------------------------------------------------------------------------ - OpenBSD 4.1 RELEASED ------------------------------------------------- May 1, 2007. We are pleased to announce the official release of OpenBSD 4.1. This is our 21st release on CD-ROM (and 22nd via FTP). We remain proud of OpenBSD's record of ten years with only two remote holes in the default install. As in our previous releases, 4.1 provides significant improvements, including new features, in nearly all areas of the system: - New/extended platforms: o OpenBSD/landisk. Various SH4-based appliances, made by IO-Data and resold by Plextor. o OpenBSD/sparc64. UltraSPARC III based machines are supported even better, and now run at full speed! - Improved hardware support, including: o New USB client controller support: o Support for the USB client functionality in the pxaudc(4) driver on the Zaurus. o New usbf(4) midlayer for USB Client controllers. o New cdcef(4) driver for providing a CDCE function on USB client controllers. o New cas(4) driver for Sun Cassini 10/100/Gigabit Ethernet devices. o New uow(4) driver for Maxim/Dallas DS2490 USB 1-Wire devices. o New owsbm(4) driver for 1-Wire smart battery monitor devices. o New zyd(4) driver for ZyDAS ZD1211/ZD1211B USB IEEE 802.11b/g wireless network devices. o New moscom(4) driver for MosChip Semiconductor MCS7703 based USB serial adapters. o New glxsb(4) driver for hardware random numbers and AES acceleration on the AMD Geode LX processor. o New vic(4) driver for VMware VMXnet Virtual Interface Controllers. o New malo(4) driver for Marvell Libertas IEEE 802.11b/g wireless network devices. o New pwdog(4) driver for Quancom PWDOG1 watchdog timer devices. o New uberry(4) driver for Research In Motion Blackberry devices. o New mbg(4) driver for Meinberg Funkuhren radio clocks. o New mesh(4) driver for the on-board SCSI controller of old world Apple Power Macintosh systems. o New mc(4) driver for the on-board Ethernet of many old world Apple Power Macintosh systems o Improved msk(4) driver now supports many more Marvell Yukon-2 variants including dual port cards and fiber cards. o The gem(4) driver now supports fiber cards. o The OpenBSD/amd64 platform now has more accurate and robust time keeping. o The OpenBSD/i386 boot(8) program now works properly on Intel-based Macs. o The pciide(4) driver has had support added for newer chipsets, including: o AMD CS5536 IDE; o Intel i31244; o NVIDIA MCP67 PATA, MCP67 SATA. o The com(4) driver now supports ST16C654 devices. o The adt(4) driver supports some newer chipsets, such as the ADT7475. o The OpenBSD/macppc platform now automatically turns the machine back on following an unexpected loss of power. o boot.mac, an XCOFF formated boot loader for OpenBSD/macppc capable of booting on many old world macs. - New tools: o BSD-licensed pkg-config(1), a complete rewrite of the GNU tool of the same name, significantly smaller and more maintainable. o hoststated(8), a layer 3 and layer 7 server load balancing daemon with host monitoring capacities. o new BSD-licensed ripd(8). o bgplg(8), a CGI looking glass for OpenBGPD, is now available for use with the system httpd. o bgplgsh(8), a looking glass shell for OpenBGPD, is now available for use as a restricted read-only command line interface. - New functionality: o syslogd(8) can now pipe logs directly to other programs, making real-time log analysis easier. o The IP_RECVTTL ip(4) socket option allows programs to receive the incoming ttl on raw and udp sockets. o The IP_MINTTL ip(4) socket option allows programs to ask the kernel to discard any packets with a ttl smaller than the given one, for implementing the IP TTL security hack aka the Generalized TTL Security Mechanism specified in RFC 3682. o Multiple, independent routing tables, with pf(4) acting as selector. route(8) can be told which table to work with now, and routing daemons have been modified to cope as well. o The pflog(4) interface is now clonable. pf(4) can log to multiple pflog interfaces now, each rule can specify which pflog interface to log to. pflogd(8) and spamlogd(8) can now be told which pflog interface to work with. o The pfsync(4) interface is now clonable as well, thus only there when actually needed. o pfctl(8) can now expire table entries. o keep state is now the default for pf.conf(5) rules, as is the flags S/SA