NetBSD 7.2 Branch Update Release Brings USB 3.0 and Raspberry Pi 3 Support

The NetBSD Project has released NetBSD 7.2, which is the second feature update of the NetBSD 7 release branch. This release brings a subset of fixes that were deemed important to security or stability reasons, and several new features and overall enhancements.

NetBSD is a free and highly portable Unix-like operating system, and is entirely Open Source. It is available for many platforms such as 64-bit x86 servers, to various embedded ARM and MIPS based devices (SoCs).

The NetBSD-7 branch had its first major release (NetBSD 7.0) in September 2015, so this update to NetBSD 7.2 is an overall maintenance release for the 7 branch – however, new users should most likely use the latest release (NetBSD 8.0).

Some highlights of the 7.2 release are:

  • Support for USB 3.0.
  • Enhancements to the Linux emulation subsystem.
  • Fixes in binary compatibility for ancient NetBSD executables.
  • iwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.
  • Support for Raspberry Pi 3 added.
  • Fix interrupt setup on Hyper-V VMs with Legacy Network Adapter.
  • SVR4 and IBCS2 compatibility subsystems have been disabled by default (besides IBCS2 on VAX). These subsystems also do not auto-load their modules any more.
  • Various USB stability enhancements.
  • Numerous bug fixes and stability improvements.

The complete source and binaries for NetBSD 7.2 are available on a ton of different websites, and a list of those sites which provide FTP, AnonCVS, SUP, and various other servicing methods can be found on NetBSD.org/mirrors/ – if you want to install NetBSD via ISO or USB disk image, you should download NetBSD via torrent application, you can find the NetBSD image torrents in the image section of NetBSD’s website.

An abbreviated changelog of this update is below:

  • NetBSD-SA2018-007 Several vulnerabilities in IPsec
  • NetBSD-SA2018-008 Several vulnerabilities in NPF
  • Note: Advisories prior to NetBSD-SA2018-007 do not affect NetBSD 7.2.
  • Xorg-server: fixes for CVE-2017-10971, CVE-2017-10972, CVE-2017-12176 to CVE-2017-12187 (the latter also applied to old XFree server)
  • Heimdahl updated to 7.1, fixing CVE-2016-2400.
  • WPA: fixes for CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088.
  • libXfont and libXcursor: fixes for CVEs 2017-13722, 2017-13720, 2017-16611, and 2017-16612.
  • Fixes from libX11 1.6.5 for CVE-2018-14599, CVE-2018-14600, CVE-2018-14598.
  • Kerberos fixed to avoid impersonation attacks on the KDC-REP service.
  • Prevent unrestricted userland access to I/O ports in XEN.
  • Support USB 3.0, add xhci(4) driver
  • Add pselect6 linux system call emulation
  • kqueue(2): add EVFILT_WRITE, to help go programs.
  • Fixes to file descriptor locking that could make go programs trigger a kernel crash.
  • Fixed a vnode leak introduced with the openat(2) system call.
  • carp(4): fix link state handling.
  • ipf(4): fragment and package state are separate, the user needs to specify both “keep state” and “keep frags” to get the same behaviour as before.
  • iwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added.
  • bridge(4): Add handling of VLAN packets where the parent supports it.
  • wm(4): various improvements and add support for more hardware.

x86 Updates:

  • Handle stack faults on iret proerly
  • Increase max io mem on amd64
  • System calls in ancient (native) binaries that used the osyscall call gate is now done via emulation, as the call gate allowed for a race condition that could panic the kernel.
  • Option VM86 (virtual 8086 emulation) has been removed from GENERIC kernels. Use an emulator instead.
  • Fixed interrupt setup on Hyper-V VMs with Legacy Network Adapter.
  • Made the direct map non-executable on amd64.
  • xen:
  • Make xen dom0 SMP bootable again.
  • Improve xennet(4) performance.
  • powerpc:
  • Fix execution of old binaries generated by old (and buggy) binutils.
  • hpcarm:
  • Restore wscons keymaps feature
  • evbarm:
  • Add support for Raspberry Pi 3.
  • sparc:
  • Fixed ddb(4) errors due to alignement issues.
  • Fixed time goes backwards problems.
  • Improve interprocessor interrupt handling.
  • Make audio work again on some machines.
  • elf_so(1): fixes to the promotion of DSO TLS blocks into statis thread allocation.
  • xdr(3): fixed RPCBPROC_GETSTAT endocde/decode interoperability with other operating systems.
  • resize_ffs(8): Fixed overflow errors which could lead to superblock corruption on large filesystems.
  • Update root.cache to 2017102400.
  • httpd(8): fixed errors when executing cgi scripts via the -C mechanism.
  • httpd(8): do not degrade https to http when redirecting or returning errors.
  • inetd(8): increased max argument count to 64.
  • gpt(8): various improvements and new options.
  • dhcpcd(8) updated to 7.0.8
  • libexpat updated to 2.2.1
  • lua(1) updated to 5.3.4
  • timezone data updated to tzdata2018e

Kamil Anwar


A former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.