On 5/19/05, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > ------------------------------------------------------------------------ > May 19, 2005. > > We are pleased to announce the official release of OpenBSD 3.7. > This is our 17th release on CD-ROM (and 18th via FTP). We remain > proud of OpenBSD's record of eight years with only a single remote > hole in the default install. As in our previous releases, 3.7 > provides significant improvements, including new features, in nearly > all areas of the system: > > - New platforms: > o OpenBSD/zaurus > Expanding the arm porting effort by supporting the > Sharp Zaurus SL-C3000, bringing a secure ssh-capable machine > to your pocket. > o OpenBSD/sgi > Starting out support with the SGI O2 machines. > > - Support for a number of much faster 64-bit machines (in 32-bit > mode) in the OpenBSD/hppa port. > > - Many enhancements in the OpenBSD/mac68k port: > o Switch to a bsd.rd-based install. > o Improved interrupt system. > o Create partitions with pdisk(8). > o Add mc(4) support and enhance zsc(4) support. > > - New tools: > o ospfd(8), implementing the OSPFv2 routing protocol. > o getcap(1), providing easy access to the capability database. > > - New functionality: > o Repaired mirroring mode in ccd(4). > o Privilege separation for ftpd(8) > o Bash-style prompt expansion and POSIX hex and octal constants > in ksh(1). > o Improved TCP send performance. > o Reentrant getproto*_r(3) and getserv*_r(3) functions. > o In-kernel pppoe(4) support. > o pim(4) (Protocol Independent Multicast) support added. > > - Improved hardware support, including: > o New ath(4) driver for Atheros IEEE 802.11a/b/g wireless > network adapters. > o New iwi(4) driver for Intel PRO/Wireless 2200BG/2225BG/2915ABG > IEEE 802.11a/b/g wireless network adapters. > o New ipw(4) driver for Intel PRO/Wireless 2100 IEEE 802.11b > wireless network adapters. > o New atu(4) driver for Amtel AT76C50x USB IEEE 802.11b > wireless network adapters. > o New ral(4) and ural(4) [USB] drivers for Ralink Technology > RT25x0 IEEE 802.11a/b/g wireless network adapters. > o New rtw(4) driver for Realtek 8180 IEEE 802.11b wireless > network adapters. > o Added support to re(4) driver for Realtek 8169 CardBus > Ethernet adapters. > o New udav(4) driver for Davicom DM9601 USB Ethernet adapters. > o New vge(4) driver for VIA Networking Technologies VT6122 PCI > Gigabit Ethernet adapters. > o New piixpm(4) driver for the Intel PIIX Power Management > controller. > o New ubt(4) driver for USB Bluetooth adapters. > > - New functionality for bgpd(8), the Border Gateway Protocol Daemon: > o Allow sessions to depend on a CARP interface's master/backup > state, reducing failover times in redundant setups. > o Lower latency for requests from other peers or bgpctl while > under heavy load, e.g. initial table transfer when a session > comes up. > o Allow for the peer descriptions to be used in bgpctl commands > where previously only their IPs were allowed. > o Allow bgpd to not prepend its own AS number and to not modify > the nexthop on updates sent out. > o Show associated interfaces and their state on "show nexthop", > to help pointing out why nexthops are invalid. > o Allow for relative metrics modification, i.e. "set localpref > +20". > > - New functionality for ntpd(8), the Network Time Protocol Daemon: > o ntpd can now set the time immediately on startup itself, > eliminating the need to run rdate -n beforehand. > o Use median instead of average when collapsing all the peers' > offsets into one, greatly improving resistance against > falsetickers. > o Calculate rootdelay, stratum, and precision properly; include > these in replies sent out in server mode. > o Many logging improvements: ntpd is now almost completely > silent in normal operation (unless in debug mode, of course). > > - New functionality and improvements for pf(4), the packet filter: > o Improved carp(4), new carpdev mode for IP-less interfaces. > o Support limiting TCP connections by establishment rate, > automatically adding flooding IP addresses to tables and > flushing states (max-src-conn-rate, overload <table>, flush > global). > o Improved functionality of tags (tag and tagged for > translation rules, tagging of all packets matching state > entries). > o Improved diagnostics (error messages and additional counters > from pfctl -si). > o New keyword "set skip on" to skip filtering on arbitrary > interfaces, like loopback. > o Filtering on route(8) labels. > o Several bugfixes improving stability. > > - New functionality and improvements for isakmpd(8), the Internet > Security Association and Key Management Daemon: > o Allow the Address, Network, or Netmask values of the > "IPsec-ID" to be specified with an interface name or the > keyword "default" (in which case the address is selected > based on the default route). > o Improved NAT-T and DPD stability and interoperability. > > - New functionality and improvements for spamd(8), the Spamd Spam > Deferral Daemon: > o Allow the addition of spamtrap addresses to the spamd > database using spamdb(8). Spamd will automatically blacklist > hosts that attempt to deliver mail to a spamtrap address > while greylisted. > > - New functionality and improvements for the package tools: > o Major overhaul of the package format, simplifying common > tasks like user creation. > o In-place updates of packages with pkg_add -r. > o Progress meters, which make installing big packages a more > pleasant experience. > o Reliable dependencies on shared libraries, including the base > system. > o Many performance improvements. > > - Over 3000 ports, 2800 pre-built packages. > > - Many improvements for security and reliability. Cleaner source > code for ksh(1), httpd(8), and many more programs. > > - As usual, many improvements in manual pages and other documentation. > > - OpenSSH 4.1: > o Local, remote and dynamic port forwards may be configured to > listen on specific IP addresses. > o sshd_config(5) now understands "GatewayPorts clientspecified" > to allow client-specified listen addresses in remote port > forwards. The existing behaviour for "yes" and "no" is > maintained. > o known_hosts files may be hashed to provide privacy if they > are later disclosed. > o ssh-keygen(1) has additional modes to generate and manage > hashed known_hosts files. > o Users will be warned of impending password and account expiry. > o Corrupt keys in authorized_keys are now handled gracefully. > o sftp(1) has speed improvements for "ls" and now uses libedit > for command line editing and history. > o sshd(8) will now log the source of connections denied by > AllowUsers, DenyUsers, AllowGroups and DenyGroups. > o AddressFamily option in sshd_config(5) now has an > AddressFamily option to provide global control of IPv4 and > IPv6 usage by sshd(8). > o ssh(1)'s multiplex (ControlMaster) mode has been improved and > now provides additional capabilities such as checking if the > master is alive, obtaining its process ID and requesting that > it shut down. > > - OpenBSD/i386 and OpenBSD/macppc now use gcc 3.3.5. > > - OpenBSD/amd64, OpenBSD/cats, OpenBSD/macppc, OpenBSD/hppa, > OpenBSD/sgi, OpenBSD/sparc64 and OpenBSD/zaurus now use DWARF2 > (C++) exception handling. > > - This release of OpenBSD includes the following major components from > outside suppliers: > o X.Org <http://X.Org> 6.8.2 (+ patches, and i386 contains XFree86 3.3.6servers (+ patches) > for legacy chipsets not supported by X.Org <http://X.Org>) > o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches) > o Perl 5.8.6 (+ patches) > o Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches) > o OpenSSL 0.9.7d (+ patches) > o Groff 1.15 > o Sendmail 8.13.3, with libmilter > o Bind 9.3.0 (+ patches) > o Lynx 2.8.5rel.2 with HTTPS and IPv6 support (+ patches) > o Sudo 1.6.8p6 > o Ncurses 5.2 > o Latest KAME IPv6 > o Heimdal 0.6rc1 (+ patches) > o Arla 0.35.7 > o Binutils 2.15 > o Gdb 6.3 > > If you'd like to see a list of what has changed between OpenBSD 3.6 > and 3.7, look at > > http://www.OpenBSD.org/plus37.html > > Even though the list is a summary of the most important changes > made to OpenBSD, it still is a very very long list. > Over the last 6 months, the OpenBSD developers have put > significant effort into pressuring wireless chipset vendors to release > their chip firmware binaries under a license which allows for drivers > to be included in free operating systems. This effort is very > important to ensure that future hardware you buy can be used without > requiring a piece of software you don't own. Some vendors have already > responded very positively to this activism, meaning their chips are > now supportable by all free operating systems. > > The vendors we wish to thank the most for being open in this > regard are RALink and Realtek, and secondly ATmel and Zydas. > > OpenBSD 3.7 ships with many new wireless device drivers > because of our successful activism. With more of your help, we can > make our future releases even better in this regard. Every few years > some large vendors collude to try to lock the free systems out of a > technology. A decade ago it was ethernet. This time it was wireless. > Next, it will be RAID. Don't let them do that. Help us help your > hardware run. > > Participation from the user community in this effort is very > important for its success. Please get active! Visit the articles > starting at: > > http://undeadly.org/cgi?action=article&sid=20041026185704 > http://undeadly.org/cgi?action=article&sid=20041027193425 > http://undeadly.org/cgi?action=article&sid=20041028234237 > > You should send professional, articulate e-mails to the > contacts at the companies in question telling them why this issue is > important to you. Tell them that their products must be supportable by > free operating systems for you to consider buying them, and that > non-free licenses for firmware binaries mean you will be looking for a > different product. > We provide patches for known security threats and other important > issues discovered after each CD release. As usual, between the > creation of the OpenBSD 3.7 FTP/CD-ROM binaries and the actual 3.7 > release date, our team found and fixed some new reliability problems > (note: most are minor and in subsystems that are not enabled by > default). Our continued research into security means we will find > new security problems -- and we always provide patches as soon as > possible. Therefore, we advise regular visits to > > http://www.OpenBSD.org/security.html > and > http://www.OpenBSD.org/errata.html > > Security patch announcements are sent to the [EMAIL PROTECTED] > mailing list. For information on OpenBSD mailing lists, please see: > > http://www.OpenBSD.org/mail.html > OpenBSD 3.7 is also available on CD-ROM. The 3-CD set costs $45USD > (EUR 45) and is available via mail order and from a number of > contacts around the world. The set includes a colorful booklet > which carefully explains the installation of OpenBSD. A new set > of cute little stickers is also included (sorry, but our FTP mirror > sites do not support STP, the Sticker Transfer Protocol). As an > added bonus, the second CD contains an audio track, a song entitled > "The Wizard of OS". Lyrics for the song may be found at: > > http://www.OpenBSD.org/lyrics.html#37 > > Profits from CD sales are the primary income source for the OpenBSD > project -- in essence selling these CD-ROM units ensures that OpenBSD > will continue to make another release six months from now. > > The OpenBSD 3.7 CD-ROMs are bootable on the following five platforms: > > o i386 > o amd64 > o macppc > o sparc > o sparc64 (UltraSPARC) > > (Other platforms must boot from floppy, network, or other method). > > For more information on ordering CD-ROMs, see: > > http://www.OpenBSD.org/orders.html > > The above web page lists a number of places where OpenBSD CD-ROMs > can be purchased from. For our default mail order, go directly to: > > https://https.OpenBSD.org/cgi-bin/order > > or, for European orders: > > https://https.OpenBSD.org/cgi-bin/order.eu > > All of our developers strongly urge you to buy a CD-ROM and support > our future efforts. Additionally, donations to the project are > highly appreciated, as described in more detail at: > > http://www.OpenBSD.org/goals.html#funding > The project continues to expand its funding base by selling t-shirts > and polo shirts. And our users like them too. We have a variety > of shirts available, with the new and old designs, from our web > ordering system at: > > https://https.OpenBSD.org/cgi-bin/order > > and for Europe: > > https://https.OpenBSD.org/cgi-bin/order.eu > > The OpenBSD 3.7 t-shirts are available now. The new shirt for 3.7 is > an update of the classic wireframe shirt featuring a really cool looking > (and nice feeling) wireframe blowfish mascot. We also sell our older > shirts, as well as a selection of OpenSSH t-shirts. > If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily > installed via FTP. Typically you need a single small piece of boot > media (e.g., a boot floppy) and then the rest of the files can be > installed from a number of locations, including directly off the > Internet. Follow this simple set of instructions to ensure that > you find all of the documentation you will need while performing > an install via FTP. With the CD-ROMs, the necessary documentation > is easier to find. > > 1) Read either of the following two files for a list of ftp > mirrors which provide OpenBSD, then choose one near you: > > http://www.OpenBSD.org/ftp.html > ftp://ftp.OpenBSD.org/pub/OpenBSD/3.7/ftplist > > As of May 19, 2005, the following ftp mirror sites have the 3.7 release: > > ftp://ftp.kd85.com/pub/OpenBSD/3.7/ Austria > ftp://openbsd.informatik.uni-erlangen.de/pub/OpenBSD/3.7/ Germany > ftp://muk.kd85.com/pub/OpenBSD/3.7/ Netherlands > ftp://ftp.stacken.kth.se/pub/OpenBSD/3.7/ Sweden > ftp://ftp2.usa.openbsd.org/pub/OpenBSD/3.7/ New York City, NY, USA > ftp://ftp3.usa.openbsd.org/pub/OpenBSD/3.7/ Boulder, CO, USA > ftp://ftp5.usa.openbsd.org/pub/OpenBSD/3.7/ Redwood City, CA, USA > ftp://rt.fm/pub/OpenBSD/3.7/ Lake in the Hills, IL, > USA > > The release is also available at the master site: > > ftp://ftp.openbsd.org/pub/OpenBSD/3.7/ Alberta, Canada > > However it is strongly suggested you use a mirror. > > Other mirror sites may take a day or two to update. > > 2) Connect to that ftp mirror site and go into the directory > pub/OpenBSD/3.7/ which contains these files and directories. > This is a list of what you will see: > > ANNOUNCEMENT alpha/ mac68k/ sparc/ > Changelogs/ amd64/ macppc/ sparc64/ > HARDWARE cats/ mvme68k/ src.tar.gz > PACKAGES ftplist mvme88k/ sys.tar.gz > PORTS hp300/ packages/ tools/ > README hppa/ ports.tar.gz vax/ > SIZES i386/ root.mail zaurus/ > XF4.tar.gz luna88k/ sgi/ > > It is quite likely that you will want at LEAST the following > files which apply to all the architectures OpenBSD supports. > > README - generic README > HARDWARE - list of hardware we support > PORTS - description of our "ports" tree > PACKAGES - description of pre-compiled packages > root.mail - a copy of root's mail at initial login. > (This is really worthwhile reading). > > 3) Read the README file. It is short, and a quick read will make > sure you understand what else you need to fetch. > > 4) Next, go into the directory that applies to your architecture, > for example, i386. This is a list of what you will see: > > CKSUM bsd.rd etc37.tgz misc37.tgz > INSTALL.i386 cd37.iso floppy37.fs pxeboot > INSTALL.linux cdboot floppyB37.fs xbase37.tgz > MD5 cdbr floppyC37.fs xetc37.tgz > base37.tgz cdemu37.iso game37.tgz xfont37.tgz > bsd cdrom37.fs index.txt xserv37.tgz > bsd.mp <http://bsd.mp> comp37.tgz man37.tgz xshare37.tgz > > If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386 > and the appropriate floppy*.fs or cd37.iso file. Consult the > INSTALL.i386 file if you don't know which of the floppy images > you need (or simply fetch all of them). > > 5) If you are an expert, follow the instructions in the file called > README; otherwise, use the more complete instructions in the > file called INSTALL.i386. INSTALL.i386 may tell you that you > need to fetch other files. > > 6) Just in case, take a peek at: > > http://www.OpenBSD.org/errata.html > > This is the page where we talk about the mistakes we made while > creating the 3.7 release, or the significant bugs we fixed > post-release which we think our users should have fixes for. > Patches and workarounds are clearly described there. > > Note: If you end up needing to write a raw floppy using Windows, > you can use "fdimage.exe" located in the pub/OpenBSD/3.7/tools > directory to do so. > X.Org <http://X.Org> has been integrated more closely into the system. > This release > contains X.Org <http://X.Org> 6.8.2. Most of our architectures ship with > X.Org <http://X.Org>, including > amd64, sparc, sparc64 and macppc. During installation, you can install > X.Org <http://X.Org> quite easily. Be sure to try out xdm(1) and see how > we have > customized it for OpenBSD. > > On the i386 platform a few older X servers are included from XFree86 > 3.3.6. These can be used for cards that are not supported by X.Org<http://X.Org> > or where X.Org <http://X.Org> support is buggy. Please read the > /usr/X11R6/README file > for post-installation information. > The OpenBSD ports tree contains automated instructions for building > third party software. The software has been verified to build and > run on the various OpenBSD architectures. The 3.7 ports collection, > including many of the distribution files, is included on the 3-CD > set. Please see the PORTS file for more information. > > Note: some of the most popular ports, e.g., the Apache web server > and several X applications, come standard with OpenBSD. Also, many > popular ports have been pre-compiled for those who do not desire > to build their own binaries (see BINARY PACKAGES, below). > A large number of binary packages is provided. Please see the PACKAGES > file (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.7/PACKAGES) for more details. > The CD-ROMs contain source code for all the subsystems explained > above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.7/README) > file explains how to deal with these source files. For those who > are doing an FTP install, the source code for all four subsystems > can be found in the pub/OpenBSD/3.7/ directory: > > XF4.tar.gz ports.tar.gz src.tar.gz sys.tar.gz > OpenBSD 3.7 includes artwork and CD artistic layout by Ty Semaka, > who also arranged an audio track on the OpenBSD 3.7 CD set. Ports > tree and package building by Peter Valchev, Nikolay Sturm and > Christian Weisgerber. System builds by Theo de Raadt and Kenji Aoyama. > X11 builds by Todd Fries. ISO-9660 filesystem layout by Theo de Raadt. > > We would like to thank all of the people who sent in bug reports, bug > fixes, donation cheques, and hardware that we use. We would also like > to thank those who pre-ordered the 3.7 CD-ROM or bought our previous > CD-ROMs. Those who did not support us financially have still helped > us with our goal of improving the quality of the software. > > Our developers are: > > Aaron Campbell, Alex Feldman, Alexander Guy, Aleksander Piotrowski, > Alexander Yurchenko, Andreas Gunnarsson, Angelos D. Keromytis, > Anil Madhavapeddy, Artur Grabowski, Ben Lindstrom, Bjorn Sandell, > Bob Beck, Brad Smith, Brandon Creighton, Brian Caswell, > Brian Somers, Bruno Rohee, Camiel Dobbelaar, Can Erkin Acar, > Cedric Berger, Chad Loder, Chris Cappuccio, Christian Weisgerber, > Christopher Pascoe, Claudio Jeker, Constantine Sapuntzakis, > Dale Rahn, Damien Bergamini, Damien Couderc, Damien Miller, > Dan Harnett, Daniel Hartmeier, Darren Tucker, David B Terrell, > David Gwynne, David Krause, David Lebel, David Leonard, Don Stewart, > Dug Song, Eric Jackson, Esben Norby, Federico G. Schwindt, > Greg Taleck, Grigoriy Orlov, Hakan Olsson, Hans Insulander, > Hans-Joerg Hoexer, Heikki Korpela, Henning Brauer, Henric Jungheim, > Hiroaki Etoh, Horacio Menezo Ganau, Hugh Graham, Ian Darwin, > Jakob Schlyter, Jan-Uwe Finck, Jared J. Yanovich, Jason Ish, > Jason McIntyre, Jason Peel, Jason Wright, Jean-Baptiste Marchand, > Jean-Francois Brousseau, Jean-Jacques Bernard-Gundol, Jim Rees, > Joel Knight, Jolan Luff, Jonathan Gray, Joris Vink, Jose Nazario, > Joshua Stein, Jun-ichiro itojun Hagino, Kenji Aoyama, Kenjiro Cho, > Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding, > Kurt Miller, Louis Bertrand, Magnus Holmberg, Marc Balmer, > Marc Espie, Marc Matteo, Marco Peereboom, Marco Pfatschbacher, > Marco S Hyman, Marcus Watts, Margarida Sequeira, Marius Eriksen, > Mark Grimes, Mark Kettenis, Markus Friedl, Martin Reindl, > Mathieu Sauve-Frankel, Mats O Jansson, Matt Behrens, Matt Smart, > Matthew Jacob, Matthieu Herrb, Michael Coulter, Michael Shalayeff, > Michael T. Stolarchuk, Mike Frantzen, Mike Pechkin, Miod Vallat, > Moritz Jodeit, Nathan Binkert, Niall O'Higgins, Nick Holland, > Niels Provos, Niklas Hallqvist, Nikolay Sturm, Nils Nordman, > Oleg Safiullin, Otto Moerbeek, Paul Janzen, Pedro Martelletto, > Peter Galbavy, Peter Stromberg, Peter Valchev, Philipp Buehler, > Reinhard J. Sammer, Reyk Floeter, Rich Cannings, Robert Nagy, > Ryan Thomas McBride, Saad Kadhi, Shell Hin-lik Hung, > Stephen Kirkham, Steve Murphree, Ted Unangst, Theo de Raadt, > Thierry Deval, Thomas Nordin, Thorsten Lockert, > Tobias Weingartner, Todd C. Miller, Todd T. Fries, > Tom Cosgrove, Uwe Stuehler, Vincent Labrecque, Wilbern Cobb, > Wim Vandeputte, Xavier Santolaria. > > I would just like to say, you guys rock. Thanks for all the effort you've put into openbsd.
(Looking forward to wearing the new OBSD shirt.)
