Thu, 22 Aug 2013 11:59
0.4-RELEASE-p2 : Fix IP MULTICAST and SCTP vulnerabilities
Fix two security vulnerabilities.Fix an integer overflow in IP_MSFILTER (IP MULTICAST). This could be exploited to read memory by a user process.When initializing the SCTP state cookie being sent in INIT-ACK chunks,a buffer allocated from the kernel stack is not completely initialized.Patches obtained from: FreeBSD...
Wed, 17 Jul 2013 23:00
Bug in 0.4-RELEASE
We've identified a bug related to package management in MidnightBSD .0.4-RELEASE.
The hash check that is part of libmport is improperly working. This means you can't install packages with the mport command.
To work around this issue, please checkout the 0.4-RELEASE source from CVS using the directions onthe site and then rebuild and install libmport.
Mon, 08 Jul 2013 12:23
In addition to our mirrors, we have some other options for downloading 0.4 release popping up....
Sat, 06 Jul 2013 19:41
MidnightBSD 0.4-RELEASEMidnightBSD 0.4 has been released on July 5, 2013. It includes many new features, butof particular interest is the new package management tool, mport.This release is a bit different from previous releases in that we plan to updatepackages during the support period for 0.4. Rather than upload packages andsit on them for the life of the release, you will be able to download updatedpackages for i386 and amd64 periodically.Due to this new feature, our initial package offering is smaller than we've donefor previous releases as many things had to get migrated and updated. We planto expand the packages available in the coming weeks.In addition to mport, we've imported a large number of features from FreeBSD 9.1including ZFS with ZPOOL 28/dedup support, LLVM + CLANG in base, migration to GPTas the default in the installer, bsdinstall, BSD licensed sort and grep,cpucontrol(8), and UFS2 + SUJ (journaling). We've also imported the newer FreeBSDUSB stack, NFSv4 client, syscons, and CAM based ATA.Support for newer hardware includes Intel Sandybridge and Ivy Bridge graphics,various wifi chipsets, updates to Intel and Realtek ethernet adapters, and acpi.The default system compiler is still GCC 4.2, but it has been updated to a newer release.We also removed libobjc from base as it was GCC specific and we want to migrate tolibobjc2. We offer libobjc2 in mports and it will work with GCC and LLVM.MidnightBSD now has it's own GPT partition types and offers a new search command,msearch.libc gains strnlen(3), memrchr(3), stpncpy(3).We've also imported and updated many third party libraries:bzip2 version 1.0.6Diffutils 3.2FILE 5.05OpenSSH 5.8p2SQLite 126.96.36.199MKSH R44NetBSD's iconvBIND 9.8tcsh 6.18.01Perl 5.14.2mDNSResponder 333.10less v436libarchive 3.0.3libdialog (lgpl version)libffi 3.0.10wide-dhcpv6openresolvsendmail 8.14.5sudo 1.7.4-p6tzdata_2012jThis release is a bit disruptive due to the number of changes, but it was decidedto move forward with it due to the age of 0.3-RELEASE. The next release is planned
as a stability release and meant to work on desktop related functionality....
Wed, 26 Jun 2013 12:26
There have been two snapshots release in the last few months, i386 and amd64. The former appears to be bug free and was created this month. You can find it in the snapshots directory under i386 and0.4-130610-SNAP. The amd64 snap has a few bugs, but can be installed.
Both of these snapshots are for 0.4-CURRENT. Recently, we created a branch for 0.4 and there are a few large big fixes and one security update since the snapshots were released. It is strongly recommended to rebuild from the 0.4 branch after installing a snapshot.
There are currently no packages for i386 available. The index does not work with the newer mport tool in RELENG_0_4. As the ports tree is in the middle of a major update, it's not stable enough to release packages yet. I'm working on this problem.
Most notebly QT4 is broken right now. X.org ports, dbus, gcc and many other ports have been updated in the last month. There have been many architecture changes to the mports/Mk extensions as well. We now support some FreeBSD ports USES statements (pathfix, charset, ncurses, pkgconfig) which makes migrating ports from FreeBSD easier.
