Subject: NetBSD "Quarterly" Status Report (Q2 - Q4 2006)
To: None <netbsd-announce@netbsd.org>
From: Jan Schaumann <jschauma@netbsd.org>
List: netbsd-announce
Date: 01/23/2007 17:20:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD "Quarterly" Status Report
NetBSD is an actively developed operating system. With fifty seven
different system architectures in total and binary support of 53
architectures in our last official release (NetBSD 3.1), our widely
portable Packages Collection "pkgsrc" and large userbase there is a lot
going on within the project. In order to allow our users to follow the
most important changes over the last few months, we provide a brief
summary in these official status reports, released with irregular
regularity. These reports are suitable for reproduction and publication
in part or in whole as long as the source is clearly indicated.
This status report summarizes the changes within NetBSD from April 2006
until December 2006.
- -Jan Schaumann <jschauma@NetBSD.org>
April 2006 - December 2006:
Administrative:
- New Developers [20070101]
- Organizational Changes to the NetBSD Project [20060901]
Miscellaneous:
- Hackathons
- NetBSD on the road
- End of life for NetBSD 1.6 branch [20060517]
- Summer of Code 2006 [20060927]
- NetBSD 3.1 and 3.0.2 released [20061104]
- NetBSD 4.0 re-branched [20061203]
pkgsrc:
- pkgsrcCon 2006 [20060507]
- pkgsrc-2006Q2, pkgsrc-2006Q3 and pkgsrc-2006Q4 released
[20070104]
Ports:
- acorn26: standard ARM bus space implementation [20061001]
- acorn26: new driver sec(4) for the Acorn SCSI Expansion Card
[20061001]
- evbmips: WLAN and AR2315 support [20060925]
- evbarm: ported to I-O DATA HDL-G Giga LANDISK [20060420]
- evbppc: ported to Xilinx Virtex [20060427]
- hp700: boot-from-disk fixed [20061030]
- i386: XBox support in the works [20061213]
- macppc: PowerMac G5/IBM 970 support [20060805]
- macppc: improved support for older PowerBooks [20060919]
- macppc: console drivers and timecounters
- prep: IBM 7025-F30 and Motorola Powerstack E1 Support
[20060426]
- prep: IBM 7025-F40 Support [20060907]
- shark: framebuffer console and XFree86 [20061221]
- sgimips: Multiple Bug Fixes / Features Added [20061230]
- sparc: NetBSD running on JavaStation Espresso [20060703]
- xen: NetBSD as Domain0 for Xen3 [20060703]
- xen: New port maintainer [20060704]
- xen: update to 3.0.3 and HVM support [20061020]
- zaurus: new port [20061119]
Security:
- Recent Security Enhancements in NetBSD [20061003]
- Security Advisories released [20070101]
Technical:
- kauth(9) merged [200601515]
- sendmail removed [20060530]
- Timecounters [20060608]
- Bluetooth Support [20060729]
- GRE in UDP tunnels [20060831]
- EtherIP driver [20061101]
- puffs -- pass-to-userspace framework file system [20061022]
- Source Address Selection Policy [20061113]
- postfix updated to 2.3.5. [20061221]
Administrative:
===============
New Developers [20070101]
- -------------------------
The NetBSD project is pleased to welcome the following new developers
during the last three quarters of 2006:
* Arnaud Lacombe (login: alc), who will be working on Coverity fixes and
various general tasks.
* Christian Biere (login: cbiere), who will be working on various
general tasks.
* Jachym Holecek (login: freza), who will be working on the evbppc port,
devmon and kernel.
* Hauke Fath (login: hauke), who will be working on mac68k port and
the NetBSD Packages Collection.
* Liam J. Foy (login: liamjfoy), who will be working on CARP,
networking, userland and bugfixing.
* Matthew Grooms (login: mgrooms), who will be working on ipsec-tools.
* Matt J. Fleming (login: mjf), who will be working on security
related tasks and regression tests.
* OBATA Akio (login: obache), who will be working on the NetBSD
Packages Collection.
* Jaime A. Fournier (login: ober), who will be working on openafs.
