MidnightBSD Release Notes
Late breaking information:
Previous Release Notes
(07/22/2024) MidnightBSD 3.2
I’m happy to announce the availability of MidnightBSD 3.2 for amd64 and i386.
This release included updates to third-party libraries, bug fixes from the 3.1 release, and security updates.
Upgrade Process
Install git if you don’t have it already
mport install git
Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)
git clone -b stable/3.2 https://github.com/MidnightBSD/src.git
NOTE: some users have experienced build errors on 2.x which require disabling perl in usr.bin/Makefile at the top and removing camcontrol and df from the rescue/rescue/Makefile temporarily. You can build these once on 3.x.
cd /usr/src; make -j4 clean buildworld buildkernel;
choose one of etcupdate or mergemaster -p
make installkernel
reboot
(if it works OK, login and go to /usr/src)
make installworld
choose one of etcupdate or mergemaster -iU
Update installed mports/packages
For mport package manager, run
mport index
mport clean
mport upgrade
Remove old libraries and programs from the base.
rm -rf /usr/lib/perl/5.36.1
cd /usr/src/; make check-old; make delete-old; make installworld;
Perl was removed from base in 3.2. Install from mports or packages via mport install perl5.36
Bug Fixes and new features
Ravenports
Ravenports is available in MidnightBSD for the amd64 architecture. The initial installation process will prompt you to bootstrap Ravenports. This will initialize it in /raven/, and you will be able to install software packages using /raven/sbin/ravensw. By default, /raven/bin, /raven/sbin, and so on are not on the path. You can add them to the path to make running software in your shell easier. Please visit their website to learn more about Ravenports and find quickstart guides. http://www.ravenports.com/
You can choose either mports or Ravenports at installation time or use packages from both systems. Please note that mixing packages may have some complications, although they are installed in a completely different place from mports.
There are various benefits to Ravenports, but a few are more updated packages and quite a few unique packages that mports doesn’t provide currently. For example, Ravenports has an updated Firefox package available.
You will not see Ravenports presented as an option on an i386 install.
Mport package manager
Updated mport to 2.6.2
Miscellaneous Changes
Fixed a bug with portsnap configuration with 3.x releases where it used an old index.
Fix for some vnc clients with bhyve, added com ports to bhyve
Various manual pages cleaned up.
zstd enabled in libarchive
telnetd removed
libfetch: don't rely on ca_root_nss for certificate validation
add endian.h for linux compatibility
Security Fixes
OpenSSH security vulnerability
A signal handler in sshd(8) calls a function that is not async-signal-safe.
The signal handler is invoked when a client does not authenticate within the
LoginGraceTime seconds (120 by default). This signal handler executes in the
context of the sshd(8)'s privileged code, which is not sandboxed and runs
with full root privileges.
This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd
and accidentally reintroduced in OpenSSH 8.5p1.
OpenSSH 9.3p2 - CVE-2023-38408 Patch for CVE-2023-48795
Fix security issue in libpcap OSV-2020-1231
Fix for wpa supplicant CVE-2023-52160
pf security issue:
As part of its stateful TCP connection tracking implementation, pf
performs sequence number validation on inbound packets. This makes it
difficult for a would-be attacker to spoof the sender and inject packets
into a TCP stream, since crafted packets must contain sequence numbers
which match the current connection state to avoid being rejected by the
firewall. A bug in the implementation of sequence number validation means that the
sequence number is not in fact validated, allowing an attacker who is
able to impersonate the remote host and guess the connection's port
numbers to inject packets into the TCP stream.
3rd Party Software
- Perl removed from base. Install via mports
- brainfuck removed from base. Moved to mports
- Removed subversion from base. install from mports if needed. (use git for MidnightBSD)
- expat 2.6.2
- ldns 1.8.3
- sendmail 8.18.1
- libarchive 3.7.2
- zstd 1.5.2
- Unbound 1.19.3
- xz / lzma 5.4.5
- tzdata 2023d
- mandoc 1.14.6
- OpenSSH 9.3p2
- nvi 2.2.1
- openssl 1.1.1w
Hardware
PCI vendors list updated (April 2024)
AMD zen4 temperature sensor support
unbreak Promise RAID1 with 4+ providers
usbdevs: add quirk for WD MyPassport Ultra External HDD
ahci: add AMD KERNCZ (RAID) device id in RAID mode
Known Issues
Ravenports install is not in the path, but we also don’t tell you that during bootstrap.
On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without swapping or crashing. Occasional VM hangs have also been seen. It works fine on bare metal, bhyve, or VMware products.