Download OpenBSD 3.7

OpenBSD received an upgrade today to take to version 3.7. The new version is from here downloadable for different platforms. This Unix operating system is based on the BSD code and is considered one of the most secure OSs on the market. Version 3.7 comes with a range of new features, bug fixes and improvements. These changes are grouped below, but for a complete overview you can visit this document†

what’s new

• New platforms:
  • OpenBSD/zaurus. Expanding the arm porting effort by supporting the Sharp Zaurus SL-C3000, bringing a secure ssh-capable machine to your pocket.
  • OpenBSD/sgi. A 64-bit port supporting O2 machines with R5000, RM5200, RM7000, R10000 and R12000 CPUs.
• Support for a number of much faster 64-bit machines (in 32-bit mode) in the OpenBSD/hppa port.
• Improved hardware support, including:
  • New ath(4) driver for Atheros IEEE 802.11a/b/g wireless network adapters.
  • New iwi(4) driver for Intel PRO/Wireless 2200BG/2225BG/2915ABG IEEE 802.11a/b/g wireless network adapters.
  • New ipw(4) driver for Intel PRO/Wireless 2100 IEEE 802.11b wireless network adapters.
  • New atu(4) driver for Atmel AT76C50x USB IEEE 802.11b wireless network adapters.
  • New ral(4) and ural(4) [USB] drivers for Ralink Technology RT25x0 IEEE 802.11a/b/g wireless network adapters.
  • New rtw(4) driver for Realtek 8180 IEEE 802.11b wireless network adapters.
  • Added support to re(4) driver for Realtek 8169 CardBus Ethernet adapters.
  • New udav(4) driver for Davicom DM9601 USB Ethernet adapters.
  • New vge(4) driver for VIA Networking Technologies VT6122 PCI Gigabit Ethernet adapters.
  • New piixpm(4) driver for the Intel PIIX Power Management controller.
  • New ubt(4) driver for USB Bluetooth adapters.
• Many enhancements in the OpenBSD/mac68k port.
  • Switch to a bsd.rd-based install.
  • Improved interrupt system.
  • Create partitions with pdisk(8).
  • Add mc(4) support and enhance zsc(4) support.
• New tools:
  • ospfd(8), implementing the OSPFv2 routing protocol.
  • getcap(1), providing easy access to the capability database.
• New functionality:
  • Repaired mirroring mode in ccd(4).
  • Privilege separation for ftpd(8).
  • Bash-style prompt expansion and POSIX hex and octal constants in ksh(1).
  • Improved TCP send performance.
  • Reentrant getproto*_r(3) and getserv*_r(3) functions.
  • In-kernel pppoe(4) support.
  • pim(4) (Protocol Independent Multicast) support added.
• New functionality for ntpd(8), the Network Time Protocol Daemon:
  • ntpd can now set the time immediately on startup itself, eliminating the need to run rdate -n beforehand.
  • Use median instead of average when collapsing all the peers’ offsets into one, greatly improving resistance against falsetickers.
  • Calculate root delay, stratum, and precision properly; include these in replies sent out in server mode.
  • Many logging improvements: ntpd is now almost completely silent in normal operation (unless in debug mode, of course).
• New functionality for bgpd(8), the Border Gateway Protocol Daemon:
  • Allow sessions to depend on a CARP interface’s master/backup state, reducing failover times in redundant setups.
  • Lower latency for requests from other peers or bgpctl while under heavy load, eg initial table transfer when a session comes up.
  • Allow for the peer descriptions to be used in bgpctl commands where previously only their IPs were allowed.
  • Allow bgpd to not prepend its own AS number and to not modify the nexthop on updates sent out.
  • Show associated interfaces and their state on “show nexthop”, to help pointing out why nexthops are invalid.
  • Allow for relative metrics modification, ie “set localpref +20”.
• New functionality and improvements for pf(4), the packet filter:
  • Improved carp(4), new carpdev mode for IP-less interfaces.
  • Support limiting TCP connections by establishment rate, automatically adding flooding IP addresses to tables and flushing states (max-src-conn-rate, overload [table]flush global).
  • Improved functionality of tags (tag and tagged for translation rules, tagging of all packets matching state entries).
  • Improved diagnostics (error messages and additional counters from pfctl -si).
  • New keyword set skip on to skip filtering on arbitrary interfaces, like loopback.
  • Filtering on route(8) labels.
  • Several bug fixes improving stability.
• New functionality and improvements for isakmpd(8), the Internet Security Association and Key Management Daemon:
  • Allow the Address, Network, or Netmask values ​​of the “IPsec-ID” to be specified with an interface name or the keyword “default” (in which case the address is selected based on the default route).
  • Improved NAT-T and DPD stability and interoperability.
• New functionality and improvements for spamd(8), the Spamd Spam Deferral Daemon
  • Allow the addition of spamtrap addresses to the spamd database using spamdb(8). Spamd will automatically blacklist hosts that attempt to deliver mail to a spamtrap address while greylisted.
• New functionality and many improvements for the package tools:
  • Major overhaul of the package format, simplifying common tasks like user creation.
  • In-place updates of packages with pkg_add -r.
  • Progress meters, which make installing big packages a more pleasant experience.
  • Reliable dependencies on shared libraries, including the base system.
  • Many performance improvements.
• About 3000 ports, 2800 pre-built packages.
• Many improvements for security and reliability. Cleaner source code for ksh(1), httpd(8), and many more programs.
• As usual, many improvements in manual pages and other documentation.
• OpenSSH 4.1:
  • Local, remote and dynamic port forwards may be configured to listen on specific IP addresses.
  • sshd_config(5) now understands “GatewayPorts clientspecified” to allow client-specified listen addresses in remote port forwards. The existing behavior for “yes” and “no” is maintained.
  • known_hosts files may be hashed to provide privacy if they are later disclosed.
  • ssh-keygen(1) has additional modes to generate and manage hashed known_hosts files.
  • Users will be warned of impending password and account expiry.
  • Corrupt keys in authorized_keys are now handled gracefully.
  • sftp(1) has speed improvements for “ls” and now uses libedit for command line editing and history.
  • sshd(8) will now log the source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups.
  • AddressFamily option in sshd_config(5) now has an AddressFamily option to provide global control of IPv4 and IPv6 usage by sshd(8).
  • ssh(1)’s multiplex (ControlMaster) mode has been improved and now provides additional capabilities such as checking if the master is alive, obtaining its process ID and requesting that it shut down.
• OpenBSD/i386 and OpenBSD/macppc now use gcc 3.3.5.
• OpenBSD/amd64, OpenBSD/cats, OpenBSD/macppc, OpenBSD/hppa, OpenBSD/sgi, OpenBSD/sparc64 and OpenBSD/zaurus now use DWARF2 (C++) exception handling.
• The system includes the following major components from outside suppliers:
  • X.Org 6.8.2 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org)
  • Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
  • Perl 5.8.6 (+patches)
  • Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
  • OpenSSL 0.9.7d (+patches)
  • coarse 1.15
  • Sendmail 8.13.3, with libmilter
  • Bind 9.3.0 (+ patches)
  • Lynx 2.8.5rel.2 with HTTPS and IPv6 support (+ patches)
  • sudo 1.6.8p6
  • Ncurses 5.2
  • Latest KAME IPv6
  • Heimdal 0.6rc1 (+ patches)
  • Arla 0.35.7
  • Binutils 2.15
  • Gdb 6.3