The CVE-2008-1447 does not, according to various sources, affect systems that randomise their source port. MirOS libc’s integrated resolver, according to some OpenBSD developers, does this, as does DJBDNS. The net/bind mirport is affected, but by using pf(4) to NAT yourself (thanks to Vutral for the suggestion), you can randomise these ports too. According to RUS-CERT, only using DNSSEC is a fix… I wonder if this is truth or advertising for a technique without wide-spread use.
The fixes10.ngz set, of course gzsig(1)d, contains an updated mksh binary and dot.mkshrc as well as /.profile (root) and /etc/profile (user) files, which speed up logins, as well as an updated /etc/ssh/ssh_known_hosts file. It can be directly applied from the installer, or untarred in / (do not forget the 'h' and 'p' options to tar(1)). Note that this will overwrite any existing changes to these files:
Use this for integrity checking:
RMD160 (fixes10.ngz) = 6c85c3e8eb4a5046b5b45373a0996cee2a3208b7
Our anoncvs mirror has changed its ssh host keys due to a Debian-specific problem (it's hosted on a machine running Debian GNU/Linux courtesy of gecko2@). The new keys are: [Update: [old broken link removed] moved]
Please copy these into /etc/ssh/ssh_known_hosts or ~/.etc/ssh/known_hosts, overriding the existing keys for the same IPs or host names.
The current version of the /etc/ssh/ssh_known_hosts file can be retrieved via anonymous CVS (from the server affected), anonymous rsync (also from rsync.allbsd.org), CVSweb (from both servers) or by an eMail request.
Yesterday's snapshot does not yet include the new public host keys, as they were generated only today.
The 2008-05-14 snapshot of MirOS BSD/i386 #10-current has been released as a simple baselive CD image (Live + Install CD, build logs, but nothing fancy) on the usual BitTorrent tracker, multi-tracked with a major BT site for these who pick it up there.
The #10/i386 binary packages should all be installable on this snapshot, although it does come with more recent MirPorts Framework.
A new MirMake version has been issued, to fix problems compiling C++ code with strange file extensions (.cpp as on Microsoft® Windows®, and .C as BOINC uses). MirMake is a sort-of-portable version of the MirOS make(1) utility, a few header files and a libmirmake.a containing helper functions, and some supporting utilities: install(1) lndir(1) lorder(1) mkdep(1) readlink(1) tsort(1)
The MirPorts Package Tools have been updated as well, as Lucas “laffer1” Holt, the MidnightBSD founder, has implemented ldconfig(8) -U too, and the use of this option by pkg_create(1) is now required for a lot of packages (since GNU libiconv, expat and libpng use their own fake-pkgview subdirectories.
Hashes of our current distfiles:
- RMD160 (gzsigkey.cer) = 0a24e416b26e4753eee4cbfe8f1dc74f2486eb6e gzsig(1) distribution sign key
- RMD160 (fwcf-1.05b.tar.gz) = 355e1a46ef384b4ca26cccb7892a2f60eff2ffe2 for FreeWRT
- RMD160 (libnointl-20070726.tar.gz) = 3b97197a9bd8f693bebd8b528dd0d5c942e83e64
- RMD160 (arc4random.c) = ad0ef189b7ffe80b9224b1f3886377847341bac5
- RMD160 (joe-3.1jupp8.cpio.gz) = bbcc42ff82fd7a47feb51579864a487f31ca3a91
- RMD160 (cksum-20080314.cgz) = 7566313c6db3182a99437eb6543b0da6abbed5bd
- RMD160 (paxmirabilis-20080314.cpio.gz) = 3966925c2d87838b0b55e2a0c715f027df3d965b
- RMD160 (ed-20060924.tar.gz) = 7d41e76e169caa73c8bbd043ad40b2b84339761a
- RMD160 (mirmake-20080411.cpio.gz) = e18bd36bc6c260332ab5df008f30b57a9849bc50
- RMD160 (mksh-R33d.cpio.gz) = d810a705b01e146f9addd184c168798a22a36d38
- RMD160 (mpczar-20061119.cgz) = cccf88ae27225c808f327ae7d56dbd9f2c053249
- RMD160 (mirmtree-20050912.cpio.gz) = b4de12ddfd022538732b2c14dad60c2351b3011c
- RMD160 (mirnroff-20050912.cpio.gz) = 5063466a267a64b3f088c86a29e011b5ad712c4a for Interix ONLY
- RMD160 (sitetmac-20071023.tar.gz) = 107e5b64ecbf1214e19681f6fc0add6599fef25d temporary
- RMD160 (tmacmbsd-20071003.tar.gz) = 223c38916e489469703627b189f6fc16b9a36e27 temporary
- RMD160 (patch-20051110.cpio.gz) = ac32b2b0a1e7203256ec4bd255c7525053afb3ed for Interix
- RMD160 (pkgtools-20080411.cgz) = edf320a3798aa40c015e57c579310df754f28820
- RMD160 (rdate-20070817.tar.gz) = 3501ae05c05d7c4f39ccb1c76dd51663c2b91e34
- RMD160 (mirsort-20050912.cpio.gz) = 69a1a632c7343c09ca7bab39f6359667bb461c1c
UPDATE 02.04.2008: mksh R33c is out, with a bugfix and a new fully supported OS (ULTRIX 4.5).
