[Top] [All Lists]

OpenBSD 4.1 Released

Subject: OpenBSD 4.1 Released
From: Bob Beck
Date: Tue, 01 May 2007 21:02:08 UTC
Newsgroups: fa.openbsd.announce
- OpenBSD 4.1 RELEASED -------------------------------------------------

May 1, 2007.

We are pleased to announce the official release of OpenBSD 4.1.
This is our 21st release on CD-ROM (and 22nd via FTP).  We remain
proud of OpenBSD's record of ten years with only two remote
holes in the default install.  As in our previous releases, 4.1
provides significant improvements, including new features, in nearly
all areas of the system:

- New/extended platforms:
    o OpenBSD/landisk.
      Various SH4-based appliances, made by IO-Data and resold by
    o OpenBSD/sparc64.
      UltraSPARC III based machines are supported even better, and
      now run at full speed!

- Improved hardware support, including:
    o New USB client controller support:
          o Support for the USB client functionality in the pxaudc(4)
            driver on the Zaurus.
          o New usbf(4) midlayer for USB Client controllers.
          o New cdcef(4) driver for providing a CDCE function on USB
            client controllers.
    o New cas(4) driver for Sun Cassini 10/100/Gigabit Ethernet devices.
    o New uow(4) driver for Maxim/Dallas DS2490 USB 1-Wire devices.
    o New owsbm(4) driver for 1-Wire smart battery monitor devices.
    o New zyd(4) driver for ZyDAS ZD1211/ZD1211B USB IEEE 802.11b/g
      wireless network devices.
    o New moscom(4) driver for MosChip Semiconductor MCS7703 based USB
      serial adapters.
    o New glxsb(4) driver for hardware random numbers and AES
      acceleration on the AMD Geode LX processor.
    o New vic(4) driver for VMware VMXnet Virtual Interface Controllers.
    o New malo(4) driver for Marvell Libertas IEEE 802.11b/g wireless
      network devices.
    o New pwdog(4) driver for Quancom PWDOG1 watchdog timer devices.
    o New uberry(4) driver for Research In Motion Blackberry devices.
    o New mbg(4) driver for Meinberg Funkuhren radio clocks.
    o New mesh(4) driver for the on-board SCSI controller of old world
      Apple Power Macintosh systems.
    o New mc(4) driver for the on-board Ethernet of many old world Apple
      Power Macintosh systems
    o Improved msk(4) driver now supports many more Marvell Yukon-2
      variants including dual port cards and fiber cards.
    o The gem(4) driver now supports fiber cards.
    o The OpenBSD/amd64 platform now has more accurate and robust time
    o The OpenBSD/i386 boot(8) program now works properly on Intel-based
    o The pciide(4) driver has had support added for newer chipsets,
          o AMD CS5536 IDE;
          o Intel i31244;
          o NVIDIA MCP67 PATA, MCP67 SATA.
    o The com(4) driver now supports ST16C654 devices.
    o The adt(4) driver supports some newer chipsets, such as the
    o The OpenBSD/macppc platform now automatically turns the machine
      back on following an unexpected loss of power.
    o boot.mac, an XCOFF formated boot loader for OpenBSD/macppc capable
      of booting on many old world macs.

- New tools:
    o BSD-licensed pkg-config(1), a complete rewrite of the GNU tool of
      the same name, significantly smaller and more maintainable.
    o hoststated(8), a layer 3 and layer 7 server load balancing daemon
      with host monitoring capacities.
    o new BSD-licensed ripd(8).
    o bgplg(8), a CGI looking glass for OpenBGPD, is now available for
      use with the system httpd.
    o bgplgsh(8), a looking glass shell for OpenBGPD, is now available
      for use as a restricted read-only command line interface.

- New functionality:
    o syslogd(8)  can now pipe logs directly to other programs, making
      real-time log analysis easier.
    o The IP_RECVTTL ip(4) socket option allows programs to receive the
      incoming ttl on raw and udp sockets.
    o The IP_MINTTL ip(4) socket option allows programs to ask the
      kernel to discard any packets with a ttl smaller than the given
      one, for implementing the IP TTL security hack aka the Generalized
      TTL Security Mechanism specified in RFC 3682.
    o Multiple, independent routing tables, with pf(4) acting as
      selector. route(8) can be told which table to work with now, and
      routing daemons have been modified to cope as well.
    o The pflog(4) interface is now clonable. pf(4) can log to multiple
      pflog interfaces now, each rule can specify which pflog interface
      to log to. pflogd(8) and spamlogd(8) can now be told which pflog
      interface to work with.
    o The pfsync(4) interface is now clonable as well, thus only there
      when actually needed.
    o pfctl(8) can now expire table entries.
    o keep state is now the default for pf.conf(5) rules, as is the
      flags S/SA option on TCP connections. no state and flags any can
      be used to disable stateful filtering or TCP flags checking.
    o The pfctl(8) ruleset optimiser can be enabled in pf.conf(5).
    o pf(4) anchors can now be loaded inline in the main pf.conf(5) and
      can be printed recursively.
    o Allow pf(4) rules inside anchors to have their counters reset, and
      make counter read & reset an atomic operation.
    o sensorsd(8) dampens status changes now, thus not alerting for a
      single wrong sensor read, since many sensors lie once in a while.
    o spamd(8) and spamlogd(8) now support synchronisation of the
      greylist database across multiple hosts. The greytrapping
      mechanism now allows for whole domain traps, and noticing out of
      order MX use.
    o spamd(8) database format has changed from DB_BTREE to DB_HASH for
      much better performance on large installations with big
    o The bridge(4) driver and the brconfig(8) tool now support the
      Rapid Spanning Tree Protocol (RSTP). The new RSTP mode is now used
      by default when enabled with the stp option.
    o cd(4) now supports reading from region protected DVDs.
    o Detect MS-DOS filesystems and spoof disklabel partitions for them
      even when there is no MBR, e.g. on some newer iPods.

- Assorted improvements and code cleanup:
    o The fsck_ffs(8) command has been improved to be more robust to
      various forms of inode and superblock corruption.
    o The top(1) command got some new ways of filtering the display.
    o pthreads(3) file descriptor handling has been improved to
      eliminate several race and deadlock conditions and improve
    o The MS-DOS filesystem has had a potential corruption issue fixed,
      and is more reliable when given a corrupted filesystem to mount.
    o The MS-DOS filesystem and the fdisk(8) command have been enhanced
      to work on devices with 2048 byte sectors, e.g. newer iPods.
    o The OpenRCS tools are smarter at handling files, especially when
      dealing with binary files. GNU RCS compatibility has also been
    o The mg(1) editor now displays column numbers in the status bar. It
      has also received several improvements which make it more
      reliable: line numbers, file insertions, and search wrapping all
      now work as expected.
    o The systat(1) command has a cleaner look, and a display was added
      for hardware sensors.
    o The OpenBSD/alpha platform now uses gcc3.
    o Improved support for USB-attached CD-ROM drives and ever more odd
      umass(4) devices.
    o Don't treat NetBSD or FreeBSD MBR partitions as substitutes for an
      OpenBSD partition. i.e. don't try to boot from them or use them to
      store OpenBSD disklabels.

- Install/Upgrade process changes:
    o More reliable detection of disk and CD devices.
    o More reliable installation from MS-DOS FAT partitions.
    o New sanity check in case sets for the wrong architecture are   
    o No need to specify the filesystem types of source partitions
      during disk or CD-ROM installs.
    o No need to select a source partition during disk or CD installs 
      when there is only one to choose from.

- OpenSSH 4.6:
    o sshd now allows the enabling and disabling of authentication
      methods on a per user, group, host and network basis via the Match
      directive in sshd_config(5).

- OpenBGPD 4.1:
    o Fixes for sessions with tcp md5sig and ipsec. Now sessions can be
      migrated from and to any form of ipsec and tcpmd5 with just a
      simple bgpctl reload, and the session migrates the next time it
      gets established. 
    o Include file support in the config parser.
    o Can now use the new IP_MINTTL socket option to implement the ttl
      security mechanism.

- OpenOSPFD 4.1:
    o Reload support added. It is no longer needed to restart ospfd
      after a configuration change.
    o Multiple networks per interface are now supported.
    o It is now possible to specify the route metric and type for each
      redistribution rule. 

- OpenNTPD 4.1:
    o Greatly improved support for timedelta sensors.
    o ntpd now uses a strictly monotonically increasing time (uptime,
      basically) for its internal timers, so setting the system clock
      doesn't influence query rates, trust levels, etc. any more.

- Over 4,200 ports, 4,000 pre-built packages (for i386), minor robustness
  improvements in package tools. Some highlights:
    o gstreamer-0.10 tools.
    o OpenOffice.org package, available through ftp for size reasons.
    o KDE 3.5.6 and koffice 1.6.2.
    o a large (> 500) number of new/updated perl modules, from CPAN,
      including most of the catalyst web framework.
    o NetBeans 5.5 Java IDE.
    o updated Linux emulation support by using Fedora Core libraries.
    o Mozilla Firefox (with translations).
    o PostgreSQL 8.2.3. 

- As usual, steady improvements in manual pages and other documentation.

- The system includes the following major components from outside
    o X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers (+
      patches) for legacy chipsets not supported by X.Org)
    o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
    o Perl 5.8.8 (+ patches)
    o our improved and secured version of Apache 1.3, with SSL/TLS and
      DSO support
    o OpenSSL 0.9.7j (+ patches)
    o Groff 1.15
    o Sendmail 8.14.0, with libmilter
    o Bind 9.3.4 (+ patches)
    o Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
    o Sudo 1.6.8p9
    o Ncurses 5.2
    o Latest KAME IPv6
    o Heimdal 0.7.2 (+ patches)
    o Arla 0.35.7
    o Binutils 2.15 (+ patches)
    o Gdb 6.3 (+ patches)

If you'd like to see a list of what has changed between OpenBSD 4.0
and 4.1, look at


Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.

- SECURITY AND ERRATA --------------------------------------------------

We provide patches for known security threats and other important
issues discovered after each CD release.  As usual, between the
creation of the OpenBSD 4.1 FTP/CD-ROM binaries and the actual 4.1
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default).  Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible.  Therefore, we advise regular visits to


Security patch announcements are sent to the [email protected]
mailing list.  For information on OpenBSD mailing lists, please see:


- CD-ROM SALES ---------------------------------------------------------

OpenBSD 4.1 is also available on CD-ROM.  The 3-CD set costs $50USD
(EUR 50 including VAT) and is available via mail order and from a number
of contacts around the world.  The set includes a colourful booklet
which carefully explains the installation of OpenBSD.  A new set
of cute little stickers is also included (sorry, but our FTP mirror
sites do not support STP, the Sticker Transfer Protocol).  As an
added bonus, the second CD contains an audio track, a song entitled
"Puffy Baba and the 40 Vendors".

Lyrics (and an explanation) for the songs may be found at:


Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

The OpenBSD 4.1 CD-ROMs are bootable on the following five platforms:

  o i386
  o amd64
  o macppc
  o sparc
  o sparc64 (UltraSPARC)

(Other platforms must boot from floppy, network, or other method).

For more information on ordering CD-ROMs, see:


The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from.  For our default mail order, go directly to:


or, for European orders:


All of our developers strongly urge you to buy a CD-ROM and support
our future efforts.  Additionally, donations to the project are
highly appreciated, as described in more detail at:


- T-SHIRT SALES --------------------------------------------------------

The project continues to expand its funding base by selling t-shirts
and polo shirts.  And our users like them too.  We have a variety
of shirts available, with the new and old designs, from our web
ordering system at:


and for Europe:


The OpenBSD 4.1 t-shirts are available now. The new shirt for 4.1
shows Puffy Babba with a bag of documentation heading out over the
desert on his sea horse. We also sell our older shirts, as well as a
selection of OpenSSH t-shirts.

- FTP INSTALLS ---------------------------------------------------------

If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP.  Typically you need a single small piece of boot
media (e.g., a boot floppy) and then the rest of the files can be
installed from a number of locations, including directly off the
Internet.  Follow this simple set of instructions to ensure that
you find all of the documentation you will need while performing
an install via FTP.  With the CD-ROMs, the necessary documentation
is easier to find.

1) Read either of the following two files for a list of ftp
   mirrors which provide OpenBSD, then choose one near you:


   As of May 1, 2007, the following ftp mirror sites have the 4.1 release:

        ftp://ftp.kd85.com/pub/OpenBSD/4.1/             Austria
        ftp://openbsd.informatik.uni-erlangen.de/pub/OpenBSD/4.1/ Germany
        ftp://ftp.stacken.kth.se/pub/OpenBSD/4.1/       Sweden
        ftp://ftp2.usa.openbsd.org/pub/OpenBSD/4.1/     NYC, USA
        ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.1/     CO, USA
        ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.1/     CA, USA
        ftp://rt.fm/pub/OpenBSD/4.1/                    IL, USA

        The release is also available at the master site:

        ftp://ftp.openbsd.org/pub/OpenBSD/4.1/  Alberta, Canada
        However it is strongly suggested you use a mirror. 

   Other mirror sites may take a day or two to update.

2) Connect to that ftp mirror site and go into the directory
   pub/OpenBSD/4.1/ which contains these files and directories.
   This is a list of what you will see:

        ANNOUNCEMENT    amd64/          mac68k/         sparc64/
        Changelogs/     armish/         macppc/         src.tar.gz
        HARDWARE        avioon/         mvme68k/        sys.tar.gz
        PACKAGES        ftplist         mvme88k/        tools/
        PORTS           hp300/          packages/       vax/
        README          hppa/           ports.tar.gz    zaurus/
        SIZES           i386/           root.mail
        XF4.tar.gz      landisk/        sgi/
        alpha/          luna88k/        sparc/
   It is quite likely that you will want at LEAST the following
   files which apply to all the architectures OpenBSD supports.

        README          - generic README
        HARDWARE        - list of hardware we support
        PORTS           - description of our "ports" tree
        PACKAGES        - description of pre-compiled packages
        root.mail       - a copy of root's mail at initial login.
                          (This is really worthwhile reading).

3) Read the README file.  It is short, and a quick read will make
   sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
   for example, i386.  This is a list of what you will see:

        CKSUM           bsd.rd          etc41.tgz       misc41.tgz
        INSTALL.i386    cd41.iso        floppy41.fs     pxeboot
        INSTALL.linux   cdboot          floppyB41.fs    xbase41.tgz
        MD5             cdbr            floppyC41.fs    xetc41.tgz
        base41.tgz      cdemu41.iso     game41.tgz      xfont41.tgz
        bsd             cdrom41.fs      index.txt       xserv41.tgz
        bsd.mp          comp41.tgz      man41.tgz       xshare41.tgz

   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
   and the appropriate floppy*.fs or cd41.iso file.  Consult the
   INSTALL.i386 file if you don't know which of the floppy images
   you need (or simply fetch all of them).

5) If you are an expert, follow the instructions in the file called
   README; otherwise, use the more complete instructions in the
   file called INSTALL.i386.  INSTALL.i386 may tell you that you
   need to fetch other files.

6) Just in case, take a peek at:


   This is the page where we talk about the mistakes we made while
   creating the 4.1 release, or the significant bugs we fixed
   post-release which we think our users should have fixes for.
   Patches and workarounds are clearly described there.

Note: If you end up needing to write a raw floppy using Windows,
      you can use "fdimage.exe" located in the pub/OpenBSD/4.1/tools
      directory to do so.

- X.ORG FOR MOST ARCHITECTURES -----------------------------------------

X.Org has been integrated more closely into the system.  This release
contains X.Org 6.9.0.  Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc.  During installation, you can install
X.Org quite easily.  Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.

- PORTS TREE -----------------------------------------------------------

The OpenBSD ports tree contains automated instructions for building
third party software.  The software has been verified to build and
run on the various OpenBSD architectures.  The 4.1 ports collection,
including many of the distribution files, is included on the 3-CD
set.  Please see the PORTS file for more information.

Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD.  Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).

- BINARY PACKAGES WE PROVIDE -------------------------------------------

A large number of binary packages are provided.  Please see the PACKAGES
file (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.1/PACKAGES) for more details.

- SYSTEM SOURCE CODE ---------------------------------------------------

The CD-ROMs contain source code for all the subsystems explained
above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.1/README)
file explains how to deal with these source files.  For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/4.1/ directory:

        XF4.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz

- THANKS ---------------------------------------------------------------

OpenBSD 4.1 includes artwork and CD artistic layout by Ty Semaka,
who also arranged an audio track on the OpenBSD 4.1 CD set.  Ports
tree and package building by Peter Valchev, Nikolay Sturm and
Christian Weisgerber.  System builds by Theo de Raadt, Kenji Aoyama,
and Miod Vallat.  X11 builds by Todd Fries.  ISO-9660 filesystem
layout by Theo de Raadt.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use.  We would also like
to thank those who pre-ordered the 4.1 CD-ROM or bought our previous
CD-ROMs.  Those who did not support us financially have still helped
us with our goal of improving the quality of the software.

Our developers are:

    Aaron Campbell, Aleksander Piotrowski, Alex Feldman, Alexander Guy,
    Alexander von Gernler, Alexander Yurchenko, Alexandre Anriot,
    Andreas Gunnarsson, Angelos D. Keromytis, Anil Madhavapeddy,
    Antoine Jacoutot, Artur Grabowski, Ben Lindstrom, Bernd Ahlers,
    Bjorn Sandell, Bob Beck, Brad Smith, Brandon Creighton,
    Brian Caswell, Brian Somers, Bruno Rohee, Camiel Dobbelaar,
    Can Erkin Acar, Cedric Berger, Chad Loder, Chris Cappuccio,
    Chris Kuethe, Christian Weisgerber, Christopher Pascoe,
    Claudio Jeker, Constantine Sapuntzakis, Dale Rahn, Damien Bergamini,
    Damien Couderc, Damien Miller, Dan Harnett, Daniel Hartmeier,
    Darren Tucker, David B Terrell, David Gwynne, David Hill,
    David Krause, David Lebel, David Leonard, Dimitry Andric,
    Don Stewart, Dug Song, Eric Jackson, Esben Norby,
    Federico G. Schwindt, Felix Kronlage, Fernando Gont,
    Gordon Willem Klok, Greg Taleck, Grigoriy Orlov, Hakan Olsson, 
    Hans Insulander, Hans-Joerg Hoexer, Heikki Korpela, Henning Brauer,
    Henric Jungheim, Hiroaki Etoh, Horacio Menezo Ganau, Hugh Graham,
    Ian Darwin, Jacob Meuser, Jakob Schlyter, Jan-Uwe Finck,
    Jared J. Yanovich, Jason Ish, Jason McIntyre, Jason Peel,
    Jason Wright, Jasper Lievisse Adriaanse, Jean-Baptiste Marchand,
    Jean-Francois Brousseau, Jean-Jacques Bernard-Gundol, Jim Rees,
    Joel Knight, Jolan Luff, Jonathan Gray, Jordan Hargrave, Joris Vink,
    Jose Nazario, Joshua Stein, Jun-ichiro itojun Hagino, Kenji Aoyama,
    Kenjiro Cho, Kenneth R Westerback, Kevin Lo, Kevin Steves,
    Kjell Wooding, Kurt Miller, Louis Bertrand, Magnus Holmberg,
    Marc Aurele La France, Marc Balmer, Marc Espie, Marc Matteo,
    Marco Peereboom, Marco Pfatschbacher, Marco S Hyman, Marcus Glocker,
    Marcus Watts, Margarida Sequeira, Marius Eriksen, Mark Grimes,
    Mark Kettenis, Mark Uemura, Markus Friedl, Martin Reindl,
    Mathieu Sauve-Frankel, Mats O Jansson, Matt Behrens, Matt Smart,
    Matthias Kilian, Matthew Jacob, Matthieu Herrb, Michael Coulter,
    Michael Knudsen, Michael Shalayeff, Michael T. Stolarchuk,
    Mike Frantzen, Mike Pechkin, Miod Vallat, Moritz Jodeit,
    Nathan Binkert, Niall O'Higgins, Nick Holland, Niels Provos,
    Niklas Hallqvist, Nikolay Sturm, Nils Nordman, Oleg Safiullin,
    Otto Moerbeek, Patrick Latifi, Paul Janzen, Pedro Martelletto,
    Peter Galbavy, Peter Stromberg, Peter Valchev, Philipp Buehler,
    Reinhard J. Sammer, Ray Lai, Reyk Floeter, Rich Cannings,
    Robert Nagy, Ryan Thomas McBride, Saad Kadhi, Shell Hin-lik Hung,
    Stephen Kirkham, Steve Murphree, Steven Mestdagh, Ted Unangst,
    Theo de Raadt, Thierry Deval, Thomas Nordin, Thordur I. Bjornsson,
    Thorsten Lockert, Tobias Weingartner, Todd C. Miller, Todd T. Fries,
    Tom Cosgrove, Uwe Stuehler, Vincent Labrecque, Wilbern Cobb,
    Wim Vandeputte, Xavier Santolaria.

<Prev in Thread] Current Thread [Next in Thread>
  • OpenBSD 4.1 Released, Bob Beck <=