Announcing NetBSD 8.0 (July 17, 2018)

Introduction The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system. This release brings stability improvements, hundreds of bug fixes, and many new features. Some highlights of the NetBSD 8.0 release are: USB stack rework, USB3 support added.

In-kernel audio mixer (audio_system(9)).

Reproducible builds (MKREPRO, see mk.conf(5)).

Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.

PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.

PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.

Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.

A new socket layer can(4) has been added for communication of devices on a CAN bus.

A special pseudo interface ipsecif(4) for route-based VPNs has been added.

Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.

Hardening of the network stack in general.

Various WAPBL (the NetBSD file system "log" option) stability and performance improvements. Specific to i386 and amd64 CPUs: Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.

SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.

SpectreV4 mitigations available for Intel and AMD.

PopSS workaround: user access to debug registers is turned off by default.

Lazy FPU saving disabled on vulnerable Intel CPUs ("eagerfpu").

SMAP support.

Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.

(U)EFI bootloader. Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased. Lots of updates to 3rd party software included: GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer

GDB 7.12

GNU binutils 2.27

Clang/LLVM 3.8.1

OpenSSH 7.6

OpenSSL 1.0.2k

mdocml 1.14.1

acpica 20170303

ntp 4.2.8p11-o

dhcpcd 7.0.6

Lua 5.3.4 Please read below for a full list of changes in NetBSD 8.0. Complete source and binaries for NetBSD 8.0 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at https://www.NetBSD.org/mirrors/ and our CDN. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 8.0 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: https://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-8.0_hashes.asc. NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website: www.NetBSD.org

Update Recommendation / Security Hint NetBSD takes security very seriously. As you are likely aware, there have been a multitude of serious security issues discovered at the CPU level (to name only the two most prominent, Meltdown and Spectre). NetBSD 8.0 contains all the mitigations and workarounds as far as we know as of the date of the release. We support older releases, but due to the mass of recent urgent fixes and a lot of work having been done to harden NetBSD in general, we are not backporting the CPU errata related workarounds and mitigations to older release branches! To spell it out explicitly: we urge all users to try to update to NetBSD 8.0 as soon as possible, and avoid running older NetBSD releases unless a local security expert has analyzed the setup.

Major Changes Between 7.0 and 8.0 The complete list of changes can be found in the CHANGES and CHANGES-8.0 files in the top level directory of the NetBSD 8.0 release tree. An abbreviated version is below: General kernel Intel ACPI support code (acpica) updated to 20170303.

Lots of improvements of the COMPAT_NETBSD32 framework (used to run 32bit userland binaries on 64bit machines and various other different ABI NetBSD binaries). This includes NFS server support, NPF support and RAID frame support.

Change sysctl net.inet.ip.hostzerobroadcast to 0: do not respond to the ancient all-zero broadcast IP.

ext2fs file systems: add support for various ext4 features, including htree indices, extents, extra_inodes, support for up to 64000 file hard links, and gdt_csum/uninit_bg.

ptrace(2): Add hardware assisted breakpoint/watchpoint API, improve tracing of fork/exec/exit, add signal information accessor API.

dk(4): new option DKWEDGE_METHOD_RDB supports auto discovery of wedges from Amiga Rigid Disk Block (RDB) partitioned disks.

localcount(9): generic ref-count primitives. Device Drivers sdmmc(4), sdhc(4), amlogicsdhc(4): Add support for UHS-I and MMC HS200 transfer modes.

mcp3kadc(4): Driver for Microchip 3x0x SAR ADC chips.

rtwn(4): Driver for Realtek RTL8188CE/RTL8192CE PCIe 802.11b/g/n wireless network devices.

vioscsi(4): driver for virtio SCSI devices

adm1026hm(4): driver for ADM1026 i2c hardware monitor.

ismt(4): another Intel Chipset internal SMBus driver.

nvme(4): a driver for Non-Volatile Memory Host Controller Interface.

mntva(4): driver for MNTMN VA2000 FPGA-based graphics card for Amiga computers with Zorro slot. Architectures or1k: new port added, incomplete, source only.

evbarm: various new drivers for many different SoCs.

amd64, i386, evbarm, sparc64: Increase the number of simultaneous processes and open files.

i386: Add a GENERIC_PAE kernel that supports systems with more than 4 GB RAM.

i386, amd64, xen: hardening of the memory mapping (W^X, fewer writable pages, better consistency, better performance).

