Softpedia >Linux >System >Operating Systems >Other >MidnightBSD >  Changelog

MidnightBSD Changelog

What's new in MidnightBSD 1.2

Oct 31, 2019
  • Bug Fixes:
  • Fixed spell(1) by bringing back deroff(1).
  • Fixed a bug with the mdnsd startup script (/etc/rc.d/mdnsd) where it wouldn't modify the /etc/nsswitch.conf properly when enabling mDNSresponder.
  • Security fixes:
  • The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer.
  • System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file.
  • Security patch for CVE-2019-5611.
  • Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller.
  • Fix some buffer overflows in telnet client
  • The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory.
  • Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes.
  • 3rd party software:
  • OpenSSH 7.9p1
  • bzip2 1.0.7
  • bsnmp bug fix - A function extracting the length from type-length-value encoding is not properly validating the submitted length.
  • Hardware:
  • jedec_dimm - some modules falsely report supporting temp sensors. Handle this better.
  • Some work was also completed on the USB stack.
  • add some quirks for sandisk sdcz48_32 ultra 32gb, ploytec spl crimson rev 1, edirol ua-25ex
  • Fix for reception of large full speed isochronous frames via the transaction translator.
  • In xhci(4) there is no stream ID in the completion TRB. instead interate all the stream idds in stream mode to find the matching USB transfer.
  • Fix a lost completion event issue towards libusb(3).
  • Reduce timeout for reading the USB HUB port status to 1000ms and try to filter out dead USB HUB devices by implemention of an error counter.
  • Mport Package Manager:
  • Several bug fixes to existing SQL queries were done in this release. It should improve lookups of packages when searching or installing updates. Error handling improvements were also done.
  • Some bug fixes around absolute paths should improve installation when plists contain absoluate paths.
  • You may choose an alternate package mirror location by setting the configuration after install.
  • Lookup current setting: mport config get mirror_region
  • Set the a new mirror location: mport config set mirror_region jp

New in MidnightBSD 1.1 (Feb 5, 2019)

  • This is a minor release to fix a few hardware and security issues that have come up since the 1.0 release. It is strongly recommended that you upgrade, particularly if you have newer Intel hardware.
  • This release also includes a new version of OpenSSL. This is a move from 1.0.1 to 1.0.2p in base. Many mports are built with a package and will likely not be affected. It is still recommended that you rebuild any mports using SSL or update the packages as appropriate.
  • OpenSSH was also updated and removes support for older SSH v1 connections.
  • A bug fix for ICMP underwrites is included. The icmp_error routine allocates either an mbuf or a cluster depending on the size of the data to be quoted in the ICMP reply, but the calculation failed to account for additional padding on 64-bit platforms when using a non-default sysctl value for net.inet.icmp.quotelen.
  • Perl 5.28.0 fixes a number of security issues present in the older 5.26 version included with 1.0.

New in MidnightBSD 0.8 (Aug 16, 2016)

  • MidnightBSD 0.8 includes several enhancements to the system. We switched system compilers from GCC 4.2 to llvm/clang 3.3 with plans to update to newer versions. We’re making use of libdispatch in our package manager. Several longstanding bugs with the mports framework have been fixed.

New in MidnightBSD 0.7 (Sep 20, 2015)

  • This release is primarily for stabilization, ZFS and mport package tool enhancements.

New in MidnightBSD 0.6 (Apr 27, 2015)

