MidnightBSD Release Notes

Late breaking information:

Several security advisories have been issued for 0.2.1-RELEASE. After installing, please download and build updated kernel and userland software. 0.2.1-RELEASE-p7 is the latest update at the time of writing (April 2009) There is no ISO version of these updates.

Previous Release Notes

(09/01/08) MidnightBSD 0.2.1-RELEASE

MidnightBSD 0.2.1 has been released. This version focused on adding hardware for newer devices including ati, nvidia and intel sata controllers, and wireless support standard. A great deal of work was put into creating packages with over 2000 packages available on our FTP. The new release includes 2 CDs of packages plus X11 on disc1.

Other software updated: gcc 3.4.6, bind 9.4.2-p1, sendmail, bzip2, openssh 5.0p1, pcc compiler added (i386), removal of gnu cpio for bsd licensed version, cpdup added, ipv6 fixes, mksh added

The files are available on ftp1.midnightbsd.org and some users have reported success with mirrors.isc.org. The other mirrors should rsync within the next 24 hours.

Special thanks to ctriv@, smultron@, crash@, archite@, seirei@ and raven@ for help with this release.

Users who install kde from the ISOs will be able to enable graphical login on bootup. A script now runs on the first boot asking to enable bsdstats and "graphical desktop environment". If the script finds kdm, it will enable it automatically. If you select yes without KDE, it will install and enable slim login manager. I would greatly appreciate users installing bsdstats so that we can get a better idea on usage.

If you need to rerun the firstboot script, just rm /etc/fbreciept and then sh /etc/rc.d/firstboot start

Change Log

20090326:
        MidnightBSD 0.2.1-RELEASE-p7

        Fix several security problems with sudo.  It is now 1.6.9-p20

20090115:
	MidnightBSD 0.2.1-RELEASE-p6

	Correct an issue with BIND that allows for DNSSEC spoofing
	attacks.

20090110:
	MidnightBSD 0.2.1-RELEASE-p5

	For applications using OpenSSL for SSL connections, an invalid SSL
	certificate may be interpreted as valid.  This could for example be
	used by an attacker to perform a man-in-the-middle attack.

	Other applications which use the OpenSSL EVP API may similarly be
	affected.

	Stop cross site request forgery attacks in lukemftpd

20081231:
	MidnightBSD 0.2.1-RELEASE-p4

	Correct a problem where function pointers for netgraph
	and bluetooth sockets are not initialized properly.

20081124:
	MidnightBSD 0.2.1-RELEASE-p3

	Correct a problem in arc4random which causes the device
	not get get enough entropy for system services.  Geom
	classes initialized at startup will still have problems.

20081002:
	MidnightBSD 0.2.1-RELEASE-p2

	IPv6 Neighbor Discovery Protocol routing vulnerability

	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476
	http://www.kb.cert.org/vuls/id/472363

	This fix causes IPv6 Neighbor Discovery Neighbor Solicitation 
	messages to be ignored from non-neighbors.

	This can be re-enabled, if needed, by setting the newly added
	net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to 1.

20080929:
	MidnightBSD 0.2.1-RELEASE-p1

	Fix a defect in ftpd.  The command buffer was split which allowed
	attackers to send arbritrary commands over the network.

20080905:
	Update nve(4) to support newer hardware.

20080903:
	Correct two defects in MidnightBSD.  AMD64/EMT64 systems had a 
	privledge escalation issue.  CVE-2008-3890

	In case of an incoming ICMPv6 'Packet Too Big Message', there is an
	insufficient check on the proposed new MTU for a path to the 
	destination.
	CVE-2008-3530

20080830:
	MidnightBSD 0.2.1-RELEASE

	Oops, fix some bugs with sysinstall's handling of packages found 
	on the release ISOs.  Tweak etc/firstboot while where here.

20080829:
	MidnightBSD 0.2-RELEASE

20080703:
	Correct problem with pcc and DESTDIR that affected creating live cds
	and jails. 

        sysinstall would incorrectly truncate DHCP info when configuring
        ipv4 networking.  This was the result of a bad patch several months
        ago.  Fix this error.  Found via testing a snapshot.

20080627:
	Add firmware(9), WEP, CCMP, TKIP to GENERIC.

	Add glabel to GENERIC.

	Intel ICH8 mobile chipset used on some iMacs included with ata.

	pcc connected to the build on i386. (alternative compiler)

20080613:
	Begin work for MidnightBSD 0.2-PRERELEASE

20080528:
	Sendmail 8.14.3

20080516:
	ssh-vulnkey allows you to look for vulnerable ssh keys that
	were generated on Debian and Ubuntu hosts over the last
	few years.  sshd can block offending keys with a configuration
	option.

	The elf note on binaries is now set to MidnightBSD.