Mips64: Use N64 binaries where kvm is required even with N32 userland, fixing fstat, netstat,systat, crash, pstat and kgmon.

dreamcast: Add preliminary "G1-ATA" IDE HDD support.

luna68k: add a driver for LUNA's front panel LCD.

The "sbmips" port has been merged into evbmips. Userland General userland changes: iostat(8): support fnmatch(3) patterns for disknames. intrctl(8): interrupt distribution control utility added. ftp(1): SNI support for https. ip6addrctl(8): tool to configure address selection policy mv(1) SIGINFO support added. route(8), netstat(1): various changes corresponding to changes in the network stack. nvmectl(8): NVM Express control utility. scsictl(8): Add "getrealloc" and "setrealloc" commands to get/set automatic reallocation parameters/enables for error recovery. sh(1): various stability and POSIX conformance improvements. ssh-agent(1): the default for whitelisted file system paths for PKCS11 libraries has been changed, /usr/local/lib/ has been removed, instead /usr/pkg/lib/ has been added. ifconfig(8): Modernise the output for the address to address/prefix instead of differring outputs for INET and INET6.

3rd party software updates: Intel ACPI support code (acpica) updated to 20170303. BIND (named(8)) updated to 9.10.5-P1/BSD. unbound 1.6.8 added. nsd 4.1.14 added. binutils updated to 2.27. byacc updated to 20170430. ISC dhcp update to 4.3.3. dhcpcd(8) updated to 7.0.6. file(1) updated to 5.31. flex(1) updated to 2.5.39. gcc(1) updated to 5.5. gdb(1) updated to 7.12. gettext updated to 0.16.1. grep(1) updated to 2.5.1a. Heimdal updated to 7.1.0. libarchive updated to 2.8.4. libevent updated to 2.1.8-stable. llvm updated to 3.8.1+ (r280599). pcap(3) updated to 1.8.1. mdocml updated to 1.14.1. OpenLDAP updated to 2.4.44. OpenPAM updated to 20170430 (Resedacea). openresolv updated to 3.9.0. OpenSSH updated to 7.6. OpenSSL updated to 1.0.2k. pkg_install updated to 20170419. Postfix updated to 3.1.4. DNS root.cache updated to 2017102400. Sqlite updated to 3.17.0. texinfo(5) updated to 4.8a. tmux(1) updated to 2.4. Timezone code updated to tzcode2017b, timezone data to tzdata2018e. zlib(3) updated to 1.2.10. xz(1) updated to 5.2.1. pppd(8) updated to 2.4.7. ntpd(8) updated to 4.2.8p11. sljit updated to svn revision 313. elftoolchain (libelf/libdwarf) updated to FreeBSD-2016-02-19-r295822. libproc version FreeBSD-2015-09-24 added. librtld_db version FreeBSD-2015-09-24 added. netcat (nc(1)) imported from OpenBSD (version OpenBSD-2017-02-06). gnu-efi version 3.0u added. dc(1) replaced by the version from OpenBSD (version 20170410) Flat device tree support library (dts) version 4.11.5 added.

Things removed from NetBSD The MKCRYPTO option has been removed, there is no support for building NetBSD without cryptography.

rtsol(8) has been removed in favor of dhcpcd(8).

XFree86 has been removed, as all architectures have switched to XOrg.

The pthread_dbg library has been removed, it is not needed any more for current debuggers.

System families supported by NetBSD 8.0 The NetBSD 8.0 release provides supported binary distributions for the following systems: NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500 NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards NetBSD/alpha Digital/Compaq Alpha (64-bit) NetBSD/amd64 AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension NetBSD/amiga Commodore Amiga and MacroSystem DraCo NetBSD/amigappc PowerPC-based Amiga boards. NetBSD/arc MIPS-based machines following the Advanced RISC Computing spec NetBSD/atari Atari TT030, Falcon, Hades NetBSD/bebox Be Inc's BeBox NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285 evaluation boards NetBSD/cesfic CES FIC8234 VME processor board NetBSD/cobalt Cobalt Networks' MIPS-based Microservers NetBSD/dreamcast Sega Dreamcast game console NetBSD/emips The Extensible MIPS architecture from Microsoft Research NetBSD/epoc32 Psion EPOC PDAs NetBSD/evbarm Various ARM-based evaluation boards and appliances NetBSD/evbmips Various MIPS-based evaluation boards and appliances NetBSD/evbppc Various PowerPC-based evaluation boards and appliances NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series NetBSD/hpcarm StrongARM based Windows CE PDA machines NetBSD/hpcmips MIPS-based Windows CE PDA machines NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines NetBSD/hppa Hewlett-Packard 9000 Series 700 workstations NetBSD/i386 IBM PCs and PC clones with i486-family processors and up NetBSD/ibmnws IBM Network Station 1000 NetBSD/iyonix Castle Technology's Iyonix ARM based PCs NetBSD/landisk SH4 processor based NAS appliances NetBSD/luna68k OMRON Tateisi Electric's LUNA series NetBSD/mac68k Apple Macintosh with Motorola 68k CPU NetBSD/macppc Apple PowerPC-based Macintosh and clones NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and servers NetBSD/mmeye Brains mmEye multimedia server NetBSD/mvme68k Motorola MVME 68k Single Board Computers NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers NetBSD/netwinder StrongARM based NetWinder machines NetBSD/news68k Sony's 68k-based “ NET WORK STATION ” series NetBSD/newsmips Sony's MIPS-based “ NET WORK STATION ” series NetBSD/next68k NeXT 68k “ black ” hardware NetBSD/ofppc OpenFirmware PowerPC machines NetBSD/pmax Digital MIPS-based DECstations and DECsystems NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines NetBSD/rs6000 IBM RS/6000 MCA-based PowerPC machines. NetBSD/sandpoint Motorola Sandpoint reference platform, including many PPC-based NAS boxes NetBSD/sgimips Silicon Graphics' MIPS-based workstations NetBSD/shark Digital DNARD ( “ shark ” ) NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode) NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode) NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010 CPU NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines NetBSD/vax Digital VAX NetBSD/x68k Sharp X680x0 series NetBSD/xen The Xen virtual machine monitor NetBSD/zaurus Sharp ARM PDAs Ports available in source form only for this release include the following: NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems NetBSD/ia64 Itanium family of processors

Dedication NetBSD 8.0 is dedicated to the memory of Nicolas Joly, who passed away in June 2017. Nicolas' technical contributions are too many to list here in full. He committed more than 1000 changes all over the NetBSD source tree and pkgsrc. Beyond that he was always helpful and friendly. His example encouraged users to contribute to the project and share their work with the community.

Acknowledgments The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at: www.NetBSD.org/people/ We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Tasty Lime and the Network Security Lab at Columbia University's Computer Science Department for current colocation services. Thanks to Fastly for providing the CDN services.

About NetBSD NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent for use in both production and research environments, and the source code is freely available under a business-friendly license. NetBSD is developed and supported by a large and vibrant international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection.

About the NetBSD Foundation The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers. As a non-profit organization with no commercial backing, the NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome to help with ongoing upgrades and maintenance, as well as with operating expenses for the NetBSD Foundation. Donations can be done via PayPal to <paypal@NetBSD.org> , or via Google Checkout and are fully tax-deductible in the US. See www.NetBSD.org/donations/ for more information, or contact <finance-exec@NetBSD.org> directly.

Back to NetBSD 8.x formal releases