3.0.2 release includes mport 2.3.0, and security fixes for pam and openssh. 3.0.1 release includes OpenSSL 1.1.1t, mport 2.2.9, Fix CVE-2020-10188 in telnetd, doas 6.3p9, tzdata 2023c, and readelf - gnu compatibility on output.
I’m happy to announce the availability of MidnightBSD 3.0 for amd64 and i386. This release includes several larger enhancements imported from FreeBSD 12 stable.
Install git if you don’t have it already
mport install git
Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)
git clone -b stable/3.0 https://github.com/MidnightBSD/src.git
NOTE: some users have experienced build errors on 2.x which require disabling perl in usr.bin/Makefile at the top and removing camcontrol and df from the rescue/rescue/Makefile temporarily. You can build these once on 3.x. We are investigating the issue.
cd /usr/src; make -j4 clean buildworld buildkernel;
(if it works OK, login and go to /usr/src)
Update installed mports/packages
For mport package manager, run
Remove old libraries and programs from the base.
cd /usr/src/; make check-old; make delete-old; make installworld;
Fix for GELI silently omits the keyfile if read from stdin.
mport 2.2.7 + bug fixes
An update to the caroot CA bundle processor to support certificates marked with a DISTRUST_AFTER entry.
The /etc/rc.final rc(8) script will now be run after all user processes have terminated.
The automount(8) utility will now explicitly set the root path to / before performing an automatic mount.
The bectl(8) utility will now throw an error to prevent the creation of a boot environment with spaces.
The bhyve(8) utility had support for large IOs fixed in nvme(4) emulation.
The cmp(1) utility received -b, --print-bytes flags to be compatible with GNU cmp(1).
The cmp(1) utility received the -i, --ignore-initial flags as an alternative to skip1/skip2.
The cmp(1) utility now accepts SI suffixes for skip1/skip2.
The cmp(1) utility received the -n, --bytes flags to limit number of bytes to compare.
The cpuset(1) utility can now be used by a jail to modify the roots of a child jail.
The daemon(8) utility now has a -H flag allowing it to catch a SIGHUP and re-open output file. This was added to support newsyslog(8) operations.
The fstyp(8) utility will now detect and show exFAT filesystems with the -l flag.
The geli(8) utility will no longer report an error when performing a resize to the same size.
The grep(1) utility will now disable -w if -x is also specified.
The growfs(8) utility will now function on RW mounted filesystems.
The kldxref(8) utility will no longer error out if the directory specified with the -d flag is not actually a directory.
The mergemaster(8) utility will now handle symbolic links during the update process.
The mksnap_ffs(8) utility received a fix for a crash which triggered a Panic: snapacct_ufs2: bad block panic.
The mount(8) utility will now properly show with quotas when quotas are enabled.
The mountd(8) utility will now generate a syslog(3) message when the V4: line is missing from /etc/exports.
The newsyslog(8) utility received a new E flag to prevent rotation of empty log files.
The rc.d/jail rc(8) script had a keyword change to fix jails within jails support.
The rtsold(8) daemon will now work on if_vlan (see: vlan(4)) interfaces.
The service(8) utility will now set the environment of the daemon class before invoking.
The wpl_cli(8) utility now has an action file event where an event may be passed to a file.
The internal KAPI between the krpc and nfsd modules was updated
The ipfw(8) firewall was provided a dnctl(8) to manage dummynet(4) configurations.
An opencrypto kern.crypto sysctl(8) node was added.
A new sysctl(8), debug.uma_reclaim, was added.
The kern.timecounter.hardware OID was converted into a tuneable.
The msdosfs(5) filesystem driver received a fix for msdosfs suspension.
The ng_bridge(4) netgraph node is now SMP aware.
The ng_nat(4) netgraph node received support for RFC 6598/Carrier Grade NAT support.
The ng_source(4) netgraph node may now be injected into any netgraph network.
The vlan(4) interface can now support ALTQ.
The pf(4) firewall has received several bugfixes and updates.
A fix for handling of embedded symbolic links in UFS/FFS was merged.
A fix for NFSv4.1 Linux client mount getting stuck in CLOSE_WAIT status was merged.
A fix for NFSv4.1/4.2 mount recovery from an expired lease was merged.
Several fixes for NFSv4 were merged.
A segmentation fault during wpa EAP/PEAP MSCHAPv2 authentication was fixed.
The fetch(3) library now supports proxying FTP over HTTPS.
A new rc.conf(5) variable has been added, linux_mounts_enable, which controls if Linux®-specific filesystems are mounted in /compat/linux if linux_enable is set to YES.
The devd(8) utility has been updated to change the default syslogd(8) notification for resume from kern to kernel.
The cron(8) utility has been updated to support two new flags in crontab(5), -n and -q, which suppress mail on successful runs and suppress logging of command execution, respectively.
The ifconfig library has been updated to report the status of a bridge(4) interface, similarly to lagg(4).
The read(2) system call has been changed to disable read() calls on directories by default. A new sysctl(8) has been added, security.bsd.allow_read_dir, which when set to 1 will restore the previous behavior.
The machdep.kdb_on_nmi sysctl(8) has been removed. The machdep.panic_on_nmi sysctl(8) tunable has changed to directly enter the debugger.
Support for APEI (ACPI Platform Error Interfaces) has been added.
Support for NAT64 CLAT has been added, as defined in RFC6877.
The getrandom(2) system call and getentropy(3) library have been added, compatible with Linux® and OpenBSD implementations.
get_s(3) has been added.
