Tue, 23 Aug 2016

11:46 AM - MidnightBSD 0.8 release

I'm happy to announce the availability of #MidnightBSD 0.8 release! It is now available on our primary FTP server and uploading to our mirrors. You can download it from our website.

You may also read about the changes in the release notes. http://www.midnightbsd.org/notes/

location: Work


11:45 AM - updated packages for 0.8 amd64

MidnightBSD 0.8 amd64 packages have been updated.

Note that xorg is included!

There are 2,884 packages available (more than i386 now) including part of qt5 and lumina desktop environment.

Also, if you have issues installing packages, make sure you have the latest libmport and mport tools from SVN (0.8 stable).

location: Work


Sat, 30 Jul 2016

12:15 AM - 0.8 release delay

The 0.8 release has been delayed due to bugs found with the package manager. As this is a critical part of the system, the decision was made to delay it.

We currently have developers debugging the problem.

location: Home


Thu, 7 Jul 2016

8:26 PM - MidnightBSD 0.7.9 RELEASE

Fix four security issues with MidnightBSD.

The implementation of TIOCGSERIAL ioctl(2) does not clear the output
struct before sending to userland in the linux emulation layer.

The compat 43 stat(2) system call exposes kernel stack to userland.

libarchive - CVE-2015-2304 and CVE-2013-0211 fix issues with
cpio directory traversal and an integer signedness error in the archive
write zip data routine.


8:26 PM - Downloads and traffic to midnightbsd.org

We’ve had 1370 downloads from our CDN in the last month for 0.7 release.?

Website traffic from April 20 to May 20:

1840 sessions
1504 users
3558 page views
31% traffic from Russia
17.66% from US
5% from Germany

Browser stats:
48% Chrome
27% Firefox
6% Safari
5% Opera


Thu, 22 Aug 2013

7:59 AM - 0.4-RELEASE-p2 : Fix IP MULTICAST and SCTP vulnerabilities

Fix two security vulnerabilities.

Fix an integer overflow in IP_MSFILTER (IP MULTICAST). This could be exploited to read memory by a user process.
When initializing the SCTP state cookie being sent in INIT-ACK chunks,
a buffer allocated from the kernel stack is not completely initialized.
Patches obtained from: FreeBSD


Wed, 17 Jul 2013

7:00 PM - Bug in 0.4-RELEASE

We've identified a bug related to package management in MidnightBSD .0.4-RELEASE.

The hash check that is part of libmport is improperly working.  This means you can't install packages with the mport command.

To work around this issue, please checkout the 0.4-RELEASE source from CVS using the directions on the site and then rebuild and install libmport.

cd /usr/src/lib/libmport


make install


Mon, 8 Jul 2013

Sat, 6 Jul 2013

3:41 PM - MidnightBSD 0.4-RELEASE

MidnightBSD 0.4 has been released on July 5, 2013. It includes many new features, but
of particular interest is the new package management tool, mport.  
This release is a bit different from previous releases in that we plan to update
packages during the support period for 0.4. Rather than upload packages and
sit on them for the life of the release, you will be able to download updated
packages for i386 and amd64 periodically. 
Due to this new feature, our initial package offering is smaller than we've done
for previous releases as many things had to get migrated and updated. We plan
to expand the packages available in the coming weeks. 
In addition to mport, we've imported a large number of features from FreeBSD 9.1
including ZFS with ZPOOL 28/dedup support, LLVM + CLANG in base, migration to GPT
as the default in the installer, bsdinstall, BSD licensed sort and grep,
cpucontrol(8), and UFS2 + SUJ (journaling). We've also imported the newer FreeBSD
USB stack, NFSv4 client, syscons, and CAM based ATA. 
Support for newer hardware includes Intel Sandybridge and Ivy Bridge graphics,
various wifi chipsets, updates to Intel and Realtek ethernet adapters, and acpi.
The default system compiler is still GCC 4.2, but it has been updated to a newer release.
We also removed libobjc from base as it was GCC specific and we want to migrate to
libobjc2.  We offer libobjc2 in mports and it will work with GCC and LLVM. 
MidnightBSD now has it's own GPT partition types and offers a new search command,
libc gains strnlen(3), memrchr(3), stpncpy(3).
We've also imported and updated many third party libraries:
bzip2 version 1.0.6
Diffutils 3.2
FILE 5.05
OpenSSH 5.8p2
NetBSD's iconv
BIND 9.8
tcsh 6.18.01
Perl 5.14.2
mDNSResponder 333.10
less v436
libarchive 3.0.3
libdialog (lgpl version)
libffi 3.0.10
sendmail 8.14.5
sudo 1.7.4-p6
This release is a bit disruptive due to the number of changes, but it was decided
to move forward with it due to the age of 0.3-RELEASE.  The next release is planned

as a stability release and meant to work on desktop related functionality. 


Wed, 26 Jun 2013

8:26 AM - MidnightBSD Update

There have been two snapshots release in the last few months, i386 and amd64.  The former appears to be bug free and was created this month.  You can find it in the snapshots directory under i386 and 0.4-130610-SNAP.  The amd64 snap has a few bugs, but can be installed.

Both of these snapshots are for 0.4-CURRENT.  Recently, we created a branch for 0.4 and there are a few large big fixes and one security update since the snapshots were released. It is strongly recommended to rebuild from the 0.4 branch after installing a snapshot.

There are currently no packages for i386 available.  The index does not work with the newer mport tool in RELENG_0_4.  As the ports tree is in the middle of a major update, it's not stable enough to release packages yet.  I'm working on this problem.

Most notebly QT4 is broken right now. X.org ports, dbus, gcc and many other ports have been updated in the last month. There have been many architecture changes to the mports/Mk extensions as well. We now support some FreeBSD ports USES statements (pathfix, charset, ncurses, pkgconfig) which makes migrating ports from FreeBSD easier.

Magus has been running lately and churning out test builds of packages. The results for the last 3 runs were quite bad. 


Sun, 14 Apr 2013

12:30 AM - 0.4 amd64 snap on FTP

We have a new snapshot uploading to the FTP server. It's the first snap in a year.  This snapshot is a little buggy, but does allow you to install MidnightBSD.

Please note there are many changes from 0.3-RELEASE:

1. Uses new midnightbsd partition types: mnbsd-ufs, mnbsd-boot, etc on GPT

2. ZFS is much newer than 0.3.  If you upgrade your pools, you can't use them with 0.3 anymore.

3. KMS with Intel Ivy Bridge graphics

4. Installer is completely different

5. hastd

6. updated mksh, BIND, tcsh, file, diff, binutils, mDNSResponder, libffi, openpam, openresolv, tnftp, tzcode, tzdata, wpa, xz, compiler_rt, sqlite3, ncurses, netcat, pf, traceroute, perl, openssh, openssl, less

7. updated from FreeBSD: make ipfw & ash, forth menus for the loader, bsdinstall, bsd sort, new USB stack, new cam based ATA, geom

8. llvm + clang

mport is the default package manager!

Major hardware support updates.. several wifi adapters, etc.


Wed, 20 Feb 2013

10:44 PM - New Magus run

Here's the latest run from magus.  Package count was just shy of 1800.  Many of these failures are related to Java ports.  I've made a change tonight to fix most of these.


238 0.4 amd64 active 2013-02-19 16:13:36


Tue, 19 Feb 2013

6:43 AM - Latest magus run results

We started up our package build cluster again.  A run was queued up on the 10th and run over the weekend on the new server hardware. The results are much better than I expected after such a long time without magus. 

ID OSVersion Arch Status Created  
237 0.4 amd64 active 2013-02-10 16:49:31


Thu, 31 Jan 2013

10:59 PM - 0.4-CURRENT progress

 There have been many updates in current lately.   BIND 9.8 is in progress.

Here's a brief changelog.

        MKSH R41 imported

        OpenSSH 5.8p2 imported

        SQLite imported

        Fixed a longstanding bug in libmport extrating new index


10:57 PM - MidnightBSD 0.3-RELEASE-p10

Fix a longstanding bug with libmport's return status. As this affects installation of ports, an update was applied to this branch. This is not a security update and not needed for pkg_tools.


Tue, 3 Jul 2012

8:50 AM - MidnightBSD 0.3-RELEASE-p9

  MidnightBSD 0.3-RELEASE-p9

Bind vulnerability related to resource records.  See CVE-2012-1667.


8:49 AM - 0.3-RELEASE-p8

MidnightBSD 0.3-RELEASE-p8

Fix a problem with cyrpt's DES
implementation when used with non 7-bit ascii passwords.


Thu, 31 May 2012

9:26 AM - 0.3-RELEASE-p7

MidnightBSD 0.3-RELEASE-p7 fixes a new security issue found in OpenSSL.  It is recommended for all users.  

0.4-CURRENT has also been updated.  


Thu, 3 May 2012

2:32 PM - MidnightBSD 0.3-RELEASE-p6

Several security issues have been addressed in OpenSSL in the latest security update for MidnightBSD.  0.3-RELEASE-p6 and 0.4-CURRENT have been patched to work around these issues.


OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0
records when operating as a client or a server that accept SSL 3.0
handshakes.  As a result, in each record, up to 15 bytes of uninitialized
memory may be sent, encrypted, to the SSL peer.  This could include
sensitive contents of previously freed memory. [CVE-2011-4576]

OpenSSL support for handshake restarts for server gated cryptograpy (SGC)
can be used in a denial-of-service attack. [CVE-2011-4619]

If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data.  This error can occur
on systems that parse untrusted ASN.1 data, such as X.509 certificates

or RSA public keys. [CVE-2012-2110] 


Sat, 24 Mar 2012

7:22 PM - New ZFS Documentation

I've created some basic ZFS documentation on the website.  This is in addition to some content on the wiki.  Anyone interested in using ZFS on MidnightBSD may wish to look at it as a starting point.  It doesn't replace the man pages though. 

tags: gregg lorenzo