Announcing NetBSD 10.0 (draft)

Switched to a faster radix tree algorithm for memory page lookups.

Improved tracking of clean/dirty pages, speeding up &man.fsync.2; on large files by orders of magnitude.

Improved parallelization: rewritten page allocator with awareness of CPU topology, replaced global counters with per-CPU counters, and reduced lock contention.

A new interface, &man.wg.4;, provides a VPN tunnel compatible with the WireGuard® specification.

A userspace implementation using a rump kernel server is also included, see &man.wg-userspace.4;

The NetBSD implementation works with WireGuard® implementations used by commercial VPN providers, Android, Linux, and more.

Added an implementation of the Adiantum cipher for efficient disk encryption with &man.cgd.4; on systems without AES acceleration.

Switched the default password hashing algorithm to Argon2id, winner of the Password Hashing Competition. The algorithm’s hardness automatically scales with system performance. Added support for Argon2id to &man.cgdconfig.8; for use in password-based disk encryption.

The kernel now takes advantage of CPU acceleration and vectorization for common cryptographic algorithms on x86 and Arm, including AES and ChaCha. All in-kernel implementations of AES are now constant-time on all architectures.

Swap encryption is now automatic using the vm.swap_encrypt=1 &man.sysctl.8; variable.

Privileged Access Never - helps prevent inadvertent userspace memory access by the kernel.

Pointer Authentication - helps defend against return-oriented programming attacks on buffer overrun.

Branch Target Identification - limits the locations to which branch instructions can jump.

Kernel Concurrency Sanitizer - detects race conditions in the kernel at runtime.

Kernel Memory Sanitizer - detects uninitialized memory in the kernel at runtime.

A new virtual USB host driver (vHCI) allows fuzzing and detecting bugs in USB drivers from userspace, even if the hardware is unavailable to developers.

More than 2000 new test cases were added.

Completed various kernel-wide audits of internal API usage: &man.membar.ops.3;, &man.autoconf.9;…

Allwinner V3s SoC support, found in e.g. the Lichee Pi Zero.

Amlogic G12 SoC support, found in e.g. the ODROID-N2+.

Apple M1 SoC support, e.g. the M1 Mac Mini.

NXP i.MX 8M SoC support, found in e.g. the HummingBoard Pulse.

PINE64 Quartz64 (with EDK II UEFI firmware installed) (Rockchip RK3566/RK3568) support.

Raspberry Pi 4 (with EDK II UEFI firmware installed) support.

Rockchip RK3288 support, found in e.g. the Asus Tinker Board.

Added support for booting the Raspberry Pi 0-3 in big endian mode.

Added support for ACPI Collaborative Processor Performance Control, used for CPU performance adjustment on ServerReady hardware.

Added support for &man.compat.linux.8; on AArch64, making it possible to run Linux userspace programs when the compat_linux module is enabled in /etc/modules.conf.

Added support for &man.spiflash.4; on Rockchip RK3328.

Various UEFI bootloader improvements: support for other-endian FFS, booting from &man.raid.4; volumes, ISO9660 (.iso file system) support, boot.cfg support, gop command for changing the video mode, /dev/efi device for accessing variables from userspace, loading kernel modules directly from the bootloader.

&man.eqos.4; - a driver for DesignWare Ethernet Quality-of-Service controllers.

&man.genet.4; - a driver for Broadcom GENETv5 Ethernet controllers, found on the Raspberry Pi 4.

&man.ixl.4; - a driver for Intel Ethernet 700 series 10/25/40 Gigabit Ethernet adapters.

&man.iavf.4; - a driver for Intel Ethernet Adaptive Virtual Functions.

&man.mcommphy.4; - a driver for Motorcomm YT8511C / YT8511H Gigabit Ethernet transceivers.

&man.mos.4; - a driver for MosChip MCS7730/7830/7832 USB Ethernet devices.

&man.nct.4; - a driver for Nuvoton NCT5104D GPIO controllers, found on PC Engines APU systems.

&man.pcf8574.4; - a GPIO driver used for LEDs and indicators on some SPARC64 hardware.

&man.qat.4; - a driver for Intel QuickAssist cryptographic accelerators.

&man.rge.4; - a driver for Realtek 8125 2.5 Gigabit Ethernet adapters.

&man.scmd.4; - a driver for Sparkfun Serial Controlled Motors.

&man.sgp40mox.4; - a driver for Sensirion SGP40 MOx gas sensors.

&man.sht3xtemp.4; - a driver for Sensirion SHT30/SHT31/SHT35 humidity/temperature sensors.

&man.sht4xtemp.4; - a driver for Sensirion SHT40/SHT41/SHT45 humidity/temperature sensors.

&man.wwanc.4; - a driver for Intel XMM7360 LTE modems.

Synced the GPU drivers in the kernel with Linux 5.6, bringing lots of new hardware support for accelerated graphics, for Intel (via i915), Nvidia (via nouveau), and AMD (via amdgpu and radeon) graphics processors.

&man.acpi.4; - added /dev/acpi, a character device for accessing ACPI tables. &man.acpidump.8; no longer requires options INSECURE.

&man.aq.4; - added hardware TCP/UDP RX checksum offloading for Aquantia 2.5/5/10 Gigabit Ethernet interfaces.

&man.ciss.4; - added support for PERFORMANT mode and MSI/MSI-X on supported HP Smart Array RAID controllers.

&man.itesio.4; - added IT8625E support.

&man.ixv.4; - added support for mailbox API version 1.5, used on ESXi.

&man.mcx.4; - added hardware checksum offloading, hardware VLAN tagging, and support for multiple receive queues for Mellanox ConnectX multi-Gigabit Ethernet interfaces.

&man.nvme.4; - added suspend/resume support.

&man.onewire.4;, &man.owtemp.4; - reduced CPU overhead, improved reliability.

&man.pci.4; - added support for Enhanced Allocations, as seen in Cavium ThunderX based boards.

&man.pci.4; - added more PCIe 5.x decoding support.

&man.pms.4; - many improvements to Synaptics trackpad support.

&man.wm.4; - added support for Intel Tiger Lake and newer devices (I219V 15-V9 and LM 16-19).

&man.xhci.4; - added initial support for isochronous pipes (works with e.g. USB 3.x webcams)

&man.xhci.4; - added suspend/resume support.

A bootable image, octeon.img.gz, is now provided for Cavium OCTEON MIPS64 boards, such as the Ubiquiti ERLite-3. The ERLITE kernel configuration was renamed to OCTEON.

Added support for &man.ofctl.8; and /dev/openfirm, enabled on Cavium Octeon cores.

Added flattened device tree, USB 3, CPU core support on Cavium Octeon.

Added support for kernel modules.

Ported &man.dtrace.1; and the &man.crash.8; kernel debugger.

alpha: Enabled multiprocessor support by default in GENERIC kernels after several stability problems were fixed.

alpha: Improved performance of TLB operations in the machine-dependent portion of the virtual memory system.

alpha: Implemented fast soft-interrupts.

evbppc: Added support for the DHT Walnut 405GP board.

hp300: Implemented bitmap ops support for the EVRX framebuffer on the HP9000/425e.

hp300: Added support for multiple rd(4) disks on all punits for HPDisk.

hppa: Enabled support for kernel moduels in GENERIC.

luna68k: Added support for keyboard LED and buzzer controls via &man.wskbd.4;.

macppc: Added support for the GeForce framebuffer, and CPU temperature and fan sensors on the iMac G5.

sparc64: Added environment monitoring for the Sun Enterprise 250.

x68k: Added Emulate3Buttons support to the monolithic X server.

Added support for Xen PVH.

Added support for Xen PV drivers under HVM guests.

Added support for jumbo frames and feature-sg to paravirtualized network interfaces.

Dom0 kernels now have multiprocessor support enabled.

Xen kernels now use the same kernel modules as native kernels.

Paravirtualized network ddevices (&man.xennet.4;), block devices (&man.xbd.4;) are now MPSAFE and can take advantage of kernel paralellization.

Grant table v2 support in the hypervisor is now required.

Added support for VirtIO 1.0 to the &man.virtio.4; drivers, which previously supported version 0.9.

A new &man.vio9p.4; driver allows mounting VirtIO 9P filesystems exported by the VM host.

Implemented RFC 7048 in the kernel’s network stack, relaxing rules for IPv6 Neighbor Discovery retransmissions. IPv6 Neighbor Detection is now address agnostic and is used by ARP.

&man.lagg.4; - new scalable link aggregation and link failover interface, replaces &man.agr.4;.

&man.vether.4; - new virtual Ethernet interface with configurable address for use as a &man.bridge.4; endpoint, replaces &man.tap.4; in some scenarios.

Added support for POSIX.1e access control lists to FFS via extended attributes.

Dropped warning that ZFS is under development. ZFS on NetBSD has been ready for production use for some time.

&man.refuse.3; - now supports all FUSE API variants from FUSE 1.1 to FUSE 3.10.

&man.raid.4; - added support for swapped-endian configurations.

&man.blkdiskard.8; - new front end for &man.fdiscard.2; to manually TRIM a disk.

&man.fsck.udf.8; - new command for repairing damage to Universal Disk Format file systems, making UDF a suitable reliable read-write choice for cross-system shared disks.

&man.newfs.udf.8; - added support for formatting of UDF 2.50 with a metadata partition.

udf: various changes to enable bug-compatibility with Windows 10.

&man.aiomixer.1; - &man.curses.3;-based console audio mixer.

&man.realpath.1; - prints absolute paths from relative paths, including resolving symbolic links.

&man.ioctlprint.1; - prints descriptive ioctl values.

&man.testpat.6; - display a color test pattern.

&man.warp.6; - classic BSD space war game (copyright donated to the NetBSD Foundation by Larry Wall).

&man.audioplay.1; - added ability to decode 64-bit and 32-bit IEEE floating point RIFF WAVE files.

&man.env.1; - added -u flag to remove an environment variable, and -0 to allow variable input separated by NUL characters.

&man.mv.1; - added a -h option to atomically replace a symlink to a directory.

&man.netstat.1; - added various new packet counters.

&man.nbperf.1; - various optimizations; reduced memory footprint by 30%.

&man.patch.1; - added support for patching files with excessively long lines.

&man.ps.1; - added -G flag to take a single group argument, as required by POSIX.2.

&man.sh.1;, &man.ksh.1;, &man.csh.1; - added jobs -Z to set the process title, as in zsh.

&man.sh.1; - added command auto-completion.

&man.script.1; - added proper playback of &man.curses.3; sessions.

&man.vmstat.1; - added fast &man.sysctl.7;-based kernel hash statistics generation

&man.httpd.8; - added &man.blocklistd.8; support.

&man.inetd.8; - added a -f flag to run in the foreground.

&man.scan.ffs.8; - added SIGINFO support, to display the status of the scan when Ctrl+T is pressed.

&man.sysinst.8; - added support for configuring Wi-Fi devices.

&man.wsfontload.8; - added a -l flag to list all loaded and built-in fonts.

&man.wsmoused.8: - added support for absolute mouse position events, e.g. touchscreens.

&man.eventfd.2;, &man.timerfd.2; - new native system calls compatible with Linux, also used in &man.compat.linux.8;

&man.fexecve.2; - new system call for executing a file from a file descriptor, conforming to The Open Group Extended API Set 2.

&man.getrandom.2; - new system call compatible with the Linux system call.

&man.kqueue.2; - added EVFILT_USER for user-established events.

&man.ppoll.2; - an alias of the native system call pollts for compatibility with other operating systems.

&man.curses.3; - added stub mouse functions and curses_version() for compatibility with ncurses.

&man.ossaudio.3; - added an implementation of the OSSv4 mixer API.

&man.hosts.access.3; - added &man.blocklistd.8; support, enabling all programs using libwrap to block access from denied hosts.

&man.regex.3; - added native language support, and support for GNU extensions (off by default).

Added BSD-licensed Spleen bitmap fonts for low and high-DPI displays to the X11 sets and /usr/share/wscons/fonts, made them the default for &man.ctwm.1;.

&man.compat.linux.8; - added eventfd, timerfd, POSIX timers, preadv, and pwritev.

&man.wskbd.4; - added definitions for French BÉPO and German Neo 2 layouts.

&man.wsmouse.4; - added "precision scrolling" event types.

To load it at boot time, add compat_linux to /etc/modules.conf.

Privilege separation is now enabled

Note RSA/SHA-1 signature deprecation. You may need to re-enable ssh-rsa support when connecting to older servers.