Announcing NetBSD 5.0.2

Introduction

The NetBSD Project is pleased to announce that version 5.0.2 of the NetBSD operating system is now available. NetBSD 5.0.2 is the second critical/security update of the NetBSD 5.0 release branch. It represents a selected subset of fixes deemed critical for security or stability reasons.

Please note that all fixes in critical/security updates (i.e., NetBSD 5.0.1, 5.0.2, etc.) are cumulative, so the latest update contains all such fixes since the corresponding minor release. These fixes will also appear in future minor releases (i.e., NetBSD 5.1, 5.2, etc.), together with other less-critical fixes and feature enhancements.

Your generous donations during the 2007 fund drive allowed us to sponsor much of NetBSD 5.0's development in the areas of SMP performance and scalability. See below to find out how you can help us repeat this success.

Complete source and binaries for NetBSD 5.0.2 are available for download at many sites around the world. A list of download sites providing FTP, HTTP, AnonCVS, SUP, and other services may be found at http://www.NetBSD.org/mirrors/. We encourage users who wish to install via ISO images to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of hashes for the NetBSD 5.0.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: http://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-5.0.2_hashes.asc

NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More information on NetBSD is available from our website:

Fund Drive

Your donation to the NetBSD Foundation allows the project to make major improvements to the code base. We are in the middle of a fund drive with a target of 60,000 USD and would like to continue funded development in various areas, including:

  • Improving network stack concurrency and performance.
  • Development of modern file systems and improvement of existing ones.
  • Features which are useful in embedded environments, for example, high resolution timers and execute in place (XIP) support.
  • Automatic testing and quality assurance.
For more information about donating, visit http://www.NetBSD.org/donations/

Changes Between 5.0.1 and 5.0.2

The complete list of changes can be found in the CHANGES-5.0.2 file in the top level directory of the NetBSD 5.0.2 release tree. An abbreviated list is as follows:

Security Advisory Fixes

Note: Advisories prior to NetBSD-SA2010-002 do not affect NetBSD 5.0.1.

Other Security Fixes

  • openssl: Fix CVE-2009-4355.
  • Update BIND server and tools to 9.5.2-P2, fixing CVE-2009-0025, CVE-2009-4022, and CVE-2010-0097.
  • ntpd(8): Fix CVE-2009-3563.
  • expat: Fix SA36425 and CVE-2009-3560.
  • fts(3): Avoid possible integer overflow on really deep dirs, and subsequent collateral damage. Received from OpenBSD via US-CERT as VU #590371.
  • Fix a couple issues with POSIX message queues:
    • An invalid signal number passed to mq_notify() could crash the kernel on delivery -- add a boundary check.
    • A user could set mq_maxmsg (the maximal number of messages in a queue) to a huge value on mq_open(O_CREAT) and later use up all kernel memory by mq_send() -- add a sysctl'able limit which defaults to 16*mq_def_maxmsg.
  • arc4random(3): Keep arc4_i and arc4_j synchronised after a rekeying. This prevents accidentally ending up in a short ARC4 cycle.

Kernel

  • Fix a UFS quota crash.
  • Fix a case where setpriority(2) returned EACCES instead of EPERM. PR 41489.
  • Fix panic when calling ioctl(RNDADDDATA) on /dev/random.
  • Fix a memory leak that could occur when using clone(2).
  • Fix an issue where a softint could fire on the wrong CPU.
  • sigtimedwait(2): Fix a memory leak. PR 40750.

Networking

  • IPv6: Clear cksum flags before any further processing, like ip_forward does. Many drivers set the UDP/TCP v4 flags even for v6 traffic and if the packet is encapsulated with gif, the IPv6 header would get corrupted by ip_output.
  • IPsec: Add a missing splx() call. PR 41701.
  • ifconfig(8): Fix the -vlanif and -carpdev keywords.
  • Update dhcpcd(8) to 4.0.14.

Drivers

  • twa(4): Disable completely bogus DIAGNOSTIC check.
  • mfi(4): Fix a couple crashes.
  • pad(4): Catch up to audio(4) device_t/softc split.

Platform specific

  • x86 (amd64 and i386): ichlpcib(4): Fix watchdog code:
    • The timer bound constants are in tick, so convert period to tick before checking it against the bounds.
    • For ICH5 or older, fix code that would have always written a 0 period to the register.
  • amd64: Build kernel modules with -mno-red-zone to ensure kernel compatibility.
  • i386: Fix a panic while booting with an ACPI kernel on 790GX boards. PR 39671.
  • alpha: Fix some SMP issues. PRs 41106, 38335, and 42174.
  • hpcmips: Fix booting from PCMCIA on some slower machines. PRs 41791 and 41164.
  • macppc: pbms(4): Fix crash on attach, and fix aspect ratio of the trackpad on the geyser2 model.
  • sparc64: Improve disk I/O performance under heavy load.
  • vax: mfpr now works nicely on 4000/90.

Miscellaneous

  • libevent: Add -fno-strict-aliasing to work around problems with GCC 4 and strict-aliasing.
  • Update pkg_install to 20091008.
    • pkg_add(1): add support for checking license conditions before installation
    • pkg_delete(1): add -k option to skip over preserved packages.
    • WARNS=4 clean; fix some potential uses of uninitialized variables
    • Add a new command for pkg_admin(1): findbest. It takes one or more patterns and searches for the best match in PKG_PATH, just like pkg_add(1) would. It prints the URLs of the best match for each pattern to stdout.
    • Rewrite the config file parser to read the file only once.
    • Fix a bug in pkg_add(1)'s -P handling. For dependencies the pkgdb path was computed incorrectly and included destdir more than once.
    • Fix the ACTIVE_FTP option to actually set the "a" flag and not the old "p" flag.
    • Restore pkg_add -f functionality for missing dependencies. PR 42001.
    • pkg_admin rebuild should count packages correctly; also count @pkgdir.
    • Fix gpg-sign-package syntax in pkg_admin(1).
    • Change default URL for pkg-vulnerabilities to use HTTP.
    • Don't dereference a null pointer for pkg_admin add.
  • Fix unaligned access in sha2(3). PR 42273.
  • newsyslog(8): Reset ziptype on each line. Fixes a bug where log files were always compressed if they were listed after a line with the Z or J flag.
  • ld.elf_so(1): Restore backwards compatibility for binaries referencing the main Obj_Entry.
  • dkctl(8): Print the device name on addwedge when the addition was successful.
  • vfwprintf(3): If the current locale doesn't define the 'thousands' grouping info then use sane defaults (',' every 3 digits). Fixes PR 40714.
  • fsck_ext2fs(8): Ignore the "-P" option as intended. PR 41490.
  • vi(1): Fix an issue where the pattern /\$/ doesn't match a dollar sign. PR 41781.
  • printf(1): Avoid segv on "printf '%*********s' 666".
  • newfs_msdos(8): Make fs size detection get proper size rather than disk size. Without this, newfs_msdos assumes the target fs size is whole disk size, so newfs_msdos will fail or create wrong fs.
  • Prevent makefs(8) from creating invalid ISO format on rockridge support which causes fatal errors in ARC BIOS firmware on MIPS Magnum R4000. PR 42410.
  • Renamed a number of internal getline() functions to get_line() so as to compile under -current.
  • Various documentation fixes.
  • Update and add some TNF ssh keys to /etc/ssh/ssh_known_hosts.

Known Problems

Using block device nodes (e.g., wd0a) directly for I/O may cause a kernel crash when the file system containing /dev is FFS and is mounted with -o log. Workaround: use raw disk devices (e.g., rwd0a), or remount the file system without -o log.

Occasionally, gdb may cause a process that is being debugged to hang when "single stepped". Workaround: kill and restart the affected process.

gdb cannot debug running threaded programs correctly. Workaround: generate a core file from the program using gcore(1) and pass the core to gdb, instead of debugging the running program.

