OpenBSD 5.1 released May 1, 2012
Tue, 01 May 2012 07:53:15 -0700 Post Comments
- OpenBSD 5.1 RELEASED -------------------------------------------------
May 1, 2012.
We are pleased to announce the official release of OpenBSD 5.1.
This is our 31st release on CD-ROM (and 31th via FTP). We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.
As in our previous releases, 5.1 provides significant improvements,
including new features, in nearly all areas of the system:
- Improved hardware support, including:
o umsm(4) supports additional mobile broadband devices.
o Non-GigE ale(4) devices can now establish link to a GigE link partner.
o Support for Intel 82580 has been added to em(4).
o Support for MegaRAID 9240 has been added to mfi(4).
o Support for Nuvoton NCT6776F has been added to lm(4).
o Support for Centrino Advanced-N 6205 has been added to iwn(4).
o Support for SiS 1182/1183 SATA has been added to pciide(4).
o Support for Synaptics touch pads through the synaptics(4) X.Org
input driver is now enabled by default.
o Support for Intel Sandy Bridge integrated graphics cards has been
added to the intel(4) X.Org driver.
o Assembler implementation of the AES-GCM mode for new Intel and
future AMD CPUs has been added.
o usb(4) probes bus after resume, improves functionality for some laptops.
- Generic network stack improvements:
o RFC4638 MTU negotiation for pppoe(4).
o npppdctl(8) replaced with npppctl(8), written from scratch.
Includes support for IPv6 as tunnel source address.
o Improve performance (throughput and loss rate) for PPTP, pppd(8)
or L2TP(/IPsec) on unstable latency networks (eg mobile).
o Improved IPv6 fragment handling.
o Many robustness improvements for IEEE 802.11 (particularly hostap).
o Improved vlan priority support, including mapping to interface queues.
o Initial rdomains support for IPv6.
o Robustness improvements for carp(4).
o Various IPv6 and rdomain related improvements for carp(4).
- Routing daemons and other userland network improvements:
o fstat(8) now displays routing table ID and socket-splicing information
and ps can display routing table ID.
o traceroute(8) and traceroute6(8) can look up ASNs for each hop.
o snmpd(8) adds a MIB to show statistics for carp(4) interfaces.
o bgpctl(8) parses and display MRT routing table dumps.
o ntpd(8) supports multiple rdomains.
o When ospfd(8) detects route socket overflow, it now delays before
it reloads the fib.
o Improved and more consistent ToS support in various network
tools (tcpbench(8), nc(8), ping(8), traceroute(8)).
o Initial inport of login_yubikey(8) for logging in using yubikeys.
- pf(4) improvements:
o One-shot rule support for pf(4), for use with proxies via anchors.
o NAT64 support in PF using the af-to keyword.
o Much improved IPv6 fragment handling.
o Various enhancements with ICMP and especially ICMPv6 states
o Improved IPv6 Neighbor Discovery and Multicast Listener Discovery handling.
o pfctl(8) now prints port numbers instead of service names by default.
o Netflow v9 and ipfix support for pflow(4).
o Many pfsync(4) fixes and improvements including jumbo frames and
automatically requesting a bulk update after a physical interface
comes online.
- Assorted improvements:
o Improved locale support.
o Support for MSG_NOSIGNAL.
o KERN_PROC_CWD sysctl(3) for fetching the path to a process's
working directory.
o Improved fnmatch(3), glob(3), and regcomp(3) implementations
to resist DoS attacks.
o Lots of HISTORY and AUTHORS information added to manpages.
o Improved checking of file-offset wraparound.
o pwrite(2)/pwritev(2) now correctly by ignored O_APPEND.
o Improved conformance of header files with standards.
o Improved cancelation support in both user-threads (libpthread)
and rthreads.
o Improved correctness of execing, coredumping, signal delivery,
alternate signal stacks, blocking socket accepts(), mutexes
and condition variables, per-thread errno, symbol binding,
and ktracing when rthreads are in use.
o Architecture-independent kernel support for thread-control-block
handling for rthreads.
o Small improvements to Linux compat (only available on i386).
o Multiple bugs have been fixed in the Intel 10Gb driver ix(4).
o softraid(4) now supports a concatenating discipline.
o On amd64, i386, and sparc64, the root filesystem can reside in
a softraid(4) volume. The kernel needs to be booted from a
non-softraid partition.
o On amd64, the system can be booted from a softraid(4) RAID1 volume.
o aucat(1) adds a "device number" component in sndio(7) device
names, allowing a single aucat instance to handle all audio
and MIDI services.
o Built-in sndiod(1) sound daemon now uses default rate 48kHz and
the default block size 10ms. These settings ensure video players
and programs using MTC are smooth by default.
o Many updates to smtpd(8): a new scheduler_backend API introduced,
more MIME 1.0 support added, new filter callbacks for network events,
improved DNS error reporting and envelope handling, and the
purge/ directory is now cleared via a privilege-separated child.
o tmux(1) is extended to support a larger history, minimizes redundant
log messages and does some code reordering for more local and less
global variables. Support is added for the ESC[s and ESC[u
save/restore cursor-position key sequences. $HOME (or ~) may now
be used as default-path in tmux.conf.
o Enhanced cwm(1) event support, added {r,}cycleingroup to cycle
through clients belonging to the same group as the active client,
simplified color initialization.
o The mg(1) emacs-like editor: now uses absolute filenames while
pushing and popping off the stack. In dired mode: corrected
cursor movements and added missing keybindings.
- OpenSSH 6.0:
o New features:
- ssh-keygen(1): add optional checkpoints for moduli screening.
- ssh-add(1): new -k option to load plain keys (skipping
certificates).
- sshd(8): add wildcard support to PermitOpen, allowing things
like "PermitOpen localhost:*". (bz#1857)
- ssh(1): support for cancelling local and remote port forwards
via the multiplex socket. Use "ssh -O cancel -L xx:xx:xx -R
yy:yy:yy user@host" to request the cancellation of the
specified forwardings.
- support cancellation of local/dynamic forwardings from ~C commandline.
o The following significant bugs have been fixed in this release:
- ssh(1): ensure that $DISPLAY contains only valid characters
before using it to extract xauth data so that it can't be
used to play local shell metacharacter games.
- ssh(1): unbreak remote port forwarding with dynamic allocated
listen ports.
- scp(1): uppress adding '--' to remote commandlines when the
first argument does not start with '-'. Saves breakage on
some difficult-to-upgrade embedded/router platforms.
- ssh(1) and sshd(8): fix typo in IPQoS parsing: there is
no "AF14" class, but there is an "AF21" class.
- ssh(1) and sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT
during rekeying.
- ssh(1): skip attempting to create ~/.ssh when -F is passed.
- sshd(8): unbreak stdio forwarding when ControlPersist is
in use. (bz#1943)
- sshd(8): send tty break to pty master instead of (probably
already closed) slave side. (bz#1859)
- sftp(1): silence error spam for "ls */foo" in directory
with files. (bz#1683)
- Fixed a number of memory and file descriptor leaks.
- Over 7,000 ports, major performance and stability improvements in
the package build process
o Downloading of distfiles is simpler, can resume interrupted
download, discover file moves, and expire old files. Distfiles
mirror sites now use the new and improved method.
o Dependency handling during ports build and package creation is
at least twice as fast, twenty times as fast in pathological
cases. This also affects user scripts such as out-of-date
o More checks are done during package builds, for increased
user friendliness
o The long term process of documenting the infrastructure
is now 100% done.
o The distributed ports builder (dpb) can now clean up old
dependencies, thus helping package builds be more reproducible.
This found tens of hidden build dependencies in the ports tree already.
o The semantics of pkg_add -a have been nailed down and a few minor
bugs have been fixed.
o The arch-dependent issues are better classified, leading to
better builds on old architectures in some complicated cases.
