OpenBSD Journal

OpenBSD 4.1-stable patches are up

Contributed by deanna on from the patch early dept.

Chris Kuethe (ckuethe@) writes:

In preparation for the upcoming release of OpenBSD 4.1, I have committed 6 patches of varying severity to the -stable branch. You can get the patches from the errata page or check out OPENBSD_4_1 from cvs.

(Comments are closed)


Comments
  1. By Anonymous Coward (85.178.65.209) on

    Seriously: Are the Port-updates ready too?
    I already run a 4.1 Server...

    I know I get no priviledges during buying a CD-Set but seriously:
    It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not.
    Don`t the developers/Maintaners have to do the same work twice then?

    I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :(
    And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..

    Comments
    1. By Darrin Chandler (dwc) on http://www.stilyagin.com/darrin/

      > Seriously: Are the Port-updates ready too?
      > I already run a 4.1 Server...
      >
      > I know I get no priviledges during buying a CD-Set but seriously:
      > It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not.
      > Don`t the developers/Maintaners have to do the same work twice then?
      >
      > I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :(
      > And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..

      Every time we get something early someone bitches that we don't get everything early. What effect do you think this whining has on motivating developers?

      If you're installing this on servers, and you don't have all the parts you need, then it is completely your fault for having no judgement. If you whine long and hard enough maybe nobody will get anything until the release date. Instead, why don't you play with it on test systems prior to release and STFU with all the whining?

      Comments
      1. By James (jturner) on http://bsdgroup.org

        > > Seriously: Are the Port-updates ready too?
        > > I already run a 4.1 Server...
        > >
        > > I know I get no priviledges during buying a CD-Set but seriously:
        > > It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not.
        > > Don`t the developers/Maintaners have to do the same work twice then?
        > >
        > > I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :(
        > > And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..
        >
        > Every time we get something early someone bitches that we don't get everything early. What effect do you think this whining has on motivating developers?
        >
        > If you're installing this on servers, and you don't have all the parts you need, then it is completely your fault for having no judgement. If you whine long and hard enough maybe nobody will get anything until the release date. Instead, why don't you play with it on test systems prior to release and STFU with all the whining?

        I second dwc. Just because you were lucky enough to receive your 4.1 cds early, doesn't change the fact 4.1 isn't set to be released until May 1st. Here's an idea, why not go to the post office and hand them your cds and ask them to mail them to you on May 1st. This way you won't have anything to worry about.

        Comments
        1. By Anonymous Coward (85.178.65.209) on

          > > > Seriously: Are the Port-updates ready too?
          > > > I already run a 4.1 Server...
          > > >
          > > > I know I get no priviledges during buying a CD-Set but seriously:
          > > > It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not.
          > > > Don`t the developers/Maintaners have to do the same work twice then?
          > > >
          > > > I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :(
          > > > And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..
          > >
          > > Every time we get something early someone bitches that we don't get everything early. What effect do you think this whining has on motivating developers?
          > >
          > > If you're installing this on servers, and you don't have all the parts you need, then it is completely your fault for having no judgement. If you whine long and hard enough maybe nobody will get anything until the release date. Instead, why don't you play with it on test systems prior to release and STFU with all the whining?
          >
          > I second dwc. Just because you were lucky enough to receive your 4.1 cds early, doesn't change the fact 4.1 isn't set to be released until May 1st. Here's an idea, why not go to the post office and hand them your cds and ask them to mail them to you on May 1st. This way you won't have anything to worry about.

          Well none of you got the Point.
          Port-maintainers and Developers have to checkin Patches twice....
          One time for OpenBSD 4.0 and much later for 4.1 (even 4.1 was tagged in CVS already).

          The delay I`m talking about (specialy mostly for the Ports) is related to &release_date+n. Not before...

          Comments
          1. By sthen (85.158.44.149) on

            > Port-maintainers and Developers have to checkin Patches twice....

            They have to do that anyway. (Well, three times around now; 3.9 is still being maintained). That's just the way OpenBSD handles ports/packages and release cycles.

