[Fwd: OpenBSD 4.5 released, May 1, 2009]
jj at it.su.se
Thu Apr 30 22:26:09 CEST 2009
Theo de Raadt wrote:
> May 1, 2009.
> We are pleased to announce the official release of OpenBSD 4.5.
> This is our 25th release on CD-ROM (and 26th via FTP). We remain
> proud of OpenBSD's record of more than ten years with only two remote
> holes in the default install.
> As in our previous releases, 4.5 provides significant improvements,
> including new features, in nearly all areas of the system:
> - New/extended platforms:
> o Initial ports to the xscale based gumstix platform and the ARM
> based OpenMoko
> o OpenBSD/sparc64
> o New vdsk(4) and vnet(4) drivers provide support for virtual
> I/O between logical domains on Sun's CoolThreads servers,
> including UltraSPARC T2+ machines.
> o Workstations and laptops with UltraSPARC IIe CPUs can now scale
> down the CPU frequency to save power.
> - Improved hardware support, including:
> o Several new/improved drivers for sensors, including:
> o The cac(4) driver now has bio and sensor support.
> o The mpi(4) driver now has bio and sensor support.
> o New gpiodcf(4) driver for DCF77/HBG timedelta sensors
> through GPIO pins.
> o New schsio(4) driver for SMSC SCH311x LPC Super I/O devices.
> o The it(4) driver now supports IT8720F chips.
> o The it(4) driver now supports FAN4 and FAN5 sensors for
> IT8716F/IT8718F/IT8720F/IT8726F chips.
> o The owtemp(4) driver now supports Maxim/Dallas DS18B20 and
> DS1822 temperature sensors.
> o The km(4) driver now supports AMD Family 11h
> processors (Turion X2 Ultra et al).
> o The lm(4) driver now supports W83627DHG attachment on the ICC bus.
> o The lmenv(4) driver now has better support for the fan sensors
> on lm81, adm9240 and ds1780 chips.
> o The sdtemp(4) driver now supports ST STTS424 chips.
> o The em(4) driver now supports ICH9 IGP M and IGP M AMT chips.
> o The sdmmc(4) driver now supports SDHC cards.
> o The msk(4) driver now supports Yukon-2 FE+ (88E8040, 88E8042) based
> o The iwn(4) driver now supports Intel WiFi Link 5100/5300 devices.
> o The wpi(4) and iwn(4) drivers now support hardware CCMP cryptography.
> o The ath(4) driver now has WPA-PSK support.
> o age(4), a driver for Attansic L1 gigabit Ethernet devices was added.
> o ale(4), a driver for Atheros AR81xx (aka Attansic L1E) Ethernet
> devices was added.
> o mos(4), a driver for Moschip MCS7730/7830 10/100 USB Ethernet
> devices was added.
> o jme(4), a driver for JMicron JMC250/JMC260 10/100 and Gigabit
> Ethernet devices was added.
> o run(4), a driver for Ralink USB IEEE 802.11a/b/g/Draft-N devices
> was added.
> o auacer(4), a driver for Acer Labs M5455 audio devices was added.
> o ifb(4), a driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600
> and XVR-1200 framebuffers (accelerated).
> o wildcatfb(4), an X driver for Sun Expert3D, Expert3D-Lite, XVR-500,
> XVR-600 and XVR-1200 framebuffers (unaccelerated).
> o sunffb(4), an accelerated X driver for Sun Creator, Creator 3D and
> Elite 3D framebuffers.
> o vdsk(4), a driver for virtual disks of sun4v logical domains.
> o vnet(4), a driver for virtual network adapters of sun4v logical domains.
> o vrng(4), a driver for the random number generator on Sun
> UltraSPARC T2/T2+ CPUs.
> o The vcons(4) driver is now interrupt driven.
> o ips(4), a driver for IBM SATA/SCSI ServeRAID controllers was added.
> o udfu(4), a driver for device firmware upgrade (DFU) was added.
> o Many improvements were made to the acpi(4) subsystem.
> o The umsm(4) driver supports several new EVDO/UMTS devices.
> o The mfi(4) driver now supports the next generation of
> MegaRAID SAS controllers.
> o New vsbic(4) driver for the MVME327A SCSI and floppy controller
> on mvme88k machines.
