MidnightBSD 3.2 release
22 July, 2024 by luke@foolishgames.com | midnightbsd
I’m happy to announce the availability of MidnightBSD 3.2 for amd64 and i386. This release included updates to third-party libraries, bug fixes from the 3.1 release, and security updates. Upgrade Process Install git if you don’t have it already mport install git Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated) git clone -b stable/3.2 https://github.com/MidnightBSD/src.git NOTE: some users have experienced build errors on 2.x which require disabling perl in usr.bin/Makefile at the top and removing camcontrol and df from the rescue/rescue/Makefile temporarily. You can build these once on 3.x. cd /usr/src; make -j4 clean buildworld buildkernel; choose one of etcupdate or mergemaster -p make installkernel reboot (if it works OK, login and go to /usr/src) make installworld choose one of etcupdate or mergemaster -iU Update installed mports/packages For mport package manager, run mport index mport clean mport upgrade Remove old libraries and programs from the base. rm -rf /usr/lib/perl/5.36.1 cd /usr/src/; make check-old; make delete-old; make installworld; Perl was removed from base in 3.2. Install from mports or packages via mport install perl5.36 Bug Fixes and new features Ravenports Ravenports is available in MidnightBSD for the amd64 architecture. The initial installation process will prompt you to bootstrap Ravenports. This will initialize it in /raven/, and you will be able to install software packages using /raven/sbin/ravensw. By default, /raven/bin, /raven/sbin, and so on are not on the path. You can add them to the path to make running software in your shell easier. Please visit their website to learn more about Ravenports and find quickstart guides. http://www.ravenports.com/ You can choose either mports or Ravenports at installation time or use packages from both systems. Please note that mixing packages may have some complications, although they are installed in a completely different place from mports. There are various benefits to Ravenports, but a few are more updated packages and quite a few unique packages that mports doesn’t provide currently. For example, Ravenports has an updated Firefox package available. You will not see Ravenports presented as an option on an i386 install. Mport package manager Updated mport to 2.6.2 Miscellaneous Changes Fixed a bug with portsnap configuration with 3.x releases where it used an old index. Fix for some vnc clients with bhyve, added com ports to bhyve Various manual pages cleaned up. zstd enabled in libarchive telnetd removed libfetch: don't rely on ca_root_nss for certificate validation add endian.h for linux compatibility Security Fixes OpenSSH security vulnerability A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1. OpenSSH 9.3p2 - CVE-2023-38408 Patch for CVE-2023-48795 Fix security issue in libpcap OSV-2020-1231 Fix for wpa supplicant CVE-2023-52160 pf security issue: As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence numbers which match the current connection state to avoid being rejected by the firewall. A bug in the implementation of sequence number validation means that the sequence number is not in fact validated, allowing an attacker who is able to impersonate the remote host and guess the connection's port numbers to inject packets into the TCP stream. 3rd Party Software Perl removed from base. Install via mports brainfuck removed from base. Moved to mports Removed subversion from base. install from mports if needed. (use git for MidnightBSD) expat 2.6.2 ldns 1.8.3 sendmail 8.18.1 libarchive 3.7.2 zstd 1.5.2 Unbound 1.19.3 xz / lzma 5.4.5 tzdata 2023d mandoc 1.14.6 OpenSSH 9.3p2 nvi 2.2.1 openssl 1.1.1w Hardware PCI vendors list updated (April 2024) AMD zen4 temperature sensor support unbreak Promise RAID1 with 4+ providers usbdevs: add quirk for WD MyPassport Ultra External HDD ahci: add AMD KERNCZ (RAID) device id in RAID mode Known Issues Ravenports install is not in the path, but we also don’t tell you that during bootstrap. On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without swapping or crashing. Occasional VM hangs have also been seen. It works fine on bare metal, bhyve, or VMware products. -- Lucas Holt Luke@FoolishGames.com ________________________________________________________ MidnightBSD.org (Free OS) JustJournal.com (Free blogging) _______________________________________________ Midnightbsd-security mailing list Midnightbsd-security@midnightbsd.org http://www.midnightbsd.org/mailman/listinfo/midnightbsd-security