Release Notes icon MidnightBSD Release Notes

Late breaking information:

Previous Release Notes

(09/21/2021) MidnightBSD 2.1

I’m happy to announce the availability of MidnightBSD 2.1 for amd64 and i386. This is an incremental release focusing on bug fixes, improvements to the package manager and a new system compiler.

Upgrade Process

Install git if you don’t have it already mport install git

Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated) git clone https://github.com/MidnightBSD/src.git

Checkout the stable/2.1 branch git checkout stable/2.1 cd /usr/src; make clean buildworld buildkernel;
mergemaster -p
make installkernel
reboot

(if it works OK, login and go to /usr/src)
make installworld
mergemaster -iU
cd /usr/src/usr.bin/perl; make; make install;

Update installed mports/packages
cd /usr/src/; make check-old; make delete-old

Bug Fixes and new features

The majority of improvements come from the MidnightBSD package manager, mport. A number of longstanding bugs have been fixed. It now can update dependencies properly on install, update or upgrade scenarios. Previously, it would sometimes crash and force the user to do it manually. Several fixes have been made around PLIST processing.

mport now sets a character encoding so that extracting files with libarchive with special characters is more likely to work properly without a crash occurring. (lang/go port is a fun trigger of this bug)

libmport no long relies on libdispatch. This is slower in a few scenarios, but most invocations are now faster as it doesn't need to setup the thread pools or do the locking it once did. This makes sense as package installs have a lot of serial code paths. Also fixed many memory leaks as well as some use after free and invalid free calls against the wrong pointer. We're now using sha256 for hashing plist entries installed.

We now generate a os-release file on system startup in /var/run

Fixed issue where looking at some man pages would cause man to crash in MidnightBSD.

A bug in the firstboot script was corrected that referenced an invalid package name.

burncd was removed.

Fixed some temp file handling bugs

Fixed some problems with libcxxrt and rtld in MidnightBSD that would cause strange problems with 32bit binaries.

Fix the buggy mdnsd 'mdns' sed in the /etc/rc.d/mdnsd script that would often cause it to fail to modify /etc/nsswitch.conf on system startup as needed.

libcasper(3) creates service processes by forking the calling process, so they initially inherit the calling process' file descriptor table. Casper services expect the lowest 3 file descriptors, traditionally corresponding to standard input, output, and error, are redirected to /dev/null. libcasper(3) ensures this is the case. However, it did not handle the possibility that one of them is closed, and this scenario would trigger an assertion failure during service creation, resulting in a crash.

Security Fixes

Apache Portable Runtime CVE workaround. CVE-2021-35940

A programming error in the Linux compatibility layer futex(2) system call might allow attackers to cause a denial of service.

Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption.

The ggatec(8) daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).

The passive mode in FTP communication allows an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for *p == '\0' one byte too late because p++ was already performed.

A programming error in the Linux compatibility layer futex(2) system call might allow attackers to cause a denial of service.

libcasper(3) creates service processes by forking the calling process, so they initially inherit the calling process' file descriptor table. Casper services expect the lowest 3 file descriptors, traditionally corresponding to standard input, output, and error, are redirected to /dev/null. libcasper(3) ensures this is the case. However, it did not handle the possibility that one of them is closed, and this scenario would trigger an assertion failure during service creation, resulting in a crash.

A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose.

Due to a race condition between lookup of ".." and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail.

Fix a security issue with pam. The rules would not be applied correctly.

xen fix to unmap correctly when errors occur

Fix a extattr corruption bug with ufs

Uninitialized kernel stack leaks in several file systems

Xen guests can triger backend Out Of Memory

The root certificates of the Mozilla CA Certificate Store have been updated.

Fixed a security problem with zlib:
Handle case where inflateSync used when header never processed. If zlib and/or gzip header processing was requested, but a header was never provided and inflateSync was used successfully, then the inflate state would be inconsistent, trying to compute a check value but with no flags set. This commit sets the inflate mode to raw in this case, since there is no other assumption that can be made if a header was requested but never seen.

3rd Party Software

Hardware

Added sume(4) - NetFPGA SUME 4x10Gb Ethernet driver

JMicron JMB582/JMB585 AHCI

Add deprecation notices to ctau and cx drivers

Update e1000 driver for Intel gigabit NICs

evdev - fix a panic when removing a usb mouse

ichwd - Add Atom C3000 watchdog ID

ismt - fix a left shift bug

Fix intrhook release in MFI

Add support for BCM54618SE PHY

mlx5 - Account out of buffer as dropped packets in mlx5en(4)

netmap: ixl: add CRC to outbound frames

nvme bug fixes

Sync nxge driver with FreeBSD

Don't consider PCIe hot-plug command timeout fatal

add Bitron Video AV2010/10 ZigBee USB Stick

Various bug fixes to usb, vxge

Known Issues

We're in the process of building new i386 packages as many important ones for desktop use are missing at the moment.