I thought these might come in handy for poor i386 users:
The ISOs itself (both El Torito and Live-HD/CF boot) as well as the included 1440 KiB Floppy images have been adjusted to automatically boot from serial console. To accomodate broken BIOSes (like the one from my VIA C7 server, or the Soekris COMBIOS), the bootloader does not wait for input, but instead directly boots into the kernel. This prevents you from using “boot -c”, but you can patch boot.cfg in the top directory of the ISO or floppy to achieve that.
Users of the sparc architecture just setenv input-device ttya and setenv output-device ttya instead; OpenBOOT can handle a serial console just fine out of the box and provides the speed as well.
The Errata page lists a binary update for the Sendmail and Apache security flaws and a shortcoming in the <bsd.lkm.mk> file. We advise to upgrade.
After 1600+ downloads, we think it has settled down a little. Nevertheless, we got a request to use a new form of distribution, the metalinks.
[link deleted 2014-05-13, we stopped using torrents]
There is also a list of errata for MirOS #10; we will issue a binary update within a few days, as at least the Sendmail bug is severe.
We had about 1500 downloads of the full ISO in the last 4 days, which is actually making our primary mirror traffic problems.
You can also switch to one of the following mirrors:
Due to popular request: the SFV (CRC32) of the ISO is 76D0638A, more hashes are here, and for these who still use the insecure MD5, 0afb38491f7557b1f7bc9ec8997ca5b4 should matche. Note: the CKSUM.gz file hyperlinked in this paragraph is, of course, gzsig(1)d.
Note to avoid confusion: the release CD is no Live CD, but we do have Live CDs. However, only development snapshots are distributed as Live CD. It would not fit on a release CD due to the size of the data included, sorry.
We’re really surprised from the number of downloads – seems as MirOS has become popular. We hope that the traffic throtteling/limiting methods our hoster has installed on the Germany 1 mirror do not produce too much inconvenience for you. Thanks for using MirOS!
MirOS BSD #10 for the i386 and sparc architectures is our eleventh formal major release. Grab it while you can, either via the usual BitTorrent tracker, or use the NetInstall ISO (details on the Download page).
MirOS #10 focuses on Unicode support and a lot of improvements all over the place. The sparc platform is now fully supported again, and en par with i386 regarding the base system. MirOS thusly is almost a reference implementation of a 32-bit sparc OS now that Debian killed support, Gentoo wants to go that way too and the other BSDs focus on sparc64; and the reference implementation of XFree86® in modern open source OSes.
Note that, while a lot of virtualisation software performs quite well (Parallels, qemu) or works (VMware Server, bochs, MS VirtualPC, Xen+HVM) with MirBSD, sadly, VirtualBox doesn’t. Due to a bug in it, a lot of operating systems do not work.
The MirPorts Framework now also runs on MidnightBSD, in addition to MirOS BSD (native), OpenBSD (legacy), Darwin and Mac OSX, and Interix (in theory). Support of individual ports for certain operating environments may not yet be given, but the infrastructure already works. Sadly, systrace(1) is not part of the MidnightBSD base system. MirPorts work independently of the native mports system, do not depend on it or interfere with it, as usual, and can be installed per user or system-wide.