Announcing NetBSD 8.0 (July 17, 2018)

The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.

This release brings stability improvements, hundreds of bug fixes, and many new features. Some highlights of the NetBSD 8.0 release are:

  • USB stack rework, USB3 support added.
  • In-kernel audio mixer (audio_system(9)).
  • Reproducible builds (MKREPRO, see mk.conf(5)).
  • Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.
  • PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.
  • PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.
  • Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.
  • A new socket layer can(4) has been added for communication of devices on a CAN bus.
  • A special pseudo interface ipsecif(4) for route-based VPNs has been added.
  • Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.
  • Hardening of the network stack in general.
  • Various WAPBL (the NetBSD file system "log" option) stability and performance improvements.

Specific to i386 and amd64 CPUs:

  • Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.
  • SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.
  • SpectreV4 mitigations available for Intel and AMD.
  • PopSS workaround: user access to debug registers is turned off by default.
  • Lazy FPU saving disabled on vulnerable Intel CPUs ("eagerfpu").
  • SMAP support.
  • Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.
  • (U)EFI bootloader.

Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.

Lots of updates to 3rd party software included:

  • GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer
  • GDB 7.12
  • GNU binutils 2.27
  • Clang/LLVM 3.8.1
  • OpenSSH 7.6
  • OpenSSL 1.0.2k
  • mdocml 1.14.1
  • acpica 20170303
  • ntp 4.2.8p11-o
  • dhcpcd 7.0.6
  • Lua 5.3.4

Please read below for a full list of changes in NetBSD 8.0.

Complete source and binaries for NetBSD 8.0 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at and our CDN. We encourage users who wish to install via ISO or USB disk images to download via BitTorrent by using the torrent files supplied in the images area. A list of hashes for the NetBSD 8.0 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer:

NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from our website:

Update Recommendation / Security Hint

NetBSD takes security very seriously. As you are likely aware, there have been a multitude of serious security issues discovered at the CPU level (to name only the two most prominent, Meltdown and Spectre). NetBSD 8.0 contains all the mitigations and workarounds as far as we know as of the date of the release.

We support older releases, but due to the mass of recent urgent fixes and a lot of work having been done to harden NetBSD in general, we are not backporting the CPU errata related workarounds and mitigations to older release branches!

To spell it out explicitly: we urge all users to try to update to NetBSD 8.0 as soon as possible, and avoid running older NetBSD releases unless a local security expert has analyzed the setup.

Major Changes Between 7.0 and 8.0

The complete list of changes can be found in the CHANGES and CHANGES-8.0 files in the top level directory of the NetBSD 8.0 release tree. An abbreviated version is below:

  • Intel ACPI support code (acpica) updated to 20170303.
  • Lots of improvements of the COMPAT_NETBSD32 framework (used to run 32bit userland binaries on 64bit machines and various other different ABI NetBSD binaries). This includes NFS server support, NPF support and RAID frame support.
  • Change sysctl net.inet.ip.hostzerobroadcast to 0: do not respond to the ancient all-zero broadcast IP.
  • ext2fs file systems: add support for various ext4 features, including htree indices, extents, extra_inodes, support for up to 64000 file hard links, and gdt_csum/uninit_bg.
  • ptrace(2): Add hardware assisted breakpoint/watchpoint API, improve tracing of fork/exec/exit, add signal information accessor API.
  • dk(4): new option DKWEDGE_METHOD_RDB supports auto discovery of wedges from Amiga Rigid Disk Block (RDB) partitioned disks.
  • localcount(9): generic ref-count primitives.

  • sdmmc(4), sdhc(4), amlogicsdhc(4): Add support for UHS-I and MMC HS200 transfer modes.
  • mcp3kadc(4): Driver for Microchip 3x0x SAR ADC chips.
  • rtwn(4): Driver for Realtek RTL8188CE/RTL8192CE PCIe 802.11b/g/n wireless network devices.
  • vioscsi(4): driver for virtio SCSI devices
  • adm1026hm(4): driver for ADM1026 i2c hardware monitor.
  • ismt(4): another Intel Chipset internal SMBus driver.
  • nvme(4): a driver for Non-Volatile Memory Host Controller Interface.
  • mntva(4): driver for MNTMN VA2000 FPGA-based graphics card for Amiga computers with Zorro slot.

  • or1k: new port added, incomplete, source only.
  • evbarm: various new drivers for many different SoCs.
  • amd64, i386, evbarm, sparc64: Increase the number of simultaneous processes and open files.
  • i386: Add a GENERIC_PAE kernel that supports systems with more than 4 GB RAM.
  • i386, amd64, xen: hardening of the memory mapping (W^X, fewer writable pages, better consistency, better performance).
  • Mips64: Use N64 binaries where kvm is required even with N32 userland, fixing fstat, netstat,systat, crash, pstat and kgmon.
  • dreamcast: Add preliminary "G1-ATA" IDE HDD support.
  • luna68k: add a driver for LUNA's front panel LCD.
  • The "sbmips" port has been merged into evbmips.

