NetBSD Changelog

New in version 6.1.5

October 7th, 2014
  • Security Advisory Fixes:
  • NetBSD-SA2014-005 libXfont multiple vulnerabilities
  • NetBSD-SA2014-006 Multiple OpenSSL vulnerabilities
  • NetBSD-SA2014-007 bozohttpd basic http authentication bypass
  • NetBSD-SA2014-008 Multiple OpenSSL vulnerabilities
  • NetBSD-SA2014-009 Multiple vulnerabilities in the execve system call
  • NetBSD-SA2014-010 Multiple vulnerabilities in the compatibility layers
  • NetBSD-SA2014-011 User-controlled memory allocation in the modctl system call
  • NetBSD-SA2014-012 Memory leak in the setsockopt system call
  • Note: Advisories prior to NetBSD-SA2014-005 do not affect NetBSD 6.1.5.
  • Other Security Fixes:
  • Fix various issues in the mount syscall, which could be used by a local user to panic the system.
  • OpenPAM: Fix incorrect error handling in PAM policy parser. CVE-2014-3879.
  • Kernel:
  • wm(4): Bump max TX DMA size to avoid pathological condition with TSO.
  • tap(4): Fix a race. PR kern/47506 and kern/46199.
  • urndis(4): Fix a panic.
  • vioif(4): Fix a panic. PR kern/49007.
  • Fix a mbuf leak in IPFilter.
  • Fix two overflows and a memory corruption bug in ptyfs and umapfs.
  • Reject unaligned PCI config register ioctl requests before we kassert.
  • Miscellaneous:
  • heimdal: Fix file descriptor leak. Fixes PR lib/48718
  • Update to tzdata2014g.
  • Update bozohttpd to 20140708.
  • Update openssl to 1.0.1i.
  • Fix Xserver crash on exit (causing screen palette settings to not be restored) when using wsfb.
  • postinstall(8): Don't apply "ptyfsoldnodes" if /dev/pts does not exist.
  • named: Update root.cache to 2014060201.
  • alpha:
  • Make sysinst deal correctly with Tru64 disklabels. PR port-alpha/48697.
  • sparc64:
  • Fix longjmp bug which causes a segmentation fault on sparc64 kernels with 32-bit userland.
  • next68k:
  • Move physmem calculations before nptpage initialization. PR port-m68k/45915.

New in version 6.1.4 (April 22nd, 2014)

  • Improving network stack concurrency and performance.
  • Development of modern file systems and improvement of existing ones.
  • Features which are useful in embedded environments, such as high resolution timers and execute in place (XIP) support.
  • Automatic testing and quality assurance.
  • NetBSD-SA2014-003 posix_spawn unbounded kernel memory allocation
  • NetBSD-SA2014-004 OpenSSL information disclosure ("heartbleed")
  • OpenSSL: CVE-2014-0076
  • Fix memory leak on bogus ELF binary.
  • veriexec: Avoid a use-after-free error.
  • atari: Fix a kernel crash when a user tries to switch to a nonexistent terminal. Fixes PR#48599.

New in version 6.1.3 (January 28th, 2014)

  • Security Advisory Fixes:
  • NetBSD-SA2013-010Use after free in Xserver handling of ImageText requests (CVE-2013-4396)
  • NetBSD-SA2013-011embryonic TCP sockets local DoS
  • NetBSD-SA2013-012Router Advertisement sysctl local Denial of Service
  • NetBSD-SA2013-013Memory leak when trying to execute bogus ELF binaries
  • NetBSD-SA2014-001Stack buffer overflow in libXfont (CVE-2013-6462)
  • NetBSD-SA2014-002ntpd used as DDoS amplifier
  • Note: Advisories prior to NetBSD-SA2013-009 do not affect NetBSD 6.1.3.
  • Other Security Fixes:
  • bind: Fix CVE-2014-0591.
  • Kernel:
  • pci(4): Work around a QEMU bug preventing NetBSD from booting on some versions of QEMU and KVM. (PR#45671)
  • Xen: fix dom0 crash with some domUs
  • Xen: remove a bogus diagostic message spamming the console. (PR#46313)
  • sparc64: fix a kernel diagnostic panic.
  • Networking:
  • NPF: fix byteorder for port range comparison.
  • NPF: fix a race condition.
  • File Systems:
  • ffs: Fixed a fsck_ffs internal error on UFS1.
  • Miscellaneous:
  • Xserver(1): Fixed crash on i810e. (PR#48315)
  • sysinst(8): Fixed wrong MBR partiton offset on small disks. (PR#48304)
  • ld.elf_so(1): Fixed memory corruption. (PR#48324)
  • sparc64: fixed gcc to not generate invalid asm.

