BSDSec

deadsimple BSD Security Advisories and Announcements

MidnightBSD 2.2.0 release

I’m happy to announce the availability of MidnightBSD 2.2 for amd64 and 
i386.  This release focused on updating third party software in the base 
system and some smaller enhancements.


Bug Fixes and new features

use md library sha256 implementation for lzma


/bin/sh updated based on freebsd 12-stable sources


root shell changed to tcsh from csh.  This adds history to the root 
user’s interactive shell.  We may change the root shell to mksh in the 
future.


Introduce a patch to dummynet from pfsense to increase max value to 
4Gb/s instead of 2Gb/s.


mport 2.2.0

removes use of libdispatch / gcd dependency so we can eventually support 
static built mport.

add desktop-file-utils command to plist.

add @KLD to plist handler (allows packages to define kernel modules)

Introduce type on ucl pkg messages  (allows package messages on specific 
events)

add null check on stub detach (prevents crashing when unloading a package)

add chroot path to libexec commands and mport.list  (allows a chroot for 
updating in a jail)


Fixed issues with desktop startup and created an initial .xinitrc file 
for GUI installs.


A Hyper-V vPCI emulation change can cause SR-IOV (Single-Root I/O 
Virtualization) and DDA (Discrete Device Assignment) devices to fail to 
operate correctly under Hyper-V. In recent Hyper-V releases on Windows 
Server 2022, the vPCI code does not initialize the last 4 bit of device 
registers.  This behavior change could result in failure to initialize 
guest drivers for SR-IOV or DDA devices.


Netcat: add sctp support from FreeBSD


Add ptsname_r to libc.


Ipfilter bug fixes from FreeBSD.


Enable dbus and hald during the firstboot script (long term we want hal 
to go away)


Slow down the loader twiddle.  (speeds up boot on VMs like AWS AMI and 
older hardware)


add siginfo to chflags


switch to less pager for root.


cat(1): Bring in a bug fix for the -e flag as found in FreeBSD 12 stable


Known Issues

mport package manager - On systems with a large number of packages 
installed, a mport upgrade can run out of file descriptors.


OpenSSL is quite out of date. We had planned to update this for the 
release, but ran into some issues with GELI.  Instead, we backported 
some public patches to our OpenSSL version. We will continue to work on 
this and do another release when available. Please use the mports 
version of OpenSSL for any software you build.

See full release notes: https://www.midnightbsd.org/notes/

Download: https://www.midnightbsd.org/download/

-- 
Lucas Holt
Luke@FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
_______________________________________________
Midnightbsd-security mailing list
Midnightbsd-security@midnightbsd.org
http://www.midnightbsd.org/mailman/listinfo/midnightbsd-security