Sunday, June 18, 2017

NetBSD 7.1 released (March 11, 2017)

NetBSD 7.1 released (March 11, 2017)

Introduction

The NetBSD Project is pleased to announce NetBSD 7.1, the first feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.
Some highlights of the 7.1 release are:
  • Support for Raspberry Pi Zero.
  • Initial DRM/KMS support for NVIDIA graphics cards via nouveau (Disabled by default. Uncomment nouveau and nouveaufb in your kernel config to test).
  • The addition of vioscsi, a driver for the Google Compute Engine disk.
  • Linux compatibility improvements, allowing, e.g., the use of Adobe Flash Player 24.
  • wm(4):
    • C2000 KX and 2.5G support.
    • Wake On Lan support.
    • 82575 and newer SERDES based systems now work.
  • ODROID-C1 Ethernet now works.
  • Numerous bug fixes and stability improvements.
Complete source and binaries for NetBSD 7.1 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found athttp://www.NetBSD.org/mirrors/. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.1 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: http://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.1_hashes.asc
NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:

Changes Between 7.0.2 and 7.1

Below is an abbreviated list of changes in this release. Note that all of the changes found in NetBSD 7.0.1 and NetBSD 7.0.2 are present in this release. The complete list of changes can be found in the CHANGES-7.1 file in the top level directory of the NetBSD 7.1 release tree.

Security Advisory Fixes

The following security advisories were fixed:
Note: Advisories prior to NetBSD-SA2017-001 do not affect NetBSD 7.0.2.

Other Security Fixes

  • BIND: Update to 9.10.4-P6, fixing CVE-2017-3135.
  • expat: Update to 2.2.0, fixing CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, and CVE-2012-6702.
  • ISC DHCP: Fix CVE-2015-8605.
  • libICE: Fix CVE-2017-2626.
  • OpenSSL: Fix CVE-2016-7056 and CVE-2017-3731.
  • tcpdump: Update to 4.9.0, fixing CVE-2014-8767, CVE-2014-8768, CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486.
  • xorg-server: Fix CVE-2017-2624.

General kernel

  • Add net.inet.arp.log_unknown_network sysctl(7) to selectively log ARP packets from non-local networks.
  • Allow binding to detached IPv6 addresss. PR 51435.
  • carp(4): Fix an issue in mixed IPv4/IPv6 environments where a carp interface tries to get MASTER status even though the master is still advertising.
  • compat_linux(8): Fully support sched_setaffinity and sched_getaffinity, fixing, e.g., the Intel Math Kernel Library. PR 50021.
  • compat_netbsd32(8): Add support for nfssvc(2).
  • DTrace:
    • Avoid redefined symbol errors when loading the module.
    • Fix module autoload.
  • In kernel configuration files, it is now possible to specify a wedge name (e.g., "wedge:NAME") as a root device.
  • IPFilter:
    • Fix matching of ICMP queries when NAT'd through IPF.
    • Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
  • ipsec(4): Fix NAT-T issue with NetBSD being the host behind NAT.
  • NFS: Fix soft force unmount.
  • npf(7): Handle delayed checksums for IPv6.
  • procfs: Maps don't change that frequently between reads, so allow reading from an offset. Notably, this makes the Linux Flash player 24 work.
  • SACK: Fix issue that resulted in, e.g., dropped SSH connections. PR 51753.

