Software-update: NetBSD 5.0.2

NetBSD is een Unix-achtig besturingssysteem die zijn oorsprong in de 386BSD 0.1-tak kent. De eerste versie, NetBSD 0.8, werd op 21 april 1993 uitgebracht en heeft zich sindsdien steeds verder ontwikkeld. Van de bekende BSD-varianten FreeBSD, OpenBSD en NetBSD kan de laatstgenoemde op de meeste platformen gedraaid worden. De ontwikkelaars hebben alweer even gelden versie 5.0.2 van NetBSD uitgebracht die toch nog het vermelden waard is voor de Meuktracker. De bijbehorende aankondiging ziet er als volgt uit:

Announcing NetBSD 5.0.2

The NetBSD Project is pleased to announce that version 5.0.2 of the NetBSD operating system is now available. NetBSD 5.0.2 is the second critical/security update of the NetBSD 5.0 release branch. It represents a selected subset of fixes deemed critical for security or stability reasons.

Please note that all fixes in critical/security updates (i.e., NetBSD 5.0.1, 5.0.2, etc.) are cumulative, so the latest update contains all such fixes since the corresponding minor release. These fixes will also appear in future minor releases (i.e., NetBSD 5.1, 5.2, etc.), together with other less-critical fixes and feature enhancements.

Complete source and binaries for NetBSD 5.0.2 are available for download at many sites around the world. A list of download sites providing FTP, HTTP, AnonCVS, SUP, and other services may be found at We encourage users who wish to install via ISO images to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of hashes for the NetBSD 5.0.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer:

NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More information on NetBSD is available from our website.

Changes Between 5.0.1 and 5.0.2

The complete list of changes can be found in the CHANGES-5.0.2 file in the top level directory of the NetBSD 5.0.2 release tree. An abbreviated list is as follows:

Security Advisory Fixes
  • NetBSD-SA2010-002, OpenSSL TLS renegotiation man in the middle vulnerability
  • NetBSD-SA2010-003, azalia(4)/hdaudio(4) negative mixer index panic
Note: Advisories prior to NetBSD-SA2010-002 do not affect NetBSD 5.0.1.

Other Security Fixes:
  • openssl: Fix CVE-2009-4355.
  • Update BIND server and tools to 9.5.2-P2, fixing CVE-2009-0025, CVE-2009-4022, and CVE-2010-0097.
  • ntpd(8): Fix CVE-2009-3563.
  • expat: Fix SA36425 and CVE-2009-3560.
  • fts(3): Avoid possible integer overflow on really deep dirs, and subsequent collateral damage. Received from OpenBSD via US-CERT as VU #590371.
  • Fix a couple issues with POSIX message queues:
    • An invalid signal number passed to mq_notify() could crash the kernel on delivery -- add a boundary check.
    • A user could set mq_maxmsg (the maximal number of messages in a queue) to a huge value on mq_open(O_CREAT) and later use up all kernel memory by mq_send() -- add a sysctl'able limit which defaults to 16*mq_def_maxmsg.
  • arc4random(3): Keep arc4_i and arc4_j synchronised after a rekeying. This prevents accidentally ending up in a short ARC4 cycle.
  • Fix a UFS quota crash.
  • Fix a case where setpriority(2) returned EACCES instead of EPERM. PR 41489.
  • Fix panic when calling ioctl(RNDADDDATA) on /dev/random.
  • Fix a memory leak that could occur when using clone(2).
  • Fix an issue where a softint could fire on the wrong CPU.
  • sigtimedwait(2): Fix a memory leak. PR 40750.
  • IPv6: Clear cksum flags before any further processing, like ip_forward does. Many drivers set the UDP/TCP v4 flags even for v6 traffic and if the packet is encapsulated with gif, the IPv6 header would get corrupted by ip_output.
  • IPsec: Add a missing splx() call. PR 41701.
  • ifconfig(8): Fix the -vlanif and -carpdev keywords.
  • Update dhcpcd(8) to 4.0.14.
  • twa(4): Disable completely bogus DIAGNOSTIC check.
  • mfi(4): Fix a couple crashes.
  • pad(4): Catch up to audio(4) device_t/softc split.
Platform specific:
  • x86 (amd64 and i386): ichlpcib(4): Fix watchdog code:
    • The timer bound constants are in tick, so convert period to tick before checking it against the bounds.
    • For ICH5 or older, fix code that would have always written a 0 period to the register.
  • amd64: Build kernel modules with -mno-red-zone to ensure kernel compatibility.
  • i386: Fix a panic while booting with an ACPI kernel on 790GX boards. PR 39671.
  • alpha: Fix some SMP issues. PRs 41106, 38335, and 42174.
  • hpcmips: Fix booting from PCMCIA on some slower machines. PRs 41791 and 41164.
  • macppc: pbms(4): Fix crash on attach, and fix aspect ratio of the trackpad on the geyser2 model.
  • sparc64: Improve disk I/O performance under heavy load.
  • vax: mfpr now works nicely on 4000/90.
  • libevent: Add -fno-strict-aliasing to work around problems with GCC 4 and strict-aliasing.
  • Update pkg_install to 20091008.
    • pkg_add(1): add support for checking license conditions before installation
    • pkg_delete(1): add -k option to skip over preserved packages.
    • WARNS=4 clean; fix some potential uses of uninitialized variables
    • Add a new command for pkg_admin(1): findbest. It takes one or more patterns and searches for the best match in PKG_PATH, just like pkg_add(1) would. It prints the URLs of the best match for each pattern to stdout.
    • Rewrite the config file parser to read the file only once.
    • Fix a bug in pkg_add(1)'s -P handling. For dependencies the pkgdb path was computed incorrectly and included destdir more than once.
    • Fix the ACTIVE_FTP option to actually set the "a" flag and not the old "p" flag.
    • Restore pkg_add -f functionality for missing dependencies. PR 42001.
    • pkg_admin rebuild should count packages correctly; also count @pkgdir.
    • Fix gpg-sign-package syntax in pkg_admin(1).
    • Change default URL for pkg-vulnerabilities to use HTTP.
    • Don't dereference a null pointer for pkg_admin add.
  • Fix unaligned access in sha2(3). PR 42273.
  • newsyslog(8): Reset ziptype on each line. Fixes a bug where log files were always compressed if they were listed after a line with the Z or J flag.
  • ld.elf_so(1): Restore backwards compatibility for binaries referencing the main Obj_Entry.
  • dkctl(8): Print the device name on addwedge when the addition was successful.
  • vfwprintf(3): If the current locale doesn't define the 'thousands' grouping info then use sane defaults (',' every 3 digits). Fixes PR 40714.
  • fsck_ext2fs(8): Ignore the "-P" option as intended. PR 41490.
  • vi(1): Fix an issue where the pattern /\$/ doesn't match a dollar sign. PR 41781.
  • printf(1): Avoid segv on "printf '%*********s' 666".
  • newfs_msdos(8): Make fs size detection get proper size rather than disk size. Without this, newfs_msdos assumes the target fs size is whole disk size, so newfs_msdos will fail or create wrong fs.
  • Prevent makefs(8) from creating invalid ISO format on rockridge support which causes fatal errors in ARC BIOS firmware on MIPS Magnum R4000. PR 42410.
  • Renamed a number of internal getline() functions to get_line() so as to compile under -current.
  • Various documentation fixes.
  • Update and add some TNF ssh keys to /etc/ssh/ssh_known_hosts.
Known Problems

Using block device nodes (e.g., wd0a) directly for I/O may cause a kernel crash when the file system containing /dev is FFS and is mounted with -o log. Workaround: use raw disk devices (e.g., rwd0a), or remount the file system without -o log.

Occasionally, gdb may cause a process that is being debugged to hang when "single stepped". Workaround: kill and restart the affected process.

gdb cannot debug running threaded programs correctly. Workaround: generate a core file from the program using gcore(1) and pass the core to gdb, instead of debugging the running program.

