May 1st, 2013Improved hardware support, including:
· New driver oce(4) for Emulex OneConnect 10Gb Ethernet adapters.
· New driver rtsx(4) for the Realtek RTS5209 card reader.
· New driver mfii(4) for the LSI Logic MegaRAID SAS Fusion controllers.
· New driver smsc(4) for SMSC LAN95xx 10/100 USB Ethernet adapters.
· New drivers for Toradex OAK USB sensors: uoaklux(4) (illuminance), uoakrh(4) (temperature and relative humidity) and uoakv(4) (+/- 10V 8channel ADC).
· New drivers for virtio(4) devices: vio(4) (network), vioblk(4) (block devices, attaching as SCSI disks) and viomb(4) (memory ballooning).
· Support for Adaptec 39320LPE added to ahd(4).
· Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in bge(4).
· Intel X540-based 10Gb Ethernet devices supported in ix(4).
· Support for SFP+ hot-plug (82599) and various other improvements in ix(4).
· TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in vr(4).
· Baby jumbo frames supported in vr(4) and sis(4) useful for e.g. MPLS, vlan(4) tag stacking (QinQ) and RFC4638 pppoe(4).
· TCP RX Checksum offload in gem(4).
· Improvements for NICs using 82579/pch2 in em(4).
· Flow control is now supported on bnx(4) 5708S/5709S adapters, gem(4) and jme(4).
· Power-saving clients supported in hostap mode with acx(4) and athn(4).
· A cause of RT2661 ral(4) wedging in hostap mode was fixed.
· iwn(4) supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030).
· Improvements to ahci(4).
· Support for the fixed-function performance counter on newer x86 chips with constant time stamp counters.
· Elantech touchpads supported in pms(4) and synaptics(4).
· Support for "physical devices" on skinny mfi(4) controllers.
· VMware emulated SAS adapters supported by mpi(4).
· Support for Intel's Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64.
· Support for the RDRAND instruction to read the hardware random number generator on recent Intel processors.
· amd64 PCI memory extent changed to cover the whole 64-bit memory space; fixes erroneous extent allocation panic on IBM x3100.
· ulpt(4) can now upload firmware to certain HP LaserJet printers.
· Added stat clock to Loongson machines, improving accuracy of CPU usage statistics.
· CPU throttling supported on Loongson 2F.
· Support for Apple UniNorth and U3 AGP added to agp(4).
· DRM support for macppc.
Generic network stack improvements:
· Restriction on writing to trunk(4) member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP).
· UDP support added to sosplice(9) (zero-copy socket splicing).
· IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an ifconfig(8) flag).
· ifconfig(8) hwfeatures displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames).
· Vastly improved IPsec v3 compatibility, including support for Extended Sequence Numbers in the AES-NI driver for AES-GCM and other modes.
Routing daemons and other userland network improvements:
· OpenBSD now includes npppd(8), a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE.
· New standalone tftp-proxy(8) to replace the old inetd(8)-based implementation.
· SNMPv3 supported in snmpd(8).
· bgpd(8) is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails).
· bgpd(8) now handles client side of "graceful restart".
· bgpd(8) can now filter based on the NEXTHOP attribute.
· A stratum can now be assigned to hardware sensors in ntpd(8).
· authpf(8) now supports the use of per-group rules files.
· ftp(1) client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file".
· ftp(1) client's mput command allows to upload a directory tree recursively using the -r switch.
· relayd(8) has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays).
· The iked(8) IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time).
· iked(8) blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in draft-gont-opsec-vpn-leakages.
dhclient(8) improvements:
· dhclient-script eliminated, all configuration is done with ioctl's and routing sockets.
· interface configuration is much faster.
· HUP signals cause dhclient to restart; making it re-read the dhclient.conf(5) and resolv.conf.tail(5) files, and obtain a new lease.
· INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured.
· resolv.conf(5) is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate.
· interface hardware address changes are detected and cause dhclient to restart.
· dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server.
· '-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease.
· rejected offers no longer prevent dhclient from trying recorded leases and going daemon.
· cleanup of routing tables when starting and exiting is more complete.
· log messages cleaned up and reduced.
· dhclient is automatically placed in the routing domain of the interface.
· incoming and outgoing packet buffers are separate, eliminating possible transmission of inappropriate packets when re-trying DISCOVER and REQUEST.
· resolv.conf.tail read only once, at startup.
· both OFFER and ACK packets that lack required options are rejected.
· file names passed to '-L' and '-l' are constrained to be regular files.
· bind success reported after binding complete, not when it is started.
· privileged process daemonizes, eliminating its controlling terminal.
· STDIN/STDOUT/STDERR no longer redirected to /dev/null when '-d' specified.
· all existing addresses on the interface are deleted when binding a new lease.
· leases which would cause routing problems because another interface is already configured with the same subnet are rejected.
· premature and repeated DISCOVER and/or REQUEST messages at startup are avoided.
· permanent ARP cache entries are no longer deleted during binding.
· allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations.
· dhcpd(8) and dhclient recognize the same list of dhcp options.
· hand-rolled IMSG implementation replaced with imsg_init(3) and related functions..
· hand-rolled date string construction replaced with strftime(3) invocations.
· hand-rolled '%m' option replaced with strerror(3) invocations.
· many other internal code improvements.
pf(4) improvements:
· The divert(4) socket now supports the new IP_DIVERTFL socket option to control whether both inbound and outbound packets are diverted (the default) or only packets travelling in one direction.
· Sloppy state tracking (a special mode occasionally needed with asymmetric routing) now works correctly with ICMP.
· PF now restricts the fragment limit to protect against a misconfiguration running the kernel out of mbuf clusters.
May 1st, 2011New/extended platforms:
OpenBSD/amd64 and OpenBSD/i386:
· Enabled NTFS by default (read-only) on GENERIC kernels.
· Enabled the vmt(4) driver by default for VMWare tools support as a guest.
· SMP kernels can now boot on machines with up to 64 cores.
· Maximum allocation size for i386 bumped to 2G.
· Handle >16 disks when searching for kernel boot device.
· Added support for AES-NI instructions found in recent Intel processors.
· Further improvements in suspend and resume.
· Processes are now switched to TSS per cpu on the amd64 platform, resulting in removal of the old limit of ~4000 processes.
OpenBSD/hppa:
· Multiprocessor support.
OpenBSD/loongson and OpenBSD/sgi:
· All MIPS64 based platforms now use MI softfloat code, which implements all MIPS IV specified floating point operations.
OpenBSD/sparc64:
· The vdsp(4) driver now supports the vDisk 1.1 protocol, allowing Solaris to run on top of an OpenBSD control domain.
Improved hardware support, including:
· New vte(4) driver for RDC R6040 10/100 Ethernet devices.
· New rdcphy(4) driver for RDC Semiconductor R6040 10/100 Ethernet PHY.
· New rsu(4) driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU USB IEEE 802.11b/g/n wireless devices.
· New urtwn(4) driver for Realtek RTL8188CU/RTL8192CU USB IEEE 802.11b/g/n wireless devices.
· New utwitch(4) driver for YUREX USB twitch/jiggle of knee sensor.
· Support for AR9271, AR9280+AR7010 and AR9287+AR7010 USB IEEE 802.11a/g/n wireless adapters has been added to athn(4).
· Support for 82583V has been added to em(4).
· Support for Yukon 88E8059 has been added to msk(4).
· Support for SiS191 has been added to se(4).
· Support for SAS2004 has been added to mpii(4).
· Support for NVIDIA MCP89 SATA has been added to pciide(4).
· Support for Mobility Radeon HD 4200 has been added to radeondrm(4).
· pms(4) support has been significantly reworked and expanded.
