Date: 07/24/2006 19:02:26 From: Matthias Scheler To: netbsd-announce@NetBSD.org Subject: Announcing the release of NetBSD 3.0.1 Announcing NetBSD 3.0.1 About the NetBSD 3.0.1 Release The NetBSD Project is pleased to announce that update 3.0.1 of the NetBSD operating system is now available. NetBSD 3.0.1 is the first security/critical update of the NetBSD 3.0 release branch. This represents a selected subset of fixes deemed critical in nature for stability or security reasons, no new features have been added. NetBSD 3.0.1 runs on 57 different system architectures featuring 17 machine architectures across 17 distinct CPU families, and is being ported to more. The NetBSD 3.0.1 release contains complete binary releases for 53 different machine types, with the platforms amigappc, bebox, pc532 and playstation2 released in source form only. Complete source and binaries for NetBSD 3.0.1 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services is provided at the end of this announcement; the latest list of available download sites may also be found at http://www.NetBSD.org/mirrors/. We encourage users who wish to install via a CD-ROM ISO image to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of checksums for the NetBSD 3.0.1 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-3.0.1_hashes .asc Please note that all fixes in security/critical updates (ie, NetBSD 3.0.1, 3.0.2, etc) are cumulative, so the latest update contains all such fixes since the corresponding minor release. These fixes will also appear in future minor releases (ie, NetBSD 3.1, 3.2, etc), together with other less-critical fixes and feature enhancements. Dedication The NetBSD Foundation would like to dedicate the NetBSD 3.0.1 release to the memory of Richard Rauch, who died in March 2006 from injuries he suffered during a traffic accident caused by no fault of his own. Richard was an active NetBSD user who contributed a great deal to improving the quality of the NetBSD operating system through bug reports and patches. His death came as a shock, and he will be greatly missed by all of us. May he rest in peace. Major Changes Between 3.0 and 3.0.1 The complete list of changes can be found in the CHANGES-3.0.1 file in the top level directory of the NetBSD 3.0.1 release tree. A shortened list is as follows: Kernel * Hold kernel_lock while calling systrace_exit(). * In systrace_make_msg(), sleep uninterruptibly while waiting for the response from the systrace daemon, so that the message protocol between the kernel and the daemon doesn't get out of sync. * RAIDframe: mark used spares as failed if they encounter IO errors. * wdc(4): after a reset don't wait for drives to come ready if there are no drives (fixes a 30s hang after resume). * Fix support in wdc(4) for 1 and 2TB disks. * Fix a bug in the pf(4) fragment cache which could cause kernel panics (SA2006-004). * Fix a crash caused by azalia(4) when a connection list has invalid NIDs. * aic(4): work around an rbus resource allocation problem so cards work again. * RAIDframe was erroneously re-initializing the Parity Stripe Status pool each time a new array was configured. This causes grief with things like 'vmstat -m' by causing it to loop. Make RAIDframe only initialize PSS bits once. * twe(4): fix a memory leak in the TWEIO_GET_PARAM ioctl. * Prevent system crashes caused by malformed ELF interpreters (SA2006-008). * usb(4): Allow a NULL pointer as argument to usb_get_next_event(), and don't allocate a "struct usb_event" on stack in usb_add_event(). * Check the "oldlen" argument to sysctl(2) before passing it to uvm_vslock(9). This prevents a local DOS (SA2006-013). * Use a pmatch(9) expression which should catch all present and future seagate drives larger than 200GB for the WD_QUIRK_FORCE_LBA48 quirks. * Fix the 'audioctl of death' problem (SA2006-014). * Limit the size of any kernel buffers allocated by the VOP_READDIR routines to MAXBSIZE. Networking * Make sure all bridge(4) structs are initialized to 0. * Fix a memory disclosure in bridge(4) (SA2006-005). * Use sigaction(2) to setup automatic disposal of child processes after daemonizing rpc.statd(8). This is more portable and avoids zombie rpc.statd(8) processes after an NFS client running e.g. Mac OS X shuts down. * Prevent system crash when attempting to gather information about a non-existing alias of a network interface via the SIOCGIFALIAS ioctl (SA2006-012). * Fix a panic caused by insufficient validation when parsing IPv6 socket options (SA2006-016). File system * Change union_unmount() to not play with the fs root vnode explicitly. Let it get recycled along with all of the others. This is important as if the root vnode has already been reclaimed, then