Statically linked binaries using pthreads are currently broken.
Versienummer 5.0.2
Releasestatus Final
Website NetBSD
Licentietype Voorwaarden (GNU/BSD/etc.)

Door Japke Rosink


18-04-2010 • 11:02

1 Linkedin

Bron: NetBSD


07-'18 NetBSD 8.0 0
01-'18 NetBSD 7.1.1 0
01-'17 NetBSD 7.1 RC1 3
03-'12 NetBSD 6.0_BETA 1
12-'10 NetBSD 5.1 0
04-'10 NetBSD 5.0.2 1
04-'09 NetBSD 5.0 1
12-'07 NetBSD 4.0 0
09-'07 NetBSD 4.0 RC1 4
08-'06 NetBSD 3.1 RC1 0
Meer historie

Reacties (1)

Wijzig sortering
Onze NetBSD (VMware) - VPN Appliance is gebaseerd op SSL, hier zat ik dus op te wachten:
Security Advisory Fixes
•NetBSD-SA2010-002, OpenSSL TLS renegotiation man in the middle vulnerability
Heel fijn deze update...! Binnenkort een upgrade testen en schedulen....

[Reactie gewijzigd door HoeZoWie op 19 april 2010 13:18]

Op dit item kan niet meer gereageerd worden.

Kies score Let op: Beoordeel reacties objectief. De kwaliteit van de argumentatie is leidend voor de beoordeling van een reactie, niet of een mening overeenkomt met die van jou.

Een uitgebreider overzicht van de werking van het moderatiesysteem vind je in de Moderatie FAQ

Rapporteer misbruik van moderaties in Frontpagemoderatie.

Google Pixel 7 Sony WH-1000XM5 Apple iPhone 14 Samsung Galaxy Watch5, 44mm Sonic Frontiers Samsung Galaxy Z Fold4 Insta360 X3 Nintendo Switch Lite

Tweakers vormt samen met Hardware Info, AutoTrack,, Nationale Vacaturebank, Intermediair en Independer DPG Online Services B.V.
Alle rechten voorbehouden © 1998 - 2022 Hosting door True

Tweakers maakt gebruik van cookies

Tweakers plaatst functionele en analytische cookies voor het functioneren van de website en het verbeteren van de website-ervaring. Deze cookies zijn noodzakelijk. Om op Tweakers relevantere advertenties te tonen en om ingesloten content van derden te tonen (bijvoorbeeld video's), vragen we je toestemming. Via ingesloten content kunnen derde partijen diensten leveren en verbeteren, bezoekersstatistieken bijhouden, gepersonaliseerde content tonen, gerichte advertenties tonen en gebruikersprofielen opbouwen. Hiervoor worden apparaatgegevens, IP-adres, geolocatie en surfgedrag vastgelegd.

Meer informatie vind je in ons cookiebeleid.


Toestemming beheren

Hieronder kun je per doeleinde of partij toestemming geven of intrekken. Meer informatie vind je in ons cookiebeleid.

Functioneel en analytisch

Deze cookies zijn noodzakelijk voor het functioneren van de website en het verbeteren van de website-ervaring. Klik op het informatie-icoon voor meer informatie. Meer details


    Relevantere advertenties

    Dit beperkt het aantal keer dat dezelfde advertentie getoond wordt (frequency capping) en maakt het mogelijk om binnen Tweakers contextuele advertenties te tonen op basis van pagina's die je hebt bezocht. Meer details

    Tweakers genereert een willekeurige unieke code als identifier. Deze data wordt niet gedeeld met adverteerders of andere derde partijen en je kunt niet buiten Tweakers gevolgd worden. Indien je bent ingelogd, wordt deze identifier gekoppeld aan je account. Indien je niet bent ingelogd, wordt deze identifier gekoppeld aan je sessie die maximaal 4 maanden actief blijft. Je kunt deze toestemming te allen tijde intrekken.

    Ingesloten content van derden

    Deze cookies kunnen door derde partijen geplaatst worden via ingesloten content. Klik op het informatie-icoon voor meer informatie over de verwerkingsdoeleinden. Meer details