Commit Graph

236 Commits

Author SHA1 Message Date
bsh
ff9356e5c3 add note about SYMTAB_SPACE. 2012-03-19 06:08:51 +00:00
joerg
a7408e7eff Extend entry to makemandb permission issue. 2012-02-15 23:32:27 +00:00
spz
e74a3a0936 fix typo/braino 2012-02-09 21:49:31 +00:00
joerg
4880720394 Add note about new apropos and mandoc for formatting. Document failing
update builds due to the cat page removal.
2012-02-07 19:37:14 +00:00
christos
06e09d97b3 mention pam unbump. 2011-12-27 16:54:51 +00:00
tls
14a90da1e9 Mention that "pseudo-device rnd" should be removed from custom kernel
configs.  Thanks to Julio for pointing this out.
2011-11-26 01:20:25 +00:00
tls
3afd44cf08 First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>.  This change includes
the following:

	An initial cleanup and minor reorganization of the entropy pool
	code in sys/dev/rnd.c and sys/dev/rndpool.c.  Several bugs are
	fixed.  Some effort is made to accumulate entropy more quickly at
	boot time.

	A generic interface, "rndsink", is added, for stream generators to
	request that they be re-keyed with good quality entropy from the pool
	as soon as it is available.

	The arc4random()/arc4randbytes() implementation in libkern is
	adjusted to use the rndsink interface for rekeying, which helps
	address the problem of low-quality keys at boot time.

	An implementation of the FIPS 140-2 statistical tests for random
	number generator quality is provided (libkern/rngtest.c).  This
	is based on Greg Rose's implementation from Qualcomm.

	A new random stream generator, nist_ctr_drbg, is provided.  It is
	based on an implementation of the NIST SP800-90 CTR_DRBG by
	Henric Jungheim.  This generator users AES in a modified counter
	mode to generate a backtracking-resistant random stream.

	An abstraction layer, "cprng", is provided for in-kernel consumers
	of randomness.  The arc4random/arc4randbytes API is deprecated for
	in-kernel use.  It is replaced by "cprng_strong".  The current
	cprng_fast implementation wraps the existing arc4random
	implementation.  The current cprng_strong implementation wraps the
	new CTR_DRBG implementation.  Both interfaces are rekeyed from
	the entropy pool automatically at intervals justifiable from best
	current cryptographic practice.

	In some quick tests, cprng_fast() is about the same speed as
	the old arc4randbytes(), and cprng_strong() is about 20% faster
	than rnd_extract_data().  Performance is expected to improve.

	The AES code in src/crypto/rijndael is no longer an optional
	kernel component, as it is required by cprng_strong, which is
	not an optional kernel component.

	The entropy pool output is subjected to the rngtest tests at
	startup time; if it fails, the system will reboot.  There is
	approximately a 3/10000 chance of a false positive from these
	tests.  Entropy pool _input_ from hardware random numbers is
	subjected to the rngtest tests at attach time, as well as the
	FIPS continuous-output test, to detect bad or stuck hardware
	RNGs; if any are detected, they are detached, but the system
	continues to run.

	A problem with rndctl(8) is fixed -- datastructures with
	pointers in arrays are no longer passed to userspace (this
	was not a security problem, but rather a major issue for
	compat32).  A new kernel will require a new rndctl.

	The sysctl kern.arandom() and kern.urandom() nodes are hooked
	up to the new generators, but the /dev/*random pseudodevices
	are not, yet.

