Hölgyeim és Uraim, az OpenBSD 3.1 megérkezett. A szerverek túlzott leterhelésének elkerülése végett a letöltéseknél kéretik a mirrorokat használni.
Bővebb információt a kiadásról a release announcement-ben találsz:------------------------------------------------------------------ OpenBSD 3.1 RELEASED ------------------------------------------------------------------
May 19, 2002.
It is our pleasure to officially announce the release of OpenBSD 3.1. This year OpenBSD turns 7 years old. In celebration of this milestone, we invite you to enjoy our 11th release on CD-ROM (and 12th via FTP). We continue to celebrate OpenBSD's record of four years without a remote hole in the default install. Just like all of our previous releases, 3.1 provides significant improvements, including new features, in nearly all areas of the system:
- Improved hardware support (http://www.OpenBSD.org/plat.html)
o Much improved support for UltraSPARC hardware. More models are supported and X11 works on all supported models.
o Improved 802.11b support, including a host-based access point mode for Prism chipsets (i.e. wireless bridging). It is now possible to completely configure a wireless interface using ifconfig.
o The hardware crypto drivers now work on all PCI platforms.
o Major macppc improvements including a brand new pmap module that cut 'make build' time by over an hour.
o Tekram TRM-S1040 based PCI SCSI controllers are now supported.
o Creative SB Live! cards are now supported.
o HiFn 7811 is now supported by the hifn driver. A long-standing bug causing PCI aborts has also been fixed in the hifn driver.
o Kernel support for Altivec on the macppc platform.
- Major improvements in the pf packet filter:
o Significant performance improvements due to additional optimizations based on detailed benchmarks. Filter rule evaluation cost (which occurs for every packet that isn't passed statefully) is reduced by about 70%.
o Stateful filtering (including address translation and redirection) for arbitrary IP protocols other than TCP, UDP and ICMP, for instance GRE (used for IPsec/PPTP).
o Configurable memory limits (preventing memory exhaustion). 'pfctl -m' can set an upper bound on the number of simultaneous states or fragments.
o authpf(8), an authenticating gateway user shell, modifies filter rules when a user logs in, controlling network access at the user level.
o New 'fastroute', 'route-to' and 'dup-to' options allow pf to route packets independently of the system routing table. This can be used to e.g., implement source-based routing or to duplicate packets to an IDS or logging host.
o Parser improvements allow further reduction of rule set complexity ('no nat', rdr port ranges, and more).
o Rule labels simplify usage of counters for accounting ('pass in from any to any port www label http_requests').
o The 'no-route' keyword in filter rules matches packets with non-routable addresses. E.g., 'block in quick from no-route to any' blocks packets from non-routable source addresses.
o tcpdump(8) expressions can filter pf logs on pf-specific fields. E.g. 'tcpdump -i pflog0 action block' prints only blocked packets.
o Additional ioctls for adding and removing state entries (used by proxies, authpf(8) and pfctl(8)).
- Ever-improving security (http://www.OpenBSD.org/security.html)
o More fixes for potential signal handler races. Work is ongoing in this area to fix the signal handlers in all programs, not just privileged ones.
o sshd now supports a privilege separation mode where all incoming network traffic takes place in an unprivileged process.
o A number of memory leaks that could lead to denial of service attacks have been plugged.
o Several other security issues fixed throughout the system, many of which were identified by members of the OpenBSD team themselves.
Please see http://www.OpenBSD.org/errata30.html for more details on what was fixed.
- New subsystems included with 3.1
o A version of the venerable spell program is now included.
o Generic macros for manipulating splay trees and red-black trees.
o Support for extended attributes in the filesystem.
- Many other bugs fixed (http://www.OpenBSD.org/plus30.html)
- The "ports" tree is greatly improved (http://www.OpenBSD.org/ports.html)
o The 3.1 CD-ROMs ship with many more pre-built packages for the common architectures. The FTP site contains hundreds more packages (for the important architectures) which we could not fit onto the CD-ROMs.
- Many subsystems improved and updated since the last release:
o A long-standing bug in the i386 MBR that caused a hang on boot with some machines has been fixed.
o Better sizing of kernel buffers, based on amount physical memory.
o Other memory-related limits are tunable without recompiling a lernel via config -e.
o Improved behavior of the virtual memory system in low-memory situations.
o ALTQ is supported by more ethernet drivers and now works on bridged interfaces.
o Loadable kernel modules are now supported on ELF platforms.
o The 2 gigabyte file size limit has been removed from mmap(2), vnd(4), savecore(8), dump(8), restore(8), and rcp(1).
o XFree86 updated to 4.2.0.
o sendmail updated to 8.12.2.
o Latest KAME IPv6
o KTH Heimdal-0.4e
o OpenSSH 3.2
If you'd like to see a list of what has changed between OpenBSD 3.0 and 3.1, look at
http://www.OpenBSD.org/plus31.html
Even though the list is a summary of the most important changes made to OpenBSD, it still is a very very long list.
