Announcing NetBSD 9.2 (May 12, 2021)


The NetBSD Project is pleased to announce NetBSD 9.2 "Nakatomi Socrates", the second update of the NetBSD 9 release branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.1 in October 2020, as well some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0.

Quick download links

The CD images support booting from an actual CD/DVD or virtual machine only, for everything else use the other images. In order to write USB drive and SD card images, use gunzip(1) and dd(1) on Unix, or Rawrite32 on Windows. On ARM boards (not Raspberry Pi), you may also need to write U-Boot to the SD card.

Upgrade instructions

An existing installation can be upgraded by booting an installation image and selecting the Upgrade option.

Unattended upgrades can be performed using the sysupgrade tool from pkgsrc. If you are using sysupgrade from a release earlier than 9.0, update the kernel and modules first, reboot and make sure the NetBSD 9.2 kernel is running, then update the rest of the system.

Changes since NetBSD 9.1


  • netinet: avoid information disclosure, NetBSD-SA2021-001: Predictable ID disclosures in IPv4 and IPv6
  • netinet: fixed "multicast router sends multicast packet with invalid UDP checksum" (PR 55779)
  • xen: fixes for XSA-362 - backends treating grant mapping errors as bugs. A malicious DomU could trigger a Dom0 kernel panic.
  • xen: removed support for rx-flip mode in xennet(4) and xvif(4) as part of XSA-362 fixes (driver already defaulted to the faster rx-copy mode).
  • zfs: various stability fixes. Fixed "panic when creating a directory on a NFS served ZFS". (PR 55042)
  • coda: fixed "coda client opens wrong files instead of cache containers". (PR 55775)
  • hyperv: fixed "unable to ifconfig(8) up/down with hvn device".
  • msdosfs: fixed "BOOTSIG0 and BOOTSIG1 checks prevent mounting Raspberry Pi Pico’s USB mass storage" (PR 55985)
  • kern: fixed "panic while loading multiple large firmware files before init(8)" (PR 55906)
  • fdescfs: fixed "fdescfs creates nodes with wrong major number" (PR 56130)
  • procfs: corrected the permissions of the environ node.
  • usb: removed incorrect assertions in abort paths, fixes false assertion failures with DIAGNOSTIC enabled.
  • sysctl(7): kern.maxfiles’s default value now scales with system RAM. Avoids resource exhaustion in hungry applications, e.g. multiprocess Mozilla Firefox.
  • compat_netbsd32(8): various improvements on AArch64:
    • Added support for ARMv6 userspace. We now build ARMv6 binary packages in a sandbox on an aarch64 server.
    • Added support for ptrace(2), fixed clone(2), fixed core file format.
    • Emulate instructions that were deprecated in ARMv7.
  • compat_linux(8): fixed bug-compatibility with programs that use a longer namelen than the size of a valid struct sockaddr_in *.
  • threadpool(9): fixed "threadpool_job_cancelthrash test randomly fails" (PR 55948)

Programs and services

  • calendar(1): updated Judaic calendar to 2021.
  • ctwm(1): adjusted default window manager configuration to improve accessibility, based on feedback from users. Fixed problems with window focus.
  • ftp(1): fixed "ftp -q does not work". (PR 55857)
  • nl(1): improved POSIX conformance. Allow one and two character delimiters with -d. (PR 55891)
  • patch(1): fixed the behaviour of -V none.
  • progress(1): handle EINTR in writes. (PR 55914)
  • ps(1): fixed the calculation of widths for the lstart column if an empty column header is specified.
  • ksh(1): fixed "ksh unable to execute ERR traps" (PR 56007)
  • sh(1): fixed handling of NUL characters in shell scripts. (PR 55979)
  • sh(1): fixed fallout related to PR 48875: avoid invalid subshell-elimination optimization when there are pending background jobs.
  • pkg_add(1): moved the default package database location on new installations from /var/db/pkg to /usr/pkg/pkgdb, for consistency with the pkgsrc bootstrap and pkgsrc on other platforms. It can be overridden in pkg_install.conf(5).
  • vmstat(1): stopped vmstat from exiting if it can’t get the addresses of time values it often doesn’t need.
  • httpd(8): updated to 20210227 from NetBSD HEAD.
    • Added README file support to directory indexing.
    • Added more MIME types for various archive and video formats.
    • Fixed serving files greater than 4GB on 32-bit architectures.
    • Various stability fixes.
  • dump(8): fix status updates for files larger than 2TiB. (PR 55834)
  • fsck(8): fixed prop_object_release(3) of invalid data.
  • isibootd(8): fixed "cannot allocate memory" failure on amd64.

