Release Notes icon MidnightBSD Release Notes

Late breaking information:

There have been several issues identified post the 1.2 RELEASE including bugs in mport package manager that prevent installation or set incorrect permissions, security issues (described on security page), and a bug with the NFSv4 server that can result in crashes. Recommended to update to the 1.2-stable branch. In addition, we migrated from SVN to Git after the release. Be sure to fetch updates from Github. 1.2.7 - Fix bugs in USB stack, mport package manager, and multiple security issues. (see security page) 1.2.8 - Fix security vulnerability in dhclient

Previous Release Notes

(10/31/2019) MidnightBSD 1.2

I’m happy to announce the availability of MidnightBSD 1.2 for amd64 and i386. This release focused on updating base system libraries and security. A significant effort has been put into updating various mports.

Portsnap is now included in the base system. You can use it to fetch mports. As this is a relatively new feature, please report any issues.

Bug Fixes

Fixed spell(1) by bringing back deroff(1).

Fixed a bug with the mdnsd startup script (/etc/rc.d/mdnsd) where it wouldn't modify the /etc/nsswitch.conf properly when enabling mDNSresponder.

Security fixes

The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer.

System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file.

Security patch for CVE-2019-5611.
Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller.

Fix some buffer overflows in telnet client
The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory.
Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes.

3rd party software

bsnmp bug fix - A function extracting the length from type-length-value encoding is not properly validating the submitted length.

Hardware

jedec_dimm - some modules falsely report supporting temp sensors. Handle this better.

Some work was also completed on the USB stack.

Mport Package Manager

Several bug fixes to existing SQL queries were done in this release. It should improve lookups of packages when searching or installing updates. Error handling improvements were also done.

Some bug fixes around absolute paths should improve installation when plists contain absoluate paths.

You may choose an alternate package mirror location by setting the configuration after install.

Lookup current setting: mport config get mirror_region

Set the a new mirror location: mport config set mirror_region jp

Known Issues

Several issues were reported with the 1.0 release an the LiveCD functionality. These have not been corrected yet. We recommend installing MidnightBSD in a virtual machine to try it out before committing to dedicated hardware with it.

If you are updating an existing system, after installing 1.2, you can use mport upgrade to update packages with 1.2 versions. It is recommended that you delete /usr/mports/Packages and run mport clean to remove old package remnants.

You may use svnlite (part of the base system) to checkout mports or src, if you do not wish to install the svn package.
e.g.
cd /usr/ && svnlite co http://svn.midnightbsd.org/svn/mports/trunk mports

mports moved to github and you can also use the git package to fetch updated mports with cd /usr/ && git clone https://github.com/midnightbsd/mports.git

portsnap is also available in this release and can be used to update mports also.
first use: portsnap fetch extract
then: portsnap fetch update

See the man page for more information.