Magus has been running lately and churning out test builds of packages. The results for the last 3 runs were quite bad....
Sun, 14 Apr 2013 16:30
0.4 amd64 snap on FTP
We have a new snapshot uploading to the FTP server. It's the first snap in a year. This snapshot is a little buggy, but does allow you to install MidnightBSD.
Please note there are many changes from 0.3-RELEASE:
1. Uses new midnightbsd partition types: mnbsd-ufs, mnbsd-boot, etc on GPT
2. ZFS is much newer than 0.3. If you upgrade your pools, you can't use them with 0.3 anymore.
3. KMS with Intel Ivy Bridge graphics
4. Installer is completely different
6. updated mksh, BIND, tcsh, file, diff, binutils, mDNSResponder, libffi, openpam, openresolv, tnftp, tzcode, tzdata, wpa, xz, compiler_rt, sqlite3, ncurses, netcat, pf, traceroute, perl, openssh, openssl, less
7. updated from FreeBSD: make ipfw & ash, forth menus for the loader, bsdinstall, bsd sort, new USB stack, new cam based ATA, geom
8. llvm + clang
mport is the default package manager!
Major hardware support updates.. several wifi adapters, etc....
Thu, 21 Feb 2013 03:44
New Magus run
Here's the latest run from magus. Package count was just shy of 1800. Many of these failures are related to Java ports. I've made a change tonight to fix most of these.
238 0.4 amd64 active 2013-02-19 16:13:36
Tue, 19 Feb 2013 11:43
Latest magus run results
We started up our package build cluster again. A run was queued up on the 10th and run over the weekend on the new server hardware. The results are much better than I expected after such a long time without magus.
ID OSVersion Arch Status Created 237 0.4 amd64 active 2013-02-10 16:49:31
Fri, 01 Feb 2013 03:59
There have been many updates in current lately. BIND 9.8 is in progress.
Here's a brief changelog.20130125: MKSH R41 imported 20130122: OpenSSH 5.8p2 imported SQLite 188.8.131.52 imported Fixed a longstanding bug in libmport extrating new index files.
Fri, 01 Feb 2013 03:57
Fix a longstanding bug with libmport's return status. As this affects installation of ports, an update was applied to this branch. This is not a security update and not needed for pkg_tools....
Tue, 03 Jul 2012 12:50
MidnightBSD 0.3-RELEASE-p9Bind vulnerability related to resource records. See CVE-2012-1667.
Tue, 03 Jul 2012 12:49
MidnightBSD 0.3-RELEASE-p8Fix a problem with cyrpt's DES implementation when used with non 7-bit ascii passwords.
Thu, 31 May 2012 13:26
MidnightBSD 0.3-RELEASE-p7 fixes a new security issue found in OpenSSL. It is recommended for all users.
0.4-CURRENT has also been updated....
Thu, 03 May 2012 18:32
Several security issues have been addressed in OpenSSL in the latest security update for MidnightBSD. 0.3-RELEASE-p6 and 0.4-CURRENT have been patched to work around these issues.
OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0
records when operating as a client or a server that accept SSL 3.0
handshakes. As a result, in each record, up to 15 bytes of uninitialized
memory may be sent, encrypted, to the SSL peer. This could include
sensitive contents of previously freed memory. [CVE-2011-4576]
OpenSSL support for handshake restarts for server gated cryptograpy (SGC)
can be used in a denial-of-service attack. [CVE-2011-4619]
If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free. [CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]
The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data. This error can occur
on systems that parse untrusted ASN.1 data, such as X.509 certificates
or RSA public keys. [CVE-2012-2110]...
Sat, 24 Mar 2012 23:22
New ZFS Documentation
I've created some basic ZFS documentation on the website. This is in addition to some content on the wiki. Anyone interested in using ZFS on MidnightBSD may wish to look at it as a starting point. It doesn't replace the man pages though....