OmniOS r151004

r151004y

Weekly release for 15-19 Apr 2013

Security fixes
- web/curl - 7.30.0, libcurl cookie domain tailmatch, libcurl SASL buffer overflow vulnerability
Updated packages
- file/gnu-coreutils - 8.20, fixes cp permission error when preserving file ACLs (cp -a)
- incorporation/jeos/omnios-userland - relaxes restrictions on curl and gnu-coreutils packages to allow for the above updates

r151004v

Weekly release for 1-5 Apr 2013

Updated packages
- network/dns/bind - 9.9.2-P2, Removed the check for regex.h in configure (isc.org). OmniOS does not ship libregex so there is no security vulnerability.
- system/pciutils/pci.ids - updated to 2013-03-29 snapshot

r151004t

Weekly release for 18-22 Mar 2013

Security fix
- driver/virtualization/kvm - fix for CVE-2013-1798 Fix bounds checking in ioapic indirect register reads.

Note: The illumos KVM implementation is not vulnerable to the other two CVEs that are related to this one (1796, 1797)

If you do not run any KVM guests, you likely do not have the kvm driver loaded. Simply updating the package will be sufficient. An updated omnios-userland incorporation package is required as well, which relaxes the version constraint on the KVM packages. A blanket ‘pkg update’ will take care of this, but if you are not applying all available updates, you need, at a minimum: omnios-userland, driver/virtualization/kvm and system/kvm

To update the kvm driver on a running system:

Obtain the module ID, which is the first column in the output of modinfo(1M):

# modinfo | grep kvm
266 fffffffff8325000  39ff0 265   1  kvm (kvm driver v0.1)

Shut down all KVM guests.
Unload the current module using the ID obtained above:
```
# modunload -i 266
```
Load the updated module:
```
# modload -p drv/kvm
```
Verify the updated module has loaded. Note the change in size from the previous info (third column):
```
# modinfo | grep kvm
266 fffffffff8325000  39eb0 265   1  kvm (kvm driver v0.1)
```

If you encounter errors with the above procedure, just reboot.

r151004r

Weekly release for 4-8 Mar 2013

Security fixes
- security/sudo - fixes for Authentication bypass when clock is reset (CVE-2013-1775) and Potential bypass of tty_tickets constraints CVE-2013-1776)
  - Requires updated omnios-userland to relax the version restriction
Updated packages
- system/pciutils/pci.ids updated to 2013-03-02 snapshot

As always, a pkg update -nv will do a “dry run” and show you the proposed upgrades.

r151004n

Weekly release for 4-8 Feb 2013

Security fixes
- library/security/openssl@1.0.1.4 - SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) OpenSSL advisory
  - Shortly after r151004n was announced, we were made aware of a regression in 1.0.1d that causes corruption of the data stream on x86_64. We have applied the patch referenced in the ticket and re-published the package
  - The omnios-userland incorporation was overly restrictive with the openssl version. In order to update openssl, do:
    # pkg update omnios-userland openssl
  - This shell script will examine running processes in the current zone and tell you which services need to be restarted to complete the update
Updated packages
- system/pciutils/pci.ids updated to 2013-02-05 snapshot

r151004j

Weekly release for 7-11 Jan 2013

Updated packages
- system/library/pcap - backported fix from bloody which corrects a build issue that results in a missing symbol.
- system/pciutils/pci.ids - updated to 2013-01-07 snapshot

r151004h

Weekly release for 24-28 Dec 2012

Updated packages
- developer/versioning/git - Now with man pages! Git documentation is written in AsciiDoc, which requires an enormous number of dependencies, adding support overhead and bloat for little benefit. Git’s man pages are now built on a different system and included in the final package.

r151004f

Weekly release for 10-14 Dec 2012

New packages
- system/management/ec2-api-tools - API tools serve as the client interface to the Amazon EC2 web service
Updated packages
- network/dns/bind - BIND 9.9.2-P1 client utilities
- system/pciutils/pci.ids updated to 2012-12-08 snapshot

r151004b

Weekly release for 12-16 Nov 2012

Bug fixes
- Missing build dependency for system/management/ipmitool resulted in bmc interface not working. Recompiled with correct support
New packages
- system/management/ec2-credential - Service that handles Amazon EC2 ssh key setup at boot time. Already included in official AMIs; not relevant outside AWS
Updated packages
- system/pciutils/pci.ids updated to 2012-11-11 snapshot

r151004

Stable release, October 29, 2012

illumos-omnios at 33fdde4

Highlights

Corrected some latent issues with package metadata related to upgrading
- New “omnios-userland” incorporation prevents accidentally upgrading non-illumos-gate packages past one’s current release
- NOTE: A small number of package updates are required prior to upgrading from r151002 See Upgrade_r151002_r151004
illumos-gate built with GCC 4.4.4-il
ZFS feature flags
ZFS I/O throttling for zones

Userland changes

developer/build/automake-111 - Automake 1.11.6
file/gnu-coreutils - /usr/gnu/bin/install now linked to /usr/bin/install
network/dns/bind - BIND 9.9.2
system/install/kayak - more utilities in miniroot environment, helpful for breakfix
system/library/pcap - libpcap 1.3.0, now uses DLPI
system/pciutils/pci.ids - snapshot as of 2012-10-10
Removed GCC 3 packages: developer/gcc-3, system/library/gcc-3-runtime

Notable upstream illumos changes

370 Open-source IPMI baseboard driver (driver/ipmi)
3047 grep support for -r
3014 Intel X540 Support
3021 time-ordered output for DTrace
1450 illumos buildable with GCC4
2831 reduce SMF memory footprint
2619 asynchronous destruction of ZFS file systems
2747 zpool feature flags

Changes from other sources

illumos-kvm as of bb04ae8a50 (Joyent)
illumos-kvm-cmd as of 6d85df9c59 (Joyent)
ZFS I/O throttle (Joyent)
- includes new vfsstat command to inspect filesystem activity closer to where it matters for applications
2869 Fix duplicate packets when using VNICs over aggr links (OmniTI)