[Midnightbsd-users] MidnightBSD 3.2 release

Lucas Holt luke at foolishgames.com
Mon Jul 22 13:45:57 EDT 2024 

I’m happy to announce the availability of MidnightBSD 3.2 for amd64 and 
i386.

This release included updates to third-party libraries, bug fixes from 
the 3.1 release, and security updates.

Upgrade Process
Install git if you don’t have it already
mport install git

Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes 
you don’t have /usr/src populated)

git clone -b stable/3.2 https://github.com/MidnightBSD/src.git

NOTE: some users have experienced build errors on 2.x which require 
disabling perl in usr.bin/Makefile at the top and removing camcontrol 
and df from the rescue/rescue/Makefile temporarily. You can build these 
once on 3.x.

cd /usr/src; make -j4 clean buildworld buildkernel;
choose one of etcupdate or mergemaster -p
make installkernel
reboot

(if it works OK, login and go to /usr/src)
make installworld
choose one of etcupdate or mergemaster -iU

Update installed mports/packages
For mport package manager, run mport index
mport clean
mport upgrade

Remove old libraries and programs from the base.

rm -rf /usr/lib/perl/5.36.1 cd /usr/src/; make check-old; make 
delete-old; make installworld;

Perl was removed from base in 3.2. Install from mports or packages via 
mport install perl5.36

Bug Fixes and new features
Ravenports
Ravenports is available in MidnightBSD for the amd64 architecture. The 
initial installation process will prompt you to bootstrap Ravenports. 
This will initialize it in /raven/, and you will be able to install 
software packages using /raven/sbin/ravensw. By default, /raven/bin, 
/raven/sbin, and so on are not on the path. You can add them to the path 
to make running software in your shell easier. Please visit their 
website to learn more about Ravenports and find quickstart guides. 
http://www.ravenports.com/

You can choose either mports or Ravenports at installation time or use 
packages from both systems. Please note that mixing packages may have 
some complications, although they are installed in a completely 
different place from mports.

There are various benefits to Ravenports, but a few are more updated 
packages and quite a few unique packages that mports doesn’t provide 
currently. For example, Ravenports has an updated Firefox package available.

You will not see Ravenports presented as an option on an i386 install.

Mport package manager
Updated mport to 2.6.2

Miscellaneous Changes
Fixed a bug with portsnap configuration with 3.x releases where it used 
an old index.

Fix for some vnc clients with bhyve, added com ports to bhyve

Various manual pages cleaned up.

zstd enabled in libarchive

telnetd removed

libfetch: don't rely on ca_root_nss for certificate validation

add endian.h for linux compatibility

Security Fixes
OpenSSH security vulnerability
A signal handler in sshd(8) calls a function that is not 
async-signal-safe. The signal handler is invoked when a client does not 
authenticate within the LoginGraceTime seconds (120 by default). This 
signal handler executes in the context of the sshd(8)'s privileged code, 
which is not sandboxed and runs with full root privileges.
This issue is a regression of CVE-2006-5051 originally reported by Mark 
Dowd and accidentally reintroduced in OpenSSH 8.5p1.

OpenSSH 9.3p2 - CVE-2023-38408 Patch for CVE-2023-48795

Fix security issue in libpcap OSV-2020-1231

Fix for wpa supplicant CVE-2023-52160

pf security issue:
As part of its stateful TCP connection tracking implementation, pf 
performs sequence number validation on inbound packets. This makes it 
difficult for a would-be attacker to spoof the sender and inject packets 
into a TCP stream, since crafted packets must contain sequence numbers 
which match the current connection state to avoid being rejected by the 
firewall. A bug in the implementation of sequence number validation 
means that the sequence number is not in fact validated, allowing an 
attacker who is able to impersonate the remote host and guess the 
connection's port numbers to inject packets into the TCP stream.

3rd Party Software
Perl removed from base. Install via mports
brainfuck removed from base. Moved to mports
Removed subversion from base. install from mports if needed. (use git 
for MidnightBSD)
expat 2.6.2
ldns 1.8.3
sendmail 8.18.1
libarchive 3.7.2
zstd 1.5.2
Unbound 1.19.3
xz / lzma 5.4.5
tzdata 2023d
mandoc 1.14.6
OpenSSH 9.3p2
nvi 2.2.1
openssl 1.1.1w
Hardware
PCI vendors list updated (April 2024)

AMD zen4 temperature sensor support

unbreak Promise RAID1 with 4+ providers

usbdevs: add quirk for WD MyPassport Ultra External HDD

ahci: add AMD KERNCZ (RAID) device id in RAID mode

Known Issues
Ravenports install is not in the path, but we also don’t tell you that 
during bootstrap.

On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without 
swapping or crashing. Occasional VM hangs have also been seen. It works 
fine on bare metal, bhyve, or VMware products.

More information about the Midnightbsd-users mailing list