· MCLGETI support has been added to xl(4).
· Support for low latency interrupt modulation has been added to ix(4).
· Port multiplier support has been added to ahci(4) and sili(4).
· Support for Sun XVR-300 graphics has been added to radeonfb(4).
· Added workaround for BCM5906 A0/1/2 controller silicon bug in bge(4).
· ugen(4) can now be attached along with other drivers to multifunction devices.
· umodem(4) now supports more devices.
· umsm(4) now supports more mobile broadband devices.
· Support for more image processing controls was added to uvideo(4).
Generic network stack improvements:
· Reworking of the MCLGETI livelock algorithm to improve forwarding and host performance under high network load.
· Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by relayd(8) in the next release.
· Added AES-GCM support for IPsec.
· Added automatic send and receive buffer scaling for TCP.
· Added wpakey option to ifconfig(8) replacing wpa-psk(8).
· TCP acknowledgments are no longer delayed on the loopback interface.
· Network livelock counters are now exported via sysctl(3).
· A radix tree sorting bug was fixed, which results in significant improvements to IPsec performance under certain conditions.
· tcpdump(8) now decodes Multicast DNS (mDNS) traffic.
· Wake on Lan support has been added to arp(8).
· Enabled MPLS and mpe(4) by default on GENERIC kernels.
· Added a mpls option to ifconfig(8) to enable MPLS on a per interface basis replacing the global sysctl knob.
OpenBGPD, OpenOSPFD and other routing daemon improvements:
· bgpd(8) handles various message encoding errors more gracefully now.
· Notification messages are now logged in bgpd(8).
· ospfd(8) will now correctly redistribute overlapping routes.
· ospfctl(8) now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync.
· Fixed ldpd(8)'s message parser to work on all architectures and more LDP messages are now implemented.
· Various improvements in ospf6d(8).
pf(4) improvements:
· The logging subsystem has been largely rewritten, now logging the translated addresses again instead of the original ones.
· match log rules cause a log on the fly, showing the packet exactly as pf(4) sees it at the moment of evaluating that rule. A packet can also be logged more than once now.
· match log(matches) rules allow the further rule matching to be traced.
· pflog(4) now includes the original addresses and ports for packets that have been rewritten. This is also displayed by tcpdump(8).
IPsec stack audit was performed, resulting in:
· Several potential security problems have been identified and fixed.
· ARC4 based PRNG code was audited and revamped.
· New explicit_bzero kernel function was introduced to prevent a compiler from optimizing bzero calls away.
SCSI improvements:
· Improved safety when detaching SCSI devices by waiting for the completion of pending commands.
· Improved hotplug support on mpi(4) and mpii(4).
· Continued iopoolification of SCSI drivers, notably on umass(4) which improves the reliability and performance of multi-LUN devices.
· Added vscsi(4), a driver for userland handling of SCSI device commands.
· Added iscsid(8), an iSCSI initiator.
· Forcibly restrict devices incapable of tagged I/O to executing one command at a time.
· Discover and honour read-only status of sd(4) devices.
· Improve st(4) handling of I/O residual information.
· sd(4) devices that can only execute one command at a time (e.g. USB) will now be allowed to spin up if necessary.
· cd(4) will now attach CDROM devices identified as non-removable.
Assorted improvements:
· Enabled wide character support in ncurses(3).
· Added nsd(8), an authoritative name server implementation.
· Disklabel UID support improved and added to more utilities.
· rarpd(8) now accepts a list of interfaces to listen on.
· dhclient(8) now accepts 'egress' as an interface name, meaning whichever interface is marked as being in the 'egress' group.
· dhcpd(8) no longer listens on interfaces without a broadcast address (e.g. pflog(4)).
· who(1) now displays as much of the hostname as fits on the line.
· tcpdump(8) now correctly handles 'net' primitives when processing pflog(4) traffic.
· fdisk(8) now respects failure to read the MBR.