  • Security:
  • OpenSSL: The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]
  • The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]
  • A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]
  • OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]
  • TCP SYN: When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window.
  • Fix several security vulnerabilities in routed, rtsold, and namei with respect to Capsicum sandboxes looking up nonexistent path names and leaking memory.
  • The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.
  • Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8).
  • tnftp 20141031 fixes a security vulnerability with tnftp, CVE-2014-8517.
  • Fix a security issue with file and libmagic that can allow an attacker to create a denial of service attack on any program that uses libmagic.
  • BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable.
  • CVE-2015-1349 An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. This can result in a DOS attack.
  • IPv6: The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the MidnightBSD system.
  • sqlite 3.8.9 - Fix a potential 32-bit integer overflow problem in the sqlite3_blob_read() and sqlite3_blob_write() interfaces.
  • Enhancements:
  • Fix building perl during buildworld when the GDBM port is installed.
  • Fixed a bug with our clearenv(3) implementation that caused segfaults with some programs including Dovecot.
  • Update USB quirks to support K70 Corsair keyboard, and several other devices.
  • New Software Versions:
  • Apple mDNSResponder 561.1.1
  • mksh R50e
  • OpenSSH 6.6p1
  • OpenSSL 0.9.8.zf
  • serf 1.3.8
  • sudo 1.7.8
  • sqlite 3.8.9
  • tnftp 20141031
  • tzdata 2014i
  • xz 5.0.7
  • mports & package tools:
  • libmport now supports plist commands @dir, @owner, @group, @mode and @sample. This allows pkg-plist files to set permissions and handle creation and removal of directories. Previously, @dirrm only allowed the removal of directory on uninstall. This required some plists to contain mkdir commands built in. The new process is cleaner and faster.
  • This also means that ports that have been updated are not compatible with MidnightBSD 0.5 and lower mport tools any longer.
  • libmport attempts to detect an interactive tty is in use and will silence certain status messages when run in a non-interactive session.
  • There are several new asset types in plists including ASSET_DIR and ASSET_SAMPLE. Clients consuming libmport may need changes if they were altering behavior with handling plist files.
  • The database version for mport packages was updated (package version) and new columns for CPE were added to the database. This information is also exposed via the mport info command and many mports now provide this information. You can use mport cpe to list a summary for installed packages.
  • Regarding packages, the current selection is not great. There are currently 1500 packages for i386 and 1400 for amd64. This is due to major refactoring to the mports system in progress. Available package count has doubled since January and we expect more to be available soon. Some items will need to be built manually using mports rather than binary package. This is unfortunately true for xorg-server currently. We are working on getting X11 packages available for binary installation as a top priority.
  • If you are updating an existing system, after installing 0.6, you can use mport upgrade to update packages with 0.6 versions. It is recommended that you delete /usr/mports/Packages and run mport clean to remove old package remnants.

New in MidnightBSD 0.5.2 (Oct 22, 2014)

  • Fixed a regression with mksh R50c.

New in MidnightBSD 0.5 (Sep 26, 2014)

  • Security:
  • Fixed a security issue with TCP SYN packet processing that could result in a denial of service attack.
  • Fixed a bug with clearenv(3) that could result in a segfault
  • Several OpenSSL security issues were addressed in this release including [CVE-2014-3506], [CVE-2014-3507], [CVE-2014-3508] and [CVE-2014-3510]
  • Fix a vulnerability in the control message API. A buffer is not properly cleared before sharing with userland.
  • Sendmail failed to properly set close-on-exec for open file descriptors.
  • ktrace page fault kernel trace entries were set to an incorrect size which resulted in a leak of information.
  • Fix a TCP reassembly bug that could result in a DOS attack
  • bsnmpd contains a stack overflow when sent certain queries.
  • Enhancements:
  • Jails now run shutdown scripts.
  • Support for username with length 32. Previous limit was 16
  • Imported FreeBSD 9.2 usb stack (plus z87 patches from stable)
  • Updated em(4), igb(4) and ixgbe(4)
  • MidnightBSD now works with Z87 Intel chipsets.
  • rarpd supports vlan(4) and has a pid flag. (from FreeBSD)
  • Support for 65,536 routing tables was added. (up from 16)
  • Added subversion to base (as svnlite)
  • virtio(4) imported from FreeBSD 9-stable. SCSI support not included
  • Removed Features:
  • Sparc64 platform support
  • Remove (BIND) named from base. We still include the client utilities for now until replacements are found.
  • New Software Versions:
  • File 5.19
  • MKSH R50
  • less v458
  • Perl 5.18.2
  • Sendmail 8.14.7 (plus AAAA record patch)
  • Subversion 1.8.1
  • zlib 1.2.7
  • mports & package tools:
  • libmport was modified to support the concept of “upgrade” to migrate from one OS release to another. Packages now contain OS version they were built with. mport list now displays the OS version of the package to help with updating and mport list updates was changed to suggest upgrading to the current version.
  • Several bug fixes around checksum handling were resolved.
  • Package builds for the release are not yet complete.
  • KDE was removed from mports due to lack of a maintainer for our ports. KDE 3.x was too insecure and 4.x has not worked correctly for some time on MidnightBSD.
  • Currently, we’re recommending xfce 4.x as a desktop environment.

