From luke at foolishgames.com Tue Aug 25 13:38:36 2020 From: luke at foolishgames.com (Lucas Holt) Date: Tue, 25 Aug 2020 13:38:36 -0400 Subject: [Midnightbsd-users] MidnightBSD 1.2.7-RELEASE Message-ID: MidnightBSD 1.2.7 is now available and includes the following fixes: Fix several bugs with the base system. Don't attempt to measure TSC skew in VMs with dtrace. Fix a bug with em(4) driver for Intel Gigabit NICs related to link state. Fix a crash with NFSv4 server. USB xhci: Remove power bit from super speed root hub port status register to fix warm reset. Also set the max exit latency to 0 because we don't support link power management. Don't report stale signal info in ptrace_lwpinfo. Audio: change default mic level to 25. This is also the first ISO release since 1.2.0 and includes the following changes from previous git only releases: 20200807: MidnightBSD 1.2.6 RELEASE A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer. - smsc(4), supporting SMSC (now Microchip) devices - muge(4), supporting Microchip devices - cdceem(4), supporting USB Communication Device Class compatible devices sendmsg security fix When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message to be transmitted (if any) into kernel memory, and adjusts alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a malicious userspace program to modify control message headers after they were validated by the kernel. 20200723: MidnightBSD 1.2.5 RELEASE Fix a 30 year old bug in mountd. 20200710: MidnightBSD 1.2.4 RELEASE update libmport to fix several package installation bugs 20200709: MidnightBSD 1.2.3 RELEASE Security update for sqlite3. Update to 3.32.3 Update unbound to 1.10.1 20200514: MidnightBSD 1.2.2 release Fixed a security issue in libalias. The FTP packet handler in libalias incorrectly calculates some packet lengths. This may result in disclosing small amounts of memory from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation). Updated tzdata to 2020a. 20200317: MidnightBSD 1.2.1 release Bugfixes for package management and module builds. Lucas Holt Luke at FoolishGames.com ________________________________________________________ MidnightBSD.org (Free OS) JustJournal.com (Free blogging)