we get a panic when we try to vget it. Libraries * xdr_rec.c missing a bugfix for an improper security check. The correct way to check for a zero record length is to check for it without the LAST_FRAG marker in it, since it's legal to send a LAST_FRAG marker with 0 bytes of data. * pam_nologin(8): use the class of the user, not then default class, when checking for nologin and ignorelogin login.conf(5) capabilities. * pam_unix(8): fix an uninitialized variable, and remove some unreachable code. * Make PAM work on NetBSD ports without shared library support. * Make password aging work again. * Fix a bug in signal handling which could e.g get the MySQL daemon stuck in a tight loop after receiving a HUP signal. Security * Improve rnd(4) code probing for the Intel hardware RNG to avoid false detections (SA2006-009). * mail(1) creates record file with insecure umask (SA2006-007). * Fix a remote code execution vulnerability in sendmail (SA2006-010). * A vulnerability was found in the fast_ipsec(4) stack that renders the IPSec anti-replay service ineffective under certain circumstances (SA2006-011). * Fix a number of small security problems with the games. * Fix an FPU Information leak on i386/amd64/Xen platforms with AMD CPUs (SA2006-015). * Fix several integer overflows and NULL-pointer dereferences in freetype2. * Fix a denial of service vulnerability in sendmail when handling malformed multipart MIME messages (SA2006-017). Miscellaneous * Sync the Nvidia drivers with XFree86's sources as of December 24th, 2005. These changes fix lots of problems (i.e. freezes) with the latest cards (such as a GeForce 6600GT). * Give systrace its own version of realpath() that does what it wants, call it intercept_realpath(). Unbreaks systrace. * login(1), pam_securetty(8): don't issue a different message for root login on an insecure terminal. * Fix some unpaired sigblocks which possibly leave a process with all signals blocked (esp. apparent under Gnome). * Fix a NULL pointer dereference in ftp(1). * Make sh(1) expand "$@" correctly again. acorn26 specific * Avoid panics under NetBSD/acorn26 whenever a process exits. * Stop NetBSD/acorn26 from allocating eight times as much pool memory as it needs, leading to a rapid exhaustion of physical memory. NetBSD/acorn26 now boots multi-user again. amiga specific * Installer: don't ask for the root device before the user had a chance to identify how it's called under NetBSD. hp300 specific * Fix the bootloader so it doesn't print garbage to the bitmap console. * Fix a huge number of pkgsrc build problems. * Fix boot failure problem on HP400t with fb console. * Fix a problem with the probe of SCSI disks in the installer. i386 specific * Update pciide at pnpbios to work with the last changes to wdc(4), especially the deferral of drive probe. m68k specific * Fix a huge number of pkgsrc build problems. mips specific * Avoid kernel panics caused by binaries compiled with "-mips2" or better. * Update FPE trapsignal functions for new siginfo. powerpc specific * Avoid pthreads program crashes. sparc specific * For GCC3 and later, use the __builtin_va* constructs. Avoids a build problem with Firefox. xen specific * Avoid dom0 kernel crash when destroying a domain with active I/O going. * Fix the FPU problems detected by paranoia on a NetBSD/Xen guest. * Check the destination ethernet address when not in promiscuous mode. Fix a problem where packets would be duplicated, possibly looping, when a domU is doing IP routing. * Avoid panics under high system load. Please note that at the moment, sysinst will not assist you in installing pre-built third-party binary packages or the pkgsrc system itself. See the NetBSD packages collection documentation: http://www.NetBSD.org/Documentation/pkgsrc/ About NetBSD NetBSD is a free, secure and highly portable UNIX-like Open Source operating system available for many platforms, from 64-bit Opteron machines and desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent in both production and research environments, and it is user-supported with complete source. In addition to its highly portable high performance kernel, NetBSD features a complete set of user utilities, compilers for several languages, the X Window System, firewall software and numerous other tools, all accompanied by full source code. The NetBSD Packages Collection, pkgsrc, contains over 5,700 packages. Binary package releases for a number of platforms are currently in progress. NetBSD descended from the Berkeley Networking Release 2 (Net/2), 4.4BSD-Lite, and 4.4BSD-Lite2, and is the work of a diverse group of people spread around the world. The "Net" in our name is a tribute to the Internet, which enables us to communicate and share code, and without which the project would not exist. More information on the goals of the NetBSD Project can be procured from the NetBSD website at: http://www.NetBSD.org/Goals/ NetBSD is freely available, all of the code is under non-restrictive licenses and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website, commercial support is available from a variety of sources; some are listed at: http://www.NetBSD.org/gallery/consultants.html More extensive information on NetBSD is available from the NetBSD website: http://www.NetBSD.org/ System families supported by NetBSD 3.0.1 The NetBSD 3.0.1 release provides supported binary distributions for the following systems: NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500 NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards NetBSD/alpha Digital/Compaq Alpha (64-bit) NetBSD/amd64 Computers with x86_64 capable CPUs NetBSD/amiga Commodore Amiga, MacroSystem DraCo NetBSD/arc MIPS-based machines following the Advanced RISC Computing spec NetBSD/atari Atari TT030, Falcon, Hades NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285 evaluation boards NetBSD/cesfic CES FIC8234 VME processor board NetBSD/cobalt Cobalt Networks' MIPS-based Microservers NetBSD/dreamcast Sega Dreamcast game console NetBSD/evbarm ARM evaluation boards NetBSD/evbmips MIPS-based evaluation boards NetBSD/evbppc Evaluation boards and appliances with PowerPC CPUs NetBSD/evbsh3 Evaluation boards with Hitachi Super-H SH3 and SH4 CPUs NetBSD/evbsh5 Evaluation boards with Hitachi Super-H SH5 CPUs NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series NetBSD/hp700 Hewlett-Packard 9000 Series 700 workstations NetBSD/hpcarm StrongARM based Windows CE PDA machines NetBSD/hpcmips MIPS-based Windows CE PDA machines NetBSD/hpcsh Hitachi SH3/4 based Windows CE PDA machines NetBSD/i386 80x86-based IBM PCs and clones NetBSD/ibmnws IBM Network Station 1000 NetBSD/iyonix Castle Technology's Iyonix ARM based PCs NetBSD/luna68k OMRON Tateisi Electric's LUNA series NetBSD/mac68k Apple Macintosh with 68k CPU NetBSD/macppc Apple Power Macintosh and clones NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and servers NetBSD/mmeye Brains mmEye multimedia server NetBSD/mvme68k Motorola MVME 68k SBCs NetBSD/mvmeppc Motorola PowerPC VME SBCs NetBSD/netwinder StrongARM based NetWinder machines NetBSD/news68k Sony's 68k-based "NET WORK STATION" series NetBSD/newsmips Sony's MIPS-based "NET WORK STATION" series NetBSD/next68k NeXT 68k "black" hardware NetBSD/ofppc OpenFirmware PowerPC machines NetBSD/pmax Digital MIPS-based DECstations and DECsystems NetBSD/pmppc Artesyn's PM/PPC board NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines NetBSD/sandpoint Motorola Sandpoint reference platform NetBSD/sbmips Broadcom SiByte evaluation boards NetBSD/sgimips Silicon Graphics' MIPS-based workstations NetBSD/shark Digital DNARD ("shark") NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode) NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode) NetBSD/sun2 Sun 2 NetBSD/sun3 Sun 3 and 3x NetBSD/vax Digital VAX NetBSD/x68k Sharp X680x0 series Ports available in source form only for this release include the following: NetBSD/amigappc PowerPC-based Amiga boards NetBSD/bebox Be Inc's BeBox NetBSD/pc532 The NS32532-based PC532 computer NetBSD/playstation2 SONY PlayStation 2 Acknowledgments The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at: http://www.NetBSD.org/People/ We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Systems Consortium Inc., Columbia University and Ludd (Lule=E5 Academic Computer Society) computer society at Lule=E5 University of Technology for current colocation services. About the NetBSD Foundation The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers. As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome assistance with ongoing upgrades and maintenance, as well as with operating expenses for The NetBSD Foundation. Donations can be done via PayPal to and are fully tax-deductible in the US. If you would prefer not to use PayPal, or would like to make other arrangements, please contact . NetBSD mirror sites Please use a mirror site close to you. * FTP - http://www.NetBSD.org/mirrors/#ftp * ISO images - http://www.NetBSD.org/mirrors/#iso * Anonymous CVS - http://www.NetBSD.org/mirrors/#anoncvs * BitTorrent - http://www.NetBSD.org/mirrors/#bittorrent * SUP - http://www.netbsd.org/mirrors/#sup * CVSup - http://www.NetBSD.org/mirrors/#cvsup * rsync - http://www.netbsd.org/mirrors/#rsync * AFS - http://www.netbsd.org/mirrors/#afs * NFS - http://www.netbsd.org/mirrors/#nfs Please also note our list of CD-ROM vendors. http://www.NetBSD.org/Sites/cdroms.html