Announcing NetBSD 4.0

Introduction

The NetBSD Project is pleased to announce that release 4.0 of the NetBSD operating system is now available. NetBSD is a free, secure, and highly portable Unix-like Open Source operating system available for many platforms, from 64-bit Opteron machines and desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent in both production and research environments, and it is user-supported with complete source. Many applications are easily available through pkgsrc, the NetBSD Packages Collection.

Major achievements in NetBSD 4.0 include support for version 3 of the Xen virtual machine monitor, Bluetooth, many new device drivers and embedded platforms based on ARM, PowerPC and MIPS CPUs. New network services include iSCSI target (server) code and an implementation of the Common Address Redundancy Protocol. Also, system security was further enhanced with restrictions of mprotect(2) to enforce W^X policies, the Kernel Authorization framework, and improvements of the Veriexec file integrity subsystem, which can be used to harden the system against trojan horses and virus attacks. Please read below for a list of changes in NetBSD 4.0.

NetBSD 4.0 runs on 54 different system architectures featuring 17 machine architectures across 17 distinct CPU families, and is being ported to more. The NetBSD 4.0 release contains complete binary releases for 51 different machine types, with the platforms amigappc, bebox and ews4800mips released in source form only. Complete source and binaries for NetBSD 4.0 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services is provided at the end of this announcement; the latest list of available download sites may also be found at http://www.NetBSD.org/mirrors/. We encourage users who wish to install via a CD-ROM ISO image to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of hashes for the NetBSD 4.0 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-4.0_hashes.asc

NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources; some are listed at http://www.NetBSD.org/gallery/consultants.html. More extensive information on NetBSD is available from our website:

Dedication

NetBSD 4.0 is dedicated to the memory of Jun-Ichiro "itojun" Hagino, who died in October 2007. Itojun was a member of the KAME project, which provided IPv6 and IPsec support; he was also a member of the NetBSD core team (the technical management for the project), and one of the Security Officers. Due to Itojun's efforts, NetBSD was the first open source operating system with a production ready IPv6 networking stack, which was included in the base system before many people knew what IPv6 was. We are grateful to have known and worked with Itojun, and we know that he will be missed. This release is therefore dedicated, with thanks, to his memory.

Fundraising

We would like to remind everyone that the Fundraising Campaign 2007 is still underway, but it will soon be over with the end of the year. With this release, we would like to call all NetBSD users to send a Christmas present to the project. You can help us to improve NetBSD even more - donate!

System families supported by NetBSD 4.0

The NetBSD 4.0 release provides supported binary distributions for the following systems:

NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems
NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500
NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards
NetBSD/alpha Digital/Compaq Alpha (64-bit)
NetBSD/amd64 AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension
NetBSD/amiga Commodore Amiga and MacroSystem DraCo
NetBSD/arc MIPS-based machines following the Advanced RISC Computing spec
NetBSD/atari Atari TT030, Falcon, Hades
NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285 evaluation boards
NetBSD/cesfic CES FIC8234 VME processor board
NetBSD/cobalt Cobalt Networks' MIPS-based Microservers
NetBSD/dreamcast Sega Dreamcast game console
NetBSD/evbarm Various ARM-based evaluation boards and appliances
NetBSD/evbmips Various MIPS-based evaluation boards and appliances
NetBSD/evbppc Various PowerPC-based evaluation boards and appliances
NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances
NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series
NetBSD/hppa Hewlett-Packard 9000 Series 700 workstations
NetBSD/hpcarm StrongARM based Windows CE PDA machines
NetBSD/hpcmips MIPS-based Windows CE PDA machines
NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines
NetBSD/i386 IBM PCs and PC clones with i386-family processors and up
NetBSD/ibmnws IBM Network Station 1000
NetBSD/iyonix Castle Technology's Iyonix ARM based PCs
NetBSD/landisk SH4 processor based NAS appliances
NetBSD/luna68k OMRON Tateisi Electric's LUNA series
NetBSD/mac68k Apple Macintosh with Motorola 68k CPU
NetBSD/macppc Apple PowerPC-based Macintosh and clones
NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and servers
NetBSD/mmeye Brains mmEye multimedia server
NetBSD/mvme68k Motorola MVME 68k Single Board Computers
NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers
NetBSD/netwinder StrongARM based NetWinder machines
NetBSD/news68k Sony's 68k-based NET WORK STATION series
NetBSD/newsmips Sony's MIPS-based NET WORK STATION series
NetBSD/next68k NeXT 68k black hardware
NetBSD/ofppc OpenFirmware PowerPC machines
NetBSD/pmax Digital MIPS-based DECstations and DECsystems
NetBSD/pmppc Artesyn's PM/PPC board
NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines
NetBSD/sandpoint Motorola Sandpoint reference platform
NetBSD/sbmips Broadcom SiByte evaluation boards
NetBSD/sgimips Silicon Graphics' MIPS-based workstations
NetBSD/shark Digital DNARD (shark)
NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode)
NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode)
NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010 CPU
NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines
NetBSD/vax Digital VAX
NetBSD/x68k Sharp X680x0 series
NetBSD/xen The Xen virtual machine monitor

Ports available in source form only for this release include the following:

NetBSD/amigappc PowerPC-based Amiga boards
NetBSD/bebox Be Inc's BeBox
NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation

Major Changes Between 3.0 and 4.0

The complete list of changes can be found in the CHANGES and CHANGES-4.0 files in the top level directory of the NetBSD 4.0 release tree. Some highlights include:

Networking

  • agr(4): new pseudo-device driver for link level aggregation.
  • IPv6 support was extended with an RFC 3542-compliant API and added for gre(4) tunnels and the tun(4) device.
  • An NDIS-wrapper was added to use Windows binary drivers on the i386 platform, see ndiscvt(8).
  • The IPv4 source-address selection policy can be set from a number of algorithms. See "IPSRCSEL" in options(4) and in_getifa(9).
  • Imported wpa_supplicant(8) and wpa_cli(8). Utilities to connect and handle aspects of 802.11 WPA networks.
  • Imported hostapd(8). An authenticator for IEEE 802.11 networks.
  • carp(4): imported Common Address Redundancy Protocol to allow multiple hosts to share a set of IP addresses for high availability / redundancy, from OpenBSD.
  • ALTQ support for the PF packet filter.
  • etherip(4): new EtherIP tunneling device. It's able to tunnel Ethernet traffic over IPv4 and IPv6 using the EtherIP protocol specified in RFC 3378.
  • ftpd(8) can now run in standalone mode, instead of from inetd(8).
  • tftp(1) now has support for multicast TFTP operation in open-loop mode, server is in progress.
  • tcp(4): added support for RFC 3465 Appropriate Byte Counting (ABC) and Explicit Congestion Notification as defined in RFC 3168.

File systems

  • scan_ffs(8), scan_lfs(8): utilities to find FFSv1/v2 and LFS partitions to recover lost disklabels on disks and image files.
  • tmpfs: added a new memory-based file system aimed at replacing mfs. Contrary to mfs, it is not based on a disk file system, so it is more efficient both in overall memory consumption and speed. See mount_tmpfs(8).
  • Added UDF support for optical media and block devices, see mount_udf(8). Read-only for now.
  • NFS export list handling was changed to be filesystem independent.
  • LFS: lots of stability improvements and new cleaner daemon. It is now also possible to use LFS as root filesystem.
  • vnd(4): the vnode disk driver can be used on filesystems such as smbfs and tmpfs.
  • Support for System V Boot File System was added, see newfs_sysvbfs(8) and mount_sysvbfs(8).

Drivers

  • Audio:

    • Support for new models on drivers such as Intel ICH8/6300ESB, NVIDIA nForce 3/4, etc.
    • Added support for AC'97 modems.
    • auich(4): added support to handle the AC'97 modem as audio device, enabled with the kernel option AUICH_ATTACH_MODEM.
    • azalia(4): added support for S/PDIF.

  • Hardware Monitors:

    • amdpm(4): added support for the i2c bus on the AMD-8111 used on many Opteron motherboards and for the Analog Devices ADT7464 hardware monitor chip.
    • adt7467c(4): new driver for Analog Devices ADT7467 and ADM1030 hardware monitor chips.
    • ipmi(4): new driver for motherboards implementing the Intelligent Platform Management Interface 1.5 or 2.0, from OpenBSD.
    • it(4): new driver for iTE 8705F/8712F and SiS 950 hardware monitors.
    • The lm(4) driver was rewritten and support for more chips was added, for example for Winbond W83627HF, W83627THF, W83627DHG and Asus AS99127F.
    • owtemp(4): new driver for the 1-Wire temperature sensors.
    • tm121temp(4): new driver for the Texas Instruments TMP121 temperature sensor.
    • ug(4): new driver for Abit uGuru hardware monitor found on newer Abit motherboards.

  • Miscellaneous:

    • geodewdog(4): new AMD Geode SC1100 Watchdog Timer driver.
    • gscpcib(4): new AMD Geode SC1100 PCI-ISA bridge that provides support for the GPIO interface.

  • Networking:

    • ath(4): updated HALs with support for WiSOC (AR531x) and 32bit SPARC.
    • bge(4): added support for the following chips: BCM5753, BCM5753M, BCM5715, BCM5754, BCM5755 and BCM5787. Numerous improvements and bugfixes were made too.
    • kse(4): new driver for Micrel KSZ8842/8841 PCI network cards.
    • msk(4): new driver for Marvell Yukon 2 GigE PCI network cards, from OpenBSD.
    • nfe(4): new driver for NVIDIA nForce Ethernet network cards, from OpenBSD.
    • ral(4): new 802.11 driver for PCI/Cardbus Ralink RT2500, RT2501, RT2600, RT2661 and RT2500 USB chipsets, from OpenBSD.
    • rum(4): new 802.11 driver for USB Ralink RT2501 and RT2601 chipsets, from OpenBSD.
    • sip(4): now works on sparc64.
    • tlp(4): added support for ASIX AX88140A and AX88141.
    • vr(4): added support for the VIA Rhine III.
    • wm(4): added support for i8003, ICH8, ICH9 and others. Support for IPv6 Rx TCP/UDP Checksum Offloading and more.
    • wpi(4): new driver for Intel PRO/Wireless 3945ABG PCI 802.11 network cards, from OpenBSD.

  • Security:

    • glxsb(4): new driver for the AMD Geode LX AES Security Block that provides random numbers and AES acceleration, from OpenBSD.

  • Power Management:

    • Support for Intel Speedstep SMI on PIIX4 PCI-ISA for i386.
    • Support for AMD PowerNow and Cool'n'Quiet Technology on K7 and K8 CPUs (both in 32 and 64 bit mode), including Athlon Mobile, Athlon64, Opteron or X2. See options(4) for more information.
    • Support for more Enhanced Speedstep CPUs, including VIA C7/Eden and Intel Core Solo/Duo/Duo2. See options(4) for more information.
    • The Enhanced Speedstep and PowerNow drivers were modified to be able to be scaled in all CPUs available, saving power on SMP systems.

  • Storage:

    • ahcisata(4): new driver for AHCI 1.0 and 1.1 compliant SATA controllers.
    • ataraid(4): added support to handle Adaptec HostRAID and VIA V-Tech software RAID.
    • ciss(4): new driver for HP/Compaq 5th+ generation Smart ARRAY controllers, from OpenBSD.
    • fdc(4): added support for SBus based sparc64 machines and fixed formatting on sparc.
    • gcscide(4): new driver for the AMD Geode CS5535 Companion Device IDE controller.
    • jmide(4): new driver for JMicron Technology JMB36x PCIe to SATA II/PATA controllers.
    • mfi(4): new driver for LSI Logic and Dell MegaRAID SAS controllers, from OpenBSD.
    • mpt(4): added support for newer SAS and similar devices.
    • njata(4): new driver for Workbit NinjaATA-32 CardBus IDE controller.
    • pdcsata(4): added support for the Promise PDC20775, PDC20771, PDC40518, PDC40718 and some bugfixes.
    • piixide(4): added support for some ICH8/ICH8-M/ICH9 IDE and SATA controllers.
    • svwsata(4): new driver for Serverworks K2 SATA controllers, from OpenBSD.
    • viaide(4) added support for the VIA VT8237A SATA controller and AMD CS5536 Companion Device IDE Controller.

  • USB:

    • ucycom(4): new driver for Cypress microcontroller based serial devices.
    • uipaq(4): new driver for the iPAQ devices.
    • uslsa(4): new driver for Silicon Labs CP210x series serial adapters.
    • utoppy(4): new driver for the Topfield TF5000PVR range of digital video recorders.

Platforms

  • i386:

    • Added support for the for Multiboot specification. This means much improved support for loading the kernel by GRUB, including passing in parameters to the kernel.
    • Added the unichromefb framebuffer driver that supports the VIA Unichrome Graphics adapter.
    • vesafb(4): added new framebuffer driver that supports VESA BIOS (VBE) 2.0 extensions and up.
    • Added ability to boot from the cd9660 file system to the BIOS bootloader. This adds the ability to load much bigger kernels and the option of selecting different kernels at boot time.

