MidnightBSD Developer Journal

src:
Progress continues on syncing with relevant FreeBSD 6.1 Release changes. I tagged the code today with a snapshot point that has been known to work on a limited number of systems. (not massive testing) If you've been holding off updating your sources, its stafe to use that tag. Please note that we have not patched the jail vulnerability found when starting jails with syslog yet. This will be done after our other changes are completed.

mports:
The mports index is not building currently. That means using portupgrade can fail unless you have an old stable index. The problem occured as I commited some kde ports awhile back without the entire KDE distrobution. It will be resolved one way or another shortly.

I fixed up some typos in various Makefiles and added ghostscript-apsl. I also made a few adjustments with the ghostscript references in bsd.port.mk... Phil had already made several changes recently in this area.

The sudden attention to detail with mports was long overdue. We also need to clean up mports for a snapshot and release on the horizon.

With the kde ports locally, I'm able to to bulid the index. I also noticed some bugs with the cups mport that need some research. (make clean fails for instance)

Our mports manager, Phil Pereira was featured recently. (bsdtalk091)

http://bsdtalk.blogspot.com/

I'm in the process of making some changes with syscons which breaks HEAD at the moment. If you need to cvsup to a more recent version, it should be safe to grab the changes from around Dec 31. Alternatively, you can save your syscons directory and sync up now. This should be fixed soon. Systems with 1 CPU and no hyperthreading should be fine.

Most of my time has been spent on src these last few days.  I just commited seq(1) from NetBSD. 

Yesterday I spent some time on init(8).  A patch was proposed for FreeBSD which also worked quite nicely for us to allow init to chroot.  I also did a bit of cleanup work on the source and shrunk the binary a bit. 

I also worked on /etc/rc.d.  Several of the scripts ordering was changed and some imrprovements were done to a few scripts.

The Acer m5288 PCI id was added to src/sys/dev/ata/ata-chipset.c to allow that chip which is found on newer laptops. 

The loginfail periodic script was altered to display login errors from more daemons. 

mixer_enable="YES" was added to rc so that one can turn off the mixer on systems without sound cards. 

src/usr.bin/login was changed to log errors from setenv. 

On the mports front, Phil has been commiting updates to several existing ports. 

First Release

I've made a decision about the first release.  I had held off on many source commits between early November and this last week as I had thought I'd do a release by now.  In fact, I promised it to several people.  The release has been held off mostly due to issues with automating building of packages for the ISO, generating the index and spliting the packages.  I'm at a point I can manually create packages and could possibly do a limited release.  I'd rather not ship packages which are not built in a very clean environment.  I've been working on modifying and writing scripts to do our package building in my spare time. 

I've decided that I will ship the first release without packages on the ISO.  mports will be installed however.  I plan to finish up some current projects on src and then possibly creating a snapshot early next week.  If all goes well, I hope to ship a tested release without packages by the end of January.  I will need to make adjustments to sysinstall as to not confuse users or cause any errors.  That deadline will also allow me to try to finish my scripts to build packages.  At this point, I feel the project has progressed far enough to warrent a release and allow us to start with a solid foundation to start doing interesting work.  The vast majority of commits have been to simply keep up with FreeBSD which is not what we want to do.  I don't want to be a distro of FreeBSD, but rather branch out with a complete desktop system.  You should start seeing more commits of features from other BSD systems and unique additions from our own project. 

A CVSup server was created to download src and mports. csup was also added to base to help with retrieving mports. sup files were created, edited and in some cases deleted so /usr/share/examples/cvsup is now safe to use as an example to connect to our server.

A bug was patched in burncd which caused erasing a CDRW to go on forwever.

A problem with the bsnmpd update from Oct 30 was corrected.

Updates to sync GEOM with FreeBSD 6.2 stable are underway.

A bug with long double to long and long long conversions on sparc64 was fixed.

