The OpenBSD mailing list had some great news for that community yesterday: OpenBSD 4.1 is now available for download. The “what’s new page is far too long to list here, so you can get what I miss in my “executive summary” after the jump.
What’s new (in brief):
Improved hardware support, including:
- New USB client controller support:
- Support for the USB client functionality in the pxaudc(4) driver on the Zaurus.
- New usbf(4) midlayer for USB Client controllers.
- New cdcef(4) driver for providing a CDCE function on USB client controllers.
- New cas(4) driver for Sun Cassini 10/100/Gigabit Ethernet devices.
- New uow(4) driver for Maxim/Dallas DS2490 USB 1-Wire devices.
- New owsbm(4) driver for 1-Wire smart battery monitor devices.
- New zyd(4) driver for ZyDAS ZD1211/ZD1211B USB IEEE 802.11b/g wireless network devices.
- New moscom(4) driver for MosChip Semiconductor MCS7703 based USB serial adapters.
- New glxsb(4) driver for hardware random numbers and AES acceleration on the AMD Geode LX processor.
- New vic(4) driver for VMware VMXnet Virtual Interface Controllers.
More after the fold…
* New malo(4) driver for Marvell Libertas IEEE 802.11b/g wireless network devices.
* New pwdog(4) driver for Quancom PWDOG1 watchdog timer devices.
* New uberry(4) driver for Research In Motion Blackberry devices.
* New mbg(4) driver for Meinberg Funkuhren radio clocks.
* New mesh(4) driver for the on-board SCSI controller of old world Apple Power Macintosh systems.
* New mc(4) driver for the on-board Ethernet of many old world Apple Power Macintosh systems
* Improved msk(4) driver now supports many more Marvell Yukon-2 variants including dual port cards and fiber cards.
* The gem(4) driver now supports fiber cards.
* The OpenBSD/amd64 platform now has more accurate and robust time keeping.
* The OpenBSD/i386 boot(8) program now works properly on Intel-based Macs.
* The pciide(4) driver has had support added for newer chipsets, including:
o AMD CS5536 IDE;
o Intel i31244;
o NVIDIA MCP67 PATA, MCP67 SATA.
* The com(4) driver now supports ST16C654 devices.
* The adt(4) driver supports some newer chipsets, such as the ADT7475.
* The OpenBSD/macppc platform now automatically turns the machine back on following an unexpected loss of power.
* boot.mac an XCOFF formated boot loader for OpenBSD/macppc capable of booting on many old world macs.
# New tools:
* BSD-licensed pkg-config(1), a complete rewrite of the GNU tool of the same name, significantly smaller and more maintainable.
* hoststated(8), a layer 3 and layer 7 server load balancing daemon with host monitoring capacities.
* new BSD-licensed ripd(8).
* bgplg(8), a CGI looking glass for OpenBGPD, is now available for use with the system httpd.
* bgplgsh(8), a looking glass shell for OpenBGPD, is now available for use as a restricted read-only command line interface.
# New functionality:
* syslogd(8) can now pipe logs directly to other programs, making real-time log analysis easier.
* The IP_RECVTTL ip(4) socket option allows programs to receive the incoming ttl on raw and udp sockets.
* The IP_MINTTL ip(4) socket option allows programs to ask the kernel to discard any packets with a ttl smaller than the given one, for implementing the IP TTL security hack aka the Generalized TTL Security Mechanism specified in RFC 3682.
* Multiple, independent routing tables, with pf(4) acting as selector. route(8) can be told which table to work with now, and routing daemons have been modified to cope as well.
* The pflog(4) interface is now clonable. pf(4) can log to multiple pflog interfaces now, each rule can specify which pflog interface to log to. pflogd(8) and spamlogd(8) can now be told which pflog interface to work with.
* The pfsync(4) interface is now clonable as well, thus only there when actually needed.
* pfctl(8) can now expire table entries.
* keep state is now the default for pf.conf(5) rules, as is the flags S/SA option on TCP connections. no state and flags any can be used to disable stateful filtering or TCP flags checking.
* The pfctl(8) ruleset optimiser can be enabled in pf.conf(5).
* pf(4) anchors can now be loaded inline in the main pf.conf(5) and can be printed recursively.
* Allow pf(4) rules inside anchors to have their counters reset, and make counter read & reset an atomic operation.
* sensorsd(8) dampens status changes now, thus not alerting for a single wrong sensor read, since many sensors lie once in a while.
* spamd(8) and spamlogd(8) now support synchronisation of the greylist database across multiple hosts. The greytrapping mechanism now allows for whole domain traps, and noticing out of order MX use.
* spamd(8) database format has changed from DB_BTREE to DB_HASH for much better performance on large installations with big databases.
* The bridge(4) driver and the brconfig(8) tool now support the Rapid Spanning Tree Protocol (RSTP). The new RSTP mode is now used by default when enabled with the stp option.
* cd(4) now supports reading from region protected DVDs.
* Detect MS-DOS filesystems and spoof disklabel partitions for them even when there is no MBR, e.g. on some newer iPods.
# Assorted improvements and code cleanup:
* The fsck_ffs(8) command has been improved to be more robust to various forms of inode and superblock corruption.
* The top(1) command got some new ways of filtering the display.
* pthreads(3) file descriptor handling has been improved to eliminate several race and deadlock conditions and improve performance.
* The MS-DOS filesystem has had a potential corruption issue fixed, and is more reliable when given a corrupted filesystem to mount.
* The MS-DOS filesystem and the fdisk(8) command have been enhanced to work on devices with 2048 byte sectors, e.g. newer iPods.
* The OpenRCS tools are smarter at handling files, especially when dealing with binary files. GNU RCS compatibility has also been improved.
* The mg(1) editor now displays column numbers in the status bar. It has also received several improvements which make it more reliable: line numbers, file insertions, and search wrapping all now work as expected.
* The systat(1) command has a cleaner look, and a display was added for hardware sensors.
* The OpenBSD/alpha platform now uses gcc3.
* Improved support for usb attached cd drives and ever more odd umass(4) devices.
* Don’t treat NetBSD or FreeBSD MBR partitions as substitutes for an OpenBSD partition. i.e. don’t try to boot from them or use them to store OpenBSD disklabels.
# Install/Upgrade process changes:
* More reliable detection of disk and cd devices.
* More reliable installation from MSDOS FAT partitions.
* New sanity check in case sets for the wrong architecture are selected.
* No need to specify the filesystem types of source partitions during disk or cd installs.
* No need to select a source partition during disk or cd installs when there is only one to choose from.
# OpenBGPD 4.1:
* Fixes for sessions with tcp md5sig and ipsec. Now sessions can be migrated from and to any form of ipsec and tcpmd5 with just a simple bgpctl reload, and the session migrates the next time it gets established.
* Include file support in the config parser.
* Can now use the new IP_MINTTL socket option to implement the ttl security mechanism.
# OpenOSPFD 4.1:
* Reload support added. It is no longer needed to restart ospfd after a configuration change.
* Multiple networks per interface are now supported.
* It is now possible to specify the route metric and type for each redistribution rule.
# OpenNTPD 4.1:
* Greatly improved support for timedelta sensors.
* ntpd now uses a strictly monotonically increasing time (uptime, basically) for its internal timers, so setting the system clock doesn’t influence query rates, trust levels, etc. any more.
# OpenSSH 4.6:
* sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config(5).
# Over 4200 ports, 4000 pre-built packages (for i386), minor robustness improvements in package tools. Some highlights:
* gstreamer-0.10 tools.
* OpenOffice.org package, available through ftp for size reasons.
* KDE 3.5.6 and koffice 1.6.2.
* a large (> 500) number of new/updated perl modules, from CPAN, including most of the catalyst web framework.
* NetBeans 5.5 Java IDE.
* updated Linux emulation support by using Fedora Core libraries.
* Mozilla Firefox 184.108.40.206 (with translations).
* PostgreSQL 8.2.3.