Drivers

  • Add vioscsi driver for the Google Compute Engine disk.
  • btmagic(4): Add support for Apple Magic Trackpad.
  • ichlpcib(4):
    • Add Core 5G (mobile) LPC support.
    • Disable gpio(4) attachment by default, fixing resume for some machines. GPIO functionality can be enabled by setting ichlpcib_gpio_disable to 0, for instance with "gdb -write". PR 50733.
  • ichsmb(4): Add support for Braswell CPU and Intel 100 Series.
  • iwn(4): Fix issue connecting to 5GHz access points. PR 50187.
  • ixgbe(4): Fix various bugs and crashes.
  • puc(4):
    • Add support for SystemBase SB16C1050 PCI serial card. PR 49819.
    • Add support for another Intel Q45 KT.
    • Add support for Intel 100 Series Chipset KT.
  • sdtemp(4):
    • Add support for Atmel AT30TS00, AT30TSE004, Giantec GT30TS00, GT34TS02, Microchip MCP9804, MCP98244, IDT TS3000GB[02], TS3001GB2, TSE2004GB2, On Semiconductor CAT34TS02C and CAT34TS04.
    • Add JEDEC TSE2004av support.
    • Fix temperature resolution on some devices.
    • Show accuracy, range, resolution, high voltage standoff and shutdown.
  • uchcom(4): Make newer (0x30-on) CH340 devices work.
  • uplcom(4): Avoid a kernel page fault when opening the device.
  • ucom(4): Add the port number to the device properties to make it easier to relate a specific ucom instance with the physical port of multi-port devices like the FTDI 4232.
  • wd(4): Put the drive in standby before detach when powering off the system. PR 51252.
  • wm(4):
    • Add C2000 KX and 2.5G support.
    • Add Wake On Lan support.
    • Fix a lot of bugs to make 82575 and newer SERDES based systems work.
    • Fix a bug where the input drop packet counter is not counted correctly.
    • Fix a problem where I210 and I211 sometimes don't have a link if the NVM image version is less than 3.25.
    • Fix a problem where 82574 and 82583 sometimes drop packets if the NVM image version is less than 2.1.4.
    • Fix a bug where some Intel AMT based systems don't linkup at 1000BaseT. PR 44893.
    • Fix bugs to make ICH and PCH devices stable.
    • Disable Low Power Link Up function correctly.
    • Improve the behavior of suspend/resume on 82544 and newer chips.
    • Avoid chip hang on 82575 and newer devices.

Platforms

  • alpha: Fix buffer overflow causing wrong host controller SCSI ID for DEC 3000.
  • arm:
    • Add Raspberry Pi Zero support.
    • Fix pmap regression that prevented XScale-based boards from booting.
    • Fix X server on big endian ARM systems. PR 50356.
    • Fix ODROID-C1 Ethernet.
    • Support 8-bit eMMC for TI AM335x.
  • dreamcast: Fix panic after wsconscfg(8) from serial console.
  • luna68k:
    • Make kernel work with 8kB/page (PGSHIFT==13) settings.
    • Add preliminary support for LUNA's HD647180X I/O processor (aka XP).
  • macppc:
    • adb(4):
      • Ask the keyboard to distinguish between left and right Control, Alt, and Shift keys.
      • Add us.dvorak keymap variant. PR 51255.
  • mips:
    • Fix a crash related to executing N64 binaries.
    • Lemote YeeLoong:
      • Fix Xorg.
      • Fix screen blanking.
      • ohci(4): Make low-speed and full-speed devices work.
  • powerpc: Fix single precision floating point arithmetic. PR 51368.
  • sandpoint:
    • altboot:
      • Correctly identify and power up a second disk on the same SATA channel.
      • Fix misdetection of LinkStation and KuroBox(HG) as KuroT4.
    • Fix panic in sandpoint DIAGNOSTIC kernel.
  • sparc64:
    • Restore binary compatibility for old binaries.
    • Fix interrupt routing on machines with Tomatillo PCI controllers.
  • x68k:
    • Fix poweroff.
    • Fix crashdump on machines with EXTENDED_MEMORY. PR 51663.
  • x86 (amd64i386):
    • Add initial DRM/KMS support for NVIDIA graphics cards via nouveau. Disabled by default, but can be enabled by uncommenting the nouveau and nouveaufb drivers in the GENERIC kernel config file, building a new kernel, and configuring X to use the nouveau driver instead of nv.
    • procfs:
      • Always output 2 digits for the CPU frequency decimal part.
      • Numerous improvements to make /proc/cpuinfo more informative and accurate. PRs 49246 and 39950.
  • xen:
    • Add machdep.xen.version sysctl(7) to easily get hypervisor version.
    • Make Xen process and file limits match the native ones.

