Announcing NetBSD 9.2 (May 12, 2021)
The NetBSD Project is pleased to announce NetBSD 9.2 "Nakatomi Socrates", the second update of the NetBSD 9 release branch.
It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.1 in October 2020, as well some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0.
The CD images support booting from an actual CD/DVD or virtual machine only, for everything else use the other images. In order to write USB drive and SD card images, use gunzip(1) and dd(1) on Unix, or Rawrite32 on Windows. On ARM boards (not Raspberry Pi), you may also need to write U-Boot to the SD card.
An existing installation can be upgraded by booting an installation image and selecting the Upgrade option.
Unattended upgrades can be performed using the sysupgrade tool from pkgsrc. If you are using sysupgrade from a release earlier than 9.0, update the kernel and modules first, reboot and make sure the NetBSD 9.2 kernel is running, then update the rest of the system.
- netinet: avoid information disclosure, NetBSD-SA2021-001: Predictable ID disclosures in IPv4 and IPv6
- netinet: fixed "multicast router sends multicast packet with invalid UDP checksum" (PR 55779)
- xen: fixes for XSA-362 - backends treating grant mapping errors as bugs. A malicious DomU could trigger a Dom0 kernel panic.
xen: removed support for
rx-flipmode in xennet(4) and xvif(4) as part of XSA-362 fixes (driver already defaulted to the faster
- zfs: various stability fixes. Fixed "panic when creating a directory on a NFS served ZFS". (PR 55042)
- coda: fixed "coda client opens wrong files instead of cache containers". (PR 55775)
hyperv: fixed "unable to ifconfig(8) up/down with
BOOTSIG1checks prevent mounting Raspberry Pi Pico’s USB mass storage" (PR 55985)
- kern: fixed "panic while loading multiple large firmware files before init(8)" (PR 55906)
- fdescfs: fixed "fdescfs creates nodes with wrong major number" (PR 56130)
procfs: corrected the permissions of the
usb: removed incorrect assertions in abort paths, fixes false assertion failures with
kern.maxfiles’s default value now scales with system RAM. Avoids resource exhaustion in hungry applications, e.g. multiprocess Mozilla Firefox.
- compat_netbsd32(8): various improvements on AArch64:
compat_linux(8): fixed bug-compatibility with programs that use a longer
namelenthan the size of a valid
struct sockaddr_in *.
threadpool_job_cancelthrashtest randomly fails" (PR 55948)
- calendar(1): updated Judaic calendar to 2021.
- ctwm(1): adjusted default window manager configuration to improve accessibility, based on feedback from users. Fixed problems with window focus.
ftp -qdoes not work". (PR 55857)
improved POSIX conformance. Allow one and two character delimiters with
-d. (PR 55891)
- patch(1): fixed the behaviour of -V none.
EINTRin writes. (PR 55914)
ps(1): fixed the calculation of widths for the
lstartcolumn if an empty column header is specified.
fixed "ksh unable to execute
ERRtraps" (PR 56007)
fixed handling of
NULcharacters in shell scripts. (PR 55979)
- sh(1): fixed fallout related to PR 48875: avoid invalid subshell-elimination optimization when there are pending background jobs.
pkg_add(1): moved the default package database location on
new installations from
/usr/pkg/pkgdb, for consistency with the pkgsrc bootstrap and pkgsrc on other platforms. It can be overridden in pkg_install.conf(5).
- vmstat(1): stopped vmstat from exiting if it can’t get the addresses of time values it often doesn’t need.
httpd(8): updated to 20210227 from NetBSD HEAD.
READMEfile support to directory indexing.
- Added more MIME types for various archive and video formats.
- Fixed serving files greater than 4GB on 32-bit architectures.
- Various stability fixes.
- dump(8): fix status updates for files larger than 2TiB. (PR 55834)
- fsck(8): fixed prop_object_release(3) of invalid data.
- isibootd(8): fixed "cannot allocate memory" failure on amd64.
- pwm_backlight: save the new brightness level when set by the user, preventing Pinebook Pro display brightness from resetting after DPMS blanking.
- ahcisata(4): various conformance improvements, support for SATA on the Solidrun Honeycomb LX2K.
- audio(4): fixed surround formats being preferred as the default on some hardware, prefer stereo instead.
- audio(4): fixed resource leaks, locking issues.
avoid hangs when using speaker(4) (
/dev/speaker) with an emulated beeper. (PR 56059)
- cd(4): fixed "cannot eject USB mass storage attached as sd(4)" (PR 55986)
fixed "destroyed ena
evcntscause panic" (PR 55942)
- harmony(4): fixed a locking bug and handling of channel/speed bits.
- hilkbd(4): fixed a race condition in console attachment.
- hdaudio(4): fixed "RIRB timeout" issues on reboot. (PR 51734)
- ixg(4): various bug fixes, modified default parameters to reduce packet dropping.
- nvme(4): avoid mulitple bus rescans when loading nvme(4) as a module. (PR 55839)
- raid(4): fix an issue where a RAID reconstruction would also rebuild the unused end portion of a component.
- ohci(4): restructure the abort code for TD based transfers, avoiding panics and aborts. (PR 22646, PR 55835)
- sti(4): added bitmap operations support for SGC CRX (A1659-66001) framebuffers and improved 425e EVRX support.
- sun8icrypto(4): added support for TRNG and crypto acceleration on Allwinner H5 (e.g. NanoPi Neo PLUS2).
- topcat(4): fixed a panic with monochrome framebuffers, and incorrect framebuffer width reporting.
- uaudio(4): avoid dropping samples when recording.
ucom(4): avoid potential panics when detaching the device by properly waiting for
- uhid(4): various locking fixes.
- urtw(4): fixed detection of Belkin F5D7050E wireless adapter. (PR 56056)
- urtwn(4): added support for the TP-Link TL-WN821N V6 wireless adapter and another TP-Link chipset variant.
- urtwn(4): plug a few leaks. (PR 55968)
- vcaudio(4): accurately report lack of hardware support for recording on Raspberry Pi.
- wm(4): fixed Intel 82574 (and later) Gigabit Ethernet Controllers being unable to recieve packets on big endian systems.
- wm(4): avoid device timeouts with ihphy(4) and atphy(4).
fixed "panic at
usb_transfer_complete()on Raspberry Pi 4" (PR 55243)
- arm: sync-lock and atomic operations fixes.
MAC68K_MEMSIZEkernel option to work around Booter reporting an incorrect size.
DJMEMCMAXfor Quadra/Centris 650/800.
- m68k: plugged kernel stack memory leaks. (PR 55990)
GENERICkernel. (PR 56077)
- x68k: fixed savecore(8). (PR 51663)
- zaurus: made LCD BrightnessUp and BrightnessDown work on C7x0/860.
fixes for installation on older architectures:
alpha: switched back to
.gzsets to avoid memory exhaustion from
- miniroot: various fixes for problems that were preventing installation, added missing sets to the defaults.
hp300: removed default options in
RAMDISKkernels for small RAM machines that caused excessive set extraction times.
- alpha: switched back to
- build.sh: removed common symbols from tools to allow cross-compiling with newer compilers.
- build.sh: fixed cross-building NetBSD from macOS with recent Clang.
Various third-party components included with the NetBSD base system were updated:
- openssl(1): updated to 1.1.1k
- tmux(1): updated to 3.1c
Xorg(1): applied upstream fixes for:
- CVE-2021-3472 (local privilege escalation).
xdpyinfo(1): fixed "no output of
xdpyinfoon redirect or pipe"
xterm(1): updated to 366
- fixed CVE-2021-27135: correct upper-limit for selection buffer, accounting for combining characters. Note that is unclear whether this bug applies to NetBSD.
freetype: updated to 2.10.4
- fixed CVE-2020-15999: heap buffer overflow in the handling of embedded PNG bitmaps. Note that this bug does not apply to NetBSD in the default configuration.
- tzdata: updated to 2021a
- libX11: fixed off by one in X Input Method. (PR 55640)
- xkb: applied upstream fixes for:
Back to NetBSD 9.x formal releases