* Iain Hibbert (login: plunky), who will be working on bluetooth and the
NetBSD Packages Collection.
* Sanjay Lal (login: sanjayl), who will be working on powerpc support.
* Yvan Vanhullebus (login: vanhu), who will be working on IPsec.
Organizational Changes to the NetBSD Project [20060901]
- -------------------------------------------------------
All NetBSD developers have been required to sign an agreement stating
the terms under which they will participate in NetBSD
(http://www.NetBSD.org/developers/agreement.txt); in return for this
they are granted access to change our source tree and the right to
participate in our internal democratic process. For historical reasons,
there were a number of developers whose agreements were either lost or
never received; these developers were given the opportunity to submit a
new signed agreement. Despite hundreds of hours spent on this process
by our volunteers we have not obtained agreements from a few people, and
the NetBSD Foundation announced in September that developer access for
those without agreements was disabled.
For details, please see the complete email message from Alistair Crooks,
president of The NetBSD Foundation at
http://mail-index.NetBSD.org/netbsd-announce/2006/09/01/0000.html
We are happy to report that since then, we were able to re-enable the
accounts of most of these developers after having received their signed
agreements.
Miscellaneous:
==============
Hackathons
- ----------
In a project that has people spread all over the globe, it's not always
easy to coordinate efforts. Starting in September 2006, the NetBSD
project has started to hold "Bugathons" or "Hackathons", usually with a
specific goal. The organization of the first two Bugathons was done
almost entirely and spontaneously by Elad Efrat. During these events,
NetBSD developers, users and enthusiasts meet on IRC in a highly focused
environment (think Extreme Programming on Steroids) and try to squash as
many bugs as possible.
The positive results speak for themselves, and we hope to continue to
hold these events on a more or less regular basis.
So far the following events have taken place:
* December 27-29, 2006
* November 25-26, 2006 (around 200 PRs analyzed and/or closed; install
documentation fixed)
* October 7-8, 2006 (over 310 PRs closed)
* September 23-24, 2006 (over 270 PRs closed)
NetBSD on the road
- ------------------
The NetBSD Project was represented by developers and other volunteers at
a number of conferences and tradeshows during the last three quarters of
2006. Patiently, the following people invested a lot of their personal
time, money and resources to tell attendants about NetBSD, to explain
(again and again) the difference between NetBSD and Linux or NetBSD and
the other BSDs, sold CDs and other merchandise and in general deserve
thanks for helping the NetBSD Project:
* The NetBSD Project shared a booth at LinuxWorld-Boston 2006 in April
2006. See Brian Asemi's report at
http://mail-index.netbsd.org/netbsd-advocacy/2006/04/07/0000.html.
* Members of the Japan NetBSD Users' Group organized a general meeting
and NetBSD BOF in Tokyo, Japan, in April 2006. See
http://www.jp.netbsd.org/ja/JP/JNUG/announce/meeting8.html.
* A number of NetBSD developers and enthusiasts attended BSDCan 2006
in Ottawa, Canada, from May 12-13 2006 at the University of Ottawa.
Jan Schaumann's talk on NetBSD Live CDs is available online at
http://www.NetBSD.org/gallery/presentations/.
* Members of the Japan NetBSD Users' Group staffed a booth at the Open
Source Conference 2006 Niigata, at the Open Source
Conference 2006 Tokyo/Fall, as well as at the OpenSource Conference
2006 Okinawa.
* Hubert Feyrer organized a booth at at the Linux-Kongress in
Nuremberg, Germany, on September 7th and 8th at the University of
Applied Sciences (Fachhochschule) Nuernberg. See
<http://mail-index.netbsd.org/netbsd-advocacy/2006/09/09/0000.html>.
* Menuhin Saitov organized a booth at the Linux-days in Essen,
Germany, dubbed "come2linux" on September 9th and 10th. See
<http://mail-index.netbsd.org/regional-de/2006/09/16/0000.html>.
* Jay Fink organized a booth at the Ohio Linuxfest on September 30th
in Columbus, Ohio, USA. See
<http://mail-index.netbsd.org/netbsd-advocacy/2006/10/17/0000.html>.
