Release Notes icon MidnightBSD Release Notes

(08/27/2023) MidnightBSD 3.1

I’m happy to announce the availability of MidnightBSD 3.1 for amd64 and i386.

This release included updates to third-party libraries, bug fixes from the 3.0 release, and a new third-party package option: Ravenports Universal Package System.

Upgrade Process

Install git if you don’t have it already
mport install git

Fetch MidnightBSD from git via (assumes you don’t have /usr/src populated)

git clone -b stable/3.1

NOTE: some users have experienced build errors on 2.x which require disabling perl in usr.bin/Makefile at the top and removing camcontrol and df from the rescue/rescue/Makefile temporarily. You can build these once on 3.x.

cd /usr/src; make -j4 clean buildworld buildkernel;
mergemaster -p
make installkernel

(if it works OK, login and go to /usr/src)
make installworld
mergemaster -iU

Update installed mports/packages
For mport package manager, run mport index
mport clean
mport upgrade

Remove old libraries and programs from the base.

rm -rf /usr/lib/perl/5.36.0 cd /usr/src/; make check-old; make delete-old; make installworld;

When you are done, verify that Perl is updated by running perl -v You should have Perl 5.36.1.

Bug Fixes and new features


Ravenports is now available in MidnightBSD for the amd64 architecture. The initial installation process will prompt you to bootstrap Ravenports. This will initialize it in /raven/, and you will be able to install software packages using /raven/sbin/ravensw. By default, /raven/bin, /raven/sbin, and so on are not on the path. You can add them to the path to make running software in your shell easier. Please visit their website to learn more about Ravenports and find quickstart guides.

You can choose either mports or Ravenports at installation time or use packages from both systems. Please note that mixing packages may have some complications, although they are installed in a completely different place from mports.

There are various benefits to Ravenports, but a few are more updated packages and quite a few unique packages that mports doesn’t provide currently. For example, Ravenports has an updated Firefox package available.

You will not see Ravenports presented as an option on an i386 install.

Mport package manager

There have been a number of improvements in the mport package manager for this release. In 2.4.3, we fixed the XXX rate issue reported. It now displays information about the download and a percentage of the file fetched so far. There is an output bug where it displays the percentage with an incorrect decimal place that will be fixed in a later release. This only impacts mport use in scripts or other non-interactive terminals.

Now that MOVED file contents are part of the index, we can start doing more intelligent updates in the future. The first package build to include this data is the latest amd64 3.1 build. It will be available for i386 on the next package build done on that platform.

Install Changes

Users are now prompted to try to install appropriate packages for their graphics cards. We don’t yet do auto-detection, but it’s a step in the right direction for automating installs.

Miscellaneous Changes

tftpd: introduce new option -S

pf: handle multiple IPv6 fragment headers

pf: fix pf_nv##_array() size check

netstat -i: compute most field widths dynamically

frag6: Avoid a possible integer overflow in fragment handling

lib/libc/string/bcmp.c: fix integer overflow bug

logger(1): fix timestamps in case of long run

libalias: improve handling of invalid SCTP packets

wpa: Enable receiving priority tagged (VID 0) frames

bridge: Log MAC address port flapping

fusefs: update atime on reads when using cached attributes

Security Fixes

add fix for CVE-2022-25147 (apr-util) workaround an integer overflow in apr_base64 functions.

Fix CVE-2020-10188 in telnetd

Fix for GELI silently omits the keyfile if read from stdin

Multiple security vulnerabilities have been discovered in the Heimdal implementation of the Kerberos 5 network authentication protocols and KDC.

CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
CVE-2019-14870 Validate client attributes in protocol-transition
CVE-2019-14870 Apply forwardable policy in protocol-transition
CVE-2019-14870 Always lookup impersonate client in DB

3rd Party Software


ena: Update driver version to v2.6.3

e1000: fix VLAN 0

Fix for Intel 82599 ixgbe device, which reported errors on the interface incorrectly.

jedec_dimm(4): Add manufacturing year and week.

e1000: Fix packet loss on 11th gen and later

ixl(4): Fix SR-IOV panics

ixl(4): Add support for I710 devices

ixl(4): Fix VLAN HW filtering

ice(4): Update to 1.34.2-k

ioat: Add Ice Lake ID.

Known Issues

Mport gives too much output when downloading packages non-interactively.

Mport package creation crashes on a few meta ports. We’re investigating this. GNUstep is one example. You can still install all the other GNUstep-related ports, just not the metaport.

Ravenports install is not in the path, but we also don’t tell you that during bootstrap.

The Perl version was updated, so having a mix of older packages with 3.1 packages may cause issues with Perl. Best to update all Perl libraries.

The Mono package is broken on 3.1 in mports. No ETA on this one.

On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without swapping or crashing. Occasional VM hangs have also been seen. It works fine on bare metal, bhyve, or VMware products.