NetBSD: Changes and News in 2002
December 2002
November 2002
- 20 Nov 2002 - A set of NetBSD security advisories issued
- 13 Nov 2002 - Important security fix in -current
- 04 Nov 2002 - Issue of IPFilter FTP proxy security advisory (2002-024)
October 2002
- 30 Oct 2002 - Verified exec added to -current
- 24 Oct 2002 - Issue of trek(6) security advisory (2002-025)
- 23 Oct 2002 - kqueue branch merged with -current
- 22 Oct 2002 - Issue of IPsec ESP authentication data security advisory (2002-016)
- 21 Oct 2002 - Issue of kadmind security advisory
- 14 Oct 2002 - Support for the SuperH(tm) SH-5 CPU architecture in -current
- 08 Oct 2002 - NetBSD 1.6/i386 Binary Packages + Install 6 CD set available
- 08 Oct 2002 - A set of NetBSD security advisories issued
- 04 Oct 2002 - Cryptographic disk support added to -current
- 01 Oct 2002 - i386 SMP branch merged with -current
- 01 Oct 2002 - New Developers
September 2002
- 23 Sep 2002 - NetBSD 1.6 ISO images available
- 23 Sep 2002 - Reissue of NetBSD Security Advisory 2002-009
- 22 Sep 2002 - NetBSD-current is now fully dynamically linked
- 22 Sep 2002 - End-of-life declaration of NetBSD 1.4 branch
- 17 Sep 2002 - HP test drive sporting NetBSD 1.6
- 16 Sep 2002 - Multiple Security Advisories Released/Updated
- 14 Sep 2002 - NetBSD 1.6 has been released!
- 12 Sep 2002 - New NetBSD Board approved by developers
- 06 Sep 2002 - gehenna-devsw branch merged with -current
- 03 Sep 2002 - NetBSD on HP test drive
August 2002
- 05 Aug 2002 - macppc port now supports SMP
- 01 Aug 2002 - New dmover kernel API in -current
- 01 Aug 2002 - NetBSD users not affected by OpenSSH ftp site trojan
- 01 Aug 2002 - Three new Security Advisories released
July 2002
- 22 Jul 2002 - NetBSD 1.5.3 Released
- 10 Jul 2002 - Switch to a signal trampoline provided by libc
- 08 Jul 2002 - Support for the SuperH(tm) SH-5 CPU Architecture Added
- 04 Jul 2002 - Socket Performance Improvement
- 01 Jul 2002 - New Developers
June 2002
- 29 Jun 2002 - ftp.NetBSD.org downtime - hardware upgrade
- 27 Jun 2002 - *Updated AGAIN* Two new Security Advisories Released
- 20 Jun 2002 - NetBSD Live! CD available
- 19 Jun 2002 - Latest Apache Packages Fix Security Issue
- 19 Jun 2002 - USENIX Slides available
- 11 Jun 2002 - Presentation: Scheduler Activations on NetBSD at Usenix
- 11 Jun 2002 - NetBSD BOF Sessions at USENIX
- 10 Jun 2002 - Driver framework documentation
- 08 Jun 2002 - New port-pdp10 mailing list created
May 2002
- 31 May 2002 - NetBSD/pmppc: a port to Artesyn's PM/PPC board.
- 28 May 2002 - NetBSD 1.6 release process has begun
- 24 May 2002 - bcrypt password entry support in -current
- 02 May 2002 - Experimental zero-copy for TCP and UDP transmit-side in -current
- 02 May 2002 - IPFilter upgraded to 3.4.27 in -current
- 02 May 2002 - New Developers
April 2002
- 30 Apr 2002 - Changes to ADPCM voice synthesizer
- 22 Apr 2002 - OpenSSH upgraded to 3.2 in -current
- 07 Apr 2002 - Bus-master DMA support for Netwinder
- 04 Apr 2002 - Linux compatibility improvements
- 03 Apr 2002 - All NetBSD/arm ports switch to ELF
- 02 Apr 2002 - GPRS/CDPD HowTo
- 01 Apr 2002 - NetBSD/vax switches to ELF
March 2002
- 25 Mar 2002 - NetBSD/mac68k switches to ELF
- 12 Mar 2002 - Three new Security Advisories Released
- 03 Mar 2002 - NetBSD Ported to Motorola MVME PowerPC Boards
February 2002
- 24 Feb 2002 - New install media for hp300
- 21 Feb 2002 - NetBSD/vax now runs in an emulator
- 20 Feb 2002 - OpenOffice available for NetBSD
January 2002
- 27 Jan 2002 - IPFilter upgraded to 3.4.23 in -current
- 26 Jan 2002 - NetBSD System Packages supported in -current
- 26 Jan 2002 - XFree86 v4.2.0 imported into NetBSD xsrc tree
- 26 Jan 2002 - Ntpd security enhancement
- 16 Jan 2002 - New Security Advisory released
- 05 Jan 2002 - MIPS-based NetBSD ports switched to the new toolchain
- 04 Jan 2002 - NetBSD/acorn32 X server support for wscons
- 04 Jan 2002 - New developer
- 04 Jan 2002 - NetBSD in 2001 - A Report
December 2002
19 Dec 2002 - CVS modules merged
The NetBSD source tree was split into several CVS modules some years ago. This split is now being undone, and should, by the time of this writing, be complete on anoncvs.NetBSD.org and ftp.NetBSD.org. If you maintain a checked out copy of the CVS repository, please see Perry Metzger's email to the current-users mailing list for details.
01 Dec 2002 - New Developers
The NetBSD Project is pleased to welcome the following new developers:
- Ilpo Ruotsalainen (lonewolf@NetBSD.org), who will be working on kernel issues.
- Lubomir Sedlacik (salo@NetBSD.org), who will be working on the NetBSD Packages Collection.
