NetBSD 10.0 has been released. What has been added and changed in this OS?

On an FFS file system support appeared access control lists (POSIX.1e ACLs). It was implemented using extended file attributes, transferred from FreeBSD. In order to use ACLs, a new file system type, FFSv2ea, has appeared. You can switch to it using the special fsck_ffs utility.

The virtual memory system has been optimized. Thus, to search for pages, it was decided to use a more efficient radix tree algorithm, plus the speed of tracking both clean and dirty memory pages has been increased. fsync has been accelerated for large files, work with locks has been improved, and the efficiency of parallel execution of operations has been increased.

The good news is that there is support for media encryption using the Adiantum algorithm. The innovation allows you to achieve high efficiency on systems without AES. The cgdconfig utility now has support for shared keys, which can be used to encrypt multiple drives. It was also decided to enable password hashing on Argon2id and swap partitions by default (vm.swap_encrypt=1). Added support for hardware encryption acceleration mechanisms provided by x86 and Arm processors, such as AES and ChaCha acceleration instructions.

The release now includes a wg network interface with a VPN implementation that is compatible with WireGuard.

The developers paid special attention to performance optimization. Thus, the efficiency of the file path cache in the kernel has been improved. In addition, the performance of the task scheduler, adapted to work on big.LITTLE Arm systems, has been improved. They combine both fast and slow CPU cores. The performance of the select and poll system calls has also been improved. The performance of the tmpfs file system has been improved. Plus we managed to speed up the loading process, add optimizations for different architectures, etc.

The vether driver has been added with the implementation of virtual Ethernet interfaces; they can now be used in network bridges and instead of tap interfaces.

The network stack includes support for RFC 7048, which improves the operation of the IPv6 Neighbor Discovery mechanism and makes it independent of addresses.

In addition, there is support for extensions related to information security for Armv8-A chips: PAN (Privileged Access Never), PA (Pointer Authentication), BTI (Branch Target Identification).

Support for the UDF format has also been improved, now it is compatible at the error level with the implementation of the “top ten”, i.e. Windows 10. In particular, the newfs_udf utility now has the ability to generate in the UDF 2.50 format with a separate section for metadata. Added fsck_udf utility for checking and restoring faulty FS in UDF format.

The fstat utility now supports ZFS.

Support for the well-known FUSE (Filesystem in Userspace) mechanism has been expanded; the refuse driver provides full support for the FUSE API options used in FUSE versions from 1.1 to 3.10.

New programs have been added to the distribution:
○ aiomixer – sound mixer
○ realpath – output the absolute path to a file based on the relative path
○ tradcpp – K&R C style macro processor
○ ioctlprint — display ioctl values
○ testpat — displays a test pattern to evaluate screen color rendering
○ warp – a classic BSD game

We must not forget about updating versions of various components from third parties, including ctwm 4.0.3, gcc 10.5, lua 5.4.6, OpenSSL 3.0.12, postfix 3.8.4, tmux 3.2a, OpenSSH 9.6, X.org Server 21.1.7 , BIND 9.18.24, Heimdal kerberos 7.8.0, unbound 1.19.1, wpa_supplicant 2.9, OpenLDAP 2.5.6, binutils 2.34, libfido2 1.13.0, pam-u2f 1.2.0, zlib 1.2.13.

Of course, the developers couldn’t help but think about updating graphics drivers; Intel, NVIDIA and AMD GPUs for x86 systems were updated. DRM/KMS subsystem synchronized with Linux kernel 5.6

As for hardware, 17 new device drivers have been added, including drivers for tablet pc Wacom, Realtek 8125 2.5 Gigabit Ethernet, Motorcomm YT8511C/YT8511H Gigabit Ethernet, Intel Ethernet 700, Broadcom GENETv5 Ethernet, Intel QuickAssist crypto accelerators and LTE modems Intel XMM7360.

There is also support for the functions of new processors from Intel and AMD, support for new ARM boards has been added (Raspberry Pi 4, Orange Pi 5, Lichee Pi Zero, ODROID-N2+, M1 Mac Mini, HummingBoard Pulse, UDOO Neo Full, PINE64 Quartz64, Asus Tinker etc.). Expanded support for MIPS architecture.

If we talk about remote components, there are a lot of them. Thus, the HIPPI, FDDI and TokenRing technologies are no longer supported, the nsmb and mount_smbfs drivers for SMBFS have been removed from the kernel (they do not support new versions of the SMB protocol), support for IPv6 Router Advertising has been moved into user space from the kernel, the libraries libXTrap, libXevie and libglut have been removed, and drivers for many legacy devices.

VirtIO drivers have been improved to support the VirtIO 1.0 specification. Added vio9p driver for mounting in VirtIO 9P FS guest systems exported by the host environment. Added viocon driver for virtual serial port.