14 DAY TRIAL // The NetBSD open-source operating system has been updated this week to version 8.0, a major release that finally brings mitigations for all the Spectre variants, Meltdown, and Lazy FPU security vulnerabilities, as well as many stability improvements and bug fixes.
Coming seven months after the first and last point release of the NetBSD 7 series, NetBSD 8.0 is here with mitigations for both the Spectre Variant 2 (CVE-2017-5715) and Spectre Variant 4 (CVE-2018-3639) security vulnerabilities, as well as for the Meltdown (CVE-2017-5754) and Lazy FPU State Save/Restore (CVE-2018-3665) vulnerabilities.
All mitigations are now enabled by default, and the Spectre Variant 4 mitigations are available for both Intel and AMD processors. Also, the Spectre Variant 2 mitigations are based on Retpoline technique used in the GCC (GNU Compiler Collection) system compiler along with various hardware mitigations available for Intel or AMD CPUs via microcode updates.
Here's what's new in NetBSD 8.0
Highlights of the NetBSD 8.0 release include SMAP (Supervisor Mode Access Prevention) support for both 32-bit and 64-bit architectures, implementation of an (U)EFI bootloader, USB 3.0 support, in-kernel audio mixer, reproducible builds, complete userland debug information, as well as a new socket layer for communication with devices on a CAN bus.
NetBSD 8.0 also introduces ipsecif(4) as a special pseudo interface for route-based VPNs, hardens the network stack and the memory layout, adds various performance and stability improvements to the NetBSD file system "log" option (WAPBL), and enforces the PaX MPROTECT (W^X) memory protection by default for the 32-bit, 64-bit, evbarm, pmax, and landisk ports.
Furthermore, it enables PaX ASLR (Address Space Layout Randomization) by default for the 32-bit (i386), 64-bit (amd64), SPARC64, landisk, evbarm, and pmax ports, as well as position independent executables for userland on the 32-bit (i386), 64-bit (amd64), ARM, MIPS, M68k, SPARC64, and SH3 (SuperH) instruction set architectures.
Among the updated components, we can mention that NetBSD 8.0 ships with GCC 5.5 with Undefined Behavior Sanitizer and Address Sanitizer support, OpenSSL 1.0.2k, OpenSSH 7.6, ntp 4.2.8p11-o, Lua 5.3.4, GNU binutils 2.27, GNU Debugger (GDB) 7.12, Clang/LLVM 3.8.1, mdocml 1.14.1, acpica 20170303, and dhcpcd 7.0.6. NetBSD 8.0 is available for download right now for numerous architectures.