New in version 6.1.2 (September 30th, 2013)

  • Security Advisory Fixes:
  • NetBSD-SA2013-009user settable small BPF buffer can cause a panic
  • Note: Advisories prior to NetBSD-SA2013-009 do not affect NetBSD 6.1.2.
  • Kernel
  • virtio(4): Fixed a panic during shutdown on KVM. (PR#48105)
  • uhci(4): Fixed USB device enumeration in some cases, fixed some ops on big-endian machines. (PR#47522, PR#48237)
  • Networking:
  • Include BRDADDR and NETMASK in the IPv4 ioctls we ban for IPv6.
  • npf(3): Fixed panic with IPv6 when nbufs are reallocated.
  • npf(3): Fixed filtering with dynamic rules.
  • File Systems:
  • udf: Fixed a problem which could result in garbage after the 4GB limit.
  • Miscellaneous:
  • pthread(3): Fixed error return from pthread_create() in some cases.
  • Update tzdata to 2013e.
  • Update some TNF ssh keys in /etc/ssh/ssh_known_hosts.
  • Fixed an environment issue which could cause crashes in Emacs 24 and certain other applications.
  • pkg_install: Fixed installation of signed packages. (PR#48194)
  • Fixed regression introduced in NetBSD 6.1.1 affecting certain applications running under X. (PR#48170)
  • mvme68k: Fixed boot panic. (PR#45915)

New in version 6.1 (May 19th, 2013)

  • Security Advisory Fixes:
  • NetBSD-SA2013-001, Kernel panic triggered from userland
  • NetBSD-SA2013-002, kqueue related kernel panic triggered from userland
  • NetBSD-SA2013-003, RNG Bug May Result in Weak Cryptographic Keys
  • NetBSD-SA2013-004, Vulnerabilities in grep
  • Security Fixes:
  • expat: Fix CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876.
  • BIND: Address CVE-2012-5688: Named could die on specific queries with dns64 enabled.
  • Fixed a crash which could happen with sysctl security.curtain=1 set. (PR#47598)
  • Address CVE-2012-5667: Multiple integer overflows in GNU grep.
  • Several fixes to entropy handling in the kernel.
  • Prevent ktrace from being able to crash the kernel.
  • General kernel:
  • posix_spawn(): Fix processes with attributes.
  • Resolve races between vget() and vrele() resulting in vget() returning dead vnodes.
  • Prevent crash when unsupported fd's are used with kevent.
  • Fix a bug where kmem_alloc() could be called from interrupt context.
  • WAPBL: coalesce writes to the journal to speed up wapbl_flush() on raid5 by a factor of 3 to 4.
  • Networking:
  • Fix "atomic fragments" for IPv6.
  • ipf: Fix alignment issues in ipmon. (PR#47101)
  • npf: handle delayed checksums in the network stack. (PR#47235)
  • Fixed some locking issues in ipf(4)
  • npf(3): Many fixes and updates. Config syntax has changed somewhat, please check your config files.
  • Fixed sendto(2) issue with IPv6 UDP datagrams. (PR#47408)
  • vioif(4): Fixed an issue which caused recent QEMU to crash.
  • File systems:
  • smbfs: Make smbfs actually work on big-endian ports.
  • smbfs: various fixes. (PR#25070)
  • Allow mounting ext2fs and msdosfs in 32-bit compat mode.
  • v7fs: fix off-by-one error.
  • Drivers:
  • ciss(4): don't try to handle sensors if there aren't any.
  • isp(4): Fix FC-AL devices on QLogic ISP2100. (PR#47302)
  • mfi(4): Add support for LSI Thunderbolt (SAS2208) controllers.
  • mfi(4): Add support for running the MegaCLI Linux binary to manage the controller.
  • puc(4): Additional device support.
  • bge(4): Add support for Apple's Thunderbolt to Gigabit Ethernet adapter. (PR#46961)
  • mvgbe(4): fix a number of issues
  • nfe(4): Avoid bounce buffering and improve performance.
  • wm(4): Fix handling of 82578D and 82579V chips. Various other fixes.
  • fss(4): Don't crash when running multiple dump -X. (PR#47514)
  • fss(4): Fixed panic. (PR#47020)
  • Platforms:
  • alpha:
  • Fixed longjmp/setjmp on alpha for statically linked programs such as those in /rescue.
  • amiga:
  • New ed(4) device driver for Hydra and ASDG Zorro2 bus network cards.
  • arm:
  • Fix gcc bugid 51408 for arm. (PR#46972)
  • Fixed a bit check in the Kirkwood IRQ code.
  • Fixed incorrect counts for 'vmstat -e' on Kirkwood.
  • Make bigendian ARM get the MBR partition and offset correct. (PR#47081)
  • Fixed bug where IRQ masks of GPIO were set incorrectly on Marvell SoCs.
  • Fixed static linking on ARM platforms. (PR#47139)
  • Properly block IRQs >= 32. (PR#45371)
  • Greatly improved Raspberry Pi support - USB and onboard Ethernet now work.
  • Enabled DCache Streaming Switch and Write Allocate for Sheeva CPUs.
  • Added support for the watchdog timer in some Marvell SoCs.
  • Fix for non-MBR disks on ARM. (PR#47463)
  • mips:
  • MIPS ports have switched to gdb 7.3.1. GDB6 is removed.
  • vax:
  • Reverted MAXPARTITION bump to 16, lowering it to 12 instead, to fix bootblocks and installboot for VAX 780 and other machines booting via VMB.EXE.
  • x68k:
  • Update bootloader: cdboot, netboot support and bugfixes.
  • Add floppy format support.
  • x86 (i386, amd64):
  • Work around a possible gcc bug generating bad assembler code. (PR#45673)
  • Disable C1E on AMD K8 CPUs, to prevent freeze during boot.
  • Fix running BSDi and NetBSD

