Announcing NetBSD 4.0.1

About the NetBSD 4.0.1 Release

The NetBSD Project is pleased to announce that update 4.0.1 of the NetBSD operating system is now available. NetBSD 4.0.1 is the first security/critical update of the NetBSD 4.0 release branch. This represents a selected subset of fixes deemed critical in nature for stability or security reasons, no new features have been added.

NetBSD 4.0.1 runs on 54 different system architectures featuring 17 machine architectures across 17 distinct CPU families, and is being ported to more. The NetBSD 4.0.1 release contains complete binary releases for 51 different machine types, with the platforms amigappc, bebox and ews4800mips released in source form only. Complete source and binaries for NetBSD 4.0.1 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services is provided at the end of this announcement; the latest list of available download sites may also be found at http://www.NetBSD.org/mirrors/. We encourage users who wish to install via a CD-ROM ISO image to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of hashes for the NetBSD 4.0.1 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-4.0.1_hashes.asc

Please note that all fixes in security/critical updates (i.e., NetBSD 4.0.1, 4.0.2, etc) are cumulative, so the latest update contains all such fixes since the corresponding minor release. These fixes will also appear in future minor releases (i.e., NetBSD 4.1, 4.2, etc), together with other less-critical fixes and feature enhancements.

NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources; some are listed at http://www.NetBSD.org/gallery/consultants.html. More extensive information on NetBSD is available from our website:

http://www.NetBSD.org/

Changes Between 4.0 and 4.0.1 update

The complete list of changes can be found in the CHANGES-4.0.1 file in the top level directory of the NetBSD 4.0.1 release tree. A shortened list is as follows:

Security Advisories Fixes

NetBSD-SA2008-004, multiple issues (CVE-2008-1372 and CVE-2005-0953), has been fixed by upgrading to bzip2 to 1.0.5
NetBSD-SA2008-005, OpenSSH Multiple issues (CVE-2008-1483 and CVE-2008-1657), has been fixed by applying patches from upstream.
NetBSD-SA2008-006, integer overflow in strfmon(3) function (CVE-2008-1391), has been fixed.
NetBSD-SA2008-008, OpenSSL Montgomery multiplication (CVE-2007-3108), has been fixed.
NetBSD-SA2008-009, BIND cache poisoning (CVE-2008-1447 and CERT VU#800113), has been fixed by updating BIND to 9.4.2-P2. Note there are two related changes to this advisory:
- The default behavior of ipfilter's Port Address Translation has been changed to using random port allocation rather than sequential mappings, to avoid decreasing the randomness of source ports used for DNS queries which affects the BIND cache poisoning problem.
- A `query-source' statement, which could allow the BIND cache poisoning attack, has been commented out in the default named.conf(5) file.
NetBSD-SA2008-010, malicious PPPoE discovery packet can overrun a kernel buffer (CVE-2008-3584), has been fixed.
NetBSD-SA2008-011, ICMPv6 MLD query (CVE-2008-2464), has been fixed.
NetBSD-SA2008-012, Denial of Service issues in racoon(8) (CVE-2008-3652), has been fixed by upgrading ipsec-tools to release 0.7.1. Note this also fixes CVE-2008-3651.
upcoming NetBSD-SA2008-013, IPv6 Neighbor Discovery Protocol routing vulnerability (CVE-2008-2476), has been fixed.
upcoming NetBSD-SA2008-014, remote cross-site request forgery attack issue in ftpd(8) (CVE-2008-4247), has been fixed.
upcoming NetBSD-SA2008-015, remove kernel panics on IPv6 connections (CVE-2008-3530), has been fixed.

Note: NetBSD-SA2008-007 and advisories prior to NetBSD-SA2008-004 don't affect NetBSD 4.0.

Other Security Fixes

Fix a buffer overrun which could crash a FAST_IPSEC kernel.
tcpdump(8): fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in base-tcpdump.
Fix a buffer overflow of PCF font parser in X11 libXfont library (CVE-2008-0006).
Fix a buffer overflow of Tektronix Hex Format support in binutils (CVE-2006-2362).
machfb(4) and voodoofb(4): introduce two missing KAUTH_GENERIC_ISSUSER checks in the mmap(2) code.

Networking

Update root.cache to 2008020400 version.
Fix IP packet forwarding code to make sure to send a reasonable fragment size when IPsec is configured.
Fix a bug in TCP SACK code which causes data corruption.
Fix an rc.d(8) script for amd(8) not to shutdown gracefully since it seems to cause problems for more people than the old (also broken) behavior.
ftpd(8): fix and reorganize PAM support.

Libraries

Pthread support of BIND has been disabled for future binary compatibility after removal of the scheduler activations.
Fix coredump of gdtoa (conversion between binary floating-point and ASCII string) functions on out of memory conditions.

Drivers

fxp(4): fix random pool corruption and hangup problems.
wd(4): handle more LBA48 bug quirks on some Hitachi's SATA/IDE drives.

Miscellaneous

Disable a NULL pointer check in zlib for standalone programs. This fixes errors on loading a gzipped kernel (including installation kernels) on several ports (news68k etc.) whose kernels are loaded at address zero.
awk(1): bring back an accidentally removed fix to allow escape of a newline in string literals.
gcc(1):
- fix compilation of native sh3 gcc on 64-bit build machines
- fix an internal compiler error on compiling m68k softfloat or m68010 targets on 64-bit build machines.
zgrep(1): make `-h' option (suppress filenames on output when multiple files are searched) actually work.
Fix parallel build failure on building hpcarm, hpcmips and hpcsh releases.

