------------------------------------------------------------------------ - OpenBSD 3.7 RELEASED ------------------------------------------------- May 19, 2005. We are pleased to announce the official release of OpenBSD 3.7. This is our 17th release on CD-ROM (and 18th via FTP). We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.7 provides significant improvements, including new features, in nearly all areas of the system: - New platforms: o OpenBSD/zaurus Expanding the arm porting effort by supporting the Sharp Zaurus SL-C3000, bringing a secure ssh-capable machine to your pocket. o OpenBSD/sgi Starting out support with the SGI O2 machines. - Support for a number of much faster 64-bit machines (in 32-bit mode) in the OpenBSD/hppa port. - Many enhancements in the OpenBSD/mac68k port: o Switch to a bsd.rd-based install. o Improved interrupt system. o Create partitions with pdisk(8). o Add mc(4) support and enhance zsc(4) support. - New tools: o ospfd(8), implementing the OSPFv2 routing protocol. o getcap(1), providing easy access to the capability database. - New functionality: o Repaired mirroring mode in ccd(4). o Privilege separation for ftpd(8) o Bash-style prompt expansion and POSIX hex and octal constants in ksh(1). o Improved TCP send performance. o Reentrant getproto*_r(3) and getserv*_r(3) functions. o In-kernel pppoe(4) support. o pim(4) (Protocol Independent Multicast) support added. - Improved hardware support, including: o New ath(4) driver for Atheros IEEE 802.11a/b/g wireless network adapters. o New iwi(4) driver for Intel PRO/Wireless 2200BG/2225BG/2915ABG IEEE 802.11a/b/g wireless network adapters. o New ipw(4) driver for Intel PRO/Wireless 2100 IEEE 802.11b wireless network adapters. o New atu(4) driver for Amtel AT76C50x USB IEEE 802.11b wireless network adapters. o New ral(4) and ural(4) [USB] drivers for Ralink Technology RT25x0 IEEE 802.11a/b/g wireless network adapters. o New rtw(4) driver for Realtek 8180 IEEE 802.11b wireless network adapters. o Added support to re(4) driver for Realtek 8169 CardBus Ethernet adapters. o New udav(4) driver for Davicom DM9601 USB Ethernet adapters. o New vge(4) driver for VIA Networking Technologies VT6122 PCI Gigabit Ethernet adapters. o New piixpm(4) driver for the Intel PIIX Power Management controller. o New ubt(4) driver for USB Bluetooth adapters. - New functionality for bgpd(8), the Border Gateway Protocol Daemon: o Allow sessions to depend on a CARP interface's master/backup state, reducing failover times in redundant setups. o Lower latency for requests from other peers or bgpctl while under heavy load, e.g. initial table transfer when a session comes up. o Allow for the peer descriptions to be used in bgpctl commands where previously only their IPs were allowed. o Allow bgpd to not prepend its own AS number and to not modify the nexthop on updates sent out. o Show associated interfaces and their state on "show nexthop", to help pointing out why nexthops are invalid. o Allow for relative metrics modification, i.e. "set localpref +20". - New functionality for ntpd(8), the Network Time Protocol Daemon: o ntpd can now set the time immediately on startup itself, eliminating the need to run rdate -n beforehand. o Use median instead of average when collapsing all the peers' offsets into one, greatly improving resistance against falsetickers. o Calculate rootdelay, stratum, and precision properly; include these in replies sent out in server mode. o Many logging improvements: ntpd is now almost completely silent in normal operation (unless in debug mode, of course). - New functionality and improvements for pf(4), the packet filter: o Improved carp(4), new carpdev mode for IP-less interfaces. o Support limiting TCP connections by establishment rate, automatically adding flooding IP addresses to tables and flushing states (max-src-conn-rate, overload , flush global). o Improved functionality of tags (tag and tagged for translation rules, tagging of all packets matching state entries). o Improved diagnostics (error messages and additional counters from pfctl -si). o New keyword "set skip on" to skip filtering on arbitrary interfaces, like loopback. o Filtering on route(8) labels. o Several bugfixes improving stability. - New functionality and improvements for isakmpd(8), the Internet Security Association and Key Management Daemon: o Allow the Address, Network, or Netmask values of the "IPsec-ID" to be specified with an interface name or the keyword "default" (in which case the address is selected based on the default route). o Improved NAT-T and DPD stability and interoperability. - New functionality and improvements for spamd(8), the Spamd Spam Deferral Daemon: o Allow the addition of spamtrap addresses to the spamd database using spamdb(8). Spamd will automatically blacklist hosts that attempt to deliver mail to a spamtrap address while greylisted. - New functionality and improvements for the package tools: o Major overhaul of the package format, simplifying common tasks like user creation. o In-place updates of packages with pkg_add -r. o Progress meters, which make installing big packages a more pleasant experience. o Reliable dependencies on shared libraries, including the base system. o Many performance improvements. - Over 3000 ports, 2800 pre-built packages. - Many improvements for security and reliability. Cleaner source code for ksh(1), httpd(8), and many more programs. - As usual, many improvements in manual pages and other documentation. - OpenSSH 4.1: o Local, remote and dynamic port forwards may be configured to listen on specific IP addresses. o sshd_config(5) now understands "GatewayPorts clientspecified" to allow client-specified listen addresses in remote port forwards. The existing behaviour for "yes" and "no" is maintained. o known_hosts files may be hashed to provide privacy if they are later disclosed. o ssh-keygen(1) has additional modes to generate and manage hashed known_hosts files. o Users will be warned of impending password and account expiry. o Corrupt keys in authorized_keys are now handled gracefully. o sftp(1) has speed improvements for "ls" and now uses libedit for command line editing and history. o sshd(8) will now log the source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups. o AddressFamily option in sshd_config(5) now has an AddressFamily option to provide global control of IPv4 and IPv6 usage by sshd(8). o ssh(1)'s multiplex (ControlMaster) mode has been improved and now provides additional capabilities such as checking if the master is alive, obtaining its process ID and requesting that it shut down. - OpenBSD/i386 and OpenBSD/macppc now use gcc 3.3.5. - OpenBSD/amd64, OpenBSD/cats, OpenBSD/macppc, OpenBSD/hppa, OpenBSD/sgi, OpenBSD/sparc64 and OpenBSD/zaurus now use DWARF2 (C++) exception handling. - This release of OpenBSD includes the following major components from outside suppliers: o X.Org 6.8.2 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org) o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches) o Perl 5.8.6 (+ patches) o Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches) o OpenSSL 0.9.7d (+ patches) o Groff 1.15 o Sendmail 8.13.3, with libmilter o Bind 9.3.0 (+ patches) o Lynx 2.8.5rel.2 with HTTPS and IPv6 support (+ patches) o Sudo 1.6.8p6 o Ncurses 5.2 o Latest KAME IPv6 o Heimdal 0.6rc1 (+ patches) o Arla 0.35.7 o Binutils 2.15 o Gdb 6.3 If you'd like to see a list of what has changed between OpenBSD 3.6 and 3.7, look at http://www.OpenBSD.org/plus37.html Even though the list is a summary of the most important changes made to OpenBSD, it still is a very very long list. ------------------------------------------------------------------------ - NEW EFFORTS FOR BETTER SUPPORT --------------------------------------- Over the last 6 months, the OpenBSD developers have put significant effort into pressuring wireless chipset vendors to release their chip firmware binaries under a license which allows for drivers to be included in free operating systems. This effort is very important to ensure that future hardware you buy can be used without requiring a piece of software you don't own. Some vendors have already responded very positively to this activism, meaning their chips are now supportable by all free operating systems. The vendors we wish to thank the most for being open in this regard are RALink and Realtek, and secondly ATmel and Zydas. OpenBSD 3.7 ships with many new wireless device drivers because of our successful activism. With more of your help, we can make our future releases even better in this regard. Every few years some large vendors collude to try to lock the free systems out of a technology. A decade ago it was ethernet. This time it was wireless. Next, it will be RAID. Don't let them do that. Help us help your hardware run. Participation from the user community in this effort is very important for its success. Please get active! Visit the articles starting at: http://undeadly.org/cgi?action=article&sid=20041026185704 http://undeadly.org/cgi?action=article&sid=20041027193425 http://undeadly.org/cgi?action=article&sid=20041028234237 You should send professional, articulate e-mails to the contacts at the companies in question telling them why this issue is important to you. Tell them that their products must be supportable by free operating systems for you to consider buying them, and that non-free licenses for firmware binaries mean you will be looking for a different product. ------------------------------------------------------------------------ - SECURITY AND ERRATA -------------------------------------------------- We provide patches for known security threats and other important issues discovered after each CD release. As usual, between the creation of the OpenBSD 3.7 FTP/CD-ROM binaries and the actual 3.7 release date, our team found and fixed some new reliability problems (note: most are minor and in subsystems that are not enabled by default). Our continued research into security means we will find new security problems -- and we always provide patches as soon as possible. Therefore, we advise regular visits to http://www.OpenBSD.org/security.html and http://www.OpenBSD.org/errata.html Security patch announcements are sent to the security-announce@OpenBSD.org mailing list. For information on OpenBSD mailing lists, please see: http://www.OpenBSD.org/mail.html ------------------------------------------------------------------------ - CD-ROM SALES --------------------------------------------------------- OpenBSD 3.7 is also available on CD-ROM. The 3-CD set costs $45USD (EUR 45) and is available via mail order and from a number of contacts around the world. The set includes a colorful booklet which carefully explains the installation of OpenBSD. A new set of cute little stickers is also included (sorry, but our FTP mirror sites do not support STP, the Sticker Transfer Protocol). As an added bonus, the second CD contains an audio track, a song entitled "The Wizard of OS". Lyrics for the song may be found at: http://www.OpenBSD.org/lyrics.html#37 Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. The OpenBSD 3.7 CD-ROMs are bootable on the following five platforms: o i386 o amd64 o macppc o sparc o sparc64 (UltraSPARC) (Other platforms must boot from floppy, network, or other method). For more information on ordering CD-ROMs, see: http://www.OpenBSD.org/orders.html The above web page lists a number of places where OpenBSD CD-ROMs can be purchased from. For our default mail order, go directly to: https://https.OpenBSD.org/cgi-bin/order or, for European orders: https://https.OpenBSD.org/cgi-bin/order.eu All of our developers strongly urge you to buy a CD-ROM and support our future efforts. Additionally, donations to the project are highly appreciated, as described in more detail at: http://www.OpenBSD.org/goals.html#funding ------------------------------------------------------------------------ - T-SHIRT SALES -------------------------------------------------------- The project continues to expand its funding base by selling t-shirts and polo shirts. And our users like them too. We have a variety of shirts available, with the new and old designs, from our web ordering system at: https://https.OpenBSD.org/cgi-bin/order and for Europe: https://https.OpenBSD.org/cgi-bin/order.eu The OpenBSD 3.7 t-shirts are available now. The new shirt for 3.7 is an update of the classic wireframe shirt featuring a really cool looking (and nice feeling) wireframe blowfish mascot. We also sell our older shirts, as well as a selection of OpenSSH t-shirts. ------------------------------------------------------------------------ - FTP INSTALLS --------------------------------------------------------- If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily installed via FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet. Follow this simple set of instructions to ensure that you find all of the documentation you will need while performing an install via FTP. With the CD-ROMs, the necessary documentation is easier to find. 1) Read either of the following two files for a list of ftp mirrors which provide OpenBSD, then choose one near you: http://www.OpenBSD.org/ftp.html ftp://ftp.OpenBSD.org/pub/OpenBSD/3.7/ftplist As of May 19, 2005, the following ftp mirror sites have the 3.7 release: ftp://ftp.kd85.com/pub/OpenBSD/3.7/ Austria ftp://openbsd.informatik.uni-erlangen.de/pub/OpenBSD/3.7/ Germany ftp://muk.kd85.com/pub/OpenBSD/3.7/ Netherlands ftp://ftp.stacken.kth.se/pub/OpenBSD/3.7/ Sweden ftp://ftp2.usa.openbsd.org/pub/OpenBSD/3.7/ New York City, NY, USA ftp://ftp3.usa.openbsd.org/pub/OpenBSD/3.7/ Boulder, CO, USA ftp://ftp5.usa.openbsd.org/pub/OpenBSD/3.7/ Redwood City, CA, USA ftp://rt.fm/pub/OpenBSD/3.7/ Lake in the Hills, IL, USA The release is also available at the master site: ftp://ftp.openbsd.org/pub/OpenBSD/3.7/ Alberta, Canada However it is strongly suggested you use a mirror. Other mirror sites may take a day or two to update. 2) Connect to that ftp mirror site and go into the directory pub/OpenBSD/3.7/ which contains these files and directories. This is a list of what you will see: ANNOUNCEMENT alpha/ mac68k/ sparc/ Changelogs/ amd64/ macppc/ sparc64/ HARDWARE cats/ mvme68k/ src.tar.gz PACKAGES ftplist mvme88k/ sys.tar.gz PORTS hp300/ packages/ tools/ README hppa/ ports.tar.gz vax/ SIZES i386/ root.mail zaurus/ XF4.tar.gz luna88k/ sgi/ It is quite likely that you will want at LEAST the following files which apply to all the architectures OpenBSD supports. README - generic README HARDWARE - list of hardware we support PORTS - description of our "ports" tree PACKAGES - description of pre-compiled packages root.mail - a copy of root's mail at initial login. (This is really worthwhile reading). 3) Read the README file. It is short, and a quick read will make sure you understand what else you need to fetch. 4) Next, go into the directory that applies to your architecture, for example, i386. This is a list of what you will see: CKSUM bsd.rd etc37.tgz misc37.tgz INSTALL.i386 cd37.iso floppy37.fs pxeboot INSTALL.linux cdboot floppyB37.fs xbase37.tgz MD5 cdbr floppyC37.fs xetc37.tgz base37.tgz cdemu37.iso game37.tgz xfont37.tgz bsd cdrom37.fs index.txt xserv37.tgz bsd.mp comp37.tgz man37.tgz xshare37.tgz If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386 and the appropriate floppy*.fs or cd37.iso file. Consult the INSTALL.i386 file if you don't know which of the floppy images you need (or simply fetch all of them). 5) If you are an expert, follow the instructions in the file called README; otherwise, use the more complete instructions in the file called INSTALL.i386. INSTALL.i386 may tell you that you need to fetch other files. 6) Just in case, take a peek at: http://www.OpenBSD.org/errata.html This is the page where we talk about the mistakes we made while creating the 3.7 release, or the significant bugs we fixed post-release which we think our users should have fixes for. Patches and workarounds are clearly described there. Note: If you end up needing to write a raw floppy using Windows, you can use "fdimage.exe" located in the pub/OpenBSD/3.7/tools directory to do so. ------------------------------------------------------------------------ - X.ORG FOR MOST ARCHITECTURES ----------------------------------------- X.Org has been integrated more closely into the system. This release contains X.Org 6.8.2. Most of our architectures ship with X.Org, including amd64, sparc, sparc64 and macppc. During installation, you can install X.Org quite easily. Be sure to try out xdm(1) and see how we have customized it for OpenBSD. On the i386 platform a few older X servers are included from XFree86 3.3.6. These can be used for cards that are not supported by X.Org or where X.Org support is buggy. Please read the /usr/X11R6/README file for post-installation information. ------------------------------------------------------------------------ - PORTS TREE ----------------------------------------------------------- The OpenBSD ports tree contains automated instructions for building third party software. The software has been verified to build and run on the various OpenBSD architectures. The 3.7 ports collection, including many of the distribution files, is included on the 3-CD set. Please see the PORTS file for more information. Note: some of the most popular ports, e.g., the Apache web server and several X applications, come standard with OpenBSD. Also, many popular ports have been pre-compiled for those who do not desire to build their own binaries (see BINARY PACKAGES, below). ------------------------------------------------------------------------ - BINARY PACKAGES WE PROVIDE ------------------------------------------- A large number of binary packages is provided. Please see the PACKAGES file (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.7/PACKAGES) for more details. ------------------------------------------------------------------------ - SYSTEM SOURCE CODE --------------------------------------------------- The CD-ROMs contain source code for all the subsystems explained above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.7/README) file explains how to deal with these source files. For those who are doing an FTP install, the source code for all four subsystems can be found in the pub/OpenBSD/3.7/ directory: XF4.tar.gz ports.tar.gz src.tar.gz sys.tar.gz ------------------------------------------------------------------------ - THANKS --------------------------------------------------------------- OpenBSD 3.7 includes artwork and CD artistic layout by Ty Semaka, who also arranged an audio track on the OpenBSD 3.7 CD set. Ports tree and package building by Peter Valchev, Nikolay Sturm and Christian Weisgerber. System builds by Theo de Raadt and Kenji Aoyama. X11 builds by Todd Fries. ISO-9660 filesystem layout by Theo de Raadt. We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who pre-ordered the 3.7 CD-ROM or bought our previous CD-ROMs. Those who did not support us financially have still helped us with our goal of improving the quality of the software. Our developers are: Aaron Campbell, Alex Feldman, Alexander Guy, Aleksander Piotrowski, Alexander Yurchenko, Andreas Gunnarsson, Angelos D. Keromytis, Anil Madhavapeddy, Artur Grabowski, Ben Lindstrom, Bjorn Sandell, Bob Beck, Brad Smith, Brandon Creighton, Brian Caswell, Brian Somers, Bruno Rohee, Camiel Dobbelaar, Can Erkin Acar, Cedric Berger, Chad Loder, Chris Cappuccio, Christian Weisgerber, Christopher Pascoe, Claudio Jeker, Constantine Sapuntzakis, Dale Rahn, Damien Bergamini, Damien Couderc, Damien Miller, Dan Harnett, Daniel Hartmeier, Darren Tucker, David B Terrell, David Gwynne, David Krause, David Lebel, David Leonard, Don Stewart, Dug Song, Eric Jackson, Esben Norby, Federico G. Schwindt, Greg Taleck, Grigoriy Orlov, Hakan Olsson, Hans Insulander, Hans-Joerg Hoexer, Heikki Korpela, Henning Brauer, Henric Jungheim, Hiroaki Etoh, Horacio Menezo Ganau, Hugh Graham, Ian Darwin, Jakob Schlyter, Jan-Uwe Finck, Jared J. Yanovich, Jason Ish, Jason McIntyre, Jason Peel, Jason Wright, Jean-Baptiste Marchand, Jean-Francois Brousseau, Jean-Jacques Bernard-Gundol, Jim Rees, Joel Knight, Jolan Luff, Jonathan Gray, Joris Vink, Jose Nazario, Joshua Stein, Jun-ichiro itojun Hagino, Kenji Aoyama, Kenjiro Cho, Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding, Kurt Miller, Louis Bertrand, Magnus Holmberg, Marc Balmer, Marc Espie, Marc Matteo, Marco Peereboom, Marco Pfatschbacher, Marco S Hyman, Marcus Watts, Margarida Sequeira, Marius Eriksen, Mark Grimes, Mark Kettenis, Markus Friedl, Martin Reindl, Mathieu Sauve-Frankel, Mats O Jansson, Matt Behrens, Matt Smart, Matthew Jacob, Matthieu Herrb, Michael Coulter, Michael Shalayeff, Michael T. Stolarchuk, Mike Frantzen, Mike Pechkin, Miod Vallat, Moritz Jodeit, Nathan Binkert, Niall O'Higgins, Nick Holland, Niels Provos, Niklas Hallqvist, Nikolay Sturm, Nils Nordman, Oleg Safiullin, Otto Moerbeek, Paul Janzen, Pedro Martelletto, Peter Galbavy, Peter Stromberg, Peter Valchev, Philipp Buehler, Reinhard J. Sammer, Reyk Floeter, Rich Cannings, Robert Nagy, Ryan Thomas McBride, Saad Kadhi, Shell Hin-lik Hung, Stephen Kirkham, Steve Murphree, Ted Unangst, Theo de Raadt, Thierry Deval, Thomas Nordin, Thorsten Lockert, Tobias Weingartner, Todd C. Miller, Todd T. Fries, Tom Cosgrove, Uwe Stuehler, Vincent Labrecque, Wilbern Cobb, Wim Vandeputte, Xavier Santolaria.