The NetBSD Foundation Quarterly Report: April - December 2006

Quarterly Status Report

NetBSD is an actively developed operating system. With fifty seven different system architectures in total and binary support of 53 architectures in our last official release (NetBSD 3.1), our widely portable Packages Collection pkgsrc and large userbase there is a lot going on within the project. In order to allow our users to follow the most important changes over the last few months, we provide a brief summary in these official status reports, released with irregular regularity. These reports are suitable for reproduction and publication in part or in whole as long as the source is clearly indicated.

This status report summarizes the changes within NetBSD from April 2006 until December 2006.

To learn more about NetBSD visit its homepage at http://www.NetBSD.org/, for a list of code changes see the src/doc/CHANGES and pkgsrc/doc/CHANGES-2006 files. Individual changes to the NetBSD source and pkgsrc can be monitored on the source-changes and pkgsrc-changes mailing lists.

-Jan Schaumann

April 2006 - December 2006

Administrative

Miscellaneous

pkgsrc

Ports

Security

Technical


Administrative

New Developers [20070101]

The NetBSD project is pleased to welcome the following new developers during the last three quarters of 2006:

  • Arnaud Lacombe (login: alc), who will be working on Coverity fixes and various general tasks.
  • Christian Biere (login: cbiere), who will be working on various general tasks.
  • Jachym Holecek (login: freza), who will be working on the evbppc port, devmon and kernel.
  • Hauke Fath (login: hauke), who will be working on the mac68k port and the NetBSD Packages Collection.
  • Liam J. Foy (login: liamjfoy), who will be working on CARP networking, userland and bugfixing.
  • Matthew Grooms (login: mgrooms), who will be working on ipsec-tools, related tasks and regression tests.
  • Matt J. Fleming (login: mjf), who will be working on security related tasks and regression tests.
  • OBATA Akio (login: obache), who will be working on the NetBSD Packages Collection.
  • Jaime A Fournier (login: ober), who will be working on openafs.
  • Iain Hibbert (login: plunky), who will be working on bluetooth and the NetBSD Packages Collection.
  • Sanjay Lal (login: sanjayl), who will be working on powerpc support.
  • Yvan Vanhullebus (login: vanhu), who will be working on IPsec.

Organizational Changes to the NetBSD Project [20060901]

All NetBSD developers have been required to sign an agreement stating the terms under which they will participate in NetBSD; in return for this they are granted access to change our source tree and the right to participate in our internal democratic process. For historical reasons, there were a number of developers whose agreements were either lost or never received; these developers were given the opportunity to submit a new signed agreement. Despite hundreds of hours spent on this process by our volunteers we have not obtained agreements from a few people, and the NetBSD Foundation announced in September that developer access for those without agreements was disabled.

For details, please see the complete email message from Alistair Crooks, president of The NetBSD Foundation at http://mail-index.NetBSD.org/netbsd-announce/2006/09/01/0000.html.

We are happy to report that since then, we were able to re-enable the accounts of most of these developers after having received their signed agreements.


Miscellaneous

Hackathons

In a project that has people spread all over the globe, it's not always easy to coordinate efforts. Starting in September 2006, the NetBSD project has started to hold Bugathons or Hackathons, usually with a specific goal. The organization of the first two Bugathons was done almost entirely and spontaneously by Elad Efrat. During these events, NetBSD developers, users and enthusiasts meet on IRC in a highly focused environment (think Extreme Programming on Steroids) and try to squash as many bugs as possible.

The positive results speak for themselves, and we hope to continue to hold these events on a more or less regular basis.

So far the following events have taken place:

  • December 27-29, 2006
  • November 25-26, 2006 (around 200 PRs analyzed and/or closed; install documentation fixed)
  • October 7-8, 2006 (over 310 PRs closed)
  • September 23-24, 2006 (over 270 PRs closed)

See http://www.NetBSD.org/community/hackathon.html for upcoming hackathons.

NetBSD on the road

The NetBSD Project was represented by developers and other volunteers at a number of conferences and tradeshows during the last three quarters of 2006. Patiently the following people invested a lot of their personal time, money and resources to tell attendants about NetBSD, to explain (again and again) the difference between NetBSD and Linux or NetBSD and the other BSDs, sold CDs and other merchandise and in general deserve thanks for helping the NetBSD Project:

End of life for NetBSD 1.6 branch [20060517]

In May, the release engineering team announced that the netbsd-1-6 branch will no longer be actively maintained. It is NetBSD's policy to maintain only the current and most recent release branches (3.x and 2.x). There will be no more pullups to the branch even for security issues.