- Julio Merino (jmmv@NetBSD.org), who will be working on the NetBSD Packages Collection and website documentation.
November 2002
20 Nov 2002 - A set of NetBSD security advisories issued
The following security advisories have been issued:
- NetBSD-SA2002-027 ftpd STAT output non-conformance can deceive firewall devices
- NetBSD-SA2002-028 Buffer overrun in getnetbyname/getnetbyaddr
- NetBSD-SA2002-029 named(8) multiple denial of service and remote execution of code
13 Nov 2002 - Important security fix in -current
If you use -current with userland newer than 2002/08/26, please update your kernel to most current sources ASAP.
A serious security issue was fixed in sys/kern/exec_elf32.c rev. 1.77. The bug used to allow any local user to run arbitrary code as root via a dynamic suid/sgid binary.
Neither 1.6 branch, nor anything older is affected by this. Static suid/sgid programs are not affected by this either.
Please see Jaromir Dolecek's message to the current-users mailinglist for more details and a patch.
04 Nov 2002 - Issue of IPFilter FTP proxy security advisory (2002-024)
The following security advisory has been issued:
- NetBSD-SA2002-024 IPFilter FTP proxy
October 2002
30 Oct 2002 - Verified exec added to -current
Brett Lymn has added verified exec to -current, which verifies a cryptographic hash before allowing execution of binaries and scripts. As the name implies, verified exec compares the hash of a file against its previously defined hash and execution is only allowed if the hash matches.
This can be used to prevent a system from running binaries or scripts which have been illegally modified or installed. Verified exec can also be used to limit the use of script interpreters to authorized scripts only and disallow interactive use.
See Brett's message to current-users.
24 Oct 2002 - Issue of trek(6) security advisory (2002-025)
The following security advisory has been issued:
- NetBSD-SA2002-025 trek(6) buffer overrun
23 Oct 2002 - kqueue branch merged with -current
Jaromir Dolecek has merged the kqueue branch with -current.
kqueue provides a stateful and efficient event notification framework. Currently supported events include socket, file, directory, fifo, pipe, tty and device changes, and monitoring of processes and signals.
kqueue is supported by all writable filesystems in the NetBSD tree (with the exception of Coda) and all device drivers supporting poll(2).
It is based on work by Jonathan Lemon for FreeBSD. The initial NetBSD porting work was performed by Luke Mewburn and Jason Thorpe.
22 Oct 2002 - Issue of IPsec ESP authentication data security advisory (2002-016)
The following security advisory has been issued:
- NetBSD-SA2002-016 Insufficient length check in ESP authentication data
Note that NetBSD 1.6 is not affected.
21 Oct 2002 - Issue of kadmind security advisory
The following security advisory has been issued:
- NetBSD-SA2002-026 Buffer overflow in kadmind daemon
14 Oct 2002 - Support for the SuperH(tm) SH-5 CPU architecture in -current
Steve Woodford, on behalf of Wasabi Systems, has completed support for the SuperH(tm) SH-5 CPU architecture. The SH-5 is bi-endian and both 32-bit and 64-bit capable. NetBSD has been tested on the Cayman evaluation board with a number of generic, machine-independent device drivers including audio, SCSI and ethernet cards.
08 Oct 2002 - NetBSD 1.6/i386 Binary Packages + Install 6 CD set available
The 3rd party software team of The NetBSD Project is proud to be able to provide a new multi-CD-set with precompiled binary packages for the i386 port of NetBSD 1.6. The CDs are based on the NetBSD Packages Collection (pkgsrc) as of September 2002.
At that time, pkgsrc included about 3000 applications ranging from shell tools to mail, web server software, various programming languages and scientific applications. It also includes the KDE and GNOME desktop environments, the Mozilla web browser and the GNU image manipulation program, GIMP. Many applications are IPv6 ready to explore the full potential of NetBSD 1.6.
The CD images are available for download from the main NetBSD FTP site, ftp.NetBSD.org, or its mirrors. Please try use a mirror close to you.
Further information about the multi-CD-set can be found in the accompanying README.
08 Oct 2002 - A set of NetBSD security advisories issued
The following security advisories have been issued. SA2002-015 does not affect NetBSD 1.6, the others do affect NetBSD 1.6.
- NetBSD-SA2002-015 (another) buffer overrun in libc/libresolv DNS resolver
- NetBSD-SA2002-019 buffer overrun in talkd(8)
- NetBSD-SA2002-021 rogue(6) vulnerability
- NetBSD-SA2002-022 buffer overrun in pic(1)
- NetBSD-SA2002-023 sendmail smrsh(8) vulnerability
04 Oct 2002 - Cryptographic disk support added to -current
Roland Dowdeswell has committed cgd, a pseudo-disk which encrypts blocks on their way to the disk that it is attached to. Currently it supports 3 crypto algorithms: aes-cbc, blowfish-cbc and 3des-cbc.
For more information about how to use and configure cgds please refer to the provided documentation, cgd(4) and cgdconfig(8).
01 Oct 2002 - i386 SMP branch merged with -current
Frank van der Linden has merged Bill Sommerfeld's i386mp branch into i386/-current. i386 SMP support should work fine on 1-CPU systems and quite well on a lot of multiprocessor systems.
See Frank's message to current-users.
01 Oct 2002 - New Developers
The NetBSD Project is pleased to welcome the following new developers:
- Steven M. Bellovin (smb@NetBSD.org), who will be working on security and scalable administration.
- Yoshihiro Masuda (masuda@NetBSD.org), who will be working on powerpc, ibm4xx and OpenBlockSS.
- Robert Tyler Retzlaff (rtr@NetBSD.org), who will be working on sysinst and disklabel.
- OKANO Takayoshi (kano@NetBSD.org), who will be working on website documentation.
- Niels Provos (provos@NetBSD.org), who will be working on security.
- David Young (dyoung@NetBSD.org), who will be working on 802.11.
September 2002
23 Sep 2002 - NetBSD 1.6 ISO images available
Thanks to Tracy Di Marco White (and many others, of course), the NetBSD Project is glad to announce the availability of NetBSD 1.6 ISO images. Bootable images are available for NetBSD/alpha, NetBSD/cats, NetBSD/i386, NetBSD/macppc, NetBSD/pmax, NetBSD/sparc, NetBSD/sun2, NetBSD/sun3 and NetBSD/vax. Please use a mirror close to you.
23 Sep 2002 - Reissue of NetBSD Security Advisory 2002-009
NetBSD Security Advisory 2002-009, "Multiple vulnerabilities in OpenSSL code", was reissued, to correct the updating process for 1.5 branch systems.
22 Sep 2002 - NetBSD-current is now fully dynamically linked
After quite some discussion on the current-users MailingList, Luke Mewburn announced today that NetBSD-current is now, by default, a fully dynamically linked system. Please see his post to the list for details.
22 Sep 2002 - End-of-life declaration of NetBSD 1.4 branch
In keeping with NetBSD's policy of maintaining only the current and most recent release, the release of NetBSD 1.6 marks the end-of-life for NetBSD 1.4. This means that no more pullups are made to the netbsd-1-4 branch and no more security advisories are issued. The NetBSD Project strongly recommends that users of NetBSD 1.4 update their systems.
17 Sep 2002 - HP test drive sporting NetBSD 1.6
The HP Test Drive Program has announced that they have upgraded an AlphaServer DS10 and a ProLiant 5500 to NetBSD 1.6. For more information, see http://www.testdrive.compaq.com/.
16 Sep 2002 - Multiple Security Advisories Released/Updated
With the release of NetBSD 1.6, The NetBSD Project is publishing a batch of Security Advisories (some of which are updates), as follows:
* 2002-006 buffer overrun in libc/libresolv DNS resolver x 2002-007 Repeated TIOCSCTTY ioctl can corrupt session hold counts *x 2002-009 Multiple vulnerabilities in OpenSSL code *x 2002-010 symlink race in pppd *x 2002-011 Sun RPC XDR decoder contains buffer overflow x 2002-012 buffer overrun in setlocale x 2002-013 Bug in NFS server code allows remote denial of service x 2002-014 fd_set overrun in mbone tools and pppd x 2002-017 shutdown(s, SHUT_RD) on TCP socket does not work as intended x+ 2002-018 Multiple security isses with kfd daemon (*) reissue (x) affects 1.5.3 (+) affects 1.6
These advisories involve bugs in libc (affecting static binaries), as well as the kernel. A full system rebuild is recommended to collectively address all of these issues, but please make sure to read through all of the advisories in case specific issues affect your system.
Because of the extensive rebuild required, the NetBSD 1.6 release was delayed in order to include fixes for as many of these issues as possible, so as to provide binary release users with an easy upgrade path.
Readers will note that there are some gaps in the above numbering. These pending advisories involve third parties, and are awaiting disclosure co-ordination, so we cannot publish them at this time. However, they are fixed in NetBSD 1.6.
Unfortunately, the recent 1.5.3 release was affected by most of these issues. Unlike NetBSD 1.6, the 1.5 branch cannot be automatically cross-built to release, and so any updated binary release from the 1.5 tree will take considerable time and developer effort.
Therefore:
- The recommended cumulative fix for pre-1.6 systems is to upgrade to NetBSD 1.6.
- Users who cannot upgrade to 1.6 are recommended to update to the most recent sources on the NetBSD-1.5 branch, via anoncvs, and rebuild from there.
- Users of NetBSD-current should upgrade to source more recent than September 11, 2002, and rebuild the kernel and all userland.
Having updated the base NetBSD distribution via one of the above, the following steps are necessary for all users:
- Recompile statically-linked binaries from pkgsrc, or custom builds (for 2002-006)
- Remove any shared libraries with older major numbers. (2002-006)
- Remove any shared libraries for OS emulation under /emul, unless you are sure it has no security vulnerabilities. (2002-006)
- Follow instructions in 2002-018
14 Sep 2002 - NetBSD 1.6 has been released!
NetBSD 1.6 has been released, with binary releases for 39 architectures. More information is available in the 1.6 release announcement.
Users are strongly encouraged to consider upgrading to 1.6, as we believe this to be the best release of NetBSD yet!
Many of the FTP Mirrors are now carrying the NetBSD 1.6 distribution. Please try to use the NetBSD FTP Mirror Site closest to you.
Czech, German, French, Japanese, Portuguese, Russian, Spanish and Swedish language translations of the NetBSD 1.6 release announcement are available.
12 Sep 2002 - New NetBSD Board approved by developers
With the publishing of the final ballot of the Board Elections on September 12th, a one-year long effort to establish a more democratic structure in the NetBSD Project came to a successful end. The Nomination Committee's slate for the new Board has been accepted by the Members of the NetBSD Project with an overwhelming majority. Out of the 124 valid votes cast, 122 approved the Nomination Committee's slate.
The members of the new NetBSD Board are:
- Chris G. Demetriou, 2 year term
- Luke Mewburn, 2 year term
- Alistair G. Crooks, 1 year term
- Scott Reynolds, 1 year term
- Christos Zoulas, 1 year term
The details of the election procedure are available online.
06 Sep 2002 - gehenna-devsw branch merged with -current
The NetBSD Project is pleased to announce that Masahide Maekawa has merged the gehenna-devsw branch with -current. This merge changes the device switch tables from static array to dynamically generated by config(8). See the commit-message from the source-changes mailinglist for details.
03 Sep 2002 - NetBSD on HP test drive
The HP Test Drive Program is pleased to announce the availability of NetBSD 1.5.3 in our program: “Not only have we upgraded our existing NetBSD/alpha AlphaServer DS10, but we have also just added NetBSD/x86 to our program, running on a ProLiant 5500. For more information or to sign up for a free shell account, please visit our web site at: http://www.testdrive.compaq.com/.”
August 2002
05 Aug 2002 - macppc port now supports SMP
Chuck Silvers announced that NetBSD/macppc is now utilising the second processor on dual G4 systems. See Chuck's message to port-macppc.
01 Aug 2002 - New dmover kernel API in -current
Jason Thorpe has committed code to NetBSD-current that implements the new dmover(9) kernel API for accessing hardware-assisted data movers. This allows the kernel to use hardware which can fill regions of memory, copy regions of memory, and perform operations (such as XOR) on multiple regions of memory. More information is available in his message to the current-users mailing list.
01 Aug 2002 - NetBSD users not affected by OpenSSH ftp site trojan
Some users have expressed concern over the reported installation of a trojan in the OpenSSH distribution files on one of the official OpenSSH ftp sites.
NetBSD will not be issuing a security advisory on this matter. Our basesrc and pkgsrc OpenSSH distributions were not affected, and the NetBSD ftp mirror sites never held copies of the compromised files.
pkgsrc users would be protected by the SHA1 hash test performed on any retrieved distfile. Only users who manually downloaded the affected file and compiled manually, or edited their pkgsrc Makefile _and_ told pkgsrc to ignore the package SHA1 hash could be affected by the issue described here: http://www.openbsd.org/advisories/ssh_trojan.txt
01 Aug 2002 - Three new Security Advisories released
Three new NetBSD Security Advisories SA2002-009, SA2002-010 and SA2002-011 have been released. More details, including information on solutions and workarounds, are located in the security advisory.
For those keeping count, the last published SA was SA2002-006. SA2002-007 and SA2002-008 are forthcoming. They are non-exploit issues, and we are giving other groups time to make their fixes.
-
NetBSD
Security Advisory SA2002-009 -
Multiple vulnerabilities in OpenSSL code
Fixed: NetBSD-current: August 4, 2002 NetBSD-1.6 branch: August 4, 2002 (1.6 will include the fix) NetBSD-1.5 branch: not yet (1.5.4 will include the fix) pkgsrc: not yet (will be openssl-0.9.6e and later)
-
NetBSD
Security Advisory SA2002-010 -
symlink race in pppd
Fixed: NetBSD-current: July 31, 2002 NetBSD-1.6 branch: August 3, 2002 (1.6 will include the fix) NetBSD-1.5 branch: not yet NetBSD-1.4 branch: not yet
-
NetBSD
Security Advisory SA2002-011 -
Sun RPC XDR decoder contains buffer overflow
Fixed: NetBSD-current: August 1, 2002 NetBSD-1.6 branch: August 2, 2002 (1.6 will include the fix) NetBSD-1.5 branch: August 1, 2002 (1.5.4 will include the fix) NetBSD-1.4 branch: not yet
July 2002
22 Jul 2002 - NetBSD 1.5.3 Released
NetBSD 1.5.3, a patch release improving stability, fixing bugs in, addressing security issues in, and adding some features to NetBSD 1.5.2, has been released with support for 20 architectures. More information is available in the 1.5.3 release announcement.
Many of the FTP Mirrors are now carrying the NetBSD 1.5.3 distribution. Please try to use the NetBSD FTP Mirror Site closest to you.
French, German, Polish, Spanish, Swedish, and Czech, language translations of the NetBSD 1.5.3 release announcement are available. Update 07/24: Japanese language translation of the NetBSD 1.5.3 release announcement is available. Update 07/25: Korean language translation of the NetBSD 1.5.3 release announcement is available. Update 08/02: Portuguese language translation of the NetBSD 1.5.3 release announcement is available. Update 08/07: Russian language translation of the NetBSD 1.5.3 release announcement is available.
10 Jul 2002 - Switch to a signal trampoline provided by libc
Jason Thorpe has committed code to NetBSD-current to switch to signal trampolines provided by libc, instead of copying them on the user stack and executing them there. The kernel will provide one for backward compatibility, and for emulations. This will allow marking stack pages as non-executable, which will prevent buffer overflows from executing random code provided by exploits.
08 Jul 2002 - Support for the SuperH(tm) SH-5 CPU Architecture Added
Steve Woodford, on behalf of Wasabi Systems, has begun the groundwork for future ports of NetBSD to systems based on the SuperH(tm) SH-5 CPU architecture. More information can be found in /sys/arch/README.
04 Jul 2002 - Socket Performance Improvement
Jason Thorpe has made major changes to socket code in NetBSD which has resulted in a large performance boost. Read more in his email to current-users.
01 Jul 2002 - New Developers
The NetBSD Project is pleased to welcome the following new developers, who have joined the project since May 2002:
- Hiroyuki Bessho (bsh@NetBSD.org), who will be working on the arm ports.
- Tero Kivinen (kivinen@NetBSD.org), who will be working on laptop hardware support.
- Mattias Karlsson (keihan@NetBSD.org), who will be helping out with the www@NetBSD.org mailing list and working on the web site.
- Love Hoernquist-Astrand (lha@NetBSD.org), who will be working on debugging support.
As usual, we welcome these new developers to The NetBSD Project!
June 2002
29 Jun 2002 - ftp.NetBSD.org downtime - hardware upgrade
The NetBSD Project FTP server, ftp.NetBSD.org, will be taken down at 9:00am Pacific time (12:00pm Eastern, 16:00 UTC) for a hardware upgrade.