20080514:
	Fixed a number of problems with pcc.  It is not yet connected
	to the build, but usable on i386 hosts.  You may use it 
	by make; make install in /usr/src/usr.bin/pcc.  It will
	install in /usr/local as some of the files conflict with
	GCC versions. __MidnightBSD__ is defined in PCC as well.

	System headers were fixed to allow pcc to compile many binaries
	on MidnightBSD.  bin/cp will work now for instance.

20080430:
	__MidnightBSD__ is now defined via gcc.  This can be tested
	to determine we're running on MidnightBSD in the preprocessor.

20080429:
	Import bind 9.4.2 with threading

	libpthread (KSE) and libthr are built earlier
	
	pcvt(4) removed!

	Alias added for core2 cpus.

	Alpha and PC98 only utilities removed from usr/sbin

	syslogd, adduser, rmuser, mergemaster and mailwrapper have been
	improved.  See the man pages for info.

	periodic scripts will not send emails with empty message bodies.
	See mailwrapper fix.

20080410:
	Sync cpdup with DragonFly.  Add parallel transaction support and
	-l flag to line-buffer stdout and stderr.

20080406:
	Import bzip2 1.05
	Import OpenSSH 4.9p1

20080322:
	The default umask was changed to 022.
	
	/usr/X11R6 paths were removed from several config files.

	.mkshrc files are now installed for root.

20080316:
	FIx a problem with gif0 tunnels and neighbors with IPV6.

20080312:
	Add lndir from X.org.  This aides in the porting of MirPorts.

	New OS versions were added to the mapage code (groff)

20080310:
	Correct a buffer overflow in ppp.

20080308:
	Remove /usr/X11R6 from manpath config.

20080307:
	Atheros driver no longer has several options set
	which corrects building in tinderbox on all three platforms.

	Added a new macro to sx.h which returns true if the current
	thread holds an exclusive lock on a specifix sx.

	Removed OS/2's HPFS file system.   It's not maintained and
	I don't know anyone using OS/2 or ecomstation these days.
	My copy is in the closet collecting dust.

20080306:
	Synced tinderbox with FreeBSD.  Modified it for MidnightBSD.
	Developers can now use it to check src builds.

20080303:
	Add mksh to /etc/shells, made some adjustments to options
	for mksh builds per suggestion upstream.

	USB HID table updated with modern hardware list.

	Updated BSD family true (we're not in there yet)

	iso3166 file updated and import of tzdata2007k for 
	new time zones.

	Updated mksh to latest version R33.

20080228:
	Remplaced the random IP id generation code with a new
	version by Amit Klein.

20080221:
	Sendfile write only permissions fix.

	Removed some HPFS and PC98 code.

	iso639 file sycned with DragonFly.

20080128:
	Changed NTP configuration so that ips aren't cached
	so multiple servers are used.

	Fix an issue with fork() in libpthread.

20080121:
	Add virtualization detection to set the HZ rate
	according to a VM present.  VMWare and Parallels
	should work better like this.

	Change to full x11 install in sysinstall.  Add
	xorg 7 support.

20080115:
	Fix the handling of PTY's.  CVE-2008-0216

20080105:
	mport delete code added, USE_MPORT_TOOLS knob aded.

20080101:
	Happy New Year

20071123:
	Update sendmail to 8.14.2

20071120:
	Update system compiler to gcc 3.4.6.

20071023:
	Updated mksh to R31d.

20070911:
	Updated mksh to version R31b.

	Fixed stderr output in libpthread.  Previously it was
	written to stdout.

20070831:
	Added dot.mkshrc file to support the recent change to 
	mksh from OpenBSD's ksh derived from pdksh.  

	Added new firewall configuration.  ipfw is enabled by default
	with a "desktop" configuration.  Consult /etc/rc.firewall
	or ipfw show to see the ruleset used.  You can disable
	ipfw by setting firewall_enable="NO" in /etc/rc.conf This
	change only effects IPv4.  IPv6 does not have a firewall
	enabled by default.

20070814:
	Removed GNU tar source.  We've been using BSD tar 
	for awhile.

20070806:
	Finished removing umapfs and autofs from the tree.

20070804:
	BIND and Tcpdump have been patched for recent vulnerabilities.

	We switched to BSD cpio (pax).

20070719:
	Imported cpdup from DragonFly as /bin/cpdup

20070716:
	Update GNU cpio to 2.8. 

20070410:
	cvs was updated to 1.12.13.  cvsbug was removed.
	cvs now behaves similarly to DragonFly's cvs with
	most of their local changes.  

20070409:
	RELENG_0_1 was created. More aggresive changes will
	continue here.

The next release:

0.3 will be the next release barring any need for a later 0.2.x release. It will include replacements for pkg_add and a new installer option. Expect it in late 2010.