option on TCP connections. no state and flags any can be used to disable stateful filtering or TCP flags checking. o The pfctl(8) ruleset optimiser can be enabled in pf.conf(5). o pf(4) anchors can now be loaded inline in the main pf.conf(5) and can be printed recursively. o Allow pf(4) rules inside anchors to have their counters reset, and make counter read & reset an atomic operation. o sensorsd(8) dampens status changes now, thus not alerting for a single wrong sensor read, since many sensors lie once in a while. o spamd(8) and spamlogd(8) now support synchronisation of the greylist database across multiple hosts. The greytrapping mechanism now allows for whole domain traps, and noticing out of order MX use. o spamd(8) database format has changed from DB_BTREE to DB_HASH for much better performance on large installations with big databases. o The bridge(4) driver and the brconfig(8) tool now support the Rapid Spanning Tree Protocol (RSTP). The new RSTP mode is now used by default when enabled with the stp option. o cd(4) now supports reading from region protected DVDs. o Detect MS-DOS filesystems and spoof disklabel partitions for them even when there is no MBR, e.g. on some newer iPods. - Assorted improvements and code cleanup: o The fsck_ffs(8) command has been improved to be more robust to various forms of inode and superblock corruption. o The top(1) command got some new ways of filtering the display. o pthreads(3) file descriptor handling has been improved to eliminate several race and deadlock conditions and improve performance. o The MS-DOS filesystem has had a potential corruption issue fixed, and is more reliable when given a corrupted filesystem to mount. o The MS-DOS filesystem and the fdisk(8) command have been enhanced to work on devices with 2048 byte sectors, e.g. newer iPods. o The OpenRCS tools are smarter at handling files, especially when dealing with binary files. GNU RCS compatibility has also been improved. o The mg(1) editor now displays column numbers in the status bar. It has also received several improvements which make it more reliable: line numbers, file insertions, and search wrapping all now work as expected. o The systat(1) command has a cleaner look, and a display was added for hardware sensors. o The OpenBSD/alpha platform now uses gcc3. o Improved support for USB-attached CD-ROM drives and ever more odd umass(4) devices. o Don't treat NetBSD or FreeBSD MBR partitions as substitutes for an OpenBSD partition. i.e. don't try to boot from them or use them to store OpenBSD disklabels. - Install/Upgrade process changes: o More reliable detection of disk and CD devices. o More reliable installation from MS-DOS FAT partitions. o New sanity check in case sets for the wrong architecture are selected. o No need to specify the filesystem types of source partitions during disk or CD-ROM installs. o No need to select a source partition during disk or CD installs when there is only one to choose from. - OpenSSH 4.6: o sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config(5). - OpenBGPD 4.1: o Fixes for sessions with tcp md5sig and ipsec. Now sessions can be migrated from and to any form of ipsec and tcpmd5 with just a simple bgpctl reload, and the session migrates the next time it gets established. o Include file support in the config parser. o Can now use the new IP_MINTTL socket option to implement the ttl security mechanism. - OpenOSPFD 4.1: o Reload support added. It is no longer needed to restart ospfd after a configuration change. o Multiple networks per interface are now supported. o It is now possible to specify the route metric and type for each redistribution rule. - OpenNTPD 4.1: o Greatly improved support for timedelta sensors. o ntpd now uses a strictly monotonically increasing time (uptime, basically) for its internal timers, so setting the system clock doesn't influence query rates, trust levels, etc. any more. - Over 4,200 ports, 4,000 pre-built packages (for i386), minor robustness improvements in package tools. Some highlights: o gstreamer-0.10 tools. o OpenOffice.org package, available through ftp for size reasons. o KDE 3.5.6 and koffice 1.6.2. o a large (> 500) number of new/updated perl modules, from CPAN, including most of the catalyst web framework. o NetBeans 5.5 Java IDE. o updated Linux emulation support by using Fedora Core libraries. o