  • evbarm: new platform support for Arcom Viper PXA255-based single board, Atmark Techno Armadillo-9 and Armadillo-210, Certance CP-3100, Linksys NSLU2 (a.k.a. "Slug") and I-O DATA HDL-G Giga LANDISK NAS devices.
  • evbmips: added support for Alchemy Au1550 processors, DBAu1550 boards, Alchemy Au15XX PCI host, (OMS-AL400/128) and Atheros AR5312 SoC.
  • New port ews4800mips: NEC's MIPS based EWS4800 workstations.
  • cobalt: added support for booting off raidframe RAID1 mirrors.
  • hpcmips: added the teliosio(4) driver for the Sharp Telios LCD screen and Battery unit.
  • New port landisk: port to the SH4 processor based NAS appliances, supporting models by I-O DATA (USL-5P, HDL-U, HDL-AV, HDL-W and HDLM-U series, SuperTank LAN Tank, UHDL-160U and UHDL-300U) and Plextor PX-EH16L, PX-EH25L and PX-EH40L.
  • macppc: this port has gained support to use accelerated wsdisplay drivers by default (if possible), and uses the appropriate driver rather than the Generic Open Firmware Framebuffer.
  • prep: this port has been modernized, and support for five additional machines has been added, among them the IBM 7024-E20 and 7025-F30 models and Motorola Powerstack E1. Additionally, sysinst support was added, and the bootloader process was improved, allowing easy installation and upgrade to future releases.
  • sparc: added support for booting off raidframe RAID1 mirrors.
  • Xen: support for Xen3 domU and dom0 (Unprivileged domain and domain 0), including support for hardware virtualization on CPUs that support it.

Kernel subsystems

  • Improved Firewire (IEEE1394) support imported from FreeBSD.
  • The midi(4) framework got a complete overhaul for better support of Active Sensing and improved handling of tempo and timebase changes.
  • Added a Bluetooth protocol stack including:

    • hardware drivers: ubt(4) for USB controllers, and bt3c(4) for the 3Com Bluetooth PC-Card.
    • socket based access to the HCI, L2CAP, RFCOMM and SCO protocols.
    • pseudo drivers for integrating services on remote Bluetooth devices such as Keyboards, Mice and SCO Audio into the NetBSD device framework.

    See bluetooth(4), bthset(1) and btpin(1).

  • Imported the bio(4) framework from OpenBSD, to query/control block hardware RAID device controllers. Currently supporting the mfi(4) driver.
  • Kernel uses stateful read-ahead algorithm.
  • dkctl(8) can be used to switch buffer queuing strategies on the fly on wd(4) disks, see also bufq(9).
  • fileassoc(9) is used by Veriexec, it adds in-kernel and file-system independent file meta-data association interface.
  • firmload(9): an API for loading firmware images used by various hardware devices.
  • gpio(4): imported General Purpose I/O framework from OpenBSD.
  • onewire(4): imported Dallas Semiconductor 1-wire bus framework from OpenBSD.
  • The proplib(3) protocol was added for sending property lists to/from the kernel using ioctls.
  • spi(4): new SPI (Serial Peripherial Interface) framework.
  • timecounter(9) adds a new time-keeping infrastructure along with NTP API 4 nanokernel implementation. Almost all platforms were changed to support this API.
  • Start of 32bit-Linux-emulation for amd64 (COMPAT_LINUX32).
  • wscons(4) console driver supports splash screens, scrolling, progress bar for kernel and boot messages.

Kernel interfaces have continued to be refined, and more subsystems and device drivers are shared among the different ports. You can look for this trend to continue.

Security

  • The FAST_IPSEC IPsec implementation was extended to use hardware acceleration for IPv6, in addition to the hardware accelerated IPv4 that was available before. See fast_ipsec(4) for more information.
  • mprotect(2) got restrictions to enforce W^X policies, from PaX. See options(4), sysctl(3), and paxctl(8).
  • GCC 4's support for stack smashing protection (SSP) was enabled by adding libssp, see security(8).
  • The kernel authorization framework kauth(9) was added, replacing the traditional BSD credential management and privileged operation access control with an abstract layer, allowing the implementation of various security models either as part of the NetBSD distribution or as third-party LKMs.

    NetBSD's kernel authorization is a hybrid clean-room implementation of a similar interface developed by Apple, extending its capabilities and combining concepts of credential inheritance control.

Userland

  • 3rd party software updates:

    • BIND 9.4.1-P1
    • OpenSSL 0.9.8e
    • CVS 1.11.22
    • OpenSSH 4.4
    • gettext 0.14.4
    • PF from OpenBSD 3.7
    • (n)awk 20050424
    • Postfix 2.4.5
    • am-utils 6.1.3
    • file 4.21
    • zlib 1.2.3
    • GNU binutils 2.16.1
    • GNU groff 1.19.2
    • IPFilter 4.1.23
    • GNU gcc 4.1.2 prerelease
    • GNU gdb 6.5 (some architectures)
    • NTP 4.2.4p2
    • pppd 2.4.4

  • cdplay(1): added digital transfer mode support.
  • cksum(1) can now verify checksums.
  • csplit(1): new utility that splits a file into pieces. From FreeBSD/OpenBSD.
  • identd(8): added support for forwarding ident queries and receiving of proxied ident queries.
  • getent(1): added support for the ethers database.
  • gkermit(1): new program for transferring files using the Kermit protocol.
  • mail(1): added support for Mime and multi-character set handling, command line editing and completion.
  • utoppya(1): new utility to interface to the utoppy(4) driver.
  • init(8): added support for running multi-user in a chroot() environment. Allows / file system on e.g., cgd(4), vnd(4) or ccd(4) volumes.
  • gpt(8): new GUID partition table maintenance utility, from FreeBSD.
  • iSCSI target (server) code added, see iscsi-target(8); Initiator (client) code is underway.
  • lockstat(8): new command to display a summary of kernel locking events recorded over the lifetime of a called program.
  • ofctl(8): new command to display the OpenPROM or OpenFirmware device tree for the macppc, shark and sparc64.
  • Various utilities to support Bluetooth were added:

    • btconfig(8) for controller configuration.
    • btdevctl(8) to manage pseudo devices relating to remote services.
    • bthcid(8) and btpin(1) for authenticating radio connections.
    • sdpd(8) for providing service discovery to remote devices.
    • sdpquery(1) for querying services on remote devices.
    • rfcomm_sppd(1) to access remote services over RFCOMM via stdio or pty.
    • bthset(1) for making connections to Bluetooth headsets.

Besides this list, there have also been innumerable bug fixes and other miscellaneous enhancements of course.

Components removed from NetBSD

In this release of NetBSD, some software components known from previous releases were removed from the system. In some cases those were components that are not useful anymore or their utility does not justify maintenance overhead. Other components were not working properly and there was lack of interest in fixing them.

  • Sushi was removed from the base system due to lack of interest and maintenance. If you really want it, it is available in the CVS repository at othersrc/usr.sbin/sushi. However, be warned that it is unmaintained and is most likely out of date.
  • Vinum was removed due to lack of interest and maintenance. At the time of removal, it had several known serious issues (including not being compilable). RAIDframe provides similar functionality. If you were using Vinum you will need to back up your data, delete the Vinum partitions, create RAIDframe partitions, and restore your data to them. Details about RAIDframe can be found in raid(4), raidctl(8), and the NetBSD Guide.
  • Sendmail was removed. Postfix is the MTA and provides the sendmail(1) command line tool. Postfix has been included with NetBSD since NetBSD 1.5 was released in December 2000. Details about Postfix can be found in the NetBSD Guide. For those who need Sendmail, it is available from pkgsrc in the mail/sendmail and mail/sendmail813 packages.
  • NETCCITT and NETNS were removed due to lack of interest and maintenance. They had known serious issues (including being out of date with respect to other network code) and there were no known users at the time of their removal. Unfortunately, there is no replacement or option for them.
  • UUCP was removed. The NetBSD improvements were merged into the pkgsrc version. For those who use UUCP tools, they are available from pkgsrc in the net/uucp package. The cu(1) command is available as a frontend to tip(1).
  • The Fortran 77 compiler (g77) has been removed with the transition from GCC 3 to GCC 4, which does not include it. For those who need it, it is available from pkgsrc in the lang/gcc3-f77 package.
  • The evbsh5 port has been removed from NetBSD due to lack of interest, compounded by a lack of available SH5 hardware.

Acknowledgments

The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at:

We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Systems Consortium Inc., the Network Security Lab at Columbia University's Computer Science Department, and Ludd (Luleå Academic Computer Society) computer society at Luleå University of Technology for current colocation services.

About the NetBSD Foundation

The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers.

As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome assistance with ongoing upgrades and maintenance, as well as with operating expenses for The NetBSD Foundation.

Donations can be done via PayPal to and are fully tax-deductible in the US. If you would prefer not to use PayPal, or would like to make other arrangements, please contact .

NetBSD mirror sites

Please use a mirror site close to you.

Please also note our list of CD-ROM vendors.


Back to  NetBSD 4.x formal releases