Enkele dagen geleden is versie 3.0.1 van NetBSD uitgebracht, de eerste belangrijke update na het uitkomen van versie 3.0 eind verleden jaar. Dit Unix-achtige besturingssysteem heeft zijn wortels in de 386BSD 0.1-tak. De eerste versie, NetBSD 0.8, was beschikbaar op 21 april 1993 en heeft zich sindsdien steeds verder ontwikkeld. Van de drie bekende BSD-varianten, FreeBSD, OpenBSD en NetBSD, ondersteunt de laatste de meeste verschillende platformen, namelijk 57. Hieronder is een overzicht te vinden van de belangrijkste veranderingen in deze release:
- Hold kernel_lock while calling systrace_exit().
- In systrace_make_msg(), sleep uninterruptibly while waiting for the response from the systrace daemon, so that the message protocol between the kernel and the daemon doesn't get out of sync.
- RAIDframe: mark used spares as failed if they encounter IO errors.
- wdc(4): after a reset don't wait for drives to come ready if there are no drives (fixes a 30s hang after resume).
- Fix support in wdc(4) for 1 and 2TB disks.
- Fix a bug in the pf(4) fragment cache which could cause kernel panics (SA2006-004).
- Fix a crash caused by azalia(4) when a connection list has invalid NIDs.
- aic(4): work around an rbus resource allocation problem so cards work again.
- RAIDframe was erroneously re-initializing the Parity Stripe Status pool each time a new array was configured. This causes grief with things like 'vmstat -m' by causing it to loop. Make RAIDframe only initialize PSS bits once.
- twe(4): fix a memory leak in the TWEIO_GET_PARAM ioctl.
- Prevent system crashes caused by malformed ELF interpreters (SA2006-008).
- usb(4): Allow a NULL pointer as argument to usb_get_next_event(), and don't allocate a "struct usb_event" on stack in usb_add_event().
- Check the "oldlen" argument to sysctl(2) before passing it to uvm_vslock(9). This prevents a local DOS (SA2006-013).
- Use a pmatch(9) expression which should catch all present and future seagate drives larger than 200GB for the WD_QUIRK_FORCE_LBA48 quirks.
- Fix the 'audioctl of death' problem (SA2006-014).
- Limit the size of any kernel buffers allocated by the VOP_READDIR routines to MAXBSIZE.
- Make sure all bridge(4) structs are initialized to 0.
- Fix a memory disclosure in bridge(4) (SA2006-005).
- Use sigaction(2) to setup automatic disposal of child processes after daemonizing rpc.statd(8). This is more portable and avoids zombie rpc.statd(8) processes after an NFS client running e.g. Mac OS X shuts down.
- Prevent system crash when attempting to gather information about a non-existing alias of a network interface via the SIOCGIFALIAS ioctl (SA2006-012).
- Fix a panic caused by insufficient validation when parsing IPv6 socket options (SA2006-016).
- Change union_unmount() to not play with the fs root vnode explicitly. Let it get recycled along with all of the others. This is important as if the root vnode has already been reclaimed, then we get a panic when we try to vget it.
- xdr_rec.c missing a bugfix for an improper security check. The correct way to check for a zero record length is to check for it without the LAST_FRAG marker in it, since it's legal to send a LAST_FRAG marker with 0 bytes of data.
- pam_nologin(8): use the class of the user, not then default class, when checking for nologin and ignorelogin login.conf(5) capabilities.
- pam_unix(8): fix an uninitialized variable, and remove some unreachable code.
- Make PAM work on NetBSD ports without shared library support.
- Make password aging work again.
- Fix a bug in signal handling which could e.g get the MySQL daemon stuck in a tight loop after receiving a HUP signal.
- Improve rnd(4) code probing for the Intel hardware RNG to avoid false detections (SA2006-009).
- mail(1) creates record file with insecure umask (SA2006-007).
- Fix a remote code execution vulnerability in sendmail (SA2006-010).
- A vulnerability was found in the fast_ipsec(4) stack that renders the IPSec anti-replay service ineffective under certain circumstances (SA2006-011).
- Fix a number of small security problems with the games.
- Fix an FPU Information leak on i386/amd64/Xen platforms with AMD CPUs (SA2006-015).
- Fix several integer overflows and NULL-pointer dereferences in freetype2.
- Fix a denial of service vulnerability in sendmail when handling malformed multipart MIME messages (SA2006-017).
- Sync the Nvidia drivers with XFree86's sources as of December 24th, 2005. These changes fix lots of problems (i.e. freezes) with the latest cards (such as a GeForce 6600GT).
- Give systrace its own version of realpath() that does what it wants, call it intercept_realpath(). Unbreaks systrace.
- login(1), pam_securetty(8): don't issue a different message for root login on an insecure terminal.
- Fix some unpaired sigblocks which possibly leave a process with all signals blocked (esp. apparent under Gnome).
- Fix a NULL pointer dereference in ftp(1).
- Make sh(1) expand "$@" correctly again.
- Avoid panics under NetBSD/acorn26 whenever a process exits.
- Stop NetBSD/acorn26 from allocating eight times as much pool memory as it needs, leading to a rapid exhaustion of physical memory. NetBSD/acorn26 now boots multi-user again.
- Installer: don't ask for the root device before the user had a chance to identify how it's called under NetBSD.
- Fix the bootloader so it doesn't print garbage to the bitmap console.
- Fix a huge number of pkgsrc build problems.
- Fix boot failure problem on HP400t with fb console.
- Fix a problem with the probe of SCSI disks in the installer.
- Update pciide at pnpbios to work with the last changes to wdc(4), especially the deferral of drive probe.
- Fix a huge number of pkgsrc build problems.
- Avoid kernel panics caused by binaries compiled with "-mips2" or better.
- Update FPE trapsignal functions for new siginfo.
- Avoid pthreads program crashes.
- For GCC3 and later, use the __builtin_va* constructs. Avoids a build problem with Firefox.
- Avoid dom0 kernel crash when destroying a domain with active I/O going.
- Fix the FPU problems detected by paranoia on a NetBSD/Xen guest.
- Check the destination ethernet address when not in promiscuous mode. Fix a problem where packets would be duplicated, possibly looping, when a domU is doing IP routing.
- Avoid panics under high system load.