In particular, dpb explicitly purges from memory info about
packages it cannot build and stuff that depends on it,
leading to better life on sparc and vax which have very small
data-size limits.
o dpb recognizes full builds and trims some duplicate package builds
- Many pre-built packages for each architecture:
o i386: 7229 o sparc64: 6599
o alpha: 5943 o sh: 2459
o amd64: 7181 o powerpc: 6852
o sparc: 4152 o arm: 5536
o hppa: 6159 o vax: 2199
o mips64: 5785 o mips64el: 5807
- Some highlights:
o Gnome 3.2.1 o KDE 3.5.10
o Xfce 4.8.3 o MySQL 5.1.60
o PostgreSQL 9.1.2 o Postfix 2.8.8
o OpenLDAP 2.3.43 and 2.4.26 o GHC 7.0.4
o Mozilla Firefox 3.5.19, 3.6.25 and 9.0.1
o Mozilla Thunderbird 9.0.1 o LibreOffice 3.4.5.2
o Emacs 21.4, 22.3 and 23.4 o Vim 7.3.154
o PHP 5.2.17 and 5.3.10 o Python 2.5.4, 2.7.1 and 3.2.2
o Ruby 1.8.7.357 and 1.9.3.0 o Tcl 8.5.11
o Jdk 1.7 o Mono 2.10.6
o Chromium 16.0.912.77 o Groff 1.21
- As usual, steady improvements in manual pages and other documentation.
o Base system and Xenocara manuals are now installed as source code,
making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
o If both formatted and source versions of manuals are installed,
man(1) automatically displays the newer version of each page.
- The system includes the following major components from outside suppliers:
o Xenocara (based on X.Org 7.6 with xserver 1.11.4 + patches,
freetype 2.4.8, fontconfig 2.8.0, Mesa 7.10.3, xterm 276,
xkeyboard-config 2.5 and more)
o Gcc 4.2.1 (+patches), 3.3.5 (+ patches) and 2.95.3 (+ patches)
o Perl 5.12.2 (+ patches)
o Our improved and secured version of Apache 1.3, with SSL/TLS
and DSO support
o OpenSSL 1.0.0f (+ patches)
o Sendmail 8.14.5, with libmilter
o Bind 9.4.2-P2 (+ patches)
o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
o Sudo 1.7.2p8
o Ncurses 5.7
o Heimdal 0.7.2 (+ patches)
o Arla 0.35.7
o Binutils 2.15 (+ patches)
o Gdb 6.3 (+ patches)
o Less 444 (+ patches)
o Awk Aug 10, 2011 version
If you'd like to see a list of what has changed between OpenBSD 5.0
and 5.1, look at
http://www.OpenBSD.org/plus51.html
Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
We provide patches for known security threats and other important
issues discovered after each CD release. As usual, between the
creation of the OpenBSD 5.1 FTP/CD-ROM binaries and the actual 5.1
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default). Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible. Therefore, we advise regular visits to
http://www.OpenBSD.org/security.html
and
http://www.OpenBSD.org/errata.html
Security patch announcements are sent to the security-announce*******
mailing list. For information on OpenBSD mailing lists, please see:
http://www.OpenBSD.org/mail.html
OpenBSD 5.1 is also available on CD-ROM. The 3-CD set costs $50 CDN and
is available via mail order and from a number of contacts around the
world. The set includes a colourful booklet which carefully explains the
installation of OpenBSD. A new set of cute little stickers is also
included (sorry, but our FTP mirror sites do not support STP, the Sticker
Transfer Protocol). As an added bonus, the second CD contains an audio
track, a song entitled "Bug Busters". MP3 and OGG versions of
the audio track can be found on the first CD.
Lyrics (and an explanation) for the songs may be found at:
http://www.OpenBSD.org/lyrics.html#51
Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.
