MidnightBSD Developer Journal

Just an FYI, buildworld and buildkernel are working again. I'm running both on the servers. The OpenSSH update appears to have worked fine.

dmesg
Copyright (c) 2006 The MidnightBSD Project.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
MidnightBSD 0.1-PRERELEASE #0: Mon Oct 9 01:27:25 EDT 2006
laffer1@stargazer.midnightbsd.org:/usr/obj/usr/src/sys/SMP
ACPI APIC Table:
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(TM) CPU 2.00GHz (1993.58-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf27 Stepping = 7
Features=0xbfebfbff
Features2=0x4400>
Hyperthreading: 2 logical CPUs
real memory = 1073172480 (1023 MB)
avail memory = 1041076224 (992 MB)
ioapic0: Changing APIC ID to 8
ioapic1: Changing APIC ID to 9
ioapic2: Changing APIC ID to 10
ioapic0 irqs 0-23 on motherboard
ioapic1 irqs 24-47 on motherboard
ioapic2 irqs 48-71 on motherboard
kbd1 at kbdmux0
npx0: [FAST]
npx0: $on\; motherboard$
npx0: INT 16 interface
acpi0: on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0: on acpi0
acpi_button0: on acpi0
pcib0: port 0xcf8-0xcff on acpi0
pci0: on pcib0
pcib1: mem 0xc0000000-0xcfffffff at device 1.0 on pci0
pci1: on pcib1
pci1: at device 0.0 (no driver attached)
pci1: at device 0.1 (no driver attached)
pcib2: at device 2.0 on pci0
pci2: on pcib2
pci2: at device 28.0 (no driver attached)
pcib3: at device 29.0 on pci2
pci3: on pcib3
em0: port 0xdcc0-0xdcff mem 0xff6e0000-0xff6fffff irq 24 at device 14.0 on pci3
em0: Ethernet address: 00:0d:56:f1:ab:2e
em0: [FAST]
pci2: at device 30.0 (no driver attached)
pcib4: at device 31.0 on pci2
pci4: on pcib4
mpt0: port 0xcc00-0xccff mem 0xff4e0000-0xff4fffff,0xff4c0000-0xff4dffff irq 50 at device 14.0 on pci4
mpt0: [GIANT-LOCKED]
mpt0: MPI Version=1.2.9.0
mpt0: Unhandled Event Notify Frame. Event 0xa.
mpt0: mpt_wait_req timed out
mpt0: read_cfg_header timed out
uhci0: port 0xff80-0xff9f irq 16 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
usb0: on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: port 0xff60-0xff7f irq 19 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
usb1: on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2: port 0xff40-0xff5f irq 18 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
usb2: on uhci2
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0: mem 0xffa20000-0xffa203ff irq 23 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb0 usb1 usb2
usb3: on ehci0
usb3: USB revision 2.0
uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
pcib5: at device 30.0 on pci0
pci5: on pcib5
fwohci0: mem 0xff0ff800-0xff0fffff,0xff0f8000-0xff0fbfff irq 20 at device 12.0 on pci5
fwohci0: OHCI version 1.10 (ROM=0)
fwohci0: No. of Isochronous channels is 4.
fwohci0: EUI64 86:ff:ff:ff:ff:ff:ff:00
fwohci0: Phy 1394a available S400, 2 ports.
fwohci0: Link S400, max_rec 2048 bytes.
firewire0: on fwohci0
fwe0: on firewire0
if_fwe0: Fake Ethernet address: 86:ff:ff:ff:ff:00
fwe0: Ethernet address: 86:ff:ff:ff:ff:00
fwe0: if_start running deferred for Giant
sbp0: on firewire0
fwohci0: Initiate bus reset
fwohci0: node_id=0xc800ffc0, gen=1, CYCLEMASTER mode
firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
firewire0: bus manager 0 (me)
isab0: at device 31.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0
ata0: on atapci0
ata1: on atapci0
pci0: at device 31.3 (no driver attached)
fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: port 0x60,0x64 irq 1 on acpi0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse Explorer, device ID 4
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A, console
pmtimer0 on isa0
orm0: at iomem 0xc0000-0xcbfff,0xcc000-0xcffff,0xe0000-0xe17ff,0xe1800-0xe3fff on isa0
ppc0: parallel port not found.
sc0: at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1993577736 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 76293MB at ata0-master UDMA100
acd0: CDRW at ata1-master UDMA33
Waiting 5 seconds for SCSI devices to settle
da0 at mpt0 bus 0 target 0 lun 0
da0: Fixed Direct Access SCSI-3 device
da0: 80.000MB/s transfers (40.000MHz, offset 63, 16bit), Tagged Queueing Enabled
da0: 70007MB (143374738 512 byte sectors: 255H 63S/T 8924C)
Trying to mount root from ufs:/dev/ad0s1a
em0: link state changed to UP

The kernel is compiling again in src. I'm testing it so i don't know how stable it is yet.

dmesg
Copyright (c) 2006 The MidnightBSD Project.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
MidnightBSD 0.1-PRERELEASE #2: Thu Oct 12 14:55:44 EDT 2006
laffer1@enterprise.midnightbsd.org:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium III/Pentium III Xeon/Celeron (546.33-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x673 Stepping = 3
Features=0x383fbff
real memory = 536862720 (511 MB)
avail memory = 515997696 (492 MB)
ACPI APIC Table:
ioapic0: Changing APIC ID to 1
ioapic0 irqs 0-23 on motherboard
kbd1 at kbdmux0
npx0: [FAST]
npx0: $on\; motherboard$
npx0: INT 16 interface
acpi0: on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0: on acpi0
pcib0: port 0xcf8-0xcff on acpi0
pci0: on pcib0
agp0: mem 0xf0000000-0xf3ffffff at device 0.0 on pci0
pcib1: at device 1.0 on pci0
pci1: on pcib1
pci1: at device 0.0 (no driver attached)
pcib2: at device 2.0 on pci0
pci2: on pcib2
ahc0: port 0xec00-0xecff mem 0xf9fff000-0xf9ffffff irq 16 at device 6.0 on pci2
ahc0: [GIANT-LOCKED]
aic7860: Ultra Single Channel A, SCSI Id=7, 3/253 SCBs
isab0: at device 7.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 7.1 on pci0
ata0: on atapci0
ata1: on atapci0
uhci0: at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: at device 7.3 (no driver attached)
ahc1: port 0xdc00-0xdcff mem 0xfe000000-0xfe000fff irq 20 at device 8.0 on pci0
ahc1: [GIANT-LOCKED]
aic7890/91: Ultra2 Wide Channel A, SCSI Id=7, 32/253 SCBs
vge0: port 0xd800-0xd8ff mem 0xfe001000-0xfe0010ff irq 21 at device 10.0 on pci0
miibus0: on vge0
ciphy0: on miibus0
ciphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
vge0: Ethernet address: 10:00:60:50:01:1a
fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: port 0x60,0x64 irq 1 on acpi0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse, device ID 3
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 8250 or not responding
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
pmtimer0 on isa0
orm0: at iomem 0xc0000-0xc7fff,0xc8000-0xcd7ff,0xcd800-0xcdfff on isa0
ppc0: parallel port not found.
sc0: at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 546330083 Hz quality 800
Timecounters tick every 1.000 msec
Waiting 5 seconds for SCSI devices to settle
ses0 at ahc1 bus 0 target 6 lun 0
ses0: Fixed Processor SCSI-2 device
ses0: 3.300MB/s transfers
ses0: SAF-TE Compliant Device
da0 at ahc1 bus 0 target 0 lun 0
da0: Fixed Direct Access SCSI-3 device
da0: 40.000MB/s transfers (20.000MHz, offset 31, 16bit), Tagged Queueing Enabled
da0: 17366MB (35566499 512 byte sectors: 255H 63S/T 2213C)
da1 at ahc1 bus 0 target 2 lun 0
da1: Fixed Direct Access SCSI-3 device
da1: 40.000MB/s transfers (20.000MHz, offset 31, 16bit), Tagged Queueing Enabled
da1: 17366MB (35566499 512 byte sectors: 255H 63S/T 2213C)
cd0 at ahc0 bus 0 target 5 lun 0
cd0: Removable CD-ROM SCSI-2 device
cd0: 20.000MB/s transfers (20.000MHz, offset 15)
cd0: Attempt to query device size failed: NOT READY, Medium not present
Trying to mount root from ufs:/dev/da0s1a
vge0: link state changed to UP

Today i've continued work on restoring the source tree. I just did some minor changes to the website including removing the bit torrent link and sending people to the ftp server. I'll fix the www and torrent links when we do a release. Its just easier for snaps to leave it like this for now. I also placed a link to the forum on the first page. Some people have had trouble finding it.

Not to sound like an MSDN newsletter, but its snowing here!

The 4.4p1 import is complete, however the tree is still not compiling.  Over the weekend, we switched server hardware and the old system was very flaky.  It appears a few files were damaged on the cvs server.  We are gradually fixing or replacing the files, but it appears a few makefiles were damaged and they are fun to hunt down. 

The website was down due to a hardware swap out.  I replaced the existing "server" with my workstation.  The old system was an amd sempron 2300+ with 768mb ram, 80gb ide, 2x 80gb sata raid 1.  The new setup is a Dell Precision 650 workstation with 2 intel xeon 2.0Ghz processors, the above mentioned IDE disk and a 76GB seagate U160 scsi disk.  The sata raid was very unstable on the msi board.  I suspect the nforce2 sata raid controller was a bit flaky.  Regardless, the precision has been used to build releases up to this point so its fairly stable. 

The upside is that my new system is a Pentium D 805 so I will be able to support AMD64/EMT64 releases in the future. 

I've made a few minor changes to the boot/loader code this morning. The changes should fix problems with some HP/Compaq computers and the general size of the boot2 code should be a bit smaller.

I also looked at the report about the boot menu specifying FreeBSD. I could easily change the code to simply print BSD as it does for all other BSD systems. I'll hold off on that change until the other boot changes are verified.

On the topic of OpenSSH, raven has been delayed finishing the work.

I've also researched the dri/drm reports a bit. Our dri code matches the code in FBSD 6.1 Release. There have been recent commits to fix a few things, notably the intel 945 chipset. I may look at importing those later. Until we get a newer xorg version in ports, it won't make much difference.

The timezone issue should be resolved with the installer and while running tzsetup.

TODO: remove some of the alpha code in boot, etc. Consider importing bzip2 changes for boot when they are finished. Look into upgrading xorg to 7.x.

The problem with the installer is related to an error reading /usr/share/zoneinfo/zone.tab with the tzsetup command. The installer actually calls that program to setup timezones during install. It is the source of the reported problem.

To install MidnightBSD using ftp, download the bootonly.iso (~22MB) and use that to boot your system.  You can burn it or if using a virtualization technology simply mount the iso.

Proceed with a standard install.  Partition your disk and select a boot loader on the next screen. 

When asked for media, specify ftp and then pick a custom ftp server.  Use this as the ftp server:
ftp://ftp.midnightbsd.org/pub/MidnightBSD/snapshots/0.1-061001-SNAP/ftp

This will allow you to do a minimal install.   It maybe possible to use the mirror as well.  Downloading the full install iso from the mirror will most likely be faster.  Do not try to install ports or x11 from an ftp install.

A great number of ports were added today. java ports are now abundant including freebsd jdk (binary) and linux-sun-jdk* as well as jedit, bluej, and various libraries.

We are getting closer to an openoffice build. There is one remaining dependancy that must be commited before we can do a test build. (version 1.1) I'm hoping it works as planned. With java in ports, we have a good chance now of getting it to work.

ORBit was added today and I'm working on GCC 3.3 (needed for openoffice). linux-realplayer was added to multimedia and although that category is a bit lacking, we should have basics covered. We'll look at getting mplayer and xine to work later.

I'm hoping I can add tomcat soon as that would give us a java development environment for writing web applications which I would personally find quite useful.

If there are ports that you think are needed for a desktop system, please e-mail me or post on the MidnightBSD forum (http://forums.midnightbsd.org/)

Yesterday, a number of useful ports were added. MySQL 5.0, qemu, wine, sdl 1.2, bind 9, and bochs were added to mports.

The OpenSSH port is still in progress. A large number of changes need to be manually merged with this release. Raven is working on the problem.

This week, we've gained a commiter and two more have asked to join the project. Presuming the OpenSSH problem is resolved soon, we should be able to build a beta this weekend. I'm testing the last snapshot today. Others have reported successful installs with disk1 iso.

The OpenSSH 4.4p1 update is in progress and as such head is most likely not compiling safely. I'll post a new entry when its safe.

A number of security issues were found in OpenSSL. The patch was added to MidnightBSD tonight to fix these issues. It is not included in the recent snapshot. Users are encouraged to update their source and rebuild the world. OpenSSH has not been patched yet.


Here is the advisory as posted on the OpenSSL website:

OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security
issues.


ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)
==============================================================

Vulnerability
-------------

Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC
(www.niscc.gov.uk). When the test suite was run against OpenSSL two
denial of service vulnerabilities were discovered:

1. During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)

2. Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources
is affected. This includes SSL servers which enable client
authentication and S/MIME applications.

