Security Updates
Below are instructions for reporting issues. We do not have a bug bounty program. That's for large companies that make money. We are a volunteer open source project.
For new issues that aren't already public, report security vulnerabilities to security@midnightbsd.org or via the GitHub private vulnerability feature.
For publicly disclosed issues, create a pull request at https://github.com/MidnightBSD/midnightbsd-vulns with the details. You may also create a PR to fix it on the src repository.
Report security vulnerabilities to security@midnightbsd.org or create a pull request or issue on the mports repository for ports/packages that need updates. Also report Magus security issues here.
Report security vulnerabilities to security@midnightbsd.org.
The following are not vulnerabilities:
mport audit can be used to check for security issues with packages on mport versions included with MidnightBSD 3.0.2 and higher
To detect
vulnerable software packages installed on the system, install the security advisory client.
mport install security-advisory-client. Then simply run advisory.pl to check your system.
For third party security advisories related to packages, try the Security Advisory website.
others are listed below
February 13, 2023
MidnightBSD 2.2.7
tzdata 2022g
January 16, 2022
MidnightBSD 2.1.3
mport package manager (20121217)
Bug fix for HyperV support in Windows 2022 server.
Fix register restore for SSE/XMM
November 04, 2021
MidnightBSD 2.1.2
Updated mport 2.2.0 code with bugfixes and new plist features.
Updated tzdata to fix some DST changes in asia
Update root certificates bundle
December 20, 2020
libarchive 3.5.0
Update caroot certs
unbound 1.13.0
July 23, 2020
MidnightBSD 1.2.5 (in git)
Fix a 30 year old bug in mountd.
July 10, 2020
MidnightBSD 1.2.4, 1.1.4 (in git)
update libmport to fix several package installation bugs including permissions not getting set properly and path issues.
July 9, 2020
MidnightBSD 1.2.3 (in git)
Security update for sqlite3. Update to 3.32.3
Update unbound to 1.10.1
January 18, 2019
Updated in current for security issues:
OpenSSH 7.5p1 OpenSSL 1.0.2p Perl 5.28.0
October 25, 2016
MidnightBSD 0.8.3 RELEASE
Revised patch to address a problem pointed out by ahaha from Chaitin Tech.
October 1, 2016
MidnightBSD 0.8.2 RELEASE
Fix a regression with OpenSSL security.
Sendmail 8.15.2
October 27, 2014
0.5.4 RELEASE
libmport fix for packages
October 11, 2014
0.5.2-RELEASE
Fixed a regression with mksh R50c.
February 1, 2014
0.4-RELEASE-p7
Fix a minor annoyance with the default dot.profile and ssh-agent
November 29, 2013
MidnightBSD 0.4-RELEASE-p5
libc's iconv support includes an optimization that is imcompatible with gettext's msgfmt command. By turning off this optimization, we gain compatiblity with several GNU packages.
May 30, 2012
MidnightBSD 0.3-RELEASE-p8
Fix a problem with cyrpt's DES implementation when used with non 7-bit ascii passwords.
May 30, 2012
MidnightBSD 0.3-RELEASE-p7
An additional problem in OpenSSL was identified related to the previous (p6) patch.
Add SGC and BUF_MEM_grow_clean(3) bug fixes.
November 4, 2011
MidnightBSD 0.3-RELEASE-p4
Fix a problem with unix socket handling caused by the recent patch to unix socket path handling. This allows network apps to work under the linuxolator again.
March 10, 2007
While many of the DST changes were imported last year, we decided to cover all cases and import the latest tzdata2007c. Users concerned about DST changes should update their sources and rebuild. The java ports may not have DST changes in place. We will review that issue.