The OpenBSD 5.1 CD-ROMs are bootable on the following four platforms:
o i386
o amd64
o macppc
o sparc64
(Other platforms must boot from floppy, network, or other method).
For more information on ordering CD-ROMs, see:
http://www.OpenBSD.org/orders.html
The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from. For our default mail order, go directly to:
https://https.OpenBSD.org/cgi-bin/order
All of our developers strongly urge you to buy a CD-ROM and support
our future efforts. Additionally, donations to the project are
highly appreciated, as described in more detail at:
http://www.OpenBSD.org/goals.html#funding
For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation ( http://www.openbsdfoundation.org ) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts. In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses. There may also be exposure benefits
since the Foundation may be interested in participating in press releases.
In turn, the Foundation then uses these contributions to assist OpenBSD's
infrastructure needs. Contact the foundation directors at
directors*******for more information.
The OpenBSD distribution companies also sell tshirts and polo shirts.
And our users like them, too. We have a variety of shirts available,
with the new and old designs, from our web ordering system at, as
described above.
If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP or HTTP downloads. Typically you need a single
small piece of boot media (e.g., a boot floppy) and then the rest
of the files can be installed from a number of locations, including
directly off the Internet. Follow this simple set of instructions
to ensure that you find all of the documentation you will need
while performing an install via FTP or HTTP. With the CD-ROMs,
the necessary documentation is easier to find.
1) Read either of the following two files for a list of ftp/http
mirrors which provide OpenBSD, then choose one near you:
http://www.OpenBSD.org/ftp.html
ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/ftplist
As of Nov 1, 2011, the following ftp mirror sites have the 5.1 release:
ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.1/ Stockholm, Sweden
ftp://ftp.bytemine.net/pub/OpenBSD/5.1/ Oldenburg, Germany
ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.1/ Zurich, Switzerland
ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.1/ Paris, France
ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/ Vienna, Austria
ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.1/ Brisbane, Australia
ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.1/ CO, USA
ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.1/ CA, USA
ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.1/ Michigan, USA
The release is also available at the master site:
ftp://ftp.openbsd.org/pub/OpenBSD/5.1/ Alberta, Canada
However it is strongly suggested you use a mirror.
Other mirror sites may take a day or two to update.
2) Connect to that ftp mirror site and go into the directory
pub/OpenBSD/5.1/ which contains these files and directories.
This is a list of what you will see:
ANNOUNCEMENT armish/ mvme68k/ sparc64/
Changelogs/ ftplist mvme88k/ src.tar.gz
HARDWARE hp300/ packages/ sys.tar.gz
PACKAGES hppa/ ports.tar.gz tools/
PORTS i386/ root.mail vax/
README landisk/ sgi/ xenocara.tar.gz
alpha/ mac68k/ socppc/ zaurus/
amd64/ macppc/ sparc/
It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.
README - generic README
HARDWARE - list of hardware we support
PORTS - description of our "ports" tree
PACKAGES - description of pre-compiled packages
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).
3) Read the README file. It is short, and a quick read will make
sure you understand what else you need to fetch.
4) Next, go into the directory that applies to your architecture,
for example, i386. This is a list of what you will see:
INSTALL.i386 cd51.iso floppyB51.fs pxeboot*
INSTALL.linux cdboot* floppyC51.fs xbase51.tgz
MD5 cdbr* game51.tgz xetc51.tgz
base51.tgz cdemu51.iso index.txt xfont51.tgz
bsd* comp51.tgz install51.iso xserv51.tgz
bsd.mp* etc51.tgz man51.tgz xshare51.tgz
bsd.rd* floppy51.fs misc51.tgz
If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
and the appropriate floppy*.fs or install51.iso files. Consult the
INSTALL.i386 file if you don't know which of the floppy images
you need (or simply fetch all of them).
If you use the install51.iso file (roughly 250MB in size), then you
do not need the various *.tgz files since they are contained on that
one-step ISO-format install CD.
5) If you are an expert, follow the instructions in the file called
README; otherwise, use the more complete instructions in the
file called INSTALL.i386. INSTALL.i386 may tell you that you
need to fetch other files.
6) Just in case, take a peek at:
http://www.OpenBSD.org/errata.html
This is the page where we talk about the mistakes we made while
creating the 5.1 release, or the significant bugs we fixed
post-release which we think our users should have fixes for.
Patches and workarounds are clearly described there.
Note: If you end up needing to write a raw floppy using Windows,
you can use "fdimage.exe" located in the pub/OpenBSD/5.1/tools
directory to do so.
X.Org has been integrated more closely into the system. This release
contains X.Org 7.6. Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc. During installation, you can install
X.Org quite easily. Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.
The OpenBSD ports tree contains automated instructions for building
third party software. The software has been verified to build and
run on the various OpenBSD architectures. The 5.1 ports collection,
including many of the distribution files, is included on the 3-CD
set. Please see the PORTS file for more information.
Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD. Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).
A large number of binary packages are provided. Please see the PACKAGES
file ( ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/PACKAGES ) for more details.
The CD-ROMs contain source code for all the subsystems explained
above, and the README ( ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/README )
file explains how to deal with these source files. For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/5.1/ directory:
xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
Ports tree and package building by Jasper Lievisse Adriaanse,
Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler,
Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber.
System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat.
X11 builds by Todd Fries and Miod Vallat. ISO-9660 filesystem
layout by Theo de Raadt.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who pre-ordered the 5.1 CD-ROM or bought our previous
CD-ROMs. Those who did not support us financially have still helped
us with our goal of improving the quality of the software.
Our developers are:
Alexander Bluhm, Alexander Hall, Alexander Schrijver,
Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov,
Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers,
Bob Beck, Bret Lambert, Bryan Steele, Camiel Dobbelaar,
Can Erkin Acar, Charles Longeau, Chris Kuethe, Christian Weisgerber,
Christiano F. Haesbaert, Claudio Jeker, Dale Rahn, Damien Bergamini,
Damien Miller, Darren Tucker, David Coppa, David Gwynne, David Hill,
David Krause, Edd Barrett, Eric Faurot, Federico G. Schwindt,
Felix Kronlage, Gilles Chehade, Giovanni Bechis, Gleydson Soares,
Henning Brauer, Ian Darwin, Igor Sobrado, Ingo Schwarze,
Jacek Masiulaniec, Jakob Schlyter, Janne Johansson, Jason George,
Jason McIntyre, Jason Meltzer, Jasper Lievisse Adriaanse,
Jeremy Evans, Jim Razmus II, Joel Knight, Joel Sing, Joerg Zinke,
Jolan Luff, Jonathan Armani, Jonathan Gray, Jonathan Matthew,
Jordan Hargrave, Joshua Elsasser, Joshua Stein, Kenji Aoyama,
Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller,
Landry Breuil, Laurent Fanis, Luke Tymowski, Marc Espie,
Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden,
Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus,
Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb,
Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat,
Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth,
Pascal Stumpf, Paul de Weerd, Paul Irofti, Peter Hessler,
Peter Valchev, Philip Guenther, Pierre-Emmanuel Andre,
Pierre-Yves Ritschard, Remi Pointel, Reyk Floeter, Robert Nagy,
Ryan Freeman, Ryan Thomas McBride, Sasano, Sebastian Benoit,
Sebastian Reitenbach, Simon Bertrang, Simon Perreault,
Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh,
Stuart Cassoff, Stuart Henderson, Takuya Asada, Ted Unangst,
Theo de Raadt, Thordur I Bjornsson, Tobias Stoeckmann,
Tobias Weingartner, Todd C. Miller, Todd Fries, Uwe Stuehler,
Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo
May 1, 2012.
We are pleased to announce the official release of OpenBSD 5.1.
This is our 31st release on CD-ROM (and 31th via FTP). We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.
As in our previous releases, 5.1 provides significant improvements,
including new features, in nearly all areas of the system:
- Improved hardware support, including:
o umsm(4) supports additional mobile broadband devices.
o Non-GigE ale(4) devices can now establish link to a GigE link partner.
o Support for Intel 82580 has been added to em(4).
o Support for MegaRAID 9240 has been added to mfi(4).
o Support for Nuvoton NCT6776F has been added to lm(4).
o Support for Centrino Advanced-N 6205 has been added to iwn(4).
o Support for SiS 1182/1183 SATA has been added to pciide(4).
o Support for Synaptics touch pads through the synaptics(4) X.Org
input driver is now enabled by default.
o Support for Intel Sandy Bridge integrated graphics cards has been
added to the intel(4) X.Org driver.
o Assembler implementation of the AES-GCM mode for new Intel and
future AMD CPUs has been added.
o usb(4) probes bus after resume, improves functionality for some laptops.
- Generic network stack improvements:
o RFC4638 MTU negotiation for pppoe(4).
o npppdctl(8) replaced with npppctl(8), written from scratch.
Includes support for IPv6 as tunnel source address.
o Improve performance (throughput and loss rate) for PPTP, pppd(8)
or L2TP(/IPsec) on unstable latency networks (eg mobile).
o Improved IPv6 fragment handling.
o Many robustness improvements for IEEE 802.11 (particularly hostap).
o Improved vlan priority support, including mapping to interface queues.
o Initial rdomains support for IPv6.
o Robustness improvements for carp(4).
o Various IPv6 and rdomain related improvements for carp(4).
- Routing daemons and other userland network improvements:
o fstat(8) now displays routing table ID and socket-splicing information
and ps can display routing table ID.
o traceroute(8) and traceroute6(8) can look up ASNs for each hop.
o snmpd(8) adds a MIB to show statistics for carp(4) interfaces.
o bgpctl(8) parses and display MRT routing table dumps.
o ntpd(8) supports multiple rdomains.
o When ospfd(8) detects route socket overflow, it now delays before
it reloads the fib.
o Improved and more consistent ToS support in various network
tools (tcpbench(8), nc(8), ping(8), traceroute(8)).
o Initial inport of login_yubikey(8) for logging in using yubikeys.
- pf(4) improvements:
o One-shot rule support for pf(4), for use with proxies via anchors.
o NAT64 support in PF using the af-to keyword.
o Much improved IPv6 fragment handling.
o Various enhancements with ICMP and especially ICMPv6 states
o Improved IPv6 Neighbor Discovery and Multicast Listener Discovery handling.
o pfctl(8) now prints port numbers instead of service names by default.
o Netflow v9 and ipfix support for pflow(4).
o Many pfsync(4) fixes and improvements including jumbo frames and
automatically requesting a bulk update after a physical interface
comes online.
- Assorted improvements:
o Improved locale support.
o Support for MSG_NOSIGNAL.
o KERN_PROC_CWD sysctl(3) for fetching the path to a process's
working directory.
o Improved fnmatch(3), glob(3), and regcomp(3) implementations
to resist DoS attacks.
o Lots of HISTORY and AUTHORS information added to manpages.
o Improved checking of file-offset wraparound.
o pwrite(2)/pwritev(2) now correctly by ignored O_APPEND.
o Improved conformance of header files with standards.
o Improved cancelation support in both user-threads (libpthread)
and rthreads.
o Improved correctness of execing, coredumping, signal delivery,
alternate signal stacks, blocking socket accepts(), mutexes
and condition variables, per-thread errno, symbol binding,
and ktracing when rthreads are in use.
o Architecture-independent kernel support for thread-control-block
handling for rthreads.
o Small improvements to Linux compat (only available on i386).
o Multiple bugs have been fixed in the Intel 10Gb driver ix(4).
o softraid(4) now supports a concatenating discipline.