Userland

  • blacklistctl(8): Make -n actually work.
  • cat(1): When invoked with -se, print a '$' on blank lines. PR 51250.
  • cp(1): Make the '-i' flag work regardless of whether the standard input is a terminal.
  • cpuctl(8) Add data for newer x86 CPUs.
  • dump(8):
    • Default the read block size for dump to kern.maxphys. This gives a noticable performance boost on large filesystems.
    • Fix tape usage report for large filesystems.
    • Allow file system pathname lengths greater than 16 characters. PR 50434.
  • db(3): Fix handling of 64k blocksize, which overflows a uint16_t. PR 50441.
  • ftp(1):
    • Handle proxy authentication correctly.
    • Fix crash in ftp when given an IPv6 URL that's missing a slash. PR 51558.
    • CONNECT method support.
    • Use the proper format "[IPv6 address]:port" when reporting connection attempts to IPv6 endpoints.
    • Fix downloads of local files using file:// URLs.
    • Add Server Name Indication (SNI) support for https.
  • getpass(3): Fix a bug where ctrl-c in a password prompt resulted in tty settings not being restored. PR 50695.
  • iostat(8): Support fnmatch(3) patterns for disknames. For example, "iostat wd*" works now.
  • jemalloc(3): Avoid long linear searches for code heavy on medium sized allocations. PR 50791.
  • ld.elf_so(1):
    • Add basic support for indirect functions. It allows providing a public function symbol with an implementation choosen at run time.
    • Fix deadlocks. PRs 49813 and 49816.
  • man(1): Make "man /" work again.
  • opendisk(3): Instead of trying to open files in the current working directory first for paths that don't contain "/", first try the /dev paths to avoid confusion with files in the working directory that happen to match disk names. PR 51216.
  • pthread_key_create(3): Make PTHREAD_KEYS_MAX dynamically adjustable.
  • racoon(8):
    • Fix memory leak. PR 50918.
    • Allow using IKE Mode Config in a plain "rsasig" (signed certificates only) configurations.
  • resize_ffs(8): Fix handling of ffsv2 inode initialization. PR 51116.
  • scsictl(8): Add "getrealloc" and "setrealloc" commands to get/set automatic reallocation parameters/enables for error recovery, similar to {get,set}cache.
  • sh(1):
    • Fix the parsing of references to shell parameters when given without braces (i.e., $2). Only the first 9 shell parameters ($1 .. $9) and the special parameter ($0) can be referenced this way, $10 is ${1}0 not ${10}. PR 51027 .
    • Process pending signals while waiting for a job, and report the signal that wait was interrupted by.
  • stdio(3): Allow changing the default buffering policy for a stdio stream during construction by setting environment variables. See setbuf(3).
  • terminfo(3): Fix memory leaks. PR 50092.
  • mv(1): Add support for SIGINFO.
  • libperfuse(3): Make FUSE socket buffer tunable through the PERFUSE_BUFSIZE environment variable.
  • mld6query(8): Make "-r" option actually work. PR 51353.
  • httpd(8):
    • Add -G option to display version.
    • Fix some content type issues.
    • Fix an infinite loop in cgi processing.
    • No longer send encoding header for compressed form.
  • funopen(3): Fix memory leak. PR 51572
  • vi(1):
    • Fix memory leaks in vi when resizing. PR 50092.
    • Fix the script command of vi(1). PR 50484.
    • Fix > 1024 char lines in script.
  • zic(8): Backport changes from newer tzcode to allow proper parsing of newer tzdata files.
  • /etc/rc.d/rtadvd: Don't fail to start if rtadvd's config file doesn't exist.
  • /etc/rc.subr: Speed up multiuser boot time on slow machines. PR 50046.
  • 3rd party software updates:
    • gcc(1): Update 4.8.5.
    • Lua: Update to 5.3.3
    • root.cache: Update to 2016102001.
    • tzdata: Update to 2017a.



Good time to download and test!


- wong chee tat :)

No comments: