------------------------------------------------------------------------
- OpenBSD 5.4 RELEASED -------------------------------------------------
November 1, 2013.
We are pleased to announce the official release of OpenBSD 5.4.
This is our 34th release on CD-ROM (and 35th via FTP). We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.
As in our previous releases, 5.4 provides significant improvements,
including new features, in nearly all areas of the system:
- New/extended platforms:
o OpenBSD/octeon
New platform for systems based on the Cavium Octeon
MIPS-compatible processors. Supported machines include:
- Portwell CAM-0100
- Ubiquiti Networks EdgeRouter LITE (no local storage)
o OpenBSD/beagle
New platform for OMAP3/4 and AM335x systems using an ARM Cortex-A8
or Cortex-A9 CPU. Supported boards include:
- BeagleBoard C4 / xM
- BeagleBone and BeagleBone Black
- PandaBoard and PandaBoard ES
- Improved hardware support, including:
o inteldrm(4) has been overhauled, including:
- Now mostly in sync with Linux 3.8.13.
- Support for Kernel Mode Setting (KMS) including support for
additional output types such as DisplayPort.
- Sandy Bridge and newer parts which previously had only ShadowFB
acceleration now have full hardware acceleration including use
of the 3D rings.
- wsdisplay(4) now attaches to inteldrm(4) and providers a
framebuffer console.
o vgafb(4/macppc) now supports multiple virtual consoles.
o Support for Elantech touchpads version 4 (clickpad) added to
pms(4).
o Fixed st(4) EOM handling, enabling much better Bacula support.
o Support for vdsk(4) disks larger than 2TB.
- Generic network stack improvements:
o Reworked checksum handling for network protocols.
o divert(4) now recalculates the IP and protocol checksums of
reinjected packets.
o No longer attempt to delete the undeletable RNF_ROOT route.
- Routing daemons and other userland network improvements:
o Support SSL inspection in relayd(8).
o Added slowcgi(8), a libevent-based FastCGI implementation.
o Enabled ECDHE support in httpd(8).
o Do not start inetd(8) by default any more.
o Many ldpd(8) improvements, including a speed-up of the session
establishment process, support for adjacencies and targeted
hellos, support for multiple addresses per interface, and more.
- dhcpd(8) improvements:
o Improved compliance with RFC 2131 strictures on
client-identifiers.
o Fixed synchronization of leases.
o Replaced manual date parsing and printing with strftime and
strptime.
o Explicitly label dates in leases files as being UTC dates.
- dhclient(8) improvements:
o Delete routes added by defunct dhclient processes.
o Improved handling of client-identifier option.
o Increased ip_ttl on packets to 128, allowing more distant servers
to provide leases.
o Replaced manual date parsing and printing with strftime and
strptime.
o Explicitly label dates in leases files as being UTC dates.
o Improved interactions between dhclient processes to make the most
recent dhclient started the most likely to persist.
o Support for static routes and classless static routes options.
o Fixed log messages to print correct addresses.
o Reduced log verbosity by emitting debug messages only when
debugging.
o Eliminated unnecessary address and route churn during lease
renewal by not binding leases identical to the current one.
- OpenSMTPD 5.3.3:
o New features:
- Add support for LMTP local deliveries
- Add SECURE and AUTH transmission types
- Add support for transparent queue compression
- helo names can now be looked up in a db(3) table
- New "error:" alias kind allows aliasing a user-part to an error
- Traces can be (de)activated at runtime
o Improvements:
- More robust queue can cope with runtime errors
- Improved routing strategies
- Assorted minor bug fixes and cleanups
- Performance improvements:
o Don't require the kernel lock when processing audio interrupts.
o Improved kernel bcopy/memmove/memcpy implementations and made more
careful choices between them.
o Implemented symbol caching and RELCOUNT/RELACOUNT optimizations in
ld.so(1).
- Threading improvements:
o Closed various race conditions between exit/fork/execve/__tfork/
__threxit/ptrace in both the kernel and libpthread.
- Assorted improvements:
o Added a locale(1) utility.
o Added ltrace(1), a tool to trace PLT calls.
o Added a new implementation of cu(1).
o Added shm_open(3)/shm_unlink(3).
o Added getprogname(3)/setprogname(3).
o Added clock_getcpuclockid(3) and pthread_getcpuclockid(3).
o Added fmemopen(3).
o Added open_memstream(3)/open_wmemstream(3).
o Added memmem(3).
o Added fdatasync(2).
o Added ppoll(2).
o Added pselect(2).
o Added utrace(2).
o Switched the VAX platform to ELF.
o Fixed kernel profiling on multiprocessor systems.
o Experimental support for fuse(4).
o Added support for write_opt=nodir and the 'path' and 'linkpath'
extended headers to pax(1) (aka tar(1)).
o Brought getconf(1) up to date with recent POSIX updates.
o Added -L and -P options to ln(1).
o More structures and symbolic values displayed by kdump(1).
o pkill(1) now accepts an -I option to ask for confirmation on
killing processes.
o New vmx(4) driver provides support for the VMXNET3 virtual NIC
available in VMware.
- OpenSSH 6.3:
o New features:
- sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted
hostkeys, or hostkeys on smartcards.
- ssh(1) and sshd(8): allow optional time-based rekeying via a
second argument to the existing RekeyLimit option. RekeyLimit is
now supported in sshd_config(5) as well as on the client.
- sshd(8): standardise logging of information during user
authentication.
- ssh(1): add the ability to query supported ciphers, MAC
algorithms, key types and key exchange methods.
- ssh(1): support ProxyCommand=- to allow support cases where
stdin and stdout already point to the proxy.
- ssh(1): allow IdentityFile=none.
- ssh(1) and sshd(8): add -E option to ssh(1) and sshd(8) to
append debugging logs to a specified file instead of stderr or
syslog.
- sftp(1): add support for resuming partial downloads using the
reget command and on the sftp(1) commandline or on the get
commandline using the -a (append) option.
- ssh(1): add an IgnoreUnknown configuration option to selectively
suppress errors arising from unknown configuration directives.
- sshd(8): add support for submethods to be appended to required
authentication methods listed via AuthenticationMethods.
o The following significant bugs have been fixed in this release:
- sshd(8): fix refusal to accept certificate if a key of a
different type to the CA key appeared in authorized_keys before
the CA key.
- ssh(1), ssh-agent(1) and sshd(8): Use a monotonic time source
for timers so that things like keepalives and rekeying will work
properly over clock steps.
- sftp(1): update progressmeter when data is acknowledged, not
when it's sent. (bz#2108)
- ssh(1) and ssh-keygen(1): improve error messages when the
current user does not exist in /etc/passwd. (bz#2125)
- ssh(1): reset the order in which public keys are tried after
partial authentication success.
- ssh-agent(1): clean up socket files after SIGINT when in debug
mode. (bz#2120)
- ssh(1) and others: avoid confusing error messages in the case of
broken system resolver configurations. (bz#2122)
- ssh(1): set TCP nodelay for connections started with -N.
(bz#2124)
- ssh(1): correct manual for permission requirements on
~/.ssh/config. (bz#2078)
- ssh(1): fix ControlPersist timeout not triggering in cases where
TCP connections have hung. (bz#1917)
- ssh(1): properly detach a ControlPersist master from its
controlling terminal.
- sftp(1): avoid crashes in libedit when it has been compiled with
multi-byte character support. (bz#1990)
- sshd(8): when running sshd -D, close stderr unless we have
explicitly requested logging to stderr. (bz#1976)
- ssh(1): fix incomplete bzero. (bz#2100)
- sshd(8): log and error and exit if ChrootDirectory is specified
and running without root privileges.
- Many improvements to the regression test suite. In particular
log files are now saved from ssh(1) and sshd(8) after failures.
- Fix a number of memory leaks. (bz#1967, bz#2096 and others)
- sshd(8): fix public key authentication when a :style is appended
to the requested username.
- ssh(1): do not fatally exit when attempting to cleanup
multiplexing-created channels that are incompletely opened.
(bz#2079)
- Over 7,800 ports, major performance and stability improvements in
the package build process
- The parallel ports builder is better at catching up errors on older
slower platforms, thus allowing release engineers to better
concentrate on real errors.
