Announcing NetBSD 4.0
The NetBSD Project is pleased to announce that release 4.0 of the NetBSD operating system is now available. NetBSD is a free, secure, and highly portable Unix-like Open Source operating system available for many platforms, from 64-bit Opteron machines and desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent in both production and research environments, and it is user-supported with complete source. Many applications are easily available through pkgsrc, the NetBSD Packages Collection.
Major achievements in NetBSD 4.0 include support for version 3 of the Xen virtual machine monitor, Bluetooth, many new device drivers and embedded platforms based on ARM, PowerPC and MIPS CPUs. New network services include iSCSI target (server) code and an implementation of the Common Address Redundancy Protocol. Also, system security was further enhanced with restrictions of mprotect(2) to enforce W^X policies, the Kernel Authorization framework, and improvements of the Veriexec file integrity subsystem, which can be used to harden the system against trojan horses and virus attacks. Please read below for a list of changes in NetBSD 4.0.
NetBSD 4.0 runs on 54 different system architectures featuring 17 machine architectures across 17 distinct CPU families, and is being ported to more. The NetBSD 4.0 release contains complete binary releases for 51 different machine types, with the platforms amigappc, bebox and ews4800mips released in source form only. Complete source and binaries for NetBSD 4.0 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services is provided at the end of this announcement; the latest list of available download sites may also be found at http://www.NetBSD.org/mirrors/. We encourage users who wish to install via a CD-ROM ISO image to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of hashes for the NetBSD 4.0 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-4.0_hashes.asc
NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources; some are listed at http://www.NetBSD.org/gallery/consultants.html. More extensive information on NetBSD is available from our website:
NetBSD 4.0 is dedicated to the memory of Jun-Ichiro "itojun" Hagino, who died in October 2007. Itojun was a member of the KAME project, which provided IPv6 and IPsec support; he was also a member of the NetBSD core team (the technical management for the project), and one of the Security Officers. Due to Itojun's efforts, NetBSD was the first open source operating system with a production ready IPv6 networking stack, which was included in the base system before many people knew what IPv6 was. We are grateful to have known and worked with Itojun, and we know that he will be missed. This release is therefore dedicated, with thanks, to his memory.
We would like to remind everyone that the Fundraising Campaign 2007 is still underway, but it will soon be over with the end of the year. With this release, we would like to call all NetBSD users to send a Christmas present to the project. You can help us to improve NetBSD even more - donate!
The NetBSD 4.0 release provides supported binary distributions for the following systems:
NetBSD/acorn26 | Acorn Archimedes, A-series and R-series systems |
NetBSD/acorn32 | Acorn RiscPC/A7000, VLSI RC7500 |
NetBSD/algor | Algorithmics, Ltd. MIPS evaluation boards |
NetBSD/alpha | Digital/Compaq Alpha (64-bit) |
NetBSD/amd64 | AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension |
NetBSD/amiga | Commodore Amiga and MacroSystem DraCo |
NetBSD/arc | MIPS-based machines following the Advanced RISC Computing spec |
NetBSD/atari | Atari TT030, Falcon, Hades |
NetBSD/cats | Chalice Technology's CATS and Intel's EBSA-285 evaluation boards |
NetBSD/cesfic | CES FIC8234 VME processor board |
NetBSD/cobalt | Cobalt Networks' MIPS-based Microservers |
NetBSD/dreamcast | Sega Dreamcast game console |
NetBSD/evbarm | Various ARM-based evaluation boards and appliances |
NetBSD/evbmips | Various MIPS-based evaluation boards and appliances |
NetBSD/evbppc | Various PowerPC-based evaluation boards and appliances |
NetBSD/evbsh3 | Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances |
NetBSD/hp300 | Hewlett-Packard 9000/300 and 400 series |
NetBSD/hppa | Hewlett-Packard 9000 Series 700 workstations |
NetBSD/hpcarm | StrongARM based Windows CE PDA machines |