            > The delay I`m talking about (specialy mostly for the Ports) is related to &release_date+n. Not before...

            n is usually small enough...e.g. see how long it took for the MySQL update to go in after 4.0 was released.

            Comments
            1. By Anonymous Coward (85.178.78.32) on

              > > Port-maintainers and Developers have to checkin Patches twice....
              >
              > They have to do that anyway. (Well, three times around now; 3.9 is still being maintained). That's just the way OpenBSD handles ports/packages and release cycles.
              >
              > > The delay I`m talking about (specialy mostly for the Ports) is related to &release_date+n. Not before...
              >
              > n is usually small enough...e.g. see how long it took for the MySQL update to go in after 4.0 was released.

              Well if they do check in the update for 4.0 they normaly also check in the update for 3.9 (lets take ClamAV or whatever as example).
              But serval weeks later they`ve to update clamav again because of 4.1 (to make it match the 4.0 and 3.9 Version).

              I know "n" >usually< small enough.
              All I say is that there`s no need that "n" even exists if the Maintainers would check in Patches to 4.1 even it isn`t released yet.

              It realy just makes no sense to bother Portmaintainers twice...
              At least not to me.

          2. By Anonymous Coward (84.79.228.107) on


            > Well none of you got the Point.
            > Port-maintainers and Developers have to checkin Patches twice....

            Oh, thank you for caring, don't worry, it's not a big problem for us, we can manage, but your concern has been noted.

        2. By Anonymous Coward (209.139.208.178) on

          > > > Seriously: Are the Port-updates ready too?
          > > > I already run a 4.1 Server...
          > > >
          > > > I know I get no priviledges during buying a CD-Set but seriously:
          > > > It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not.
          > > > Don`t the developers/Maintaners have to do the same work twice then?
          > > >
          > > > I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :(
          > > > And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..
          > >
          > > Every time we get something early someone bitches that we don't get everything early. What effect do you think this whining has on motivating developers?
          > >
          > > If you're installing this on servers, and you don't have all the parts you need, then it is completely your fault for having no judgement. If you whine long and hard enough maybe nobody will get anything until the release date. Instead, why don't you play with it on test systems prior to release and STFU with all the whining?>
          > I second dwc. Just because you were lucky enough to receive your 4.1 cds early, doesn't change the fact 4.1 isn't set to be released until May 1st. Here's an idea, why not go to the post office and hand them your cds and ask them to mail them to you on May 1st. This way you won't have anything to worry about.


          You want to be a smart ass about it, fine. But 4.1 will be the LAST set I BUY because of the same concerns. Buying pre-orders is a scam. (50 dollars for 4 stickers, wow) And god forbid they burn ALL packages to a DVD for their paying customers. Just do a download install and save your $$$$.

          SAVE YOUR MONEY and DO NOT BUY OPENBDSD!!!!

          Comments
          1. By Darrin Chandler (dwc) on http://www.stilyagin.com/darrin/

            > You want to be a smart ass about it, fine. But 4.1 will be the LAST set I BUY because of the same concerns. Buying pre-orders is a scam. (50 dollars for 4 stickers, wow) And god forbid they burn ALL packages to a DVD for their paying customers. Just do a download install and save your $$$$.
            >
            > SAVE YOUR MONEY and DO NOT BUY OPENBDSD!!!!

            I'd rather be a smart ass than a dumb ass, you dumb ass. Bitch and take and give nothing back ever. Bad attitude, lousy reasoning, and plain lack of manners. Since you are so unhappy, why don't you stop using it? Oh, because it's great code? Great code is worth supporting, if you want to see it continue. Don't be such an ass.

          2. By Anonymous Coward (71.162.30.230) on

            > SAVE YOUR MONEY and DO NOT BUY OPENBDSD!!!!

            Does anybody have a sword? I think we've got a troll problem.

          3. By Devin Smith (drs) on

            >
            > You want to be a smart ass about it, fine. But 4.1 will be the LAST set I BUY because of the same concerns. Buying pre-orders is a scam. (50 dollars for 4 stickers, wow) And god forbid they burn ALL packages to a DVD for their paying customers. Just do a download install and save your $$$$.
            >
            > SAVE YOUR MONEY and DO NOT BUY OPENBDSD!!!!

            Good riddance. The OpenBSD project doesn't want users like you.

            Comments
            1. By Anonymous Coward (85.178.78.32) on

              > >
              > > You want to be a smart ass about it, fine. But 4.1 will be the LAST set I BUY because of the same concerns. Buying pre-orders is a scam. (50 dollars for 4 stickers, wow) And god forbid they burn ALL packages to a DVD for their paying customers. Just do a download install and save your $$$$.
              > >
              > > SAVE YOUR MONEY and DO NOT BUY OPENBDSD!!!!
              >
              > Good riddance. The OpenBSD project doesn't want users like you.

              Absolutly...!
              Even I don`t understand why the oBSD-Guys hold back updates for the ports until 4.1 is released I wouldn`t even think about the junk he said.

              My critic was just because the way OpenBSD handles it seams not to be the most effective and it was for sure no "whining".

              But this Dude may should visit a Doctor.... ;]

          4. By art (84.79.228.107) on

            >
            > You want to be a smart ass about it, fine. But 4.1 will be the LAST set I BUY because of the same concerns. Buying pre-orders is a scam. (50 dollars for 4 stickers, wow) And god forbid they burn ALL packages to a DVD for their paying customers. Just do a download install and save your $$$$.
            >
            > SAVE YOUR MONEY and DO NOT BUY OPENBDSD!!!!

            You're free to do that. Thank you for your generosity.

          5. By Lars Hansson (203.65.245.11) lars@unet.net.ph on

            > You want to be a smart ass about it, fine. But 4.1 will be the LAST set > I BUY because of the same concerns.

            How thick are you people? Release data is May 1 and thats when things are fully available. If you pre-order a ticket for a concert do you get to enter the arena 5 days before the concert?

            > SAVE YOUR MONEY and DO NOT BUY OPENBDSD!!!!

            I have a better suggestion to you; save your brain and dont talk. It's obvious that constructing coherent thought patterns is well beyond the limiations of your brain.

    2. By Otto Moerbeek (otto) on http://www.drijf.net

      > Seriously: Are the Port-updates ready too? > I already run a 4.1 Server...

      That's you own choice.

      > I know I get no priviledges during buying a CD-Set but seriously: > It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not. > Don`t the developers/Maintaners have to do the same work twice then?

      The amount of work does not change. The comits have to be tested and done anyway.

      > I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :( > And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..

      Anything coming out of the OpenBSD project---especially things you get before release---can be seen as a gift. If you do not appreciate the gift, don't accept it. But no, instead you ask for more gifts, and that pisses me (and I assume other developers as well) off big time.

      Comments
      1. By Anonymous Coward (85.178.78.32) on

        >
        > Seriously: Are the Port-updates ready too?
        > I already run a 4.1 Server...
        >
        >
        > That's you own choice.
        >
        >
        > I know I get no priviledges during buying a CD-Set but seriously:
        > It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not.
        > Don`t the developers/Maintaners have to do the same work twice then?
        >
        >
        > The amount of work does not change. The comits have to be tested and done anyway.


        > I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :(
        > And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..
        >
        >
        > Anything coming out of the OpenBSD project---especially things you get before release---can be seen as a gift. If you do not appreciate the gift, don't accept it. But no, instead you ask for more gifts, and that pisses me (and I assume other developers as well) off big time.

        Otto you got me wrong.
        Like mostly all so called "developers".

        Don`t take it as a personal offending or "crying" for more so called "gifts" (pretty arrogant to talk about gifts, rly).

        If Theo sends the CDs to the guys who do copy them you could consider 4.1 as "released" (for your internal circle) because that`s what people get if they buy the CDs. So you could have started testing ~3-4 weeks ago.

        I mean in the Ports, like ClamAV, light httpd or others, nothing seriously should get changed between the days where the CDs get copied in the factory (or whereever) and shiped to people who buy these CDs.

        So it makes no sense for me if you tell me you need to test the latest clamav on 4.1 after "it got released" becaue you`ve access to the version wich gets released on may the 1st already in april.

        So it confuses me to see Updates for ClamAV for 3.9 and 4.0 even 4.1 "would have been avaiable" for testing as well. And it confuses me that
        you and other say "wait until May the 1st" because in my moppinion you simply double the work.

        Btw: Of course you may should install a 4.0 even 4.1 is just 3 weeks away but if you get the order to use the latest avaiable and the CDs arrived... well (and exactly that`s why I`m not that happy that f.e. ClamAV is DoS-Able and so).

        That`s how I see it but I would be happy if you may could explain the steps a littlebit further. Propably (Well I`m sure) I don`t know every step about the release circle.

        But one thing is sure Otto: With such a "Fuck you Moron and stop whining"-Attitude the Project itself wont realy sell much CDs.
        You may should keep that in mind because CD-Sells, Donations... thats what helps OpenBSD. And manpower... of course.
        But if you reduce it all to manpower or donations only... what would be left? Im sure OpenBSD wouldn`t be the BSD it is right now.
        And you just feed the trolls who will claim oBSD Developers are like Dragons. :]

        But seriously: I realy dont get the point behind the waiting strategy and it`s not to blame anybody or to "whine" or "ask for features".
        I just would like to understand it.

        Comments
        1. By Anonymous Coward (203.65.245.11) on

          > If Theo sends the CDs to the guys who do copy them you could consider 4.1 as "released" (for your internal circle) because that`s what people get if they buy the CDs. So you could have started testing ~3-4 weeks ago.

          So if I buy an airline ticket for a specific date I should expect to be able to get on any flight before or after that date just because I have a ticket?
          Or if I pre-order a concert ticket I should be able to go to the venue a week in advance and expect the band to show up and put on a show for me? Hey, I pre-ordered right? I mean, they already have instruments and stuff so I really think they should put on a show just for me. Cant be that much work, can it?

          > But seriously: I realy dont get the point behind the waiting strategy and it`s not to blame anybody or to "whine" or "ask for features".
          > I just would like to understand it.

          But seriously, I dont understand how you fail to understand this. May 1 is the official release date, end of story. Period.

    3. By Kian (71.227.220.29) on http://www.zampanosbits.com

      > Seriously: Are the Port-updates ready too?
      > I already run a 4.1 Server...
      >
      > I know I get no priviledges during buying a CD-Set but seriously:
      > It sucks that OpenBSD 4.0 gets updates in the CVS and 4.1 does not.
      > Don`t the developers/Maintaners have to do the same work twice then?
      >
      > I strongly disangree to this behavior because it just delays the time for security updates (Ports) for 4.1. :(
      > And if Ive the choice to install a new Server via CDs I don`t realy consider to use 4.0 even the install is 3 weeks before the "official" release..

      4.1 hasn't been released yet. Don't compare it to 4.0.

      Stop whining. You should've bought the CD set to support the developers' efforts, not to find a bunch of things to complain about.

      You shouldn't have installed 4.1 on a production server 3 weeks before release without understanding the consequences. If you're not doing things the supported way, don't expect support.

  2. By Renaud Allard (renaud) renaud@llorien.org on

    Great that the patches are up even before 4.1 goes out :) And hell to those who think they deserve more gifts than they already got. If patches are up before prod begins, this is an ultimate gift.

    One thing tough, I see two security fixes for ipv6, one of them just being the one that made the OpenBSD motto change after that much years. Wouldn't it be better to disable ipv6 (which most people won't use anyway) in the default install and allow enabling it with a sysctl like ipv6.enable=1?

    Comments
    1. By sthen (85.158.44.149) on

      > Wouldn't it be better to disable ipv6 (which most people won't use anyway)

      Having it on by default has definitely saved me more time by letting me bypass ipv4 problems (in order to fix them) than it's cost in updating kernels to fix bugs. Autoconfiguration and discoverability (ping6 -w ff02::1%iface) make it a convenient way to do point-to-point SSH in face of some types of routing and ipv4 config problems.

      Comments
      1. By Renaud Allard (renaud) on

        > > Wouldn't it be better to disable ipv6 (which most people won't use anyway)
        >
        > Having it on by default has definitely saved me more time by letting me bypass ipv4 problems (in order to fix them) than it's cost in updating kernels to fix bugs. Autoconfiguration and discoverability (ping6 -w ff02::1%iface) make it a convenient way to do point-to-point SSH in face of some types of routing and ipv4 config problems.
        >

        So being given an option to enable it in bsd.rd would be a solution for you?

        Comments
        1. By sthen (85.158.44.149) on

          > > > Wouldn't it be better to disable ipv6 (which most people won't use anyway)
          > >
          > > Having it on by default has definitely saved me more time by letting me bypass ipv4 problems (in order to fix them) than it's cost in updating kernels to fix bugs. Autoconfiguration and discoverability (ping6 -w ff02::1%iface) make it a convenient way to do point-to-point SSH in face of some types of routing and ipv4 config problems.
          >
          > So being given an option to enable it in bsd.rd would be a solution for you?

          From one viewpoint I see why that's attractive and would find it ok, although personally I'm pretty happy with the existing option to block ipv6 selectively using PF (there's a window while bringing up interfaces via /etc/netstart and parsing pf.conf where ipv4 and ipv6 SSH and DNS are permitted on all interfaces, but that's quite a short time unless pf.conf is broken, which is exactly *why* ssh and DNS are permitted there - and it's no trouble to rewrite sections of rc if you're not keen on that).

          OTOH, though, adding knobs increases complexity, makes things harder to test, harder to debug, and sometimes more fragile. It would be damn fiddly to add a knob to enable/disable ipv6 on a running system, as I think you'd need to do if you want to ask the question in the installer, and quite a big change to add the ability to change it in boot -c (currently kernel options are either compiled-in or not-compiled-in depending on whether or not a preprocessor variable is defined).

          Even before considering the time and trouble to do this, I'm not sure it would be worth the increased complexity.

    2. By Anonymous Coward (128.171.90.200) on

      > One thing tough, I see two security fixes for ipv6, one of them just being the one that made the OpenBSD motto change after that much years. Wouldn't it be better to disable ipv6 (which most people won't use anyway) in the default install and allow enabling it with a sysctl like ipv6.enable=1?

      If I remember correctly, it asks at install wether or not you want IPv6 enabled.

  3. By Anonymous Coward (68.165.27.172) on

    When I click on the source code link on the errata page it asks for ftp login and password, why? I have the openbsd 4.1 CDs, and I can't make it secure???

    Comments
    1. By Chris Kuethe (68.148.116.122) ckuethe@ on

      > When I click on the source code link on the errata page it asks for ftp login and password, why? I have the openbsd 4.1 CDs, and I can't make it secure???


      There are power outages in the data center right now - something to do with new UPSes and AC units, IIRC. Various parts are up and down. At any given time, that may include connectivity to AFS or Kerberos, which confuses the heck out of ftpd. We hope it doesn't take *all day* but the maintenance window is a pretty long one.

      CK (also ckuethe@ualberta.ca)

      Comments
      1. By Jeff Quast (dingo) on

        > > When I click on the source code link on the errata page it asks for ftp login and password, why? I have the openbsd 4.1 CDs, and I can't make it secure???
        >
        >
        > There are power outages in the data center right now - something to do with new UPSes and AC units, IIRC. Various parts are up and down. At any given time, that may include connectivity to AFS or Kerberos, which confuses the heck out of ftpd. We hope it doesn't take *all day* but the maintenance window is a pretty long one.
        >
        > CK (also ckuethe@ualberta.ca)

        Does this happen to be the reason why anoncvs required a password?

        Couldn't get a cvs up last night, but worked fine this morning.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]