> o The re(4) driver, now supports 8168D/8111D-based devices.
> o The ehci(4) driver now supports isochronous transfers.
> o S/PDIF output support has been added to the ac97(4), auich(4),
> auvia(4) and azalia(4) drivers.
> o azalia(4) mixer has been clarified and simplified, support for 20-bit
> and 24-bit encodings has been added.
> o The gbe(4) frame buffer driver now supports acceleration.
> - New tools:
> o ypldap(8), an YP server using LDAP as a backend.
> o xcompmgr(1) was added to xenocara.
> - New functionality:
> o The libc resolver(3) may now be forced to perform lookups by TCP
> only using a new resolv.conf(5) option. The nameserver declaration
> in resolv.conf(5) has also been extended to allow specification
> of non-default nameserver ports.
> o apropos(1) has two new options (-S and -s) to allow searching by
> machine architecture and manual section.
> o aucat(1) now has audio server capability. Audio devices can be
> shared between multiple applications. Applications can run natively
> on fixed sample rate devices or on devices with unusual encodings.
> Multi-channel audio devices can be split into smaller independent
> o aucat(1) now has a deviceless mode, in which it can be used as a
> general purpose audio file format conversion utility (to mix,
> demultiplex, resample or reencode files).
> o ifconfig(8) can now list channels supported by an IEEE 802.11 device.
> o New views were added to systat(8): malloc, bucket and pool. Improvements
> were made to existing views.
> o vnconfig(8) can now create devices with arbitrary geometry with the
> new -t option.
> o FFS filesystems are now supported on most devices, e.g. CD's, that have
> sector sizes other than 512 bytes.
> o Disklabels are now correctly placed and found on most devices,
> e.g. CD's, that have sector sizes other than 512 bytes.
> - Assorted improvements and code cleanup:
> o malloc(3) has gained new attack mitigation measures; critical
> bookkeeping structures are protected at runtime using mprotect(2)
> and allocated at random addresses where possible.
> o A new version of the gdtoa code has been integrated, bringing
> better C99 support to printf(3) and friends.
> o Vastly improved C99 support in libm, including complex math support.
> - Install/Upgrade process changes:
> o crunchgen(1) and crunchide(1) have been merged into crunchgen(8),
> which is now built and installed by default.
> o mksuncd(1) now lives in base and is installed by default.
> o CD-ROM installs are now supported on SGI.
> o Accept initial root passwords containing backslash characters.
> o Install now allows multiple interfaces to be configured with dhcp(8).
> o Upgrades now use the minimal protocols(5) and services(5) files
> provided on the install media.
> o The install media no longer contain a disktab(5) file.
> o Serial console speed is correctly determined on macppc.
> - OpenSSH 5.2:
> o New features:
> o Added an option to ssh(1) to force logging to syslog rather
> than stderr.
> o The sshd_config(5) ForceCommand directive now accepts commandline
> arguments for the internal-sftp server.
> o The ssh(1) ~C escape commandline now support runtime creation of
> dynamic port forwards.
> o Support the SOCKS4A protocol in ssh(1) dynamic forwards.
> o Support remote port forwarding with a listen port of '0'.
> o sshd(8) now supports setting PermitEmptyPasswords and
> AllowAgentForwarding in Match blocks.
> o The following significant bugs have been fixed in this release:
> o Repair a ssh(1) crash introduced in openssh-5.1 when the
> client is sent a zero-length banner.
> o The eow at openssh.com and no-more-sessions at openssh.com protocol
> extensions are now only sent to peers that identify
> themselves as OpenSSH.
> o Avoid printing "Non-public channel" warnings in sshd(8), since ssh(1)
> has sent incorrect channel numbers since ~2004; make ssh(1) send the
> correct channel number for SSH2_MSG_CHANNEL_SUCCESS and
> o Avoid double-free in ssh(1) ~C escape -L handler.
> o Correct fail-on-error behaviour in sftp(1) batchmode for remote
> stat operations.
> o Avoid hang in ssh(1) when attempting to connect to a server that
> has MaxSessions set to zero.
> - Over 5,500 ports, minor robustness improvements in package tools.
> o Many pre-built packages for each architecture:
> i386: 5379 sparc64: 5174 alpha: 5132 sh: 1543
> amd64: 5312 powerpc: 5162 sparc: 2651 mips64: 3278
> arm: 4120 hppa: 4689 vax: 1718
> o Highlights include:
> o Gnome 2.24.3.