NetBSD/hpcmips | MIPS-based Windows CE PDA machines |
NetBSD/hpcsh | Hitachi Super-H based Windows CE PDA machines |
NetBSD/i386 | IBM PCs and PC clones with i386-family processors and up |
NetBSD/ibmnws | IBM Network Station 1000 |
NetBSD/iyonix | Castle Technology's Iyonix ARM based PCs |
NetBSD/landisk | SH4 processor based NAS appliances |
NetBSD/luna68k | OMRON Tateisi Electric's LUNA series |
NetBSD/mac68k | Apple Macintosh with Motorola 68k CPU |
NetBSD/macppc | Apple PowerPC-based Macintosh and clones |
NetBSD/mipsco | MIPS Computer Systems Inc. family of workstations and servers |
NetBSD/mmeye | Brains mmEye multimedia server |
NetBSD/mvme68k | Motorola MVME 68k Single Board Computers |
NetBSD/mvmeppc | Motorola PowerPC VME Single Board Computers |
NetBSD/netwinder | StrongARM based NetWinder machines |
NetBSD/news68k | Sony's 68k-based “NET WORK STATION” series |
NetBSD/newsmips | Sony's MIPS-based “NET WORK STATION” series |
NetBSD/next68k | NeXT 68k “black” hardware |
NetBSD/ofppc | OpenFirmware PowerPC machines |
NetBSD/pmax | Digital MIPS-based DECstations and DECsystems |
NetBSD/pmppc | Artesyn's PM/PPC board |
NetBSD/prep | PReP (PowerPC Reference Platform) and CHRP machines |
NetBSD/sandpoint | Motorola Sandpoint reference platform |
NetBSD/sbmips | Broadcom SiByte evaluation boards |
NetBSD/sgimips | Silicon Graphics' MIPS-based workstations |
NetBSD/shark | Digital DNARD (“shark”) |
NetBSD/sparc | Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode) |
NetBSD/sparc64 | Sun UltraSPARC (in native 64-bit mode) |
NetBSD/sun2 | Sun Microsystems Sun 2 machines with Motorola 68010 CPU |
NetBSD/sun3 | Motorola 68020 and 030 based Sun 3 and 3x machines |
NetBSD/vax | Digital VAX |
NetBSD/x68k | Sharp X680x0 series |
NetBSD/xen | The Xen virtual machine monitor |
Ports available in source form only for this release include the following:
NetBSD/amigappc | PowerPC-based Amiga boards |
NetBSD/bebox | Be Inc's BeBox |
NetBSD/ews4800mips | NEC's MIPS-based EWS4800 workstation |
The complete list of changes can be found in the CHANGES and CHANGES-4.0 files in the top level directory of the NetBSD 4.0 release tree. Some highlights include:
- agr(4): new pseudo-device driver for link level aggregation.
- IPv6 support was extended with an RFC 3542-compliant API and added for gre(4) tunnels and the tun(4) device.
- An NDIS-wrapper was added to use Windows binary drivers on the i386 platform, see ndiscvt(8).
- The IPv4 source-address selection policy can be set from a number of algorithms. See "IPSRCSEL" in options(4) and in_getifa(9).
- Imported wpa_supplicant(8) and wpa_cli(8). Utilities to connect and handle aspects of 802.11 WPA networks.
- Imported hostapd(8). An authenticator for IEEE 802.11 networks.
- carp(4): imported Common Address Redundancy Protocol to allow multiple hosts to share a set of IP addresses for high availability / redundancy, from OpenBSD.
- ALTQ support for the PF packet filter.
- etherip(4): new EtherIP tunneling device. It's able to tunnel Ethernet traffic over IPv4 and IPv6 using the EtherIP protocol specified in RFC 3378.
- ftpd(8) can now run in standalone mode, instead of from inetd(8).
- tftp(1) now has support for multicast TFTP operation in open-loop mode, server is in progress.
- tcp(4): added support for RFC 3465 Appropriate Byte Counting (ABC) and Explicit Congestion Notification as defined in RFC 3168.
- scan_ffs(8), scan_lfs(8): utilities to find FFSv1/v2 and LFS partitions to recover lost disklabels on disks and image files.
- tmpfs: added a new memory-based file system aimed at replacing mfs. Contrary to mfs, it is not based on a disk file system, so it is more efficient both in overall memory consumption and speed. See mount_tmpfs(8).
- Added UDF support for optical media and block devices, see mount_udf(8). Read-only for now.
- NFS export list handling was changed to be filesystem independent.
- LFS: lots of stability improvements and new cleaner daemon. It is now also possible to use LFS as root filesystem.
- vnd(4): the vnode disk driver can be used on filesystems such as smbfs and tmpfs.
- Support for System V Boot File System was added, see newfs_sysvbfs(8) and mount_sysvbfs(8).
-
Audio:
-
Hardware Monitors:
- amdpm(4): added support for the i2c bus on the AMD-8111 used on many Opteron motherboards and for the Analog Devices ADT7464 hardware monitor chip.
