Announcing NetBSD 9.4 (April 20, 2024)

Quick links for the impatient:

Download 9.4 from our CDN: amd64 USB, amd64 CD, various ARM devices, full release dir with everything else.

Hashes, signed with the NetBSD Security Officer's PGP key, of all files in the distribution.

Introduction

NetBSD 9.4 contains various improvements pulled up from the current branch to the netbsd-9 stable branch since NetBSD 9.3 was cut on August 4, 2022.

NetBSD 9.4 is primarily a bug and security fix release, however, there are some new features, such as support for more MegaRAID controllers, ZTE MF112 and D-Link DWM222 USB 3G modems, and improved CPU feature detection for newer AMD/Intel devices. All users of netbsd-9 should upgrade if they are not following the stable branch.

Important: the version of OpenSSL included with NetBSD 9.x is now unsupported unless a support contract is purchased from OpenSSL, and cannot be upgraded without breaking the ABI compatibility we’ve promised for the netbsd-9 branch. Users are recommended to update to NetBSD 10 or use OpenSSL from pkgsrc.

Highlights

  • libm - Added fused-multiply-add functions for MIPS.
  • misc - Update root DNS servers to 2023112702.
  • misc - Install a copy of dhcpcd.conf under /usr/share/examples.
  • next68k - Large scale boot and reliability fixes to various parts of the port.
  • x86 - Added zen3 and zen4 support to amdsmn(4), amdzentemp(4). Added support for per CCD temperature sensor.
  • x86 - Added Intel 600 and 700 Series PCH, Snow Ridge support to ichsmb(4).
  • x86 - Added support for AMD Family 19h, Intel Comet Lake, Skylake-X, Cascade Lake to tprof(8).
  • x86 - Added serial console support via raw I/O port access to efiboot.
  • x86 - Added the zfs and cgd ramdisks to the release build.
  • acpi(4) - compatibility enhancements (especially for aarch64 on QEMU).
  • audioplay(1) - support for playing 32-bit and 64-bit IEEE FP .wav files. Fixes to the wav parser.
  • date(1) - add -R option for displaying time in RFC 5322 format and -f option to set the time.
  • ftp(1) - added support for relative HTTP redirects.
  • getconf(1) - accept variable names with or without leading underscore. This matches FreeBSD and makes it more compatible with GNU’s getconf.
  • lm(4) - added Nuvoton NCT6799D, NCT6797D support.
  • mfii(4) - support for more devices, including SAS3216, SAS3224, SAS3316, and SAS3324. Reliability fixes.
  • mfii(4) - made the driver use MSI/MSI-x when available.
  • puc(4) - added support for the EXAR XR17V354 PCIe UART.
  • re(4) - added support for Realtek RTL8168GU Ethernet devices.
  • u3g(4) - added support for ZTE MF112 and D-Link DWM222 3G USB modems.
  • sshd(8) - stop generating DSA host keys by default.
  • zpool(8) - enabled zpool to reliably find components on dk(4) wedges.

Userspace

  • libc - Documentation fixes in manual pages.
  • libc - Fixed behaviour of pthread functions when not linked with libpthread.
  • libc - Fixed behaviour of swab(3) and made sure it’s properly tested in the future.
  • libc - Fixed parsing a locale string with multiple components in newlocale(3)
  • libc - Fixed "setrlimit(RLIMIT_STACK) fails to increase usable stack size".
  • libc - Fixed various overflow possibilities in vis(3). Update tests.
  • libc - Fixed a couple of unlikely memory leaks in sethostent(3).
  • libc - Fixed "getnameinfo(3)'s socket address length argument is interpreted too strictly". Document NI_NUMERICSCOPE.
  • libm - Fixed spurious side effects in fetestexcept(3).
  • iscsi - Fixed "iscsi-initiator crashes on sparc64".
  • find(1) - fixed "find(1) needlessly bails out if . cannot be opened".
  • ld.elf_so(1) - fixed dlopen(3) with static thread-local storage.
  • ldpd(8) - fixed "ldpd fails on alignment-picky architectures".
  • netstat(1) - various output improvements.
  • progress(1) - fixed error handling.
  • sh(1) - fixed escape handling in read builtin, and cosmetic improvements to error reporting.
  • sh(1) - fixed "substring processing in assignments fail for quoted control characters".
  • skey(1) - adapted skeyaudit script to the removal of Mail(1).
  • systat(1) - fixed "systat vm reports 1 users after ^Z, fg".
  • vacation(1) - check Auto-Submitted: (RFC 3834) e-mail header in addition to Precedence: (RFC 2076), and set Precedence: in addition to Auto-Submitted:.
  • vi(1) - correctly handle escaped backslashes.
  • pthread(3) - fixed pthread hangs on startup, various lock hangs on ARM.
  • blacklistd(8) - fixed firewall IDs on restart of the daemon.
  • cpuctl(8) - do not show error messages when the microcode to be loaded is already available in the cpu.
  • ftpd(8) - various error handling fixes.
  • dump(8) - silently ignore /etc/fstab entries with NAME= entries that cannot be resolved.
  • iostat(8) - fixed processing of the archaic argument format (BACKWARD_COMPATIBILITY) so it doesn’t repeat the processing every iteration.
  • makefs(8) - fixed "makefs(8) -t msdos doesn’t return EXIT_FAILURE on some errors"
  • pam(8) - disabled the pam_krb5 and pam_ksu Kerberos authentication modules by default.
  • sysinst(8) - fixed various disk partitioning and accounting issues.
  • telnetd(8) - fixed CVE-2020-10188.
  • telnetd(8) - fixed a crash accessing the slc table before initialization.