- Many pre-built packages for each architecture:
o i386: 7976 o sparc64: 6959
o alpha: 6062 o sh: 989
o amd64: 7941 o powerpc: 7483
o sparc: 4823 o arm: 5582
o hppa: 6607 o vax: 2226
o mips64: 6739 o mips64el: 6306
o m68k: 3862 o m88k: 3951
- Some highlights:
o GNOME 3.8.3 o KDE 3.5.10
o Xfce 4.10 o MySQL 5.1.70
o PostgreSQL 9.2.4 o Postfix 2.10.1
o OpenLDAP 2.3.43 and 2.4.35 o GHC 7.6.3
o Mozilla Firefox 3.6.28 and 22.0
o Mozilla Thunderbird 17.0.7 o LibreOffice 4.0.4.2
o Emacs 21.4 and 24.3 o Vim 7.3.850
o PHP 5.2.17 and 5.3.27 o Python 2.7.5 and 3.3.2
o Ruby 1.8.7.374, 1.9.3.448 and 2.0.0.247
o Tcl/Tk 8.4.20, 8.5.14 and 8.6.0
o Jdk 1.6.0.32 and 1.7.0.21 o Mono 2.10.9
o Chromium 28.0.1500.45 o Groff 1.22.2
o Go 1.1.1 o GCC 4.6.4 and 4.8.1
o LLVM/Clang 3.3 o Node.js 0.10.12
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
o Xenocara (based on X.Org 7.7 with xserver 1.14.1 + patches,
freetype 2.4.12, fontconfig 2.10.91, Mesa 7.11.2, xterm 293,
xkeyboard-config 2.7 and more)
o Gcc 4.2.1 (+ patches), 3.3.6 (+ patches) and 2.95.3 (+ patches)
o Perl 5.16.3 (+ patches)
o Our improved and secured version of Apache 1.3, with SSL/TLS
and DSO support
o Nginx 1.4.1 (+ patches)
o OpenSSL 1.0.1c (+ patches)
o SQLite 3.7.17 (+ patches)
o Sendmail 8.14.7, with libmilter
o Bind 9.4.2-P2 (+ patches)
o NSD 3.2.15
o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
o Sudo 1.7.2p8
o Ncurses 5.7
o Heimdal 0.7.2 (+ patches)
o Binutils 2.15 (+ patches)
o Gdb 6.3 (+ patches)
o Less 444 (+ patches)
o Awk Aug 10, 2011 version
If you'd like to see a list of what has changed between OpenBSD 5.3
and 5.4, look at
http://www.OpenBSD.org/plus54.html
Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------
We provide patches for known security threats and other important
issues discovered after each CD release. As usual, between the
creation of the OpenBSD 5.4 FTP/CD-ROM binaries and the actual 5.4
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default). Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible. Therefore, we advise regular visits to
http://www.OpenBSD.org/security.html
and
http://www.OpenBSD.org/errata.html
Security patch announcements are sent to the security-announce@OpenBSD.org
mailing list. For information on OpenBSD mailing lists, please see:
http://www.OpenBSD.org/mail.html
------------------------------------------------------------------------
- CD-ROM SALES ---------------------------------------------------------
OpenBSD 5.4 is also available on CD-ROM. The 3-CD set costs $50 CDN and
is available via mail order and from a number of contacts around the
world. The set includes a colourful booklet which carefully explains the
installation of OpenBSD. A new set of cute little stickers is also
included (sorry, but our FTP mirror sites do not support STP, the Sticker
Transfer Protocol). As an added bonus, the second CD contains an audio
track, a song entitled "Our favorite hacks". MP3 and OGG versions of
the audio track can be found on the first CD.
Lyrics (and an explanation) for the songs may be found at:
http://www.OpenBSD.org/lyrics.html#54
Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.
The OpenBSD 5.4 CD-ROMs are bootable on the following platforms:
o i386
o amd64
o macppc
o sparc64
o hppa
o loongson
o sparc
o vax
(Other platforms must boot from floppy, network, or other method).
For more information on ordering CD-ROMs, see:
http://www.OpenBSD.org/orders.html
The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from. For our default mail order, go directly to:
https://https.OpenBSD.org/cgi-bin/order
All of our developers strongly urge you to buy a CD-ROM and support
our future efforts. Additionally, donations to the project are
highly appreciated, as described in more detail at:
http://www.OpenBSD.org/goals.html#funding
------------------------------------------------------------------------
- OPENBSD FOUNDATION ---------------------------------------------------
For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts. In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses. There may also be exposure benefits
since the Foundation may be interested in participating in press releases.
In turn, the Foundation then uses these contributions to assist OpenBSD's
infrastructure needs. Contact the foundation directors at
directors@openbsdfoundation.org for more information.
------------------------------------------------------------------------
- T-SHIRT SALES --------------------------------------------------------
The OpenBSD distribution companies also sell tshirts and polo shirts,
with new and old designs, available from our web ordering system.
-----------------------------------------------------------------------
- FTP INSTALLS ---------------------------------------------------------
If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP or HTTP downloads. Typically you need a single
small piece of boot media (e.g., a boot floppy) and then the rest
of the files can be installed from a number of locations, including
directly off the Internet. Follow this simple set of instructions
to ensure that you find all of the documentation you will need
while performing an install via FTP or HTTP. With the CD-ROMs,
the necessary documentation is easier to find.
1) Read either of the following two files for a list of ftp/http
mirrors which provide OpenBSD, then choose one near you:
http://www.OpenBSD.org/ftp.html
ftp://ftp.OpenBSD.org/pub/OpenBSD/5.4/ftplist
As of Nov 1, 2013, the following ftp mirror sites have the 5.4 release:
ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.4/ Stockholm, Sweden
ftp://ftp.bytemine.net/pub/OpenBSD/5.4/ Oldenburg, Germany
ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.4/ Zurich, Switzerland
ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.4/ Paris, France
ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.4/ Vienna, Austria
ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.4/ Brisbane, Australia
ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.4/ CO, USA
ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.4/ CA, USA
The release is also available at the master site:
ftp://ftp.openbsd.org/pub/OpenBSD/5.4/ Alberta, Canada
However it is strongly suggested you use a mirror.
Other mirror sites may take a day or two to update.
2) Connect to that ftp mirror site and go into the directory
pub/OpenBSD/5.4/ which contains these files and directories.
This is a list of what you will see:
ANNOUNCEMENT beagle/ macppc/ sparc/
Changelogs/ ftplist mvme68k/ sparc64/
HARDWARE hp300/ mvme88k/ src.tar.gz
PACKAGES hppa/ octeon/ sys.tar.gz
PORTS i386/ packages tools/
README index.txt ports.tar.gz vax/
alpha/ landisk/ root.mail xenocara.tar.gz
amd64/ loongson/ sgi/ zaurus/
armish/ luna88k/ socppc/
It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.
README - generic README
HARDWARE - list of hardware we support
PORTS - description of our "ports" tree
PACKAGES - description of pre-compiled packages
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).
3) Read the README file. It is short, and a quick read will make
sure you understand what else you need to fetch.
4) Next, go into the directory that applies to your architecture,
for example, i386. This is a list of what you will see:
INSTALL.i386 cd54.iso floppyB54.fs pxeboot*
INSTALL.linux cdboot* floppyC54.fs xbase54.tgz
MD5 cdbr* game54.tgz xetc54.tgz
base54.tgz cdemu54.iso index.txt xfont54.tgz
bsd* comp54.tgz install54.iso xserv54.tgz
bsd.mp* etc54.tgz man54.tgz xshare54.tgz
bsd.rd* floppy54.fs misc54.tgz
If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
and the appropriate floppy*.fs or install54.iso files. Consult the
INSTALL.i386 file if you don't know which of the floppy images
you need (or simply fetch all of them).
If you use the install54.iso file (roughly 250MB in size), then you
do not need the various *.tgz files since they are contained on that
one-step ISO-format install CD.
5) If you are an expert, follow the instructions in the file called
README; otherwise, use the more complete instructions in the
file called INSTALL.i386. INSTALL.i386 may tell you that you
need to fetch other files.
6) Just in case, take a peek at:
http://www.OpenBSD.org/errata.html
This is the page where we talk about the mistakes we made while
creating the 5.4 release, or the significant bugs we fixed
post-release which we think our users should have fixes for.
Patches and workarounds are clearly described there.
Note: If you end up needing to write a raw floppy using Windows,
you can use "fdimage.exe" located in the pub/OpenBSD/5.4/tools
directory to do so.
------------------------------------------------------------------------
- X.ORG FOR MOST ARCHITECTURES -----------------------------------------
X.Org has been integrated more closely into the system. This release
contains X.Org 7.7. Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc. During installation, you can install
X.Org quite easily. Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.
------------------------------------------------------------------------
- PORTS TREE -----------------------------------------------------------
The OpenBSD ports tree contains automated instructions for building
third party software. The software has been verified to build and
run on the various OpenBSD architectures. The 5.4 ports collection,
including many of the distribution files, is included on the 3-CD
set. Please see the PORTS file for more information.
Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD. Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).
------------------------------------------------------------------------
- BINARY PACKAGES WE PROVIDE -------------------------------------------
A large number of binary packages are provided. Please see the PACKAGES
file (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.4/PACKAGES) for more details.
------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------
The CD-ROMs contain source code for all the subsystems explained
above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.4/README)
file explains how to deal with these source files. For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/5.4/ directory:
xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------
Ports tree and package building by Jasper Lievisse Adriaanse,
Pierre-Emmanuel Andre, Landry Breuil, Michael Erdely, Stuart Henderson,
Peter Hessler, Paul Irofti, Sebastian Reitenbach, Miod Vallat, and
Christian Weisgerber. System builds by Brian Callahan, Brandon Mercer,
Theo de Raadt and Miod Vallat. X11 builds by Todd Fries and Miod Vallat.
ISO-9660 filesystem layout by Theo de Raadt.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who pre-ordered the 5.4 CD-ROM or bought our previous
CD-ROMs. Those who did not support us financially have still helped
us with our goal of improving the quality of the software.
Our developers are:
Aaron Bieber, Alexander Bluhm, Alexander Hall, Alexandr Shadchin,
Alexandre Ratchov, Anthony J. Bentley, Antoine Jacoutot,
Austin Hook, Benoit Lecocq, Bob Beck, Brad Smith, Brandon Mercer,
Bret Lambert, Brett Mahar, Brian Callahan, Bryan Steele,
Camiel Dobbelaar, Charles Longeau, Chris Cappuccio,
Christian Ehrhardt, Christian Weisgerber, Christiano F. Haesbaert,
Christopher Zimmermann, Claudio Jeker, Damien Miller, Darren Tucker,
David Coppa, David Gwynne, Edd Barrett, Eric Faurot,
Federico G. Schwindt, Florian Obser, Gerhard Roth, Gilles Chehade,
Giovanni Bechis, Gleydson Soares, Gonzalo L. Rodriguez,
Henning Brauer, Ian Darwin, Igor Sobrado, Ingo Schwarze,
Jakob Schlyter, James Turner, Janne Johansson, Jason McIntyre,
Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas, Jeremy Evans,
Jim Razmus II, Joel Sing, Joerg Jung, Jonathan Armani,
Jonathan Gray, Jonathan Matthew, Joshua Elsasser, Joshua Stein,
Kenji Aoyama, Kenneth R Westerback, Kirill Bychkov, Kurt Miller,
Landry Breuil, Laurent Fanis, Lawrence Teo, Luke Tymowski,
Marc Espie, Marco Pfatschbacher, Marcus Glocker, Mark Kettenis,
Mark Lumsden, Mark Uemura, Markus Friedl, Martin Pieuchot,
Martin Reindl, Martynas Venckus, Masao Uebayashi, Mats O Jansson,
Matthew Dempsky, Matthias Kilian, Matthieu Herrb, Michael Erdely,
Mike Belopuhov, Mike Larkin, Miod Vallat, Naoya Kaneko,
Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
Okan Demirmen, Otto Moerbeek, Pascal Stumpf, Patrick Wildt,
Paul de Weerd, Paul Irofti, Peter Hessler, Peter Valchev,
Philip Guenther, Pierre-Emmanuel Andre, Raphael Graf, Remi Pointel,
Renato Westphal, Reyk Floeter, Robert Nagy, Robert Peichaer,
Ryan Freeman, Ryan Thomas McBride, Sasano Takayoshi,
Sebastian Benoit, Sebastian Reitenbach, Simon Perreault,
Stefan Fritsch, Stefan Sperling, Steven Mestdagh, Stuart Cassoff,
Stuart Henderson, Sylvestre Gallon, Ted Unangst, Theo de Raadt,
Tobias Stoeckmann, Tobias Ulmer, Todd C. Miller, Todd Fries,
Vadim Zhukov, Will Maier, William Yodlowsky, Yasuoka Masahiko,
Yojiro Uo
No comments:
Post a Comment