The 1.6 releases on ftp.NetBSD.org have been moved to the archive ftp://ftp.NetBSD.org/pub/NetBSD-archive/.

For details, please refer to Matthias Scheler's message to the netbsd-announce mailing list: http://mail-index.NetBSD.org/netbsd-announce/2006/05/16/0000.html

Summer of Code 2006 [20060927]

As in the first "Google Summer of Code" in 2005, the NetBSD Project once again participated as a mentoring organization in this year's SoC. After reviewing more than one hundred project proposals, the NetBSD Project was allotted the following eight project slots:

  • Project jffs: Support for journaling for FFS (Kirill Kuvaldin)
  • Project mips64: Support for MIPS64 ISA (LIU Qi)
  • Project ppcg5: PowerPC G5 support in NetBSD (Yevgeny Binder)
  • Project congest: Improved Writing to Filesystem Using Congestion Control (Sumantra R. Kundu)
  • Project ecn: TCP ECN support (Rui Paulo)
  • Project ipsec6: Fast_ipsec and ipv6 (Degroote Arnaud)
  • Project pkg_install: pkg_install rewrite for pkgsrc (Joerg Sonnenberger)
  • Project mbuf: Improving the mbuf API and implementation (Pavel Cahyna)

For a full report on the progress made in each of these projects, please see http://www.NetBSD.org/foundation/press/soc2006-summary.html.

NetBSD 3.1 and 3.0.2 released [20061104]

In early November, the NetBSD release engineering team announced the availability of the NetBSD 3.1 and 3.0.2 releases.

NetBSD 3.1 is the first feature update of the NetBSD 3.0 release branch. Changes include bugfixes, critical security updates and new minor features like new drivers. NetBSD 3.0.2 is the second security/critical update of the NetBSD 3.0 release branch. This represents a selected subset of fixes deemed critical in nature for stability or security reasons.

See the NetBSD 3.1 Release Announcement and the NetBSD 3.0.2 Release Announcement for more information.

NetBSD 4.0 re-branched [20061203]

The NetBSD 4.0 release process was originally started in August 2006 In November 2006, the Release Engineering team announced their intention to re-start the process due to a large number of important fixes in HEAD that should make it into the 4.0 release.

The new netbsd-4 branch was then cut and the start of the 4.0 release process announced on December 3rd, 2006 and NetBSD 4.0 should be released in early 2007.

The upcoming NetBSD 4.0 release will have numerous improvements and additions, such as the new tmpfs and UDF file systems, new ieee1394 framework (from FreeBSD), Common Address Redundancy Protocol (from OpenBSD), update to GCC 4.1.1, enhanced Bluetooth support, added mprotect(2) restrictions to enforce W^X policies, and kernel authorization (kauth). See the Significant changes from NetBSD 3.0 to 4.0 webpage for more changes and details.


pkgsrc

pkgsrcCon 2006 [20060507]

The third pkgsrc conference, a technical conference for people working on the NetBSD Packages Collection (pkgsrc), focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure, was held to great success from May 5-7, 2006 in Paris, France. Universite Paris 7. Most of the presentations given are now also available online http://www.pkgsrccon.org/2006/presentations.html.

pkgsrc-2006Q2, pkgsrc-2006Q3 and pkgsrc-2006Q4 released [20070104]

As is to be expected of quarterly releases (unlike "quarterly" status reports), the pkgsrc team released the following three branches of the NetBSD Packages Collection in the last 9 months:

  • The pkgsrc-2006Q2 branch included 6110 packages in total, with notable updates including: gnome-2.14, kde-3.5.3, opera-9.0, perl-5.8.8, postgresql-8.1.4, thunderbird-1.5.0.4, split the openldap package into constituent parts, reorganised the webmin packages and plugins, revamped most of the pkgsrc infrastructure to make it much more efficient and maintainable, the addition of some pertinent bright, shiny packages such as seamonkey, pgadmin3, ggrab, jack, mpeg4ip, jamvm, uucp, cherokee, sgb, javacc, spl, slony1, dtach and a considerable number of fixes for much better DragonFly BSD operation, which will also benefit a lot of pkgsrc platforms, with thanks to Joerg Sonnenberger.
  • The pkgsrc-2006Q3 branch included 6229 packages in total, with notable updates including: gnome-2.16, kde-3.5.4, opera-9.02, postgresql-8.1.4 seamonkey-1.0.5, firefox-1.5.0.7, thunderbird-1.5.0.7, zope-3.2.0, ruby-1.8.5, wireshark-0.99.3, deprecated mozilla in favour of seamonkey, the SuSE 9.x packages for Linux emulation have been superceded by SuSE 10 ones; we also say goodbye to some other old favourites like the separate XFree86 packages, and teTeX 2; the addition of some pertinent bright, shiny packages such as postgresql81-postgis, mping, libgpod, httping, cogito, scmgit, xmms-osx, amaroc, lush, mp3cut, powerdns, zphoto, imapsync, kismet and xenkernel30.
  • The pkgsrc-2006Q4 branch included 6408 packages in total, with notable updates including: gnome-2.16.1, kde-3.5.5, opera-9.10, postgresql-8.2.0, seamonkey-1.0.7, firefox-2.0.0.1, thunderbird-1.5.0.9, zope-3.3.0, ruby-1.8.5.20061205, wireshark-0.99.4, apache-2.2.3; modular X11 packages have been added, although they should be considered "work in progress"; the ghostscript packages have been reworked to bring them up to date; the addition of some pertinent bright, shiny packages such as arena, squirm, swatch, fann, checkperms, pam-radius, rails, kenigma, ncursesw, etrace, xentools30-hvm, wpa_gui, memtestplus, firefox2, xmorph, ap-modsecurity2, opencv, fwbuilder21, pciids, gnupg2, g95, epdfview, i810switch, gnash, kaffeine, and DarwinStreamingServer.


Ports

Due to the large number of supported platforms, this status report will only point out the very significant changes to some of the ports. For a full list of port-specific changes, please refer to http://www.NetBSD.org/changes/changes-3.0.html#port_specific and http://www.NetBSD.org/changes/changes-3.1.html#port_specific.

acorn26: standard ARM bus space implementation [20061001]

Ben Harris committed a change to move over to using the standard ARM bus_space implementation on acorn26. This is more flexible than the old acorn26 bus_space, which means that single read/write operations are slower, but multi and region operations have the potential to be faster, and particularly insane podules might be supportable. See http://mail-index.NetBSD.org/source-changes/2006/09/30/0044.html.

acorn26: new driver sec(4) for the Acorn SCSI Expansion Card [20061001]

Ben Harris committed a new driver sec(4) for the Acorn SCSI Expansion. Unlike asc(4), this driver uses the board's DMA system, uses the machine-independent WD33C93 driver, works on NetBSD/acorn26, and doesn't share a name with six other machine-dependent SCSI drivers. Not tested on acorn32, but it seems to work tolerably well on an A540. http://mail-index.NetBSD.org/source-changes/2006/10/01/0019.html.

evbarm: NetBSD ported to I-O DATA HDL-G Giga LANDISK [20060420]

NONAKA Kimihiro introduced a NetBSD port to HDL-G400U (also in japanese) device, a 400GB model of the network HDD products from I-O DATA DEVICE, Inc. See http://mail-index.NetBSD.org/source-changes/2006/04/16/0006.html and http://www.iodata.com/products/products.php?cat=HNP&sc=HDL&ts=2&tsc=14&sc=HDL&pId=HDL-G400U.

evbmips: WLAN and AR2315 support [20060925]

Garrett D'Amore added support for Atheros AR2315 and AR2316 based devices (specifically the Meraki Mini). The AR5312 port (AP30) now fully supports both WLAN devices.

evbppc: ported to Xilinx Virtex

Jachym Holecek has ported NetBSD/evbppc to the ibm405 core embedded in Xilinx Virtex {2-Pro, 4 FX} series FPGAs. See his email to the port-powerpc mailing list.

hp700: boot-from-disk fixed [20061030]

The boot-from-disk memory corruption bug has been found and fixed in -current. Installing to and booting from disk is now reliable.

i386: XBox support in the works [20061213]

In December, Andrew Gillham sent a status report with request for help to the port-i386 mailing list regarding the port to Microsoft's XBox. Since then, he has worked with Jared McNeill and XBox support will likely be available in NetBSD-current soon.

macppc: PowerMac G5/IBM 970 support [20060805]

Sanjay Lal has imported first code to support PowerMac G5/IBM 970 PowerPC CPU. See Sanjay's first message about the working code in http://mail-index.NetBSD.org/port-macppc/2006/06/07/0000.html.

macppc: improved support for older PowerBooks [20060919]

Michael Lorenz added code to allow PowerBook 3400c and similar machines to use onboard Ethernet, use an accelerated console (with chipsfb) and to run XFree86 (various fixes in XFree's chips driver). See http://mail-index.NetBSD.org/port-macppc/2006/09/19/0002.html.

macppc: console drivers and timecounters

Michael Lorenz added code to allow macppc to use accelerated console drivers and to use timecounters.

IBM 7025-F30 and Motorola Powerstack E1 Support [20060426]

Support for the IBM RS/6000 7025 model F30 and the Motorola Powerstack E1 have been added to the prep port.

prep: IBM 7025-F40 Support [20060907]

Support for the IBM RS/6000 7025 model F40 has been added to the prep port. See http://mail-index.NetBSD.org/port-prep/2006/09/06/0000.html.

shark: framebuffer console and XFree86 [20061221]

Michael Lorenz added code to allow the NetBSD/shark port to use igsfb for an accelerated high-resolution console (http://mail-index.NetBSD.org/port-arm/2006/12/04/0000.html) and to build XFree86 so the wsfb driver can be used on top of igsfb (http://mail-index.NetBSD.org/port-arm/2006/12/05/0006.html and http://mail-index.NetBSD.org/port-arm/2006/12/21/0000.html).

sgimips: Multiple Bug Fixes / Features Added [20061230]

Multiple bug fixes and feature additions were made to the sgimips port over the holidays, including: support for E++ GIO Ethernet adapters, Set Engineering GIO Fast Ethernet cards, Indigo Light (LG1/LG2) framebuffers, and timecounters on IP12. Bug fixes primarily centred around the IP12 port. Most changes are in -current and unlikely to make the NetBSD 4.0 release.

sparc: NetBSD running on JavaStation Espresso [20060703]

Julian Coleman reported that together with Valeriy E. Ushakov he was able to make NetBSD boot in single-user mode on a JavaStation Espresso. See http://mail-index.NetBSD.org/port-sparc/2006/07/03/0001.html.

xen: NetBSD as Domain0 for Xen3 [20060703]

Manuel Bouyer announced in a message to the port-xen mailing list that NetBSD is finally usable as a Domain0 with version 3 of the Xen virtual machine monitor.

xen: New port maintainer [20060704]

After Manuel Bouyer had already taken over most of the tasks of a port maintainer, due to Christian Limpach's lack of time, he is now the official maintainer of NetBSD/xen.

xen: update to 3.0.3 and HVM support [20061020]

Manuel Bouyer announced in a message to the port-xen mailing list that the xentools30 and xenkernel30 packages have been updated to the just-released Xen-3.0.3. A new package, xentools30-hvm, has been committed to pkgsrc-current. It provides the additional tools needed to run unmodified guests under a NetBSD domain0, using Intel VT-x or AMD VMX virtualisation extensions. NetBSD, Linux and Windows XP have been successfully booted in a Xen HVM domain.

zaurus: new port [20061119]

NONAKA Kimihiro sent this message in November 2006, explaining he had ported NetBSD to the Zaurus.


Security

Recent Security Enhancements in NetBSD [20061003]

Elad Efrat wrote an in-depth article on security enhancements in NetBSD. The full article is available at http://www.securityfocus.com/infocus/1878; some of the content in this paper was presented at EuroBSDcon in Italy, in November 2006.

Security Advisories released

In the last nine months of 2006, the following Security Advisories have been released:

  • SA2006-009: False detection of Intel hardware RNG
  • SA2006-011: IPSec replay attack
  • SA2006-012: SIOCGIFALIAS ioctl may cause system crash
  • SA2006-013: sysctl(3) local denial of service
  • SA2006-014: An audio subsystem race condition may crash the system
  • SA2006-015: FPU Information leak on i386/amd64/Xen platforms with AMD CPUs
  • SA2006-016: IPv6 socket options can crash the system
  • SA2006-017: Sendmail malformed multipart MIME messages
  • SA2006-018: sail(6), dm(8) and tetris(6) buffer overflows
  • SA2006-019: Malicious PPP options can overrun a kernel buffer
  • SA2006-020: Integer overflows in PCF font parsers
  • SA2006-021: Integer overflows in CID-keyed font parser
  • SA2006-022: BIND recursive query and SIG query processing
  • SA2006-023: OpenSSL RSA Signature Forgery
  • SA2006-024: systrace(4) integer overflow
  • SA2006-025: Multiple information/memory leakage issues
  • SA2006-026: Multiple denial of service issues
  • SA2006-027: libc glob(3) buffer overflow

Please check the Security Advisories page for full details of all advisories.


