Announcing NetBSD 9.3 (August 4, 2022)

Introduction

The NetBSD Project is pleased to announce NetBSD 9.3, the third update of the NetBSD 9 release branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.2 in May 2021, as well some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0. Users running 9.2 or an earlier release are strongly recommended to upgrade.

The general NetBSD community is very excited about NetBSD 10.0, but it was deemed necessary to make this bug fix release available while we wait for the resolution of some compatibility problems in NetBSD-current concerning FFS Access Control Lists preventing the netbsd-10 release.

Aside from many bug fixes, 9.3 includes backported improvements to suspend and resume support, various minor additions of new hardware to existing device drivers, compatibility with UDF file systems created on Windows 10, enhanced support for newer Intel Gigabit Ethernet chipsets, better support for new Intel and AMD Zen 3 chipsets, support for configuring connections to Wi-Fi networks using the installer sysinst(8), support for wsfb-based X11 servers on the Commodore Amiga, and minor performance improvements for the Xen hypervisor.

Quick download links

To write an .img file to a removable drive, USB stick, or SD card, use dd(1) on Unix, or Rawrite32 on Windows:

   zcat ./NetBSD-9.3-amd64-install.img.gz | dd of=/dev/sd0d bs=1m && sync

Upgrade instructions

An existing installation can be upgraded by booting an installation image and selecting the Upgrade option.

Unattended upgrades can be performed using the sysupgrade tool from pkgsrc. If you are using sysupgrade from a release earlier than 9.0, update the kernel and modules first, then reboot and update the rest of the system.

Changes since NetBSD 9.2

Kernel

  • drm - fixed memory leaks primarily affecting radeon GPU drivers.
  • fifofs - fixed "poll(2) should yield POLLHUP when last writer to a FIFO closes it" (PR 56429)
  • fifofs - ensure that FIFOs have the same select/poll thresholds as pipes.
  • i915drmkms - fixed a LOCKDEBUG panic and potential deadlock.
  • netinet6 - avoid use-after-free in ND L2 cache
  • netinet6 - fixed "MTU discovery fails with IPv6 sockets bound to IPv4 mapped address" (PR 56348).
  • nfs - fixed incorrect file size limit.
  • ntfs - fixed a kernel crash for some NTFS file systems (PR 56160)
  • kernfs - add missing VOP_KQFILTER, fixed permissons on /kern/{r,}rootdev.
  • quota - various reliability improvements.
  • udf - fixed "mount_udf’s mount structure is malformed on 64 bit kernel with 32 bit userland" (PR 56801)
  • udf - fixed bug-compatibility with Windows 10. Prevent device lockup on some drives on switching from writing to reading.
  • uvm - fixed pageout crashes (PR 55702, PR 55945)
  • vfs - fixed newer Samba’s usage of /proc/self/fd/NNN with O_CREAT for Linux compatibility.
  • zfs - default files to BSD group ownership in line with FFS.
  • clone(2) - document that _GNU_SOURCE must be defined for the prototypes
  • flock(2) - tie the maximum number of locks per unprivilegied uid to sysctl kern.maxfiles
  • pipe(2) - fixed "zgrep -l sometimes hangs" (deadlock in pipe_write) (PR 56422)
  • stat(2) - fixed kernel memory disclosure in legacy binary compat.
  • acpiout(4) - work around firmware rejecting some brightness values, fixing support for brightness hotkeys on some laptops.
  • ata(4) - avoid an unaccounted extra ATA channel freeze (PR 56745)
  • ata(4) - fixed "kernel crash in ata_recovery_resume()" (PR 54790)
  • audio(4) - fixed gain and balance being unable to be set at the same time through legacy "non-mixer" API (PR 56308)
  • bge(4) - improved handling of chips with ASF/IPMI firmware (PR 56848)
  • cd(4) - fixed "SCSI getconfiguration requests have size limit on USB3 only but do not return errors" (PR 56109)
  • cgd(4) - fixed detach when still in use by wedges (seen as a hang on system shutdown).
  • cgd(4) - fixed "cgd tests fail randomly" (PR 56546)
  • ddb(4) - fixed a double fault in ddb when a NULL function pointer is called.
  • ehci(4) - fixed suspend/resume locking.
  • ichsmb(4) - added support for Intel 400, 495, and 500 series, Jasper Lake, Elkhart Lake.
  • ipmi(4) - various stability improvements and fix for PR 56539 ("wdogctl starts early, but ipmi takes its time").
  • ixg(4) - fixed dma memory unmap/free error that could cause kernel panics seen on Xen.
  • ixg(4), ixv(4) - many fixes and enhancements; added code to support mailbox API 1.5.
  • ksyms(4) - fixed races, allow multiple concurrent opens.
  • ld(4) - fixed suspend/resume support.
  • mfi(4), mfii(4) - added support for Dell PERC H310; various reliability improvements.
  • mii(4) - added Intel Network Connection I347-AT4 support, various workarounds for QEMU e1000.
  • nvme(4) - added suspend/resume support.
  • pci(4) - enhanced decoding of extended capabilities.
  • ppp(4) - avoid undefined behavior in pppasyncstart() and pppinput().
  • pppoe(4) - fixed CVE-2022-29867 - discovery phase local network mbuf corruption.
  • puc(4) - support for various new serial cards.
  • piixpm(4) - fixed a bug that I2C access panics on old AMD chipsets (e.g SB600) (PR 56525).
  • raid(4) - fixed "RAIDframe could run out of IO buffers".
  • spdmem(4) - various reliability fixes.
  • synaptics(4) - new sysctl knob hw.synaptics.debug to enable debug output.
  • tpm(4) - various improvements; handle TPM 2.0 source for /dev/[u]random
  • uhidev(4) - fixed "Fnatic Gear Rush Pro keyboard ignores keypress on 6KRO mode" (PR 55019)
  • ualea(4) - added suspend/resume support.
  • uslsa(4) - fixed "uslsa(4) seems to not work on big endian machines" (PR 56946)
  • urtwn(4) - added support for the Edimax N150 Wi-Fi adapter.
  • usb(4) - ignore Cyperpower UPS, APC UPS, and Microchip PICkit2/3 programmers when matching uhid(4) devices.
  • umass(4) - fixed suspend/resume support.
  • wm(4) - added support for Intel Ethernet Connection I219V 15-19 and I219LM 16-19.
  • wm(4) - fixed "unused wm0 periodically prints "device timeout" and causes kernel latency" (PR 56478)
  • wm(4) - various reliability improvements.
  • wm(4) - various opimizations.
  • xhci(4) - added suspend/resume support.
  • xhci(4) - avoid potential double free of interrupt handles (PR 55855)
  • ethersubr(9) - fixed handling of VLAN 0 tag.

Programs and services

  • apropos(1) - fixed "man -k config | less broken" (PR 54343)
  • apropos(1) - return proper exit status in case of write errors.
  • cp(1) - fixed "cp of a FIFO yields an empty file" (PR 54564).
  • ftp(1) - attempt to prevent timeouts of the control connection (PR 56129)
  • ftp(1) - improved signal handler restoration.
  • ftp(1) - validate address from PASV and LPSV response.
  • ftp(1) - use raw write(2) instead of fwrite(3) to avoid stream corruption because of the progress bar interrupts.
  • man(1) - fixed -m option so it works as documented.
  • mkdir(1) - fixed mode of final component of paths when -m is used (PR 56398).
  • msgs(1) - fixed execution of the mail(1) command.
  • sh(1) - fixed the behavior of fc -e.
  • sh(1) - fixed cd/$PWD follies (PR 45390).
  • sh(1) - fixed "sh(1) reads ./.profile rather than ~/.profile" (PR 56464)
  • vmstat(1) - fixed overflow errors for pools larged than 4GB when using -M/-m
  • crypt(3) - fixed a floating point exception when a low number of HMAC-SHA1 iterations are specified.
  • pthread(3) - fixed recvfrom() is not a cancelation point as documented in pthread_setcanceltype(3) (PR 56424)
  • res_init(3) - handle kqueue(2) close-on-fork semantics.
  • bioctl(8) - don’t print garbage bv_seconds.
  • cpuctl(8) - add ability to identify newer Intel chipsets. Decode Intel Hybrid Information Enumeration.
  • dump(8) - prevent crashes for large file systems.
  • mail.local(8) - fixed local privilege escalation due to a race condition.
  • mount_9p(8) - fixed writing to a file opened with write-only mode.
  • sysinst(8) - make swap in sysinst optional for upgrades (PR 56354)
  • sysinst(8) - on x86, make sure to update the bootloader when upgrading existing installations.
  • sysinst(8) - added support for connecting to Wi-Fi networks inside or outside of the installation process in the network configuraton menu.
  • sysinst(8) - fixed "adding a NetBSD partition to existing GPT partitions fails" (PR 56893)

Ports

  • aarch64 - atomic ops improvements / fixes.
  • aarch64 - fixed conversion between aarch64 and aarch32 fpregs to fix crashes in VFP-optimized code running on compat_netbsd32(8).
  • aarch64 - fixed failure of longjmp test cases.
  • amd64 - fixed CPU topology detection for AMD Zen 3 systems.
  • amd64 - added tpm(4) at acpi to the GENERIC kernel.
  • amd64 - restore having a BIOS-only USB image, some systems struggled to boot the hybrid UEFI/BIOS image.
  • amiga - enabled wsfb(4) based X11 using amidisplaycc(4).
  • arm - minor fixes for memory detection.
  • arm - fixed various complex arithmetics issues (PR 55897).
  • arm - align stack pointer to 8-byte boundary as required by EABI.
  • arm - fixed display init on Pinebook Pro w/ U-Boot 2021.07.
  • atari - fixed "iteconfig -h 480 triggers vm_fault panic on ATARITT kernel" (PR 56859)
  • hppa - many reliability improvements and bug fixes.
  • hp300 - various rd(4) improvements.
  • luna68k - make kernel messages green to match other ports and show off color support.
  • sun2, sun3 - fixed miniroot upgrade scripts.
  • various - fixed behavior of C implementation of atomic_c11_compare_exchange (PR 56832)
  • x86 - various enhancements to CPU identification.
  • xen - performance improvements for zeroing pages.

Toolchain

  • Support for MKREPRO (reproducible builds) when building from Mercurial or git.
  • Corrected C99 / C++11 feature testing in some functions in <math.h>.
  • build.sh - added "distsets" alias for "distribution sets".

Third-party components

Various third-party components included with the NetBSD base system were updated:

  • Xorg(1) - restore keyboard settings when the X server aborts on ports that use WSDISPLAY_COMPAT_RAWKBD (PR 56415).
  • startx(1) - silence annoying log messages about trying to trap SIGKILL.
  • xterm(1) - applied upstream fix for CVE-2022-24130.
  • libarchive - sync with HEAD, fixing tar segfaults during emacs build (PR 56257)
  • libX11 - applied upstream fixes for CVE-2021-31535 (and one other bug)
  • openssh - applied upstream fix for CVE-2019-16905.

Back to NetBSD 9.x formal releases