Release Notes icon MidnightBSD Release Notes

(07/22/2024) MidnightBSD 3.2

I’m happy to announce the availability of MidnightBSD 3.2 for amd64 and i386.

This release included updates to third-party libraries, bug fixes from the 3.1 release, and security updates.

Upgrade Process

Install git if you don’t have it already
mport install git

Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)

git clone -b stable/3.2 https://github.com/MidnightBSD/src.git

NOTE: some users have experienced build errors on 2.x which require disabling perl in usr.bin/Makefile at the top and removing camcontrol and df from the rescue/rescue/Makefile temporarily. You can build these once on 3.x.

cd /usr/src; make -j4 clean buildworld buildkernel;
choose one of etcupdate or mergemaster -p
make installkernel
reboot

(if it works OK, login and go to /usr/src)
make installworld
choose one of etcupdate or mergemaster -iU

Update installed mports/packages
For mport package manager, run mport index
mport clean
mport upgrade

Remove old libraries and programs from the base.

rm -rf /usr/lib/perl/5.36.1 cd /usr/src/; make check-old; make delete-old; make installworld;

Perl was removed from base in 3.2. Install from mports or packages via mport install perl5.36

Bug Fixes and new features

Ravenports

Ravenports is available in MidnightBSD for the amd64 architecture. The initial installation process will prompt you to bootstrap Ravenports. This will initialize it in /raven/, and you will be able to install software packages using /raven/sbin/ravensw. By default, /raven/bin, /raven/sbin, and so on are not on the path. You can add them to the path to make running software in your shell easier. Please visit their website to learn more about Ravenports and find quickstart guides. http://www.ravenports.com/

You can choose either mports or Ravenports at installation time or use packages from both systems. Please note that mixing packages may have some complications, although they are installed in a completely different place from mports.

There are various benefits to Ravenports, but a few are more updated packages and quite a few unique packages that mports doesn’t provide currently. For example, Ravenports has an updated Firefox package available.

You will not see Ravenports presented as an option on an i386 install.

Mport package manager

Updated mport to 2.6.2

Miscellaneous Changes

Fixed a bug with portsnap configuration with 3.x releases where it used an old index.

Fix for some vnc clients with bhyve, added com ports to bhyve

Various manual pages cleaned up.

zstd enabled in libarchive

telnetd removed

libfetch: don't rely on ca_root_nss for certificate validation

add endian.h for linux compatibility

Security Fixes

OpenSSH security vulnerability
A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1.

OpenSSH 9.3p2 - CVE-2023-38408 Patch for CVE-2023-48795

Fix security issue in libpcap OSV-2020-1231

Fix for wpa supplicant CVE-2023-52160

pf security issue:
As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence numbers which match the current connection state to avoid being rejected by the firewall. A bug in the implementation of sequence number validation means that the sequence number is not in fact validated, allowing an attacker who is able to impersonate the remote host and guess the connection's port numbers to inject packets into the TCP stream.

3rd Party Software

Hardware

PCI vendors list updated (April 2024)

AMD zen4 temperature sensor support

unbreak Promise RAID1 with 4+ providers

usbdevs: add quirk for WD MyPassport Ultra External HDD

ahci: add AMD KERNCZ (RAID) device id in RAID mode

Known Issues

Ravenports install is not in the path, but we also don’t tell you that during bootstrap.

On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without swapping or crashing. Occasional VM hangs have also been seen. It works fine on bare metal, bhyve, or VMware products.