* Hubert Feyrer organized a booth at the Systems Computer Fair in
Munich, Germany, from October 23rd to 27th. See
<http://mail-index.netbsd.org/netbsd-advocacy/2006/10/30/0001.html>.
* Several NetBSD developers and enthusiasts attended the second NYCBSD
Conference on October 28th and 29th in New York City, New York, USA.
See <http://nycbsdcon.org/schedule> for links to the presentations.
* Many NetBSD developers gave presentations at EuroBSDCon 2006 in
Milan, Italy, from November 10th - 12th 2006. See
<http://www.eurobsdcon.org>.
* Raphael Langerhorst represented NetBSD at the LinuxDay in Dornbirn,
Austria, on November 18th.
* Mauricio Barrera gave a presentation entitled "Qmail en BSD y el
Proyecto Cumail en NetBSD" at the first BSD related conference held
in Chile, BSDCon Chile 2006 on December 9th in Santiago, Chile.
See <http://www.bsd.cl/index.php/BSDCon2006>.
* Jeremy C. Reed spoke about NetBSD at Linux Fest Northwest in April 2006 in
Bellingham, Washington, USA. See http://blug.org/spkr-record.dxp?id=46
* Emmanuel Dreyfus continues his series of interviews for DaemonNews:
- Interview with Jan Schaumann: NetBSD on the Desktop
http://ezine.daemonnews.org/200604/jan.html
- Interview with Ty Sarna: AFS: Network filesystem beyond NFS
weaknesses
http://ezine.daemonnews.org/200605/afs.html
* BSDTalk (http://bsdtalk.blogspot.com) hosted a series of interviews
with NetBSD developers:
- http://bsdtalk.blogspot.com/2006/09/bsdtalk064-interview-with-netbsd.html
- http://bsdtalk.blogspot.com/2006/09/bsdtalk070-interview-with-netbsd.html
- http://bsdtalk.blogspot.com/2006/11/bsdtalk083-pkgsrc-developer-johnny-lam.html
- http://bsdtalk.blogspot.com/2006/12/bsdtalk089-netbsd-release-engineer.html
End of life for NetBSD 1.6 branch [20060517]
- --------------------------------------------
In May, the release engineering team announced that the netbsd-1-6
branch will no longer be actively maintained. It is NetBSD's policy to
maintain only the current and most recent release branches (3.x and
2.x). There will be no more pullups to the branch even for security
issues.
The 1.6 releases on ftp.NetBSD.org have been moved to the archive
ftp://ftp.NetBSD.org/pub/NetBSD-archive/.
For details, please refer to Matthias Scheler's message to the
netbsd-announce mailing list:
http://mail-index.netbsd.org/netbsd-announce/2006/05/16/0000.html
Summer of Code 2006 [20060927]
- ------------------------------
As in the first "Google Summer of Code" in 2005, the NetBSD Project once
again participated as a mentoring organization in this year's SoC.
After reviewing more than one hundred project proposals, the NetBSD
Project was allotted the following eight project slots:
1. Project jffs: Support for journaling for FFS (Kirill Kuvaldin)
2. Project mips64: Support for MIPS64 ISA (LIU Qi)
3. Project ppcg5: PowerPC G5 support in NetBSD (Yevgeny Binder)
4. Project congest: Improved Writing to Filesystem Using Congestion
Control (Sumantra R. Kundu)
5. Project ecn: TCP ECN support (Rui Paulo)
6. Project ipsec6: Fast_ipsec and ipv6 (Degroote Arnaud)
7. Project pkg_install: pkg_install rewrite for pkgsrc (Joerg
Sonnenberger)
8. Project mbuf: Improving the mbuf API and implementation (Pavel Cahyna)
For a full report on the progress made in each of these projects, please
see http://www.netbsd.org/Foundation/press/soc2006-summary.html.
NetBSD 3.1 and 3.0.2 released [20061104]
- ----------------------------------------
In early November, the NetBSD release engineering team announced the
availability of the NetBSD 3.1 and 3.0.2 releases.
