Home

OpenBSD 3.6 released

Mon, 11/01/2004 - 20:35 — charlie.collins

The OpenBSD 3.6 Release

What's New

This is a partial list of new features and systems included in OpenBSD 3.6. For a comprehensive list, see the changelog leading to 3.6.

* New platform:
o OpenBSD/luna88k
Expanding the mvme88k porting effort by supporting Omron's line of 88100-based workstations.

* SMP support on OpenBSD/i386 and OpenBSD/amd64 platforms.

* New functionality:
o A cleaned up DHCP server and client implementation, now featuring privilege separation and safe defaults.
o A new NTP daemon written from scratch, which ought to fit the needs of most NTP users.
o pfctl(8) now provides a rules optimizer to help improve filtering speed.
o The packet filter, pf(4), now supports nested anchors.
o tcpdrop(8), a command to drop TCP connections.
o The NMBCLUSTERS option has been eliminated, replaced by a sysctl with higher default values on many platforms.
o Added support for cksum (three flavours), md4, sha256, sha384 and sha512 to the md5(1) command.
o Memory file systems created by the mount_mfs(8) command now can be populated immediately after creation.
o New hotplugd(8) daemon and hotplug(4) device that watch for newly attached devices.
o isakmpd(8) now supports NAT-traversal and Dead Peer Detection (RFC 3706).
o strtonum(3), a simple, robust and therefore safe function to convert strings to numbers, has been added.
o On the OpenBSD/sparc platform, StackGhost buffer overflow exploit protection has been added.
o A generic IEEE 802.11 framework has been added.

* Improved hardware support, including:
o Sangoma T1 and E1 cards (san(4)).
o Jumbo frames are now working reliably on em(4), sk(4), and ti(4) adapters.
o USB 2.0 (ehci(4)) controllers.
o AIC79xx-based Ultra320 SCSI adapters, such as the Adaptec 29320 and 39320 (ahd(4)).
o The i386 and amd64 CD bootloader code no longer emulates a floppy which improves the chances of booting on newer machines.
o New atw(4) driver for ADMtek ADM8211 802.11b wireless adapters.
o New axe(4) driver for ASIX Electronics AX88172 USB Ethernet adapters.
o New cdce(4) driver for Ethernet over USB bridges.
o New ichpcib(4) driver for Intel ICHx/ICHx-M LPC PCI-ISA bridges.
o New gscpcib(4) driver for National Semiconductor Geode SC1100 PCI-ISA bridges.
o New iic(4) driver for Inter IC (I2C) master/slave buses.
o New lmtemp(4) driver for National Semiconductor LM75/LM77 temperature sensors.
o New gscsio(4) driver for National Semiconductor Geode SC1100 Super I/O chips.
o New gpio(4) driver and accompanying gpioctl(8) utility for supporting General Purpose Input/Output.
o New mediabay(4) macppc driver for the ATA33 HD controller over removable CD.
o New re(4) driver for Realtek 8169/8169S/8110S PCI Ethernet adapters.
o hw.setperf sysctl hooks for PowerNow in AMD K6 and K7 processors.

* New functionality for bgpd(8), the Border Gateway Protocol Daemon:
o Kernel memory management improvements now allow the full global routing table to be kept in memory without customizing or tuning.
o Support for adding received prefixes to a pf(4) table.
o Support for IPsec, both manually keyed and using IKE.
o Support for setting BGP communities (RFC1997) on incoming and outbound UPDATES.
o Support for NOPEER community (RFC3765).
o Partial support for RFC2858 Multiprotocol Capabilities, currently only IPv4-unicast is announced.
o Support for Route Reflection (RFC2796).
o Support for dynamic network announcements.
o Support for Route Refresh Capability (RFC2918).

* Improved NFS performance and reliability.

* Shared libraries and gcc 3.3.2 on the OpenBSD/hppa port.

* Privilege separation or revocation for the following programs:
o afsd(8)
o mopd(8)
o pppoe(8)
o rbootd(8)
o dhcrelay(8), dhclient(8), and dhcpd(8)

* Over 2700 ports, 2500 pre-built packages.

* Many improvements for security and reliability (look for the red print in the complete changelog).

* As usual, many improvements in manual pages and other documentation.

* OpenSSH 3.9:
o sshd(8) now re-executes itself on accepting a new connection. This security measure ensures that all execute-time randomizations are reapplied for each connection rather than once, for the master process' lifetime. This includes mmap and malloc mappings, shared library addressing, shared library mapping order, ProPolice and StackGhost cookies on architectures that support such things.
o Selected environment variables can now be passed between the client and the server.
o Session multiplexing: a single ssh connection can now carry multiple login/command/file transfer sessions.

* The system includes the following major components from outside suppliers:
o XFree86 4.4.0 unencumbered (+ patches, and i386 contains 3.3.6 servers (+ patches) for legacy chipsets not supported by 4.4)
o Gcc 2.95.3 (+ patches) and 3.3.2 (+ patches)
o Perl 5.8.5 (+ patches)
o Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
o OpenSSL 0.9.7d (+ patches)
o Groff 1.15
o Sendmail 8.13.0, with libmilter
o Bind 9.2.3 (+ patches)
o Lynx 2.8.5rel.2 with HTTPS and IPv6 support (+ patches)
o Sudo 1.6.7p5
o Ncurses 5.2
o Latest KAME IPv6
o Heimdal 0.6rc1 (+ patches)
o Arla 0.35.7
o Binutils 2.14
o Gdb 6.1