FTP, rsync and SUP will all be unavailable while this work is taking place. We anticipate this will take approximately 6-8 hours, and expect the system to be available again by 5:00pm Pacific (8:00pm Eastern, 00:00 UTC).
During this time, please use one of our mirror sites.
27 Jun 2002 - *Updated AGAIN* Two new Security Advisories Released
Two new NetBSD Security Advisories SA2002-005 SA2002-006 have been released. More details, including information on solutions and workarounds, are located in the security advisory.
-
NetBSD
Security Advisory SA2002-005 -
OpenSSH protocol version 2 challenge-response authentication
Fixed: NetBSD-current: June 26, 2002 (OpenSSH 3.4) NetBSD-1.6 branch: June 26, 2002 (OpenSSH 3.4) NetBSD-1.5 branch: June 26, 2002 (patch on advisory) pkgsrc: June 26, 2002 (with openssh-3.4.0.1)
-
NetBSD
Security Advisory SA2002-006 -
buffer overrun in libc DNS resolver
Fixed: NetBSD-current: June 28, 2002 NetBSD-1.6 branch: June 28, 2002 (1.6 will include the fix) NetBSD-1.5 branch: (not yet) (1.5.3 will include the fix) NetBSD-1.4 branch: (not yet) pkgsrc: net/bind4, bind-4.9.8nb1 net/bind8, (not yet) net/bind9, (not yet) emulators/compat1[234], not yet
NOTE: fixed date for SA2002-006 was changed as BIND8 was found to be vulnerable as well, and updates are needed for in-tree named and related tools (dig/nslookup/host). If you have update your system on June 26, please update your system again. Sorry for the confusion.
20 Jun 2002 - “NetBSD Live!” CD available
Jörg Braun created a “NetBSD Live!” CD that boots NetBSD 1.5.2/i386 from CDROM, allows some system config (german language dialogs, sorry!), selection of X config, then allows starting one of several window managers, e.g. KDE2. Under KDE2, Koffice is ready to run - all from CD, without installing on your harddisk!
The ISO image can be obtained from ftp://ftp.NetBSD.org/pub/NetBSD/iso/1.5.2/i386live.iso.gz (also available: md5sum and a cover (by Hubert Feyrer)). Note that the scripts to (re)create the CD are also part of the image!
All credits and many thanks go to Jörg Braun (jb at toolbox-mag dot de), who developed this gem. Please see the README for more details.
19 Jun 2002 - Latest Apache Packages Fix Security Issue
Following the recent security advisory regarding the apache webserver, the NetBSD Project has updated the versions in the NetBSD Packages Collection. Please see ftp://ftp.NetBSD.org/pub/NetBSD/packages/pkgsrc/www/apache/README.html and ftp://ftp.NetBSD.org/pub/NetBSD/packages/pkgsrc/www/apache2/README.html. Also note that this vulnerability (as other vulnerabilities) can of course be located through the use of audit-packages.
19 Jun 2002 - USENIX Slides available
Slides used by Christos Zoulas during his presentation on NetBSD at USENIX 2002 are now available online.
11 Jun 2002 - Presentation: Scheduler Activations on NetBSD at Usenix
Nathan J. Williams of Wasabi Systems will present a paper entitled "An Implementation of Scheduler Activations on the NetBSD Operating System" as part of the FREENIX Paper Track at this years USENIX Annual Technical Conference (see events). Details are below:
FREENIX Date & Time: Friday, June 14th, 9:00-10:30AM FREENIX Location: Serra Ballroom II (Marriott Hotel) FREENIX Title: An Implementation of Scheduler Activations on the NetBSD Operating System FREENIX Presenter: Nathan J. Williams, Wasabi Systems Inc. Description: This paper presents the design and implementation of a two-level thread scheduling system on NetBSD. This system provides a foundation for efficient and flexible threads on both uniprocessor and multiprocessor machines. The work is based on the scheduler activations kernel interface proposed by Anderson et al. for user-level control of parallelism in the presence of multiprogramming and multiprocessing.
Nathan's paper is available online at http://web.mit.edu/nathanw/www/usenix/.
11 Jun 2002 - NetBSD BOF Sessions at USENIX
The NetBSD Project is happy to announce that there will be two NetBSD-related sessions in the "Super BSD BOF" at this years USENIX Annual Technical Conference (see events).
The sessions in question are outlined below:
BSD BOF: Serra Ballroom II (Marriott Hotel) BOF Date & Time: Thursday June 13th, 7:00-7:30PM BOF Title: The NetBSD Project BOF Presenter: Christos Zoulas Description: NetBSD is the most portable operating system in the world, supporting 52 platforms on 12 processor families. In this BOF we will present last year's work and achievements, explain the delays in release engineering for 1.6, and give the status of the major features currently under development: i386 smp, devsw, kqueue, scheduler activations. Finally we'll talk about the package source improvements planned such as advanced linking and multi-version package support. BOF Date & Time: Thursday June 13th, 9:30-10:30PM BOF Title: BSD Panel Session moderated by Marshall Kirk McKusick BOF Presenter: Christos Zoulas (NetBSD), Todd Miller (OpenBSD), Robert Watson (FreeBSD), Mike Karels (BSD/OS), Ernest Prabhakar (Darwin) Description: Representatives from the BSD groups will answer audience questions and prognosticate on the future of BSD. This panel is your opportunity to ask all your BSD interoperability questions.
For more details on the USENIX Conference, please see this page.
10 Jun 2002 - Driver framework documentation
Description of the NetBSD driver framework is available in a set of manpages (driver(9), autoconf(9), config(9), audio(9), ...). Our "Kernel Programming" documentation was updated to point to the relevant manpages in section 9 of the NetBSD manpages.
08 Jun 2002 - New port-pdp10 mailing list created
A new mailing list, port-pdp10, has been created to discuss issues to port NetBSD to DEC PDP-10.
May 2002
31 May 2002 - NetBSD/pmppc: a port to Artesyn's PM/PPC board.
Lennart Augustsson has ported NetBSD to Artesyn's PM/PPC board.
The Artesyn PM/PPC is a PCI Mezzanine card with a PowerPC 750, an IBM CPC700 bridge, DRAM, ROM, flash, and Ethernet.
http://www.artesyncp.com/html/pmppc.html
Lennart Augustsson is the NetBSD/pmppc port maintainer.
28 May 2002 - NetBSD 1.6 release process has begun
The NetBSD Project is pleased to announce that NetBSD 1.6 has been branched and the release engineering process has begun. For details on the release process and on where to obtain snapshots, please see Todd Vierlings post to the current-users Mailinglist. The proposed release timetable in a best case scenario is roughly as follows:
COMPLETE STEPS: May 22 ** Feature cutoff -- no new feature or 3RDPARTY pullups ** \ ** after this point ** May 22- Create netbsd-1-6 branch, name kernel version 1.6_BETA1. \ (Increment trunk to 1.6A.) ** IN PROCESS STEPS: \ \ Build 1.6_BETA1 snapshots daily; fix compilation bugs. \ Test 1.6_BETA1 binaries (including installers). \ Portmaster-delegated builder preps X sets for platforms with June 2 X servers. (Note that _BETA1 is slightly longer than should be for a _BETA phase, but this is to give a little leeway to shake out the new structure. Typically _BETA cycles should be 7 days.) June 2 ** Critical pullup cutoff - only security, build, sysinst ** \ ** and other release critical pullups after this point ** June 3- Make kernel version 1.6_BETA2. \ Build 1.6_BETA2 snapshots daily; fix compilation bugs. \ Test 1.6_BETA2 binaries (including installers). \ \ If there were any X11 pullups in _BETA1, the June 9 portmaster-delegated builder rebuilds X sets. [7 days] Optional additional _BETAn cycle(s) as determined by releng; these will slide the following dates accordingly. June 10- Tag 1.6_RC1. Build binaries and X sets once. Test. June 13 [4 days] Optional additional _RCn cycle(s) as determined by releng; these will slide the following dates accordingly. June 14 Tag 1.6. Rebuild base sets for new kernel version. (X sets should propagate as-is from a prior build.) June 15- Set up distribution tree; factor out shareable tarballs; \ create distribution global doc (CHANGES, etc.) files. \ June 18 Open 1.6 to mirrors. June 19 Open 1.6 to the world and announce it. June 19- Begin open-ended phase before 1.6.1 release cycle.
24 May 2002 - bcrypt password entry support in -current
Jun-ichiro itojun Hagino has added support for bcrypt password entry to NetBSD-current. It will provide more attack-resistant password store, and can be enabled via passwd.conf(5). The code was originally developed by Niels Provos for OpenBSD.
02 May 2002 - Experimental zero-copy for TCP and UDP transmit-side in -current
Jason R. Thorpe has recently added experimental code to NetBSD-current, that enables zero-copy for TCP and UDP on the transmit-side. These changes could mean significant performance improvements for FTP, WWW, and Samba servers. See Jason's announcement to the current-users mailing list for details.
02 May 2002 - IPFilter upgraded to 3.4.27 in -current
Martti Kuparinen has upgraded IPFilter to the latest version (3.4.27) in NetBSD-current.
In order to use the new version, update your NetBSD-current source tree, recompile your kernel and recompile the userland IPFilter tools. For example, to rebuild the userland part:
cd /usr/src/sys && make includes cd /usr/src/usr.sbin/ipf && make dependall install
After rebooting a new kernel with IPFilter 3.4.27 enabled, you should see
IP Filter: v3.4.27 initialized. Default = pass all, Logging = enabled
in your boot messages.
If you have any problems with it, please report them with send-pr(1).
02 May 2002 - New Developers
The NetBSD Project is pleased to welcome the following new developers who have joined the project since January 2002:
- Jan Schaumann (jschauma@NetBSD.org), who will be working on the website documentation.
- Dave Sainty (dsainty@NetBSD.org), who will be working on miscellaneous tasks.
- Rui-Xiang Guo (rxg@NetBSD.org), who will be working on Documentation.
- Gavan Fantom (gavan@NetBSD.org), who will be working on midi, cd-demo and the arm26/acorn32 port.
- Takeshi Shibagaki (shiba@NetBSD.org), who will be working on the mac68k and the m68k ports.
- Masao Uebayashi (uebayasi@NetBSD.org), who will be working on the NetBSD Packages Collection.
- Katsuomi Hamajima (hamajima@NetBSD.org), who will be working on the hpcmips port.
- Greg Hughes (greg@NetBSD.org), who will be working on the hpcmips port.
- Amitai Schlair (schmonz@NetBSD.org), who will be working on the NetBSD Packages Collection.
- Shell Hung (shell@NetBSD.org), who will be working on the NetBSD Packages Collection.
April 2002
30 Apr 2002 - Changes to ADPCM voice synthesizer
Yosuke Sugahara has recently made some changes to the vs0 driver for the built-in ADPCM voice synthesizer in the x68k port to now play several audio formats correctly. These changes were imported into the NetBSD source tree by Tetsuya Isaki. vs0 now supports following 6 formats:
- ADPCM (OkiADPCM)
- mulaw
- ulinear8
- slinear8
- slinear16_le
- slinear16_be
You can play X68k ADPCM file:
% audioplay -f -e adpcm -P4 -s15700 ADPCMfile
or for other formats:
% audioplay file.au % audioplay file.wav
However vs0 doesn't support channel/rate conversion yet.
