NetBSD Changelog

New in version 7.0 RC1

June 21st, 2015
  • Greatly improved support for modern Intel and Radeon graphics hardware through a port of the Linux DRM/KMS code. Most X.Org components have been updated as well.
  • ARM multiprocessor support
  • Support for new ARM boards, some of which are listed below:
  • Raspberry Pi 2
  • ODROID-C1
  • BeagleBoard-xM
  • BeagleBone
  • BeagleBone Black
  • Banana Pi
  • Cubieboard 2
  • Cubietruck
  • Merii Hummingbird
  • Marvell ARMADA XP
  • GlobalScale MiraBox
  • Kobo
  • Sharp Netwalker PC-Z1
  • GPT support in sysinst
  • Lua kernel scripting
  • Multiprocessor USB stack
  • Many improvements to NPF, the NetBSD packet filter
  • GCC 4.8.4 (and optionally, LLVM/Clang 3.6.1)

New in version 6.1.5 (October 7th, 2014)

  • Security Advisory Fixes:
  • NetBSD-SA2014-005 libXfont multiple vulnerabilities
  • NetBSD-SA2014-006 Multiple OpenSSL vulnerabilities
  • NetBSD-SA2014-007 bozohttpd basic http authentication bypass
  • NetBSD-SA2014-008 Multiple OpenSSL vulnerabilities
  • NetBSD-SA2014-009 Multiple vulnerabilities in the execve system call
  • NetBSD-SA2014-010 Multiple vulnerabilities in the compatibility layers
  • NetBSD-SA2014-011 User-controlled memory allocation in the modctl system call
  • NetBSD-SA2014-012 Memory leak in the setsockopt system call
  • Note: Advisories prior to NetBSD-SA2014-005 do not affect NetBSD 6.1.5.
  • Other Security Fixes:
  • Fix various issues in the mount syscall, which could be used by a local user to panic the system.
  • OpenPAM: Fix incorrect error handling in PAM policy parser. CVE-2014-3879.
  • Kernel:
  • wm(4): Bump max TX DMA size to avoid pathological condition with TSO.
  • tap(4): Fix a race. PR kern/47506 and kern/46199.
  • urndis(4): Fix a panic.
  • vioif(4): Fix a panic. PR kern/49007.
  • Fix a mbuf leak in IPFilter.
  • Fix two overflows and a memory corruption bug in ptyfs and umapfs.
  • Reject unaligned PCI config register ioctl requests before we kassert.
  • Miscellaneous:
  • heimdal: Fix file descriptor leak. Fixes PR lib/48718
  • Update to tzdata2014g.
  • Update bozohttpd to 20140708.
  • Update openssl to 1.0.1i.
  • Fix Xserver crash on exit (causing screen palette settings to not be restored) when using wsfb.
  • postinstall(8): Don't apply "ptyfsoldnodes" if /dev/pts does not exist.
  • named: Update root.cache to 2014060201.
  • alpha:
  • Make sysinst deal correctly with Tru64 disklabels. PR port-alpha/48697.
  • sparc64:
  • Fix longjmp bug which causes a segmentation fault on sparc64 kernels with 32-bit userland.
  • next68k:
  • Move physmem calculations before nptpage initialization. PR port-m68k/45915.

New in version 6.1.4 (April 22nd, 2014)

  • Improving network stack concurrency and performance.
  • Development of modern file systems and improvement of existing ones.
  • Features which are useful in embedded environments, such as high resolution timers and execute in place (XIP) support.
  • Automatic testing and quality assurance.
  • NetBSD-SA2014-003 posix_spawn unbounded kernel memory allocation
  • NetBSD-SA2014-004 OpenSSL information disclosure ("heartbleed")
  • OpenSSL: CVE-2014-0076
  • Fix memory leak on bogus ELF binary.
  • veriexec: Avoid a use-after-free error.
  • atari: Fix a kernel crash when a user tries to switch to a nonexistent terminal. Fixes PR#48599.

