------------------------------------------------------------------------ - OpenBSD 5.1 RELEASED ------------------------------------------------- May 1, 2012. We are pleased to announce the official release of OpenBSD 5.1. This is our 31st release on CD-ROM (and 31th via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. As in our previous releases, 5.1 provides significant improvements, including new features, in nearly all areas of the system: - Improved hardware support, including: o umsm(4) supports additional mobile broadband devices. o Non-GigE ale(4) devices can now establish link to a GigE link partner. o Support for Intel 82580 has been added to em(4). o Support for MegaRAID 9240 has been added to mfi(4). o Support for Nuvoton NCT6776F has been added to lm(4). o Support for Centrino Advanced-N 6205 has been added to iwn(4). o Support for SiS 1182/1183 SATA has been added to pciide(4). o Support for Synaptics touch pads through the synaptics(4) X.Org input driver is now enabled by default. o Support for Intel Sandy Bridge integrated graphics cards has been added to the intel(4) X.Org driver. o Assembler implementation of the AES-GCM mode for new Intel and future AMD CPUs has been added. o usb(4) probes bus after resume, improves functionality for some laptops. - Generic network stack improvements: o RFC4638 MTU negotiation for pppoe(4). o npppdctl(8) replaced with npppctl(8), written from scratch. Includes support for IPv6 as tunnel source address. o Improve performance (throughput and loss rate) for PPTP, pppd(8) or L2TP(/IPsec) on unstable latency networks (eg mobile). o Improved IPv6 fragment handling. o Many robustness improvements for IEEE 802.11 (particularly hostap). o Improved vlan priority support, including mapping to interface queues. o Initial rdomains support for IPv6. o Robustness improvements for carp(4). o Various IPv6 and rdomain related improvements for carp(4). - Routing daemons and other userland network improvements: o fstat(8) now displays routing table ID and socket-splicing information and ps can display routing table ID. o traceroute(8) and traceroute6(8) can look up ASNs for each hop. o snmpd(8) adds a MIB to show statistics for carp(4) interfaces. o bgpctl(8) parses and display MRT routing table dumps. o ntpd(8) supports multiple rdomains. o When ospfd(8) detects route socket overflow, it now delays before it reloads the fib. o Improved and more consistent ToS support in various network tools (tcpbench(8), nc(8), ping(8), traceroute(8)). o Initial inport of login_yubikey(8) for logging in using yubikeys. - pf(4) improvements: o One-shot rule support for pf(4), for use with proxies via anchors. o NAT64 support in PF using the af-to keyword. o Much improved IPv6 fragment handling. o Various enhancements with ICMP and especially ICMPv6 states o Improved IPv6 Neighbor Discovery and Multicast Listener Discovery handling. o pfctl(8) now prints port numbers instead of service names by default. o Netflow v9 and ipfix support for pflow(4). o Many pfsync(4) fixes and improvements including jumbo frames and automatically requesting a bulk update after a physical interface comes online. - Assorted improvements: o Improved locale support. o Support for MSG_NOSIGNAL. o KERN_PROC_CWD sysctl(3) for fetching the path to a process's working directory. o Improved fnmatch(3), glob(3), and regcomp(3) implementations to resist DoS attacks. o Lots of HISTORY and AUTHORS information added to manpages. o Improved checking of file-offset wraparound. o pwrite(2)/pwritev(2) now correctly by ignored O_APPEND. o Improved conformance of header files with standards. o Improved cancelation support in both user-threads (libpthread) and rthreads. o Improved correctness of execing, coredumping, signal delivery, alternate signal stacks, blocking socket accepts(), mutexes and condition variables, per-thread errno, symbol binding, and ktracing when rthreads are in use. o Architecture-independent kernel support for thread-control-block handling for rthreads. o Small improvements to Linux compat (only available on i386). o Multiple bugs have been fixed in the Intel 10Gb driver ix(4). o softraid(4) now supports a concatenating discipline. o On amd64, i386, and sparc64, the root filesystem can reside in a softraid(4) volume. The kernel needs to be booted from a non-softraid partition. o On amd64, the system can be booted from a softraid(4) RAID1 volume. o aucat(1) adds a "device number" component in sndio(7) device names, allowing a single aucat instance to handle all audio and MIDI services. o Built-in sndiod(1) sound daemon now uses default rate 48kHz and the default block size 10ms. These settings ensure video players and programs using MTC are smooth by default. o Many updates to smtpd(8): a new scheduler_backend API introduced, more MIME 1.0 support added, new filter callbacks for network events, improved DNS error reporting and envelope handling, and the purge/ directory is now cleared via a privilege-separated child. o tmux(1) is extended to support a larger history, minimizes redundant log messages and does some code reordering for more local and less global variables. Support is added for the ESC[s and ESC[u save/restore cursor-position key sequences. $HOME (or ~) may now be used as default-path in tmux.conf. o Enhanced cwm(1) event support, added {r,}cycleingroup to cycle through clients belonging to the same group as the active client, simplified color initialization. o The mg(1) emacs-like editor: now uses absolute filenames while pushing and popping off the stack. In dired mode: corrected cursor movements and added missing keybindings. - OpenSSH 6.0: o New features: - ssh-keygen(1): add optional checkpoints for moduli screening. - ssh-add(1): new -k option to load plain keys (skipping certificates). - sshd(8): add wildcard support to PermitOpen, allowing things like "PermitOpen localhost:*". (bz#1857) - ssh(1): support for cancelling local and remote port forwards via the multiplex socket. Use "ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings. - support cancellation of local/dynamic forwardings from ~C commandline. o The following significant bugs have been fixed in this release: - ssh(1): ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. - ssh(1): unbreak remote port forwarding with dynamic allocated listen ports. - scp(1): uppress adding '--' to remote commandlines when the first argument does not start with '-'. Saves breakage on some difficult-to-upgrade embedded/router platforms. - ssh(1) and sshd(8): fix typo in IPQoS parsing: there is no "AF14" class, but there is an "AF21" class. - ssh(1) and sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying. - ssh(1): skip attempting to create ~/.ssh when -F is passed. - sshd(8): unbreak stdio forwarding when ControlPersist is in use. (bz#1943) - sshd(8): send tty break to pty master instead of (probably already closed) slave side. (bz#1859) - sftp(1): silence error spam for "ls */foo" in directory with files. (bz#1683) - Fixed a number of memory and file descriptor leaks. - Over 7,000 ports, major performance and stability improvements in the package build process o Downloading of distfiles is simpler, can resume interrupted download, discover file moves, and expire old files. Distfiles mirror sites now use the new and improved method. o Dependency handling during ports build and package creation is at least twice as fast, twenty times as fast in pathological cases. This also affects user scripts such as out-of-date o More checks are done during package builds, for increased user friendliness o The long term process of documenting the infrastructure is now 100% done. o The distributed ports builder (dpb) can now clean up old dependencies, thus helping package builds be more reproducible. This found tens of hidden build dependencies in the ports tree already. o The semantics of pkg_add -a have been nailed down and a few minor bugs have been fixed. o The arch-dependent issues are better classified, leading to better builds on old architectures in some complicated cases. In particular, dpb explicitly purges from memory info about packages it cannot build and stuff that depends on it, leading to better life on sparc and vax which have very small data-size limits. o dpb recognizes full builds and trims some duplicate package builds - Many pre-built packages for each architecture: o i386: 7229 o sparc64: 6599 o alpha: 5943 o sh: 2459 o amd64: 7181 o powerpc: 6852 o sparc: 4152 o arm: 5536 o hppa: 6159 o vax: 2199 o mips64: 5785 o mips64el: 5807 - Some highlights: o Gnome 3.2.1 o KDE 3.5.10 o Xfce 4.8.3 o MySQL 5.1.60 o PostgreSQL 9.1.2 o Postfix 2.8.8 o OpenLDAP 2.3.43 and 2.4.26 o GHC 7.0.4 o Mozilla Firefox 3.5.19, 3.6.25 and 9.0.1 o Mozilla Thunderbird 9.0.1 o LibreOffice 3.4.5.2 o Emacs 21.4, 22.3 and 23.4 o Vim 7.3.154 o PHP 5.2.17 and 5.3.10 o Python 2.5.4, 2.7.1 and 3.2.2 o Ruby 1.8.7.357 and 1.9.3.0 o Tcl 8.5.11 o Jdk 1.7 o Mono 2.10.6 o Chromium 16.0.912.77 o Groff 1.21 - As usual, steady improvements in manual pages and other documentation. o Base system and Xenocara manuals are now installed as source code, making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/. o If both formatted and source versions of manuals are installed, man(1) automatically displays the newer version of each page. - The system includes the following major components from outside suppliers: o Xenocara (based on X.Org 7.6 with xserver 1.11.4 + patches, freetype 2.4.8, fontconfig 2.8.0, Mesa 7.10.3, xterm 276, xkeyboard-config 2.5 and more) o Gcc 4.2.1 (+patches), 3.3.5 (+ patches) and 2.95.3 (+ patches) o Perl 5.12.2 (+ patches) o Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support o OpenSSL 1.0.0f (+ patches) o Sendmail 8.14.5, with libmilter o Bind 9.4.2-P2 (+ patches) o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches) o Sudo 1.7.2p8 o Ncurses 5.7 o Heimdal 0.7.2 (+ patches) o Arla 0.35.7 o Binutils 2.15 (+ patches) o Gdb 6.3 (+ patches) o Less 444 (+ patches) o Awk Aug 10, 2011 version If you'd like to see a list of what has changed between OpenBSD 5.0 and 5.1, look at http://www.OpenBSD.org/plus51.html Even though the list is a summary of the most important changes made to OpenBSD, it still is a very very long list. ------------------------------------------------------------------------ - SECURITY AND ERRATA -------------------------------------------------- We provide patches for known security threats and other important issues discovered after each CD release. As usual, between the creation of the OpenBSD 5.1 FTP/CD-ROM binaries and the actual 5.1 release date, our team found and fixed some new reliability problems (note: most are minor and in subsystems that are not enabled by default). Our continued research into security means we will find new security problems -- and we always provide patches as soon as possible. Therefore, we advise regular visits to http://www.OpenBSD.org/security.html and http://www.OpenBSD.org/errata.html Security patch announcements are sent to the security-announce@OpenBSD.org mailing list. For information on OpenBSD mailing lists, please see: http://www.OpenBSD.org/mail.html ------------------------------------------------------------------------ - CD-ROM SALES --------------------------------------------------------- OpenBSD 5.1 is also available on CD-ROM. The 3-CD set costs $50 CDN and is available via mail order and from a number of contacts around the world. The set includes a colourful booklet which carefully explains the installation of OpenBSD. A new set of cute little stickers is also included (sorry, but our FTP mirror sites do not support STP, the Sticker Transfer Protocol). As an added bonus, the second CD contains an audio track, a song entitled "Bug Busters". MP3 and OGG versions of the audio track can be found on the first CD. Lyrics (and an explanation) for the songs may be found at: http://www.OpenBSD.org/lyrics.html#51 Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. The OpenBSD 5.1 CD-ROMs are bootable on the following four platforms: o i386 o amd64 o macppc o sparc64 (Other platforms must boot from floppy, network, or other method). For more information on ordering CD-ROMs, see: http://www.OpenBSD.org/orders.html The above web page lists a number of places where OpenBSD CD-ROMs can be purchased from. For our default mail order, go directly to: https://https.OpenBSD.org/cgi-bin/order All of our developers strongly urge you to buy a CD-ROM and support our future efforts. Additionally, donations to the project are highly appreciated, as described in more detail at: http://www.OpenBSD.org/goals.html#funding ------------------------------------------------------------------------ - OPENBSD FOUNDATION --------------------------------------------------- For those unable to make their contributions as straightforward gifts, the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian not-for-profit corporation that can accept larger contributions and issue receipts. In some situations, their receipt may qualify as a business expense write-off, so this is certainly a consideration for some organizations or businesses. There may also be exposure benefits since the Foundation may be interested in participating in press releases. In turn, the Foundation then uses these contributions to assist OpenBSD's infrastructure needs. Contact the foundation directors at directors@openbsdfoundation.org for more information. ------------------------------------------------------------------------ - T-SHIRT SALES -------------------------------------------------------- The OpenBSD distribution companies also sell tshirts and polo shirts. And our users like them, too. We have a variety of shirts available, with the new and old designs, from our web ordering system at, as described above. ----------------------------------------------------------------------- - FTP INSTALLS --------------------------------------------------------- If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily installed via FTP or HTTP downloads. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet. Follow this simple set of instructions to ensure that you find all of the documentation you will need while performing an install via FTP or HTTP. With the CD-ROMs, the necessary documentation is easier to find. 1) Read either of the following two files for a list of ftp/http mirrors which provide OpenBSD, then choose one near you: http://www.OpenBSD.org/ftp.html ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/ftplist As of May 1, 2012, the following ftp mirror sites have the 5.1 release: ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.1/ Stockholm, Sweden ftp://ftp.bytemine.net/pub/OpenBSD/5.1/ Oldenburg, Germany ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.1/ Zurich, Switzerland ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.1/ Paris, France ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/ Vienna, Austria ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.1/ Brisbane, Australia ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.1/ CO, USA ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.1/ CA, USA ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.1/ Michigan, USA The release is also available at the master site: ftp://ftp.openbsd.org/pub/OpenBSD/5.1/ Alberta, Canada However it is strongly suggested you use a mirror. Other mirror sites may take a day or two to update. 2) Connect to that ftp mirror site and go into the directory pub/OpenBSD/5.1/ which contains these files and directories. This is a list of what you will see: ANNOUNCEMENT armish/ mvme68k/ sparc64/ Changelogs/ ftplist mvme88k/ src.tar.gz HARDWARE hp300/ packages/ sys.tar.gz PACKAGES hppa/ ports.tar.gz tools/ PORTS i386/ root.mail vax/ README landisk/ sgi/ xenocara.tar.gz alpha/ mac68k/ socppc/ zaurus/ amd64/ macppc/ sparc/ It is quite likely that you will want at LEAST the following files which apply to all the architectures OpenBSD supports. README - generic README HARDWARE - list of hardware we support PORTS - description of our "ports" tree PACKAGES - description of pre-compiled packages root.mail - a copy of root's mail at initial login. (This is really worthwhile reading). 3) Read the README file. It is short, and a quick read will make sure you understand what else you need to fetch. 4) Next, go into the directory that applies to your architecture, for example, i386. This is a list of what you will see: INSTALL.i386 cd51.iso floppyB51.fs pxeboot* INSTALL.linux cdboot* floppyC51.fs xbase51.tgz MD5 cdbr* game51.tgz xetc51.tgz base51.tgz cdemu51.iso index.txt xfont51.tgz bsd* comp51.tgz install51.iso xserv51.tgz bsd.mp* etc51.tgz man51.tgz xshare51.tgz bsd.rd* floppy51.fs misc51.tgz If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386 and the appropriate floppy*.fs or install51.iso files. Consult the INSTALL.i386 file if you don't know which of the floppy images you need (or simply fetch all of them). If you use the install51.iso file (roughly 250MB in size), then you do not need the various *.tgz files since they are contained on that one-step ISO-format install CD. 5) If you are an expert, follow the instructions in the file called README; otherwise, use the more complete instructions in the file called INSTALL.i386. INSTALL.i386 may tell you that you need to fetch other files. 6) Just in case, take a peek at: http://www.OpenBSD.org/errata.html This is the page where we talk about the mistakes we made while creating the 5.1 release, or the significant bugs we fixed post-release which we think our users should have fixes for. Patches and workarounds are clearly described there. Note: If you end up needing to write a raw floppy using Windows, you can use "fdimage.exe" located in the pub/OpenBSD/5.1/tools directory to do so. ------------------------------------------------------------------------ - X.ORG FOR MOST ARCHITECTURES ----------------------------------------- X.Org has been integrated more closely into the system. This release contains X.Org 7.6. Most of our architectures ship with X.Org, including amd64, sparc, sparc64 and macppc. During installation, you can install X.Org quite easily. Be sure to try out xdm(1) and see how we have customized it for OpenBSD. ------------------------------------------------------------------------ - PORTS TREE ----------------------------------------------------------- The OpenBSD ports tree contains automated instructions for building third party software. The software has been verified to build and run on the various OpenBSD architectures. The 5.1 ports collection, including many of the distribution files, is included on the 3-CD set. Please see the PORTS file for more information. Note: some of the most popular ports, e.g., the Apache web server and several X applications, come standard with OpenBSD. Also, many popular ports have been pre-compiled for those who do not desire to build their own binaries (see BINARY PACKAGES, below). ------------------------------------------------------------------------ - BINARY PACKAGES WE PROVIDE ------------------------------------------- A large number of binary packages are provided. Please see the PACKAGES file (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/PACKAGES) for more details. ------------------------------------------------------------------------ - SYSTEM SOURCE CODE --------------------------------------------------- The CD-ROMs contain source code for all the subsystems explained above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/README) file explains how to deal with these source files. For those who are doing an FTP install, the source code for all four subsystems can be found in the pub/OpenBSD/5.1/ directory: xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz ------------------------------------------------------------------------ - THANKS --------------------------------------------------------------- Ports tree and package building by Jasper Lievisse Adriaanse, Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler, Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber. System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat. X11 builds by Todd Fries and Miod Vallat. ISO-9660 filesystem layout by Theo de Raadt. We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who pre-ordered the 5.1 CD-ROM or bought our previous CD-ROMs. Those who did not support us financially have still helped us with our goal of improving the quality of the software. Our developers are: Alexander Bluhm, Alexander Hall, Alexander Schrijver, Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov, Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot, Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers, Bob Beck, Bret Lambert, Bryan Steele, Camiel Dobbelaar, Can Erkin Acar, Charles Longeau, Chris Kuethe, Christian Weisgerber, Christiano F. Haesbaert, Claudio Jeker, Dale Rahn, Damien Bergamini, Damien Miller, Darren Tucker, David Coppa, David Gwynne, David Hill, David Krause, Edd Barrett, Eric Faurot, Federico G. Schwindt, Felix Kronlage, Gilles Chehade, Giovanni Bechis, Gleydson Soares, Henning Brauer, Ian Darwin, Igor Sobrado, Ingo Schwarze, Jacek Masiulaniec, Jakob Schlyter, Janne Johansson, Jason George, Jason McIntyre, Jason Meltzer, Jasper Lievisse Adriaanse, Jeremy Evans, Jim Razmus II, Joel Knight, Joel Sing, Joerg Zinke, Jolan Luff, Jonathan Armani, Jonathan Gray, Jonathan Matthew, Jordan Hargrave, Joshua Elsasser, Joshua Stein, Kenji Aoyama, Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller, Landry Breuil, Laurent Fanis, Luke Tymowski, Marc Espie, Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden, Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus, Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb, Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat, Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor, Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth, Pascal Stumpf, Paul de Weerd, Paul Irofti, Peter Hessler, Peter Valchev, Philip Guenther, Pierre-Emmanuel Andre, Pierre-Yves Ritschard, Remi Pointel, Reyk Floeter, Robert Nagy, Ryan Freeman, Ryan Thomas McBride, Sasano, Sebastian Benoit, Sebastian Reitenbach, Simon Bertrang, Simon Perreault, Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh, Stuart Cassoff, Stuart Henderson, Takuya Asada, Ted Unangst, Theo de Raadt, Thordur I Bjornsson, Tobias Stoeckmann, Tobias Weingartner, Todd C. Miller, Todd Fries, Uwe Stuehler, Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo