Releases: MidnightBSD/src
4.0.4
This release includes security fixes, amd cppc driver and a new age attestation daemon.
aged(8) and agectl(8) programs added. aged will run at startup unless it is disabled in /etc/rc.conf.
If you live in a jurisdiction that does not have any age verification/attestation laws, you may turn it off with sysrc aged_enable=NO
adduser changed to ask for age when creating new accounts.
mport package manager now checks the user's age bracket when installing packages (which should always been root) and sets negative ACLs to block apps running for users under the age range of any mports. Currently, NOTHING is rated in mports.
To set age 15 on a user account:
doas agectl -a 15 myuser
You may also use date of birth if you prefer
agectl -b 2006-02-28 myacct
By default, the root account assumes it's run as a user 18+. Parents should manage PCs in jurisdictions requiring this functionality for it to work as intended. You can change the age of the root account.
Application developers needing to check for the signal can do so in 3 ways:
run agectl without arguments as the user. (for shell scripts, etc)
use the new functions in libutil
int * agev_get_age_bracket(const char *username);
int agev_set_age(const char *username, int age);Directly communicate with the aged(8) socket. (not recommended)
Security fix:
Remote code execution via RPCSEC_GSS packet validation
Each RPCSEC_GSS data packet is validated by a routine which checks a signature
in the packet. This routine copies a portion of the packet into a stack buffer,
but fails to ensure that the buffer is sufficiently large, and a malicious
client can trigger a stack overflow. Notably, this does not require the client
to authenticate itself first.
New feature:
Add the amd-cppc driver implementation from Rob Augustinus. https://github.com/raugustinus/freebsd-amd-cppc/
Improves power management on recent Ryzen CPUs.
Full Changelog: 4.0.3...4.0.4
4.0.3
Fix two security vulnerabilities.
The rtsock_msg_buffer() function serializes routing information into a buffer.
As a part of this, it copies sockaddr structures into a sockaddr_storage
structure on the stack. It assumes that the source sockaddr length field had
already been validated, but this is not necessarily the case, and it's possible
for a malicious userspace program to craft a request which triggers a 127-byte
overflow.
In practice, this overflow immediately overwrites the canary for the
rtsock_msg_buffer() stack frame, resulting in a panic once the function
returns.
Obtained from: FreeBSD
jail security fix -
If two sibling jails are restricted to separate filesystem trees, which is to
say that neither of the two jail root directories is an ancestor of the other,
jailed processes may nonetheless be able to access a shared directory via a
nullfs mount, if the administrator has configured one.
In this case, cooperating processes in the two jails may establish a connection
using a unix domain socket and exchange directory descriptors with each other.
When performing a filesystem name lookup, at each step of the lookup, the
kernel checks whether the lookup would descend below the jail root of the
current process. If the jail root directory is not encountered, the lookup
continues.
Obtained from: FreeBSD
Full Changelog: 4.0.2...4.0.3
4.0.2
There are a number of security updates in this release, including expat 2.7.3, sqlite3 3.46.0, xz 5.8.2, and a timezone update, tzdata2025c. mport package manager was updated to 2.7.5.
There was a permission change for devfs entry used by gnome system monitor to make it work out of the box.
Additionally, the boot loader code was modified to display an image on the boot screen.
Full Changelog: 4.0.1...4.0.2
4.0.1
What's Changed
- Re-added diff3 to base system.
- Updated [December 2025 list of pci vendors)
- unbound 1.24.1
- bugfix for elfctl
- add more tests and directories for them
Fix two security issues:
ipfw - In some cases, the tcp-setmss handler may free the packet data and throw an
error without halting the rule processing engine. A subsequent rule can then
allow the traffic after the packet data is gone, resulting in a NULL pointer
dereference.
The rtsol(8) and rtsold(8) programs do not validate the domain search list
options provided in router advertisement messages; the option body is passed
to resolvconf(8) unmodified.
Full Changelog: https://github.com/MidnightBSD/src/commits/4.0.1
4.0.0
I’m happy to announce the availability of MidnightBSD 4.0 for amd64 and i386.
This release included updates to third-party libraries, bug fixes from the 3.2 release, and security updates. Many third-party libraries were updated and this may cause some compatibility issues with old mports or packages.
The release also includes a large number of improvements from FreeBSD 13.x.
mports and Ravenports are both available on amd64 for packages.
