Fwd: OpenBSD 5.1 released May 1, 2012

jonas.internet@gmail.com jonas.internet at gmail.com
Wed May 2 16:21:38 CEST 2012


---------- Forwarded message ----------
From: Bob Beck <beck at cvs.openbsd.org>
Date: 2012/5/1
Subject: OpenBSD 5.1 released May 1, 2012
To: announce at openbsd.org, misc at openbsd.org, tech at openbsd.org



- OpenBSD 5.1 RELEASED -------------------------------------------------

May 1, 2012.

We are pleased to announce the official release of OpenBSD 5.1.
This is our 31st release on CD-ROM (and 31th via FTP).  We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.

As in our previous releases, 5.1 provides significant improvements,
including new features, in nearly all areas of the system:

 - Improved hardware support, including:
  o umsm(4) supports additional mobile broadband devices.
  o Non-GigE ale(4) devices can now establish link to a GigE link partner.
  o Support for Intel 82580 has been added to em(4).
  o Support for MegaRAID 9240 has been added to mfi(4).
  o Support for Nuvoton NCT6776F has been added to lm(4).
  o Support for Centrino Advanced-N 6205 has been added to iwn(4).
  o Support for SiS 1182/1183 SATA has been added to pciide(4).
  o Support for Synaptics touch pads through the synaptics(4) X.Org
    input driver is now enabled by default.
  o Support for Intel Sandy Bridge integrated graphics cards has been
    added to the intel(4) X.Org driver.
  o Assembler implementation of the AES-GCM mode for new Intel and
    future AMD CPUs has been added.
  o usb(4) probes bus after resume, improves functionality for some laptops.

 - Generic network stack improvements:
  o RFC4638 MTU negotiation for pppoe(4).
  o npppdctl(8) replaced with npppctl(8), written from scratch.
    Includes support for IPv6 as tunnel source address.
  o Improve performance (throughput and loss rate) for PPTP, pppd(8)
    or L2TP(/IPsec) on unstable latency networks (eg mobile).
  o Improved IPv6 fragment handling.
  o Many robustness improvements for IEEE 802.11 (particularly hostap).
  o Improved vlan priority support, including mapping to interface queues.
  o Initial rdomains support for IPv6.
  o Robustness improvements for carp(4).
  o Various IPv6 and rdomain related improvements for carp(4).

 - Routing daemons and other userland network improvements:
  o fstat(8) now displays routing table ID and socket-splicing information
    and ps can display routing table ID.
  o traceroute(8) and traceroute6(8) can look up ASNs for each hop.
  o snmpd(8) adds a MIB to show statistics for carp(4) interfaces.
  o bgpctl(8) parses and display MRT routing table dumps.
  o ntpd(8) supports multiple rdomains.
  o When ospfd(8) detects route socket overflow, it now delays before
    it reloads the fib.
  o Improved and more consistent ToS support in various network
    tools (tcpbench(8), nc(8), ping(8), traceroute(8)).
  o Initial inport of login_yubikey(8) for logging in using yubikeys.

 - pf(4) improvements:
  o One-shot rule support for pf(4), for use with proxies via anchors.
  o NAT64 support in PF using the af-to keyword.
  o Much improved IPv6 fragment handling.
  o Various enhancements with ICMP and especially ICMPv6 states
  o Improved IPv6 Neighbor Discovery and Multicast Listener Discovery handling.
  o pfctl(8) now prints port numbers instead of service names by default.
  o Netflow v9 and ipfix support for pflow(4).
  o Many pfsync(4) fixes and improvements including jumbo frames and
    automatically requesting a bulk update after a physical interface
    comes online.

- Assorted improvements:
  o Improved locale support.
  o Support for MSG_NOSIGNAL.
  o KERN_PROC_CWD sysctl(3) for fetching the path to a process's
    working directory.
  o Improved fnmatch(3), glob(3), and regcomp(3) implementations
    to resist DoS attacks.
  o Lots of HISTORY and AUTHORS information added to manpages.
  o Improved checking of file-offset wraparound.
  o pwrite(2)/pwritev(2) now correctly by ignored O_APPEND.
  o Improved conformance of header files with standards.
  o Improved cancelation support in both user-threads (libpthread)
    and rthreads.
  o Improved correctness of execing, coredumping, signal delivery,
    alternate signal stacks, blocking socket accepts(), mutexes
    and condition variables, per-thread errno, symbol binding,
    and ktracing when rthreads are in use.
  o Architecture-independent kernel support for thread-control-block
    handling for rthreads.
  o Small improvements to Linux compat (only available on i386).
  o Multiple bugs have been fixed in the Intel 10Gb driver ix(4).
  o softraid(4) now supports a concatenating discipline.
  o On amd64, i386, and sparc64, the root filesystem can reside in
    a softraid(4) volume. The kernel needs to be booted from a
    non-softraid partition.
  o On amd64, the system can be booted from a softraid(4) RAID1 volume.
  o aucat(1) adds a "device number" component in sndio(7) device
    names, allowing a single aucat instance to handle all audio
    and MIDI services.
  o Built-in sndiod(1) sound daemon now uses default rate 48kHz and
    the default block size 10ms. These settings ensure video players
    and programs using MTC are smooth by default.
  o Many updates to smtpd(8): a new scheduler_backend API introduced,
    more MIME 1.0 support added, new filter callbacks for network events,
    improved DNS error reporting and envelope handling, and the
    purge/ directory is now cleared via a privilege-separated child.
  o tmux(1) is extended to support a larger history, minimizes redundant
    log messages and does some code reordering for more local and less
    global variables. Support is added for the ESC[s and ESC[u
    save/restore cursor-position key sequences. $HOME (or ~) may now
    be used as default-path in tmux.conf.
  o Enhanced cwm(1) event support, added {r,}cycleingroup to cycle
    through clients belonging to the same group as the active client,
    simplified color initialization.
  o The mg(1) emacs-like editor: now uses absolute filenames while
    pushing and popping off the stack. In dired mode: corrected
    cursor movements and added missing keybindings.

 - OpenSSH 6.0:
   o New features:
     - ssh-keygen(1): add optional checkpoints for moduli screening.
     - ssh-add(1): new -k option to load plain keys (skipping
       certificates).
     - sshd(8): add wildcard support to PermitOpen, allowing things
       like "PermitOpen localhost:*". (bz#1857)
     - ssh(1): support for cancelling local and remote port forwards
       via the multiplex socket. Use "ssh -O cancel -L xx:xx:xx -R
       yy:yy:yy user at host" to request the cancellation of the
       specified forwardings.
     - support cancellation of local/dynamic forwardings from ~C commandline.
   o The following significant bugs have been fixed in this release:
     - ssh(1): ensure that $DISPLAY contains only valid characters
       before using it to extract xauth data so that it can't be
       used to play local shell metacharacter games.
     - ssh(1): unbreak remote port forwarding with dynamic allocated
       listen ports.
     - scp(1): uppress adding '--' to remote commandlines when the
       first argument does not start with '-'. Saves breakage on
       some difficult-to-upgrade embedded/router platforms.
     - ssh(1) and sshd(8): fix typo in IPQoS parsing: there is
       no "AF14" class, but there is an "AF21" class.
     - ssh(1) and sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT
       during rekeying.
     - ssh(1): skip attempting to create ~/.ssh when -F is passed.
     - sshd(8): unbreak stdio forwarding when ControlPersist is
       in use. (bz#1943)
     - sshd(8): send tty break to pty master instead of (probably
       already closed) slave side. (bz#1859)
     - sftp(1): silence error spam for "ls */foo" in directory
       with files. (bz#1683)
     - Fixed a number of memory and file descriptor leaks.

 - Over 7,000 ports, major performance and stability improvements in
  the package build process
  o Downloading of distfiles is simpler, can resume interrupted
    download, discover file moves, and expire old files. Distfiles
    mirror sites now use the new and improved method.
  o Dependency handling during ports build and package creation is
    at least twice as fast, twenty times as fast in pathological
    cases. This also affects user scripts such as out-of-date
  o More checks are done during package builds, for increased
    user friendliness
  o The long term process of documenting the infrastructure
    is now 100% done.
  o The distributed ports builder (dpb) can now clean up old
    dependencies, thus helping package builds be more reproducible.
    This found tens of hidden build dependencies in the ports tree already.
  o The semantics of pkg_add -a have been nailed down and a few minor
    bugs have been fixed.
  o The arch-dependent issues are better classified, leading to
    better builds on old architectures in some complicated cases.
    In particular, dpb explicitly purges from memory info about
    packages it cannot build and stuff that depends on it,
    leading to better life on sparc and vax which have very small
    data-size limits.
  o dpb recognizes full builds and trims some duplicate package builds

 - Many pre-built packages for each architecture:
   o i386: 7229                      o sparc64: 6599
   o alpha: 5943                     o sh: 2459
   o amd64: 7181                     o powerpc: 6852
   o sparc: 4152                     o arm: 5536
   o hppa: 6159                      o vax: 2199
   o mips64: 5785                    o mips64el: 5807

 - Some highlights:
   o Gnome 3.2.1                     o KDE 3.5.10
   o Xfce 4.8.3                      o MySQL 5.1.60
   o PostgreSQL 9.1.2                o Postfix 2.8.8
   o OpenLDAP 2.3.43 and 2.4.26      o GHC 7.0.4
   o Mozilla Firefox 3.5.19, 3.6.25 and 9.0.1
   o Mozilla Thunderbird 9.0.1       o LibreOffice 3.4.5.2
   o Emacs 21.4, 22.3 and 23.4       o Vim 7.3.154
   o PHP 5.2.17 and 5.3.10           o Python 2.5.4, 2.7.1 and 3.2.2
   o Ruby 1.8.7.357 and 1.9.3.0      o Tcl 8.5.11
   o Jdk 1.7                         o Mono 2.10.6
   o Chromium 16.0.912.77            o Groff 1.21

 - As usual, steady improvements in manual pages and other documentation.
   o Base system and Xenocara manuals are now installed as source code,
     making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
   o If both formatted and source versions of manuals are installed,
     man(1) automatically displays the newer version of each page.

 - The system includes the following major components from outside suppliers:
   o Xenocara (based on X.Org 7.6 with xserver 1.11.4 + patches,
     freetype 2.4.8, fontconfig 2.8.0, Mesa 7.10.3, xterm 276,
     xkeyboard-config 2.5 and more)
   o Gcc 4.2.1 (+patches), 3.3.5 (+ patches) and 2.95.3 (+ patches)
   o Perl 5.12.2 (+ patches)
   o Our improved and secured version of Apache 1.3, with SSL/TLS
     and DSO support
   o OpenSSL 1.0.0f (+ patches)
   o Sendmail 8.14.5, with libmilter
   o Bind 9.4.2-P2 (+ patches)
   o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
   o Sudo 1.7.2p8
   o Ncurses 5.7
   o Heimdal 0.7.2 (+ patches)
   o Arla 0.35.7
   o Binutils 2.15 (+ patches)
   o Gdb 6.3 (+ patches)
   o Less 444 (+ patches)
   o Awk Aug 10, 2011 version

If you'd like to see a list of what has changed between OpenBSD 5.0
and 5.1, look at

       http://www.OpenBSD.org/plus51.html

Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.

------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------

We provide patches for known security threats and other important
issues discovered after each CD release.  As usual, between the
creation of the OpenBSD 5.1 FTP/CD-ROM binaries and the actual 5.1
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default).  Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible.  Therefore, we advise regular visits to

       http://www.OpenBSD.org/security.html
and
       http://www.OpenBSD.org/errata.html

Security patch announcements are sent to the security-announce at OpenBSD.org
mailing list.  For information on OpenBSD mailing lists, please see:

       http://www.OpenBSD.org/mail.html

------------------------------------------------------------------------
- CD-ROM SALES ---------------------------------------------------------

OpenBSD 5.1 is also available on CD-ROM.  The 3-CD set costs $50 CDN and
is available via mail order and from a number of contacts around the
world.  The set includes a colourful booklet which carefully explains the
installation of OpenBSD.  A new set of cute little stickers is also
included (sorry, but our FTP mirror sites do not support STP, the Sticker
Transfer Protocol).  As an added bonus, the second CD contains an audio
track, a song entitled "Bug Busters".  MP3 and OGG versions of
the audio track can be found on the first CD.

Lyrics (and an explanation) for the songs may be found at:

   http://www.OpenBSD.org/lyrics.html#51

Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

The OpenBSD 5.1 CD-ROMs are bootable on the following four platforms:

 o i386
 o amd64
 o macppc
 o sparc64

(Other platforms must boot from floppy, network, or other method).

For more information on ordering CD-ROMs, see:

       http://www.OpenBSD.org/orders.html

The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from.  For our default mail order, go directly to:

       https://https.OpenBSD.org/cgi-bin/order

All of our developers strongly urge you to buy a CD-ROM and support
our future efforts.  Additionally, donations to the project are
highly appreciated, as described in more detail at:

       http://www.OpenBSD.org/goals.html#funding

------------------------------------------------------------------------
- OPENBSD FOUNDATION ---------------------------------------------------

For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts.  In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses.  There may also be exposure benefits
since the Foundation may be interested in participating in press releases.
In turn, the Foundation then uses these contributions to assist OpenBSD's
infrastructure needs.  Contact the foundation directors at
directors at openbsdfoundation.org for more information.

------------------------------------------------------------------------
- T-SHIRT SALES --------------------------------------------------------

The OpenBSD distribution companies also sell tshirts and polo shirts.
And our users like them, too.  We have a variety of shirts available,
with the new and old designs, from our web ordering system at, as
described above.

-----------------------------------------------------------------------
- FTP INSTALLS ---------------------------------------------------------

If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP or HTTP downloads.  Typically you need a single
small piece of boot media (e.g., a boot floppy) and then the rest
of the files can be installed from a number of locations, including
directly off the Internet.  Follow this simple set of instructions
to ensure that you find all of the documentation you will need
while performing an install via FTP or HTTP.  With the CD-ROMs,
the necessary documentation is easier to find.

1) Read either of the following two files for a list of ftp/http
  mirrors which provide OpenBSD, then choose one near you:

       http://www.OpenBSD.org/ftp.html
       ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/ftplist

  As of Nov 1, 2011, the following ftp mirror sites have the 5.1 release:

       ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.1/       Stockholm, Sweden
       ftp://ftp.bytemine.net/pub/OpenBSD/5.1/         Oldenburg, Germany
       ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.1/       Zurich, Switzerland
       ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.1/       Paris, France
       ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/      Vienna, Austria
       ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.1/     Brisbane, Australia
       ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.1/      CO, USA
       ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.1/     CA, USA
       ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.1/         Michigan, USA

       The release is also available at the master site:

       ftp://ftp.openbsd.org/pub/OpenBSD/5.1/          Alberta, Canada

       However it is strongly suggested you use a mirror.

  Other mirror sites may take a day or two to update.

2) Connect to that ftp mirror site and go into the directory
  pub/OpenBSD/5.1/ which contains these files and directories.
  This is a list of what you will see:

       ANNOUNCEMENT     armish/          mvme68k/         sparc64/
       Changelogs/      ftplist          mvme88k/         src.tar.gz
       HARDWARE         hp300/           packages/        sys.tar.gz
       PACKAGES         hppa/            ports.tar.gz     tools/
       PORTS            i386/            root.mail        vax/
       README           landisk/         sgi/             xenocara.tar.gz
       alpha/           mac68k/          socppc/          zaurus/
       amd64/           macppc/          sparc/

  It is quite likely that you will want at LEAST the following
  files which apply to all the architectures OpenBSD supports.

       README          - generic README
       HARDWARE        - list of hardware we support
       PORTS           - description of our "ports" tree
       PACKAGES        - description of pre-compiled packages
       root.mail       - a copy of root's mail at initial login.
                         (This is really worthwhile reading).

3) Read the README file.  It is short, and a quick read will make
  sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
  for example, i386.  This is a list of what you will see:

       INSTALL.i386    cd51.iso        floppyB51.fs    pxeboot*
       INSTALL.linux   cdboot*         floppyC51.fs    xbase51.tgz
       MD5             cdbr*           game51.tgz      xetc51.tgz
       base51.tgz      cdemu51.iso     index.txt       xfont51.tgz
       bsd*            comp51.tgz      install51.iso   xserv51.tgz
       bsd.mp*         etc51.tgz       man51.tgz       xshare51.tgz
       bsd.rd*         floppy51.fs     misc51.tgz

  If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
  and the appropriate floppy*.fs or install51.iso files.  Consult the
  INSTALL.i386 file if you don't know which of the floppy images
  you need (or simply fetch all of them).

  If you use the install51.iso file (roughly 250MB in size), then you
  do not need the various *.tgz files since they are contained on that
  one-step ISO-format install CD.

5) If you are an expert, follow the instructions in the file called
  README; otherwise, use the more complete instructions in the
  file called INSTALL.i386.  INSTALL.i386 may tell you that you
  need to fetch other files.

6) Just in case, take a peek at:

       http://www.OpenBSD.org/errata.html

  This is the page where we talk about the mistakes we made while
  creating the 5.1 release, or the significant bugs we fixed
  post-release which we think our users should have fixes for.
  Patches and workarounds are clearly described there.

Note: If you end up needing to write a raw floppy using Windows,
     you can use "fdimage.exe" located in the pub/OpenBSD/5.1/tools
     directory to do so.

------------------------------------------------------------------------
- X.ORG FOR MOST ARCHITECTURES -----------------------------------------

X.Org has been integrated more closely into the system.  This release
contains X.Org 7.6.  Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc.  During installation, you can install
X.Org quite easily.  Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.

------------------------------------------------------------------------
- PORTS TREE -----------------------------------------------------------

The OpenBSD ports tree contains automated instructions for building
third party software.  The software has been verified to build and
run on the various OpenBSD architectures.  The 5.1 ports collection,
including many of the distribution files, is included on the 3-CD
set.  Please see the PORTS file for more information.

Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD.  Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).

------------------------------------------------------------------------
- BINARY PACKAGES WE PROVIDE -------------------------------------------

A large number of binary packages are provided.  Please see the PACKAGES
file (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/PACKAGES) for more details.

------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------

The CD-ROMs contain source code for all the subsystems explained
above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/README)
file explains how to deal with these source files.  For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/5.1/ directory:

       xenocara.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz

------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------

Ports tree and package building by Jasper Lievisse Adriaanse,
Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler,
Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber.
System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat.
X11 builds by Todd Fries and Miod Vallat.  ISO-9660 filesystem
layout by Theo de Raadt.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use.  We would also like
to thank those who pre-ordered the 5.1 CD-ROM or bought our previous
CD-ROMs.  Those who did not support us financially have still helped
us with our goal of improving the quality of the software.

Our developers are:

   Alexander Bluhm, Alexander Hall, Alexander Schrijver,
   Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov,
   Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
   Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers,
   Bob Beck, Bret Lambert, Bryan Steele, Camiel Dobbelaar,
   Can Erkin Acar, Charles Longeau, Chris Kuethe, Christian Weisgerber,
   Christiano F. Haesbaert, Claudio Jeker, Dale Rahn, Damien Bergamini,
   Damien Miller, Darren Tucker, David Coppa, David Gwynne, David Hill,
   David Krause, Edd Barrett, Eric Faurot, Federico G. Schwindt,
   Felix Kronlage, Gilles Chehade, Giovanni Bechis, Gleydson Soares,
   Henning Brauer, Ian Darwin, Igor Sobrado, Ingo Schwarze,
   Jacek Masiulaniec, Jakob Schlyter, Janne Johansson, Jason George,
   Jason McIntyre, Jason Meltzer, Jasper Lievisse Adriaanse,
   Jeremy Evans, Jim Razmus II, Joel Knight, Joel Sing, Joerg Zinke,
   Jolan Luff, Jonathan Armani, Jonathan Gray, Jonathan Matthew,
   Jordan Hargrave, Joshua Elsasser, Joshua Stein, Kenji Aoyama,
   Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller,
   Landry Breuil, Laurent Fanis, Luke Tymowski, Marc Espie,
   Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden,
   Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus,
   Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb,
   Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat,
   Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
   Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth,
   Pascal Stumpf, Paul de Weerd, Paul Irofti, Peter Hessler,
   Peter Valchev, Philip Guenther, Pierre-Emmanuel Andre,
   Pierre-Yves Ritschard, Remi Pointel, Reyk Floeter, Robert Nagy,
   Ryan Freeman, Ryan Thomas McBride, Sasano, Sebastian Benoit,
   Sebastian Reitenbach, Simon Bertrang, Simon Perreault,
   Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh,
   Stuart Cassoff, Stuart Henderson, Takuya Asada, Ted Unangst,
   Theo de Raadt, Thordur I Bjornsson, Tobias Stoeckmann,
   Tobias Weingartner, Todd C. Miller, Todd Fries, Uwe Stuehler,
   Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo


More information about the BUS mailing list