Software-update: OpenBSD 5.0

OpenBSD logo (75 pix)Dinsdag is de nieuwe halfjaarlijkse release van OpenBSD uitgekomen. Op deze pagina is een uitgebreide lijst van ftp- en http-downloadlocaties te vinden. OpenBSD stamt af van de originele Berkeley Software Distribution en heeft als kenmerk dat de ontwikkelaars alleen opensourcesoftware willen gebruiken. Verder staat het OS bekend om zijn uitstekende documentatie en veiligheid. Zoals gewoonlijk met een nieuwe versie van OpenBSD is er ook een nieuw thema rondom het OS ontworpen, vergezeld van een heuse theme song en verkrijgbaar op audio-cd, als poster en als T-shirt. Als titel van het thema heeft men deze keer gekozen voor What Me Worry. Hieronder is een uitgebreid overzicht van de doorgevoerde veranderingen in versie 5.0 te vinden.

Improved hardware support, including:
  • MSI interrupts for many devices, on those architectures which can support them (amd64, i386, sparc64 only so far).
  • A new dma_alloc(9) API makes it easier for kernel code to allocate dma-safe memory. Many drivers (especially network drivers) and subsystems (in particular scsi and the buffer cache) were adapted to use this.
  • As a result, big-memory support has been enabled on all possible architectures.
  • The rather rare bce(4) driver now copies mbufs all the time, to cope with the hardware having a 1GB limit.
  • Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
  • Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
  • Added dfs(4), a driver for Dynamic Frequency Switching on some macppc systems.
  • cardbus(4) and pcmcia(4) support on sgi.
  • Suspend/resume support on Loongson Yeelong laptops.
Generic network stack improvements:
  • Added support for sending Wake on Lan packets using arp(8).
  • Permit turning Wake on Lan support on/off using ifconfig(8).
  • Added Wake on Lan support to xl(4), re(4), and vr(4).
  • Allow ftp-proxy(8) to proxy across rdomains.
  • The IPv4 stack will no longer accept ICMP redirects when acting as a router.
  • By default the IPv6 stack will not process ICMP6 redirects. rtsol(8) will turn it back if -F is used.
  • Reworked large parts of the dhclient(8) options processing for better interoperability.
  • Fixed carp(4) to work in IPv6 only setups.
  • Make it possible to bind(2) to the local network broadcast address on datagram and raw sockets.
  • The default multicast reject route is now ignored if the UDP socket uses the IP_MULTICAST_IF socket option.
  • Make gre(4) work between systems in the same LAN.
  • Removed the link1 mode special addressing mode on lo(4).
  • Kernel randomization speed and quality improved substantially.
Routing daemons and other userland network improvements:
  • bgpd(8) no longer bumps the rlimits: the rc.d framework respects login classes which is a much better solution.
  • Correctly set the network filtersets on reload in bgpd(8).
  • The routing socket is now sending RTM_DESYNC messages if the socketbuffer overflows.
  • Allow ospfd(8) to send out LS updates and other messages larger than the MTU.
  • Fixed nexthop calculation in ospfd(8) for directly connected P2P links.
  • First bits to support opaque LSA in ospfd(8). Only basic redistribute logic and LSDB handling for now.
  • Creating new interfaces will no longer cause a fatal error in ospf6d(8).
  • ospf6d(8) handles link-state changes better.
  • Better loopback handling in ospf6d(8).
  • No longer install extra multicast routes in ripd(8) and ldpd(8).
  • Make kqueue(2) work with sosplice(9).
  • Enabled sosplice(9) in relayd(8) for TCP.
  • Added support for divert-to which provides some benefits over rdr-to in relayd(8).
  • Fixed trap sending in snmpd(8).
  • Make ping6(8) compare minimum amount of bytes between what was received and what was sent out.
  • Make traceroute(8) with type-of-service setted (-t) display a message if the returned packet has a different tos type.
  • Added the socket splicing fields of struct socket to netstat -vP output.
pf(4) improvements:
  • Make pf(4) reassemble IPv6 fragments. In the forward case, pf refragments the packets with the same maximum size.
  • Allow pf(4) to filter on the rdomain a packet belongs to.
  • Make pf(4) allow userland proxies to establish cross rdomain proxy sessions.
  • Added IPv6 ACK prioritization in pf(4).
  • Change 'set skip on <...>' to work with interface groups.
  • pfsync(4) supports IPv6 as network protocol.
  • Switched ftp-proxy(8) over to divert-to instead of rdr-to.
  • tftp-proxy(8) uses 'divert-to' as well.
SCSI improvements:
  • most SCSI hardware drivers now use the new iopools infrastructure.
  • scsi(4) devices are now all provided with a unique devid, which is displayed during the probe process.
  • ASC/ASCQ error codes and verbiage now in sync with http://www.t10.org/lists/asc-num.txt.
  • progress on iSCSI includes better login, better logout, preliminary FSM support in iscsid(8), and improved logging and debug information.
  • uk(4) can now safely and reliably detach an unknown SCSI device.
  • mpath(4) device and kernel support is improved.
  • vscsi(4) now ensures output always goes to the correct connection.
  • vscsi(4) connections can now be reset gracefully.
  • scsi(4) devices on fibre channel fabrics no longer inherit the adapter's address.
Assorted improvements:
  • For additional security, security(8) was rewritten in Perl.
  • Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet) and supports -Tutf8 output (but no utf8 input yet).
  • Removed a variety of OS-compat emulation code, leaving just the Linux support.
  • Small improvements to Linux compat (only available on i386).
  • Improved our own pkg-config(1) implementation with extended comparison scheme and implementing various new options.
  • The math library, libm, was fully fleshed out to support all C99 required parts. Many bugs for various architectures were fixed along the way.
  • malloc(3) is a lot faster and has a few further security features (more randomization, as well as the 'S' flag to enable all paranoia checks).
  • 'make depend' is no longer neccessary in kernel compilation directories since the dependencies are calculated automatically.
  • Increased the default size of the buffer cache.
  • kqueue(2) now works on /dev/random and spliced sockets
  • On MBR-based disks, scan through up to 256 extended partition tables when looking for an OpenBSD partition table.
  • Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
  • Improved lint format string checks and added a few other checks.
  • kdump(1) now dumps stat and sockaddr structures, sysctl mib strings, and decodes syscall flags and operation bits.
  • Improved kernel pool debug checking.
  • Improved correctness of signals and various syscalls when rthreads are in use.
  • Kernel malloc(9) space and stacks moved to non-dma memory.
  • Fixed some shutdown/reboot hangs on NFS clients.
  • UNIX-domain socket paths are now guaranteed to be NUL-terminated.
  • Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3).
  • NULL is now a (void *).
Install/Upgrade process changes:
  • Completed support for DUID disk installs, and enabled it fully.
  • Tried to make sysmerge(8) work in the installer, but ran into small problems and decided to disable it.
  • Install non-free firmwares from the internet upon first boot, based on a question in the installer.
  • svnd(4)-like behaviour became the default for vnd(4) devices. This is what is used to build the media.
rc.d(8) framework improvements:
  • rc.d(8) is now also used for the base system daemons.
  • Backward compatible with the historic way of starting daemons.
  • Notify the user by appending (ok) or (failed) in interactive mode.
  • Better diagnostics with the introduction of RC_DEBUG.
OpenSSH 5.9:
  • New features:
    • Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform.
    • Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8).
    • The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
    • ssh(1) now warns when a server refuses X11 forwarding.
    • sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2).
    • sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2.
    • sshd_config(5)'s ControlPath option now expands %L to the host portion of the destination host name.
    • sshd_config(5) "Host" options now support negated Host matching.
    • sshd_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
    • ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialisation scripts.
    • ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don't kill existing connections. This may be requested using "ssh -O stop ...".
    • ssh-add(1): now accepts keys piped from standard input.
  • The following significant bugs have been fixed in this release:
    • Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. (bz#439)
    • ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855)
    • sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries. (bz#1244)
    • ssh-keysign(8): now signs hostbased authentication challenges correctly using ECDSA keys. (bz#1858)
    • sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6). (bz#1847a)
    • ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911)
    • Other minor bugs fixed: (bz#1849, bz#1861, bz#1862, bz#1869, bz#1875, bz#1878, bz#1879, bz#1892, bz#1900, bz#1905, and bz#1913)
Other:
  • Over 7,200 ports, major robustness and speed improvements in package tools.
  • Many pre-built packages for each architecture:
    • i386: 7008
    • sparc64: 6456
    • alpha: 6046
    • sh: 3721
    • amd64: 6960
    • powerpc: 6691
    • sparc: 3277
    • arm: 2963
    • hppa: 6125
    • vax: 1409
    • mips64: 5689
    • mips64el: 5709
  • Some highlights:
    • Gnome 2.32.2
    • KDE 3.5.10
    • Xfce 4.8.0
    • MySQL 5.1.54
    • PostgreSQL 9.0.5
    • Postfix 2.8.4
    • OpenLDAP 2.3.43 and 2.4.25
    • Mozilla Firefox 3.5.19, 3.6.18 and 5.0
    • Mozilla Thunderbird 5.0
    • GHC 7.0.4
    • LibreOffice 3.4.1.3
    • Emacs 21.4, 22.3 and 23.3
    • Vim 7.3.154
    • PHP 5.2.17 and 5.3.6
    • Python 2.4.6, 2.5.4 and 2.7.1
    • Ruby 1.8.7.352 and 1.9.2.200
    • Mono 2.10.2
    • Chromium 12.0.742.122
    • Groff 1.21
  • As usual, steady improvements in manual pages and other documentation.
  • Base system and Xenocara manuals are now installed as source code, making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
  • If both formatted and source versions of manuals are installed, man(1) automatically displays the newer version of each page. - The system includes the following major components from outside suppliers:
  • Xenocara (based on X.Org 7.6 with xserver 1.9 + patches, freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270, xkeyboard-config 2.3 and more)
  • Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
  • Perl 5.12.2 (+ patches)
  • Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
  • OpenSSL 1.0.0a (+ patches)
  • Sendmail 8.14.5, with libmilter
  • Bind 9.4.2-P2 (+ patches)
  • Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
  • Sudo 1.7.2p8
  • Ncurses 5.7
  • Heimdal 0.7.2 (+ patches)
  • Arla 0.35.7
  • Binutils 2.15 (+ patches)
  • Gdb 6.3 (+ patches)

OpenBSD screenshot (481 pix)

Versienummer 5.0
Releasestatus Final
Besturingssystemen BSD
Website OpenBSD
Download http://openbsd.org/50.html
Licentietype Voorwaarden (GNU/BSD/etc.)

Door Bart van Klaveren

Downloads en Best Buy Guide

Feedback • 03-11-2011 07:43
0 • submitter: cschutijser

03-11-2011 • 07:43

0

Submitter: cschutijser

Bron: OpenBSD

Update-historie

28-04 OpenBSD 7.7 0
08-10 OpenBSD 7.6 20
04-'24 OpenBSD 7.5 6
10-'23 OpenBSD 7.4 6
04-'23 OpenBSD 7.3 34
10-'22 OpenBSD 7.2 12
04-'22 OpenBSD 7.1 9
10-'21 OpenBSD 7.0 11
05-'21 OpenBSD 6.9 40
10-'20 OpenBSD 6.8 0
Meer historie

Lees meer

OpenBSD

geen prijs bekend

Besturingssystemen Overige software OpenBSD Linux

Reacties

-Moderatie-faq
0
0
0
0
0
0
Wijzig sortering

Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.

Apple iPhone 16e LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq