MidnightBSD Developer Journal

To install MidnightBSD using ftp, download the bootonly.iso (~22MB) and use that to boot your system.  You can burn it or if using a virtualization technology simply mount the iso.

Proceed with a standard install.  Partition your disk and select a boot loader on the next screen. 

When asked for media, specify ftp and then pick a custom ftp server.  Use this as the ftp server:
ftp://ftp.midnightbsd.org/pub/MidnightBSD/snapshots/0.1-061001-SNAP/ftp

This will allow you to do a minimal install.   It maybe possible to use the mirror as well.  Downloading the full install iso from the mirror will most likely be faster.  Do not try to install ports or x11 from an ftp install.

A great number of ports were added today. java ports are now abundant including freebsd jdk (binary) and linux-sun-jdk* as well as jedit, bluej, and various libraries.

We are getting closer to an openoffice build. There is one remaining dependancy that must be commited before we can do a test build. (version 1.1) I'm hoping it works as planned. With java in ports, we have a good chance now of getting it to work.

ORBit was added today and I'm working on GCC 3.3 (needed for openoffice). linux-realplayer was added to multimedia and although that category is a bit lacking, we should have basics covered. We'll look at getting mplayer and xine to work later.

I'm hoping I can add tomcat soon as that would give us a java development environment for writing web applications which I would personally find quite useful.

If there are ports that you think are needed for a desktop system, please e-mail me or post on the MidnightBSD forum (http://forums.midnightbsd.org/)

Yesterday, a number of useful ports were added. MySQL 5.0, qemu, wine, sdl 1.2, bind 9, and bochs were added to mports.

The OpenSSH port is still in progress. A large number of changes need to be manually merged with this release. Raven is working on the problem.

This week, we've gained a commiter and two more have asked to join the project. Presuming the OpenSSH problem is resolved soon, we should be able to build a beta this weekend. I'm testing the last snapshot today. Others have reported successful installs with disk1 iso.

The OpenSSH 4.4p1 update is in progress and as such head is most likely not compiling safely. I'll post a new entry when its safe.

A number of security issues were found in OpenSSL. The patch was added to MidnightBSD tonight to fix these issues. It is not included in the recent snapshot. Users are encouraged to update their source and rebuild the world. OpenSSH has not been patched yet.


Here is the advisory as posted on the OpenSSL website:

OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security
issues.


ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)
==============================================================

Vulnerability
-------------

Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC
(www.niscc.gov.uk). When the test suite was run against OpenSSL two
denial of service vulnerabilities were discovered:

1. During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)

2. Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources
is affected. This includes SSL servers which enable client
authentication and S/MIME applications.

Acknowledgements
----------------

The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC
for funding the ASN.1 test suite project.


SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)
========================================================

Vulnerability
-------------

A buffer overflow was discovered in the SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer
(CVE-2006-3738).

Acknowledgements
----------------

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.


SSLv2 Client Crash (CVE-2006-4343)
==================================

Vulnerability
-------------

A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a malicious
server, that server could cause the client to crash (CVE-2006-4343).

Acknowledgements
----------------

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.


Recommendations
===============

These vulnerabilities are resolved in the following versions of OpenSSL:

- in the 0.9.7 branch, version 0.9.7l (or later);
- in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under http://www.openssl.org/source/mirror.html):

o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically
linked to OpenSSL libraries and restart all applications that use
OpenSSL.


References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20060928.txt

A new snapshot was posted. This version includes the recent zlib update, changes to ports including mports compatibility, and src changes up through this evening.

zlib 1.2.3 was imported and patched tonight.

A goal was set to release a beta version this weekend of 0.1 release. We do not feel that we are ready for this beta release. There are a few issues with the new ports sytem that we'd like to resolve.

The OpenSSL and OpenSSH security updates have not been applied to the base. Beware of this issue. Archite is working on the patches.

rsync and netcat were added to mports this weekend.

Changes have been made to GENERIC. 486 support has been removed. The current installer requires a large amount of RAM for 486 machines and the decision was made to remove support. We hope to improve the memory footprint on lowend hardware, but considering we are moving on with GNUstep and xorg will be running it doesn't make sense to continue supporting 486 processors. We hope to shrink the size of our default kernel by removing some options that can be handled with modules or are not needed by most users. Support for RIO mp3 players has been commented out in the configuration as well.

mports index building has been fixed. The make fetchindex target was pointed at the MidnightBSD website and we will start building indexes soon for inclusion there.

I've been unable to recreate the problem with the em driver on the dell gx260.  Using a managed switch, I was able to set the port speed at various settings up to gigabit without causing a panic at startup.

The next step will be to get the user to compile a kernel with debug options.  There could be a specific issue with certain intel NIC revisions or just with that card.  Since the user said it works in other operating systems and with freebsd 6.0, it is most likely an issue with certain revisions and this driver. 

It appears my Ultra 10 3d creator died. I am no longer able to test Sparc64 versions of MidnightBSD. I'm still attempting to fix this, but it doesn't look good.

A few people have been curious as to the number of ports we have in mports.  We currently have over 260 ports in mports known to work on x86. 

Archite has been working on pkg_add and building packages for our ftp server.  Soon you'll be able to add mbsd packages instead of compiling all ports by hand.

analog, links1, html tidy, imlib,  x11/slim, x11/wdm, gtkmm (in various versions), gnustep based easydiff, timemon, renaissance, grouch, net/netclasses,  gnustep-examples and stepulator have been added recently to ports.

linux-thunderbird and linux-firefox-devel were updated.  This should resolve some security concerns. 