NetBSD 3.1 is the first feature update of the NetBSD 3.0 release branch.
Changes include bugfixes, critical security updates and new minor
features like new drivers. NetBSD 3.0.2 is the second security/critical
update of the NetBSD 3.0 release branch. This represents a selected
subset of fixes deemed critical in nature for stability or security
reasons.
See the NetBSD 3.1 Release Announcement
(http://www.netbsd.org/Releases/formal-3/NetBSD-3.1.html) and the NetBSD
3.0.2 Release Announcement
(http://www.netbsd.org/Releases/formal-3/NetBSD-3.0.2.html) for more
information.
NetBSD 4.0 re-branched [20061203]
- ---------------------------------
The NetBSD 4.0 release process was originally started in August 2006
(http://mail-index.netbsd.org/netbsd-announce/2006/08/25/0000.html). In
November 2006, the Release Engineering team announced their intention
(<http://mail-index.netbsd.org/netbsd-announce/2006/11/18/0000.html>) to
re-start the process due to a large number of important fixes in HEAD
that should make it into the 4.0 release.
The new netbsd-4 branch was then cut and the start of the 4.0 release
process announced on December 3rd, 2006
(<http://mail-index.netbsd.org/netbsd-announce/2006/12/02/0000.html>),
and NetBSD 4.0 should be released in early 2007.
The upcoming NetBSD 4.0 release will have numerous improvements and
additions, such as the new tmpfs and UDF file systems, new ieee1394
framework (from FreeBSD), Common Address Redundancy Protocol (from
OpenBSD), update to GCC 4.1.1, enhanced Bluetooth support, added
mprotect(2) restrictions to enforce W^X policies, and kernel
authorization (kauth). See the Significant changes from NetBSD 3.0 to
4.0 webpage for more changes and details.
(<http://www.netbsd.org/Changes/changes-4.0.html>)
pkgsrc:
=======
pkgsrcCon 2006 [20060507]
- -------------------------
The third pkgsrc conference, a technical conference for people working
on the NetBSD Packages Collection (pkgsrc), focusing on existing
technologies, research projects, and works-in-progress in pkgsrc
infrastructure, was held to great success from May 5-7, 2006 in Paris,
France. Universite Paris 7. Most of the presentations given are now
also available online
<http://www.pkgsrccon.org/2006/presentations.html>.
pkgsrc-2006Q2, pkgsrc-2006Q3 and pkgsrc-2006Q4 released [20070104]
- ------------------------------------------------------------------
As is to be expected of quarterly releases (unlike "quarterly" status
reports), the pkgsrc team released the following three branches of the
NetBSD Packages Collection in the last 9 months:
- - The pkgsrc-2006Q2 branch included 6110 packages in total, with notable
updates including: gnome-2.14, kde-3.5.3, opera-9.0, perl-5.8.8,
postgresql-8.1.4, thunderbird-1.5.0.4, split the openldap package
into constituent parts, reorganised the webmin packages and plugins,
revamped most of the pkgsrc infrastructure to make it much more efficient
and maintainable, the addition of some pertinent bright, shiny packages such
as seamonkey, pgadmin3, ggrab, jack, mpeg4ip, jamvm, uucp, cherokee,
sgb, javacc, spl, slony1, dtach and a considerable number of fixes for
much better DragonFly BSD operation, which will also benefit a lot of
pkgsrc platforms, with thanks to Joerg Sonnenberger.
- - The pkgsrc-2006Q3 branch included 6229 packages in total, with notable
updates including: gnome-2.16, kde-3.5.4, opera-9.02, postgresql-8.1.4
seamonkey-1.0.5, firefox-1.5.0.7, thunderbird-1.5.0.7, zope-3.2.0,
ruby-1.8.5, wireshark-0.99.3, deprecated mozilla in favour of seamonkey,
the SuSE 9.x packages for Linux emulation have been superceded by
SuSE 10 ones; we also say goodbye to some other old favourites like
the separate XFree86 packages, and teTeX 2; the addition of some
pertinent bright, shiny packages such as postgresql81-postgis, mping,
libgpod, httping, cogito, scmgit, xmms-osx, amaroc, lush, mp3cut,
powerdns, zphoto, imapsync, kismet and xenkernel30.
- - The pkgsrc-2006Q4 branch included 6408 packages in total, with notable
updates including: gnome-2.16.1, kde-3.5.5, opera-9.10,
postgresql-8.2.0, seamonkey-1.0.7, firefox-2.0.0.1, thunderbird-1.5.0.9,
zope-3.3.0, ruby-1.8.5.20061205, wireshark-0.99.4, apache-2.2.3;
modular X11 packages have been added, although they should be considered
"work in progress"; the ghostscript packages have been reworked to bring
them up to date; the addition of some pertinent bright, shiny packages such
as arena, squirm, swatch, fann, checkperms, pam-radius, rails,
kenigma, ncursesw, etrace, xentools30-hvm, wpa_gui, memtestplus,
firefox2, xmorph, ap-modsecurity2, opencv, fwbuilder21, pciids,
gnupg2, g95, epdfview, i810switch, gnash, kaffeine, and
DarwinStreamingServer.
Ports:
======
Due to the large number of supported platforms, this status report will
only point out the very significant changes to some of the ports. For a
full list of port-specific changes, please refer to
http://www.netbsd.org/Changes/changes-3.0.html#port_specific and
http://www.netbsd.org/Changes/changes-3.1.html#port_specific
acorn26: standard ARM bus space implementation [20061001]
- ---------------------------------------------------------
Ben Harris committed a change to move over to using the standard ARM
bus_space implementation on acorn26. This is more flexible than the old
acorn26 bus_space, which means that single read/write operations are
slower, but multi and region operations have the potential to be faster,
and particularly insane podules might be supportable.
http://mail-index.netbsd.org/source-changes/2006/09/30/0044.html
acord26: new driver sec(4) for the Acorn SCSI Expansion Card [20061001]
- -----------------------------------------------------------------------
Ben Harris committed a new driver sec(4) for the Acorn SCSI Expansion.
Unlike asc(4), this driver uses the board's DMA system, uses the
machine-independent WD33C93 driver, works on NetBSD/acorn26, and doesn't
share a name with six other machine-dependent SCSI drivers. Not tested
on acorn32, but it seems to work tolerably well on an A540.
http://mail-index.netbsd.org/source-changes/2006/10/01/0019.html
evbarm: NetBSD ported to I-O DATA HDL-G Giga LANDISK [20060420]
- ---------------------------------------------------------------
NONAKA Kimihiro introduced a NetBSD port to HDL-G400U (also in
japanese) device, a 400GB model of the network HDD products from I-O
DATA DEVICE, Inc.
http://mail-index.netbsd.org/source-changes/2006/04/16/0006.html
http://www.iodata.com/products/products.php?cat=HNP&sc=HDL&ts=2&tsc=14&sc=HDL&pId=HDL-G400U
evbmips: WLAN and AR2315 support [20060925]
- -------------------------------------------
Garrett D'Amore added support for Atheros AR2315 and AR2316 based
devices (specifically the Meraki Mini). The AR5312 port (AP30) now
fully supports both WLAN devices.
evbppc: ported to Xilinx Virtex
- -------------------------------
Jachym Holecek has ported NetBSD/evbppc to the ibm405 core embedded in
Xilinx Virtex {2-Pro, 4 FX} series FPGAs. See his email to the
port-powerpc mailing list
[http://mail-index.netbsd.org/port-powerpc/2006/04/26/0000.html].
hp700: boot-from-disk fixed [20061030]
- --------------------------------------
The boot-from-disk memory corruption bug has been found and fixed in
- -current. Installing to and booting from disk is now reliable.
i386: XBox support in the works [20061213]
- ------------------------------------------
In December, Andrew Gillham sent a status report with request for help
to the port-i386 mailing list regarding the port to Microsoft's XBox
<http://mail-index.netbsd.org/port-i386/2006/12/13/0001.html>. Since
then, he has worked with Jared McNeill and XBox support will likely be
available in NetBSD-current soon.