The pthread(3) library has been updated to incorporate POSIX/SUSv4-2018 compliance improvements.
The arc4random(3) library has been updated to remove arc4random_stir() and arc4random_addrandom().
The boot loader will now support booting an OS from a memory disk.
The boot loader will now support pools without features.
The boot loader will now accept the zfs features com.delphix:bookmark_written and com.datto:bookmark_v2.
A new OID, hint.dev.X.disabled was added to lua loader prevent device attachment during boot.
The arc4random(3) library has been updated to match the OpenBSD version 1.35
OpenSSL 1.1.1s is now included in base. Previously, we were still on 1.0.2u + some extra patches. This is a long overdue security update.
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
Fix for Intel 82599 ixgbe device which reported errors on the interface incorrectly.
The alc(4) device driver now supports the Mikrotik® 10/25G Network device.
The amdtemp(4) device driver has learned about family 17h models: M20h (Dali, Zen1), M60H (Renoir, Zen2), and M90H (Van Gogh, Zen2).
The amdtemp(4) device driver received support for Zen 3 "Vermeer" and Ryzen® 4000 APU (Zen 2, "Renoir").
The amdsmn(4) device driver received support for Zen 3 "Vermeer" and Ryzen® 4000 APU (Zen 2, "Renoir").
The cam(4) driver had quick unplug and replug SCSI fixed.
The bnxt(4) device driver will now report if WOL (Wake On Lan) support is supported on the hardware and show an enabled status if a filter was applied on system initialization.
The em(4) device driver now supports the flashless i211 PBA.
The em(4) device driver received several updates to shared code.
The ena(4) device driver was updated to 2.4.1.
The ice(4) device driver was updated to 0.28.1-k with an updated ice_ddp package file of version 18.104.22.168.
A new driver, igc(4) was added to support the Intel® I225 Ethernet controller and supports 2.5G/1G/100MB/10MB.
The ixgbe(4) device driver received a shared code update.
The ixgbe(4) device driver received a fix for the x550em 10G NIC link status where the auto-negotiation feature was not reported correctly.
The ixl(4) device driver was given the hw.ix.flow_control tuneable.
The ixl(4) device driver had an update in shared code and fixes for 2.5G and 5G speeds.
The iwm(4) device driver now supports the Intel® Killer® Wireless-AC 1550i.
The nvdimm(4) ACPI driver will now export health information via a sysctl(8).
The nvme(4) device driver received support for MSI and single MSI-X support.
The nvme(4) device driver received several merged bugfixes.
The rctl(4) resource limits driver now supports throttling resource usage to 0 for rate-based resources that support throttling. These resources will respect the duration set by the kern.racct.rctl.throttle_max sysctl(8).
The rsu(4) device driver now supports the ASUS® WL-167G V3 device.
The rtwn_usb(4) device driver now supports the Mercusys® MW150US (N150 Nano), TP-Link® Archer T2U v3, and D-Link® DWA-121 (N150 Nano) devices.
The run(4) device driver now supports the D-Link® DWA-130 rev F1 wireless adapter and the ASUS® USB-N14 wireless adapter.
The tcp(4) protocol will now tolerate the missing of timestamps (RFC 1323/RFC 7323) via the use of the net.inet.tcp.tolerate_missing_ts sysctl(8).
The uart(4) device driver now supports the Intel® 100 Series/C230 Series AMT.
The mps(4) driver has been removed from the 32-bit GENERIC kernel configuration.
The virtio_blk(4) driver has been updated to support TRIM.
The ichwd(4) driver has been updated to include support for TCO watchdog timers in the Lewisburg PCH (C620) chipset.
The amdsmn(4) and amdtemp(4) drivers have been updated to support Ryzen™ 2 host bridges.
The amdtemp(4) driver has been updated to correct temperature reporting for the AMD® 2990WX.
The rtwn_pci(4) driver has been added for the RTL8188EE chipset.
The ntb_hw_amd(4) driver has been added, providing support for the AMD® Non-Transparent Bridge.
The nvme(4) driver has been updated to support suspend/resume for PCI attachment.
The cdceem(4) driver has been added, supporting virtual USB network cards provided by iLO 5, found in HPE® Proliant™ servers.
The mpr(4) and mps(4) drivers have been updated with stability fixes.
The camcontrol(8) utility has been updated to add ATA power mode support.
The cam(4) subsystem has been updated to improve AHCI enclosure management and SES interoperation.
The ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems.
Support for the Microchip® LAN78xx™ USB3-GigE controller has been added.
There are known issues with the firefox, chromium-bin, midori and epiphany web browser packages and mports that need to be corrected. (detected late, sorry) Issues were created on github in mports repo to track these. (mesa issue, see below)
i386 and amd64 packages are available, but there was an issue with our mesa version. It has been updated in mports but new packages haven't been built yet.
When upgrading from a previous release, be sure to get on at least MidnightBSD 2.2.5 before jumping to 3.0. There are issues with usr.bin/lex on some systems.
When doing a major upgrade from 2.x to 3.x, sometimes it's necessary to disable perl builds in usr.bin/Makefile. If you get an error with buildworld in src/rescue/rescue, try removing camcontrol and df from the makefile temporarily. Once on 3.x, you can rebuild the src/rescue/rescue and src/usr.bin/perl directories with make && make install.
On some AMD Ryzen systems, there is a time skew under high load or with heavy virtualization workloads. If you notice this issue, try changing the default kern.eventtimer.timer. HPET sometimes helps.