New in version 6.1.3 (January 28th, 2014)

  • Security Advisory Fixes:
  • NetBSD-SA2013-010Use after free in Xserver handling of ImageText requests (CVE-2013-4396)
  • NetBSD-SA2013-011embryonic TCP sockets local DoS
  • NetBSD-SA2013-012Router Advertisement sysctl local Denial of Service
  • NetBSD-SA2013-013Memory leak when trying to execute bogus ELF binaries
  • NetBSD-SA2014-001Stack buffer overflow in libXfont (CVE-2013-6462)
  • NetBSD-SA2014-002ntpd used as DDoS amplifier
  • Note: Advisories prior to NetBSD-SA2013-009 do not affect NetBSD 6.1.3.
  • Other Security Fixes:
  • bind: Fix CVE-2014-0591.
  • Kernel:
  • pci(4): Work around a QEMU bug preventing NetBSD from booting on some versions of QEMU and KVM. (PR#45671)
  • Xen: fix dom0 crash with some domUs
  • Xen: remove a bogus diagostic message spamming the console. (PR#46313)
  • sparc64: fix a kernel diagnostic panic.
  • Networking:
  • NPF: fix byteorder for port range comparison.
  • NPF: fix a race condition.
  • File Systems:
  • ffs: Fixed a fsck_ffs internal error on UFS1.
  • Miscellaneous:
  • Xserver(1): Fixed crash on i810e. (PR#48315)
  • sysinst(8): Fixed wrong MBR partiton offset on small disks. (PR#48304)
  • ld.elf_so(1): Fixed memory corruption. (PR#48324)
  • sparc64: fixed gcc to not generate invalid asm.

New in version 6.1.2 (September 30th, 2013)

  • Security Advisory Fixes:
  • NetBSD-SA2013-009user settable small BPF buffer can cause a panic
  • Note: Advisories prior to NetBSD-SA2013-009 do not affect NetBSD 6.1.2.
  • Kernel
  • virtio(4): Fixed a panic during shutdown on KVM. (PR#48105)
  • uhci(4): Fixed USB device enumeration in some cases, fixed some ops on big-endian machines. (PR#47522, PR#48237)
  • Networking:
  • Include BRDADDR and NETMASK in the IPv4 ioctls we ban for IPv6.
  • npf(3): Fixed panic with IPv6 when nbufs are reallocated.
  • npf(3): Fixed filtering with dynamic rules.
  • File Systems:
  • udf: Fixed a problem which could result in garbage after the 4GB limit.
  • Miscellaneous:
  • pthread(3): Fixed error return from pthread_create() in some cases.
  • Update tzdata to 2013e.
  • Update some TNF ssh keys in /etc/ssh/ssh_known_hosts.
  • Fixed an environment issue which could cause crashes in Emacs 24 and certain other applications.
  • pkg_install: Fixed installation of signed packages. (PR#48194)
  • Fixed regression introduced in NetBSD 6.1.1 affecting certain applications running under X. (PR#48170)
  • mvme68k: Fixed boot panic. (PR#45915)

New in version 6.1 (May 19th, 2013)