- adt7467c(4): new driver for Analog Devices ADT7467 and ADM1030 hardware monitor chips.
- ipmi(4): new driver for motherboards implementing the Intelligent Platform Management Interface 1.5 or 2.0, from OpenBSD.
- it(4): new driver for iTE 8705F/8712F and SiS 950 hardware monitors.
- The lm(4) driver was rewritten and support for more chips was added, for example for Winbond W83627HF, W83627THF, W83627DHG and Asus AS99127F.
- owtemp(4): new driver for the 1-Wire temperature sensors.
- tm121temp(4): new driver for the Texas Instruments TMP121 temperature sensor.
- ug(4): new driver for Abit uGuru hardware monitor found on newer Abit motherboards.
-
Miscellaneous:
- geodewdog(4): new AMD Geode SC1100 Watchdog Timer driver.
- gscpcib(4): new AMD Geode SC1100 PCI-ISA bridge that provides support for the GPIO interface.
-
Networking:
- ath(4): updated HALs with support for WiSOC (AR531x) and 32bit SPARC.
- bge(4): added support for the following chips: BCM5753, BCM5753M, BCM5715, BCM5754, BCM5755 and BCM5787. Numerous improvements and bugfixes were made too.
- kse(4): new driver for Micrel KSZ8842/8841 PCI network cards.
- msk(4): new driver for Marvell Yukon 2 GigE PCI network cards, from OpenBSD.
- nfe(4): new driver for NVIDIA nForce Ethernet network cards, from OpenBSD.
- ral(4): new 802.11 driver for PCI/Cardbus Ralink RT2500, RT2501, RT2600, RT2661 and RT2500 USB chipsets, from OpenBSD.
- rum(4): new 802.11 driver for USB Ralink RT2501 and RT2601 chipsets, from OpenBSD.
- sip(4): now works on sparc64.
- tlp(4): added support for ASIX AX88140A and AX88141.
- vr(4): added support for the VIA Rhine III.
- wm(4): added support for i8003, ICH8, ICH9 and others. Support for IPv6 Rx TCP/UDP Checksum Offloading and more.
- wpi(4): new driver for Intel PRO/Wireless 3945ABG PCI 802.11 network cards, from OpenBSD.
-
Security:
- glxsb(4): new driver for the AMD Geode LX AES Security Block that provides random numbers and AES acceleration, from OpenBSD.
-
Power Management:
- Support for Intel Speedstep SMI on PIIX4 PCI-ISA for i386.
- Support for AMD PowerNow and Cool'n'Quiet Technology on K7 and K8 CPUs (both in 32 and 64 bit mode), including Athlon Mobile, Athlon64, Opteron or X2. See options(4) for more information.
- Support for more Enhanced Speedstep CPUs, including VIA C7/Eden and Intel Core Solo/Duo/Duo2. See options(4) for more information.
- The Enhanced Speedstep and PowerNow drivers were modified to be able to be scaled in all CPUs available, saving power on SMP systems.
-
Storage:
- ahcisata(4): new driver for AHCI 1.0 and 1.1 compliant SATA controllers.
- ataraid(4): added support to handle Adaptec HostRAID and VIA V-Tech software RAID.
- ciss(4): new driver for HP/Compaq 5th+ generation Smart ARRAY controllers, from OpenBSD.
- fdc(4): added support for SBus based sparc64 machines and fixed formatting on sparc.
- gcscide(4): new driver for the AMD Geode CS5535 Companion Device IDE controller.
- jmide(4): new driver for JMicron Technology JMB36x PCIe to SATA II/PATA controllers.
- mfi(4): new driver for LSI Logic and Dell MegaRAID SAS controllers, from OpenBSD.
- mpt(4): added support for newer SAS and similar devices.
- njata(4): new driver for Workbit NinjaATA-32 CardBus IDE controller.
- pdcsata(4): added support for the Promise PDC20775, PDC20771, PDC40518, PDC40718 and some bugfixes.
- piixide(4): added support for some ICH8/ICH8-M/ICH9 IDE and SATA controllers.
- svwsata(4): new driver for Serverworks K2 SATA controllers, from OpenBSD.
- viaide(4) added support for the VIA VT8237A SATA controller and AMD CS5536 Companion Device IDE Controller.
-
USB:
-
i386:
- Added support for the for Multiboot specification. This means much improved support for loading the kernel by GRUB, including passing in parameters to the kernel.
- Added the unichromefb framebuffer driver that supports the VIA Unichrome Graphics adapter.
