Thu, 22 Aug 2013

12:00 AM - 0.4-RELEASE-p2 : Fix IP MULTICAST and SCTP vulnerabilities

Fix two security vulnerabilities.

 
Fix an integer overflow in IP_MSFILTER (IP MULTICAST). This could be exploited to read memory by a user process.
 
When initializing the SCTP state cookie being sent in INIT-ACK chunks,
a buffer allocated from the kernel stack is not completely initialized.
 
Patches obtained from: FreeBSD

()

Wed, 17 Jul 2013

12:00 AM - Bug in 0.4-RELEASE

We've identified a bug related to package management in MidnightBSD .0.4-RELEASE.

The hash check that is part of libmport is improperly working.  This means you can't install packages with the mport command.

To work around this issue, please checkout the 0.4-RELEASE source from CVS using the directions on the site and then rebuild and install libmport.

cd /usr/src/lib/libmport

make

make install

()

Mon, 8 Jul 2013

Sat, 6 Jul 2013

12:00 AM - MidnightBSD 0.4-RELEASE

MidnightBSD 0.4 has been released on July 5, 2013. It includes many new features, but
of particular interest is the new package management tool, mport.  
 
This release is a bit different from previous releases in that we plan to update
packages during the support period for 0.4. Rather than upload packages and
sit on them for the life of the release, you will be able to download updated
packages for i386 and amd64 periodically. 
 
Due to this new feature, our initial package offering is smaller than we've done
for previous releases as many things had to get migrated and updated. We plan
to expand the packages available in the coming weeks. 
 
In addition to mport, we've imported a large number of features from FreeBSD 9.1
including ZFS with ZPOOL 28/dedup support, LLVM + CLANG in base, migration to GPT
as the default in the installer, bsdinstall, BSD licensed sort and grep,
cpucontrol(8), and UFS2 + SUJ (journaling). We've also imported the newer FreeBSD
USB stack, NFSv4 client, syscons, and CAM based ATA. 
 
Support for newer hardware includes Intel Sandybridge and Ivy Bridge graphics,
various wifi chipsets, updates to Intel and Realtek ethernet adapters, and acpi.
 
The default system compiler is still GCC 4.2, but it has been updated to a newer release.
We also removed libobjc from base as it was GCC specific and we want to migrate to
libobjc2.  We offer libobjc2 in mports and it will work with GCC and LLVM. 
 
MidnightBSD now has it's own GPT partition types and offers a new search command,
msearch.
 
libc gains strnlen(3), memrchr(3), stpncpy(3).
 
We've also imported and updated many third party libraries:
 
bzip2 version 1.0.6
Diffutils 3.2
FILE 5.05
OpenSSH 5.8p2
SQLite 3.7.15.2
MKSH R44
NetBSD's iconv
BIND 9.8
tcsh 6.18.01
Perl 5.14.2
mDNSResponder 333.10
less v436
libarchive 3.0.3
libdialog (lgpl version)
libffi 3.0.10
wide-dhcpv6
openresolv
sendmail 8.14.5
sudo 1.7.4-p6
tzdata_2012j
 
This release is a bit disruptive due to the number of changes, but it was decided
to move forward with it due to the age of 0.3-RELEASE.  The next release is planned

as a stability release and meant to work on desktop related functionality. 

()

Wed, 26 Jun 2013

12:00 AM - MidnightBSD Update

There have been two snapshots release in the last few months, i386 and amd64.  The former appears to be bug free and was created this month.  You can find it in the snapshots directory under i386 and 0.4-130610-SNAP.  The amd64 snap has a few bugs, but can be installed.

Both of these snapshots are for 0.4-CURRENT.  Recently, we created a branch for 0.4 and there are a few large big fixes and one security update since the snapshots were released. It is strongly recommended to rebuild from the 0.4 branch after installing a snapshot.

There are currently no packages for i386 available.  The index does not work with the newer mport tool in RELENG_0_4.  As the ports tree is in the middle of a major update, it's not stable enough to release packages yet.  I'm working on this problem.