22 Apr 2002 - OpenSSH upgraded to 3.2 in -current
Jun-ichiro itojun Hagino has upgraded OpenSSH to 3.2 in -current, from sources around 20020422.
07 Apr 2002 - Bus-master DMA support for Netwinder
Jason Thorpe has recently added bus-master DMA support to NetBSD-current for the Netwinder's IDE controller. See Jason's announcement on the port-arm mailing list for boot messages from a kernel with the DMA support.
04 Apr 2002 - Linux compatibility improvements
Christos Zoulas has added some new signals to the Linux compatibility, and the Linux kernel version number has been bumped to 2.4.18. Most native Linux applications which run on kernel 2.4.18 should now work under emulation. JDK 1.4 for Linux now works as a result of these improvements.
03 Apr 2002 - All NetBSD/arm ports switch to ELF
NetBSD/acorn32, NetBSD/cats, and NetBSD/shark are now using ELF as their native object file format in -current. With this change, all ARM-based NetBSD ports use ELF as their native object file format.
02 Apr 2002 - GPRS/CDPD HowTo
Everyone desiring to run GPRS/CDPD with NetBSD can find documentation on doing so in our new GPRS/CDPD HowTo. Many thanks to Herb Peyerl for all the information!
01 Apr 2002 - NetBSD/vax switches to ELF
NetBSD/vax is now using ELF as its native object file format in -current.
A NetBSD/vax ELF snapshot is available at:
March 2002
25 Mar 2002 - NetBSD/mac68k switches to ELF
NetBSD/mac68k is now using ELF as its native object file format in -current. With the COMPAT_AOUT_M68K kernel option, all your old a.out binaries should still work. Note that a.out versions of ifconfig(8) and route(8) will not work due to some structure alignment problems.
A NetBSD/mac68k ELF snapshot is available at:
Instructions for upgrading from this snapshot or from source are at:
12 Mar 2002 - Three new Security Advisories Released
Three new NetBSD Security Advisories SA2002-002 SA2002-003 SA2002-004 have been released. More details, including information on solutions and workarounds, are located in the security advisory.
-
NetBSD
Security Advisory SA2002-002 -
gzip buffer overrun with long filename
Fixed: NetBSD-current: January 16, 2002 NetBSD-1.5 branch: January 16, 2002 NetBSD-1.4 branch: January 16, 2002
-
NetBSD
Security Advisory SA2002-003 -
IPv4 forwarding doesn't consult inbound SPD
Fixed: NetBSD-current: February 26, 2002 NetBSD-1.5 branch: February 26, 2002
-
NetBSD
Security Advisory SA2002-004 -
Off-by-one error in openssh session
Fixed: NetBSD-current: March 7, 2002 NetBSD-1.5 branch: March 7, 2002 pkgsrc: openssh-3.0.2.1nb2
More information on previous Security Advisories is available in the NetBSD Security pages.
03 Mar 2002 - NetBSD Ported to Motorola MVME PowerPC Boards
NetBSD/mvmeppc is a new port of NetBSD to the Motorola MVME PowerPC Single Board Computers.
This was made possible through a donation by Gan Starling of two (plus one loaner) MVME160x boards so that a porting effort could be made.
Due to NetBSD's highly portable architecture, the operating system was up and running multi-user after just two weeks worth of part-time effort.
A NetBSD/mvmeppc specific mailing list has been set up for people to discuss any issues with running NetBSD on their MVME PowerPC boards, and a snapshot of NetBSD/mvmeppc is also available for anyone wishing to experiment with the new port.
Steve Woodford is the NetBSD/mvmeppc port maintainer.
February 2002
24 Feb 2002 - New install media for hp300
The last bits to the new hp300 install media have been completed by Gregory McGarry. The list of goodies include:
- bootblocks supporting bootp
- ramdisk kernels
- sysinst
Please try the kernel at ftp://ftp.NetBSD.org/pub/NetBSD/misc/gmcgarry/hp300/sysinst/install.gz.
This kernel includes the new console attachment code, hil interface, rtc attachment and softintr framework. It has been tested on a 340 with 4MB of RAM! But sysinst is known not to work with such little RAM.
21 Feb 2002 - NetBSD/vax now runs in an emulator
The Computer History Simulation Project http://simh.trailing-edge.com/ is a loose Internet-based collective of people interested in restoring historically significant computer hardware and software systems by simulation. Recently Lars Brinkhoff Managed to install NetBSD/vax into the emulator. He has posted detailed instructions explaining how to duplicate this.
20 Feb 2002 - OpenOffice available for NetBSD
Michael Rauch has worked hard to get OpenOffice working on NetBSD, and
a package is now available in misc/openoffice
. The package was
tested on NetBSD 1.5.3_ALPHA and -current. As Java (Version 2 - JDK
1.3 or newer) is needed to build OpenOffice, this currently limits the
list of platforms to i386. When current Java implementations start
becoming available for other NetBSD platforms, it is expected that
OpenOffice will appear on these platforms as well.
OpenOffice is the Open Source version of the StarOffice office application suite. Its mission statement is to create the leading international office suite, running on all major platforms and providing access to all functionality and data through open-component based APIs and an XML-based file format.
To build OpenOffice.org version 641 from source, update pkgsrc and then
type "make install" in misc/openoffice
.
A binary package compiled for
NetBSD 1.5.3_ALPHA/i386 with XFree 4.2.0 is available as
ftp://ftp.NetBSD.org/pub/NetBSD/packages/1.5/i386/All/openoffice-641.tgz. As
the NetBSD 1.5.x releases are binary-compatible, this binary package
will also install and run fine on any NetBSD/i386 1.5-based machine.
If you experience any problems, please report them in the usual way
via send-pr.
