Release Notes icon MidnightBSD Release Notes

Late breaking information:

UEFI support on amd64 is broken with the 2.0 release ISO. We've released a 2.0.1 ISO for amd64 only to address this issue.

Previous Release Notes

(11/13/2020) MidnightBSD 2.0

I’m happy to announce the availability of MidnightBSD 2.0 for amd64 and i386. This is a massive release focusing on base system improvements.

We’ve imported many features from FreeBSD 11.x as part of the release.

Updated DRM code is now in mports for 2.0 and later. This allows us to update it outside of a release.

Upgrade Process

Due to the nature of the release, there are a few minor build issues when upgrading from MidnightBSD 1.2.x by source. Please follow this awkward procedure:
(you can also do this with svnlite using github)

Install git if you don’t have it already mport install git

Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated) git clone https://github.com/MidnightBSD/src.git

Checkout the stable/2.0 branch git checkout stable/2.0

Using your favorite editor (ee, vi, nano, gedit, … ) open the src/usr.bin/Makefile

Comment out with #

        .if defined(LINKER_FEATURES) && ${LINKER_FEATURES:Mfilter}
        SUBDIR= perl \
                .WAIT
        .endif
        
cd /usr/src; make clean buildworld buildkernel;
mergemaster -p
make installkernel
reboot

(if it works OK, login and go to /usr/src)
make installworld
mergemaster -iU
cd /usr/src/usr.bin/perl; make; make install;

Open src/usr.bin/Makefile again and uncomment the previous lines (in case you do a rebuild later)
Update installed mports/packages
cd /usr/src/; make check-old; make delete-old

When you are done, verify that perl is updated by running perl -v You should have perl 5.32.0. If it says perl 5.28, be sure to upgrade perl!

Bug Fixes and new features

The default devd.conf(5) has been updated to prevent duplicated hostapd(8) and wpa_supplicant(8) startup via devd(8).

The cpuset(1), sockstat(1), ipfw(8), and ugidfw(8) utilities have been updated to support jail(8) names.

The newfs_msdos(8) utility has been updated to include a new flag, -T, which is used to specify the timestamp for build reproducibility.

The dd(1) utility has been updated to add a new statusoperand, progress, which reports the current status on a single line every second.

The last(1) utility has been updated to include libxo(3) support.

The lastlogin(8) utility has been updated to include libxo(3) support.

The traceroute(8) utility has been updated to include libcasper(3) support.

The trim(8) utility has been added, which deletes content for blocks on flash-based storage devices that use wear-leveling algorithms.

The newfs(8) and tunefs(8) utilities have been updated to allow underscores in label names.

The newfs(8) and tunefs(8) utilities have been updated to allow dashes in label names.

The fdisk(8) utility has been updated to support sectors larger than 2048 bytes.

The sh(1) utility has been updated to add the pipefail option which simplifies checking the exit status of all commands in a pipeline.

The spi(8) utility has been added, which is used to communicate with devices on an SPI bus through the userland.

An issue that could result in a system hang during ZFS vnode reclamation has been fixed.

The functionality provided by zfsloader has been added to loader(8). Once the system boot blocks have been updated, zfsloader is not needed.

The ipfw(8) firewall has been updated to include new rule options, record-state, set-limit, and defer-action.

Support for NAT64 CLAT has been added, as defined in RFC6877.

The ln(1) utility has been updated to correct the behavior of the -F flag by unlinking an existing directory before creating a symbolic link.

The crontab(1) utility has been updated to include a new flag, -f, which forces crontab(5) removal when -r is used non-interactively.

The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs.

The sesutil(8) utility has been updated to include libxo(3) support in output.

The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller. The -s and -p flags are mutually exclusive, and cannot be used with any other flags.

The diskinfo(8) utility has also been updated to include the device model when the -s flag is used.

The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used.

The bsdgrep(1) utility has been updated to include a rgrep hard link to grep(1), which when used is equivalent to grep -r.

The bsdgrep(1) utility has been updated to address various issues with pattern matching behavior.

The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.

The pw(8) utility has been updated to properly handle empty secondary group lists as an argument to the -G flag when using the usermod subcommand.

The getconf(1) utility has been updated to include a new flag, -a, which prints the name and value of all system or path configuration values to stdout(4) or optionally a file as an argument to -a.

The ps(1) utility has been updated to reflect realtime and idle priorities in state flags.

The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by C.

The cpucontrol(8) utility has been updated to include a new flag, -n, that disables the default microcode update search path when used.

The fsck_ffs(8) utility has been updated to prevent a filesystem from being reported as modified when only the timestamp in the superblock is updated.

The diskinfo(8) utility has been updated to display disk rotation rate and if TRIM/UNMAP is supported by the disk.

The rsh(1) utility has been updated to include a new flag, -N, which disables shutdown of a socket sending path when used.

The pfctl(8) utility has been updated to allow route-to to properly handle network interfaces with multiple IP addresses.

The camcontrol(8) utility has been updated to include ZAC (Zoned-device ATA command set) information when the identify subcommand is used.

The pw(8) utility has been updated to correct handling of account expiration periods.

The mdmfs(8) utility has been updated to support tmpfs(5).

The lint(1) utility is no longer built by default. The WITH_LINT src.conf(5) option has been added to enable building and installing the utility.

The cpucontrol(8) utility has been updated to include a new flag, -e, which is used to re-evaluate reported CPU features after applying firmware updates.

The indent(1) utility has been updated to respect the SIMPLE_BACKUP_SUFFIX environment variable if set.

The du(1) utility has been updated to include the --si long option, which is used to display output in "human-readable" output in powers of 1000.

The df(1) utility has been updated to include the --si long option, which is an alias to -H.

The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID.

The fsck_ffs(8) utility has been updated to exit with a non-zero status when the filesystem is not repaired.

The nvmecontrol(8) utility has been updated to print the full 128 bit value for SMART data, instead of the hexadecimal value.

The nvmecontrol(8) utility has been updated to include control options for Western Digital® HGST drives. The new options are cap-diag, get-crash-dump, drive-log, purge, and purge-monitor.

The dhclient(8) utility has been updated to be more compliant with RFC2131 by setting the source address field in the IP header to 0 when sending a DHCPREQUEST message to attempt to obtain a previously-assigned IP address.

The pw(8) utility has been updated to allow the @ and ! characters in the GECOS field.

The zfsd(8) utility has been updated to work with any type of GEOM provider, including md(4), geli(8), glabel(8), and gstripe(8).

The ps(1) utility has been updated to include a jail keyword, which when used will list the name of a jail(8) instead of the numeric ID.

The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).

The sysctl(8) utility has been updated to support setting an array of values to nodes. Prior to this change, sysctl(8) could only set one value to a node that may return multiple values when queried.

The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface

The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.

The etdump(1) utility has been added, which is used to view El Torito boot catalog information.

The mount(8) utility has been updated to allow fallback to mount media read-only if an attempt to mount write-protected media read-write fails. This behavior is disabled by default, and can be requested with the new autoro option

The makefs(8) utility has been updated to default the block and fragment sizes to match that of newfs(8), 32K and 4K, respectively.

The pwd_mkdb(8) utility has been updated to emit a notice that legacy database support will be removed when the -l flag is used.

The dhclient(8) utility has been updated to allow the interface-mtu option to be overridden with a supersede entry in dhclient.conf(5)

The linux(4) ABI compatibility layer has been updated to include support for musl consumers.

The fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior.

The ng_iface(4) driver has been updated to prevent a possible system crash.

The ipfw(4) packet filter has been updated to identify layer-2 and layer-3 packets, fixing dummynet(4) AQM packet marking.

An issue causing boot issues with Intel® Apollo Lake™ CPUs has been fixed.

The watchdog(4) facility has been updated to make SW_WATCHDOG dynamic, enabling the software watchdogd(8) option whenever a hardware watchdog is not present.