macppc: PowerMac G5/IBM 970 support [20060805]
- ----------------------------------------------
Sanjay Lal has imported first code to support PowerMac G5/IBM 970
PowerPC CPU. See Sanjay's first message about the working code in
http://mail-index.netbsd.org/port-macppc/2006/06/07/0000.html
macppc: improved support for older PowerBooks [20060919]
- -------------------------------------------------------
Michael Lorenz added code to allow PowerBook 3400c and similar machines
to:
- - use onboard Ethernet
- - use an accelerated console (with chipsfb)
- - run XFree86 (various fixes in XFree's chips driver)
http://mail-index.netbsd.org/port-macppc/2006/09/19/0002.html
macppc: console drivers and timecounters
- ----------------------------------------
Michael Lorenz added code to allow macppc use accelerated console
drivers <http://mail-index.netbsd.org/port-macppc/2006/11/08/0001.html>
and to use timecounters
<http://mail-index.netbsd.org/port-macppc/2006/09/29/0000.html>.
prep: IBM 7025-F30 and Motorola Powerstack E1 Support [20060426]
- ----------------------------------------------------------------
Support for the IBM RS/6000 7025 model F30 and the Motorola Powerstack
E1 have been added to the prep port.
prep: IBM 7025-F40 Support [20060907]
- -------------------------------------
Support for the IBM RS/6000 7025 model F40 has been added to the prep
port. [http://mail-index.netbsd.org/port-prep/2006/09/06/0000.html]
shark: framebuffer console and XFree86 [20061221]
- -------------------------------------------------
Michael Lorenz added code to allow the NetBSD/shark port to
- - use igsfb for an accelerated high-resolution console
http://mail-index.netbsd.org/port-arm/2006/12/04/0000.html
- - build XFree86 so we can use the wsfb driver on top of igsfb
http://mail-index.netbsd.org/port-arm/2006/12/05/0006.html
http://mail-index.netbsd.org/port-arm/2006/12/21/0000.html
sgimips: Multiple Bug Fixes / Features Added [20061230]
- -------------------------------------------------------
Multiple bug fixes and feature additions were made to the sgimips port
over the holidays, including: support for E++ GIO Ethernet adapters, Set
Engineering GIO Fast Ethernet cards, Indigo Light (LG1/LG2)
framebuffers, and timecounters on IP12. Bug fixes primarily centred
around the IP12 port. Most changes are in -current and unlikely to make
the NetBSD 4.0 release.
sparc: NetBSD running on JavaStation Espresso [20060703]
- --------------------------------------------------------
Julian Coleman reported that together with Valeriy E. Ushakov he was
able to make NetBSD boot in single-user mode on a JavaStation Espresso.
http://mail-index.netbsd.org/port-sparc/2006/07/03/0001.html
xen: NetBSD as Domain0 for Xen3 [20060703]
- ------------------------------------------
Manuel Bouyer announced in a message to the port-xen mailing list that
NetBSD is finally usable as a Domain0 with version 3 of the Xen virtual
machine monitor.
http://mail-index.netbsd.org/port-xen/2006/07/03/0000.html
xen: New port maintainer [20060704]
- -----------------------------------
After Manuel Bouyer had already taken over most of the tasks of a port
maintainer, due to Christian Limpach's lack of time, he is now the
official maintainer of NetBSD/xen.
xen: update to 3.0.3 and HVM support [20061020]
- -----------------------------------------------
Manuel Bouyer announced in a message to the port-xen mailing list that
the xentools30 and xenkernel30 packages have been updated to the
just-released Xen-3.0.3. A new package, xentools30-hvm, has been
committed to pkgsrc-current. It provides the additional tools needed to
run unmodified guests under a NetBSD domain0, using Intel VT-x or AMD
VMX virtualisation extensions. NetBSD, Linux and Windows XP have been
successfully booted in a Xen HVM domain.
http://mail-index.netbsd.org/port-xen/2006/10/20/0000.html
zaurus: new port [20061119]
- ---------------------------
NONAKA Kimihiro sent this message, explaining he had ported NetBSD to
the Zaurus. http://mail-index.netbsd.org/port-arm/2006/11/19/0000.html
Security:
=========
Recent Security Enhancements in NetBSD [20061003]
- -------------------------------------------------
Elad Efrat wrote an in-depth article on security enhancements in NetBSD.