Most notebly QT4 is broken right now. X.org ports, dbus, gcc and many other ports have been updated in the last month. There have been many architecture changes to the mports/Mk extensions as well. We now support some FreeBSD ports USES statements (pathfix, charset, ncurses, pkgconfig) which makes migrating ports from FreeBSD easier.

Magus has been running lately and churning out test builds of packages. The results for the last 3 runs were quite bad. 

()

Sun, 14 Apr 2013

12:00 AM - 0.4 amd64 snap on FTP

We have a new snapshot uploading to the FTP server. It's the first snap in a year.  This snapshot is a little buggy, but does allow you to install MidnightBSD.

Please note there are many changes from 0.3-RELEASE:

1. Uses new midnightbsd partition types: mnbsd-ufs, mnbsd-boot, etc on GPT

2. ZFS is much newer than 0.3.  If you upgrade your pools, you can't use them with 0.3 anymore.

3. KMS with Intel Ivy Bridge graphics

4. Installer is completely different

5. hastd

6. updated mksh, BIND, tcsh, file, diff, binutils, mDNSResponder, libffi, openpam, openresolv, tnftp, tzcode, tzdata, wpa, xz, compiler_rt, sqlite3, ncurses, netcat, pf, traceroute, perl, openssh, openssl, less

7. updated from FreeBSD: make ipfw & ash, forth menus for the loader, bsdinstall, bsd sort, new USB stack, new cam based ATA, geom

8. llvm + clang

mport is the default package manager!

Major hardware support updates.. several wifi adapters, etc.

()

Wed, 20 Feb 2013

12:00 AM - New Magus run

Here's the latest run from magus.  Package count was just shy of 1800.  Many of these failures are related to Java ports.  I've made a change tonight to fix most of these.

 

238 0.4 amd64 active 2013-02-19 16:13:36

()

Tue, 19 Feb 2013

12:00 AM - Latest magus run results

We started up our package build cluster again.  A run was queued up on the 10th and run over the weekend on the new server hardware. The results are much better than I expected after such a long time without magus. 

ID OSVersion Arch Status Created  
237 0.4 amd64 active 2013-02-10 16:49:31

()

Thu, 31 Jan 2013

12:00 AM - 0.4-CURRENT progress

 There have been many updates in current lately.   BIND 9.8 is in progress.

Here's a brief changelog.

20130125:
        MKSH R41 imported

20130122:
        OpenSSH 5.8p2 imported

        SQLite 3.7.15.2 imported

        Fixed a longstanding bug in libmport extrating new index
files.
 


()

12:00 AM - MidnightBSD 0.3-RELEASE-p10

Fix a longstanding bug with libmport's return status. As this affects installation of ports, an update was applied to this branch. This is not a security update and not needed for pkg_tools.

()

Tue, 3 Jul 2012

12:00 AM - MidnightBSD 0.3-RELEASE-p9

  MidnightBSD 0.3-RELEASE-p9

Bind vulnerability related to resource records.  See CVE-2012-1667.


()

12:00 AM - 0.3-RELEASE-p8

MidnightBSD 0.3-RELEASE-p8

Fix a problem with cyrpt's DES
implementation when used with non 7-bit ascii passwords.


()

Thu, 31 May 2012

12:00 AM - 0.3-RELEASE-p7

MidnightBSD 0.3-RELEASE-p7 fixes a new security issue found in OpenSSL.  It is recommended for all users.  

0.4-CURRENT has also been updated.  

()

Thu, 3 May 2012

12:00 AM - MidnightBSD 0.3-RELEASE-p6

Several security issues have been addressed in OpenSSL in the latest security update for MidnightBSD.  0.3-RELEASE-p6 and 0.4-CURRENT have been patched to work around these issues.