Mozilla Firefox 2.0.0.2 (with translations). o PostgreSQL 8.2.3. - As usual, steady improvements in manual pages and other documentation. - The system includes the following major components from outside suppliers: o X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org) o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches) o Perl 5.8.8 (+ patches) o our improved and secured version of Apache 1.3, with SSL/TLS and DSO support o OpenSSL 0.9.7j (+ patches) o Groff 1.15 o Sendmail 8.14.0, with libmilter o Bind 9.3.4 (+ patches) o Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches) o Sudo 1.6.8p9 o Ncurses 5.2 o Latest KAME IPv6 o Heimdal 0.7.2 (+ patches) o Arla 0.35.7 o Binutils 2.15 (+ patches) o Gdb 6.3 (+ patches) If you'd like to see a list of what has changed between OpenBSD 4.0 and 4.1, look at http://www.OpenBSD.org/plus41.html Even though the list is a summary of the most important changes made to OpenBSD, it still is a very very long list. ------------------------------------------------------------------------ - SECURITY AND ERRATA -------------------------------------------------- We provide patches for known security threats and other important issues discovered after each CD release. As usual, between the creation of the OpenBSD 4.1 FTP/CD-ROM binaries and the actual 4.1 release date, our team found and fixed some new reliability problems (note: most are minor and in subsystems that are not enabled by default). Our continued research into security means we will find new security problems -- and we always provide patches as soon as possible. Therefore, we advise regular visits to http://www.OpenBSD.org/security.html and http://www.OpenBSD.org/errata.html Security patch announcements are sent to the security-announce@OpenBSD.org mailing list. For information on OpenBSD mailing lists, please see: http://www.OpenBSD.org/mail.html ------------------------------------------------------------------------ - CD-ROM SALES --------------------------------------------------------- OpenBSD 4.1 is also available on CD-ROM. The 3-CD set costs $50USD (EUR 50 including VAT) and is available via mail order and from a number of contacts around the world. The set includes a colourful booklet which carefully explains the installation of OpenBSD. A new set of cute little stickers is also included (sorry, but our FTP mirror sites do not support STP, the Sticker Transfer Protocol). As an added bonus, the second CD contains an audio track, a song entitled "Puffy Baba and the 40 Vendors". Lyrics (and an explanation) for the songs may be found at: http://www.OpenBSD.org/lyrics.html#41 Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. The OpenBSD 4.1 CD-ROMs are bootable on the following five platforms: o i386 o amd64 o macppc o sparc o sparc64 (UltraSPARC) (Other platforms must boot from floppy, network, or other method). For more information on ordering CD-ROMs, see: http://www.OpenBSD.org/orders.html The above web page lists a number of places where OpenBSD CD-ROMs can be purchased from. For our default mail order, go directly to: https://https.OpenBSD.org/cgi-bin/order or, for European orders: https://https.OpenBSD.org/cgi-bin/order.eu All of our developers strongly urge you to buy a CD-ROM and support our future efforts. Additionally, donations to the project are highly appreciated, as described in more detail at: http://www.OpenBSD.org/goals.html#funding ------------------------------------------------------------------------ - T-SHIRT SALES -------------------------------------------------------- The project continues to expand its funding base by selling t-shirts and polo shirts. And our users like them too. We have a variety of shirts available, with the new and old designs, from our web ordering system at: https://https.OpenBSD.org/cgi-bin/order and for Europe: https://https.OpenBSD.org/cgi-bin/order.eu The OpenBSD 4.1 t-shirts are available now. The new shirt for 4.1 shows Puffy Babba with a bag of documentation heading out over the desert on his sea horse. We also sell our older shirts, as well as a selection of OpenSSH t-shirts. ------------------------------------------------------------------------ - FTP INSTALLS --------------------------------------------------------- If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily installed via FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet. Follow this simple set of instructions to ensure that you find all of the documentation you will need while performing an install via FTP. With the CD-ROMs, the necessary documentation is easier to find. 1) Read either of the following two files for a list of ftp mirrors which provide OpenBSD, then choose one near you: http://www.OpenBSD.org/ftp.html ftp://ftp.OpenBSD.org/pub/OpenBSD/4.1/ftplist As of May 1, 2007, the following ftp mirror sites have the 4.1 release: ftp://ftp.kd85.com/pub/OpenBSD/4.1/ Austria ftp://openbsd.informatik.uni-erlangen.de/pub/OpenBSD/4.1/ Germany ftp://ftp.stacken.kth.se/pub/OpenBSD/4.1/ Sweden ftp://ftp2.usa.openbsd.org/pub/OpenBSD/4.1/ NYC, USA ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.1/ CO, USA ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.1/ CA, USA ftp://rt.fm/pub/OpenBSD/4.1/ IL, USA The release is also available at the master site: ftp://ftp.openbsd.org/pub/OpenBSD/4.1/ Alberta, Canada However it is strongly suggested you use a mirror. Other mirror sites may take a day or two to update. 2) Connect to that ftp mirror site and go into the directory pub/OpenBSD/4.1/ which contains these files and directories. This is a list of what you will see: ANNOUNCEMENT amd64/ mac68k/ sparc64/ Changelogs/ armish/ macppc/ src.tar.gz HARDWARE avioon/ mvme68k/ sys.tar.gz PACKAGES ftplist mvme88k/ tools/ PORTS hp300/ packages/ vax/ README hppa/ ports.tar.gz zaurus/ SIZES i386/ root.mail XF4.tar.gz landisk/ sgi/ alpha/ luna88k/ sparc/ It is quite likely that you will want at LEAST the following files which apply to all the architectures OpenBSD supports. README - generic README HARDWARE - list of hardware we support PORTS - description of our "ports" tree PACKAGES - description of pre-compiled packages root.mail - a copy of root's mail at initial login. (This is really worthwhile reading). 3) Read the README file. It is short, and a quick read will make sure you understand what else you need to fetch. 4) Next, go into the directory that applies to your architecture, for example, i386. This is a list of what you will see: CKSUM bsd.rd etc41.tgz misc41.tgz INSTALL.i386 cd41.iso floppy41.fs pxeboot INSTALL.linux cdboot floppyB41.fs xbase41.tgz MD5 cdbr floppyC41.fs xetc41.tgz base41.tgz cdemu41.iso game41.tgz xfont41.tgz bsd cdrom41.fs index.txt xserv41.tgz bsd.mp comp41.tgz man41.tgz xshare41.tgz If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386 and the appropriate floppy*.fs or cd41.iso file. Consult the INSTALL.i386 file if you don't know which of the floppy images you need (or simply fetch all of them). 5) If you are an expert, follow the instructions in the file called README; otherwise, use the more complete instructions in the file called INSTALL.i386. INSTALL.i386 may tell you that you need to fetch other files. 6) Just in case, take a peek at: http://www.OpenBSD.org/errata.html This is the page where we talk about the mistakes we made while creating the 4.1 release, or the significant bugs we fixed post-release which we think our users should have fixes for. Patches and workarounds are clearly described there. Note: If you end up needing to write a raw floppy using Windows, you can use "fdimage.exe" located in the pub/OpenBSD/4.1/tools directory to do so. ------------------------------------------------------------------------ - X.ORG FOR MOST ARCHITECTURES ----------------------------------------- X.Org has been integrated more closely into the system. This release contains X.Org 6.9.0. Most of our architectures ship with X.Org, including amd64, sparc, sparc64 and macppc. During installation, you can install X.Org quite easily. Be sure to try out xdm(1) and see how we have customized it for OpenBSD. ------------------------------------------------------------------------ - PORTS TREE ----------------------------------------------------------- The OpenBSD ports tree contains automated instructions for building third party software. The software has been verified to build and run on the various OpenBSD architectures. The 4.1 ports collection, including many of the distribution files, is included on the 3-CD set. Please see the PORTS file for more information. Note: some of the most popular ports, e.g., the Apache web server and several X applications, come standard with OpenBSD. Also, many popular ports have been pre-compiled for those who do not desire to build their own binaries (see BINARY PACKAGES, below). ------------------------------------------------------------------------ - BINARY PACKAGES WE PROVIDE ------------------------------------------- A large number of binary packages are provided. Please see the PACKAGES file (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.1/PACKAGES) for more details. ------------------------------------------------------------------------ - SYSTEM SOURCE CODE --------------------------------------------------- The CD-ROMs contain source code for all the subsystems explained above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.1/README) file explains how to deal with these source files. For those who are doing an FTP install, the source code for all four subsystems can be found in the pub/OpenBSD/4.1/ directory: XF4.tar.gz ports.tar.gz src.tar.gz sys.tar.gz ------------------------------------------------------------------------ - THANKS --------------------------------------------------------------- OpenBSD 4.1 includes artwork and CD artistic layout by Ty Semaka, who also arranged an audio track on the OpenBSD 4.1 CD set. Ports tree and package building by Peter Valchev, Nikolay Sturm and Christian Weisgerber. System builds by Theo de Raadt, Kenji Aoyama, and Miod Vallat. X11 builds by Todd Fries. ISO-9660 filesystem layout by Theo de Raadt. We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who pre-ordered the 4.1 CD-ROM or bought our previous CD-ROMs. Those who did not support us financially have still helped us with our goal of improving the quality of the software. Our developers are: Aaron Campbell, Aleksander Piotrowski, Alex Feldman, Alexander Guy, Alexander von Gernler, Alexander Yurchenko, Alexandre Anriot, Andreas Gunnarsson, Angelos D. Keromytis, Anil Madhavapeddy, Antoine Jacoutot, Artur Grabowski, Ben Lindstrom, Bernd Ahlers, Bjorn Sandell, Bob Beck, Brad Smith, Brandon Creighton, Brian Caswell, Brian Somers, Bruno Rohee, Camiel Dobbelaar, Can Erkin Acar, Cedric Berger, Chad Loder, Chris Cappuccio, Chris Kuethe, Christian Weisgerber, Christopher Pascoe, Claudio Jeker, Constantine Sapuntzakis, Dale Rahn, Damien Bergamini, Damien Couderc, Damien Miller, Dan Harnett, Daniel Hartmeier, Darren Tucker, David B Terrell, David Gwynne, David Hill, David Krause, David Lebel, David Leonard, Dimitry Andric, Don Stewart, Dug Song, Eric Jackson, Esben Norby, Federico G. Schwindt, Felix Kronlage, Fernando Gont, Gordon Willem Klok, Greg Taleck, Grigoriy Orlov, Hakan Olsson, Hans Insulander, Hans-Joerg Hoexer, Heikki Korpela, Henning Brauer, Henric Jungheim, Hiroaki Etoh, Horacio Menezo Ganau, Hugh Graham, Ian Darwin, Jacob Meuser, Jakob Schlyter, Jan-Uwe Finck, Jared J. Yanovich, Jason Ish, Jason McIntyre, Jason Peel, Jason Wright, Jasper Lievisse Adriaanse, Jean-Baptiste Marchand, Jean-Francois Brousseau, Jean-Jacques Bernard-Gundol, Jim Rees, Joel Knight, Jolan Luff, Jonathan Gray, Jordan Hargrave, Joris Vink, Jose Nazario, Joshua Stein, Jun-ichiro itojun Hagino, Kenji Aoyama, Kenjiro Cho, Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding, Kurt Miller, Louis Bertrand, Magnus Holmberg, Marc Aurele La France, Marc Balmer, Marc Espie, Marc Matteo, Marco Peereboom, Marco Pfatschbacher, Marco S Hyman, Marcus Glocker, Marcus Watts, Margarida Sequeira, Marius Eriksen, Mark Grimes, Mark Kettenis, Mark Uemura, Markus Friedl, Martin Reindl, Mathieu Sauve-Frankel, Mats O Jansson, Matt Behrens, Matt Smart, Matthias Kilian, Matthew Jacob, Matthieu Herrb, Michael Coulter, Michael Knudsen, Michael Shalayeff, Michael T. Stolarchuk, Mike Frantzen, Mike Pechkin, Miod Vallat, Moritz Jodeit, Nathan Binkert, Niall O'Higgins, Nick Holland, Niels Provos, Niklas Hallqvist, Nikolay Sturm, Nils Nordman, Oleg Safiullin, Otto Moerbeek, Patrick Latifi, Paul Janzen, Pedro Martelletto, Peter Galbavy, Peter Stromberg, Peter Valchev, Philipp Buehler, Reinhard J. Sammer, Ray Lai, Reyk Floeter, Rich Cannings, Robert Nagy, Ryan Thomas McBride, Saad Kadhi, Shell Hin-lik Hung, Stephen Kirkham, Steve Murphree, Steven Mestdagh, Ted Unangst, Theo de Raadt, Thierry Deval, Thomas Nordin, Thordur I. Bjornsson, Thorsten Lockert, Tobias Weingartner, Todd C. Miller, Todd T. Fries, Tom Cosgrove, Uwe Stuehler, Vincent Labrecque, Wilbern Cobb, Wim Vandeputte, Xavier Santolaria.