Statically linked binaries using pthreads are currently broken.

NetBSD mirror sites

Please use a mirror site close to you.

System families supported by NetBSD 5.0.2

The NetBSD 5.0.2 release provides supported binary distributions for the following systems:

NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems
NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500
NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards
NetBSD/alpha Digital/Compaq Alpha (64-bit)
NetBSD/amd64 AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension
NetBSD/amiga Commodore Amiga and MacroSystem DraCo
NetBSD/arc MIPS-based machines following the Advanced RISC Computing spec
NetBSD/atari Atari TT030, Falcon, Hades
NetBSD/bebox Be Inc's BeBox
NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285 evaluation boards
NetBSD/cesfic CES FIC8234 VME processor board
NetBSD/cobalt Cobalt Networks' MIPS-based Microservers
NetBSD/dreamcast Sega Dreamcast game console
NetBSD/evbarm Various ARM-based evaluation boards and appliances
NetBSD/evbmips Various MIPS-based evaluation boards and appliances
NetBSD/evbppc Various PowerPC-based evaluation boards and appliances
NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances
NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation
NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series
NetBSD/hppa Hewlett-Packard 9000 Series 700 workstations
NetBSD/hpcarm StrongARM based Windows CE PDA machines
NetBSD/hpcmips MIPS-based Windows CE PDA machines
NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines
NetBSD/i386 IBM PCs and PC clones with i486-family processors and up
NetBSD/ibmnws IBM Network Station 1000
NetBSD/iyonix Castle Technology's Iyonix ARM based PCs
NetBSD/landisk SH4 processor based NAS appliances
NetBSD/luna68k OMRON Tateisi Electric's LUNA series
NetBSD/mac68k Apple Macintosh with Motorola 68k CPU
NetBSD/macppc Apple PowerPC-based Macintosh and clones
NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and servers
NetBSD/mmeye Brains mmEye multimedia server
NetBSD/mvme68k Motorola MVME 68k Single Board Computers
NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers
NetBSD/netwinder StrongARM based NetWinder machines
NetBSD/news68k Sony's 68k-based NET WORK STATION series
NetBSD/newsmips Sony's MIPS-based NET WORK STATION series
NetBSD/next68k NeXT 68k black hardware
NetBSD/ofppc OpenFirmware PowerPC machines
NetBSD/pmax Digital MIPS-based DECstations and DECsystems
NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines
NetBSD/sandpoint Motorola Sandpoint reference platform
NetBSD/sbmips Broadcom SiByte evaluation boards
NetBSD/sgimips Silicon Graphics' MIPS-based workstations
NetBSD/shark Digital DNARD (shark)
NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode)
NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode)
NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010 CPU
NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines
NetBSD/vax Digital VAX
NetBSD/x68k Sharp X680x0 series
NetBSD/xen The Xen virtual machine monitor
NetBSD/zaurus Sharp ARM PDAs

Ports available in source form only for this release include the following:

NetBSD/amigappc PowerPC-based Amiga boards
NetBSD/ia64 Itanium family of processors
NetBSD/playstation2 SONY PlayStation2
NetBSD/rs6000 IBM RS/6000 MCA-based PowerPC machines.

Acknowledgments

The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at:

We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Systems Consortium Inc., the Network Security Lab at Columbia University's Computer Science Department, and Ludd (Luleå Academic Computer Society) computer society at Luleå University of Technology for current colocation services.

About NetBSD

NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent for use in both production and research environments, and the source code is freely available under a business-friendly license. NetBSD is developed and supported by a large and vivid international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection.

About the NetBSD Foundation

The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers.

As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome assistance with ongoing upgrades and maintenance, as well as with operating expenses for The NetBSD Foundation.

Donations can be done via PayPal to and are fully tax-deductible in the US. If you would prefer not to use PayPal, or would like to make other arrangements, please contact .


Back to  NetBSD 5.x formal releases