Upgrade Process
Install git if you don’t have it already
mport install git
Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)
git clone -b stable/4.0 https://github.com/MidnightBSD/src.git
cd /usr/src; make -j4 clean buildworld buildkernel;
choose one of etcupdate or mergemaster -p
make installkernel
reboot
(if it works OK, login and go to /usr/src)
make installworld
choose one of etcupdate or mergemaster -iU
Update installed mports/packages
For mport package manager, run mport index
mport clean
mport upgrade
Remove old libraries and programs from the base.
cd /usr/src/; make check-old; make delete-old; make delete-old-libs; make installworld;
Bug Fixes and new features
Mport package manager
Updated mport to 2.7.3
Improves handling of color on the terminal. Fix some bugs with the mport add command, which resulted in segmentation faults.
Migrate rc.d start/stop to posix_spawn rather than using system
Added new functionality to mport verify:
You can check a single port now with mport verify
You can repair checksums now on a port. mport verify -r This often indicates a security issue, modified files after installation by the user, or a problem with mport package manager where an install was damaged.
Fixed build issues with newer LLVM versions.
Change the behavior of mport_install to include dependencies. make a new function mport_install_single to keep the old behavior for users. switch upgrade over to it.
Attempt to detect packages that have the same origin for upgrades.
The last one needs more refinement in future releases. When you do mport list updates now, it may show you updates are available but if you run mport update it will fail for some. The reason is that it now figures out that we don't have a package for say py37-foo when there is for py311-foo. So it will suggest an update. It's not yet updating the package in this scenario. I need to rework some things for this to happen. My first implementation was reverted because of some other complications. Ideally, a user will need to be prompted to do this. There are cases it's wrong. (like if a packge was just not built on the last package build in magus)
I've also improved a lot of messages to the user, usage() output, and added more error handling in several places. There were a few small memory leaks fixed as well.
Miscellaneous Changes
Removed libdispatch from base.
rc.subr(8) now honors ${name}_env in all rc(8) scripts.
init(8), service(8), and cron(8) will now adopt user/class environment variables by default (excluding PATH). Notably, environment variables for all cron jobs and rc(8) services can now be set via login.conf(5)
The default config for newsyslog(8) will now only include files from the /etc/newsyslog.conf.d/ and /usr/local/etc/newsyslog.conf.d/ directories if the filename ends with ".conf" and does not begin with a "." character.
The kernel now supports enforcing a W^X memory mapping policy for user processes. The policy is not enforced by default but can be enabled by setting the kern.elf32.allow_wx and kern.elf64.allow_wx sysctls to 0. Individual binaries can be exempted from the policy by elfctl(1) via the wxneeded feature.
The calendar(1) utility supports nested C pre-processor conditionals and now supports the C++ comment syntax in addition to the C syntax.
The calendar(1) utility consistently prints dates according to the locale of the invoking user, not the possibly varying locales of included files.
The daemon(8) utility now supports the -H flag to close and re-open the output file when SIGHUP is received. This permits rotation of the output file via newsyslog(8).
The daemon(8) utility no longer blocks SIGTERM during the restart delay.
The devd(8) utility now reports a kernel system event when the system resumes from sleep rather than a kern system event.
The diskinfo(8) utility now reports the physical device name GEOM attribute when available.
Removed userland support for i386 a.out executables. Removed the elf2aout(1) utility.
Removed the obsolete version of the GNU debugger that was installed to /usr/libexec for use by crashinfo(8). Detailed kernel crash information can be obtained by installing modern GDB from mports or packages.
Removed the GPL-licensed version of dtc(1). The BSD-licensed version is now built and installed unconditionally.
The manual page for the gstat(8) utility now documents the use of interactive keyboard commands.
The manual page for the inetd(8) utility now includes an example of how to use netcat as an HTTP proxy.
Removed the ctm(1) utility. It is now provided by the misc/ctm port.
The BSD version of grep(1) is now installed by default. The obsolete GNU version that was the previous default has been removed.
Removed the amd(8) automount daemon. Its functionality is provided by autofs(5).
The new getlocalbase(3) function in libutil retrieves the LOCALBASE path in a standard way.
Removed the cap_random(3) function as it has been superseded by getrandom(2)
A new Linux-compatible copy_file_range(2) system call supports efficient file copies. In particular, this system call permits the kernel to request that an NFSv4.2 server perform a copy operation locally on the server.
The regex(3) function no longer accepts redundant escapes for most ordinary characters. This will cause applications such as sed(1) and grep(1) to reject regular expressions using these escapes.
New aio_readv(2) and aio_writev(2) system calls provide vectored analogues of aio_read(2) and aio_write(2).
Removed CU-SeeMe support from libalias(3)
Processes that attach to a jail(8) will now completely rebase their cpuset(1) onto the jail’s cpuset. Notably, if a process had been assigned a numbered cpuset then it will be assigned a new numbered set that is the combination of CPUs allowed to the attaching process and the jail. Processes belonging to the superuser will implicitly widen their CPU mask as needed if they share no CPUs in common with the jail.
Refactored the amd64 DMAR driver to provide a generic I/O MMU framework which can be used by other architectures. As part of this, renamed the amd64-specific ACPI_DMAR kernel option to IOMMU.
Added Safe Memory Reclamation (SMR) to the kernel, a lightweight variant of epoch reclamation closely coupled to uma(9). This has been applied in parts of the VM subsystem and VFS layer to improve scalability on high core count systems.
Removed support for procfs-based process debugging.
Added the netgdb(4) facility, allowing the gdb(4) kernel debugger to be used over the network.
Added backlight(9)
Added a CAM-Newbus SDIO support module.
The suite of VirtIO device drivers now support the VirtIO V1 spec.
Added the axp(4) driver, supporting the 10G ethernet controller found on AMD EPYC processors.
Added support for Intel Speed Shift to cpufreq(4)
For iscsi(4) and ctld(8), support for specifying network QoS in the form of DiffServ Codepoints (DSCP) and Ethernet Priority Code Point (PCP) was added.
The ctld(8) utility now supports the -t flag to test the validity of configuration files.
Removed the nand(4) device framework and nandfs(5) filesystem and associated utilities.
Removed the GEOM_SCHED class and accompanying gsched(8) tool.
gnop(8) can now apply configurable delays to read and write requests to simulate a slow disk.
The kernel now provides a default implementation for the SEEK_DATA and SEEK_HOLE ioctl(2)'s for filesystems which do not support sparse files.
The NFS client and server now support NFSv4.2 (RFC 7862) and Extended Attributes (RFC 8276).
Attempts to read a directory fail with EISDIR by default. The -d skip flags can be passed to grep(1) to suppress errors in stderr when non-recursively grepping a list that includes directories.
The NFS server now permits credentials specified via -maproot or -mapall in exports(5) to include more than 16 groups.
The NFS client and server now support NFS over TLS. The additional userland daemons are not built by default but can be enabled by building a new world that includes a KTLS-enabled OpenSSL via the WITH_OPENSSL_KTLS option.
A new nfsv4_server_only variable can be set to YES in /etc/rc.conf to only enable support for NFSv4. This avoids the need to run rpcbind(8) on an NFS server.
Updated the fusefs(5) protocol to 7.28 along with adding support for FUSE_COPY_FILE_RANGE and FUSE_LSEEK.
The ZFS implementation is now provided by OpenZFS.
Added the pvscsi(4) driver, supporting the para-virtualized SCSI controller in VMWare products like ESXi
A new type of mbuf(9) (network data buffer) can represent multiple, unmapped physical pages as a single buffer. This improves the performance of sendfile(2) by reducing the length of mbuf linked lists in socket buffers.
tcp(4) now supports Proportional Rate Reduction (as described by RFC6937) to improve SACK loss recovery during burst loss and ACK thinning scenarios. This feature is enabled by default. A new sysctl(8), net.inet.tcp.do_prr, can be set to 0 to restore the prior behavior.
PRR should generally help improve loss recovery performance and prevent numerous preventable retransmit timeout (RTO) stalls. This surpasses the prior behavior, but a strictly packet conserving variant can be enabled. A misconfigured token bucket traffic policer can cause persistent loss even during loss recovery. In...
3.2.4
Fix a security issue with OpenSSL
kek_unwrap_key(): Fix incorrect check of unwrapped key size
Fixes CVE-2025-9230
Full Changelog: 3.2.3...3.2.4
3.2.3
Multiple security updates:
xz-utils (same version, but patch applied) CVE-2025-31115
OpenSSH 9.9p2
tcpdump 4.99.5
expat 2.7.1
unbound 1.22.0
Also mport package manager 2.6.8
Full Changelog: 3.2.2...3.2.3
3.2.2
A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made
to panic by mounting and accessing the export with an NFS client. Further
exploitation (e.g., bypassing file permission checking or remote kernel code
execution) is potentially possible, though this has not been demonstrated. In
particular, release kernels are compiled with stack protection enabled, and
some instances of the overflow are caught by this mechanism, causing a panic.
Fix permissions on etcupdate use. (security issue)
Previously sensitive files could end up in the conflicts directory world readable.
Make kernel modules non executable on file system.