Platform specific

acorn32: fix a bootloader problem on some RiscPCs.
cobalt:
- add a workaround to avoid panic on probing a multi function PCI device on Qube's PCI slot
- fix a bug in the interrupt handler which causes network freeze if more than one interfaces are used.
hp700: fix potential kernel / userland memory corruption in copyinstr(9) and copyoutstr(9).
sparc64: fix a bug in locore.s which causes unexpected behavior.
sun3: fix a bug which might cause an occasional panic during boot.
vax: make syscall handler use proper copyin(9) function on parsing syscall args.

System families supported by NetBSD 4.0.1

The NetBSD 4.0.1 release provides supported binary distributions for the following systems:

NetBSD/acorn26	Acorn Archimedes, A-series and R-series systems
NetBSD/acorn32	Acorn RiscPC/A7000, VLSI RC7500
NetBSD/algor	Algorithmics, Ltd. MIPS evaluation boards
NetBSD/alpha	Digital/Compaq Alpha (64-bit)
NetBSD/amd64	AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension
NetBSD/amiga	Commodore Amiga and MacroSystem DraCo
NetBSD/arc	MIPS-based machines following the Advanced RISC Computing spec
NetBSD/atari	Atari TT030, Falcon, Hades
NetBSD/cats	Chalice Technology's CATS and Intel's EBSA-285 evaluation boards
NetBSD/cesfic	CES FIC8234 VME processor board
NetBSD/cobalt	Cobalt Networks' MIPS-based Microservers
NetBSD/dreamcast	Sega Dreamcast game console
NetBSD/evbarm	Various ARM-based evaluation boards and appliances
NetBSD/evbmips	Various MIPS-based evaluation boards and appliances
NetBSD/evbppc	Various PowerPC-based evaluation boards and appliances
NetBSD/evbsh3	Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances
NetBSD/hp300	Hewlett-Packard 9000/300 and 400 series
NetBSD/hp700	Hewlett-Packard 9000 Series 700 workstations
NetBSD/hpcarm	StrongARM based Windows CE PDA machines
NetBSD/hpcmips	MIPS-based Windows CE PDA machines
NetBSD/hpcsh	Hitachi Super-H based Windows CE PDA machines
NetBSD/i386	IBM PCs and PC clones with i386-family processors and up
NetBSD/ibmnws	IBM Network Station 1000
NetBSD/iyonix	Castle Technology's Iyonix ARM based PCs
NetBSD/landisk	SH4 processor based NAS appliances
NetBSD/luna68k	OMRON Tateisi Electric's LUNA series
NetBSD/mac68k	Apple Macintosh with Motorola 68k CPU
NetBSD/macppc	Apple PowerPC-based Macintosh and clones
NetBSD/mipsco	MIPS Computer Systems Inc. family of workstations and servers
NetBSD/mmeye	Brains mmEye multimedia server
NetBSD/mvme68k	Motorola MVME 68k Single Board Computers
NetBSD/mvmeppc	Motorola PowerPC VME Single Board Computers
NetBSD/netwinder	StrongARM based NetWinder machines
NetBSD/news68k	Sony's 68k-based “NET WORK STATION” series
NetBSD/newsmips	Sony's MIPS-based “NET WORK STATION” series
NetBSD/next68k	NeXT 68k “black” hardware
NetBSD/ofppc	OpenFirmware PowerPC machines
NetBSD/pmax	Digital MIPS-based DECstations and DECsystems
NetBSD/pmppc	Artesyn's PM/PPC board
NetBSD/prep	PReP (PowerPC Reference Platform) and CHRP machines
NetBSD/sandpoint	Motorola Sandpoint reference platform
NetBSD/sbmips	Broadcom SiByte evaluation boards
NetBSD/sgimips	Silicon Graphics' MIPS-based workstations
NetBSD/shark	Digital DNARD (“shark”)
NetBSD/sparc	Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode)
NetBSD/sparc64	Sun UltraSPARC (in native 64-bit mode)
NetBSD/sun2	Sun Microsystems Sun 2 machines with Motorola 68010 CPU
NetBSD/sun3	Motorola 68020 and 030 based Sun 3 and 3x machines
NetBSD/vax	Digital VAX
NetBSD/x68k	Sharp X680x0 series
NetBSD/xen	The Xen virtual machine monitor

Ports available in source form only for this release include the following:

NetBSD/amigappc	PowerPC-based Amiga boards
NetBSD/bebox	Be Inc's BeBox
NetBSD/ews4800mips	NEC's MIPS-based EWS4800 workstation

Acknowledgments

The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at:

http://www.NetBSD.org/people/

We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Systems Consortium Inc., the Network Security Lab at Columbia University's Computer Science Department, and Ludd (Luleå Academic Computer Society) computer society at Luleå University of Technology for current colocation services.

About the NetBSD Foundation

The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers.

As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome assistance with ongoing upgrades and maintenance, as well as with operating expenses for The NetBSD Foundation.

Donations can be done via PayPal to <paypal@NetBSD.org> and are fully tax-deductible in the US. If you would prefer not to use PayPal, or would like to make other arrangements, please contact <finance-exec@NetBSD.org>.

NetBSD mirror sites

Please use a mirror site close to you.

Please also note our list of CD-ROM vendors.

Back to NetBSD 4.x formal releases

类别：默认分类 | 添加到搜藏 | 浏览() | 评论 (3)

姓　名：	*姓名最长为50字节

网址或邮箱：	(选填)

内　容：

验证码：	请点击后输入四位验证码，字母不区分大小写看不清?
	取消回复