CVS commit: [netbsd-5-0] src/distrib/notes/common
Module Name:src
Committed By: snj
Date: Sat Feb 6 05:52:39 UTC 2010
Modified Files:
src/distrib/notes/common [netbsd-5-0]: main
Log Message:
Update for 5.0.2
To generate a diff of this commit:
cvs rdiff -u -r1.425.2.5.2.2 -r1.425.2.5.2.3 src/distrib/notes/common/main
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/notes/common/main
diff -u src/distrib/notes/common/main:1.425.2.5.2.2 src/distrib/notes/common/main:1.425.2.5.2.3
--- src/distrib/notes/common/main:1.425.2.5.2.2 Sun Oct 4 11:50:26 2009
+++ src/distrib/notes/common/main Sat Feb 6 05:52:39 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: main,v 1.425.2.5.2.2 2009/10/04 11:50:26 bouyer Exp $
+.\" $NetBSD: main,v 1.425.2.5.2.3 2010/02/06 05:52:39 snj Exp $
.\"
.\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -50,7 +50,7 @@
.as MACHINE_LIST " sgimips shark sparc sparc64 sun2 sun3 vax x68k xen zaurus .
.so \*[.CURDIR]/../common/macros
.
-.Dd July 29, 2009
+.Dd February 6, 2010
.Dt INSTALL 8
.Os NetBSD
.Sh NAME
@@ -452,18 +452,272 @@
wouldn't exist.
.
.if \n[FOR_RELEASE] \{\
-.Ss Changes Between The NetBSD 5.0 and 5.0.1 Releases
+.Ss Changes Between The NetBSD 5.0.1 and 5.0.2 Releases
.Pp
The
.Nx
\*V
-release is the first security/critical update of the
+release is the second critical/security update of the
+.Nx
+5.0 release branch.
+This represents a selected subset of fixes deemed critical for
+stability or security reasons.
+.Pp
+Please note that all fixes in critical/security updates (i.e., NetBSD 5.0.1,
+5.0.2, etc.) are cumulative, so the latest update contains all such fixes
+since the corresponding minor release.
+These fixes will also appear in future minor releases (i.e., NetBSD 5.1, 5.2,
+etc.), together with other less-critical fixes and feature enhancements.
+.Pp
+The complete list of changes can be found in the
+CHANGES-5.0.2:
+.Lk http://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.0.2/CHANGES-5.0.2
+file in the top level directory of the NetBSD 5.0.2 release tree.
+An abbreviated list is as follows:
+.Ss2 Security Advisory Fixes
+.(bullet
+NetBSD-SA2010-002 (OpenSSL TLS renegotiation man in the middle vulnerability):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2010-002.txt.asc
+.It
+NetBSD-SA2010-003 (azalia(4)/hdaudio(4) negative mixer index panic):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2010-003.txt.asc
+.bullet)
+.
+.Pp
+Advisories prior to NetBSD-SA2010-002 do not affect
+.Nx
+5.0.1:
+.Lk http://www.NetBSD.org/support/security/patches-5.0.1.html
+.Ss3 Other Security Fixes
+.(bullet
+openssl: Fix CVE-2009-4355.
+.It
+Update BIND server and tools to 9.5.2-P2, fixing CVE-2009-0025,
+CVE-2009-4022, and CVE-2010-0097.
+.It
+.Xr ntpd 8 :
+Fix CVE-2009-3563.
+.It
+expat: Fix SA36425 and CVE-2009-3560.
+.It
+.Xr fts 3 :
+Avoid possible integer overflow on really deep dirs, and subsequent
+collateral damage.
+Received from OpenBSD via US-CERT as VU #590371.
+.It
+Fix a couple issues with POSIX message queues:
+.(bullet
+An invalid signal number passed to mq_notify() could crash the kernel on
+delivery -- add a boundary check.
+.It
+A user could set mq_maxmsg (the maximal number of messages in a queue) to a
+huge value on mq_open(O_CREAT) and later use up all kernel memory by
+mq_send() -- add a sysctl'able limit which defaults to 16*mq_def_maxmsg.
+.bullet)
+.
+.It
+.Xr arc4random 3 :
+Keep arc4_i and arc4_j synchronised after a rekeying.
+This prevents accidentally ending up in a short ARC4 cycle.
+.bullet)
+.
+.Ss2 Kernel
+.(bullet
+Fix a UFS quota crash.
+.It
+Fix a case where
+.Xr setpriority 2
+returned EACCES instead of EPERM.
+PR 41489.
+.It
+Fix panic when calling ioctl(RNDADDDATA) on
+.Pa /dev/random .
+.It
+Fix a memory leak that could occur when using
+.Xr clone 2 .
+.It
+Fix an issue where a softint could fire on the wrong CPU.
+.It
+.Xr sigtimedwait 2 :
+Fix a memory leak.
+PR 40750.
+.bullet)
+.
+.Ss2 Networking
+.(bullet
+IPv6: Clear cksum flags before any further processing, like ip_forward does.
+Many drivers set the UDP/TCP v4 flags even for v6 traffic and if the packet
+is encapsulated with gif, the IPv6 header would get corrupted by ip_output.
+.It
+IPsec: Add a missing splx() call.
+PR 41701.
+.It
+.Xr ifconfig 8 :
+Fix the -vlanif and -carpdev keywords.
+.It
+Update
+.Xr dhcpcd 8
+to 4.0.14.
+.bullet)
+.
+.Ss2 Drivers
+.(bullet
+.Xr twa 4 :
+Disable completely bogus DIAGNOSTIC check.
+.It
+.Xr mfi 4 :
+Fix a couple crashes.
+.It
+.Xr pad 4 :
+Catch up to
+.Xr audio 4
+device_t/softc split.
+.bullet)
+.
+.Ss2 Platform specific
+.(bullet
+x86 (amd64 and i386):
+.Xr ichlpcib 4 :
+Fix watchdog code:
+.(bullet
+The timer bound constants are in tick, so convert period to tick before
+checking it against the bounds.
+.It
+For ICH5 or older, fix code that would have always written a 0 period to
+the register.
+.bullet)
+.
CVS commit: [netbsd-5-0] src/distrib/notes/common
Module Name:src Committed By: snj Date: Sat Feb 6 15:44:38 UTC 2010 Modified Files: src/distrib/notes/common [netbsd-5-0]: main Log Message: Improve description of -mno-red-zone entry and use http for a couple links. To generate a diff of this commit: cvs rdiff -u -r1.425.2.5.2.3 -r1.425.2.5.2.4 src/distrib/notes/common/main Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/notes/common/main diff -u src/distrib/notes/common/main:1.425.2.5.2.3 src/distrib/notes/common/main:1.425.2.5.2.4 --- src/distrib/notes/common/main:1.425.2.5.2.3 Sat Feb 6 05:52:39 2010 +++ src/distrib/notes/common/main Sat Feb 6 15:44:38 2010 @@ -1,4 +1,4 @@ -.\" $NetBSD: main,v 1.425.2.5.2.3 2010/02/06 05:52:39 snj Exp $ +.\" $NetBSD: main,v 1.425.2.5.2.4 2010/02/06 15:44:38 snj Exp $ .\" .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -588,7 +588,7 @@ .bullet) . .It -amd64: Build kernel modules with -mno-red-zone like kernel is built. +amd64: Build kernel modules with -mno-red-zone to ensure kernel compatibility. .It i386: Fix a panic while booting with an ACPI kernel on 790GX boards. PR 39671. @@ -925,10 +925,10 @@ 5.0 release. The complete list of changes can be found in the CHANGES: -.Lk ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.0/CHANGES +.Lk http://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.0/CHANGES and CHANGES-5.0: -.Lk ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.0/CHANGES-5.0 +.Lk http://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.0/CHANGES-5.0 files in the top level directory of the NetBSD 5.0 release tree. .Pp Some highlights include:
CVS commit: [netbsd-5-0] src/distrib/notes/common
Module Name:src Committed By: snj Date: Sat Feb 6 15:56:01 UTC 2010 Modified Files: src/distrib/notes/common [netbsd-5-0]: main Log Message: Give device node examples. To generate a diff of this commit: cvs rdiff -u -r1.425.2.5.2.4 -r1.425.2.5.2.5 src/distrib/notes/common/main Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/notes/common/main diff -u src/distrib/notes/common/main:1.425.2.5.2.4 src/distrib/notes/common/main:1.425.2.5.2.5 --- src/distrib/notes/common/main:1.425.2.5.2.4 Sat Feb 6 15:44:38 2010 +++ src/distrib/notes/common/main Sat Feb 6 15:56:01 2010 @@ -1,4 +1,4 @@ -.\" $NetBSD: main,v 1.425.2.5.2.4 2010/02/06 15:44:38 snj Exp $ +.\" $NetBSD: main,v 1.425.2.5.2.5 2010/02/06 15:56:01 snj Exp $ .\" .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -2501,11 +2501,11 @@ . .Ss2 "Known Problems" .Pp -Using block device nodes directly for I/O may cause a kernel +Using block device nodes (e.g., wd0a) directly for I/O may cause a kernel crash when the file system containing .Pa /dev is FFS and is mounted with -o log. -Workaround: use raw disk devices, or remount the file system +Workaround: use raw disk devices (e.g., rwd0a), or remount the file system without -o log. .Pp Occassionally, gdb may cause a process that is being debugged to hang
CVS commit: [netbsd-5-0] src/distrib/notes/common
Module Name:src
Committed By: snj
Date: Wed Jul 29 22:28:46 UTC 2009
Modified Files:
src/distrib/notes/common [netbsd-5-0]: main
Log Message:
Update for 5.0.1.
To generate a diff of this commit:
cvs rdiff -u -r1.425.2.5 -r1.425.2.5.2.1 src/distrib/notes/common/main
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/notes/common/main
diff -u src/distrib/notes/common/main:1.425.2.5 src/distrib/notes/common/main:1.425.2.5.2.1
--- src/distrib/notes/common/main:1.425.2.5 Sun Apr 26 01:35:25 2009
+++ src/distrib/notes/common/main Wed Jul 29 22:28:46 2009
@@ -1,4 +1,4 @@
-.\" $NetBSD: main,v 1.425.2.5 2009/04/26 01:35:25 snj Exp $
+.\" $NetBSD: main,v 1.425.2.5.2.1 2009/07/29 22:28:46 snj Exp $
.\"
.\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -50,7 +50,7 @@
.as MACHINE_LIST " sgimips shark sparc sparc64 sun2 sun3 vax x68k xen zaurus .
.so \*[.CURDIR]/../common/macros
.
-.Dd April 25, 2009
+.Dd July 29, 2009
.Dt INSTALL 8
.Os NetBSD
.Sh NAME
@@ -452,11 +452,213 @@
wouldn't exist.
.
.if \n[FOR_RELEASE] \{\
+.Ss Changes Between The NetBSD 5.0 and 5.0.1 Releases
+.Pp
+The
+.Nx
+\*V
+release is the first security/critical update of the
+.Nx
+5.0 release branch.
+This represents a selected subset of fixes deemed critical in nature for
+stability or security reasons.
+.Pp
+Please note that all fixes in security/critical updates (i.e., NetBSD 5.0.1,
+5.0.2, etc.) are cumulative, so the latest update contains all such fixes
+since the corresponding minor release.
+These fixes will also appear in future minor releases (i.e., NetBSD 5.1, 5.2,
+etc.), together with other less-critical fixes and feature enhancements.
+.Pp
+The complete list of changes can be found in the
+CHANGES-5.0.1:
+.Lk http://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.0.1/CHANGES-5.0.1
+file in the top level directory of the NetBSD 5.0.1 release tree.
+An abbreviated list is as follows:
+.Ss2 Security Advisory Fixes
+.(bullet
+NetBSD-SA2009-004 (NetBSD OpenPAM passwd(1) changing weakness):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc
+.It
+NetBSD-SA2009-005 (Plaintext Recovery Attack Against SSH):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-005.txt.asc
+.It
+NetBSD-SA2009-006 (Buffer overflows in ntp):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
+.It
+NetBSD-SA2009-007 (Buffer overflows in hack(6)):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-007.txt.asc
+.It
+NetBSD-SA2009-008 (OpenSSL ASN1 parsing denial of service and CMS signature
+verification weakness):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
+.It
+NetBSD-SA2009-009 (OpenSSL DTLS Memory Exhaustion and DSA signature
+verification vulnerabilities):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
+.It
+NetBSD-SA2009-010 (ISC dhclient subnet-mask flag stack overflow):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc
+.It
+NetBSD-SA2009-011 (ISC DHCP server Denial of Service vulnerability):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-011.txt.asc
+.It
+NetBSD-SA2009-012 (SHA2 implementation potential buffer overflow):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-012.txt.asc
+.It
+NetBSD-SA2009-013 (BIND named dynamic update Denial of Service vulnerability):
+.Lk http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc
+.bullet)
+.
+.Pp
+Advisories prior to NetBSD-SA2009-004 do not affect
+.Nx
+5.0:
+.Lk http://www.NetBSD.org/support/security/patches-5.0.html
+.Ss2 Kernel
+.(bullet
+Fix random
+.Dq filesystem full
+messages on large FFS file systems.
+.It
+Fix a regression in the 4.4BSD scheduler, improving interactive performance under load.
+.It
+Remove a race where physio_done() may use memory already freed.
+Fixes PR kern/39536.
+.It
+Fix a crash observed when trying to load a corrupted ELF kernel module.
+.It
+Fix PR kern/41566, where writes on the controlling tty were not being awoken from blocks.
+.It
+Various fixes for POSIX message queues.
+.It
+Fix a possible deadlock in the VFS subsystem.
+.It
+Fixes for POSIX advisory locks.
+.It
+A number of other stability fixes.
+.bullet)
+.
+.Ss2 Networking
+.(bullet
+Follow exactly the recommendation of draft-ietf-tcpm-tcpsecure-11.txt: Don't check gainst the last ack received, but the expected sequence number.
+This makes RST handling independent of delayed ACK.
+.It
+Fix a panic when trying to disable IPFilter before enabling it.
+Fixes PR kern/41364.
+.bullet)
+.
+.Ss2 Drivers
+.(bullet
+.Xr ehci 4 :
+Add a workaround for ATI SB600 and SB700 revisions A12 and A13 to avoid a USB subsystem hang when the system has multiple USB devices connected to it or one device is
