Releases: MidnightBSD/src
3.2.0
I’m happy to announce the availability of MidnightBSD 3.2 for amd64 and i386.
This release included updates to third-party libraries, bug fixes from the 3.1 release, and security updates.
Upgrade Process
Install git if you don’t have it already
mport install git
Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)
git clone -b stable/3.2 https://github.com/MidnightBSD/src.git
NOTE: some users have experienced build errors on 2.x which require disabling perl in usr.bin/Makefile at the top and removing camcontrol and df from the rescue/rescue/Makefile temporarily. You can build these once on 3.x.
cd /usr/src; make -j4 clean buildworld buildkernel;
choose one of etcupdate or mergemaster -p
make installkernel
reboot
(if it works OK, login and go to /usr/src)
make installworld
choose one of etcupdate or mergemaster -iU
Update installed mports/packages
For mport package manager, run mport index
mport clean
mport upgrade
Remove old libraries and programs from the base.
rm -rf /usr/lib/perl/5.36.1 cd /usr/src/; make check-old; make delete-old; make installworld;
Perl was removed from base in 3.2. Install from mports or packages via mport install perl5.36
Bug Fixes and new features
Ravenports
Ravenports is available in MidnightBSD for the amd64 architecture. The initial installation process will prompt you to bootstrap Ravenports. This will initialize it in /raven/, and you will be able to install software packages using /raven/sbin/ravensw. By default, /raven/bin, /raven/sbin, and so on are not on the path. You can add them to the path to make running software in your shell easier. Please visit their website to learn more about Ravenports and find quickstart guides. http://www.ravenports.com/
You can choose either mports or Ravenports at installation time or use packages from both systems. Please note that mixing packages may have some complications, although they are installed in a completely different place from mports.
There are various benefits to Ravenports, but a few are more updated packages and quite a few unique packages that mports doesn’t provide currently. For example, Ravenports has an updated Firefox package available.
You will not see Ravenports presented as an option on an i386 install.
Mport package manager
Updated mport to 2.6.2
Miscellaneous Changes
Fixed a bug with portsnap configuration with 3.x releases where it used an old index.
Fix for some vnc clients with bhyve, added com ports to bhyve
Various manual pages cleaned up.
zstd enabled in libarchive
telnetd removed
libfetch: don't rely on ca_root_nss for certificate validation
add endian.h for linux compatibility
Security Fixes
OpenSSH security vulnerability
A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1.
OpenSSH 9.3p2 - CVE-2023-38408 Patch for CVE-2023-48795
Fix security issue in libpcap OSV-2020-1231
Fix for wpa supplicant CVE-2023-52160
pf security issue:
As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence numbers which match the current connection state to avoid being rejected by the firewall. A bug in the implementation of sequence number validation means that the sequence number is not in fact validated, allowing an attacker who is able to impersonate the remote host and guess the connection's port numbers to inject packets into the TCP stream.
3rd Party Software
Perl removed from base. Install via mports
brainfuck removed from base. Moved to mports
Removed subversion from base. install from mports if needed. (use git for MidnightBSD)
expat 2.6.2
ldns 1.8.3
sendmail 8.18.1
libarchive 3.7.2
zstd 1.5.2
Unbound 1.19.3
xz / lzma 5.4.5
tzdata 2023d
mandoc 1.14.6
OpenSSH 9.3p2
nvi 2.2.1
openssl 1.1.1w
Hardware
PCI vendors list updated (April 2024)
AMD zen4 temperature sensor support
unbreak Promise RAID1 with 4+ providers
usbdevs: add quirk for WD MyPassport Ultra External HDD
ahci: add AMD KERNCZ (RAID) device id in RAID mode
Known Issues
Ravenports install is not in the path, but we also don’t tell you that during bootstrap.
On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without swapping or crashing. Occasional VM hangs have also been seen. It works fine on bare metal, bhyve, or VMware products.
3.1.6
Fix OpenSSH security vulnerability CVE-2024-6387
3.1.5
Updates unbound to fix some CVEs
wpa supplicant patch for GHSA-hj6q-jrf5-2pm3
3.1.4
- mport 2.6.2
- fixed man page build with perl
- disabled dtrace in perl
- tzdata 2023d
- perl bugfixes.
3.1.3
3.1.2
MidnightBSD 3.1.1 for workgroups
Includes several security fixes plus updates to the mport package manager.
add endian.h for linux compatibility
midnightbsd-update fix an issue with boot environments as the -r flag is needed with deep
In some instances, the regcomp() implementation would inadvertently s…
For line-buffered streams the __sflush() function did not correctly u…
openssl 1.1.1w
mport:
mport 2.4.5 + post changes:
- Adds support for delete checks on directory entries
- Check MOVED data for expired ports and display in mport info common
3.1.0
MidnightBSD 3.1
8/27/2023
I’m happy to announce the availability of MidnightBSD 3.1 for amd64 and i386.
This release included updates to third-party libraries, bug fixes from the 3.0 release, and a new third-party package option: Ravenports Universal Package System.