	Manual pages for the new kernel interfaces are forthcoming.
2011-11-19 22:51:18 +00:00
jym
f0eca4d0dd Inform that the prop_{array,dictionary}_send_syscall(3) change breaks
backward compatibility with old quota2 binaries, so ensure that you
update both (proplib + quota2 executables) simultaneously when updating
a -current installation.
2011-09-30 22:17:50 +00:00
mrg
8188255310 switch sparc to GCC 4.5.3. 2011-08-17 09:18:37 +00:00
riastradh
ebb828104e i386 and amd64 are on GCC 4.5 too now. 2011-08-12 03:26:51 +00:00
mrg
2f34a216cb add a note about cleaning the tree for GCC 4.5. 2011-08-06 23:07:14 +00:00
matt
6da5e72aff Note changes to xz require cleaning of a directory by hand. 2011-08-04 03:48:11 +00:00
dholland
e23caa73d0 Update this weekend's note on cleaning gcc: you need to clean binutils too. 2011-04-10 22:46:09 +00:00
joerg
29f33e6b4e Add a generic note about GCC's error on changed variables and a specific
entry for the sysroot related changes breaking MKUPDATE.
2011-04-10 20:22:32 +00:00
plunky
8f6f899225 Building the Xorg binary was moved into a subdirectory to fix
ordering issues with "make all". It may be necessary to remove
	the OBJDIR for external/mit/xorg/server/xorg-server/hw/xfree86
	if your update build fails, as the "Xorg" entry there is now a
	directory.
2011-04-10 08:29:31 +00:00
lukem
5cc6fc1ef0 fix typo in "-traditional-cpp" 2011-01-23 23:40:37 +00:00
joerg
19b23810a0 Switch remaining platforms to modern CPP for assembler. 2011-01-21 15:59:04 +00:00
joerg
13d8b2b89c Move SPARC and SPARC64 to modern CPP. Update UPDATING note for this and
Alpha.
2011-01-17 18:11:09 +00:00
joerg
5a2c3d029b Add entry about -tradition-cpp change for people not using build.sh. 2011-01-15 16:13:59 +00:00
jruoho
27cfff3b3e Make tcpdump(8) to drop root privileges and chroot(2) by default. 2010-12-17 09:54:27 +00:00
christos
f9d2e9c2a9 Mention setenv lossage. 2010-11-25 22:08:49 +00:00
mrg
5a881be08e add a note about xorg updates 2010-11-23 06:49:29 +00:00
dholland
c939deefa5 minor clarification 2010-06-09 17:29:15 +00:00
jmmv
782d4e60b0 atf 0.9 includes a backwards incompatible change that requires rebuilding
the sh tests.  Add a note to tell users to clean up the old files, as
otherwise the rebuilds will not be triggered.
2010-06-04 15:11:31 +00:00
mrg
61d6ec5ea8 note about xsrc update build issues. 2010-05-22 11:10:59 +00:00
tnozaki
5abea6a8dd ctype.h was splitted, so you have to make cleandir tools/mklocale. 2010-05-22 09:11:04 +00:00
christos
ad3a6c191f mention compiled xkb move. 2010-05-22 02:31:25 +00:00
njoly
d4da917501 Note shared objects extension change, and stalled files. 2010-02-22 12:35:32 +00:00
roy
ca59b5d5fb Document termcap database removal. 2010-02-04 22:25:21 +00:00
mbalmer
be714279aa Fold long lines. 2009-12-26 11:00:46 +00:00
dholland
b8da7e87e0 Note briefly that new amd64 kernels don't build with old binutils. 2009-11-16 07:45:50 +00:00
dholland
03f8ca1cdf fix typo in previous 2009-11-16 07:39:54 +00:00
dyoung
9b166e5b23 Mention that 'build.sh -u' may also break while building lex. 2009-11-02 01:11:31 +00:00
dyoung
4dd9f36d7a Mention that build.sh -u may get hung up building yacc. 2009-11-02 01:09:21 +00:00
mrg
59f9a2c36f add a note about accidental compiled/xkb symlinks appearing 2009-10-02 03:13:23 +00:00
dsl
8122d522e6 Presence of index.o in existing libc.a causes duplicate symbol now that
strchr.[cS] provides its definition.
2009-07-18 09:50:32 +00:00
dholland
976c3188e1 Add an entry for last summer's libpthread compat fix, since it
apparently never got listed (only posted on current-users) and came up
again recently.

Thanks to Martin Husemann, Matthias Drochner, and Geoff Wing for info
(any errors are mine).

As per http://mail-index.netbsd.org/current-users/2008/08/05/msg003880.html.
2009-07-09 08:04:32 +00:00
dholland
ac1daebd72 Fix a garbled old entry that I happened upon just now. 2009-07-09 07:50:24 +00:00
mrg
c7d3afbfeb note that update builds might again fail for new xorg 2009-07-09 07:31:54 +00:00
mrg
716317980c add a note about native xorg updates 2009-06-21 20:08:36 +00:00
dholland
e60ba8891a Add note about Postgres WRT the time_t change. 2009-05-27 18:02:57 +00:00
perry
7663ec7383 note a new failure mode thanks to the new string functions
requested by mrg
2009-05-01 23:08:25 +00:00
mrg
7df3c8b380 add a note about needing to rebuild i386 toolchain 2009-03-29 18:33:56 +00:00
skrll
d5aae1338a s/posix_fadvise/__posix_fadvise50/ in last. 2009-02-08 11:58:25 +00:00
skrll
8bfb786048 posix_fadvise needs help again. 2009-02-07 13:44:48 +00:00
joerg
e497a92b9e Add recommendation to rebuild the pkgdb cache after an update. 2009-02-05 20:00:58 +00:00
apb
a845fc861f Try to clarify the situation for utmp/utmpx/wtmpx/account files after
the time_t and dev_t changes.  I am not sure that this is accurate,
and there's no mention of the wtmp file.
2009-01-21 14:19:58 +00:00
hubertf
1e18dfb8f6 Make it clearer how link time failures in packages can be fixed
OK'd by christos
2009-01-14 15:53:29 +00:00
christos
8348a919d7 provide more details. 2009-01-11 18:00:04 +00:00
dholland
5f34550dd1 fix typo 2009-01-11 03:32:44 +00:00