> o GNUstep 1.18.0.
> o KDE 3.5.10.
> o Mozilla Firefox 3.0.6.
> o Mozilla Thunderbird 184.108.40.206.
> o MySQL 5.0.77.
> o OpenOffice.org 2.4.2 and 3.0.1.
> o PostgreSQL 8.3.6.
> o Xfce 4.4.3.
> o OpenArena 0.8.1 (only for amd64, i386 and macppc)
> - As usual, steady improvements in manual pages and other documentation.
> - The system includes the following major components from outside
> o Xenocara (based on X.Org 7.4 + patches, freetype 2.3.7,
> fontconfig 2.4.2, Mesa 7.2, xterm 239 and more)
> o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
> o Perl 5.10.0 (+ patches)
> o Our improved and secured version of Apache 1.3, with SSL/TLS
> and DSO support
> o OpenSSL 0.9.8j (+ patches)
> o Groff 1.15
> o Sendmail 8.14.3, with libmilter
> o Bind 9.4.2-P2 (+ patches)
> o Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
> o Sudo 1.7
> o Ncurses 5.2
> o Latest KAME IPv6
> o Heimdal 0.7.2 (+ patches)
> o Arla 0.35.7
> o Binutils 2.15 (+ patches)
> o Gdb 6.3 (+ patches)
> If you'd like to see a list of what has changed between OpenBSD 4.4
> and 4.5, look at
> Even though the list is a summary of the most important changes
> made to OpenBSD, it still is a very very long list.
> We provide patches for known security threats and other important
> issues discovered after each CD release. As usual, between the
> creation of the OpenBSD 4.5 FTP/CD-ROM binaries and the actual 4.5
> release date, our team found and fixed some new reliability problems
> (note: most are minor and in subsystems that are not enabled by
> default). Our continued research into security means we will find
> new security problems -- and we always provide patches as soon as
> possible. Therefore, we advise regular visits to
> Security patch announcements are sent to the security-announce at OpenBSD.org
> mailing list. For information on OpenBSD mailing lists, please see:
> OpenBSD 4.5 is also available on CD-ROM. The 3-CD set costs $50 CDN and
> is available via mail order and from a number of contacts around the
> world. The set includes a colourful booklet which carefully explains the
> installation of OpenBSD. A new set of cute little stickers is also
> included (sorry, but our FTP mirror sites do not support STP, the Sticker
> Transfer Protocol). As an added bonus, the second CD contains an audio
> track, a song entitled "Games". MP3 and OGG versions of the audio track
> can be found on the first CD.
> Lyrics (and an explanation) for the songs may be found at:
> Profits from CD sales are the primary income source for the OpenBSD
> project -- in essence selling these CD-ROM units ensures that OpenBSD
> will continue to make another release six months from now.
> The OpenBSD 4.5 CD-ROMs are bootable on the following four platforms:
> o i386
> o amd64
> o macppc
> o sparc64
> (Other platforms must boot from floppy, network, or other method).
> For more information on ordering CD-ROMs, see:
> The above web page lists a number of places where OpenBSD CD-ROMs
> can be purchased from. For our default mail order, go directly to:
> All of our developers strongly urge you to buy a CD-ROM and support
> our future efforts. Additionally, donations to the project are
> highly appreciated, as described in more detail at:
> For those unable to make their contributions as straightforward gifts,
> the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
> not-for-profit corporation that can accept larger contributions and
> issue receipts. In some situations, their receipt may qualify as a
> business expense writeoff, so this is certainly a consideration for
> some organizations or businesses. There may also be exposure benefits
> since the Foundation may be interested in participating in press releases.
> In turn, the Foundation then uses these contributions to assist OpenBSD's
> infrastructure needs. Contact the foundation directors at
> directors at openbsdfoundation.org for more information.
> The OpenBSD distribution companies also sell tshirts and polo shirts.
> And our users like them too. We have a variety of shirts available,
> with the new and old designs, from our web ordering system at, as
> described above.
> The OpenBSD 4.5 t-shirts are available now. We also sell our older
> shirts, as well as a selection of OpenSSH t-shirts.
> If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
> installed via FTP. Typically you need a single small piece of boot
> media (e.g., a boot floppy) and then the rest of the files can be
> installed from a number of locations, including directly off the
> Internet. Follow this simple set of instructions to ensure that
> you find all of the documentation you will need while performing
> an install via FTP. With the CD-ROMs, the necessary documentation
> is easier to find.
> 1) Read either of the following two files for a list of ftp
> mirrors which provide OpenBSD, then choose one near you:
> As of May 1, 2009, the following ftp mirror sites have the 4.5 release:
> ftp://ftp.stacken.kth.se/pub/OpenBSD/4.5/ Sweden
> ftp://ftp2.usa.openbsd.org/pub/OpenBSD/4.5/ NYC, USA
> ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.5/ CO, USA
> ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.5/ CA, USA
> ftp://rt.fm/pub/OpenBSD/4.5/ IL, USA
> The release is also available at the master site:
> ftp://ftp.openbsd.org/pub/OpenBSD/4.5/ Alberta, Canada
> However it is strongly suggested you use a mirror.
> Other mirror sites may take a day or two to update.
> 2) Connect to that ftp mirror site and go into the directory
> pub/OpenBSD/4.5/ which contains these files and directories.
> This is a list of what you will see:
> ANNOUNCEMENT amd64/ macppc/ sys.tar.gz
> Changelogs/ armish/ mvme68k/ tools/
> HARDWARE ftplist packages/ vax/
> PACKAGES hp300/ ports.tar.gz xenocara.tar.gz
> PORTS hppa/ root.mail zaurus/
> README i386/ sparc/
> SIZES landisk/ sparc64/
> alpha/ mac68k/ src.tar.gz
> It is quite likely that you will want at LEAST the following
> files which apply to all the architectures OpenBSD supports.
> README - generic README
> HARDWARE - list of hardware we support
> PORTS - description of our "ports" tree
> PACKAGES - description of pre-compiled packages
> root.mail - a copy of root's mail at initial login.
> (This is really worthwhile reading).
> 3) Read the README file. It is short, and a quick read will make
> sure you understand what else you need to fetch.
> 4) Next, go into the directory that applies to your architecture,
> for example, i386. This is a list of what you will see:
> INSTALL.i386 cd45.iso floppyB45.fs pxeboot*
> INSTALL.linux cdboot* floppyC45.fs xbase45.tgz
> MD5 cdbr* game45.tgz xetc45.tgz
> base45.tgz cdemu45.iso index.txt xfont45.tgz
> bsd* comp45.tgz install45.iso xserv45.tgz
> bsd.mp* etc45.tgz man45.tgz xshare45.tgz
> bsd.rd* floppy45.fs misc45.tgz
> If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
> and the appropriate floppy*.fs or install45.iso files. Consult the
> INSTALL.i386 file if you don't know which of the floppy images
> you need (or simply fetch all of them).
> If you use the install45.iso file (roughly 200MB in size), then you
> do not need the various *.tgz files since they are contained on that
> one-step ISO-format install CD.
> 5) If you are an expert, follow the instructions in the file called
> README; otherwise, use the more complete instructions in the
> file called INSTALL.i386. INSTALL.i386 may tell you that you
> need to fetch other files.
> 6) Just in case, take a peek at:
> This is the page where we talk about the mistakes we made while
> creating the 4.5 release, or the significant bugs we fixed
> post-release which we think our users should have fixes for.
> Patches and workarounds are clearly described there.
> Note: If you end up needing to write a raw floppy using Windows,
> you can use "fdimage.exe" located in the pub/OpenBSD/4.5/tools
> directory to do so.
> X.Org has been integrated more closely into the system. This release
> contains X.Org 7.4. Most of our architectures ship with X.Org, including
> amd64, sparc, sparc64 and macppc. During installation, you can install
> X.Org quite easily. Be sure to try out xdm(1) and see how we have
> customized it for OpenBSD.
> The OpenBSD ports tree contains automated instructions for building
> third party software. The software has been verified to build and
> run on the various OpenBSD architectures. The 4.5 ports collection,
> including many of the distribution files, is included on the 3-CD
> set. Please see the PORTS file for more information.
> Note: some of the most popular ports, e.g., the Apache web server
> and several X applications, come standard with OpenBSD. Also, many
> popular ports have been pre-compiled for those who do not desire
> to build their own binaries (see BINARY PACKAGES, below).