The p1003_1b.aio_listio_max sysctl(8) has been changed to a runtime-configurable tunable

The boot code and loader(8) have been updated to check for unsupported ZFS feature flags. If unsupported features are active, the pool is not considered as a bootable pool, and a diagnostic message is printed to the console

The loader(8) has been updated to improve quotation parsing, distinguishing between single- and double-quotes, and check for terminating quotes.

The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default.

The icmp6(4) protocol has been updated to fix ICMPv6 redirects.

The setproctitle_fast(3) function has been added, which is optimized for high-frequency process title updates.

The kqueue(2) system call has been updated to allow updating EVFILT_TIMER.

readelf(1) has been updated to report arm program and section header types.

strings(1) has been updated to fix the exit status when multiple files are provided as arguments, and an error is encountered before the last file.

The type max_align_t is now defined for C11 compliance.

The sem_clockwait_np() library function has been added, which allows the caller to specify the reference clock and choose between absolute and relative mode.

The clang nullability qualifiers have been added to the C library headers.

Uses of the GNU __nonnull__ attribute have been replaced with the more benign Clang nullability attributes.

ptrace(2) now supports events for vfork(2), permitting reliable debugging across vfork(2) invocations

Process core dumps now include the process ID (PID) and command line arguments.

The ipfw(4) packet filter has been updated to add support for named dynamic states.

The ipfw_nptv6 kernel module has been added, implementing Network Prefix Translation for IPv6 as defined in RFC 6296

The ipfw_nat64 kernel module has been added, implementing stateless and stateful NAT64.

The cfumass(4) device has been added, providing a storage frontend to USB OTG-capable hardware.

The ipfw_pmod kernel module has been added, designed for modifying packets of any protocol.

The vfs.root_mount_always_wait tunable has been added, which forces the kernel to wait for root mount holds even if the root device is already present.

When the system real time clock (RTC) is adjusted, such as by clock_settime(), sleeping threads are now awakened and absolute sleep times are reevaluated based on the new value of the RTC.

The network stack has been updated to include ip6_tryforward(), providing performance benefits as result of a reduced number of checks.

The network stack has been modified to fix incorrect or invalid IP addresses if multiple threads emit a UDP log_in_vain message concurrently.

The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing.

The default newsyslog.conf(5) now includes files in the /etc/newsyslog.conf.d/ and /usr/local/etc/newsyslog.conf.d/ directories for newsyslog(8)

The mailwrapper(8) utility has been updated to use mailer.conf(5) from the LOCALBASE environment variable, which defaults to /usr/local if unset

The pciconf(8) utility can now identify PCI devices that are attached to a driver to be identified by their device name instead of just the selector. Additionally, the -l flag now accepts an optional device argument to list details about a single device

A new flag, “onifconsole” has been added to /etc/ttys. This allows the system to provide a login prompt via serial console if the device is an active kernel console, otherwise it is equivalent to off.

Support for displaying VPD for PCI devices via pciconf(8) has been added.

The bsdconfig(8) utility has been updated to skip the initial tzsetup(8) UTC versus wall-clock time prompt when run in a virtual machine, determined when the kern.vm_guest sysctl(8) is set to 1.

Security Fixes

The jail(8) utility has been updated to include a new jail.conf(5) parameter, allow.read_msgbuf, which prevents jailed processes and users from accessing the dmesg(8) buffer. This parameter is set to false by default.

A new variable, init_exec, has been added to kenv(1), allowing init(8) to run an executable file after opening the console, replacing init(8) as PID 1

The jail(8) utility has been updated to add a new flag, -e, which takes a jail.conf(5) parameter as an argument and prints a list of non-wildcard jails with the specified parameter.

The ping(8) utility has been updated to use the Capsicum framework to drop privileges, protecting against malicious network packets.

3rd Party Software

Hardware

The number of MSI IRQs have been converted from a constant to a tunable. The default remains at 512, which can now be changed during boot with the machdep.num_msi_irqs

The ichwd(4) driver has been updated to include support for TCO watchdog timers in the Lewisburg PCH (C620) chipset.

The ae(4), bm(4), cs(4), de(4), dme(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), and xe(4) drivers have been marked as deprecated.

The oce(4) driver has been updated to version 11.0.50.0.

The TP-Link® TL-WN321G™ network adapter now uses the run(4) driver instead of the rum(4) driver.

The mlx4en(4) and mlx5en(4) drivers have been updated to version 3.5.0.

The lagg(4) driver has been updated to allow changing the MTU without requiring destroying and recreating the interface.

The ccr(4) driver has been added, providing support for Chelsio® T6™ cryptography accelerators.

The cxgbe(4) driver has been updated to include support for hash filters, NAT offloading, and SMAC/DMAC swapping filters.

The cxgbe(4) T4, T5, and T6 firmware has been updated to version 1.23.0.0.

The ixl(4) driver has been updated to version 1.11.9.

The ixlv(4) driver has been updated to version 1.5.8.

The vt(4) keyboard mapping has been updated to include uk.macbook.kbd support.

Support for PS/2 scan codes for NumLock, ScrollLock, and numerical keypad keys has been added to bhyve(8)

The ng_pppoe(4) driver has been updated to add support for user-supplied Host-Uniq tags.

The mlx5io(4) driver has been added, providing an interface to manage supported Connect-X 4 and Connect-X 5 network adapters

The cm(4) and fpa(4) drivers have been marked as deprecated

The ocs_fc(4) driver has been added, supporting Emulex 16/8G FC GEN 5 HBAs LPe15004 and LPe160XX, and Emulex 32/16G FC GEN 6 HBAs LPe3100X and LPe3200X.

The ixl(4) driver has been updated to version 1.9.9-k

The smartpqi(4) driver has been added, providing support for Microsemi® SCSI controllers.

Support for virtio_console(4) has been added to bhyve(4)

The jedec_ts(4) driver has been added, providing support for thermal sensors on memory modules. The driver currently supports chips that are fully compliant with the JEDEC JC 42.4 specification

The bytgpio(4) driver has been added, providing support for Intel® Bay Trail™ SoC GPIO controllers.

/dev/kmem no longer supports access via mmap(). Consumers wishing to use /dev/kmem must use read() and write().

devctl(8) now supports a "clear driver" command as a complement to "set driver"

The digi(4), ie(4), mcd(4), scd(4), si(4), spic(4), and wl(4) drivers have been marked as deprecated

The mpr(4) driver has been updated to support tri-mode (SAS/SATA/PCIe) Broadcom® storage adapters.

The cxgbe(4) driver now supports devices using T6-based adapters which support 10, 25, 40, and 100 Gbps

The bnxt(4) driver has been added, providing support for Broadcom® NetXtreme-C™ and NetXtreme-E™ devices

The cxgbev(4) driver has been added, providing support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters.

TCP connections using the TCP Offload Engine (TOE) on Chelsio T4+ adapters can now perform zero-copy sends via aio_write().

The cxgbe(4) driver has been updated to provide support for Virtual Function devices (VFs) on Chelsio T4 and T5 adapters

The miibus(4) driver has been updated to support Microchip/Micrel KSZ9031 Gigabit ethernet cards.

The alc(4) driver has been updated to provide support for Atheros® Killer E2400™ Gigabit ethernet cards.

The alc(4) driver has been updated to provide support for Atheros® Killer E2500™ Gigabit ethernet cards

The etherswitch(4) driver has been updated to support RTL8366RB and RTL8366SR cards

The if_ipsec(4) virtual tunneling interface has been added, implementing route-based VPNs protected with Encapsulating Security Payload (ESP).

The qlnxe(4) driver has been added, providing support for Cavium® Qlogic™ 45000 Series adapters.

The qlnxe(4) driver has been updated to support QLE41XXX hardware.

The atkbdc(4) driver has been updated to provide support for Elantech® trackpads. To enable hardware support, add hw.psm.elantech_support=1 to loader.conf(5)

PCI passthrough with bhyve(4) supports more dynamic configurations permitting devices to be marked for passthrough of host use at runtime.

PCI passthrough with bhyve(4) resets functions via FLR when a virtual machine is started and stopped.

The hv_netvsc(4) driver SR-IOV implementation has been updated to support Virtual Function (VF) devices, such as the Mellanox® Connect-X3™ network card.

Support for Microsoft® Hyper-V™ Generation 2 virtual machines has been added

Support for synthetic keyboards has been added for virtual machines running on Microsoft® Hyper-V™.

The ena(4) driver has been added, providing support for "next generation" Enhanced Networking on the Amazon® EC2™ platform

A kernel bug that inhibited proper functionality of the dev.cpu.0.freq sysctl(8) on Intel® processors with Turbo Boost ™ enabled has been fixed.

The cyapa(4) driver has been added, supporting the Cypress APA I2C trackpad.

The isl(4) driver has been added, supporting the Intersil I2C ISL29018 digital ambient light sensor.

Support for Broadcom chipsets BCM57764, BCM57767, BCM57782, BCM57786 and BCM57787 has been added to bge(4)

The if_nf10bmac(4) device has been added, providing support for NetFPGA-10G Embedded CPU Ethernet Core

The ath_hal(4) driver has been updated to support the Atheros AR1111 chipset.

The iwn(4) driver was added, providing support for the Intel® Centrino™ Wireless-N 105 and 135 chipsets.

Support for the cxgbe(4) Terminator 5 (T5) 10G/40G cards has been added to netmap(4)

The alc(4) driver has been updated to support AR816x and AR817x ethernet controllers

The pf(4) packet filter default hash has been changed from Jenkins to Murmur3, providing a 3-percent performance increase in packets-per-second.

The vxlan(4) driver has been added, which creates a virtual Layer 2 (Ethernet) network overlaid in a Layer 3 (IP/UDP) network. The vxlan(4) driver is analogous to vlan(4), but is designed to be better suited for large, multiple-tenant data center environments.

The gre(4) driver has been significantly overhauled, and has been split into two separate modules, gre(4) and me(4).

The ral(4) driver has been updated to support the RT5390 and RT5392 chipsets.

The sfxge(4) driver has been updated to support Solarflare Flareon Ultra 7000-series chipsets.

The em(4) driver has been updated with improved transmission queue hang detection

The cdce(4) driver has been updated to include support for the RTL8153 chipset.

The iwm(4) driver has been imported from OpenBSD, providing support for Intel® 3160/7260/7265 wireless chipsets.

The em(4) driver has been updated to allow disabling CRC stripping

The lagg(4) driver has been updated to remove support for the fec protocol

The dummynet(4) driver has been updated to include support for AQM (Active Queue Management), adding support for PIE (Proportional Integral controller Enhanced) and FQ-PIE (Fair Queueing Proportional Integral controller Enhanced).

Support for the “Virtual Interrupt Delivery” feature of Intel® VT-x is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_vid=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_vid=0 to /etc/sysctl.conf.

Support for “Posted Interrupt Processing” is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_pir=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_pir=0 to /etc/sysctl.conf.

The bhyve(8) hypervisor has been updated to support AMD® processors with SVM and AMD-V hardware extensions.

Support for PCI Single Root I/O Virtualization (SR-IOV) has been introduced, allowing the creation of PCI Virtual Functions (VFs) for device drivers that support SR-IOV. See iovctl(8) for details on creating and configuring VFs.

Known Issues

UEFI issues with the amd64 ISO. We’re going to address these in the 2.0.1 release.

Upgrading perl from 1.2 is not working with buildworld.

Sometimes you’ll get an error with mandoc, just try reinstalling src/usr.bin/man if this is crashing. (rare build issue)

Mport package manager has 3 known issues:

In some cases, you may get an error about updating /etc/nsswitch.conf at startup. This is an issue with the mdns related features. Either disable mDNSresponder or modify the hosts like to be Hosts: files mdns dns

There are two mports that are broken which are causing issues and will be the highest priority after the release: