Version 1.6 ----------- * Remove warn-on-new-headers behaviour; security branches are guaranteed to maintain stable ABIs. The one case in the past where ABI breakage happened (SA-03:02.openssl) does not apply to any FreeBSD releases which are still officially supported. * Check that `uname -sr` is "FreeBSD *-(RELEASE|RELEASE-p*|SECURITY)" to make sure that people don't try to use FreeBSD Update on -STABLE or -CURRENT (where it has a good chance of causing problems). * For "fetch" and "IDS" commands, check that descriptor zero points to a terminal. This fixes unintentional denial-of-service-at-5AM attacks on my server. (When running from cron(8), the "cron" command should be used.) * Add support for specifying a trusted key and/or URL at the command line. * Add support for multiple architectures by adding /`uname -p` into the URL from which updates are fetched. * The RSA code used here has been tested on i386, alpha, and amd64. It is known to fail on ia64. Other platforms have not yet been tested. Version 1.5 ----------- * Add --branch option to `freebsd-update fetch` to allow users to force updates along one of the branches (crypto, nocrypto, krb4, and krb5 at present) even if the local MD5 hashes don't match (eg, if files have been recompiled). * Add warning if any .h files were changed (this caused problems with FreeBSD-SA-03:02.openssl). Version 1.4 ----------- * Complete rewrite: big ugly makefile -> big ugly shell script * Files moved: /usr/local/freebsd-update/ is now only used for work files, code is in /usr/local/sbin/ where it belongs. * Performance: Where several update index lines refer to the same binary, it will now only be MD5ed once. * Bandwidth reduction: Key and index are cached locally (and verified), reducing the bandwidth used to 256 bytes if there are no new updates. * Feature: `freebsd-update fetch` will now warn about files which have been modified locally if the '-v' flag is passed. * Feature: `freebsd-update IDS` now exists; for every file which is installed as part of the binary RELEASE, it compares the existing file against a (signed) database of known good hashes. Version 1.3 ----------- * Use binary patches to cut bandwidth usage by 98%. Version 1.2 ----------- * Fetch updates from update.daemonology.net. Version 1.1 ----------- * Fixes a files-which-contain-':'-in-their-names bug. * Fixes a bug which causes stamped text files to not be identified as having changed where appropriate. * Supports multiple versions of files (eg, nocrypto, crypto, krb4, krb5) and updates to the correct version. * Not compatible with earlier versions. Version 1.0 ----------- * Mentioned on -hackers, Feb 16, 2003 * Sent to security-officer for review * Fixes problems in 0.9 Version 0.9 ----------- * First release * Announced on -stable and -binup, Dec 25, 2002. * Some files are ignored (doc/usd/*, doc/psd/*, libobjc.a, libobjc_p.a) * Hard links are broken