OpenBSD Journal

OpenBSD 4.0 is released

Contributed by ben on from the shiny-new-toys dept.

The OpenBSD team is proud to announce the release of OpenBSD 4.0. See the full announcement for more information. For a list of the shiny new toys, and release highlights read on..

  • New/extended platforms:
    • OpenBSD/armish.
      • Various ARM-based appliances, using the Redboot boot loader, currently only supporting the Thecus N2100 and IOData HDL-G.
    • OpenBSD/sparc64.
      • UltraSPARC III based machines are now supported!
    • OpenBSD/zaurus.
      • Support for the Zaurus SL-C3200.
  • Improved hardware support, including:
    • New msk(4) driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.
    • New bnx(4) driver for Broadcom NetXtreme II Gigabit Ethernet.
    • New xge(4) driver for Neterion Xframe/Xframe II 10Gb Ethernet.
    • New rum(4) driver for Ralink Technology 2nd gen USB IEEE 802.11a/b/g wireless.
    • New acx(4) driver for Texas Instruments ACX100/ACX111 IEEE 802.11a/b/g wireless.
    • New pgt(4) driver for Connexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless.
    • New uath(4) driver for Atheros USB IEEE 802.11a/b/g wireless.
    • New binary blob free wpi(4) driver for Intel PRO/Wireless 3945ABG IEEE 802.11a/b/g wireless.
    • New arc(4) driver for Areca Technology Corporation SATA RAID; including RAID management via bio(4).
    • New mfi(4) driver for LSI Logic & Dell MegaRAID SAS RAID; including RAID management via bio(4).
    • New azalia(4) driver for generic High Definition Audio.
    • New SD/MMC/SDIO drivers (sdhc(4), sdmmc(4)), currently supporting SD memory cards as fake SCSI sd(4) drives.
    • New udcf(4) driver for Gude ADS Expert mouseCLOCK DCF77/HBG time signal station receivers.
    • New uslcom(4) driver for Silicon Laboratories CP2101/CP2102 based USB serial adapters.
    • New ucycom(4) driver for Cypress microcontroller based USB serial adapters.
    • New uark(4) driver for Arkmicro Technologies ARK3116 based USB serial adapters.
    • New umsm(4) driver for Qualcomm MSM EVDO based modems.
    • New Dallas/Maxim 1-Wire bus support, including:
      • New gpioow(4) driver for 1-Wire bus bit-banging through GPIO pin
      • New onewire(4) 1-Wire bus driver
      • New owid(4) 1-Wire ID family driver
      • New owtemp(4) 1-Wire temperature family driver
    • New isagpio(4) driver for ISA I/O mapped as GPIO.
    • New nmea(4) line discipline for NMEA 0183 (GPS) devices. The new nmeaattach(8) utility can be used to receive NMEA 0183 data and provide the time received as a timedelta sensor to be used by, for example, ntpd(8).
    • New VAX framebuffer drivers:
      • New lcg(4) driver for VAXstation 4000/60 and VLC color frame buffers
      • New lcspx(4) driver for Low-Cost SPX color frame buffers
      • New gpx(4) driver for GPX color frame buffers
      • smg(4) driver for Small Monochrome Graphics frame buffers heavily updated to be a modern wscons(4) driver
    • Support for VAX-based Digital VXT2000 and VXT2000+ terminals.
    • The bge(4) driver supporting newer chipsets, such as the Broadcom BCM5754, BCM5755, BCM5786, and BCM5787.
    • The em(4) driver supporting newer chipsets, such as the Intel ESB2 and ICH8.
    • The nfe(4) driver supporting newer chipsets, such as the NVIDIA MCP61 and MCP65.
    • The re(4) driver supporting newer chipsets, such as the Realtek RT8101E, RT8168, and RT8169SC.
    • The dc(4) driver supporting newer chipsets, such as the ADMtek ADM9511 and ADM9513.
    • The pciide(4) driver supporting newer chipsets, such as:
      • ATI IXP300 SATA, IXP600 IDE
      • Intel 6321ESB IDE/SATA, 82801G SATA, and 82801H SATA
      • IT Express IT8211F IDE
      • NVIDIA MCP61 SATA, MCP65 SATA
      • Promise PDC205xx SATA
      • ServerWorks SATA
      • VIA VT8237A SATA
    • The mpt(4) driver has been replaced with mpi(4), a more stable driver that supports more hardware.
    • The com(4) driver now supports pcmcia and cardbus cards on macppc.
    • Working interrupt routing on Sun Netra t1 105, Ultra 60 and possibly other sparc64 systems.
    • Work around broken VIA and NVIDIA MPBIOSes, fixes interrupt routing with GENERIC.MP on several systems.
    • Initial bio(4) support for Compaq/HP ciss(4) Smart ARRAY 5/6 SAS/SCSI RAID controllers.
    • Improved speed control on some systems:
      • New SpeedStep detection code, also adds support for VIA C7-M, and several newer Pentium M’s.
      • Support SpeedStep in rudimentary fashion on most unknown CPU’s that advertise the feature.
      • Zaurus can be moved into slower speeds now too.
      • The Pentium 4 Thermal Clock Control driver now supports more CPU’s including the Intel Pentium M and Xeon, and provides an estimated performance impact.
      • Numerous improvements to PowerNow K7 and K8 support on i386, and support for K8 was added to amd64.
    • Support for Intel 945G/GM video chipsets (on i386).
    • Support for additional I2C sensors:
      • The adt(4) driver now supports the National Semiconductor LM9600, SMSC EMC6D10x and SMSC SCH5017 chips.
      • The admtemp(4) driver now supports the Analog Devices ADM1023, Genesys Logic GL523SM and Global Mixed-mode Technology G781 chips.
  • New tools:
    • GNU RCS has been replaced with OpenRCS.
  • New functionality:
    • IPsec has been greatly improved:
      • ipsecctl(8) has been greatly extended and completely supersedes ipsecadm(8):
        • Lots of documentation improvements (man ipsec.conf)
        • IPv6 support
        • AH support
        • Transport mode support
        • Dynamic IKE support for roaming users
        • USER_FQDN id support
      • sasyncd(8) works much better:
        • communicates with isakmpd(8), telling it to run active or passive depending on the master/slave state of the carp(4) interfaces. This makes IPsec failover setups much more robust.
        • looks at the carp(4) interface group by default to suppress preemption of IPsec traffic during system boot.
      • isakmpd(8) can now be safely configured by ipsecctl(8) on startup.
    • ftp(1) now supports HTTPS.
    • cdio(1) can now perform track-at-once burning and rewritable blanking.
    • spppcontrol(8) and wicontrol(8) functionality has been merged into ifconfig(8).
    • gcc(1) provides a new warning, -Wstack-larger-than-N, to report functions which are too greedy in stack variables, see gcc-local(1) for details.
    • An in-kernel getcwd(3) implementation.
    • A new system call adjfreq(2) to allow ntpd(8) to adjust the tick rate of the system clock automatically.
    • Support for X11 on VAX has been added
    • Virtual Allocation Table (VAT) support for UDF.
    • C99 functions round(3), roundf(

(Comments are closed)


Comments
  1. By Anonymous Coward (64.142.92.182) on

    Another great release, so much cool new stuff here :-)

  2. By Anonymous Coward (72.193.216.83) on

    Christmas came early today!
    THANKS to ALL!!!

  3. By Anonymous Coward (69.70.178.201) on

    Magnificent. Some people talk, some people walk.

    Prove it. Over, and over, and over again. OpenBSD for all!

  4. By Anonymous Coward (203.35.163.50) on

    w00t! soooo buying some cd's

  5. By Anonymous Coward (62.252.32.12) on

    "Replacement of many malloc(3) calls that follow a pattern prone to
    integer overflow with safer constructs."

    Could someone tell me which safer constructs those are, or which manpage I can find those in?

    Comments
    1. By Anonymous Coward (76.3.196.122) on

      > "Replacement of many malloc(3) calls that follow a pattern prone to
      >       integer overflow with safer constructs."
      > 
      > Could someone tell me which safer constructs those are, or which manpage I can find those in?
      
      RTFM malloc: 
      
           When using malloc() be careful to avoid the following idiom:
      
                 if ((p = malloc(num * size)) == NULL)
                         err(1, "malloc");
      
           The multiplication may lead to an integer overflow.  To avoid this,
           calloc() is recommended.
      
      C.
      

  6. By Anonymous Coward (68.167.146.78) on

    Downloading it now. If it really can help me stop a significant amount of spam email, then I, too, will purchase the CD set.

    Comments
    1. By Anonymous Coward (66.225.135.194) on

      > Downloading it now. If it really can help me stop a significant amount of spam email, then I, too, will purchase the CD set.

      My post on misc@ last week...

      (It's been running over a week, whitelist is to 3800, spam's through to the McAfee Webshield are down to 6.02% from 200%, all because of OpenBSD. This is on about 72,000 LEGITIMATE incoming emails for approximately 450 mailboxes.)

      Hi,

      Just had some interesting stats I thought I'd share for the archive.

      Originally, we only had a Mcafee Webshield protecting our MS Exchange Server. We were receiving approximately 2x as much spam as we email. If we received 10,000 emails, our Webshield would have trapped over 20,000 spam's. It is actually quite a good appliance.

      Yesterday, to protect our system from a virus that the webshield was not catching, I implemented greylisting on an OpenBSD box in front of the webshield. I have been running greylisting at home for several years now, & know it's effective, but never had concrete numbers to measure against.

      Overnight, our spamd protected webshield only received (caught) 191 spam emails, and processed approximately 4200 legitimate emails. Satistically, that should have been around 9000 spams processed in that timeframe. During that period, my server's whitelist has grown to over 700 email servers.

      The good thing is that these emails have been blocked without receiving the body, so our bandwidth usage will be reduced.
      Pretty impressive figures!

      Cheers,
      Steve Williams

      Comments
      1. By Luis (66.159.200.194) on

        Yeah, isn't it great! I've set up an obsd box for a client to use spamd and configured sendmail to use Spamcop's blocklist. Spam? What spam? This simple layered approach literally squashed their spam issue. I even managed to convince them to buy a cd for my troubles. So yeah, its worth it (purchasing a cd) and then some.

  7. By jtorin (213.185.19.190) on

    It's worth pointing out that there are, in normal fashion, torrents for the release on http://openbsd.somedomain.net/.

  8. By Anonymous Coward (195.29.157.74) on

    I recenty installed new OpenBSD box (it's 3.9 but will upgrade soon to 4.0 - when my CD box arrives) as a Remote Access Service using PF for traffic mangling and per-user ACLs, and OpenVPN as a VPN solution. It works perfectly.

    Great work !!

  9. By Anonymous Coward (220.239.57.51) on

    Well, I made a promise back when OpenBSD 3.2 was released, that: "when OpenBSD hits 4.0, I'm gonna try it for the first time."

    So here goes! :)

  10. Comments
    1. By Igor Sobrado (81.37.167.54) on

      > Boots, does the full install, no external packages.

      Not a very good contribution to the OpenBSD project, though...

      Please, buy the OS media from the OpenBSD team instead! OpenBSD is one of the few projects in computing I heartly believe we *must* support. They are doing an excellent and very hard work on each release, -as the other BSD projects, of course-, and we need to support it. We really must support OpenBSD.

      I started using OpenBSD some years ago making my own ISO images from the distribution files available on the project mirrors and, sometimes, setting up local FTP servers. About a year ago, one of the developers of this excellent operating system sent me a copy of the OS media for free (thanks!) and, since then, I am buying items to support OpenBSD from an european authorized dealer (KD85). Last september, I preordered OpenBSD 4.0, and the books "Building Firewalls with OpenBSD and PF", "Secure Architectures with OpenBSD" and "Absolute OpenBSD" from this company.

      Even if there are other ways to put our hands on the operating system (e.g., for me it is easier to copy the installation tarballs downloaded from a mirror to a bootable CF card on my Soekris net4801 before making an upgrade on that network appliance) I certainly prefer supporting this project.

      Please, support this project!

      Comments
      1. By Anonymous Coward (68.167.146.78) on

        > > Boots, does the full install, no external packages.
        >
        > Not a very good contribution to the OpenBSD project, though...
        >
        > Please, buy the OS media from the OpenBSD team instead! OpenBSD is one of the few projects in computing I heartly believe we *must* support. They are doing an excellent and very hard work on each release, -as the other BSD projects, of course-, and we need to support it. We really must support OpenBSD.
        >

        I have to agree. Yesterday, I downloaded OpenBSD 4.0 and made my own ISO image to see if it works for me. Well, it does. I have just put in my order for the CD set.

        The team is doing a kick-ass job and has now for just over eleven years.

      2. By Andrew B (167.127.24.25) on

        > Please, buy the OS media from the OpenBSD team instead!

        I bought the 3.9 media and whilst I love the OS I was disappointed at the restricted selected of packages, even for i386 -- for those of us without on-demand Internet access this seriously restricts the utility of the media, and one can forget about ports; without an Internet connection one has to resort to compiling by hand. Until the team provide a DVD distribution that contains all the packages and architectures hosted on the the FTP site I can't justify spending a full day's earnings on the media. So I'll be sitting on 3.9 for a while...

        Comments
        1. By Igor Sobrado (156.35.192.3) on

          > > Please, buy the OS media from the OpenBSD team instead!
          >
          > I bought the 3.9 media and whilst I love the OS I was disappointed at the restricted selected of packages, even for i386 -- for those of us without on-demand Internet access this seriously restricts the utility of the media, and one can forget about ports; without an Internet connection one has to resort to compiling by hand. Until the team provide a DVD distribution that contains all the packages and architectures hosted on the the FTP site I can't justify spending a full day's earnings on the media. So I'll be sitting on 3.9 for a while...

          I am certainly against distributing OpenBSD on DVD on some platforms (e.g., i386) as it will seriously limit the number of systems supported by the official distribution. Not all i386 computers have DVD drives. However, it can be an option for amd64 and other state-of-the-art platforms.

          Comments
          1. By Anonymous Coward (68.167.146.78) on

            > I am certainly against distributing OpenBSD on DVD on some platforms (e.g., i386) as it will seriously limit the number of systems supported by the official distribution. Not all i386 computers have DVD drives. However, it can be an option for amd64 and other state-of-the-art platforms.


            You're right; not all i386 computers have DVD drives. For that matter, neither do all PPC or SPARC boxes (my PMac G3 B&W and Sun Ultra 5, for example). However, just about every new x86 PC that has come out over the last four years has come with at least a combo CD-RW/DVD-ROM drive. This is why you see a lot of the GNU/Linux distros, including even Slackware now, available on both media.

            Comments
            1. By Igor Sobrado (81.37.167.54) on

              > You're right; not all i386 computers have DVD drives. For that matter, neither do all PPC or SPARC boxes (my PMac G3 B&W and Sun Ultra 5, for example). However, just about every new x86 PC that has come out over the last four years has come with at least a combo CD-RW/DVD-ROM drive. This is why you see a lot of the GNU/Linux distros, including even Slackware now, available on both media.

              Indeed, I have a copy of OpenBSD 3.9 here. I see that the second CD on the distribution is labeled "macppc*, amd64*, track 2 is audio track". Selling a DVD for amd64 means that PPC version will not run on older machines.

              One of the features I appreciate on OpenBSD is that, as happens with FreeBSD and NetBSD, it does not have large hardware requirements. Being able to boot from a CD-ROM or from a network is certainly good. Restricting OpenBSD to machines developed in the last four years is something that I believe (and really hope!) is unaceptable for the goals of the project.

              Just my opinion, but I think that your suggestion of selling both media is an excellent one. Perhaps selling two distributions (one in CD-ROM and one in DVD) should be considered by the OpenBSD developers in the future. However, don't know how expensive will be maintaining two sets of disks. Money is more important for other areas of the project (buying hardware, paying for network connection, hackatlons...)

              On the other hand, there are a lot of updates on the anonymous FTP server and its mirrors. When I installed OpenBSD on my desktop computer (Pentium, 166 MHz) some time ago, I installed X.Org, OpenMotif and Mozilla firefox (all in the distribution media). After a month or so I found that the FTP servers had updated releases of firefox! I wrongly supposed that packages were updated only each six months, in synchronization with the new operating systems releases.

              In short, I see software packages in the CD-ROM as a bonus, but not required at all. The real depots for packages are the anonymous FTP servers.

  11. By xuxu (213.30.114.4) superbofh@gmail.com on http://www.eatis.org

    For those who use it under the macppc arch: looks like the mini cd40.iso/macppc has some problems, with powerbooks G4's.

    Comments
    1. By Matthias Kilian (84.134.30.138) on

      > For those who use it under the macppc arch: looks like the mini cd40.iso/macppc has some problems, with powerbooks G4's.

      -v, please

      "some problems" isn't very helpful.

  12. By Obelix (88.82.33.250) obelix@gaulois.net on

    By Toutatis, what a nice release. You'd be crazy not to get your own!

    Comments
    1. By ozamosi (85.8.9.80) on

      > By Toutatis, what a nice release. You'd be crazy not to get your own!

      I've been considering whether I should buy the CD or not. I don't use OBSD as my primary OS, and it doesn't even install on my primary computer. It is a project I want to support, but at 50 euros, the CD's quite expensive.

      That pic, however, was all I needed. I'm buying the CD as I'm typing this.

      Comments
      1. By Janne Johansson (82.182.176.20) jj@inet6.se on

        > > By Toutatis, what a nice release. You'd be crazy not to get your own!
        >
        > I've been considering whether I should buy the CD or not. I don't use OBSD as my primary OS, and it doesn't even install on my primary computer. It is a project I want to support, but at 50 euros, the CD's quite expensive.

        Then donate. Or get together with some friends and buy one.
        Or even hold a fund-raiser and donate the results!

  13. By Anonymous Coward (69.207.171.114) on

    Well, I built the system from source when it was tagged in CVS... I guess now it's time to pkg_add -uri. And donate to OpenBSD via paypal. :-)

  14. By ahafey (82.69.184.245) on

    My kids love the packaging/theme.

    You've just gained another four OpenBSD supporters!

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]