NetBSD 7.1 released (March 11, 2017)

Introduction The NetBSD Project is pleased to announce NetBSD 7.1, the first feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Some highlights of the 7.1 release are: Support for Raspberry Pi Zero.

Initial DRM/KMS support for NVIDIA graphics cards via nouveau (Disabled by default. Uncomment nouveau and nouveaufb in your kernel config to test).

The addition of vioscsi, a driver for the Google Compute Engine disk.

Linux compatibility improvements, allowing, e.g., the use of Adobe Flash Player 24.

wm(4): C2000 KX and 2.5G support. Wake On Lan support. 82575 and newer SERDES based systems now work.

ODROID-C1 Ethernet now works.

Numerous bug fixes and stability improvements. Complete source and binaries for NetBSD 7.1 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at https://www.NetBSD.org/mirrors/. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 7.1 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: https://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-7.1_hashes.asc NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website: www.NetBSD.org

Changes Between 7.0.2 and 7.1 Below is an abbreviated list of changes in this release. Note that all of the changes found in NetBSD 7.0.1 and NetBSD 7.0.2 are present in this release. The complete list of changes can be found in the CHANGES-7.1 file in the top level directory of the NetBSD 7.1 release tree. Security Advisory Fixes The following security advisories were fixed: NetBSD-SA2017-001 Memory leak in the connect system call.

NetBSD-SA2017-002 Several vulnerabilities in ARP.

NetBSD-SA2017-003 Xen-amd64: weak privilege separation. Note: Advisories prior to NetBSD-SA2017-001 do not affect NetBSD 7.0.2. Other Security Fixes BIND: Update to 9.10.4-P6, fixing CVE-2017-3135.

expat: Update to 2.2.0, fixing CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, and CVE-2012-6702.

ISC DHCP: Fix CVE-2015-8605.

libICE: Fix CVE-2017-2626.

OpenSSL: Fix CVE-2016-7056 and CVE-2017-3731.

tcpdump: Update to 4.9.0, fixing CVE-2014-8767, CVE-2014-8768, CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486.

xorg-server: Fix CVE-2017-2624. General kernel Add net.inet.arp.log_unknown_network sysctl(7) to selectively log ARP packets from non-local networks.

Allow binding to detached IPv6 addresss. PR 51435.

carp(4): Fix an issue in mixed IPv4/IPv6 environments where a carp interface tries to get MASTER status even though the master is still advertising.

compat_linux(8): Fully support sched_setaffinity and sched_getaffinity, fixing, e.g., the Intel Math Kernel Library. PR 50021.

compat_netbsd32(8): Add support for nfssvc(2).

DTrace: Avoid redefined symbol errors when loading the module. Fix module autoload.

In kernel configuration files, it is now possible to specify a wedge name (e.g., "wedge:NAME") as a root device.

IPFilter: Fix matching of ICMP queries when NAT'd through IPF. Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.

ipsec(4): Fix NAT-T issue with NetBSD being the host behind NAT.

NFS: Fix soft force unmount.

npf(7): Handle delayed checksums for IPv6.

procfs: Maps don't change that frequently between reads, so allow reading from an offset. Notably, this makes the Linux Flash player 24 work.

SACK: Fix issue that resulted in, e.g., dropped SSH connections. PR 51753. Drivers Add vioscsi driver for the Google Compute Engine disk.

btmagic(4): Add support for Apple Magic Trackpad.

ichlpcib(4): Add Core 5G (mobile) LPC support. Disable gpio(4) attachment by default, fixing resume for some machines. GPIO functionality can be enabled by setting ichlpcib_gpio_disable to 0, for instance with "gdb -write". PR 50733.

ichsmb(4): Add support for Braswell CPU and Intel 100 Series.

iwn(4): Fix issue connecting to 5GHz access points. PR 50187.

ixgbe(4): Fix various bugs and crashes.

puc(4): Add support for SystemBase SB16C1050 PCI serial card. PR 49819. Add support for another Intel Q45 KT. Add support for Intel 100 Series Chipset KT.

sdtemp(4): Add support for Atmel AT30TS00, AT30TSE004, Giantec GT30TS00, GT34TS02, Microchip MCP9804, MCP98244, IDT TS3000GB[02], TS3001GB2, TSE2004GB2, On Semiconductor CAT34TS02C and CAT34TS04. Add JEDEC TSE2004av support. Fix temperature resolution on some devices. Show accuracy, range, resolution, high voltage standoff and shutdown.

uchcom(4): Make newer (0x30-on) CH340 devices work.

uplcom(4): Avoid a kernel page fault when opening the device.

ucom(4): Add the port number to the device properties to make it easier to relate a specific ucom instance with the physical port of multi-port devices like the FTDI 4232.

wd(4): Put the drive in standby before detach when powering off the system. PR 51252.

wm(4): Add C2000 KX and 2.5G support. Add Wake On Lan support. Fix a lot of bugs to make 82575 and newer SERDES based systems work. Fix a bug where the input drop packet counter is not counted correctly. Fix a problem where I210 and I211 sometimes don't have a link if the NVM image version is less than 3.25. Fix a problem where 82574 and 82583 sometimes drop packets if the NVM image version is less than 2.1.4. Fix a bug where some Intel AMT based systems don't linkup at 1000BaseT. PR 44893. Fix bugs to make ICH and PCH devices stable. Disable Low Power Link Up function correctly. Improve the behavior of suspend/resume on 82544 and newer chips. Avoid chip hang on 82575 and newer devices.

Platforms alpha: Fix buffer overflow causing wrong host controller SCSI ID for DEC 3000.

arm: Add Raspberry Pi Zero support. Fix pmap regression that prevented XScale-based boards from booting. Fix X server on big endian ARM systems. PR 50356. Fix ODROID-C1 Ethernet. Support 8-bit eMMC for TI AM335x.

dreamcast: Fix panic after wsconscfg(8) from serial console.

luna68k: Make kernel work with 8kB/page (PGSHIFT==13) settings. Add preliminary support for LUNA's HD647180X I/O processor (aka XP).

macppc: adb(4): Ask the keyboard to distinguish between left and right Control, Alt, and Shift keys. Add us.dvorak keymap variant. PR 51255.

mips: Fix a crash related to executing N64 binaries. Lemote YeeLoong: Fix Xorg. Fix screen blanking. ohci(4): Make low-speed and full-speed devices work.

powerpc: Fix single precision floating point arithmetic. PR 51368.

sandpoint: altboot: Correctly identify and power up a second disk on the same SATA channel. Fix misdetection of LinkStation and KuroBox(HG) as KuroT4. Fix panic in sandpoint DIAGNOSTIC kernel.

sparc64: Restore binary compatibility for old binaries. Fix interrupt routing on machines with Tomatillo PCI controllers.

x68k: Fix poweroff. Fix crashdump on machines with EXTENDED_MEMORY. PR 51663.

x86 (amd64, i386): Add initial DRM/KMS support for NVIDIA graphics cards via nouveau. Disabled by default, but can be enabled by uncommenting the nouveau and nouveaufb drivers in the GENERIC kernel config file, building a new kernel, and configuring X to use the nouveau driver instead of nv. procfs: Always output 2 digits for the CPU frequency decimal part. Numerous improvements to make /proc/cpuinfo more informative and accurate. PRs 49246 and 39950.

xen: Add machdep.xen.version sysctl(7) to easily get hypervisor version. Make Xen process and file limits match the native ones.

Userland blacklistctl(8): Make -n actually work.

cat(1): When invoked with -se, print a '$' on blank lines. PR 51250.

cp(1): Make the '-i' flag work regardless of whether the standard input is a terminal.

cpuctl(8) Add data for newer x86 CPUs.

dump(8): Default the read block size for dump to kern.maxphys. This gives a noticable performance boost on large filesystems. Fix tape usage report for large filesystems. Allow file system pathname lengths greater than 16 characters. PR 50434.

db(3): Fix handling of 64k blocksize, which overflows a uint16_t. PR 50441.

ftp(1): Handle proxy authentication correctly. Fix crash in ftp when given an IPv6 URL that's missing a slash. PR 51558. CONNECT method support. Use the proper format "[IPv6 address]:port" when reporting connection attempts to IPv6 endpoints. Fix downloads of local files using file:// URLs. Add Server Name Indication (SNI) support for https.

getpass(3): Fix a bug where ctrl-c in a password prompt resulted in tty settings not being restored. PR 50695.

iostat(8): Support fnmatch(3) patterns for disknames. For example, "iostat wd*" works now.

jemalloc(3): Avoid long linear searches for code heavy on medium sized allocations. PR 50791.

ld.elf_so(1): Add basic support for indirect functions. It allows providing a public function symbol with an implementation choosen at run time. Fix deadlocks. PRs 49813 and 49816.

man(1): Make "man <machine>/<manpage>" work again.

opendisk(3): Instead of trying to open files in the current working directory first for paths that don't contain "/", first try the /dev paths to avoid confusion with files in the working directory that happen to match disk names. PR 51216.

pthread_key_create(3): Make PTHREAD_KEYS_MAX dynamically adjustable.

racoon(8): Fix memory leak. PR 50918. Allow using IKE Mode Config in a plain "rsasig" (signed certificates only) configurations.

resize_ffs(8): Fix handling of ffsv2 inode initialization. PR 51116.

scsictl(8): Add "getrealloc" and "setrealloc" commands to get/set automatic reallocation parameters/enables for error recovery, similar to {get,set}cache.

sh(1): Fix the parsing of references to shell parameters when given without braces (i.e., $2). Only the first 9 shell parameters ($1 .. $9) and the special parameter ($0) can be referenced this way, $10 is ${1}0 not ${10}. PR 51027 . Process pending signals while waiting for a job, and report the signal that wait was interrupted by.

stdio(3): Allow changing the default buffering policy for a stdio stream during construction by setting environment variables. See setbuf(3).

terminfo(3): Fix memory leaks. PR 50092.

mv(1): Add support for SIGINFO.

libperfuse(3): Make FUSE socket buffer tunable through the PERFUSE_BUFSIZE environment variable.

mld6query(8): Make "-r" option actually work. PR 51353.

httpd(8): Add -G option to display version. Fix some content type issues. Fix an infinite loop in cgi processing. No longer send encoding header for compressed form.

funopen(3): Fix memory leak. PR 51572

vi(1): Fix memory leaks in vi when resizing. PR 50092. Fix the script command of vi(1). PR 50484. Fix > 1024 char lines in script.

zic(8): Backport changes from newer tzcode to allow proper parsing of newer tzdata files.

/etc/rc.d/rtadvd: Don't fail to start if rtadvd's config file doesn't exist.

/etc/rc.subr: Speed up multiuser boot time on slow machines. PR 50046.

3rd party software updates: gcc(1): Update 4.8.5. Lua: Update to 5.3.3 root.cache: Update to 2016102001. tzdata: Update to 2017a.



System families supported by NetBSD 7.1 The NetBSD 7.1 release provides supported binary distributions for the following systems: NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500 NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards NetBSD/alpha Digital/Compaq Alpha (64-bit) NetBSD/amd64 AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension NetBSD/amiga Commodore Amiga and MacroSystem DraCo NetBSD/amigappc PowerPC-based Amiga boards. NetBSD/arc MIPS-based machines following the Advanced RISC Computing spec NetBSD/atari Atari TT030, Falcon, Hades NetBSD/bebox Be Inc's BeBox NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285 evaluation boards NetBSD/cesfic CES FIC8234 VME processor board NetBSD/cobalt Cobalt Networks' MIPS-based Microservers NetBSD/dreamcast Sega Dreamcast game console NetBSD/emips The Extensible MIPS architecture from Microsoft Research NetBSD/epoc32 Psion EPOC PDAs NetBSD/evbarm Various ARM-based evaluation boards and appliances NetBSD/evbmips Various MIPS-based evaluation boards and appliances NetBSD/evbppc Various PowerPC-based evaluation boards and appliances NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series NetBSD/hppa Hewlett-Packard 9000 Series 700 workstations NetBSD/hpcarm StrongARM based Windows CE PDA machines NetBSD/hpcmips MIPS-based Windows CE PDA machines NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines NetBSD/i386 IBM PCs and PC clones with i486-family processors and up NetBSD/ibmnws IBM Network Station 1000 NetBSD/iyonix Castle Technology's Iyonix ARM based PCs NetBSD/landisk SH4 processor based NAS appliances NetBSD/luna68k OMRON Tateisi Electric's LUNA series NetBSD/mac68k Apple Macintosh with Motorola 68k CPU NetBSD/macppc Apple PowerPC-based Macintosh and clones NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and servers NetBSD/mmeye Brains mmEye multimedia server NetBSD/mvme68k Motorola MVME 68k Single Board Computers NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers NetBSD/netwinder StrongARM based NetWinder machines NetBSD/news68k Sony's 68k-based “ NET WORK STATION ” series NetBSD/newsmips Sony's MIPS-based “ NET WORK STATION ” series NetBSD/next68k NeXT 68k “ black ” hardware NetBSD/ofppc OpenFirmware PowerPC machines NetBSD/pmax Digital MIPS-based DECstations and DECsystems NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines NetBSD/rs6000 IBM RS/6000 MCA-based PowerPC machines. NetBSD/sandpoint Motorola Sandpoint reference platform, including many PPC-based NAS boxes NetBSD/sbmips Broadcom SiByte evaluation boards NetBSD/sgimips Silicon Graphics' MIPS-based workstations NetBSD/shark Digital DNARD ( “ shark ” ) NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode) NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode) NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010 CPU NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines NetBSD/vax Digital VAX NetBSD/x68k Sharp X680x0 series NetBSD/xen The Xen virtual machine monitor NetBSD/zaurus Sharp ARM PDAs Ports available in source form only for this release include the following: NetBSD/ia64 Itanium family of processors

Acknowledgments The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at: www.NetBSD.org/people/ We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Systems Consortium Inc. and the Network Security Lab at Columbia University's Computer Science Department for current colocation services.

About NetBSD NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent for use in both production and research environments, and the source code is freely available under a business-friendly license. NetBSD is developed and supported by a large and vibrant international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection.

About the NetBSD Foundation The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers. As a non-profit organization with no commercial backing, the NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome to help with ongoing upgrades and maintenance, as well as with operating expenses for the NetBSD Foundation. Donations can be done via PayPal to <paypal@NetBSD.org> , or via Google Checkout and are fully tax-deductible in the US. See www.NetBSD.org/donations/ for more information, or contact <finance-exec@NetBSD.org> directly.

Back to NetBSD 7.x formal releases