Vyšlo OpenBSD 4.6
Vložil/a cm3l1k1, 19 Říjen, 2009 - 17:34
Vyšla nová verze jednoho z nejbezpečnějších operačních systémů a to OpenBSD.
Novinky a odkazy naleznete v článku.
AsiaBSDCon 2009:The OpenBSD Release Process: A Success Story
YouTube video: http://www.youtube.com/watch?v=i7pkyDUX5uM
Highlights of OpenBSD 4.6 are listed below.
# New/extended platforms:
* mvme68k
o Added support for the MVME141 and MVME165 boards.
* sparc
o The bootblock load address was moved so that larger kernels can be loaded.
* sparc64
o Added acceleration support for many of the PCI frame buffer drivers, such as Sun PGX, PGX64 and XVR-100, and Tech Source Raptor GFX graphics cards.
* sgi
o Added support for the SGI Octane, SGI Origin 200 and SGI Fuel families of systems.
o Several bugs in interrupt handling have been fixed, resulting in much snappier system response.
# Improved hardware support, including:
* Several new/improved drivers for sensors, including:
o The ips(4) driver now has sensor support, complementing the bio support.
o The acpithinkpad(4) driver now has temperature and fan sensor support.
o New endrun(4) driver for the EndRun Technologies timedelta sensor.
o The fins(4) driver now has support for F71806, F71862 and F71882.
o The acpitz(4) driver now shows correct decimals for temperature.
* Added radeonfb(4) to sparc64, an accelerated framebuffer for Sun XVR-100 boards.
* Added support in re(4) for RTL8103E and RTL8168DP devices.
* Added support for BCM5709/BCM5716 devices in the bnx(4) driver.
* Added support for ICH10 variants of em(4).
* Added support for VIA VX855 chipset in the viapm(4) and pciide(4) drivers.
* Added support for Intel SCH IDE to pciide(4).
* Added support for the Broadcom HT-1100 chipset in the piixpm(4) driver.
* Added support for 82574L based devices in the em(4) driver.
* A number of network drivers including ix(4), sis(4), msk(4), bnx(4), and vr(4) now use MCLGETI(9) to reduce memory usage and increase performance under load and attack.
* Added support for VIA CX800 south bridge to the viapm(4) driver.
* Added support in em(4) for the newer 82575 (and maybe 82576) chips.
* zyd(4) now supports devices with Airoha AL2230S radios.
* zyd(4) now works on big-endian machines
* urtw(4) now supports RTL8187B based devices.
* New otus(4) driver for Atheros AR9001U USB 802.11a/b/g/Draft-N wireless devices.
* New berkwdt(4) driver for Berkshire Products PCI watchdog timers.
* New udl(4) driver for USB video devices.
* Support for a variety of newer models in bge(4).
* Initial version of vsw(4), a driver for the virtual network switch on sun4v sparc64s.
* Implemented machfb(4), an accelerated driver for the sparc64 PGX/PGX64 framebuffers.
* Added a vcc(4) and vcctty(4) driver for the "Virtual Console Concentrator" found on the control domain of sun4v systems.
* Implemented 64-bit FIFO modes for ciss(4) devices.
* Enable hardware VLAN tagging/stripping on ix(4).
* Added basic support for Envy24HT chips in the envy(4) driver.
* Many improvements and updates to the isp(4) driver.
* Added support for 88E8057-based Yukon 2 Ultra 2-devices in msk(4).
* The ips(4) driver now works reliably.
* Added raptor(4), an accelerated framebuffer driver for the Tech Source Raptor GFX cards on the sparc64 platform.
* Enabled schsio(4) on i386 and amd64 and added watchdog timer support.
* New acpivideo(4) driver for ACPI display switching and brightness control.
# New tools:
* Added smtpd(8), a new privilege-separated SMTP daemon.
* Imported the tmux(1) terminal multiplexer, replacing window(1).
# pf(4) improvements:
* Enabled pf(4) by default in the rc.conf(8).
* Removed pf(4) scrub rules, and only do one kind of packet reassembly. Rulesets with scrub rules need to be modified because of this.
* Regular rules can now have per-rule scrub options.
* Added new "match" keyword which only applies rule options but does not change the current pass/block state.
* Make all pf(4) operations transactional to improve atomicity of reloads.
* Stricter pf(4) checking for ICMP and ICMPv6 packets.
* Various improvements to pfsync(4) to lower sync traffic bandwidth and optionally allow active-active firewall setups.
* Fix pf(4) scrub max-mss for IPv6 traffic.
# OpenBGPD, OpenOSPFD and other routing daemon improvements:
* In bgpd(8), rework most of the RDE to allow multiple RIBs. It is possible to filter per-RIB and attach neighbors to a specific RIB.
* Added an option to bgpd(8) to change the "connect-retry" timer.
* Allow bgpd.conf(5) and bgpctl(8) to contain 32-bit ASN numbers written in ASPLAIN format.
* Fix bgpd(8) to correctly encode MP unreachable NLRI so IPv6 prefixes get removed correctly.
* Changed the behaviour of "redistribute default" for ospfd(8) and ripd(8). A default route has to be present in the FIB to be correctly advertised.
* Make ospfd(8) and ripd(8) track reject and blackhole routes and allow them to be redistributed even if pointing to 127.0.0.1.
* Allow to specify an alternate control socket for ospfd(8).
* ospfd(8) can now be bound into an alternate routing domain.
* Fix ospfd(8) route metric for "redistribute default".
* Initial version of ldpctl(8) and ldpd(8), a label distribution protocol daemon for mpls.
* Make dvmrp(8) RDE aware of multicast group members per interface.
* Support for pruning in dvmrp(8).
# Generic Network-Stack improvements:
* Support for virtual routing and firewalling with the addition of routing domains.
* Add code in ifconfig(8) to bind an interface to a routing domain.
* Add support to ping(8), traceroute(8), arp(8), nc(1) and telnet(1) to specify which routing domain to use.
* Allow ifconfig(8) to turn off IPv6 completely for an interface and make rtsold(8) turn on inet6 on the interface.
* Routes track the interface link state.
* route(8) flush accepts "-iface" or "-priority" to only flush routes matching these conditions.
* Multiple dhclients can now coexist without causing mayhem.
* Make wireless interfaces have an interface priority of 4 by default. Makes them less preferred then wired interfaces.
* Do not accept IPv4 ICMP redirects by default.
* Added the MAC address to the log entries in dhclient(8).
* Make systat(1) show interface description names in the interface view, and add new NFS server and client views.
* Make tun(4) emulate link state depending on the open and close of the device fd.
* Use pf state-table information to speed up decision on whether a packet is to be delivered locally or forwarded.
* More routing socket checks added to make userland applications more resilient to kernel changes.
# Install/Upgrade process changes:
* New disklabel(8) automatic partition allocator with a variety of smart heuristics.
* The installer has been nearly rewritten mostly with a focus on simplifying installation.
# OpenSSH 5.3:
* Do not limit home directory paths to 256 characters. (bz #1615)
* Several minor documentation and correctness fixes.
# Over 5,800 ports, minor robustness improvements in package tools.
# Many pre-built packages for each architecture:
* i386: 5606
* sparc64: 5413
* alpha: 5346
* sh: 1261
* amd64: 5544
* powerpc: 5427
* sparc: 3711
* arm: 5291
* hppa: 4790
* vax: 1785
* mips64: 3443
Some highlights:
* Gnome 2.24.3.
* KDE 3.5.10.
* Xfce 4.6.1.
* MySQL 5.0.83.
* PostgreSQL 8.3.7.
* Postfix 2.6.2.
* OpenLDAP 2.3.43.
* Mozilla Firefox 3.0.11 and 3.5.
* Mozilla Thunderbird 2.0.0.22.
* OpenOffice.org 3.1.0.
* Emacs 21.4 and 22.3
* Vim 7.2.190.
* PHP 5.2.10.
* Python 2.4.6, 2.5.4 and 2.6.2.
* Ruby 1.8.6.369.
# As usual, steady improvements in manual pages and other documentation.
# The system includes the following major components from outside suppliers:
* Xenocara (based on X.Org 7.4 + patches, freetype 2.3.9, fontconfig 2.6.0, Mesa 7.4.2, xterm 243 and more)
* Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
* Perl 5.10.0 (+ patches)
* Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
* OpenSSL 0.9.8k (+ patches)
* Groff 1.15
* Sendmail 8.14.3, with libmilter
* Bind 9.4.2-P2 (+ patches)
* Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
* Sudo 1.7.2
* Ncurses 5.2
* Latest KAME IPv6
* Heimdal 0.7.2 (+ patches)
* Arla 0.35.7
* Binutils 2.15 (+ patches)
* Gdb 6.3 (+ patches)
* mvme68k
o Added support for the MVME141 and MVME165 boards.
* sparc
o The bootblock load address was moved so that larger kernels can be loaded.
* sparc64
o Added acceleration support for many of the PCI frame buffer drivers, such as Sun PGX, PGX64 and XVR-100, and Tech Source Raptor GFX graphics cards.
* sgi
o Added support for the SGI Octane, SGI Origin 200 and SGI Fuel families of systems.
o Several bugs in interrupt handling have been fixed, resulting in much snappier system response.
# Improved hardware support, including:
* Several new/improved drivers for sensors, including:
o The ips(4) driver now has sensor support, complementing the bio support.
o The acpithinkpad(4) driver now has temperature and fan sensor support.
o New endrun(4) driver for the EndRun Technologies timedelta sensor.
o The fins(4) driver now has support for F71806, F71862 and F71882.
o The acpitz(4) driver now shows correct decimals for temperature.
* Added radeonfb(4) to sparc64, an accelerated framebuffer for Sun XVR-100 boards.
* Added support in re(4) for RTL8103E and RTL8168DP devices.
* Added support for BCM5709/BCM5716 devices in the bnx(4) driver.
* Added support for ICH10 variants of em(4).
* Added support for VIA VX855 chipset in the viapm(4) and pciide(4) drivers.
* Added support for Intel SCH IDE to pciide(4).
* Added support for the Broadcom HT-1100 chipset in the piixpm(4) driver.
* Added support for 82574L based devices in the em(4) driver.
* A number of network drivers including ix(4), sis(4), msk(4), bnx(4), and vr(4) now use MCLGETI(9) to reduce memory usage and increase performance under load and attack.
* Added support for VIA CX800 south bridge to the viapm(4) driver.
* Added support in em(4) for the newer 82575 (and maybe 82576) chips.
* zyd(4) now supports devices with Airoha AL2230S radios.
* zyd(4) now works on big-endian machines
* urtw(4) now supports RTL8187B based devices.
* New otus(4) driver for Atheros AR9001U USB 802.11a/b/g/Draft-N wireless devices.
* New berkwdt(4) driver for Berkshire Products PCI watchdog timers.
* New udl(4) driver for USB video devices.
* Support for a variety of newer models in bge(4).
* Initial version of vsw(4), a driver for the virtual network switch on sun4v sparc64s.
* Implemented machfb(4), an accelerated driver for the sparc64 PGX/PGX64 framebuffers.
* Added a vcc(4) and vcctty(4) driver for the "Virtual Console Concentrator" found on the control domain of sun4v systems.
* Implemented 64-bit FIFO modes for ciss(4) devices.
* Enable hardware VLAN tagging/stripping on ix(4).
* Added basic support for Envy24HT chips in the envy(4) driver.
* Many improvements and updates to the isp(4) driver.
* Added support for 88E8057-based Yukon 2 Ultra 2-devices in msk(4).
* The ips(4) driver now works reliably.
* Added raptor(4), an accelerated framebuffer driver for the Tech Source Raptor GFX cards on the sparc64 platform.
* Enabled schsio(4) on i386 and amd64 and added watchdog timer support.
* New acpivideo(4) driver for ACPI display switching and brightness control.
# New tools:
* Added smtpd(8), a new privilege-separated SMTP daemon.
* Imported the tmux(1) terminal multiplexer, replacing window(1).
# pf(4) improvements:
* Enabled pf(4) by default in the rc.conf(8).
* Removed pf(4) scrub rules, and only do one kind of packet reassembly. Rulesets with scrub rules need to be modified because of this.
* Regular rules can now have per-rule scrub options.
* Added new "match" keyword which only applies rule options but does not change the current pass/block state.
* Make all pf(4) operations transactional to improve atomicity of reloads.
* Stricter pf(4) checking for ICMP and ICMPv6 packets.
* Various improvements to pfsync(4) to lower sync traffic bandwidth and optionally allow active-active firewall setups.
* Fix pf(4) scrub max-mss for IPv6 traffic.
# OpenBGPD, OpenOSPFD and other routing daemon improvements:
* In bgpd(8), rework most of the RDE to allow multiple RIBs. It is possible to filter per-RIB and attach neighbors to a specific RIB.
* Added an option to bgpd(8) to change the "connect-retry" timer.
* Allow bgpd.conf(5) and bgpctl(8) to contain 32-bit ASN numbers written in ASPLAIN format.
* Fix bgpd(8) to correctly encode MP unreachable NLRI so IPv6 prefixes get removed correctly.
* Changed the behaviour of "redistribute default" for ospfd(8) and ripd(8). A default route has to be present in the FIB to be correctly advertised.
* Make ospfd(8) and ripd(8) track reject and blackhole routes and allow them to be redistributed even if pointing to 127.0.0.1.
* Allow to specify an alternate control socket for ospfd(8).
* ospfd(8) can now be bound into an alternate routing domain.
* Fix ospfd(8) route metric for "redistribute default".
* Initial version of ldpctl(8) and ldpd(8), a label distribution protocol daemon for mpls.
* Make dvmrp(8) RDE aware of multicast group members per interface.
* Support for pruning in dvmrp(8).
# Generic Network-Stack improvements:
* Support for virtual routing and firewalling with the addition of routing domains.
* Add code in ifconfig(8) to bind an interface to a routing domain.
* Add support to ping(8), traceroute(8), arp(8), nc(1) and telnet(1) to specify which routing domain to use.
* Allow ifconfig(8) to turn off IPv6 completely for an interface and make rtsold(8) turn on inet6 on the interface.
* Routes track the interface link state.
* route(8) flush accepts "-iface" or "-priority" to only flush routes matching these conditions.
* Multiple dhclients can now coexist without causing mayhem.
* Make wireless interfaces have an interface priority of 4 by default. Makes them less preferred then wired interfaces.
* Do not accept IPv4 ICMP redirects by default.
* Added the MAC address to the log entries in dhclient(8).
* Make systat(1) show interface description names in the interface view, and add new NFS server and client views.
* Make tun(4) emulate link state depending on the open and close of the device fd.
* Use pf state-table information to speed up decision on whether a packet is to be delivered locally or forwarded.
* More routing socket checks added to make userland applications more resilient to kernel changes.
# Install/Upgrade process changes:
* New disklabel(8) automatic partition allocator with a variety of smart heuristics.
* The installer has been nearly rewritten mostly with a focus on simplifying installation.
# OpenSSH 5.3:
* Do not limit home directory paths to 256 characters. (bz #1615)
* Several minor documentation and correctness fixes.
# Over 5,800 ports, minor robustness improvements in package tools.
# Many pre-built packages for each architecture:
* i386: 5606
* sparc64: 5413
* alpha: 5346
* sh: 1261
* amd64: 5544
* powerpc: 5427
* sparc: 3711
* arm: 5291
* hppa: 4790
* vax: 1785
* mips64: 3443
Some highlights:
* Gnome 2.24.3.
* KDE 3.5.10.
* Xfce 4.6.1.
* MySQL 5.0.83.
* PostgreSQL 8.3.7.
* Postfix 2.6.2.
* OpenLDAP 2.3.43.
* Mozilla Firefox 3.0.11 and 3.5.
* Mozilla Thunderbird 2.0.0.22.
* OpenOffice.org 3.1.0.
* Emacs 21.4 and 22.3
* Vim 7.2.190.
* PHP 5.2.10.
* Python 2.4.6, 2.5.4 and 2.6.2.
* Ruby 1.8.6.369.
# As usual, steady improvements in manual pages and other documentation.
# The system includes the following major components from outside suppliers:
* Xenocara (based on X.Org 7.4 + patches, freetype 2.3.9, fontconfig 2.6.0, Mesa 7.4.2, xterm 243 and more)
* Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
* Perl 5.10.0 (+ patches)
* Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
* OpenSSL 0.9.8k (+ patches)
* Groff 1.15
* Sendmail 8.14.3, with libmilter
* Bind 9.4.2-P2 (+ patches)
* Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
* Sudo 1.7.2
* Ncurses 5.2
* Latest KAME IPv6
* Heimdal 0.7.2 (+ patches)
* Arla 0.35.7
* Binutils 2.15 (+ patches)
* Gdb 6.3 (+ patches)
Web projektu: http://openbsd.org/
- Pro psaní komentářů se přihlašte
Asi nejvic sem zaznamenal
Asi nejvic sem zaznamenal zmenu instalatoru, ktera je jednoznacne k lepsimu (jednodussi a prehlednejsi), a podporu tlacitek (lenovo thinkpad sl400) na regulaci podsviceni. A jinak jako vzdycky spousta vylepseni pri zachovani bezpecnosti a jednoduchosti :-)