Am gestrigen Abend wurde OpenBSD 3.7 offiziell von Theo de Raadt durch eine Announce-Email auf der Ankündigungsliste des Projektes freigegeben. Der Download der Installationsdateien via FTP und auch die zugehörigen Applikationspakete nebst aller Sourcen sind seit dem 18. Mai verfügbar gewesen. Besonders die Unterstützung von "wireless services" und Geräten zur drahtfreien Netznutzung wurde verbessert, so de Raadt. Dies sein bei diesem Release u.a. ein Hauptaugenmerk der Entwickler gewesen.
Neu unterstützte Plattformen sind: Zaurus und SGI O2
Zu den signifikanten Neuerungen zählen (diese wurden im englischen Original belassen):
- Support for a number of much faster 64-bit machines (in 32-bit
mode) in the OpenBSD/hppa port.
- Many enhancements in the OpenBSD/mac68k port:
o Switch to a bsd.rd-based install.
o Improved interrupt system.
o Create partitions with pdisk(8).
o Add mc(4) support and enhance zsc(4) support.
- New tools:
o ospfd(8), implementing the OSPFv2 routing protocol.
o getcap(1), providing easy access to the capability database.
- New functionality:
o Repaired mirroring mode in ccd(4).
o Privilege separation for ftpd(8)
o Bash-style prompt expansion and POSIX hex and octal constants
in ksh(1).
o Improved TCP send performance.
o Reentrant getproto*_r(3) and getserv*_r(3) functions.
o In-kernel pppoe(4) support.
o pim(4) (Protocol Independent Multicast) support added.
- Improved hardware support, including:
o New ath(4) driver for Atheros IEEE 802.11a/b/g wireless
network adapters.
o New iwi(4) driver for Intel PRO/Wireless 2200BG/2225BG/2915ABG
IEEE 802.11a/b/g wireless network adapters.
o New ipw(4) driver for Intel PRO/Wireless 2100 IEEE 802.11b
wireless network adapters.
o New atu(4) driver for Amtel AT76C50x USB IEEE 802.11b
wireless network adapters.
o New ral(4) and ural(4) [USB] drivers for Ralink Technology
RT25x0 IEEE 802.11a/b/g wireless network adapters.
o New rtw(4) driver for Realtek 8180 IEEE 802.11b wireless
network adapters.
o Added support to re(4) driver for Realtek 8169 CardBus
Ethernet adapters.
o New udav(4) driver for Davicom DM9601 USB Ethernet adapters.
o New vge(4) driver for VIA Networking Technologies VT6122 PCI
Gigabit Ethernet adapters.
o New piixpm(4) driver for the Intel PIIX Power Management
controller.
o New ubt(4) driver for USB Bluetooth adapters.
- New functionality for bgpd(8), the Border Gateway Protocol Daemon:
o Allow sessions to depend on a CARP interface's master/backup
state, reducing failover times in redundant setups.
o Lower latency for requests from other peers or bgpctl while
under heavy load, e.g. initial table transfer when a session
comes up.
o Allow for the peer descriptions to be used in bgpctl commands
where previously only their IPs were allowed.
o Allow bgpd to not prepend its own AS number and to not modify
the nexthop on updates sent out.
o Show associated interfaces and their state on "show nexthop",
to help pointing out why nexthops are invalid.
o Allow for relative metrics modification, i.e. "set localpref
+20".
- New functionality for ntpd(8), the Network Time Protocol Daemon:
o ntpd can now set the time immediately on startup itself,
eliminating the need to run rdate -n beforehand.
o Use median instead of average when collapsing all the peers'
offsets into one, greatly improving resistance against
falsetickers.
o Calculate rootdelay, stratum, and precision properly; include
these in replies sent out in server mode.
o Many logging improvements: ntpd is now almost completely
silent in normal operation (unless in debug mode, of course).
- New functionality and improvements for pf(4), the packet filter:
o Improved carp(4), new carpdev mode for IP-less interfaces.
o Support limiting TCP connections by establishment rate,
automatically adding flooding IP addresses to tables and
flushing states (max-src-conn-rate, overload <table>, flush
global).
o Improved functionality of tags (tag and tagged for
translation rules, tagging of all packets matching state
entries).
o Improved diagnostics (error messages and additional counters
from pfctl -si).
o New keyword "set skip on" to skip filtering on arbitrary
interfaces, like loopback.
o Filtering on route(8) labels.
o Several bugfixes improving stability.
- New functionality and improvements for isakmpd(8), the Internet
Security Association and Key Management Daemon:
o Allow the Address, Network, or Netmask values of the
"IPsec-ID" to be specified with an interface name or the
keyword "default" (in which case the address is selected
based on the default route).
o Improved NAT-T and DPD stability and interoperability.
- New functionality and improvements for spamd(8), the Spamd Spam
Deferral Daemon:
o Allow the addition of spamtrap addresses to the spamd
database using spamdb(8). Spamd will automatically blacklist
hosts that attempt to deliver mail to a spamtrap address
while greylisted.
- New functionality and improvements for the package tools:
o Major overhaul of the package format, simplifying common
tasks like user creation.
o In-place updates of packages with pkg_add -r.
o Progress meters, which make installing big packages a more
pleasant experience.
o Reliable dependencies on shared libraries, including the base
system.
o Many performance improvements.
- Over 3000 ports, 2800 pre-built packages.
- Many improvements for security and reliability. Cleaner source
code for ksh(1), httpd(8), and many more programs.
- As usual, many improvements in manual pages and other documentation.
- OpenSSH 4.1:
o Local, remote and dynamic port forwards may be configured to
listen on specific IP addresses.
o sshd_config(5) now understands "GatewayPorts clientspecified"
to allow client-specified listen addresses in remote port
forwards. The existing behaviour for "yes" and "no" is
maintained.
o known_hosts files may be hashed to provide privacy if they
are later disclosed.
o ssh-keygen(1) has additional modes to generate and manage
hashed known_hosts files.
o Users will be warned of impending password and account expiry.
o Corrupt keys in authorized_keys are now handled gracefully.
o sftp(1) has speed improvements for "ls" and now uses libedit
for command line editing and history.
o sshd(8) will now log the source of connections denied by
AllowUsers, DenyUsers, AllowGroups and DenyGroups.
o AddressFamily option in sshd_config(5) now has an
AddressFamily option to provide global control of IPv4 and
IPv6 usage by sshd(8).
o ssh(1)'s multiplex (ControlMaster) mode has been improved and
now provides additional capabilities such as checking if the
master is alive, obtaining its process ID and requesting that
it shut down.
- OpenBSD/i386 and OpenBSD/macppc now use gcc 3.3.5.
- OpenBSD/amd64, OpenBSD/cats, OpenBSD/macppc, OpenBSD/hppa,
OpenBSD/sgi, OpenBSD/sparc64 and OpenBSD/zaurus now use DWARF2
(C++) exception handling.
- This release of OpenBSD includes the following major components from
outside suppliers:
o X.Org 6.8.2 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches)
for legacy chipsets not supported by X.Org)
o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
o Perl 5.8.6 (+ patches)
o Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
o OpenSSL 0.9.7d (+ patches)
o Groff 1.15
o Sendmail 8.13.3, with libmilter
o Bind 9.3.0 (+ patches)
o Lynx 2.8.5rel.2 with HTTPS and IPv6 support (+ patches)
o Sudo 1.6.8p6
o Ncurses 5.2
o Latest KAME IPv6
o Heimdal 0.6rc1 (+ patches)
o Arla 0.35.7
o Binutils 2.15
o Gdb 6.3
Zu den Änderungen, die sich seit 3.6 ergeben haben, findet man hier Informationen: http://www.OpenBSD.org/plus37.html
Erhältlich ist OpenBSD 3.7 wie üblich durch Herunterladen der Pakete von den bekannten FTP-Spiegeln, mittels Installations-Floppy oder -ISO (keine komplette Release-ISO!!!) oder durch den Kauf eines CD-Sets, mit dem man auch das Projekt direkt unterstützt.
Weiterhin findet man einen aktuellen Snapshot unter: http://openbsd.somedomain.net/index.php?version=latest+release (keine offiziellen Snapshots!)
Vielen Dank an Theo und alle Entwickler für die großartige Arbeit und viel Erfolg den Nutzern von OpenBSD 3.7
----
thor/ratpoison
Last edited:
