[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD 3.2 Released



------------------------------------------------------------------------
- OpenBSD 3.2 RELEASED -------------------------------------------------

Nov 1, 2002.

It is our pleasure to officially announce the release of OpenBSD
3.2.  This is our 12th release on CD-ROM (and 13th via FTP).  We
remain proud of OpenBSD's record of six years with only a single
remote hole in the default install.  As in our previous releases,
3.2 provides significant improvements, including new features, in
nearly all areas of the system:

- Improved hardware support             (http://www.OpenBSD.org/plat.html)

  o Asymmetric and symmetric hardware encryption support is enabled
    by default if a supported crypto accelerator is present.

  o Improved frame buffer and X Window System performance on the sparc,
    sparc64, and alpha platforms.

  o Builtin AGP-based video on i386 machines using ALI, AMD, Intel, SiS,
    and VIA chipsets is now supported and usable by the X Window System.

  o Intel Gigabit Ethernet adapters are now supported by the em(4)
    driver which replaces the gx(4) driver.  The em(4) driver supports
    more models and has better performance than the old gx(4) driver.

  o Fixed a stability problem with the twe(4) driver and some UDMA drives.

  o Added support for more PCI-based Cyclades serial boards.

  o IDE disks larger than 128GB and UDMA133 are now supported.

  o Updated isp(4) and siop(4) SCSI drivers.

  o Added support for sbus-PCMCIA bridges on the sparc64 platform.

  o The wi(4) driver (Wavelan, Prism, and Symbol 802.11b) now works
    on the sparc64 platform.

  o DMA handling in the hme(4) driver has been fixed.

- Major improvements in the pf packet filter, including:

  o New "antispoof" keyword: spoofing protection made easy.

  o Much simplified filter rule language.

  o Extended filtering capabilities.

  o All known bugs with filtering bridged interfaces have been fixed.

  o It is now possible to control state table entries with a per-rule
    granularity.

  o Support for dynamic interface expansion.  There is no longer a need
    to reload the ruleset due to IP address changes.  This is useful
    for interfaces where the address is dynamically assigned (PPP
    and DHCP).

- Ever-improving security            (http://www.OpenBSD.org/security.html)

  o Non-executable stack on i386, sparc (sun4m only), sparc64,
    alpha, and macppc platforms.  Non-executable data and bss on
    sparc (sun4m only), sparc64 and alpha.  This makes the system
    more resistent to buffer overflow attacks.

  o OpenBSD 3.2 ships with fewer setuid root binaries than ever before.
    Many of the remaining root setuid binaries drop root privileges
    early in their execution.  The use of setuid in the ports subsystem
    has also been reduced.

  o Privilege separation is now the default in sshd.

  o The Apache web server now runs in a chroot jail by default.
    The new "-u" option can be used to disable this.

  o Several other security issues fixed throughout the system, many
    of which were identified by members of the OpenBSD team themselves.
    Please see http://www.OpenBSD.org/errata31.html for more details
    on what was fixed.

- New subsystems included with 3.2

  o A new tool, systrace, enables the user to specify policy for an
    executable at the system call level.

  o The sparc platform now uses ELF binaries.

- Many other bugs fixed                 (http://www.OpenBSD.org/plus32.html)

- The "ports" tree is greatly improved  (http://www.OpenBSD.org/ports.html)

  o The 3.2 CD-ROMs ship with many pre-built packages for the common
    architectures.  The FTP site contains hundreds more packages
    (for the important architectures) which we could not fit onto
    the CD-ROMs (or which had prohibitive licenses).

- Many subsystems improved and updated since the last release:

  o XFree86 updated to 4.2.1.

  o Sendmail updated to 8.12.6.

  o Apache 1.3.26 and mod_ssl 2.8.10.

  o OpenSSL 0.9.7beta3 (+ patches)

  o Latest KAME IPv6

  o OpenSSH 3.5

  o The atrun command has been incorporated into the cron(8) daemon.

  o The vlan(4) driver now supports multicast.

If you'd like to see a list of what has changed between OpenBSD 3.1
and 3.2, look at

        http://www.OpenBSD.org/plus32.html

Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.

This is our thirteenth OpenBSD release, and the twelfth release
which is available on CD-ROM.  Our releases have been spaced six
months apart, and we plan to continue this timing.

------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------

We provide patches for known security threats and other important
issues discovered after each CD release.  As usual, between the
creation of the OpenBSD 3.2 FTP/CD-ROM binaries and the actual 3.2
release date, our team found and fixed some new reliability problems
(note: most are minor, and in subsystems that are not enabled by
default).  Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible.  Therefore, we advise regular visits to

        http://www.OpenBSD.org/security.html
and
	http://www.OpenBSD.org/errata.html

Security patch announcements are sent to the security-announce_(_at_)_OpenBSD_(_dot_)_org
mailing list.  For information on OpenBSD mailing lists, please see:

	http://www.OpenBSD.org/mail.html

------------------------------------------------------------------------
- CD-ROM SALES ----------------------------------------------------------

OpenBSD 3.2 is also available on CD-ROM.  The 3-CD set costs $40USD
(EUR 45) and is available via mail order and from a number of
contacts around the world.  The set includes a colorful booklet
which carefully explains the installation of OpenBSD.  A new set
of cute little stickers are also included (sorry, but our FTP mirror
sites do not support STP, the Sticker Transfer Protocol).  As an
added bonus, the second CD contains an exclusive audio track,
"Goldflipper".  Lyrics for the song may be found at:
    http://www.OpenBSD.org/lyrics.html#32

Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

The OpenBSD 3.2 CD-ROMs are bootable on the following six platforms:
  o i386
  o alpha
  o sparc
  o sparc64 (UltraSPARC)
  o macppc
  o hp300*

* The m68k-based platforms, including hp300, are located on a fourth
  CD that is not included in the official CD-ROM package.  You can
  download the ISO-9660 image for the fourth CD as described below.

(Other platforms must boot from floppy, network, or other method).

For more information on ordering CD-ROMs, see:

        http://www.OpenBSD.org/orders.html

The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from.  For our default mail order, go directly to:

        https://https.OpenBSD.org/cgi-bin/order

or, for European orders:

	https://https.OpenBSD.org/cgi-bin/order.eu

All of our developers strongly urge you to buy a CD-ROM and support
our future efforts.  As well, donations to the project are highly
appreciated, as described in more detail at:

        http://www.OpenBSD.org/goals.html#funding

Due to space restrictions and our desire not to raise the cost of
the CD-ROM, the Motorola 68k-based platforms are located on a
fourth CD that is not included in the official CD-ROM package.
An ISO-9660 image for this CD may be downloaded from:

	ftp://ftp.OpenBSD.org/pub/OpenBSD-ISO/3.2-CD4.iso

This CD contains the amiga, hp300, mac68k and mvme68k install sets
as well as the m68k packages.  The CD is bootable on the hp300.
Note that not all ftp mirrors will carry the CD image.


------------------------------------------------------------------------
- T-SHIRT SALES --------------------------------------------------------

The project continues to expand its funding base by selling t-shirts
and polo shirts.  And our users like them too.  We have a variety
of shirts available, with the new and old designs, from our web
ordering system at:

        https://https.OpenBSD.org/cgi-bin/order

The new 3.2 t-shirt is not available at this time but will be
available shortly.

------------------------------------------------------------------------
- FTP INSTALLS ---------------------------------------------------------

If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP.  Typically you need a single small piece of boot
media (e.g., a boot floppy) and then the rest of the files can be
installed from a number of locations, including directly off the
Internet.  Follow this simple set of instructions to ensure that
you find all of the documentation you will need while performing
an install via FTP.  With the CD-ROMs, the necessary documentation
is easier to find.

1) Read either of the following two files for a list of ftp
   mirrors which provide OpenBSD, then choose one near you:

        http://www.OpenBSD.org/ftp.html
        ftp://ftp.OpenBSD.org/pub/OpenBSD/3.2/ftplist

   As of Nov 1, 2002, the following ftp sites have the 3.2 release:

	ftp://ftp.ca.openbsd.org/pub/OpenBSD/3.2/	Alberta, Canada
	ftp://ftp.usa.openbsd.org/pub/OpenBSD/3.2/	Boulder, CO, USA
	ftp://ftp.se.openbsd.org/pub/OpenBSD/3.2/	Stockholm, Sweden
	ftp://ftp.calyx.nl/pub/OpenBSD/3.2/		Amsterdam, Netherlands
	ftp://ftp.wiretapped.net/pub/OpenBSD/3.2/	Sydney, Australia

   Other mirrors will take a day or two to update.

2) Connect to that ftp mirror site and go into the directory
   pub/OpenBSD/3.2/ which contains these files and directories.
   This is a list of what you will see:

	ANNOUNCEMENT   XF4.tar.gz     mac68k/        sparc/
	Changelogs/    alpha/         macppc/        sparc64/
	HARDWARE       amiga/         mvme68k/       src.tar.gz 
	PACKAGES       ftplist        packages/      srcsys.tar.gz 
	PORTS          hp300/         ports.tar.gz   tools/
	README         i386/          root.mail      vax/

   It is quite likely that you will want at LEAST the following
   files which apply to all the architectures OpenBSD supports.

        README          - generic README
        HARDWARE        - list of hardware we support
        PORTS           - description of our "ports" tree
        PACKAGES        - description of pre-compiled packages
        root.mail       - a copy of root's mail at initial login.
			  (This is really worthwhile reading).

3) Read the README file.  It is short, and a quick read will make
   sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
   for example, i386.  This is a list of what you will see:

	CKSUM          INSTALL.os2br  comp32.tgz     man32.tgz 
	INSTALL.ata    INSTALL.pt     etc32.tgz      misc32.tgz 
	INSTALL.chs    MD5            floppy32.fs    xbase32.tgz 
	INSTALL.dbr    base32.tgz     floppyB32.fs   xfont32.tgz 
	INSTALL.i386   bsd            floppyC32.fs   xserv32.tgz 
	INSTALL.linux  bsd.rd         game32.tgz     xshare32.tgz 
	INSTALL.mbr    cdrom32.fs     index.txt      

   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
   and the appropriate floppy*.fs file.  Consult the INSTALL.i386
   file if you don't know which of the floppy images you need (or
   simply fetch all of them).

5) If you are an expert, follow the instructions in the file called
   README; otherwise, use the more complete instructions in the
   file called INSTALL.i386.  INSTALL.i386 may tell you that you
   need to fetch other files.

6) Just in case, take a peek at:

        http://www.OpenBSD.org/errata.html

   This is the page where we talk about the mistakes we made while
   creating the 3.2 release, or the significant bugs we fixed
   post-release which we think our users should have fixes for.
   Patches and workarounds are clearly described there.

Note: If you end up needing to write a raw floppy using Windows,
      you can use "fdimage.exe" located in the pub/OpenBSD/3.2/tools
      directory to do so.

------------------------------------------------------------------------
- XFree86 FOR MOST ARCHITECTURES ---------------------------------------

XFree86 has been integrated more closely into the system.  This
release contains XFree86 4.2.1.  Most of our architectures ship
with XFree86, including sparc, sparc64 and macppc.  During installation,
you can install XFree86 quite easily.  Be sure to try out xdm(1)
and see how we have customized it for OpenBSD.

On the i386 platform a few older X servers are included from XFree86
3.3.6.  These can be used for cards that are not supported by XFree86
4.2.1 or where XFree86 4.2.1 support is buggy.  Please read the
/usr/X11R6/README file for post-installation information.

------------------------------------------------------------------------
- PORTS TREE -----------------------------------------------------------

The OpenBSD ports tree contains automated instructions for building
third party software.  The software has been verified to build and
run on the various OpenBSD architectures.  The 3.2 ports collection,
including many of the distribution files, is included on the 3-CD
set.  Please see PORTS file for more information.

Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD.  Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see PACKAGES, below).

------------------------------------------------------------------------
- BINARY PACKAGES WE PROVIDE -------------------------------------------

A large number of binary packages are provided.  Please see PACKAGES
file (ftp://ftp.OpenBSD.org/pub/OpenBSD/PACKAGES) for more details.

------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------

The CD-ROMs contain source code for all the subsystems explained
above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/README)
file explains how to deal with these source files.  For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/3.2/ directory:

        XF4.tar.gz     ports.tar.gz   src.tar.gz     srcsys.tar.gz

------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------

OpenBSD 3.2 includes artwork and CD artistic layout by Ty Semaka,
who also wrote the lyrics and arranged an audio track on the OpenBSD
3.2 CD set.  Ports tree and package building by Christian Weisgerber,
David Lebel, Peter Valchev and Miod Vallat.  System builds by Theo
de Raadt, Niklas Hallqvist, Todd Fries and Bob Beck.  ISO-9660
filesystem layout by Theo de Raadt.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use.  We would also like
to thank those who pre-ordered the 3.2 CD-ROM or bought our previous
CD-ROMs.  Those who did not support us financially have still helped
us with our goal of improving the quality of the software.

Our developers are:

    Aaron Campbell, Angelos D. Keromytis, Anil Madhavapeddy,
    Artur Grabowski, Ben Lindstrom, Bjorn Sandell, Bob Beck, Brad Smith,
    Brandon Creighton, Brian Caswell, Brian Somers, Bruno Rohee,
    Camiel Dobbelaar, Chad Loder, Chris Cappuccio, Christian Weisgerber,
    Constantine Sapuntzakis, Dale Rahn, Damien Couderc, Damien Miller,
    Dan Harnett, Daniel Hartmeier, David B Terrell, David Lebel,
    David Leonard, Dug Song, Eric Jackson, Federico G. Schwindt,
    Grigoriy Orlov, Hakan Olsson, Hans Insulander, Heikki Korpela,
    Henning Brauer, Henric Jungheim, Horacio Menezo Ganau, Hugh Graham,
    Ian Darwin, Jakob Schlyter, Jan-Uwe Finck, Jason Ish, Jason Peel,
    Jason Wright, Jean-Baptiste Marchand, Jean-Jacques Bernard-Gundol,
    Jim Rees, Joshua Stein, Jun-ichiro itojun Hagino, Kenjiro Cho,
    Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding,
    Louis Bertrand, Marc Espie, Marc Matteo, Marco S Hyman, Marcus Watts,
    Mark Grimes, Markus Friedl, Mats O Jansson, Matt Behrens, Matt Smart,
    Matthew Jacob, Matthieu Herrb, Michael Shalayeff, Michael T. Stolarchuk,
    Mike Frantzen, Mike Pechkin, Miod Vallat, Nathan Binkert,
    Nick Holland, Niels Provos, Niklas Hallqvist, Nils Nordman,
    Oleg Safiullin, Paul Janzen, Peter Galbavy, Peter Stromberg,
    Peter Valchev, Philipp Buehler, Reinhard J. Sammer, Ryan Thomas McBride,
    Shell Hin-lik Hung, Steve Murphree, Theo de Raadt, Thierry Deval,
    Thomas Nordin, Thorsten Lockert, Tobias Weingartner, Todd C. Miller,
    Todd T. Fries, Vincent Labrecque, Wilbern Cobb, Wim Vandeputte.



Visit your host, monkey.org