  • General userland changes:
    • iostat(8): support fnmatch(3) patterns for disknames.
    • intrctl(8): interrupt distribution control utility added.
    • ftp(1): SNI support for https.
    • ip6addrctl(8): tool to configure address selection policy
    • mv(1) SIGINFO support added.
    • route(8), netstat(1): various changes corresponding to changes in the network stack.
    • nvmectl(8): NVM Express control utility.
    • scsictl(8): Add "getrealloc" and "setrealloc" commands to get/set automatic reallocation parameters/enables for error recovery.
    • sh(1): various stability and POSIX conformance improvements.
    • ssh-agent(1): the default for whitelisted file system paths for PKCS11 libraries has been changed, /usr/local/lib/ has been removed, instead /usr/pkg/lib/ has been added.
    • ifconfig(8): Modernise the output for the address to address/prefix instead of differring outputs for INET and INET6.
  • 3rd party software updates:
    • Intel ACPI support code (acpica) updated to 20170303.
    • BIND (named(8)) updated to 9.10.5-P1/BSD.
    • unbound 1.6.8 added.
    • nsd 4.1.14 added.
    • binutils updated to 2.27.
    • byacc updated to 20170430.
    • ISC dhcp update to 4.3.3.
    • dhcpcd(8) updated to 7.0.6.
    • file(1) updated to 5.31.
    • flex(1) updated to 2.5.39.
    • gcc(1) updated to 5.5.
    • gdb(1) updated to 7.12.
    • gettext updated to 0.16.1.
    • grep(1) updated to 2.5.1a.
    • Heimdal updated to 7.1.0.
    • libarchive updated to 2.8.4.
    • libevent updated to 2.1.8-stable.
    • llvm updated to 3.8.1+ (r280599).
    • pcap(3) updated to 1.8.1.
    • mdocml updated to 1.14.1.
    • OpenLDAP updated to 2.4.44.
    • OpenPAM updated to 20170430 (Resedacea).
    • openresolv updated to 3.9.0.
    • OpenSSH updated to 7.6.
    • OpenSSL updated to 1.0.2k.
    • pkg_install updated to 20170419.
    • Postfix updated to 3.1.4.
    • DNS root.cache updated to 2017102400.
    • Sqlite updated to 3.17.0.
    • texinfo(5) updated to 4.8a.
    • tmux(1) updated to 2.4.
    • Timezone code updated to tzcode2017b, timezone data to tzdata2018e.
    • zlib(3) updated to 1.2.10.
    • xz(1) updated to 5.2.1.
    • pppd(8) updated to 2.4.7.
    • ntpd(8) updated to 4.2.8p11.
    • sljit updated to svn revision 313.
    • elftoolchain (libelf/libdwarf) updated to FreeBSD-2016-02-19-r295822.
    • libproc version FreeBSD-2015-09-24 added.
    • librtld_db version FreeBSD-2015-09-24 added.
    • netcat (nc(1)) imported from OpenBSD (version OpenBSD-2017-02-06).
    • gnu-efi version 3.0u added.
    • dc(1) replaced by the version from OpenBSD (version 20170410)
    • Flat device tree support library (dts) version 4.11.5 added.

Things removed from NetBSD

  • The MKCRYPTO option has been removed, there is no support for building NetBSD without cryptography.
  • rtsol(8) has been removed in favor of dhcpcd(8).
  • XFree86 has been removed, as all architectures have switched to XOrg.
  • The pthread_dbg library has been removed, it is not needed any more for current debuggers.

NetBSD 8.0 is dedicated to the memory of Nicolas Joly, who passed away in June 2017.

Nicolas' technical contributions are too many to list here in full. He committed more than 1000 changes all over the NetBSD source tree and pkgsrc.

Beyond that he was always helpful and friendly. His example encouraged users to contribute to the project and share their work with the community.

The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at:

We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Tasty Lime and the Network Security Lab at Columbia University's Computer Science Department for current colocation services. Thanks to Fastly for providing the CDN services.

NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent for use in both production and research environments, and the source code is freely available under a business-friendly license. NetBSD is developed and supported by a large and vibrant international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection.

About the NetBSD Foundation

The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers.

As a non-profit organization with no commercial backing, the NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly welcome to help with ongoing upgrades and maintenance, as well as with operating expenses for the NetBSD Foundation.

Donations can be done via PayPal to , or via Google Checkout and are fully tax-deductible in the US. See for more information, or contact directly.