System calls and libraries

  • kevent(2): fixed a race in kqueue_scan() causing missed events, and Go timer latency issues. (PR 50094)
  • posix_spawn(3): fixed handling of POSIX_SPAWN_RESETIDS.
  • fread(3): optimize buffer handling for unbuffered I/O, speeding up the function several orders of magnitude. (PR 55808)

Device drivers

  • pwm_backlight: save the new brightness level when set by the user, preventing Pinebook Pro display brightness from resetting after DPMS blanking.
  • ahcisata(4): various conformance improvements, support for SATA on the Solidrun Honeycomb LX2K.
  • audio(4): fixed surround formats being preferred as the default on some hardware, prefer stereo instead.
  • audio(4): fixed resource leaks, locking issues.
  • audio(4): avoid hangs when using speaker(4) (/dev/speaker) with an emulated beeper. (PR 56059)
  • cd(4): fixed "cannot eject USB mass storage attached as sd(4)" (PR 55986)
  • ena(4): fixed "destroyed ena evcnts cause panic" (PR 55942)
  • harmony(4): fixed a locking bug and handling of channel/speed bits.
  • hilkbd(4): fixed a race condition in console attachment.
  • hdaudio(4): fixed "RIRB timeout" issues on reboot. (PR 51734)
  • ixg(4): various bug fixes, modified default parameters to reduce packet dropping.
  • nvme(4): avoid mulitple bus rescans when loading nvme(4) as a module. (PR 55839)
  • raid(4): fix an issue where a RAID reconstruction would also rebuild the unused end portion of a component.
  • ohci(4): restructure the abort code for TD based transfers, avoiding panics and aborts. (PR 22646, PR 55835)
  • sti(4): added bitmap operations support for SGC CRX (A1659-66001) framebuffers and improved 425e EVRX support.
  • sun8icrypto(4): added support for TRNG and crypto acceleration on Allwinner H5 (e.g. NanoPi Neo PLUS2).
  • topcat(4): fixed a panic with monochrome framebuffers, and incorrect framebuffer width reporting.
  • uaudio(4): avoid dropping samples when recording.
  • ucom(4): avoid potential panics when detaching the device by properly waiting for refcounts to drain.
  • uhid(4): various locking fixes.
  • urtw(4): fixed detection of Belkin F5D7050E wireless adapter. (PR 56056)
  • urtwn(4): added support for the TP-Link TL-WN821N V6 wireless adapter and another TP-Link chipset variant.
  • urtwn(4): plug a few leaks. (PR 55968)
  • vcaudio(4): accurately report lack of hardware support for recording on Raspberry Pi.
  • wm(4): fixed Intel 82574 (and later) Gigabit Ethernet Controllers being unable to recieve packets on big endian systems.
  • wm(4): avoid device timeouts with ihphy(4) and atphy(4).


  • arm: fixed "panic at usb_transfer_complete() on Raspberry Pi 4" (PR 55243)
  • arm: sync-lock and atomic operations fixes.
  • mac68k: added MAC68K_MEMSIZE kernel option to work around Booter reporting an incorrect size.
  • mac68k: fixed DJMEMCMAX for Quadra/Centris 650/800.
  • m68k: plugged kernel stack memory leaks. (PR 55990)
  • sparc: dropped option DIAGNOSTIC from GENERIC kernel. (PR 56077)
  • x68k: fixed savecore(8). (PR 51663)
  • zaurus: made LCD BrightnessUp and BrightnessDown work on C7x0/860.
  • fixes for installation on older architectures:
    • alpha: switched back to .gz sets to avoid memory exhaustion from .xz extraction.
    • miniroot: various fixes for problems that were preventing installation, added missing sets to the defaults.
    • hp300: removed default options in INSTALL and RAMDISK kernels for small RAM machines that caused excessive set extraction times.

Build system and toolchain

  • removed common symbols from tools to allow cross-compiling with newer compilers.
  • fixed cross-building NetBSD from macOS with recent Clang.

Third-party components

Various third-party components included with the NetBSD base system were updated:

  • openssl(1): updated to 1.1.1k
  • tmux(1): updated to 3.1c
  • Xorg(1): applied upstream fixes for:
  • xdpyinfo(1): fixed "no output of xdpyinfo on redirect or pipe"
  • xterm(1): updated to 366
    • fixed CVE-2021-27135: correct upper-limit for selection buffer, accounting for combining characters. Note that is unclear whether this bug applies to NetBSD.
  • freetype: updated to 2.10.4
    • fixed CVE-2020-15999: heap buffer overflow in the handling of embedded PNG bitmaps. Note that this bug does not apply to NetBSD in the default configuration.
  • tzdata: updated to 2021a
  • libX11: fixed off by one in X Input Method. (PR 55640)
  • xkb: applied upstream fixes for:
    • CVE-2020-14360 / ZDI-CAN-11572: XkbSetMap Out-Of-Bounds Access
    • CVE-2020-25712 / ZDI-CAN-11839: XkbSetDeviceInfo Heap-based Buffer Overflow

Back to NetBSD 9.x formal releases