· fdisk(8) will no longer infinitely loop when encountering an improperly constructed EBR.
· disklabel(8) no longer reuses information from a failed partition addition on the next addition of the same partition.
· Many unused and obsolete disktab(5) entries removed.
· Enabled X11 autoconfiguration on sparc and sparc64.
· Implement attribute syntax from RFC4517 and support bsdauth in ldapd(8).
· New video(1) utility which can record or display images from video(4).
· httpd(8) mod_headers now handles apache2 style RequestHeader directives.
· UNIX-domain datagram socket support has been added to nc(1) (-uU option).
· Added support for terabyte units in disklabel(8).
· loongson and sgi platforms have been switched over to gcc4.
· ddb cpu support was added to the sgi platform.
· Fast path TLB miss handling was added to the landisk platform, resulting in a 44-50% gain in performance.
· PCIe extended configuration space can now be viewed using pcidump(8) (-xxx option).
· The number of spurious IPIs has been decreased on the amd64 platform, resulting in improved performance.
· Numerous improvements and bug fixes to tmux(1).
· Considerable robustness and interoperability improvements in the IKEv2 daemon iked(8).
· Skipjack and libdes were retired from the system. CAST-128 implementation was also removed from libc.
· Removed some races in the USB subsystem, substantially increasing reliability.
· Added a few more compat_linux(8) system calls to make it possible for newer versions of applications, such as Skype, to execute.
· OpenBSD-specific package documentation is now centralised in /usr/local/share/doc/pkg-readmes.
Install/Upgrade process changes:
· Fixed the hppa CD installation process.
· Added some more free firmwares to the CD media that could fit them.
· Make the macppc upgrade script update the boot blocks (oddly, this had been broken a very long time and no one noticed).
· Teach the install script about the configuration of 802.11 interfaces. Visible networks can be listed, and even configured for WPA.
· The install script now passes collected entropy better to the system which is booted next.
· Upgrade now defaults to checking only the root filesystem.
· Upgrade no longer checks filesystems with a fs_passno of 0.
· Upgrade now asks if it should proceed even if one or more filesystem mounts fail.
· Installer now configures ntpd(8) to use all provided time source IPs.
New rc.d(8) for starting, stopping and reconfiguring package daemons:
· The rc.subr(8) framework allows for easy creation of rc scripts. This framework is still evolving.
· Only a handful of packages have migrated for now.
· rc.local can still be used instead of or in addition to rc.d(8).
OpenSSH 5.8:
New features:
· Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys.
· sftp(1) and sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command.
· scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts.
· ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys, since these are now preferred when learning hostkeys for the first time.
· ssh(1) and sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. (bz#1733)
· sftp(1): the sftp client is now significantly faster at performing directory listings, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards.
· ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races. Stale server sockets are now automatically removed. (also fixes bz#1711)
· ssh(1) and sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference.
· sftp(1) and scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). (bz#1147)
The following significant bugs have been fixed in this release:
· ssh(1) and ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories. (bz#1809)
· ssh(1): avoid NULL deref on receiving a channel request on an unknown or invalid channel. (bz#1842)
· sshd(8): remove a debug() that pollutes stderr on client connecting to a server in debug mode. (bz#1719)
· scp(1): pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case. (bz#1837)
· sftp-server(8): umask should be parsed as octal.
· sftp(1): escape '[' in filename tab-completion.
· ssh(1): Typo in confirmation message. (bz#1827)
· sshd(8): prevent free() of string in .rodata when overriding AuthorizedKeys in a Match block.
· sshd(8): Use default shell /bin/sh if $SHELL is "".
· ssh(1): kill proxy command on fatal() (we already killed it on clean exit).
· ssh(1): install a SIGCHLD handler to reap expired child process. (bz#1812)
· Support building against openssl-1.0.0a
· Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski.
Mandoc 1.10.9:
· New integrated tbl(7) parser and renderer.
· Support the roff(7) .de, .rm, and .so requests.