- vesafb(4): added new framebuffer driver that supports VESA BIOS (VBE) 2.0 extensions and up.
- Added ability to boot from the cd9660 file system to the BIOS bootloader. This adds the ability to load much bigger kernels and the option of selecting different kernels at boot time.
- evbarm: new platform support for Arcom Viper PXA255-based single board, Atmark Techno Armadillo-9 and Armadillo-210, Certance CP-3100, Linksys NSLU2 (a.k.a. "Slug") and I-O DATA HDL-G Giga LANDISK NAS devices.
- evbmips: added support for Alchemy Au1550 processors, DBAu1550 boards, Alchemy Au15XX PCI host, (OMS-AL400/128) and Atheros AR5312 SoC.
- New port ews4800mips: NEC's MIPS based EWS4800 workstations.
- cobalt: added support for booting off raidframe RAID1 mirrors.
- hpcmips: added the teliosio(4) driver for the Sharp Telios LCD screen and Battery unit.
- New port landisk: port to the SH4 processor based NAS appliances, supporting models by I-O DATA (USL-5P, HDL-U, HDL-AV, HDL-W and HDLM-U series, SuperTank LAN Tank, UHDL-160U and UHDL-300U) and Plextor PX-EH16L, PX-EH25L and PX-EH40L.
- macppc: this port has gained support to use accelerated wsdisplay drivers by default (if possible), and uses the appropriate driver rather than the Generic Open Firmware Framebuffer.
- prep: this port has been modernized, and support for five additional machines has been added, among them the IBM 7024-E20 and 7025-F30 models and Motorola Powerstack E1. Additionally, sysinst support was added, and the bootloader process was improved, allowing easy installation and upgrade to future releases.
- sparc: added support for booting off raidframe RAID1 mirrors.
- Xen: support for Xen3 domU and dom0 (Unprivileged domain and domain 0), including support for hardware virtualization on CPUs that support it.
- Improved Firewire (IEEE1394) support imported from FreeBSD.
- The midi(4) framework got a complete overhaul for better support of Active Sensing and improved handling of tempo and timebase changes.
-
Added a Bluetooth protocol stack including:
See bluetooth(4), bthset(1) and btpin(1).
- Imported the bio(4) framework from OpenBSD, to query/control block hardware RAID device controllers. Currently supporting the mfi(4) driver.
- Kernel uses stateful read-ahead algorithm.
- dkctl(8) can be used to switch buffer queuing strategies on the fly on wd(4) disks, see also bufq(9).
- fileassoc(9) is used by Veriexec, it adds in-kernel and file-system independent file meta-data association interface.
- firmload(9): an API for loading firmware images used by various hardware devices.
- gpio(4): imported General Purpose I/O framework from OpenBSD.
- onewire(4): imported Dallas Semiconductor 1-wire bus framework from OpenBSD.
- The proplib(3) protocol was added for sending property lists to/from the kernel using ioctls.
- spi(4): new SPI (Serial Peripherial Interface) framework.
- timecounter(9) adds a new time-keeping infrastructure along with NTP API 4 nanokernel implementation. Almost all platforms were changed to support this API.
- Start of 32bit-Linux-emulation for amd64 (COMPAT_LINUX32).
- wscons(4) console driver supports splash screens, scrolling, progress bar for kernel and boot messages.
Kernel interfaces have continued to be refined, and more subsystems and device drivers are shared among the different ports. You can look for this trend to continue.
- The FAST_IPSEC IPsec implementation was extended to use hardware acceleration for IPv6, in addition to the hardware accelerated IPv4 that was available before. See fast_ipsec(4) for more information.
- mprotect(2) got restrictions to enforce W^X policies, from PaX. See options(4), sysctl(3), and paxctl(8).
- GCC 4's support for stack smashing protection (SSP) was enabled by adding libssp, see security(8).
-
The kernel authorization framework kauth(9) was added, replacing the traditional BSD credential management and privileged operation access control with an abstract layer, allowing the implementation of various security models either as part of the NetBSD distribution or as third-party LKMs.
NetBSD's kernel authorization is a hybrid clean-room implementation of a similar interface developed by Apple, extending its capabilities and combining concepts of credential inheritance control.
-
3rd party software updates:
- BIND 9.4.1-P1
- OpenSSL 0.9.8e
- CVS 1.11.22
- OpenSSH 4.4
- gettext 0.14.4
- PF from OpenBSD 3.7
- (n)awk 20050424
- Postfix 2.4.5
- am-utils 6.1.3
- file 4.21
- zlib 1.2.3
- GNU binutils 2.16.1
- GNU groff 1.19.2
- IPFilter 4.1.23
- GNU gcc 4.1.2 prerelease
- GNU gdb 6.5 (some architectures)
- NTP 4.2.4p2
- pppd 2.4.4
- cdplay(1): added digital transfer mode support.
- cksum(1) can now verify checksums.
- csplit(1): new utility that splits a file into pieces. From FreeBSD/OpenBSD.
- identd(8): added support for forwarding ident queries and receiving of proxied ident queries.
- getent(1): added support for the ethers database.
- gkermit(1): new program for transferring files using the Kermit protocol.
- mail(1): added support for Mime and multi-character set handling, command line editing and completion.
- utoppya(1): new utility to interface to the utoppy(4) driver.
- init(8): added support for running multi-user in a chroot() environment. Allows / file system on e.g., cgd(4), vnd(4) or ccd(4) volumes.
- gpt(8): new GUID partition table maintenance utility, from FreeBSD.
- iSCSI target (server) code added, see iscsi-target(8); Initiator (client) code is underway.
- lockstat(8): new command to display a summary of kernel locking events recorded over the lifetime of a called program.
- ofctl(8): new command to display the OpenPROM or OpenFirmware device tree for the macppc, shark and sparc64.
-
Various utilities to support Bluetooth were added:
- btconfig(8) for controller configuration.
- btdevctl(8) to manage pseudo devices relating to remote services.
- bthcid(8) and btpin(1) for authenticating radio connections.
- sdpd(8) for providing service discovery to remote devices.
- sdpquery(1) for querying services on remote devices.
- rfcomm_sppd(1) to access remote services over RFCOMM via stdio or pty.
- bthset(1) for making connections to Bluetooth headsets.
Besides this list, there have also been innumerable bug fixes and other miscellaneous enhancements of course.
In this release of NetBSD, some software components known from previous releases were removed from the system. In some cases those were components that are not useful anymore or their utility does not justify maintenance overhead. Other components were not working properly and there was lack of interest in fixing them.
- Sushi was removed from the base system due to lack of interest and maintenance. If you really want it, it is available in the CVS repository at othersrc/usr.sbin/sushi. However, be warned that it is unmaintained and is most likely out of date.
- Vinum was removed due to lack of interest and maintenance. At the time of removal, it had several known serious issues (including not being compilable). RAIDframe provides similar functionality. If you were using Vinum you will need to back up your data, delete the Vinum partitions, create RAIDframe partitions, and restore your data to them. Details about RAIDframe can be found in raid(4), raidctl(8), and the NetBSD Guide.
-
Sendmail was removed. Postfix is the MTA and provides the
sendmail(1) command line tool. Postfix has been included
with NetBSD since NetBSD 1.5 was released in December 2000.
Details about Postfix can be found in the
NetBSD Guide.
For those who need Sendmail, it is available from pkgsrc in the
mail/sendmail
andmail/sendmail813
packages. - NETCCITT and NETNS were removed due to lack of interest and maintenance. They had known serious issues (including being out of date with respect to other network code) and there were no known users at the time of their removal. Unfortunately, there is no replacement or option for them.
-
UUCP was removed. The NetBSD improvements were merged
into the pkgsrc version.
For those who use UUCP tools,
they are available from pkgsrc in the
net/uucp
package. The cu(1) command is available as a frontend to tip(1). -
The Fortran 77 compiler (g77)
has been removed with the
transition from GCC 3 to GCC 4, which does not include it. For
those who need it, it is available from pkgsrc in the
lang/gcc3-f77
package. - The evbsh5 port has been removed from NetBSD due to lack of interest, compounded by a lack of available SH5 hardware.
The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at:
We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Systems Consortium Inc., the Network Security Lab at Columbia University's Computer Science Department, and Ludd (Luleå Academic Computer Society) computer society at Luleå University of Technology for current colocation services.
The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers.
As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome assistance with ongoing upgrades and maintenance, as well as with operating expenses for The NetBSD Foundation.
Donations can be done via PayPal to <paypal@NetBSD.org>
and
are fully tax-deductible in the US. If you would prefer not to use PayPal,
or would like to make other arrangements, please contact
<finance-exec@NetBSD.org>
.
Please use a mirror site close to you.
Please also note our list of CD-ROM vendors.
Back to NetBSD 4.x formal releases