Announcing NetBSD 5.1.2

Introduction The NetBSD Project is pleased to announce that version 5.1.2 of the NetBSD operating system is now available. NetBSD 5.1.2 is the second critical/security update of the NetBSD 5.1 release branch. It represents a selected subset of fixes deemed critical for security or stability reasons. Please note that all fixes in critical/security updates (i.e., NetBSD 5.0.1, 5.0.2, etc.) are cumulative, so the latest update contains all such fixes since the corresponding minor release. These fixes will also appear in future minor releases (i.e., NetBSD 5.1, 5.2, etc.), together with other less-critical fixes and feature enhancements. Complete source and binaries for NetBSD 5.1.2 are available for download at many sites around the world. A list of download sites providing FTP, HTTP, AnonCVS, SUP, and other services may be found at http://www.NetBSD.org/mirrors/. We encourage users who wish to install via ISO images to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of hashes for the NetBSD 5.1.2 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: http://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-5.1.2_hashes.asc NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More information on NetBSD is available from our website: http://www.NetBSD.org/

Dedication NetBSD 5.1.2 is dedicated to the memory of Yoshihiro Masuda, who passed away in May 2011. He was a spiritual pillar of the BSD community in Japan. Through an impressive number of books and articles on BSD, he gave courage to BSD developers. We remember his passion and deep love for BSD.

Changes Between 5.1 and 5.1.2 The complete list of changes can be found in the CHANGES-5.1.2 file in the top level directory of the NetBSD 5.1.2 release tree. Note that since 5.1.1 was not announced, the changes below are relative to 5.1, not 5.1.1. An abbreviated list is as follows: Security Advisory Fixes NetBSD-SA2010-012, OpenSSL TLS extension parsing race condition.

NetBSD-SA2011-001, BIND DoS due to improper handling of RRSIG records.

NetBSD-SA2011-002, OpenSSL TLS extension parsing race condition.

NetBSD-SA2011-003, Exhausting kernel memory from user controlled value.

NetBSD-SA2011-004, Kernel stack overflow via nested IPCOMP packet.

NetBSD-SA2011-005, ISC dhclient does not strip shell meta-characters in environment variables passed to scripts.

NetBSD-SA2011-006, BIND DoS via packet with rrtype zero.

NetBSD-SA2011-007, LZW decoding loop on manipulated compressed files.

NetBSD-SA2011-008, OpenPAM privilege escalation.

NetBSD-SA2011-009, BIND resolver DoS. Note: Advisories prior to NetBSD-SA2010-012 do not affect NetBSD 5.1.2. Other Security Fixes Fix a buffer overflow in libtelnet.

OpenSSL: Fix CVE-2010-4180, CVE-2012-0050, CVE-2011-4109, CVE-2011-4109, and CVE-2011-4576.

Postfix: Update to 2.6.9, fixing CVE-2011-0411.

dhcpcd: Fix CVE-2011-0996.

xrdb: Fix CVE-2011-0465.

glob(3): Prevent resource DoS from brace expansion.

OpenSSH: Fix CVE-2012-0814. Kernel wapbl(4): Fix errors that can lead to file system corruption and panics.

Several stability fixes. Networking Clean up setting ECN bit in TOS. PR 44742.

Prevent NFS server hang under load. PR 45093.

gem(4): Fix corrupted packet problem on 100Mb/s half duplex links. Miscellaneous Update and add some TNF ssh keys to /etc/ssh/ssh_known_hosts.

Update tzdata to 2011n.

Known Problems Using block device nodes (e.g., wd0a) directly for I/O may cause a kernel crash when the file system containing /dev is FFS and is mounted with -o log. Workaround: use raw disk devices (e.g., rwd0a), or remount the file system without -o log. Occasionally, gdb may cause a process that is being debugged to hang when "single stepped". Workaround: kill and restart the affected process. gdb cannot debug running threaded programs correctly. Workaround: generate a core file from the program using gcore(1) and pass the core to gdb, instead of debugging the running program. Statically linked binaries using pthreads are currently broken.

