Release Notes icon MidnightBSD Release Notes

(06/07/2022) MidnightBSD 2.2

I’m happy to announce the availability of MidnightBSD 2.2 for amd64 and i386. This release focused on updating third party software in the base system and some smaller enhancements.

Upgrade Process

Install git if you don’t have it already mport install git

Fetch MidnightBSD from git via (assumes you don’t have /usr/src populated) git clone

Checkout the stable/2.2 branch git checkout stable/2.2 cd /usr/src; make clean buildworld buildkernel;
mergemaster -p
make installkernel

(if it works OK, login and go to /usr/src)
make installworld
mergemaster -iU

Update installed mports/packages
For mport package manager, run mport index mport clean # saves time when running make delete-old rm -rf /usr/lib/perl/5.32.0 cd /usr/src/; make check-old; make delete-old; make installworld;

When you are done, verify that perl is updated by running perl -v You should have perl 5.36.0.

Bug Fixes and new features

use md library sha256 implementation for lzma

/bin/sh updated based on freebsd 12-stable sources

root shell changed to tcsh from csh. This adds history to the root user’s interactive shell. We may change the root shell to mksh in the future.

Introduce a patch to dummynet from pfsense to increase max value to 4Gb/s instead of 2Gb/s.

mport 2.2.0
removes use of libdispatch / gcd dependency so we can eventually support static built mport.
add desktop-file-utils command to plist.
add @KLD to plist handler (allows packages to define kernel modules)
Introduce type on ucl pkg messages (allows package messages on specific events)
add null check on stub detach (prevents crashing when unloading a package)
add chroot path to libexec commands and mport.list (allows a chroot for updating in a jail)

Fixed issues with desktop startup and created an initial .xinitrc file for GUI installs.

A Hyper-V vPCI emulation change can cause SR-IOV (Single-Root I/O Virtualization) and DDA (Discrete Device Assignment) devices to fail to operate correctly under Hyper-V. In recent Hyper-V releases on Windows Server 2022, the vPCI code does not initialize the last 4 bit of device registers. This behavior change could result in failure to initialize guest drivers for SR-IOV or DDA devices.

Netcat: add sctp support from FreeBSD

Add ptsname_r to libc.

Ipfilter bug fixes from FreeBSD.

Enable dbus and hald during the firstboot script (long term we want hal to go away)

Slow down the loader twiddle. (speeds up boot on VMs like AWS AMI and older hardware)

add siginfo to chflags

switch to less pager for root.

cat(1): Bring in a bug fix for the -e flag as found in FreeBSD 12 stable

Security Fixes

Update root certificates bundle

Reject execve when new argc is zero. Fixes a security issue with NULL argv[0] entries similar to the recent CVE with polkit on Linux.

Fix an integer overflow in OpenSSL and memory leaks.

netmap: Fix TOCTOU vulnerability in nmreq_copyin The total size of the user-provided nmreq was first computed and then trusted during the copyin. This might lead to kernel memory corruption and escape from jails/containers.
Security: CVE-2022-23084

An unsanitized field in an option could be abused, causing an integer overflow followed by kernel memory corruption. This might be used to escape jails/containers.
Security: CVE-2022-23085

The netmap_ioctl() function has a reference counting bug in case of NETMAP_REQ_PORT_INFO_GET command. When `hdr->nr_name[0] == '\0'`, the function does not decrease the refcount of "nmd", which is increased by netmap_mem_find(), causing a refcount leak.

Wpa_supplicant: A vulnerability was discovered in how wpa_supplicant processes P2P (Wi-Fi Direct) provision discovery requests. Under a corner case condition, an invalid Provision Discovery Request frame could end up reaching a state where the oldest peer entry needs to be removed. With a suitably constructed invalid frame, this could result in use (read+write) of freed memory. This can result in an attacker within radio range of the device running P2P discovery being able to cause unexpected behavior, including termination of the wpa_supplicant process and potentially code execution.

Binutils: The function make_relative_prefix_1 does not properly free locally allocated memory when it returns early. Free the memory associated with the variables full_programe, bin_dirs, prog_dirs, and prefix_dirs when the function returns early.

Zlib: Fix CLEAR_HASH macro to be usable as a single statement. Fix a security issue in inflate.c

3rd Party Software


Update PCI vendor ids

add libusb_has_capability to libusb

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.

Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.

The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets.

When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on- stack buffer. The offset was not validated for certain packet types.

The hard-coded size for state region 1 (SSE/XMM) was incorrect.

Known Issues

mport package manager - On systems with a large number of packages installed, a mport upgrade can run out of file descriptors.

OpenSSL is quite out of date. We had planned to update this for the release, but ran into some issues with GELI. Instead, we backported some public patches to our OpenSSL version. We will continue to work on this and do another release when available. Please use the mports version of OpenSSL for any software you build.

At the time of writing, packages for 2.2.0 are still building.