September 27, 2020

MidnightBSD 1.2 releases: free Unix-like, based on FreeBSD

3 min read

MidnightBSD is a desktop operating system derived from FreeBSD. Unlike other BSD-based operating systems, which focus on ease of use, it provides common software for application scenarios such as word processing, web browsing, gaming, and mail, which is sufficient for everyday tasks.

MidnightBSD

One of the key goals of the MidnightBSD project is to create an easy-to-use desktop environment that includes graphical ports management and system configuration using GNUstep. The vast majority of operating systems will retain BSD licenses. Some packages use other licenses, such as X.org, GCC, and GNUstep.

MidnightBSD comes from the FreeBSD 6.1 beta release. With the fork, MidnightBSD has undergone a custom and integrated environment, including ports and system configuration. The project hopes to attract beginners as well as more experienced BSD users. MidnightBSD is actively being developed; through this project, its team wants to focus on desktop user optimization and usability improvements.

Lucas Holt announced the release of Midnight 1.2 on the project’s mailing list. This version supports the i386 and AMD64 architectures.

Changelog v1.2

Bug Fixes

Fixed spell(1) by bringing back deroff(1).

Fixed a bug with the mdnsd startup script (/etc/rc.d/mdnsd) where it wouldn’t modify the /etc/nsswitch.conf properly when enabling mDNSresponder.

Security fixes

The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat’s data buffer.

System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file.

Security patch for CVE-2019-5611.
Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller.

Fix some buffer overflows in telnet client
The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory.
Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes.

3rd party software

  • OpenSSH 7.9p1
  • bzip2 1.0.7

bsnmp bug fix – A function extracting the length from type-length-value encoding is not properly validating the submitted length.

Hardware

jedec_dimm – some modules falsely report supporting temp sensors. Handle this better.

Some work was also completed on the USB stack.

  • add some quirks for sandisk sdcz48_32 ultra 32gb, ploytec spl crimson rev 1, edirol ua-25ex
  • Fix for reception of large full speed isochronous frames via the transaction translator.
  • In xhci(4) there is no stream ID in the completion TRB. instead interate all the stream idds in stream mode to find the matching USB transfer.
  • Fix a lost completion event issue towards libusb(3).
  • Reduce timeout for reading the USB HUB port status to 1000ms and try to filter out dead USB HUB devices by implemention of an error counter.

Mport Package Manager

Several bug fixes to existing SQL queries were done in this release. It should improve lookups of packages when searching or installing updates. Error handling improvements were also done.

Some bug fixes around absolute paths should improve installation when plists contain absoluate paths.

You may choose an alternate package mirror location by setting the configuration after install.

Lookup current setting: mport config get mirror_region

Set the a new mirror location: mport config set mirror_region jp

Download