Contributed by jose on from the finally-here dept.
This is a big release for OpenBSD with many substantial changes. Many users will want to reinstall from scratch and not upgrade, as architecture changes on some platforms as well as enhanced security features are best taken advantage of that way. Read on for the release notes.
- OpenBSD 3.2 RELEASED -------------------------------------------------
Nov 1, 2002.
It is our pleasure to officially announce the release of OpenBSD
3.2. This is our 12th release on CD-ROM (and 13th via FTP). We
remain proud of OpenBSD's record of six years with only a single
remote hole in the default install. As in our previous releases,
3.2 provides significant improvements, including new features, in
nearly all areas of the system:
- Improved hardware support (http://www.OpenBSD.org/plat.html)
o Asymmetric and symmetric hardware encryption support is enabled
by default if a supported crypto accelerator is present.
o Improved frame buffer and X Window System performance on the sparc,
sparc64, and alpha platforms.
o Builtin AGP-based video on i386 machines using ALI, AMD, Intel, SiS,
and VIA chipsets is now supported and usable by the X Window System.
o Intel Gigabit Ethernet adapters are now supported by the em(4)
driver which replaces the gx(4) driver. The em(4) driver supports
more models and has better performance than the old gx(4) driver.
o Fixed a stability problem with the twe(4) driver and some UDMA drives.
o Added support for more PCI-based Cyclades serial boards.
o IDE disks larger than 128GB and UDMA133 are now supported.
o Updated isp(4) and siop(4) SCSI drivers.
o Added support for sbus-PCMCIA bridges on the sparc64 platform.
o The wi(4) driver (Wavelan, Prism, and Symbol 802.11b) now works
on the sparc64 platform.
o DMA handling in the hme(4) driver has been fixed.
- Major improvements in the pf packet filter, including:
o New "antispoof" keyword: spoofing protection made easy.
o Much simplified filter rule language.
o Extended filtering capabilities.
o All known bugs with filtering bridged interfaces have been fixed.
o It is now possible to control state table entries with a per-rule
o Support for dynamic interface expansion. There is no longer a need
to reload the ruleset due to IP address changes. This is useful
for interfaces where the address is dynamically assigned (PPP
- Ever-improving security (http://www.OpenBSD.org/security.html)
o Non-executable stack on i386, sparc (sun4m only), sparc64,
alpha, and macppc platforms. Non-executable data and bss on
sparc (sun4m only), sparc64 and alpha. This makes the system
more resistent to buffer overflow attacks.
o OpenBSD 3.2 ships with fewer setuid root binaries than ever before.
Many of the remaining root setuid binaries drop root privileges
early in their execution. The use of setuid in the ports subsystem
has also been reduced.
o Privilege separation is now the default in sshd.
o The Apache web server now runs in a chroot jail by default.
The new "-u" option can be used to disable this.
o Several other security issues fixed throughout the system, many
of which were identified by members of the OpenBSD team themselves.
Please see http://www.OpenBSD.org/errata31.html for more details
on what was fixed.
- New subsystems included with 3.2
o A new tool, systrace, enables the user to specify policy for an
executable at the system call level.
o The sparc platform now uses ELF binaries.
- Many other bugs fixed (http://www.OpenBSD.org/plus32.html)
- The "ports" tree is greatly improved (http://www.OpenBSD.org/ports.html)
o The 3.2 CD-ROMs ship with many pre-built packages for the common
architectures. The FTP site contains hundreds more packages
(for the important architectures) which we could not fit onto
the CD-ROMs (or which had prohibitive licenses).
- Many subsystems improved and updated since the last release:
o XFree86 updated to 4.2.1.
o Sendmail updated to 8.12.6.
o Apache 1.3.26 and mod_ssl 2.8.10.
o OpenSSL 0.9.7beta3 (+ patches)
o Latest KAME IPv6
o OpenSSH 3.5
o The atrun command has been incorporated into the cron(8) daemon.
o The vlan(4) driver now supports multicast.
If you'd like to see a list of what has changed between OpenBSD 3.1
and 3.2, look at
Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
This is our thirteenth OpenBSD release, and the twelfth release
which is available on CD-ROM. Our releases have been spaced six
months apart, and we plan to continue this timing.
- CD-ROM SALES ----------------------------------------------------------
OpenBSD 3.2 is also available on CD-ROM. The 3-CD set costs $40USD
(EUR 45) and is available via mail order and from a number of
contacts around the world. The set includes a colorful booklet
which carefully explains the installation of OpenBSD. A new set
of cute little stickers are also included (sorry, but our FTP mirror
sites do not support STP, the Sticker Transfer Protocol). As an
added bonus, the second CD contains an exclusive audio track,
"Goldflipper". Lyrics for the song may be found at:
Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.
The OpenBSD 3.2 CD-ROMs are bootable on the following six platforms:
o sparc64 (UltraSPARC)
* The m68k-based platforms, including hp300, are located on a fourth
CD that is not included in the official CD-ROM package. You can
download the ISO-9660 image for the fourth CD as described below.
(Other platforms must boot from floppy, network, or other method).
For more information on ordering CD-ROMs, see:
Thanks to all developers and users who assisted in making this release a success!
(Comments are closed)