System families supported by NetBSD 5.1.2 The NetBSD 5.1.2 release provides supported binary distributions for the following systems: NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500 NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards NetBSD/alpha Digital/Compaq Alpha (64-bit) NetBSD/amd64 AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension NetBSD/amiga Commodore Amiga and MacroSystem DraCo NetBSD/arc MIPS-based machines following the Advanced RISC Computing spec NetBSD/atari Atari TT030, Falcon, Hades NetBSD/bebox Be Inc's BeBox NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285 evaluation boards NetBSD/cesfic CES FIC8234 VME processor board NetBSD/cobalt Cobalt Networks' MIPS-based Microservers NetBSD/dreamcast Sega Dreamcast game console NetBSD/evbarm Various ARM-based evaluation boards and appliances NetBSD/evbmips Various MIPS-based evaluation boards and appliances NetBSD/evbppc Various PowerPC-based evaluation boards and appliances NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series NetBSD/hppa Hewlett-Packard 9000 Series 700 workstations NetBSD/hpcarm StrongARM based Windows CE PDA machines NetBSD/hpcmips MIPS-based Windows CE PDA machines NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines NetBSD/i386 IBM PCs and PC clones with i486-family processors and up NetBSD/ibmnws IBM Network Station 1000 NetBSD/iyonix Castle Technology's Iyonix ARM based PCs NetBSD/landisk SH4 processor based NAS appliances NetBSD/luna68k OMRON Tateisi Electric's LUNA series NetBSD/mac68k Apple Macintosh with Motorola 68k CPU NetBSD/macppc Apple PowerPC-based Macintosh and clones NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and servers NetBSD/mmeye Brains mmEye multimedia server NetBSD/mvme68k Motorola MVME 68k Single Board Computers NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers NetBSD/netwinder StrongARM based NetWinder machines NetBSD/news68k Sony's 68k-based “ NET WORK STATION ” series NetBSD/newsmips Sony's MIPS-based “ NET WORK STATION ” series NetBSD/next68k NeXT 68k “ black ” hardware NetBSD/ofppc OpenFirmware PowerPC machines NetBSD/pmax Digital MIPS-based DECstations and DECsystems NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines NetBSD/sandpoint Motorola Sandpoint reference platform NetBSD/sbmips Broadcom SiByte evaluation boards NetBSD/sgimips Silicon Graphics' MIPS-based workstations NetBSD/shark Digital DNARD ( “ shark ” ) NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode) NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode) NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010 CPU NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines NetBSD/vax Digital VAX NetBSD/x68k Sharp X680x0 series NetBSD/xen The Xen virtual machine monitor NetBSD/zaurus Sharp ARM PDAs Ports available in source form only for this release include the following: NetBSD/amigappc PowerPC-based Amiga boards NetBSD/ia64 Itanium family of processors NetBSD/playstation2 SONY PlayStation2 NetBSD/rs6000 IBM RS/6000 MCA-based PowerPC machines.

Acknowledgments The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at: http://www.NetBSD.org/people/ We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Systems Consortium Inc., the Network Security Lab at Columbia University's Computer Science Department, and Ludd (Luleå Academic Computer Society) computer society at Luleå University of Technology for current colocation services.

About NetBSD NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent for use in both production and research environments, and the source code is freely available under a business-friendly license. NetBSD is developed and supported by a large and vivid international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection.

About the NetBSD Foundation The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers. As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome assistance with ongoing upgrades and maintenance, as well as with operating expenses for The NetBSD Foundation. Donations can be done via PayPal to <paypal@NetBSD.org> and are fully tax-deductible in the US. If you would prefer not to use PayPal, or would like to make other arrangements, please contact <finance-exec@NetBSD.org> .

Back to NetBSD 5.x formal releases