> A large number of binary packages are provided. Please see the PACKAGES
> file (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.5/PACKAGES) for more details.
> The CD-ROMs contain source code for all the subsystems explained
> above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.5/README)
> file explains how to deal with these source files. For those who
> are doing an FTP install, the source code for all four subsystems
> can be found in the pub/OpenBSD/4.5/ directory:
> xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
> OpenBSD 4.5 includes artwork and CD artistic layout by Ty Semaka,
> who also arranged an audio track on the OpenBSD 4.5 CD set. Ports
> tree and package building by Jasper Lievisse Adriaanse, Michael Erdely,
> Simon Bertrang, Stuart Henderson, Antoine Jacoutot, Robert Nagy,
> Nikolay Sturm, and Christian Weisgerber. System builds by Theo de Raadt,
> Mark Kettenis, and Miod Vallat. X11 builds by Todd Fries and Miod Vallat.
> ISO-9660 filesystem layout by Theo de Raadt.
> We would like to thank all of the people who sent in bug reports, bug
> fixes, donation cheques, and hardware that we use. We would also like
> to thank those who pre-ordered the 4.5 CD-ROM or bought our previous
> CD-ROMs. Those who did not support us financially have still helped
> us with our goal of improving the quality of the software.
> Our developers are:
> Alexander Bluhm, Alexander Schrijver, Alexander Yurchenko,
> Alexander von Gernler, Alexandre Ratchov, Alexey Vatchenko,
> Anders Magnusson, Andreas Gunnarsson, Anil Madhavapeddy,
> Antoine Jacoutot, Ariane van der Steldt, Artur Grabowski,
> Austin Hook, Bernd Ahlers, Bob Beck, Bret Lambert, Can Erkin Acar,
> Chad Loder, Charles Longeau, Chris Kuethe, Christian Weisgerber,
> Claudio Jeker, Constantine A. Murenin, Dale Rahn, Damien Bergamini,
> Damien Miller, Darren Tucker, David Gwynne, David Hill,
> David Krause, Eric Faurot, Esben Norby, Federico G. Schwindt,
> Felix Kronlage, Gilles Chehade, Giovanni Bechis, Gordon Willem Klok,
> Hans-Joerg Hoexer, Henning Brauer, Ian Darwin, Igor Sobrado,
> Jacek Masiulaniec, Jacob Meuser, Jakob Schlyter, Janne Johansson,
> Jared Yanovich, Jason Dixon, Jason George, Jason McIntyre,
> Jasper Lievisse Adriaanse, Joel Sing, Joerg Goltermann, Jolan Luff,
> Jonathan Gray, Jordan Hargrave, Joris Vink, Joshua Stein,
> Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding,
> Kurt Miller, Landry Breuil, Laurent Fanis, Marc Balmer, Marc Espie,
> Marco Peereboom, Marco Pfatschbacher, Marco S Hyman, Marcus Glocker,
> Mark Kettenis, Mark Uemura, Markus Friedl, Martin Reindl,
> Martynas Venckus, Mathieu Sauve-Frankel, Mats O Jansson,
> Matthias Kilian, Matthieu Herrb, Michael Erdely, Michael Knudsen,
> Michele Marchetto, Mike Belopuhov, Mike Larkin, Miod Vallat,
> Moritz Jodeit, Nick Holland, Nikolay Sturm, Okan Demirmen,
> Oleg Safiullin, Otto Moerbeek, Owain Ainsworth, Paul Irofti,
> Paul de Weerd, Pedro Martelletto, Peter Hessler, Peter Stromberg,
> Peter Valchev, Philip Guenther, Pierre-Emmanuel Andre,
> Pierre-Yves Ritschard, Rainer Giedat, Ray Lai, Reyk Floeter,
> Robert Nagy, Rui Reis, Ryan Thomas McBride, Simon Bertrang,
> Stefan Kempf, Stefan Sperling, Steven Mestdagh, Stuart Henderson,
> Ted Unangst, Theo de Raadt, Thordur I. Bjornsson, Tobias Stoeckmann,
> Tobias Weingartner, Todd C. Miller, Todd Fries, Will Maier,
> Xavier Santolaria, Yojiro Uo
More information about the BUS