Acknowledgements
----------------

The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC
for funding the ASN.1 test suite project.


SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)
========================================================

Vulnerability
-------------

A buffer overflow was discovered in the SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer
(CVE-2006-3738).

Acknowledgements
----------------

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.


SSLv2 Client Crash (CVE-2006-4343)
==================================

Vulnerability
-------------

A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a malicious
server, that server could cause the client to crash (CVE-2006-4343).

Acknowledgements
----------------

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.


Recommendations
===============

These vulnerabilities are resolved in the following versions of OpenSSL:

- in the 0.9.7 branch, version 0.9.7l (or later);
- in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under http://www.openssl.org/source/mirror.html):

o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically
linked to OpenSSL libraries and restart all applications that use
OpenSSL.


References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20060928.txt

A new snapshot was posted. This version includes the recent zlib update, changes to ports including mports compatibility, and src changes up through this evening.

zlib 1.2.3 was imported and patched tonight.

A goal was set to release a beta version this weekend of 0.1 release. We do not feel that we are ready for this beta release. There are a few issues with the new ports sytem that we'd like to resolve.

The OpenSSL and OpenSSH security updates have not been applied to the base. Beware of this issue. Archite is working on the patches.

rsync and netcat were added to mports this weekend.

Changes have been made to GENERIC. 486 support has been removed. The current installer requires a large amount of RAM for 486 machines and the decision was made to remove support. We hope to improve the memory footprint on lowend hardware, but considering we are moving on with GNUstep and xorg will be running it doesn't make sense to continue supporting 486 processors. We hope to shrink the size of our default kernel by removing some options that can be handled with modules or are not needed by most users. Support for RIO mp3 players has been commented out in the configuration as well.

mports index building has been fixed. The make fetchindex target was pointed at the MidnightBSD website and we will start building indexes soon for inclusion there.

I've been unable to recreate the problem with the em driver on the dell gx260.  Using a managed switch, I was able to set the port speed at various settings up to gigabit without causing a panic at startup.

The next step will be to get the user to compile a kernel with debug options.  There could be a specific issue with certain intel NIC revisions or just with that card.  Since the user said it works in other operating systems and with freebsd 6.0, it is most likely an issue with certain revisions and this driver. 

It appears my Ultra 10 3d creator died. I am no longer able to test Sparc64 versions of MidnightBSD. I'm still attempting to fix this, but it doesn't look good.

A few people have been curious as to the number of ports we have in mports.  We currently have over 260 ports in mports known to work on x86. 

Archite has been working on pkg_add and building packages for our ftp server.  Soon you'll be able to add mbsd packages instead of compiling all ports by hand.

analog, links1, html tidy, imlib,  x11/slim, x11/wdm, gtkmm (in various versions), gnustep based easydiff, timemon, renaissance, grouch, net/netclasses,  gnustep-examples and stepulator have been added recently to ports.

linux-thunderbird and linux-firefox-devel were updated.  This should resolve some security concerns. 

We've been mostly focusing on adding ports requested by users and ports needed for our upcomming beta release.  We are hoping to have a beta release built this weekend.  0.1-beta1 or something along those lines will be used for the release.  We hope to ship a 0.1 release this year and possible a .2 release around Christmas.  This first release has had quite a few changes in some areas.  We had hoped to do more with userland and the kernel but getting ports going has been quite time consuming.  We need a reasonable snapshot of our development to continue.  Creating a release will also allow users to do ftp installs and make it easier for developers to try out the system on a known stable version. 

While we still don't have a clear roadmap posted yet, here's a rough idea of what we hope to include in 0.2-release.

1. additional changes to ports based on feedback from 0.1 release
2. documentation.  Installation directions and directions for common tasks like grabbing ports, etc.
3. imports of newer binutils and gcc  (3.4.6 most likely) 
4. Consider updating software from the OpenBSD project after their 4.0 release including OpenSSH, OpenNTPD and so forth. 
5. Better integration with GNUstep. 
6 ... TBD

Peding issues for 0.1 beta include
1. installer fixes
2. adjusting make release procedure to handle mports and doc builds. 
3. snapshot builds.  We'd like to do one more snapshot and test installation before doing the first beta build.

known bugs:
The em driver issue has not yet been resolved.  Further testing is required to diagnose the problem, although its possibly access to certain datastructures outside a lock when trying to create a link.

The installer only works using the "minimal" install option.  We hope to fix this before the beta is released.