New in MidnightBSD 0.4 (Jul 6, 2013)

  • A new package management tool, mport, was added.
  • A large number of features were imported from FreeBSD 9.1, including ZFS with ZPOOL 28/dedup support, LLVM + CLANG in base, a migration to GPT as the default in the installer, bsdinstall, BSD licensed sort and grep, cpucontrol(8), and UFS2 + SUJ (journaling).
  • Also imported were the newer FreeBSD USB stack, NFSv4 client, syscons, and CAM based ATA.

New in MidnightBSD 0.3 (Jan 31, 2011)

  • 0.3 includes exciting new features such as support for ZFS, mDNSResponder for multicast DNS, libdispatch (no blocks support yet), brainfuck(1), AMD CPU temperature monitoring, updates to the linux emulation layer (2.6.16 compatibility) and the OpenBSD sensors framework.
  • This release includes a large merge from FreeBSD 7.0-RELEASE. Developers voted on the decision to merge many aspects of FreeBSD 7 into MidnightBSD in November 2008. This merge took some time and delayed the 0.3-RELEASE. It is not planned to do anything of this nature again. This release is thus based on FreeBSD 7.0 instead of 6.1.
  • Several new scripts have been added to make it easier to manage the system. One of these is netwait in rc.d. It allows you to wait for a network interface to come up while booting to ensure network activity is ready for touchy software.
  • Updated Software
  • The following software packages were updated for this release:
  • batt(1) rewritten in C
  • BIND 9.6.1-P2
  • bzip2 1.0.6
  • cpudup (DragonFly)
  • diffutils 2.8.7
  • em(4)
  • GCC 4.2.1
  • libarchive (2.5.5) with bsdcpio
  • libreadline 5.2 (GNU)
  • mksh R39c
  • nve(4)
  • OpenNTPD 4.4
  • OpenSSH 5.3p1
  • OpenSSL .98e
  • pnpinfo
  • Sendmail 8.14.4
  • sudo 1.7.2p6
  • sqlite 3.6.23
  • tcpdump 3.9.8
  • tzdata 2010e
  • unzip (BSD)
  • zlib 1.2.5
  • New software:
  • ale(4)
  • amdtemp(4)
  • audit (OpenBSM)
  • brainfuck (MirBSD)
  • firmware(9) from FreeBSD
  • jemalloc (FreeBSD)
  • libdispatch
  • libffi 3.0.9
  • makefs (NetBSD)
  • mDNSResponder
  • mport tools (optional new package system)
  • netpgp (NetBSD)
  • nfe(4)
  • Sensors framework (OpenBSD) including sensorsd(8)
  • ZFS (v6)
  • Removed software:
  • Alpha & PC98 utilities from usr/sbin
  • pcc
  • pcvt(4)
  • HPFS support

New in MidnightBSD 0.2.1 (Sep 2, 2008)

  • This version focused on adding hardware for newer devices including ATI, NVIDIA and Intel SATA controllers, and wireless support standard. A great deal of work was put into creating packages with over 2,000 packages available on our FTP server. The new release includes two CDs of packages plus X11 on disc1. Other software updated: GCC 3.4.6, BIND 9.4.2-p1, Sendmail, bzip2, OpenSSH 5.0p1, PCC compiler added (i386), removal of GNU cpio for BSD licensed version, cpdup added, IPv6 fixes, mksh added. Users who install KDE from the ISOs will be able to enable graphical login on boot-up. A script now runs on the first boot asking to enable BSDStats and 'graphical desktop environment'.