  • Security Advisory Fixes:
  • NetBSD-SA2013-001, Kernel panic triggered from userland
  • NetBSD-SA2013-002, kqueue related kernel panic triggered from userland
  • NetBSD-SA2013-003, RNG Bug May Result in Weak Cryptographic Keys
  • NetBSD-SA2013-004, Vulnerabilities in grep
  • Security Fixes:
  • expat: Fix CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876.
  • BIND: Address CVE-2012-5688: Named could die on specific queries with dns64 enabled.
  • Fixed a crash which could happen with sysctl security.curtain=1 set. (PR#47598)
  • Address CVE-2012-5667: Multiple integer overflows in GNU grep.
  • Several fixes to entropy handling in the kernel.
  • Prevent ktrace from being able to crash the kernel.
  • General kernel:
  • posix_spawn(): Fix processes with attributes.
  • Resolve races between vget() and vrele() resulting in vget() returning dead vnodes.
  • Prevent crash when unsupported fd's are used with kevent.
  • Fix a bug where kmem_alloc() could be called from interrupt context.
  • WAPBL: coalesce writes to the journal to speed up wapbl_flush() on raid5 by a factor of 3 to 4.
  • Networking:
  • Fix "atomic fragments" for IPv6.
  • ipf: Fix alignment issues in ipmon. (PR#47101)
  • npf: handle delayed checksums in the network stack. (PR#47235)
  • Fixed some locking issues in ipf(4)
  • npf(3): Many fixes and updates. Config syntax has changed somewhat, please check your config files.
  • Fixed sendto(2) issue with IPv6 UDP datagrams. (PR#47408)
  • vioif(4): Fixed an issue which caused recent QEMU to crash.
  • File systems:
  • smbfs: Make smbfs actually work on big-endian ports.
  • smbfs: various fixes. (PR#25070)
  • Allow mounting ext2fs and msdosfs in 32-bit compat mode.
  • v7fs: fix off-by-one error.
  • Drivers:
  • ciss(4): don't try to handle sensors if there aren't any.
  • isp(4): Fix FC-AL devices on QLogic ISP2100. (PR#47302)
  • mfi(4): Add support for LSI Thunderbolt (SAS2208) controllers.
  • mfi(4): Add support for running the MegaCLI Linux binary to manage the controller.
  • puc(4): Additional device support.
  • bge(4): Add support for Apple's Thunderbolt to Gigabit Ethernet adapter. (PR#46961)
  • mvgbe(4): fix a number of issues
  • nfe(4): Avoid bounce buffering and improve performance.
  • wm(4): Fix handling of 82578D and 82579V chips. Various other fixes.
  • fss(4): Don't crash when running multiple dump -X. (PR#47514)
  • fss(4): Fixed panic. (PR#47020)
  • Platforms:
  • alpha:
  • Fixed longjmp/setjmp on alpha for statically linked programs such as those in /rescue.
  • amiga:
  • New ed(4) device driver for Hydra and ASDG Zorro2 bus network cards.
  • arm:
  • Fix gcc bugid 51408 for arm. (PR#46972)
  • Fixed a bit check in the Kirkwood IRQ code.
  • Fixed incorrect counts for 'vmstat -e' on Kirkwood.
  • Make bigendian ARM get the MBR partition and offset correct. (PR#47081)
  • Fixed bug where IRQ masks of GPIO were set incorrectly on Marvell SoCs.
  • Fixed static linking on ARM platforms. (PR#47139)
  • Properly block IRQs >= 32. (PR#45371)
  • Greatly improved Raspberry Pi support - USB and onboard Ethernet now work.
  • Enabled DCache Streaming Switch and Write Allocate for Sheeva CPUs.
  • Added support for the watchdog timer in some Marvell SoCs.
  • Fix for non-MBR disks on ARM. (PR#47463)
  • mips:
  • MIPS ports have switched to gdb 7.3.1. GDB6 is removed.
  • vax:
  • Reverted MAXPARTITION bump to 16, lowering it to 12 instead, to fix bootblocks and installboot for VAX 780 and other machines booting via VMB.EXE.
  • x68k:
  • Update bootloader: cdboot, netboot support and bugfixes.
  • Add floppy format support.
  • x86 (i386, amd64):
  • Work around a possible gcc bug generating bad assembler code. (PR#45673)
  • Disable C1E on AMD K8 CPUs, to prevent freeze during boot.
  • Fix running BSDi and NetBSD

New in version 6.1 RC2 (March 19th, 2013)

  • Various terminfo fixes (PR#46793, PR#47090, PR#47490, PR#47532)
  • Fixed a segfault in awk(1) (PR#47553)
  • Moved boottime50 and its associated sysctl into the compat module. (PR#47579)
  • Updated tzdata to 2013b, with the latest timezone info
  • Fixed a crash when the security.curtain sysctl is enabled (PR#47598)
  • Fixed some IPF locking issues
  • Fix a crash on statically-linked programs for NetBSD/alpha

New in version 6.1 RC1 (February 23rd, 2013)

  • Bugfixes and feature improvements to NPF, the NetBSD Packet Filter
  • Improvements to several ARM platforms, including Raspberry Pi which now has nearly-complete support.
  • Support for dtrace on amd64
  • MIPS ports switched to gdb 7.3.1, gdb6 removed
  • Additional device support in key drivers including wm(4), uftdi(4), mfi(4), bge(4), aac(4), tlp(4) and others.
  • Various port-specific improvements to the amiga, arm, sparc64 and x68k ports.

New in version 6.0.1 (December 27th, 2012)

  • Security Fixes:
  • expat: Fix CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876.
  • BIND: Address CVE-2012-5688: Named could die on specific queries with dns64 enabled.
  • General kernel:
  • posix_spawn(): Fix processes with attributes.
  • Resolve races between vget() and vrele() resulting in vget() returning dead vnodes.
  • Prevent crash when unsupported fd's are used with kevent.
  • Networking:
  • Fix "atomic fragments" for IPv6.
  • ipf: Fix alignment issues in ipmon. (PR#47101)
  • npf: handle delayed checksums in the network stack. (PR#47235)
  • File systems:
  • smbfs: Make smbfs actually work on big-endian ports.
  • Drivers:
  • ciss(4): don't try to handle sensors if there aren't any.
  • Platforms:
  • x86 (i386, amd64):
  • Work around a possible gcc bug generating bad assembler code. (PR#45673)
  • Disable C1E on AMD K8 CPUs, to prevent freeze during boot.
  • xen:
  • Prevent a memory corruption issue that locks up a Xen DomU, and can potentially cause file system corruption. (PR#47056, PR#47057)
  • Fix: Xen Dom0 NetBSD kernel could crash by adding duplicate xenwatches.
  • Userland fixes:
  • Update to tzdata2012j.
  • cdb: don't refuse to open databases without entries or keys.
  • Address graphics corruption in recent Cairo, manifested most commonly by certain rendered text sections appearing as solid rectangular blocks of color.

New in version 5.2 RC1 (November 15th, 2012)

  • NetBSD 5.2 is intended for those who have an application using NetBSD 5.0.x or 5.1.x who don't want the churn of upgrading to NetBSD 6.0, but would like bug fixes and some stable new features. There have been a number of changes since 5.1. See src/doc/CHANGES-5.2 for the full list.

New in version 6.0 (October 18th, 2012)

  • SMP support for Xen domU kernels, initial suspend/resume support for Xen domU, PCI pass-through support for Xen3, and addition of the balloon driver.
  • Major rework of MIPS port adding support for SMP and 64-bit (O32, N32, N64 ABIs are supported) processors, DSP v2 ASE extension, various NetLogic/RMI processor models, Loongson family processors, and new SoC boards.
  • Improved SMP on PowerPC port and added support for Book E Freescale MPC85xx (e500 core) processors.
  • ARM has gained support for Cortex-A8 processors, various new SoCs, and initial support for Raspberry Pi. Full support for Raspberry Pi and major ARM improvements to come in a future NetBSD release.
  • time_t is now a 64-bit quantity on all NetBSD ports. This means that the NetBSD world no longer ends in 2037.

New in version 6.0 Beta 2 (May 28th, 2012)

  • Fixed PR/39444
  • fixes to hdaudio
  • fixes to LFS
  • fixed detaching ehci(4)
  • PR/41673
  • PR/44097
  • Added the ability to configure RAIDframe components on raw disks.
  • Fixed iwi(4) firmware decoding on bigendian platforms.
  • more variants supported by mfi(4)
  • PR/46217
  • Prevent sshd from consuming all available entropy.
  • Update pcc to pcc-20120325.
  • Power management for bthub(4).
  • PR/45829
  • PR/46232
  • PR/46120
  • PR/46284
  • Work around some AMD processor errata
  • Fixed x86k boot problem
  • PR/45131
  • PR/46286
  • PR/46221
  • PR/46282
  • PR/46146
  • Added mpii(4) driver for LSI Logic Fusion-MPT Message Passing Interface II SAS controllers.
  • Many PUFFS fixes
  • Several OpenSSL fixes
  • PR/46325
  • PR/46121
  • PR/46391
  • PR/41267
  • PR/46360
  • PR/46408
  • PR/46419
  • Added tgamma() and tgammaf() to libm
  • Avoid a tools build error on Cygwin hosts
  • many fixes for building with clang
  • switched vax back to gcc 4.1
  • Added new sysinst post-install config menu
  • PR/46041
  • PR/44092
  • PR/46101
  • PR/46457
  • PR/43903

New in version 5.0.1 (August 3rd, 2009)

  • Security Advisory Fixes:
  • NetBSD-SA2009-004, NetBSD OpenPAM passwd(1) changing weakness.
  • NetBSD-SA2009-005, Plaintext Recovery Attack Against SSH.
  • NetBSD-SA2009-006, Buffer overflows in ntp.
  • NetBSD-SA2009-007, Buffer overflows in hack(6).
  • NetBSD-SA2009-008, OpenSSL ASN1 parsing denial of service and CMS signature verification weakness.
  • NetBSD-SA2009-009, OpenSSL DTLS Memory Exhaustion and DSA signature verification vulnerabilities.
  • NetBSD-SA2009-010, ISC dhclient subnet-mask flag stack overflow.
  • NetBSD-SA2009-011, ISC DHCP server Denial of Service vulnerability.
  • NetBSD-SA2009-012, SHA2 implementation potential buffer overflow.
  • NetBSD-SA2009-013, BIND named dynamic update Denial of Service vulnerability.
  • Note: Advisories prior to NetBSD-SA2009-004 do not affect NetBSD 5.0.
  • Kernel:
  • Fix random "filesystem full" messages on large FFS file systems.
  • Fix a regression in the 4.4BSD scheduler, improving interactive performance under load.
  • Remove a race where physio_done() may use memory already freed. Fixes PR kern/39536.
  • Fix a crash observed when trying to load a corrupted ELF kernel module.
  • Fix PR kern/41566, where writes on the controlling tty were not being awoken from blocks.
  • Various fixes for POSIX message queues.
  • Fix a possible deadlock in the VFS subsystem.
  • Fixes for POSIX advisory locks.
  • A number of other stability fixes.
  • Networking:
  • Follow exactly the recommendation of draft-ietf-tcpm-tcpsecure-11.txt: Don't check gainst the last ack received, but the expected sequence number. This makes RST handling independent of delayed ACK.
  • Fix a panic when trying to disable IPFilter before enabling it. Fixes PR kern/41364.
  • Drivers:
  • ehci(4): Add a workaround for ATI SB600 and SB700 revisions A12 and A13 to avoid a USB subsystem hang when the system has multiple USB devices connected to it or one device is re-connected often.
  • wm(4):
  • On i82563, FreeBSD's em driver says that the ready bit in the MDIC register may be incorrectly set. Insert delay(200) like the em driver. Fixes PR kern/41014.
  • Add workaround for 82543GC. We need to force speed and duplex on the MAC equal to what the PHY speed and duplex configuration is. Fixes PR kern/36430.
  • Fix many problems and panic on TBI's cards (PR kern/32009).
  • Platform specific:
  • x86 (amd64 and i386): Add a workaround for a bug with some Opteron revisions where locked operations sometimes do not serve as memory barriers, allowing memory references to bleed outside of critical sections.
  • amd64: Handle protection faults properly, returning SIGSEGV instead of SIGBUS.
  • hp300: Make install.md probe cd(4) devices properly.
  • pmax: Make ksyms(4) actually work.
  • sh3: Fix logic error in copyinstr() when deciding whether to return EFAULT or ENAMETOOLONG.
  • sparc64:
  • Fix long double support in 32bit libc. Fixes PR port-sparc64/41406.
  • When preparing the initial trap frame for a new forked lwp, explicitly clear condition code. Otherwise we might catch a signal before we ever return to userland. Fixes PR port-sparc64/41302.
  • vax: binutils: Allocate relocation section using bfd_zalloc() to ensure no garbage relocations when not all the entries are used. Fixes PR port-vax/39182.
  • Userland:
  • Update pkg_install to 20090724.
  • pkg_install now depends on the pkgdb cache for automatic conflict detection. It is recommended to rebuild the cache with "pkg_admin rebuild". audit-packages.conf(5) has been superseded by pkg_install.conf(5). The default configuration is the same. Support for pkg_view(1) has been retired. The functionality of audit-packages(1) and download-vulnerability-list(1) has moved into pkg_admin(1). Wrapper scripts that handle the common use cases are provided.
  • Update libfetch to 2.23.
  • racoonctl(8): Adjust ADMINPORTDIR to match that of racoon (/var/run). Fixes PR bin/41376.
  • schedctl(8): Skip LSIDL and LSZOMB threads when retrieving info.
  • postinstall(8) now knows about /etc/dhcpcd.conf.
  • Miscellaneous:
  • The X.Org s3 driver now works.
  • Install the Xvidtune app-defaults file.
  • Fixes to Linux compat:
  • In sendmsg(2), do copy the msghdr structure before trying to use it.
  • In linux_sys_sched_getaffinity(), do not leak memory on error.
  • Various METALOG fixes, including sorting entries. Addresses PR toolchain/24457 and PR bin/41155.

New in version 5.0 (April 30th, 2009)

  • NetBSD 5.0 features greatly improved performance and scalability on modern multiprocessor (SMP) and multi-core systems. Multi-threaded applications can now efficiently make use of more than one CPU or core, and system performance is much better under I/O and network load.
  • In addition to scalability and performance improvements, a significant number of major features have been added. Some highlights are: a preview of metadata journaling for FFS file systems (known as WAPBL), the jemalloc memory allocator, X.Org instead of XFree86 on a number of ports, the Power Management Framework, ACPI suspend/resume support on many laptops, write support for UDF file systems, the Automated Testing Framework, the Runnable Userspace Meta Program framework, Xen 3.3 support for both i386 and amd64, POSIX message queues and asynchronous I/O, and many new hardware device drivers.

New in version 5.0 RC4 (April 17th, 2009)

  • Today, we have two things to be happy about. First, the fourth release candidate of NetBSD 5.0 is available for download. Second, this announcement, like RC3's, coincides with an important birthday: that of Billy West. Below are some highlighted changes since RC3: added the RLIMIT_AS resource, which limits the total address space available to processes; improved NFS server stability; FFS improvements; a fix for a pf(4) DoS; re(4) now works with the RealTek 8111C, which is found on many current motherboards with Intel chipsets.

New in version 5.0 RC3 (March 22nd, 2009)

  • considerable improvements to WAPBL;
  • further X.Org refinements, including switching sgimips to X.Org;
  • scheduler activations support is now disabled by default in sysctl.conf;
  • ddb.onpanic is now set to 1 in the kernel by default, but 0 in sysctl.conf - this avoids trying to dump if a crash occurs during the install phase;
  • puffs is now enabled by default on amd64, i386, macppc, and sparc64; SSP kernels should work again;
  • a handful of assorted stability improvements.

New in version 5.0 RC2 (February 11th, 2009)

  • Since RC1, 103 tickets were pulled up. Interested readers can find the details of these tickets in src/doc/CHANGES-5.0. RC2 represents a great deal of progress over RC1, but with that amount of change, increased time for testing is required. To put it bluntly, there will definitely be a third release candidate. We are aware of a number of release-blocking issues, but it is important that we get a jump on testing the many changes made since RC1.

New in version 4.0.1 (October 15th, 2008)

  • The NetBSD Project is pleased to announce that update 4.0.1 of the NetBSD operating system is now available. NetBSD 4.0.1 is the first security/critical update of the NetBSD 4.0 release branch. This represents a selected subset of fixes deemed critical in nature for stability or security reasons, no new features have been added. NetBSD 4.0.1 runs on 54 different system architectures featuring 17 machine architectures across 17 distinct CPU families, and is being ported to more. The NetBSD 4.0.1 release contains complete binary releases for 51 different machine types.