Several security advisories have been issued for 0.2.1-RELEASE. After installing, please download and build updated kernel and userland software. 0.2.1-RELEASE-p7 is the latest update at the time of writing (April 2009) There is no ISO version of these updates.
MidnightBSD 0.2.1 has been released. This version focused on adding hardware for newer devices including ati, nvidia and intel sata controllers, and wireless support standard. A great deal of work was put into creating packages with over 2000 packages available on our FTP. The new release includes 2 CDs of packages plus X11 on disc1.
Other software updated: gcc 3.4.6, bind 9.4.2-p1, sendmail, bzip2, openssh 5.0p1, pcc compiler added (i386), removal of gnu cpio for BSD licensed version, cpdup added, ipv6 fixes, mksh added.
The files are available on ftp1.midnightbsd.org and some users have reported success with mirrors.isc.org. The other mirrors should rsync within the next 24 hours.
Special thanks to ctriv@, smultron@, crash@, archite@, seirei@ and raven@ for help with this release.
Users who install kde from the ISOs will be able to enable graphical login on bootup. A script now runs on the first boot asking to enable bsdstats and "graphical desktop environment". If the script finds kdm, it will enable it automatically. If you select yes without KDE, it will install and enable slim login manager. I would greatly appreciate users installing bsdstats so that we can get a better idea on usage.
If you need to rerun the firstboot script, just rm /etc/fbreciept and then sh /etc/rc.d/firstboot start
20090326: MidnightBSD 0.2.1-RELEASE-p7 Fix several security problems with sudo. It is now 1.6.9-p20. 20090115: MidnightBSD 0.2.1-RELEASE-p6 Correct an issue with BIND that allows for DNSSEC spoofing attacks. 20090110: MidnightBSD 0.2.1-RELEASE-p5 For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack. Other applications which use the OpenSSL EVP API may similarly be affected. Stop cross site request forgery attacks in lukemftpd. 20081231: MidnightBSD 0.2.1-RELEASE-p4 Correct a problem where function pointers for netgraph and bluetooth sockets are not initialized properly. 20081124: MidnightBSD 0.2.1-RELEASE-p3 Correct a problem in arc4random which causes the device not get get enough entropy for system services. Geom classes initialized at startup will still have problems. 20081002: MidnightBSD 0.2.1-RELEASE-p2 IPv6 Neighbor Discovery Protocol routing vulnerability. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476 http://www.kb.cert.org/vuls/id/472363 This fix causes IPv6 Neighbor Discovery Neighbor Solicitation messages to be ignored from non-neighbors. This can be re-enabled, if needed, by setting the newly added net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to 1. 20080929: MidnightBSD 0.2.1-RELEASE-p1 Fix a defect in ftpd. The command buffer was split which allowed attackers to send arbritrary commands over the network. 20080905: Update nve(4) to support newer hardware. 20080903: Correct two defects in MidnightBSD. AMD64/EMT64 systems had a privledge escalation issue. CVE-2008-3890 In case of an incoming ICMPv6 'Packet Too Big Message', there is an insufficient check on the proposed new MTU for a path to the destination. CVE-2008-3530 20080830: MidnightBSD 0.2.1-RELEASE Oops, fix some bugs with sysinstall's handling of packages found on the release ISOs. Tweak etc/firstboot while where here. 20080829: MidnightBSD 0.2-RELEASE 20080703: Correct problem with pcc and DESTDIR that affected creating live cds and jails. sysinstall would incorrectly truncate DHCP info when configuring ipv4 networking. This was the result of a bad patch several months ago. Fix this error. Found via testing a snapshot. 20080627: Add firmware(9), WEP, CCMP, TKIP to GENERIC. Add glabel to GENERIC. Intel ICH8 mobile chipset used on some iMacs included with ata. pcc connected to the build on i386. (alternative compiler) 20080613: Begin work for MidnightBSD 0.2-PRERELEASE. 20080528: Sendmail 8.14.3 20080516: ssh-vulnkey allows you to look for vulnerable ssh keys that were generated on Debian and Ubuntu hosts over the last few years. sshd can block offending keys with a configuration option. The elf note on binaries is now set to MidnightBSD. 20080514: Fixed a number of problems with pcc. It is not yet connected to the build, but usable on i386 hosts. You may use it by make; make install in /usr/src/usr.bin/pcc. It will install in /usr/local as some of the files conflict with GCC versions. __MidnightBSD__ is defined in PCC as well. System headers were fixed to allow pcc to compile many binaries on MidnightBSD. bin/cp will work now for instance. 20080430: __MidnightBSD__ is now defined via gcc. This can be tested to determine we're running on MidnightBSD in the preprocessor. 20080429: Import bind 9.4.2 with threading. libpthread (KSE) and libthr are built earlier. pcvt(4) removed! Alias added for core2 cpus. Alpha and PC98 only utilities removed from usr/sbin syslogd, adduser, rmuser, mergemaster and mailwrapper have been improved. See the man pages for info. periodic scripts will not send emails with empty message bodies. See mailwrapper fix. 20080410: Sync cpdup with DragonFly. Add parallel transaction support and -l flag to line-buffer stdout and stderr. 20080406: Import bzip2 1.05. Import OpenSSH 4.9p1. 20080322: The default umask was changed to 022. /usr/X11R6 paths were removed from several config files. .mkshrc files are now installed for root. 20080316: Fix a problem with gif0 tunnels and neighbors with IPV6. 20080312: Add lndir from X.org. This aides in the porting of MirPorts. New OS versions were added to the mapage code (groff). 20080310: Correct a buffer overflow in ppp. 20080308: Remove /usr/X11R6 from manpath config. 20080307: Atheros driver no longer has several options set which corrects building in tinderbox on all three platforms. Added a new macro to sx.h which returns true if the current thread holds an exclusive lock on a specifix sx. Removed OS/2's HPFS file system. It's not maintained and I don't know anyone using OS/2 or ecomstation these days. My copy is in the closet collecting dust. 20080306: Synced tinderbox with FreeBSD. Modified it for MidnightBSD. Developers can now use it to check src builds. 20080303: Add mksh to /etc/shells, made some adjustments to options for mksh builds per suggestion upstream. USB HID table updated with modern hardware list. Updated BSD family true (we're not in there yet). iso3166 file updated and import of tzdata2007k for new time zones. Updated mksh to latest version R33. 20080228: Remplaced the random IP id generation code with a new version by Amit Klein. 20080221: Fix sendfile write only permissions. Removed some HPFS and PC98 code. iso639 file synced with DragonFly. 20080128: Changed NTP configuration so that ips aren't cached so multiple servers are used. Fix an issue with fork() in libpthread. 20080121: Add virtualization detection to set the HZ rate according to a VM present. VMWare and Parallels should work better like this. Change to full x11 install in sysinstall. Add xorg 7 support. 20080115: Fix the handling of PTY's. CVE-2008-0216 20080105: mport delete code added, USE_MPORT_TOOLS knob added. 20080101: Happy New Year. 20071123: Update sendmail to 8.14.2 20071120: Update system compiler to gcc 3.4.6. 20071023: Updated mksh to R31d. 20070911: Updated mksh to version R31b. Fixed stderr output in libpthread. Previously it was written to stdout. 20070831: Added dot.mkshrc file to support the recent change to mksh from OpenBSD's ksh derived from pdksh. Added new firewall configuration. ipfw is enabled by default with a "desktop" configuration. Consult /etc/rc.firewall or ipfw show to see the ruleset used. You can disable ipfw by setting firewall_enable="NO" in /etc/rc.conf This change only effects IPv4. IPv6 does not have a firewall enabled by default. 20070814: Removed GNU tar source. We've been using BSD tar for awhile. 20070806: Finished removing umapfs and autofs from the tree. 20070804: BIND and Tcpdump have been patched for recent vulnerabilities. We switched to BSD cpio (pax). 20070719: Imported cpdup from DragonFly as /bin/cpdup 20070716: Update GNU cpio to 2.8. 20070410: cvs was updated to 1.12.13. cvsbug was removed. cvs now behaves similarly to DragonFly's cvs with most of their local changes. 20070409: RELENG_0_1 was created. More aggresive changes will continue here.
0.3 will be the next release barring any need for a later 0.2.x release. It will include replacements for pkg_add
and a new installer option. Expect it in late 2010.