· Support all roff code used in the standard pod2man(1) preamble.
· Fully support roff quoting in man(7) documents.
· Mandoc now copes with most formatting errors that used to be fatal.
· Much simplified and improved reporting of errors and warnings.
· Significantly improved -Thtml output quality.
· The ports tree now allows ports to use either mandoc or groff to render manuals.
· Over 6,800 ports, major robustness and speed improvements in package tools.
Many pre-built packages for each architecture:
· i386: 6620
· sparc64: 6225
· alpha: 6000
· sh: 3656
· amd64: 6570
· powerpc: 6272
· sparc: 4184
· arm: 5679
· hppa: 5838
· vax: 1068
· mips64: 5492
· mips64el: 5499
Some highlights:
· Gnome 2.32.1.
· KDE 3.5.10.
· Xfce 4.8.0.
· MySQL 5.1.54.
· PostgreSQL 9.0.3.
· Postfix 2.7.2.
· OpenLDAP 2.3.43 and 2.4.23.
· Mozilla Firefox 3.5.16 and 3.6.13.
· Mozilla Thunderbird 3.1.7.
· OpenOffice.org 3.3.0rc9.
· LibreOffice 3.3.0.4.
· Emacs 21.4 and 22.3.
· Vim 7.3.3.
· PHP 5.2.16.
· Python 2.4.6, 2.5.4 and 2.6.6.
· Ruby 1.8.7.330 and 1.9.2.136.
· Mono 2.8.2.
· Chromium 9.0.597.94.
· As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
· Xenocara (based on X.Org 7.6 with xserver 1.9 + patches, freetype 2.4.4, fontconfig 2.8.0, Mesa 7.8.2, xterm 267 and more)
· Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+ patches)
· Perl 5.12.2 (+ patches)
· Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
· OpenSSL 1.0.0a (+ patches)
· Sendmail 8.14.3, with libmilter
· Bind 9.4.2-P2 (+ patches)
· Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
· Sudo 1.7.2p8
· Ncurses 5.7
· Heimdal 0.7.2 (+ patches)
· Arla 0.35.7
· Binutils 2.15 (+ patches)
· Gdb 6.3 (+ patches)
May 2nd, 2009New/extended platforms:
· Initial ports to the xscale based gumstix platform and the ARM based OpenMoko
· OpenBSD/sparc64
· o New vdsk(4) and vnet(4) drivers provide support for virtual I/O between logical domains on Sun's CoolThreads servers, including UltraSPARC T2+ machines.
· o Workstations and laptops with UltraSPARC IIe CPUs can now scale down the CPU frequency to save power.
Improved hardware support, including:
Several new/improved drivers for sensors, including:
· o The cac(4) driver now has bio and sensor support.
· o The mpi(4) driver now has bio and sensor support.
· o New gpiodcf(4) driver for DCF77/HBG timedelta sensors through GPIO pins.
· o New schsio(4) driver for SMSC SCH311x LPC Super I/O devices.
· o The it(4) driver now supports IT8720F chips.
· o The it(4) driver now supports FAN4 and FAN5 sensors for IT8716F/IT8718F/IT8720F/IT8726F chips.
· o The owtemp(4) driver now supports Maxim/Dallas DS18B20 and DS1822 temperature sensors.
· o The km(4) driver now supports AMD Family 11h processors (Turion X2 Ultra et al).
· o The lm(4) driver now supports W83627DHG attachment on the I²C bus.
· o The lmenv(4) driver now has better support for the fan sensors on lm81, adm9240 and ds1780 chips.
· o The sdtemp(4) driver now supports ST STTS424 chips.
· The em(4) driver now supports ICH9 IGP M and IGP M AMT chips, and link status detection has improved.
· The sdmmc(4) driver now supports SDHC cards.
· The msk(4) driver now supports Yukon-2 FE+ (88E8040, 88E8042) based devices.
· The iwn(4) driver now supports Intel WiFi Link 5100/5300 devices.
· The wpi(4) and iwn(4) drivers now support hardware CCMP cryptography.
· The ath(4) driver now has WPA-PSK support.
· age(4), a driver for Attansic L1 gigabit Ethernet devices was added.
· ale(4), a driver for Atheros AR81xx (aka Attansic L1E) Ethernet devices was added.
· mos(4), a driver for Moschip MCS7730/7830 10/100 USB Ethernet devices was added.
· jme(4), a driver for JMicron JMC250/JMC260 10/100 and Gigabit Ethernet devices was added.
· run(4), a driver for Ralink USB IEEE 802.11a/b/g/Draft-N devices was added.
· auacer(4), a driver for Acer Labs M5455 audio devices was added.
· ifb(4), a driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (accelerated).
· wildcatfb(4), an X driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (unaccelerated).
· sunffb(4), an accelerated X driver for Sun Creator, Creator 3D and Elite 3D framebuffers.
· vdsk(4), a driver for virtual disks of sun4v logical domains.
· vnet(4), a driver for virtual network adapters of sun4v logical domains.
· vrng(4), a driver for the random number generator on Sun UltraSPARC T2/T2+ CPUs.
· The vcons(4) driver is now interrupt driven.
· ips(4), a driver for IBM SATA/SCSI ServeRAID controllers was added.
· udfu(4), a driver for device firmware upgrade (DFU) was added.
· Many improvements were made to the acpi(4) subsystem.
· The umsm(4) driver supports several new EVDO/UMTS devices.
· The mfi(4) driver now supports the next generation of MegaRAID SAS controllers.
· New vsbic(4) driver for the MVME327A SCSI and floppy controller on mvme68k and mvme88k machines.
· The re(4) driver now supports 8168D/8111D-based devices, and multicast reception on 8110SB/SC-based devices.
· The ehci(4) driver now supports isochronous transfers.
· S/PDIF output support has been added to the ac97(4), auich(4), auvia(4) and azalia(4) drivers.
· azalia(4) mixer has been clarified and simplified, support for 20-bit and 24-bit encodings has been added.
· The gbe(4) frame buffer driver now supports acceleration.
New tools:
· ypldap(8), an YP server using LDAP as a backend.
· xcompmgr(1) was added to xenocara.
New functionality:
· The libc resolver(3) may now be forced to perform lookups by TCP only using a new resolv.conf(5) option. The nameserver declaration in resolv.conf(5) has also been extended to allow specification of non-default nameserver ports.
· apropos(1) has two new options (-S and -s) to allow searching by machine architecture and manual section.
· aucat(1) now has audio server capability. Audio devices can be shared between multiple applications. Applications can run natively on fixed sample rate devices or on devices with unusual encodings. Multi-channel audio devices can be split into smaller independent subdevices.
· aucat(1) now has a deviceless mode, in which it can be used as a general purpose audio file format conversion utility (to mix, demultiplex, resample or reencode files).
· ifconfig(8) can now list channels supported by an IEEE 802.11 device.
· New views were added to systat(8): malloc, bucket and pool. Improvements were made to existing views.
· vnconfig(8) can now create devices with arbitrary geometry with the new -t option.
· FFS filesystems are now supported on most devices, e.g. CD's, that have sector sizes other than 512 bytes.
· Disklabels are now correctly placed and found on most devices, e.g. CD's, that have sector sizes other than 512 bytes.
Assorted improvements and code cleanup:
· malloc(3) has gained new attack mitigation measures; critical bookkeeping structures are protected at runtime using mprotect(2) and allocated at random addresses where possible.
· A new version of the gdtoa code has been integrated, bringing better C99 support to printf(3) and friends.
· Vastly improved C99 support in libm, including complex math support.
· The sppp(4) layer and thus kernel pppoe(4) now support usernames and passwords of up to 255 characters.
· Recognize and spoof disklabel entries for more FAT and FAT32 variants.
· Automatically recognize tapes with 64K records.
· Improve option handling in dhcpd(8).
· When booting from a cd the root file system is now assumed to be on the cd, rather than always asking for the location.
· Disklabels constructed from native disklabels are now subject to the same consistancy checks as all other disklabels.
· No longer display geometry information for sd(4) disk drives, since it was mostly fictitious these days.
· Fix handling of tftp ERROR frames so OpenBSD pxeboot can be loaded from picky tftp servers.
· Many scsi(4) drivers now retry operations that can't be immediately started rather than giving up.
· MBR and DPME disklabels are no longer written out with invalid checksum information in some circumstances.
Install/Upgrade process changes:
· crunchgen(1) and crunchide(1) have been merged into crunchgen(8), which is now built and installed by default.
· mksuncd(1) now lives in base and is installed by default.
· CD-ROM installs are now supported on SGI.
· Accept initial root passwords containing backslash characters.
· Install now allows multiple interfaces to be configured with dhcp(8).
· Upgrades now use the minimal protocols(5) and services(5) files provided on the install media.
· The install media no longer contain a disktab(5) file.
· Serial console speed is correctly determined on macppc.
OpenSSH 5.2:
New features:
· o Added an option to ssh(1) to force logging to syslog rather than stderr.
· o The sshd_config(5) ForceCommand directive now accepts commandline arguments for the internal-sftp server.
· o The ssh(1) ~C escape commandline now support runtime creation of dynamic port forwards.
· o Support the SOCKS4A protocol in ssh(1) dynamic forwards.
· o Support remote port forwarding with a listen port of '0'.
· o sshd(8) now supports setting PermitEmptyPasswords and AllowAgentForwarding in Match blocks.
The following significant bugs have been fixed in this release:
· o Repair a ssh(1) crash introduced in openssh-5.1 when the client is sent a zero-length banner.
· o The eow@openssh.com and no-more-sessions@openssh.com protocol extensions are now only sent to peers that identify themselves as OpenSSH.
· o Avoid printing "Non-public channel" warnings in sshd(8), since ssh(1) has sent incorrect channel numbers since ~2004; make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE.
· o Avoid double-free in ssh(1) ~C escape -L handler.
· o Correct fail-on-error behaviour in sftp(1) batchmode for remote stat operations.
· o Avoid hang in ssh(1) when attempting to connect to a server that has MaxSessions set to zero.
· Over 5500 ports, minor robustness improvements in package tools.
Many pre-built packages for each architecture:
· i386: 5379
· sparc64: 5174
· alpha: 5132
· sh: 1543
· amd64: 5312
· powerpc: 5162
· sparc: 2651
· arm: 4120
· hppa: 4689
· vax: 1718
· mips64: 3278
Some highlights:
· Gnome 2.24.3.
· GNUstep 1.18.0.
· KDE 3.5.10.
· Mozilla Firefox 3.0.6.
· Mozilla Thunderbird 2.0.0.19.
· MySQL 5.0.77.
· OpenOffice.org 2.4.2 and 3.0.1.
· PostgreSQL 8.3.6.
· Xfce 4.4.3.
· OpenArena 0.8.1 (only for amd64, i386 and macppc)
· As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
· Xenocara (based on X.Org 7.4 + patches, freetype 2.3.7, fontconfig 2.4.2, Mesa 7.2, xterm 239 and more)
· Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
· Perl 5.10.0 (+ patches)
· Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
· OpenSSL 0.9.8j (+ patches)
· Groff 1.15
· Sendmail 8.14.3, with libmilter
· Bind 9.4.2-P2 (+ patches)
· Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
· Sudo 1.7
· Ncurses 5.2
· Latest KAME IPv6
· Heimdal 0.7.2 (+ patches)
· Arla 0.35.7
· Binutils 2.15 (+ patches)
· Gdb 6.3 (+ patches)
Find us on Google+
