|
--------------------------------------------------------------
|
|
cd src/sys/{i386,alpha}/conf
|
|
config KERNEL_NAME_HERE [1]
|
|
cd ../../compile/KERNEL_NAME_HERE
|
|
make depend
|
|
make
|
|
make install
|
|
|
|
[1] If in doubt, -r might help here.
|
|
|
|
If this fails, go to the "To build a kernel" section.
|
|
|
|
To rebuild everything and install it on the current system.
|
|
-----------------------------------------------------------
|
|
make world
|
|
Build a new kernel, see above.
|
|
|
|
To upgrade from 4.x-stable to current
|
|
-------------------------------------
|
|
make buildworld
|
|
make buildkernel KERNEL=YOUR_KERNEL_HERE
|
|
cp src/sys/${MACHINE_ARCH}/GENERIC.hints /boot/device.hints [2]
|
|
make installkernel KERNEL=YOUR_KERNEL_HERE
|
|
make installworld
|
|
[1]
|
|
<reboot>
|
|
|
|
Make sure that you've read the UPDATING file to understand the
|
|
tweaks to various things you need. At this point in the life
|
|
cycle of current, things change often and you are on your own
|
|
to cope. The defaults can also change, so please read ALL of
|
|
the UPDATING entries.
|
|
|
|
Also, if you are tracking -current, you must be subscribed to
|
|
freebsd-current@freebsd.org. Make sure that before you update
|
|
your sources that you have read and understood all the recent
|
|
messages there. If in doubt, please track -stable which has
|
|
much fewer pitfalls.
|
|
|
|
[1] If you have third party modules, such as vmware, you
|
|
should disable them at this point so they don't crash your
|
|
system on reboot.
|
|
|
|
[2] If you have legacy ISA devices, you may need to create
|
|
your own device.hints to reflect your unique hardware
|
|
configuration.
|
|
|
|
FORMAT:
|
|
|
|
This file contains a list, in reverse chronological order, of major
|
|
breakages in tracking -current. Not all things will be listed here,
|
|
and it only starts on March 15, 2000. Updating files can found in
|
|
previous releases if your system is older than this.
|
|
|
|
Please filter your entries through Warner Losh (imp@village.org) so
|
|
that the style, formatting, etc of this file can be maintained.
|
|
|
|
$FreeBSD$
|