This is our twelfth OpenBSD release, and the eleventh release which is available on CD-ROM. Our releases have been spaced six months apart, and we plan to continue this timing.
------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------
We provide patches for known security threats and other important issues discovered after each CD release. As usual, between the creation of the OpenBSD 3.1 FTP/CD-ROM binaries and the actual 3.1 release date, our team found and fixed some new reliability problems
(note: most are minor, and in subsystems that are not enabled by default). Our continued research into security means we will find new security problems -- and we always provide patches as soon as possible. Therefore, we advise regular visits to
http://www.OpenBSD.org/security.html
and
http://www.OpenBSD.org/errata.html
Security patch announcements are sent to the security-announce@OpenBSD.org mailing list. For information on OpenBSD mailing lists, please see:
http://www.OpenBSD.org/mail.html
------------------------------------------------------------------------
- CD-ROM SALES ----------------------------------------------------------
OpenBSD 3.1 is also available on CD-ROM. The 3-CD set costs $40USD (EUR 45) and is available via mail order and from a number of contacts around the world. The set includes a colorful booklet which carefully explains the installation of OpenBSD. A new set of cute little stickers are also included (sorry, but our FTP mirror sites do not support STP, the Sticker Transfer Protocol). As an added bonus, the second CD contains an exclusive audio track by Ty Semaka,
http://www.thedevils.com/.
Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now.
The OpenBSD 3.1 CD-ROMs are bootable on the following six platforms:
o i386
o alpha
o sparc
o sparc64 (UltraSPARC)
o macppc
o hp300*
* The m68k-based platforms, including hp300, are located on a fourth CD that is not included in the official CD-ROM package. You can download the ISO image for the fourth CD as described below.
(Other platforms must boot from floppy, network, or other method).
For more information on ordering CD-ROMs, see:
http://www.OpenBSD.org/orders.html
The above web page lists a number of places where OpenBSD CD-ROMs can be purchased from. For our default mail order, go directly to:
https://https.OpenBSD.org/cgi-bin/order
or, for European orders:
https://https.OpenBSD.org/cgi-bin/order.eu
All of our developers strongly urge you to buy a CD-ROM and support our future efforts. As well, donations to the project are highly appreciated, as described in more detail at:
http://www.OpenBSD.org/goals.html#funding
Due to space restrictions and our desire not to raise the cost of the CD-ROM, the Motorola 68k-based platforms are located on a fourth CD that is not included in the official CD-ROM package. An ISO image for this CD may be downloaded from:
ftp://ftp.openbsd.org/pub/OpenBSD-ISO/3.1-CD4.iso
This CD contains the amiga, hp300, mac68k and mvme68k install sets as well as the m68k packages. The CD is bootable on the hp300. Note that not all ftp mirrors will carry the CD image.
------------------------------------------------------------------------
- T-SHIRT SALES --------------------------------------------------------
The project continues to expand its funding base by selling t-shirts and polo shirts. And our users like them too. We have a variety of shirts available, with the new and old designs, from our web ordering system at:
https://https.OpenBSD.org/cgi-bin/order
The new 3.1 t-shirt is not available at this time but will be
available shortly.
------------------------------------------------------------------------
- FTP INSTALLS ---------------------------------------------------------
If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily installed via FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet. Follow this simple set of instructions to ensure that you find all of the documentation you will need while performing an install via FTP. With the CD-ROMs, the necessary documentation is easier to find.
1) Read either of the following two files for a list of ftp
mirrors which provide OpenBSD, then choose one near you:
http://www.OpenBSD.org/ftp.html
ftp://ftp.OpenBSD.org/pub/OpenBSD/3.1/ftplist
2) Connect to that ftp mirror site and go into the directory
pub/OpenBSD/3.1/ which contains these files and directories. This is a list of what you will see:
Changelogs/ alpha/ macppc/ sparc64/
HARDWARE amiga/ mvme68k/ src.tar.gz
PACKAGES ftplist packages/ srcsys.tar.gz
PORTS hp300/ ports.tar.gz tools/
README i386/ root.mail vax/
XF4.tar.gz mac68k/ sparc/
It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.
README - generic README
HARDWARE - list of hardware we support
PORTS - description of our "ports" tree
PACKAGES - description of pre-compiled packages
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).
3) Read the README file. It is short, and a quick read will make sure you understand what else you need to fetch.
4) Next, go into the directory that applies to your architecture, for example, i386. This is a list of what you will see:
CKSUM INSTALL.os2br comp31.tgz man31.tgz
INSTALL.ata INSTALL.pt etc31.tgz misc31.tgz
INSTALL.chs MD5 floppy31.fs xbase31.tgz
INSTALL.dbr base31.tgz floppyB31.fs xfont31.tgz
INSTALL.i386 bsd floppyC31.fs xserv31.tgz
INSTALL.linux bsd.rd game31.tgz xshare31.tgz
INSTALL.mbr cdrom31.fs index.txt
If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386 and the appropriate floppy*.fs file. Consult the INSTALL.i386 file if you don't know which of the floppy images you need (or simply fetch all of them).