The full article is available at
http://www.securityfocus.com/infocus/1878; some of the content in this
paper was presented at EuroBSDcon in Italy, in November 2006.
Security Advisories released
- ----------------------------
In the last nine months of 2006, the following Security Advisories have
been released:
* SA2006-009: False detection of Intel hardware RNG
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-009.txt.asc
* SA2006-011: IPSec replay attack
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc
* SA2006-012: SIOCGIFALIAS ioctl may cause system crash
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-012.txt.asc
* SA2006-013: sysctl(3) local denial of service
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-013.txt.asc
* SA2006-014: An audio subsystem race condition may crash the system
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-014.txt.asc
* SA2006-015: FPU Information leak on i386/amd64/Xen platforms with AMD CPUs
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-015.txt.asc
* SA2006-016: IPv6 socket options can crash the system
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-016.txt.asc
* SA2006-017: Sendmail malformed multipart MIME messages
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-017.txt.asc
* SA2006-018: sail(6), dm(8) and tetris(6) buffer overflows
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-018.txt.asc
* SA2006-019: Malicious PPP options can overrun a kernel buffer
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc
* SA2006-020: Integer overflows in PCF font parsers
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-020.txt.asc
* SA2006-021: Integer overflows in CID-keyed font parser
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-021.txt.asc
* SA2006-022: BIND recursive query and SIG query processing
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-022.txt.asc
* SA2006-023: OpenSSL RSA Signature Forgery
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-023.txt.asc
* SA2006-024: systrace(4) integer overflow
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-024.txt.asc
* SA2006-025: Multiple information/memory leakage issues
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-025.txt.asc
* SA2006-026: Multiple denial of service issues
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc
* SA2006-027: libc glob(3) buffer overflow
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-027.txt.asc
Please check the Security Advisories page for full details of all
advisories [http://www.NetBSD.org/Security/advisory.html].
Technical:
==========
kauth(9) merged [200601515]
- ---------------------------
Elad Efrat has merged his kauth(9) work (see
http://www.netbsd.org/Foundation/reports/2006Q1.html#kauth) in May of
2006. Following this, he has submitted a proposal regarding dividing
securelevel implications to kauth(9) scopes
(http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html) and
regarding upcoming security model abstraction
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html).
sendmail removed [20060530]
- ---------------------------
After a fair amount of discussions, sendmail was removed from the NetBSD
source tree on May 30th, 2006, in part due to its security track record.
Postfix remains as the default SMTP server in the NetBSD base system.
Sendmail will continue to be available from pkgsrc.
Timecounters [20060608]
- -----------------------
Simon Burge and Frank Kardel imported the timecounter framework from
FreeBSD into the -current. Subsequently a great number of ports have
been timercounterized (see http://www.NetBSD.org/developers/features for
a detailed status). Timecounters will replace the previously machine
dependent microtime implementations.
The benefits of the timecounter implemention are:
- true sub microsecond time resolution as hardware permits
- improved NTP support (NTP API 4)
- simplified machine dependent clock implementation
- multiple, selectable clock sources
After importing timecounters some long standing time keeping issues were
solved. SC1100 based systems where finally able to keep time. Also busy
multiprocessor servers where relieved from the clock slowdown problem.
Further reading:
Timecounters: http://phk.freebsd.dk/pubs/timecounter.pdf
NTP nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
Bluetooth Support [20060729]
- ----------------------------
Iain Hibbert, who did most of the work on getting Bluetooth support into
NetBSD also wrote a HowTo for getting started with Bluetooth on NetBSD.
See http://wiki.netbsd.se/index.php/Bluetooth for details.