We've been mostly focusing on adding ports requested by users and ports needed for our upcomming beta release.  We are hoping to have a beta release built this weekend.  0.1-beta1 or something along those lines will be used for the release.  We hope to ship a 0.1 release this year and possible a .2 release around Christmas.  This first release has had quite a few changes in some areas.  We had hoped to do more with userland and the kernel but getting ports going has been quite time consuming.  We need a reasonable snapshot of our development to continue.  Creating a release will also allow users to do ftp installs and make it easier for developers to try out the system on a known stable version. 

While we still don't have a clear roadmap posted yet, here's a rough idea of what we hope to include in 0.2-release.

1. additional changes to ports based on feedback from 0.1 release
2. documentation.  Installation directions and directions for common tasks like grabbing ports, etc.
3. imports of newer binutils and gcc  (3.4.6 most likely) 
4. Consider updating software from the OpenBSD project after their 4.0 release including OpenSSH, OpenNTPD and so forth. 
5. Better integration with GNUstep. 
6 ... TBD

Peding issues for 0.1 beta include
1. installer fixes
2. adjusting make release procedure to handle mports and doc builds. 
3. snapshot builds.  We'd like to do one more snapshot and test installation before doing the first beta build.

known bugs:
The em driver issue has not yet been resolved.  Further testing is required to diagnose the problem, although its possibly access to certain datastructures outside a lock when trying to create a link.

The installer only works using the "minimal" install option.  We hope to fix this before the beta is released.

It just occured to me there are no email or text editor programs in ports.  I'm in the process of commiting some.  vim, pico and emacs are in ports.  Xaw3d is having a bit of trouble which is required for X11 emacs support. 

I've added linux-mozilla to mports tonight.  Like always, it needs testing.  I've commited so many ports today.  Its possible I forgot one.

mports/www/linux-mozilla and mports/www/linux-seamonkey were added in addition to opera, links and lynx.  We now have four web browsers to choose from.  Native firefox and thunderbird are still a must. 

Today we've got most of gnustep working. Terminal.app was added and is working. linux_base-fc4 was added a few minutes ago. Linux compatiblity seems to be working. We added linux compatibility in an attempt to get linux-mozilla working. We've had a few problems with the mozilla and firefox ports (native). I'll work on this more later.

The opera port was fixed. You can now install opera along with compat4x and compat5x (freebsd).

Our ports are starting to get useful. A few categories only have one port in them, but the total number of ports is growing by 5-10 a day right now.

In order to use mports, remember you still need to edit one mk file after you checkout mports from cvs. Any time you installworld that fille could be overwritten. We will commit that change soon.

pkg_add -r was changed to our server. Anyone building a new world from this point forward will hit our ftp and our packages. We have not setup the latest symlinks yet so it will fail as of today. Almost every port can be built as a package.

There have been a few kernel and userland changes in the last 24 hours. df had some POSIX conformance corrections. Our nfs client and syscons have been patched for various issues.

The em issues have not been resolved yet.

Broken Ports: opera (needs install.sh fix, compat4x port added/depends) I did manage to get it running locally.

I've commited a few src patches today. df and the nfsclient need testing. syscons had a patch that may effect usb keyboard attachment. It may also fix a problem on newer Sun machines with usb keyboards. I'm going to test the syscons patch locally and then commit it tomorrow if its ok.

On my local system, I've managed to install xorg + windowmaker tonight. With the above hacks, opera is running.

I'm too tired to test GNUstep right now. I'll do it tomorrow. I'll also try to fix the opera port as we need a gui browser until firefox is working well. Besides, some people prefer opera.

well ghostscript-gnu is a dependency that is not compiling properly on my box. After fiddling with the makefile I got it to a point its having trouble finding the jpeg libarry which is installed. I'll look at this later. Archite or wintellect could always commit a working version :)

Either way, we are much closer to gnustep support. I technically commited the gnustep port but its not guaranteed to work yet. Certainly, it will not work with gnustep-xdps right now.

I know there is great anticipation for a GNUstep package or at least a working port. I've been working on dependancies tonight.

textproc/aspell, german/aspell, audio/libaudiofile, security/gnutls, print/cups-base, x11-tookits/gnustep-art, and x11-toolkits/cairo have been added.

I've received mixed feedback on the new site design. It may change again. I've had someone approach me with 3 logo designs that I am curently considering. If I chose the, the existing site would not fit entirely.

As for the 404 issues, I'm aware of them. A problem with em was found the same night I was working on the website. I decided em and GNUstep are more important right now. I will try to fix the site when I get more free time.

If someone would like to volunteer to work on the website I'd be quite interested.

Some progress was made on GNUstep yesterdeay. gnustep-make, gnustep-base and gnustep-objc are working. I've got gnustep-back compiling but there are a few optional dependancies i'd like to get fixed and more testing needs to be done. Its possible that we may have a working GNUstep environment by Monday. I've done my testing on a system with a wiped /usr/local and /usr/X11R6. I'd like to do a fresh install and test the ports soon to verify they are 100% ok.

I looked at apache 2.2 and determined we need to get Python working for the port. There are more serious issues with python so it may be awhile. While we are a desktop project, many people do test web apps on their own machines, etc. I also want to be able to run on MidnightBSD.

Several window managers are available now. I added windowmaker yesterday.

Finally, we hope to test etoile after the GNUstep issues are sorted out.