Mit gut einem Jahr Verspätung erscheint das lang ersehnte NetBSD 8.0 Release.
- USB stack rework, USB3 support added.
- In-kernel audio mixer (audio_system(9)).
- Reproducible builds (MKREPRO, see mk.conf(5)).
- Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.
- PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.
- PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.
- Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.
- A new socket layer can(4) has been added for communication of devices on a CAN bus.
- A special pseudo interface ipsecif(4) for route-based VPNs has been added.
- Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.
- Hardening of the network stack in general.
- Various WAPBL (the NetBSD file system "log" option) stability and performance improvements.
Specific to i386 and amd64 CPUs:
- Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.
- SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.
- SpectreV4 mitigations available for Intel and AMD.
- PopSS workaround: user access to debug registers is turned off by default.
- Lazy FPU saving disabled on vulnerable Intel CPUs ("eagerfpu").
- SMAP support.
- Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.
- (U)EFI bootloader.
Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.
Lots of updates to 3rd party software included:
- GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer
- GDB 7.12
- GNU binutils 2.27
- Clang/LLVM 3.8.1
- OpenSSH 7.6
- OpenSSL 1.0.2k
- mdocml 1.14.1
- acpica 20170303
- ntp 4.2.8p11-o
- dhcpcd 7.0.6
- Lua 5.3.4