GRE in UDP tunnels [20060831]
- -----------------------------
David Young added mode to gre(4) that sends GRE tunnel packets in UDP
datagrams. In UDP mode, gre(4) puts a GRE header onto transmitted
packets, and hands them to a UDP socket for transmission. That is, the
encapsulation looks like this: IP+UDP+GRE+encapsulated packet.
There are two ways to set up a UDP tunnel. One way is to tell the
source and destination IP+port to gre(4), and let gre(4) create the
socket. The other way to create a UDP tunnel is for userland to
"delegate" a UDP socket to the kernel.
EtherIP driver [20061101]
- -------------------------
Hans 'woodstock' Rosenfeld has reworked the current EtherIP driver for
NetBSD 4.0 based on tap(4) and gif(4), citing from the manpage: ``The
etherip interface is a tunneling pseudo device for ethernet frames. It
can tunnel ethernet traffic over IPv4 and IPv6 using the EtherIP
protocol specified in RFC 3378.
The only difference between an etherip interface and a real ethernet
interface is that there is an IP tunnel instead of a wire. Therefore, to
use etherip the administrator must first create the interface and then
configure protocol and addresses used for the outer header. This can be
done by using ifconfig(8) create and tunnel subcommands, or SIOCIFCREATE
and SIOCSLIFPHYADDR ioctls.''
See Hans's posting to tech-net for more details and a link to the code:
http://mail-index.netbsd.org/tech-net/2006/10/31/0002.html
puffs -- pass-to-userspace framework file system [20061022]
- -----------------------------------------------------------
puffs (pass-to-userspace framework file system) is a framework for
building file systems in userspace. It consists of a kernel VFS
attachment and a user level framework library, libpuffs. The goal is to
push as much of the implementation work as possible into the generic
library to make especially file system prototyping an easy task. puffs
was developed by Antti Kantee as part of the 2005 Summer of Code; it was
first imported into NetBSD's source tree by Antti in October 2006 and
has since since a lot of active development.
The library does not force threading on the programmer and provides a
continuation framework for file systems with high latency backends. An
example of this is psshfs, the puffs ssh file system (mount_psshfs(8),
will appear in NetBSD 5.0), which can execute multiple operations
"concurrently" from a single thread.
Another interesting feature is tightly integrated layering support,
which eventually should enable runtime layerable file systems to be
constructed. Currently simple layering features are supported, such as
null mounting (similar to the kernel mount_null(8)) a file system
hierarchy to another location processed through rot13. An example would
be to browse the sysctl tree with the puffs sysctlfs mounted through
rot13fs.
Source Address Selection Policy [20061113]
- ------------------------------------------
David Young added a source-address selection policy mechanism to the
kernel, as well as ioctls SIOCGIFADDRPREF/SIOCSIFADDRPREF to get/set
preference numbers for addresses.
To activate source-address selection policies in your kernel, add
'options IPSELSRC' to your kernel configuration.
See in_getifa(9) for a more thorough description of source-address
selection policy.
postfix updated to 2.3.5. [20061221]
- ------------------------------------
Rui Paulo updated postfix to version 2.3.5. This version has been
pulled up into the netbsd-3 and netbsd-4 branches.
More Information
================
To learn more about NetBSD visit its homepage hat
<http://www.NetBSD.org/>, for a list of code changes see the
src/doc/CHANGES and pkgsrc/doc/CHANGES files at
<http://cvsweb.NetBSD.org/bsdweb.cgi/src/doc/CHANGES?rev=HEAD> and
<http://cvsweb.NetBSD.org/bsdweb.cgi/pkgsrc/doc/CHANGES?rev=HEAD>.
Individual changes to the NetBSD source and pkgsrc can be monitored on
the "source-changes" and "pkgsrc-changes" mailing lists, see the
archives at <http://mail-index.NetBSD.org/source-changes/> and
<http://mail-index.NetBSD.org/pkgsrc-changes/>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)
iD8DBQFFtlumfFtkr68iakwRAgfhAKCbmV+HEfGHtxmMBz+SzHecW1QaEwCg8KtK
JpY1ydWtqNU40TyGEAszud0=
=eaxr
-----END PGP SIGNATURE-----