Technical

kauth(9) merged [200601515]

Elad Efrat has merged his kauth(9) work (see http://www.NetBSD.org/foundation/reports/2006Q1.html#kauth) in May of 2006. Following this, he has submitted a proposal regarding dividing securelevel implications to kauth(9) scopes (http://mail-index.NetBSD.org/tech-security/2006/05/15/0000.html) and regarding upcoming security model abstraction (http://mail-index.NetBSD.org/tech-security/2006/08/25/0000.html).

sendmail removed [20060530]

After a fair amount of discussions, sendmail was removed from the NetBSD source tree on May 30th, 2006, in part due to its security track record. Postfix remains as the default SMTP server in the NetBSD base system. Sendmail will continue to be available from pkgsrc.

Timecounters [20060608]

Simon Burge and Frank Kardel imported the timecounter framework from FreeBSD into the -current. Subsequently a great number of ports have been timercounterized (see http://www.NetBSD.org/developers/features/ for a detailed status). Timecounters will replace the previously machine dependent microtime implementations.

The benefits of the timecounter implemention are:

  • true sub microsecond time resolution as hardware permits
  • improved NTP support (NTP API 4)
  • simplified machine dependent clock implementation
  • multiple, selectable clock sources

After importing timecounters some long standing time keeping issues were solved. SC1100 based systems where finally able to keep time. Also busy multiprocessor servers where relieved from the clock slowdown problem.

Further reading:

Bluetooth Support [20060729]

Iain Hibbert, who did most of the work on getting Bluetooth support into NetBSD also wrote a HowTo for getting started with Bluetooth on NetBSD.

GRE in UDP tunnels [20060831]

David Young added mode to gre(4) that sends GRE tunnel packets in UDP datagrams. In UDP mode, gre(4) puts a GRE header onto transmitted packets, and hands them to a UDP socket for transmission. That is, the encapsulation looks like this: IP+UDP+GRE+encapsulated packet.

There are two ways to set up a UDP tunnel. One way is to tell the source and destination IP+port to gre(4), and let gre(4) create the socket. The other way to create a UDP tunnel is for userland to "delegate" a UDP socket to the kernel.

puffs -- pass-to-userspace framework file system [20061022]

puffs (pass-to-userspace framework file system) is a framework for building file systems in userspace. It consists of a kernel VFS attachment and a user level framework library, libpuffs. The goal is to push as much of the implementation work as possible into the generic library to make especially file system prototyping an easy task. puffs was developed by Antti Kantee as part of the 2005 Summer of Code; it was first imported into NetBSD's source tree by Antti in October 2006 and has since since a lot of active development.

The library does not force threading on the programmer and provides a continuation framework for file systems with high latency backends. An example of this is psshfs, the puffs ssh file system (mount_psshfs(8), will appear in NetBSD 5.0), which can execute multiple operations "concurrently" from a single thread.

Another interesting feature is tightly integrated layering support, which eventually should enable runtime layerable file systems to be constructed. Currently simple layering features are supported, such as null mounting (similar to the kernel mount_null(8)) a file system hierarchy to another location processed through rot13. An example would be to browse the sysctl tree with the puffs sysctlfs mounted through rot13fs.

EtherIP driver [20061101]

Hans 'woodstock' Rosenfeld has reworked the current EtherIP driver for NetBSD 4.0 based on tap(4) and gif(4), citing from the manpage: ``The etherip interface is a tunneling pseudo device for ethernet frames. It can tunnel ethernet traffic over IPv4 and IPv6 using the EtherIP protocol specified in RFC 3378.

The only difference between an etherip interface and a real ethernet interface is that there is an IP tunnel instead of a wire. Therefore, to use etherip the administrator must first create the interface and then configure protocol and addresses used for the outer header. This can be done by using ifconfig(8) create and tunnel subcommands, or SIOCIFCREATE and SIOCSLIFPHYADDR ioctls.''

See Hans's posting to tech-net for more details and a link to the code: http://mail-index.NetBSD.org/tech-net/2006/10/31/0002.html

Source Address Selection Policy [20061113]

David Young added a source-address selection policy mechanism to the kernel, as well as ioctls SIOCGIFADDRPREF/SIOCSIFADDRPREF to get/set preference numbers for addresses.

To activate source-address selection policies in your kernel, add 'options IPSELSRC' to your kernel configuration.

See in_getifa(9) for a more thorough description of source-address selection policy.

postfix updated to 2.3.5. [20061221]

Rui Paulo updated postfix to version 2.3.5. This version has been pulled up into the netbsd-3 and netbsd-4 branches.


Back to  the NetBSD Foundation Inc. page