Ports

  • alpha, pmax, vax - Fixed keyboard console in polled mode on some machines.
  • amd64 - Fixed amd(8) under 32-bit compatibility.
  • amiga - Updated loadbsd source and distribution binary to version 3.3.
  • amiga - Updated device-streams binaries from Roc Valles.
  • atari - Added minimal DEC special graphics character support to ite(4).
  • atari - Fixed a long-standing error during le(4) probe.
  • atari - Improved VGA console settings for Milan, especially for sysinst(8).
  • atari - Improved the Atari ST-RAM reservation to make the old Xserver work by default.
  • dreamcast - Fixed "aica(4) sometimes became unresponsive when audioplay was performed several times".
  • evbarm - Improved sunxican(4) RX interrupt handling to reduce the risk of receive overrun, and improve receive overrun recovery.
  • evbmips - Fixed "Octeon boot fails with bus error".
  • hp300 - Fixed silent bus error panic on 98543A topcat framebuffer on HP320 and HP360.
  • hp300 - Fixed bootloader to allow booting from 2202A, 7908A, 7911A, and 7941A.
  • hp300 - Fixed various issues with the rd(4) disk driver.
  • i386 - Enabled endian-independent disklabel support in GENERIC kernels.
  • newsmips - Use FONT_SONY12x24 console font for Sony fans, rather than the Gallant fonts used on Sun systems.
  • newsmips - Added NWS-3260 LCD-MONO framebuffer support.
  • newsmips - Fixed delays in the SCSI driver.
  • vax - Made it possible to boot on VAXen with as little as 8MB and as high as 512MB RAM.
  • vax - Fixed SCSI transfer corruption on VAXstation 3100/m30 (KA420) on netboot.
  • vax - Fixed various crashes on ifconfig(8) operations with the qe(4) driver.
  • x86 - Fixed a problem where APIC remap warnings were printed on boot.
  • x86 - Added more CPU flags to /proc/cpuinfo.
  • x86 - Support new AMD chipsets that do not have indirect access I/O ports in piixpm(4).
  • x86 - Print UUIDs in slightly more standard notation when booting from EFI.
  • x86 - Primary bootstrap is now able to read a GPT inside a RAIDframe.
  • x86 - Turn off "Zenbleed" chicken bit on Zen2 CPUs.
  • x86 - Fixed detection of PCI MSI/MSI-X availability on some systems.