Upgrade Process
(You can also do this with svnlite using github)
Install git if you don’t have it already
mport install git
Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)
git clone https://github.com/MidnightBSD/src.git
Checkout the stable/3.1 branch
git checkout stable/3.1
cd /usr/src; make clean buildworld buildkernel;
mergemaster -p
make installkernel
reboot
(if it works OK, login and go to /usr/src)
make installworld
mergemaster -iU
mport index
Update installed mports/packages.
rm -rf /usr/lib/perl/5.36.0
cd /usr/src/; make check-old; then run make delete-old and finally make installworld
When you are done, verify that Perl is updated by running perl -v
You should have Perl 5.36.1.
Bug Fixes and new features
Ravenports
Ravenports is now available in MidnightBSD for the amd64 architecture. The initial installation process will prompt you to bootstrap Ravenports. This will initialize it in /raven/, and you will be able to install software packages using /raven/sbin/ravensw. By default, /raven/bin, /raven/sbin, and so on are not on the path. You can add them to the path to make running software in your shell easier. Please visit their website to learn more about Ravenports and find quickstart guides. http://www.ravenports.com/
You can choose either mports or Ravenports at installation time or use packages from both systems. Please note that mixing packages may have some complications, although they are installed in a completely different place from mports.
There are various benefits to Ravenports, but a few are more updated packages and quite a few unique packages that mports doesn’t provide currently. For example, Ravenports has an updated Firefox package available.
You will not see Ravenports presented as an option on an i386 install.
Mport package manager
There have been a number of improvements in the mport package manager for this release. In 2.4.3, we fixed the XXX rate issue reported. It now displays information about the download and a percentage of the file fetched so far. There is an output bug where it displays the percentage with an incorrect decimal place that will be fixed in a later release. This only impacts mport use in scripts or other non-interactive terminals.
mport clean now removes temporary files that might get left behind by other operations
mport clean now removes leftover /var/db/mport/infrastructure/* folders that might get left behind prior to a fix for mtree files last year. (mostly for older systems)
mport's internal rmtree functionality has been modified to use native C routines rather than executing rm -r as a system command. (Please report any issues with removing files in packages on delete with this.) This is slightly faster with very large packages. (0.03 seconds or so)
mport list updates will now give you better information about why a package is not found in the index. If the package is listed in the MOVED file in the mports repository, it will tell you if it's removed/expired or moved to another location.
Now that MOVED file contents are part of the index, we can start doing more intelligent updates in the future. The first package build to include this data is the latest amd64 3.1 build. It will be available for i386 on the next package build done on that platform.
Install Changes
Users are now prompted to try to install appropriate packages for their graphics cards. We don’t yet do autodetection, but it’s a step in the right direction for automating installs.
Miscellaneous Changes
tftpd: introduce new option -S
pf: handle multiple IPv6 fragment headers
pf: fix pf_nv##_array() size check
netstat -i: compute most field widths dynamically
frag6: Avoid a possible integer overflow in fragment handling
lib/libc/string/bcmp.c: fix integer overflow bug
logger(1): fix timestamps in case of long run
libalias: improve handling of invalid SCTP packets
wpa: Enable receiving priority tagged (VID 0) frames
bridge: Log MAC address port flapping
fusefs: update atime on reads when using cached attributes
Security Fixes
add fix for CVE-2022-25147 (apr-util)
workaround an integer overflow in apr_base64 functions.
Fix CVE-2020-10188 in telnetd
Fix for GELI silently omits the keyfile if read from stdin
Multiple security vulnerabilities have been discovered in the Heimdal implementation of the Kerberos 5 network authentication protocols and KDC.
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
CVE-2019-14870 Validate client attributes in protocol-transition
CVE-2019-14870 Apply forwardable policy in protocol-transition
CVE-2019-14870 Always lookup impersonate client in DB
3rd Party Software
Perl 5.36.1
openssl 1.1.1u
zlib 1.2.13 for kernel use
OpenSSH 9.1p1
libarchive 3.6.2
sendmail 8.17.1
libxo 1.0.4
doas 6.3p9
tzdata 2023c
xz 5.2.9
file 5.43
sqlite3 3.40.1
less 551
subversion 1.14.2
mDNSResponder-1096.40.7
Hardware
ena: Update driver version to v2.6.3
e1000: fix VLAN 0
Fix for Intel 82599 ixgbe device, which reported errors on the interface incorrectly.
jedec_dimm(4): Add manufacturing year and week.
e1000: Fix packet loss on 11th gen and later
ixl(4): Fix SR-IOV panics
ixl(4): Add support for I710 devices
ixl(4): Fix VLAN HW filtering
ice(4): Update to 1.34.2-k
ioat: Add Ice Lake ID.
Known Issues
Mport gives too much output when downloading packages non-interactively.
Mport package creation crashes on a few meta ports. We’re investigating this. GNUstep is one example. You can still install all the other GNUstep-related ports, just not the metaport.
Ravenports install is not in the path, but we also don’t tell you that during bootstrap.
The Perl version was updated, so having a mix of older packages with 3.1 packages may cause issues with Perl. Best to update all Perl libraries.
The Mono package is broken on 3.1 in mports. No ETA on this one.
On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without swapping or crashing. Occasional VM hangs have also been seen. It works fine on bare metal, bhyve, or VMware products.