 

OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0
records when operating as a client or a server that accept SSL 3.0
handshakes.  As a result, in each record, up to 15 bytes of uninitialized
memory may be sent, encrypted, to the SSL peer.  This could include
sensitive contents of previously freed memory. [CVE-2011-4576]

OpenSSL support for handshake restarts for server gated cryptograpy (SGC)
can be used in a denial-of-service attack. [CVE-2011-4619]

If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data.  This error can occur
on systems that parse untrusted ASN.1 data, such as X.509 certificates

or RSA public keys. [CVE-2012-2110] 

()

Sat, 24 Mar 2012

12:00 AM - New ZFS Documentation

I've created some basic ZFS documentation on the website.  This is in addition to some content on the wiki.  Anyone interested in using ZFS on MidnightBSD may wish to look at it as a starting point.  It doesn't replace the man pages though. 

tags: lorenzo gregg

()

Sun, 12 Feb 2012

12:00 AM - preinit, init and fini from ELF

rtld-elf modified to support preinit, init and fini arrays.  Obtained from: DragonFly.  This makes us BSD #2 with this feature.

()

Thu, 9 Feb 2012

12:00 AM - First magus run in months

This was a run queued up in November, so it's not that current.  As you can see from the results, we had a very poor run.  Some of the packages are no longer fetchable, and some of this is problems that were created in the mports environment but have since been fixed.  I plan to do a current run soon on the same hardware.  Still having problems with the amd64 runs and I'm looking into it.

 

233 0.4 i386 active 2011-11-10 15:21:10


 

()

Sat, 28 Jan 2012

12:00 AM - Output from the previous program

Here's some sample output from the previous program:


 MBR

3333812352d ad2

provider: 3333787264 ad2s1 r0w0e0

3330560128d ad8

provider: 3334536832 ad8s1 r0w0e0

3334457344d ad10

provider: 3334457088 ad10s1 r0w0e0

provider: 3334456832 ad10s2 r0w0e0

3334600960d ad14

provider: 3334600704 ad14s1 r5w5e5

provider: 3334600448 ad14s2 r0w0e0

provider: 3334600192 ad14s3 r0w0e0

3334599680d ar0

provider: 3334536064 ar0s1 r2w2e3

VFS

3335112064d ffs.ad14s1a

3337421568d ffs.ad14s1e

3334689408d ffs.ad14s1f

3334689024d ffs.ar0s1d

3337421184d ffs.ad14s1d

3334688128d ffs.ar0s1e

LABEL

3334596480d ad10s1

provider: 3334596352 ntfs/System Reserved r0w0e0

3334636288d ad14s3

provider: 3334636160 ntfs/BackupSegat r0w0e0

3334820992d ad8s1d

provider: 3334820864 ufsid/4b96b6328b08d595 r0w0e0

3334817280d ad14s2a

provider: 3334817152 ufsid/498431b32a15c897 r0w0e0

3334816000d ad14s2d

provider: 3334815872 ufsid/498431b7f20edba4 r0w0e0

3334691200d ad14s2e

provider: 3334691072 ufsid/498431b339c56ba6 r0w0e0

3334462208d ad14s2f

provider: 3334462080 ufsid/498431b3649da79d r0w0e0

BSD

3334599168d ad8s1

provider: 3334599040 ad8s1c r0w0e0

provider: 3334598784 ad8s1d r0w0e0

provider: 3334598272 ad8s1e r0w0e0

3334595328d ad14s1

provider: 3334595200 ad14s1a r1w1e1

provider: 3334594944 ad14s1b r1w1e0

provider: 3334594688 ad14s1c r0w0e0

provider: 3334456704 ad14s1d r1w1e1

provider: 3334456960 ad14s1e r1w1e1

provider: 3334596992 ad14s1f r1w1e1

3334691584d ad14s2

provider: 3334637696 ad14s2a r0w0e0

provider: 3334637440 ad14s2c r0w0e0

provider: 3334637184 ad14s2d r0w0e0

provider: 3334636928 ad14s2e r0w0e0

provider: 3334636672 ad14s2f r0w0e0

3334534912d ar0s1

provider: 3334635776 ar0s1c r0w0e0

provider: 3334822656 ar0s1d r1w1e1

provider: 3334822400 ar0s1e r1w1e1

PART

3334536192d ad10

provider: 3334601856 ad10p1 r0w0e0

provider: 3334601600 ad10p2 r0w0e0

3358966272d da0

provider: 3440290816 da0p1 r0w0e0

provider: 3350360320 da0p2 r0w0e0

provider: 3359112064 da0p3 r0w0e0

DEV

3333812992d ad2

3333786368d ad2s1

3331329152d acd0

3334457600d ad8

3334536576d ad9

3334536320d ad10

3334456576d ad14

3334599936d ar0

3334599424d ad8s1

3334597888d ad10p1

3334597376d ad10p2

3334638208d ad10s1

3334637952d ad10s2

3334535168d ad14s1

3334598016d ad14s2

3334638592d ad14s3

3334600576d ar0s1

3334822016d ad8s1c

3334821376d ad8s1d

3334820352d ad8s1e

3334819328d ntfs/System Reserved

3334818560d ad14s1a

3334534144d ad14s1b

3334533632d ad14s1c

3334937088d ad14s1d

3334817920d ad14s1e

3334634112d ad14s1f

3334633600d ad14s2a

3334816640d ad14s2c

3334462848d ad14s2d

3334692224d ad14s2e

3334637056d ad14s2f

3334633344d ntfs/BackupSegat

3334595712d ar0s1c

3334598144d ar0s1d

3334534656d ar0s1e

3334822784d ufsid/4b96b6328b08d595

3334822272d ufsid/498431b32a15c897

3334462464d ufsid/498431b7f20edba4

3334936192d ufsid/498431b339c56ba6

3335072256d ufsid/498431b3649da79d

3440312704d da0

3440383360d da0p1

3372503936d da0p2

3440380288d da0p3

DISK

3333813376d ad2

provider: 3333813248 ad2 r0w0e0

3334459776d ad8

provider: 3334459648 ad8 r0w0e0

3334459392d ad9

provider: 3334459008 ad9 r0w0e0

3334458752d ad10

provider: 3334458624 ad10 r0w0e0

3334458368d ad14

provider: 3334458240 ad14 r5w5e6

3334457984d ar0

provider: 3334457856 ar0 r2w2e4

3440305536d da0

provider: 3372510464 da0 r0w0e0

MD

SWAP

3334536448d swap

MBREXT

ACD

3333787008d acd0

provider: 3333786880 acd0 r0w0e0

FD

()

12:00 AM - Quick and Dirty GEOM print program

While debugging a GEOM related problem with a program, I ended up needing a way to print out data from what libgeom gets from the kernel.  Below is a quick and dirty dump program for just such a situation.  Compile it with 

gcc -std=c99 -lgeom prog.c -o prog 

 

#include <stdio.h>

#include <string.h>

#include <stdlib.h>

#include <libgeom.h>

#include <stdint.h>

 

void read_geom_mesh(struct gmesh *mesh);

 

void

read_geom_mesh(struct gmesh *mesh)

{

        struct gclass *classp;

        struct ggeom *gp;

struct gprovider *provider;

 

        /*

         * Build the device table. First add all disks (and CDs).

         */

 

        LIST_FOREACH(classp, &mesh->lg_class, lg_class) {

puts(classp->lg_name);

 

LIST_FOREACH(gp, &classp->lg_geom, lg_geom) {

printf(" %ud %s ", gp->lg_id, gp->lg_name);

LIST_FOREACH(provider, &gp->lg_provider, lg_provider) {

printf(" provider: %u %s %s ", provider->lg_id, provider->lg_name, provider->lg_mode);

}

}

        }

}

 

 

int main(int argc, char *argv[]) {

int error;

        struct gmesh mesh;

error = geom_gettree(&mesh);

 

if (error == 0)

               read_geom_mesh(&mesh);

 

return 0;

tags: geom debug

()

Wed, 11 Jan 2012

12:00 AM - Installer work

  Work is processing on the MidnightBSD installer for 0.4-CURRENT.  As soon as it's working, I'll post a new snap.  It's been awhile.

()