Kernel and device drivers

  • kernel - Various memory barrier fixes.
  • compat - Fixed various potential information leaks.
  • ffs - Fixed a bug with snapshots that caused UFS2 filesystems bigger than 2TB to prematurely report that they were full and/or to panic the kernel.
  • netinet6 - Avoid duplicate free of link layer entries occasionally resulting in a kernel panic when the router is rebooted.
  • netinet6 - Fixed IPV6_CHECKSUM handling.
  • netinet6 - Fixed "enabling SO_TIMESTAMP on ICMP6 socket doesn’t work".
  • netinet6 - Fixed panic on certain inet6 address configs.
  • nfs - Fixed "NFS client regression with macOS 14 server".
  • nfs - Various server protocol fixes.
  • ptyfs - Allow chown/chmod at root of ptyfs. Fixed buffer overrun.
  • sysv_shm - Avoid potential overflow when computing kern.ipc.shmmax.
  • zfs - Fixed mounting of wapbl volumes when the block device node is on a zfs volume.
  • zfs - Fixed "pgdaemon 100% busy - no scanning".
  • mmap(2) - various reliability fixes, fixes issues with NodeJS.
  • acpi(4) - fixed out of range access.
  • bpf(4) - reject invalid timeout values.
  • ehci(4) - fixed "USB keyboard causes host controller to miss microframe".
  • ipmi(4) - ignore non-recoverable and critical limits smaller than the warning limits. These are usually invalid.
  • ixg(4) - added an option for TX to always use deferred softint. It’s off by default.
  • nvme(4) - fixed nvmectl(8) after a suspend/resume cycle.
  • pci(4) - recognize and detect various newer devices.
  • raid(4) - reject invalid values for numCol and numSpares.
  • raid(4) - fixed memory leaks.
  • route(4) - fixed a deadlock on route deletion.
  • sd(4) - fixed garbage appended to the device type string and possible information disclosure.
  • sdhc(4) - added quirk setting for some Intel PCI eMMC devices to make them work.
  • sdmmc(4) - fixed deadlock on umount(8).
  • sem(4) - fixed kernel panics when running the NodeJS package manager.
  • tun(4) - allow IPv6 packets with TUNSLMODE configured.
  • ure(4) - fixed undefined behaviour.
  • urndis(4) - added OnePlus 5T to the quirky devices list.
  • urtwn(4) - avoid deadlocking on command ring overflow.
  • usb(4) - fixed undefined behaviour.
  • vnd(4) - fixed a deadlock in low memory scenarios.
  • wd(4) - fixed verbose attach messages for ATA controllers w/o UltraDMA support.
  • wd(4) - various reliability fixes in the ATA layer.
  • wscons(4) - fixed "some VT codes result in blank console".
  • wm(4) - added more statistics counters.
  • wm(4) - added various workarounds to prevent dropping packets.
  • wm(4) - added support for Intel Raptor Lake devices, Intel I219-{LM,V}(20,21).
  • xhci(4) - support XHCI devices that only have USB 2 ports.
  • npf(7) - fixed "NPF defaults break IP fragment reassembly".
  • npf(7) - pass-through block-return packets so they are not subject to rules.
  • npf(7) - various reliability fixes.
  • kauth(9) - fixed credential reference leak.

Build system

  • Fixed building GCC with clang++ as the host compiler.
  • Avoid the dependency on a populated tooldir (or building the tools) when simply doing mkrepro-timestamp and the current repository setups does not actually require it.
  • Fixed compilation of DEBUG m68k kernels.
  • Fixed compilation of some MP MIPS kernels that aren’t built by default.
  • Fixed usage of deprecated shell features in various miniroot scripts.
  • Fixed "printf("%.1f") shows wrong results on MIPS R3000 (big endian)".

Third-party software

The following third-party software included with the NetBSD system was updated:

  • tzdata - updated to 2024a
  • libX11 - fixed CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788, CVE-2023-43789.
  • Xorg(1) - fixed CVE-2023-1393, CVE-2023-0494, CVE-2023-5367, CVE-2023-5380, CVE-2022-46285, CVE-2022-44617, CVE-2022-4883, CVE-2020-14363, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342 CVE-2022-46343, CVE-2022-46344, CVE-2022-46283, CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011
  • Xorg(1) - disabled broken DGA extension for xf86-video-wsfb.
  • openssl(1) - updated to 1.1.1t
  • openssl(1) - fixed "openssl speed crashes on SPARCv8".
  • postfix(1) - updated to 3.8.4
  • postfix(1) - include postfix-tls-script.
  • sshd(8), sshd(8) - updated to 9.6
  • mdnsd(8) - fixed privilege separation, use arc4random(3)
  • named(8) - updated to BIND 9.18.24
  • nsd(8) - updated to 4.8.0 (fixes various CVEs)
  • unbound(8) - updated to 1.19.1 (fixes various CVEs)
  • wpa_supplicant(8) - fixed CVE-2023-52160
  • xdm(8) - fixed the man page generation, and include "sbin" directories (and games) in the default user PATH.
Back to  NetBSD 9.x formal releases