From luke at foolishgames.com Sat Oct 4 14:42:01 2014 From: luke at foolishgames.com (Lucas Holt) Date: Sat, 04 Oct 2014 18:42:01 -0000 Subject: [Midnightbsd-users] MidnightBSD 0.5.1 - security update Message-ID: 0.5.1-RELEASE is available via SVN. It fixes a security issue with mksh and includes mksh R50c. Security patches will be handled this way moving forward. For 0.4 and lower, we had patch levels such as p14 for releases that indicated security patches. Major releases will be 0.4, 0.5, 0.6 and so on with 0.5.1 as a small update. We've also created a new security mailing list midnightbsd-security at midnightbsd.org for release and security patch announcements exclusively. Lucas Holt Luke at FoolishGames.com ________________________________________________________ MidnightBSD.org (Free OS) JustJournal.com (Free blogging) From dalescott at shaw.ca Sun Oct 19 00:06:12 2014 From: dalescott at shaw.ca (Dale Scott) Date: Sun, 19 Oct 2014 04:06:12 -0000 Subject: [Midnightbsd-users] how do you start the desktop gui (new user) Message-ID: <008f01cfeb51$fff52d10$ffdf8730$@shaw.ca> Hi there, I'm a new user. I did a new install from the 0.5.2 x386 ISO in a VirtualBox vm on Win7. After the install, requested the graphics interface when asked, saw a bunch of stuff downloaded, restarted as requested, and still get a command line login. What am I missing? Is something not working? How do I start the desktop? Thanks, Dale From luke at foolishgames.com Wed Oct 22 08:30:14 2014 From: luke at foolishgames.com (Lucas Holt) Date: Wed, 22 Oct 2014 12:30:14 -0000 Subject: [Midnightbsd-users] MidnightBSD 0.5.3-RELEASE Message-ID: <1F26BE84-D56C-4C23-B4F2-8F3CA2887288@foolishgames.com> MidnightBSD 0.5.3-RELEASE is now available via subversion. Fix several security vulnerabilities in OpenSSL, routed, rtsold, and namei with respect to Capsicum sandboxes looking up nonexistent path names and leaking memory. OpenSSL update adds some workarounds for the recent poodle vulnerability reported by Google. The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8). In addition, we've released 0.5.2-RELEASE ISOs on the FTP server for both amd64 and i386. We plan to do rollup security releases periodically. Lucas Holt Luke at FoolishGames.com ________________________________________________________ MidnightBSD.org (Free OS) JustJournal.com (Free blogging)