Nov 1, 2006.
We are pleased to announce the official release of OpenBSD 4.0.
This is our 20th release on CD-ROM (and 21st via FTP). We remain
proud of OpenBSD's record of ten years with only a single remote
hole in the default install. As in our previous releases, 4.0
provides significant improvements, including new features, in nearly
all areas of the system:
- New/extended platforms:
o OpenBSD/armish.
Various ARM-based appliances, using the Redboot boot loader, currently
only supporting the Thecus N2100 and IOData HDL-G.
o OpenBSD/sparc64.
UltraSPARC III based machines are now supported!
o OpenBSD/zaurus.
Support for the Zaurus SL-C3200.
- Improved hardware support, including:
o New msk(4) driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.
o New bnx(4) driver for Broadcom NetXtreme II Gigabit Ethernet.
o New xge(4) driver for Neterion Xframe/Xframe II 10Gb Ethernet.
o New rum(4) driver for Ralink Technology 2nd gen USB IEEE
802.11a/b/g wireless.
o New acx(4) driver for Texas Instruments ACX100/ACX111
IEEE 802.11a/b/g wireless.
o New pgt(4) driver for Connexant/Intersil Prism GT Full-MAC
IEEE 802.11a/b/g wireless.
o New uath(4) driver for Atheros USB IEEE 802.11a/b/g wireless.
o New binary blob free wpi(4) driver for Intel PRO/Wireless
3945ABG IEEE 802.11a/b/g wireless.
o New arc(4) driver for Areca Technology Corporation SATA RAID;
including RAID management via bio(4).
o New mfi(4) driver for LSI Logic & Dell MegaRAID SAS RAID; including
RAID management via bio(4).
o New azalia(4) driver for generic High Definition Audio.
o New SD/MMC/SDIO drivers (sdhc(4), sdmmc(4)), currently supporting
SD memory cards as fake SCSI sd(4) drives.
o New udcf(4) driver for Gude ADS Expert mouseCLOCK DCF77/HBG time
signal station receivers.
o New uslcom(4) driver for Silicon Laboratories CP2101/CP2102 based
USB serial adapters.
o New ucycom(4) driver for Cypress microcontroller based USB serial
adapters.
o New uark(4) driver for Arkmicro Technologies ARK3116 based USB
serial adapters.
o New umsm(4) driver for Qualcomm MSM EVDO based modems.
o New Dallas/Maxim 1-Wire bus support, including:
o New gpioow(4) driver for 1-Wire bus bit-banging through GPIO pin
o New onewire(4) 1-Wire bus driver
o New owid(4) 1-Wire ID family driver
o New owtemp(4) 1-Wire temperature family driver
o New isagpio(4) driver for ISA I/O mapped as GPIO.
o New nmea(4) line discipline for NMEA 0183 (GPS) devices. The new
nmeaattach(8) utility can be used to receive NMEA 0183 data and
provide the time received as a timedelta sensor to be used by, for
example, ntpd(8).
o New VAX framebuffer drivers:
o New lcg(4) driver for VAXstation 4000/60 and VLC color frame buffers
o New lcspx(4) driver for Low-Cost SPX color frame buffers
o New gpx(4) driver for GPX color frame buffers
o smg(4) driver for Small Monochrome Graphics frame buffers heavily
updated to be a modern wscons(4) driver
o Support for VAX-based Digital VXT2000 and VXT2000+ terminals.
o The bge(4) driver supporting newer chipsets, such as the Broadcom
BCM5754, BCM5755, BCM5786, and BCM5787.
o The em(4) driver supporting newer chipsets, such as the Intel ESB2
and ICH8.
o The nfe(4) driver supporting newer chipsets, such as the NVIDIA
MCP61 and MCP65.
o The re(4) driver supporting newer chipsets, such as the Realtek
RT8101E, RT8168, and RT8169SC.
o The dc(4) driver supporting newer chipsets, such as the ADMtek
ADM9511 and ADM9513.
o The pciide(4) driver supporting newer chipsets, such as:
o ATI IXP300 SATA, IXP600 IDE
o Intel 6321ESB IDE/SATA, 82801G SATA, and 82801H SATA
o IT Express IT8211F IDE
o NVIDIA MCP61 SATA, MCP65 SATA
o Promise PDC205xx SATA
o ServerWorks SATA
o VIA VT8237A SATA
o The mpt(4) driver has been replaced with mpi(4), a more stable driver
that supports more hardware.
o The com(4) driver now supports pcmcia and cardbus cards on macppc.
o Working interrupt routing on Sun Netra t1 105, Ultra 60 and possibly
other sparc64 systems.
o Work around broken VIA and NVIDIA MPBIOSes, fixes interrupt routing
with GENERIC.MP on several systems.
o Initial bio(4) support for Compaq/HP ciss(4) Smart ARRAY 5/6
SAS/SCSI RAID controllers.
o Improved speed control on some systems:
o New SpeedStep detection code, also adds support for VIA C7-M,
and several newer Pentium M's.
o Support SpeedStep in rudimentary fashion on most unknown CPU's
that advertise the feature.
o Zaurus can be moved into slower speeds now too.
o The Pentium 4 Thermal Clock Control driver now supports more
CPU's including the Intel Pentium M and Xeon, and provides an
estimated performance impact.
o Numerous improvements to PowerNow K7 and K8 support on i386,
and support for K8 was added to amd64.
o Support for Intel 945G/GM video chipsets (on i386).
o Support for additional I2C sensors:
o The adt(4) driver now supports the National Semiconductor
LM9600, SMSC EMC6D10x and SMSC SCH5017 chips.
o The admtemp(4) driver now supports the Analog Devices ADM1023,
Genesys Logic GL523SM and Global Mixed-mode Technology G781 chips.
- New tools:
o GNU RCS has been replaced with OpenRCS.
- New functionality:
o IPsec has been greatly improved:
o ipsecctl(8) has been greatly extended and completely supersedes
ipsecadm(8):
o Lots of documentation improvements (man ipsec.conf)
o IPv6 support
o AH support
o Transport mode support
o Dynamic IKE support for roaming users
o USER_FQDN id support
o sasyncd(8) works much better:
o communicates with isakmpd(8), telling it to run active or
passive depending on the master/slave state of the carp(4)
interfaces. This makes IPsec failover setups much more robust.
o looks at the carp(4) interface group by default to suppress
preemption of IPsec traffic during system boot.
o isakmpd(8) can now be safely configured by ipsecctl(8) on startup.
o ftp(1) now supports HTTPS.
o cdio(1) can now perform track-at-once burning and rewritable blanking.
o spppcontrol(8) and wicontrol(8) functionality has been merged into
ifconfig(8).
o gcc(1) provides a new warning, -Wstack-larger-than-N, to report functions
which are too greedy in stack variables, see gcc-local(1) for details.
o An in-kernel getcwd(3) implementation.
o A new system call adjfreq(2) to allow ntpd(8) to adjust the tick rate of
the system clock automatically.
o Support for X11 on VAX has been added
o Virtual Allocation Table (VAT) support for UDF.
o C99 functions round(3), roundf(3), trunc(3), and truncf(3) have been
added to libm, the math library.
o pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for
simplified ingress filtering.
o bpf(4) can now ignore packets based on their direction (inbound/outbound)
using the BIOCSDIRFILT ioctl.
o pdisk(8) can now set up slices on HFS(DPME) partitioned disks on mac68k.
o New dissectors have been added to tcpdump(8):
o Cisco's VQP (VLAN Query Protocol)
o IEEE 802.1AB LLDP (Link Layer Discovery Protocol)
o trunk(4) now supports the new loadbalance mode to balance outgoing
traffic based on hashed protocol header information.
o bioctl(8) has been extended to provide runtime information on rebuilds,
scrubs and initialization.
o New sysctls to check the system vendor, product, version, serial number,
and UUID.
o Equal cost multipath routing support. Needs to be enabled by a sysctl.
o Prebind, a secure implementation of prelinking, has been added to
ldconfig(8), it speeds up launching of shared binaries. Prebind is
compatible with address space randomization, unlike prelink.
o vnconfig(8) can now use PKCS #5 PBKDF2 to create a more secure key when
using encryption.
- Assorted improvements and code cleanup:
o Much better time keeping for multiprocessor OpenBSD/i386 systems.
o Much improved implementation of telldir(3) and friends.
o Replacement of many malloc(3) calls that follow a pattern prone to
integer overflow with safer constructs.
o Improved failover handling in carp(4):
o Extend the carp protocol with the demotion counter to act smarter
on multiple failures.
o Group failovers now work without carp running preempt mode.
o Demotion can now be controlled via interface groups.
o chio(1) is now a useful tool for controlling tape changers.
o Much improved st(4) device setup, tape handling and error processing.
o Many dhclient(8) fixes, including 'alias' handling and improved interface
initialization.
o scsi(4) devices detect the correct SCSI version.
o More umass(4) devices properly detected.
o Improved detection of fibre channel devices and devices in SCSI enclosures
o The new RSSI header has been added to the ieee80211_radiotap(9) framework
as a replacement for ANTSIGNAL headers.
o Many integer type safety cleanups with lint(1).
- Install/Upgrade process changes:
o Host specific site files add easy customization for individual hosts
o X Window aperture support, where available, now defaults to off
- New functionality for hostapd(8), the Host Access Point Daemon:
o IP based roaming to build wireless networks without the requirement of
a single broadcast domain.
o New event rules to match optional elements of radiotap headers:
signal percentage, transmit rate and channel frequency.
o Various bug fixes and improvements.
- OpenSSH 4.4:
o Conditional configuration in sshd_config(5) using the Match directive.
This allows some configuration options to be selectively overridden if
specific criteria (based on user, group, hostname and/or address) are met.
o Add support for Diffie-Hellman group exchange key agreement with a final
hash of SHA256.
o Added a ForceCommand directive to sshd_config(5), similar to the
command="..." option in ~/.ssh/authorized_keys.
o Added a PermitOpen directive to sshd_config(5), similar to the
permitopen="..." option in authorized_keys, to allow control over the
port-forwardings that a user is allowed to establish.
o Added an ExitOnForwardFailure option to cause ssh(1) to exit (with a
non-zero exit code) when requested port forwardings could not be
established.
o Added optional logging of transactions to sftp-server(8).
o ssh(1) will now record port numbers for hosts stored in
~/.ssh/authorized_keys when a non-standard port has been requested.
o Extended the sshd_config(5) "SubSystem" directive to allow the
specification of commandline arguments.
o Many manpage fixes and improvements
- OpenBGPD 4.0:
o new nexthop selection logic ignoring bgpd routes, helps in complex
setups with ospfd
o add a "detailed" show rib view to bgpctl, including communities
o allow requesting a route refresh from a peer that supports it
o have bgpd always report back the result of an operation to bgpctl, so
the operator can spot errors quicker
o allow bgpd to manipulate carp demotion counters based on session states,
gives even greater failover support
o support restarting sessions that reached max-prefix after a given time
o bgpctl can now show all routes received from a neighbor before filters
were applied, and routes sent to neighbors
o assorted fixes and improvements, as usual
- OpenOSPFD 4.0:
o Track uptime of the daemon itself.
o Track uptime of all ospf enabled interfaces.
o Adjust logging behaviour to prevent unwanted logging.
o Delay LSA updates when removing and adding - prevent flapping.
o Fix plaintext authentication.
o Improve the output of 'ospfctl show interfaces'.
o Support rtlabels when redistributing routes.
- OpenNTPD 4.0:
o support timedelta sensors, such as DCF77 receivers supported by
udcf(4) and GPS receivers supported by nmea(4).
o Adjust the kernel tick frequency, using adjfreq(2), improving accuracy
on many machines.
o allow for weight to be added to sensors or servers, so that one can
weight timedelta sensors higher than ntp peers
- Over 3700 ports, 3400 pre-built packages, improved package tools.
- Full support for pkg_add(1) over ssh(1), using one single connection.
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
o X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers
(+ patches) for legacy chipsets not supported by X.Org)
o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
o Perl 5.8.8 (+ patches)
o Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
o OpenSSL 0.9.7j (+ patches)
o Groff 1.15
o Sendmail 8.13.8, with libmilter
o Bind 9.3.2-P1 (+ patches)
o Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
o Sudo 1.6.8p9
o Ncurses 5.2
o Latest KAME IPv6
o Heimdal 0.7.2 (+ patches)
o Arla 0.35.7
o Binutils 2.15 (+ patches)
o Gdb 6.3 (+ patches)
If you'd like to see a list of what has changed between OpenBSD 3.9
and 4.0, look at
http://www.OpenBSD.org/plus40.html