Update portsnap key!
pkg-config files are now installed for base openssl
Ravenports bootstrap changed after switch of their package manager.
Base system config(8) updated
3.2.1
Adds the atlantic(4) network adapter driver as a module only. (not compiled into the kernel) This allows folks with Aquantia 2.5G NICs to get on the network without needing a flash drive or other method to get a driver on there. (amd64 only)
Fixes security issues in fetch and bhyve.
Adds nproc(1) utility
Fixes an evdev bug with input on ums(4)
mport 2.6.4
Full Changelog: 3.2.0...3.2.1
3.2.0
I’m happy to announce the availability of MidnightBSD 3.2 for amd64 and i386.
This release included updates to third-party libraries, bug fixes from the 3.1 release, and security updates.
Upgrade Process
Install git if you don’t have it already
mport install git
Fetch MidnightBSD from git via github.com/midnightbsd/src.git (assumes you don’t have /usr/src populated)
git clone -b stable/3.2 https://github.com/MidnightBSD/src.git
NOTE: some users have experienced build errors on 2.x which require disabling perl in usr.bin/Makefile at the top and removing camcontrol and df from the rescue/rescue/Makefile temporarily. You can build these once on 3.x.
cd /usr/src; make -j4 clean buildworld buildkernel;
choose one of etcupdate or mergemaster -p
make installkernel
reboot
(if it works OK, login and go to /usr/src)
make installworld
choose one of etcupdate or mergemaster -iU
Update installed mports/packages
For mport package manager, run mport index
mport clean
mport upgrade
Remove old libraries and programs from the base.
rm -rf /usr/lib/perl/5.36.1 cd /usr/src/; make check-old; make delete-old; make installworld;
Perl was removed from base in 3.2. Install from mports or packages via mport install perl5.36
Bug Fixes and new features
Ravenports
Ravenports is available in MidnightBSD for the amd64 architecture. The initial installation process will prompt you to bootstrap Ravenports. This will initialize it in /raven/, and you will be able to install software packages using /raven/sbin/ravensw. By default, /raven/bin, /raven/sbin, and so on are not on the path. You can add them to the path to make running software in your shell easier. Please visit their website to learn more about Ravenports and find quickstart guides. http://www.ravenports.com/
You can choose either mports or Ravenports at installation time or use packages from both systems. Please note that mixing packages may have some complications, although they are installed in a completely different place from mports.
There are various benefits to Ravenports, but a few are more updated packages and quite a few unique packages that mports doesn’t provide currently. For example, Ravenports has an updated Firefox package available.
You will not see Ravenports presented as an option on an i386 install.
Mport package manager
Updated mport to 2.6.2
Miscellaneous Changes
Fixed a bug with portsnap configuration with 3.x releases where it used an old index.
Fix for some vnc clients with bhyve, added com ports to bhyve
Various manual pages cleaned up.
zstd enabled in libarchive
telnetd removed
libfetch: don't rely on ca_root_nss for certificate validation
add endian.h for linux compatibility
Security Fixes
OpenSSH security vulnerability
A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1.
OpenSSH 9.3p2 - CVE-2023-38408 Patch for CVE-2023-48795
Fix security issue in libpcap OSV-2020-1231
Fix for wpa supplicant CVE-2023-52160
pf security issue:
As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence numbers which match the current connection state to avoid being rejected by the firewall. A bug in the implementation of sequence number validation means that the sequence number is not in fact validated, allowing an attacker who is able to impersonate the remote host and guess the connection's port numbers to inject packets into the TCP stream.
3rd Party Software
Perl removed from base. Install via mports
brainfuck removed from base. Moved to mports
Removed subversion from base. install from mports if needed. (use git for MidnightBSD)
expat 2.6.2
ldns 1.8.3
sendmail 8.18.1
libarchive 3.7.2
zstd 1.5.2
Unbound 1.19.3
xz / lzma 5.4.5
tzdata 2023d
mandoc 1.14.6
OpenSSH 9.3p2
nvi 2.2.1
openssl 1.1.1w
Hardware
PCI vendors list updated (April 2024)
AMD zen4 temperature sensor support
unbreak Promise RAID1 with 4+ providers
usbdevs: add quirk for WD MyPassport Ultra External HDD
ahci: add AMD KERNCZ (RAID) device id in RAID mode
Known Issues
Ravenports install is not in the path, but we also don’t tell you that during bootstrap.
On VirtualBox 7, Xorg needs over 1GB of RAM allocated to run without swapping or crashing. Occasional VM hangs have also been seen. It works fine on bare metal, bhyve, or VMware products.