A bug with syscons/tty support was fixed which could cause a race condition in certain situations.

An rcNG script was added for rdate to allow clients to sync to a time server. We introduced OpenNTPD and rdate several months back, but had not created a replacement for the ntpdate script. This has been corrected and other scripts depending on ntpdate were adjusted. To use the rdate script, a server must be specified in rc.conf as well as enabling it. rdate_enable="YES" and rdate_flags="-n stargazer.midnightbsd.org" for instance would enable rdate and have it sync to our local time server. Its not recommended to use our server as its on a slow link and not designed to be very accurate.

Several browsers have been updated in recent weeks.  Many of the mports were updated today.

www/linux-firefox : 2.0.0.1 (recent security patch)
www/linux-firefox-devel  (last snapshot)
www/linux-seamonkey (last release 1.0.6)
www/opera  : 9.10

security/gnupg was updated to 1.4.6 to fix a security issue.  All users that use gnupg should update as soon as possible. 

mail/squirrelmail was updated to 1.49a to fix a security issue.

AddressManager (mail/addresses) is a GNUstep Address Book.  It was added tonight. 

x11-servers/mga_hal, a Matrox driver, was added. 

GNU tar was updated to fix the semi-recent vulnerability.  It was also updated to 1.16.

FreeTar, a GNUstep graphical tar utility was added to archivers.

I've setup HTTP downloads on the MidnightBSD website again.  The mirrors are now listed in a table with upload speed estimates when possible.  Its recommended you download from the ISC mirror.

http://www.pacificepoch.com/newsstories/82819_0_5_0_M/

There have been quite a few derivatives of FreeBSD floating around lately.

Teemu Salmela has reported a security issue in GNU tar, which can be
exploited by malicious people to overwrite arbitrary files.

The security issue is caused due to the "extract_archive()" function
in extract.c and the "extract_mangle()" function in mangle.c still
processing the deprecated "GNUTYPE_NAMES" record type containing
symbolic links. This can be exploited to overwrite arbitrary files by
e.g. tricking a user into unpacking a specially crafted tar file.

The security issue is reported in version 1.15.1 and 1.16. Other
versions may also be affected.


---

MidnightBSD mports included 1.15.1 which is vulnerable.

Several vulnerabilities have been found in archivers/lha. These are similar to the gzip issues found a few months back. MidnightBSD was the first to get an update into ports as OpenBSD, NetBSD's pkgsrc and FreeBSD do not have an update in cvs. Several of the linux distros beat us to it, however.

In the process, I've switched the port over to a maintained version. The original had not been updated since 2000 and had port specific patches up to two years ago. OpenBSD is using this version as well although they haven't updated to p1.

The port was a bit rushed so please report any problems with it.

OpenLDAP was updated to 2.3.30 to work around some potential security issues. OpenLDAP-sasl-client was added to mports as well.

msdosfs was patched to handle dates correctly.

The dovecot port was updated to fix a security issue and simply to catch it up. There were 8 release canidates since the version was added to ports. A few options changed in the config file. The default_mail_env variable changed name and requires a slightly different entry. Consult the new example config for mail_location to fix your paths.

Apache 2.0.59 and 2.2.3 were finally added to mports!

I'm in the process of catching up on several security problems with ports. QT was updated to 3.3.7. PHP was updated to 5.2.0. Ruby was patched for a cgi vulnerability.

I've corrected an overflow in banner as reported on bugtraq.

I've added the lang/tcl83 port as a dependancy of tuxracer which was also added today. I also added kdehier as a start toward kde in ports. I'm not going to push kde, but some users like some of the applications. GNUstep is still the focus of the project.

Yesterday, I updated MySQL to 5.0.27.

The NVIDIA driver port was updated to fix the buffer overflow vulnerability from some weeks back. I also added x11/nvidia-settings to allow configuration of graphics cards.

glxgears is working great with the new driver although i've noticed a problem with Enemy Territory.