Sat, 25 Apr 2009

11:28 PM - New Samba 3.3 port

mports/net/samba33 is a new Samba 3.3 port.  It is under the GPLv3.  The previous port will stay for some time. (samba3)  We have no plans to port 3.2.

mports/net/smbldap-tools will aid users wishing to use ldap with the new samba 3.3.

We also updated cups to correct a security vulnerability today. 

tags: cups new mports samba security


Wed, 29 Jul 2009

11:40 AM - BIND security update

For the few people using MidnightBSD as a server platform instead of a desktop, there is a security update available for named(8).  A denial of service attack is possible against BIND using dynamic update packets.  It causes named to exit. 

tags: bind named security


Fri, 16 Oct 2009

9:04 AM - mports status

 I've spent the last week getting the mports tree back in order.  We let a number of ports get stale while working on other projects.  It's time to get caught up.  

These results are poor, but roughly 100 ports now work that did not before.  We had some dependancies fail; I checked in the corrections for those ports.  A new run was just started.  We should have the results in about two days.

Ports such as libdvdread, libtool, gtk, and browser 3 all had some tlc this week.  We're also updating PHP, Apache HTTPD, Lighttpd, and a few other web related ports.  Many perl ports have been updated, particularly database related.  Bind 9.5 was removed in favor of 9.6.  Some of these changes are not present in the results below.  

Ports we need to get updated or working:

virtualbox, firefox 3.5 unbranded, p5-DBD-Pg, remaining gnome ports (50% of 2.26 is in), KDE4, GNUstep (updates), Etoile, postgres (updates)

Here are the last results from Magus on AMD64 0.2.1-p10

tags: web security desktop mports updates


Thu, 17 Nov 2011

8:27 PM - BIND security

 If you're running BIND on MidnightBSD 0.3 or lower, I strongly recommend switching to the mports version. There are a few security issues with the base system bind.

I've patched it tonight in 0.4-CURRENT, but it's not fun to backport.  

Also, our resolver has been patched to allow underscores in names.

tags: security bind named