5) If you are an expert, follow the instructions in the file called README; otherwise, use the more complete instructions in the file called INSTALL.i386. INSTALL.i386 may tell you that you need to fetch other files.
6) Just in case, take a peek at:
http://www.OpenBSD.org/errata.html
This is the page where we talk about the mistakes we made while creating the 3.1 release, or the significant bugs we fixed post-release which we think our users should have fixes for. Patches and workarounds are clearly described there.
Note: If you end up needing to write a raw floppy using Windows, you can use "fdimage.exe" located in the
pub/OpenBSD/3.1/tools
directory to do so.
------------------------------------------------------------------------
- XFree86 FOR MOST ARCHITECTURES ---------------------------------------
XFree86 has been integrated more closely into the system. This release contains XFree86 4.2.0. Most of our architectures ship with XFree86, including sparc, sparc64 and macppc. During installation, you can install XFree86 quite easily. Be sure to try out xdm(1) and see how we have customized it for OpenBSD.
On the i386 platform a few older X servers are included from XFree86 3.3.6. These can be used for cards that are not supported by XFree86 4.2.0 or where XFree86 4.2.0 support is buggy. Please read the /usr/X11R6/README file for post-installation information.
------------------------------------------------------------------------
- PORTS TREE -----------------------------------------------------------
The OpenBSD ports tree contains automated instructions for building third party software. The software has been verified to build and run on the various OpenBSD architectures. The 3.1 ports collection, including many of the distribution files, is included on the 3-CD set. Please see PORTS file for more information. Note: some of the most popular ports, e.g., the Apache web server and several X applications, come standard with OpenBSD. Also, many popular ports have been pre-compiled for those who do not desire to build their own binaries (see PACKAGES, below).
------------------------------------------------------------------------
- BINARY PACKAGES WE PROVIDE -------------------------------------------
A large number of binary packages are provided. Please see PACKAGES file (ftp://ftp.OpenBSD.org/pub/OpenBSD/PACKAGES) for more details.
------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------
The CD-ROMs contain source code for all the subsystems explained above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/README) file explains how to deal with these source files. For those who are doing an FTP install, the source code for all four subsystems can be found in the pub/OpenBSD/3.1/ directory:
XF4.tar.gz ports.tar.gz src.tar.gz srcsys.tar.gz
------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------
OpenBSD 3.1 includes artwork and CD artistic layout by Ty Semaka, who also is featured in an audio track on the OpenBSD 3.1 CD set. Ports tree and package building by Christian Weisgerber, David Lebel, Marc Espie, Peter Valchev and Miod Vallat. System builds by Theo de Raadt, Niklas Hallqvist, Todd Fries and Bob Beck. ISO-9660 filesystem layout by Theo de Raadt.
We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who pre-ordered the 3.1 CD-ROM or bought our previous
CD-ROMs. Those who did not support us financially have still helped us with our goal of improving the quality of the software.
Our developers are:
Aaron Campbell, Angelos D. Keromytis, Anil Madhavapeddy, Artur Grabowski, Ben Lindstrom, Bob Beck, Brad Smith, Brandon Creighton, Brian Caswell, Brian Somers, Bruno Rohee, Camiel Dobbelaar, Chris Cappuccio, Christian Weisgerber, Constantine Sapuntzakis, Dale Rahn, Damien Miller, Dan Harnett, Daniel Hartmeier, David B Terrell, David Lebel, David Leonard, Dug Song, Eric Jackson, Federico G. Schwindt, Grigoriy Orlov, Hakan Olsson, Hans Insulander, Heikki Korpela, Horacio Menezo Ganau, Hugh Graham, Ian Darwin, Jakob Schlyter, Jan-Uwe Finck, Jason Ish, Jason Peel, Jason Wright, Jean-Baptiste Marchand, Jean-Jacques Bernard-Gundol, Jim Rees, Joshua Stein,
Jun-ichiro itojun Hagino, Kenjiro Cho, Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding, Louis Bertrand, Marc Espie, Marco S Hyman, Mark Grimes, Markus Friedl, Mats O Jansson, Matt Behrens, Matt Smart, Matthew Jacob, Matthieu Herrb, Michael Shalayeff, Michael T. Stolarchuk, Mike Frantzen, Mike Pechkin, Miod Vallat Nathan Binkert, Nick Holland, Niels Provos, Niklas Hallqvist, Oleg Safiullin, Paul Janzen, Peter Galbavy, Peter Stromberg, Peter Valchev, Reinhard J. Sammer, Shell Hin-lik Hung, Steve Murphree, Thierry Deval, Theo de Raadt, Thorsten Lockert, Tobias Weingartner, Todd C. Miller, Todd T. Fries, Wim Vandeputte.