New in version 6.1 RC2 (March 19th, 2013)

  • Various terminfo fixes (PR#46793, PR#47090, PR#47490, PR#47532)
  • Fixed a segfault in awk(1) (PR#47553)
  • Moved boottime50 and its associated sysctl into the compat module. (PR#47579)
  • Updated tzdata to 2013b, with the latest timezone info
  • Fixed a crash when the security.curtain sysctl is enabled (PR#47598)
  • Fixed some IPF locking issues
  • Fix a crash on statically-linked programs for NetBSD/alpha

New in version 6.1 RC1 (February 23rd, 2013)

  • Bugfixes and feature improvements to NPF, the NetBSD Packet Filter
  • Improvements to several ARM platforms, including Raspberry Pi which now has nearly-complete support.
  • Support for dtrace on amd64
  • MIPS ports switched to gdb 7.3.1, gdb6 removed
  • Additional device support in key drivers including wm(4), uftdi(4), mfi(4), bge(4), aac(4), tlp(4) and others.
  • Various port-specific improvements to the amiga, arm, sparc64 and x68k ports.

New in version 6.0.1 (December 27th, 2012)

  • Security Fixes:
  • expat: Fix CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876.
  • BIND: Address CVE-2012-5688: Named could die on specific queries with dns64 enabled.
  • General kernel:
  • posix_spawn(): Fix processes with attributes.
  • Resolve races between vget() and vrele() resulting in vget() returning dead vnodes.
  • Prevent crash when unsupported fd's are used with kevent.
  • Networking:
  • Fix "atomic fragments" for IPv6.
  • ipf: Fix alignment issues in ipmon. (PR#47101)
  • npf: handle delayed checksums in the network stack. (PR#47235)
  • File systems:
  • smbfs: Make smbfs actually work on big-endian ports.
  • Drivers:
  • ciss(4): don't try to handle sensors if there aren't any.
  • Platforms:
  • x86 (i386, amd64):
  • Work around a possible gcc bug generating bad assembler code. (PR#45673)
  • Disable C1E on AMD K8 CPUs, to prevent freeze during boot.
  • xen:
  • Prevent a memory corruption issue that locks up a Xen DomU, and can potentially cause file system corruption. (PR#47056, PR#47057)
  • Fix: Xen Dom0 NetBSD kernel could crash by adding duplicate xenwatches.
  • Userland fixes:
  • Update to tzdata2012j.
  • cdb: don't refuse to open databases without entries or keys.
  • Address graphics corruption in recent Cairo, manifested most commonly by certain rendered text sections appearing as solid rectangular blocks of color.

New in version 5.2 RC1 (November 15th, 2012)

  • NetBSD 5.2 is intended for those who have an application using NetBSD 5.0.x or 5.1.x who don't want the churn of upgrading to NetBSD 6.0, but would like bug fixes and some stable new features. There have been a number of changes since 5.1. See src/doc/CHANGES-5.2 for the full list.