More information on OpenOffice.org is available at http://www.OpenOffice.org/, information about NetBSD can be found at http://www.NetBSD.org
January 2002
27 Jan 2002 - IPFilter upgraded to 3.4.23 in -current
Martti Kuparinen has upgraded IPFilter to the latest version (3.4.23) in
NetBSD-current. This version supports
IPv6. If IPFilter is enabled at boot time (by putting ipfilter=YES
in /etc/rc.conf), then IPv4 filtering rules are read from /etc/ipf.conf and
IPv6 filtering rules are read from /etc/ipf6.conf.
In order to use the new version, update your NetBSD-current source tree, recompile your kernel and recompile the userland IPFilter tools. For example, to rebuild the userland part:
cd /usr/src/sys && make includes cd /usr/src/usr.sbin/ipf && make dependall install
After rebooting a new kernel with IPFilter 3.4.23 enabled, you should see
IP Filter: v3.4.23 initialized. Default = pass all, Logging = enabled
in your boot messages.
The new version has been tested on i386 and sparc64 systems. If you have any problems with it, please report them with send-pr(1).
26 Jan 2002 - NetBSD System Packages supported in -current
Jim Wise has committed changes to NetBSD-current for a packaging system for the NetBSD base install. This will allow for binary components of the NetBSD base system to be easily installed, removed and upgraded. It is hoped that these changes will be included in the next major release of NetBSD.
For example, it will be possible to cleanly remove large components (e.g. the compilers, named(8), sendmail(8), etc) from a NetBSD system without affecting system integrity. It allows the user to have a finer control over what is installed on their system. Security updates and bug fixes can now be provided as package upgrades, which will make maintaining NetBSD systems a lot easier.
For more information about the system, see /distrib/syspkg/notes/NOTES or in distrib/syspkg/notes in an up to date NetBSD-current source tree.
26 Jan 2002 - XFree86 v4.2.0 imported into NetBSD xsrc tree
Matthias Scheler has imported the latest XFree86 release (version 4.2.0) into the NetBSD xsrc source tree. It has been successfully built and tested on an i386 NetBSD-current system. The release notes can be found in xsrc/xfree/xc/RELNOTES or can be viewed on the web: /xsrc/xfree/xc/RELNOTES
Please submit any problems related to building the X Windows system from these new sources using send-pr(1) with the category "xsrc". The XFree86 organisation also has a support page.
26 Jan 2002 - Ntpd security enhancement
Recently, Emmanuel Dreyfus has committed some work on a pseudo-device named clockctl to NetBSD-current. This driver offers alternative entry points to the time setting related system calls settimeofday(2), clock_settime(2), adjtime(2) and ntp_adjtime(2) via a device file called /dev/clockctl. The access to these calls are dependent on the permissions on the /dev/clockctl file; that is, if a user can write to it, then the user is allowed to change the system time. As a result, daemons such as ntpd(8) can be run chrooted and under a non-root UID.
In order to use this new functionality, make sure you have an up to date NetBSD-current source tree and add the following to your kernel config file and rebuild it:
pseudo-device clockctl
If you don't have an ntpd user and group on your system, you need to add this to your passwd and group files. In future releases of NetBSD, this will be UID 15, GID 15 and with /var/chroot/ntpd for the home directory.
To create the clockctl device file, make sure that your MAKEDEV file is up to date, change to the /dev directory and run:
./MAKEDEV clockctl
This file is made mode 660 root/ntpd. Once you have done this you can run ntpd as a non-root user:
ntpd -u ntpd:ntpd
There is also a -t chrootdir option.
There are more details in Emmanuel's announcement.
16 Jan 2002 - New Security Advisory released
NetBSD Security Advisory SA2002-001 has been released. More details, including information on solutions and workarounds, are located in the security advisory.
-
NetBSD
Security Advisory SA2002-001 -
Close-on-exec, SUID and ptrace(2)
Fixed: NetBSD-current: January 14, 2002 NetBSD-1.5 branch: January 14, 2002 NetBSD-1.4 branch: January 14, 2002
More information on previous Security Advisories is available in the NetBSD Security pages.
05 Jan 2002 - MIPS-based NetBSD ports switched to the new toolchain
Jason Thorpe has recently switched the NetBSD MIPS-based ports to use the new GCC 2.95.3/Binutils 2.11.2-based toolchain. Rafal Boni has put a great deal of effort into making the toolchain work on the MIPS ports. The change has been tested on an Algorithmics P-5064 and also on some SGI machines.
If you use these ports and you are about to update to a recent version of NetBSD-current, it is vital that you install the new ld.elf_so first to cope with an ABI change in the new toolchain. The build.sh script supplied with the NetBSD-current sources can be used to build the system. If you use a MIPS-based port and you encounter problems with the change, please send a bug report with send-pr(1).
04 Jan 2002 - NetBSD/acorn32 X server support for wscons
Ben Harris has made modifications to Xarm32VIDC (the X server used by NetBSD/acorn32) so that it works with wscons(4). This means that it works on the Acorn NC. There is a binary snapshot of the modified Xarm32VIDC server which should be compatible with NetBSD 1.5 or above. The support is also available in source form (xc.tar.gz).
It should be noted that this work is in its early stages. In particular, keyboard support needs to be improved and there is no proper screen blanking or DPMS support. However the software is usable.
Eventually Ben hopes to add VIDC/wscons support into the modular XFree86 4 server.
04 Jan 2002 - New developer
The NetBSD Project is pleased to welcome a new developer:
- Mark Davies
<markd@NetBSD.org>
, who will be working on the NetBSD packages collection. Mark has recently been doing some good work on the KDE packages in pkgsrc.
04 Jan 2002 - NetBSD in 2001 - A Report
This month's DaemonNews magazine contains a report about NetBSD in 2001. It covers ports, people, products, technical advance on the development branch and other project related events and facts.