BSDSec

deadsimple BSD Security Advisories and Announcements

NetBSD 8.0 Release Candidate 2 available

On behalf of the NetBSD project, it is my pleasure to announce the second
(and hopefully last) release candidate of NetBSD 8.0.

Unfortunately the first release candidate did not hold up in our
extensive testing (also know as eating our own dog food): many
NetBSD.org servers/machines were updated to it and worked fine, but the
auto build cluster, where we produce our binaries, did not work well.
The issue was tracked down to a driver bug (Intel 10 GBit ethernet),
only showing up in certain configurations, and it has been fixed now.

Other security events, like the new FPU related exploit on some Intel
CPUs, caused further kernel changes, so we are not going to release
NetBSD 8.0 directly, but instead provide this new release candidate for
additional testing.


Many changes have been made since 7.0.  Here are a few highlights:


 - USB stack rework, USB3 support added
 - In-kernel audio mixer
 - Reproducible builds
 - PaX MPROTECT (W^X) memory protection enforced by default on some
   architectures with fine-grained memory protection and suitable
   ELF formats: i386, amd64, evbarm, landisk, pmax
 - PaX ASLR enabled by default on:
   i386, amd64, evbarm, landisk, pmax, sparc64
 - MKPIE (position independent executables) by default for userland
   on: i386, amd64, arm, m68k, mips, sh3, sparc64
 - added can(4), a socket layer for CAN busses
 - added ipsecif(4) for route-based VPNs
 - made part of the network stack MP-safe
    NET_MPSAFE kernel option is required to try
 - WAPBL stability and performance improvements
 - On i386/amd64 cpus:
    Meltdown mitigation: SVS (separate virtual address spaces)
    Spectre mitigation (support in gcc, used by default for kernels)
    SMAP support
    (U)EFI bootloader
 - Various new drivers:
   nvme(4) for modern solid state disks
   iwm(4), a driver for Intel Wireless devices (AC7260, AC7265, AC3160...)
   ixg(4): X540, X550 and newer device support.
   ixv(4): Intel 10G Ethernet virtual function driver.
   bta2dpd - new Bluetooth Advanced Audio Distribution Profile daemon
 - Many evbarm kernels now use FDT (flat device tree) information
   (loadable at boot time from an external file) for device configuration,
   the number of kernels has decreased but the numer of boards has vastly
   increased
 - Lots of updates to 3rd party software included:
   GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer
   GDB 7.12
   GNU binutils 2.27
   Clang/LLVM 3.8.1
   OpenSSH 7.6
   OpenSSL 1.0.2k
   mdocml 1.14.1
   acpica 20170303
   ntp 4.2.8p11-o
   dhcpcd 7.0.3
   Lua 5.3.4
 


Binaries of NetBSD 8.0_RC2 are available for download via our Fastly
CDN:
	https://cdn.netbsd.org/pub/NetBSD/NetBSD-8.0_RC2/

(or from ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-8.0_RC2/, or one of
its mirrors)

Those who prefer to build from source can either use the netbsd-8-0-RC2
tag or follow the netbsd-8 branch.

Please help us out by testing 8.0_RC2.  We love any and all feedback.
Report problems through the usual channels (submit a PR or write to the
appropriate list).  More general feedback is welcome at
releng@NetBSD.org.  Your input will help us put the finishing touches on
what promises to be a great release!

Enjoy,

Martin