o On amd64, i386, and sparc64, the root filesystem can reside in
a softraid(4) volume. The kernel needs to be booted from a
non-softraid partition.
o On amd64, the system can be booted from a softraid(4) RAID1 volume.
o aucat(1) adds a "device number" component in sndio(7) device
names, allowing a single aucat instance to handle all audio
and MIDI services.
o Built-in sndiod(1) sound daemon now uses default rate 48kHz and
the default block size 10ms. These settings ensure video players
and programs using MTC are smooth by default.
o Many updates to smtpd(8): a new scheduler_backend API introduced,
more MIME 1.0 support added, new filter callbacks for network events,
improved DNS error reporting and envelope handling, and the
purge/ directory is now cleared via a privilege-separated child.
o tmux(1) is extended to support a larger history, minimizes redundant
log messages and does some code reordering for more local and less
global variables. Support is added for the ESC[s and ESC[u
save/restore cursor-position key sequences. $HOME (or ~) may now
be used as default-path in tmux.conf.
o Enhanced cwm(1) event support, added {r,}cycleingroup to cycle
through clients belonging to the same group as the active client,
simplified color initialization.
o The mg(1) emacs-like editor: now uses absolute filenames while
pushing and popping off the stack. In dired mode: corrected
cursor movements and added missing keybindings.
- OpenSSH 6.0:
o New features:
- ssh-keygen(1): add optional checkpoints for moduli screening.
- ssh-add(1): new -k option to load plain keys (skipping
certificates).
- sshd(8): add wildcard support to PermitOpen, allowing things
like "PermitOpen localhost:*". (bz#1857)
- ssh(1): support for cancelling local and remote port forwards
via the multiplex socket. Use "ssh -O cancel -L xx:xx:xx -R
yy:yy:yy user@host" to request the cancellation of the
specified forwardings.
- support cancellation of local/dynamic forwardings from ~C commandline.
o The following significant bugs have been fixed in this release:
- ssh(1): ensure that $DISPLAY contains only valid characters
before using it to extract xauth data so that it can't be
used to play local shell metacharacter games.
- ssh(1): unbreak remote port forwarding with dynamic allocated
listen ports.
- scp(1): uppress adding '--' to remote commandlines when the
first argument does not start with '-'. Saves breakage on
some difficult-to-upgrade embedded/router platforms.
- ssh(1) and sshd(8): fix typo in IPQoS parsing: there is
no "AF14" class, but there is an "AF21" class.
- ssh(1) and sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT
during rekeying.
- ssh(1): skip attempting to create ~/.ssh when -F is passed.
- sshd(8): unbreak stdio forwarding when ControlPersist is
in use. (bz#1943)
- sshd(8): send tty break to pty master instead of (probably
already closed) slave side. (bz#1859)
- sftp(1): silence error spam for "ls */foo" in directory
with files. (bz#1683)
- Fixed a number of memory and file descriptor leaks.
- Over 7,000 ports, major performance and stability improvements in
the package build process
o Downloading of distfiles is simpler, can resume interrupted
download, discover file moves, and expire old files. Distfiles
mirror sites now use the new and improved method.
o Dependency handling during ports build and package creation is
at least twice as fast, twenty times as fast in pathological
cases. This also affects user scripts such as out-of-date
o More checks are done during package builds, for increased
user friendliness
o The long term process of documenting the infrastructure
is now 100% done.
o The distributed ports builder (dpb) can now clean up old
dependencies, thus helping package builds be more reproducible.
This found tens of hidden build dependencies in the ports tree already.
o The semantics of pkg_add -a have been nailed down and a few minor
bugs have been fixed.
o The arch-dependent issues are better classified, leading to
better builds on old architectures in some complicated cases.
In particular, dpb explicitly purges from memory info about
packages it cannot build and stuff that depends on it,
leading to better life on sparc and vax which have very small
data-size limits.
o dpb recognizes full builds and trims some duplicate package builds
- Many pre-built packages for each architecture:
o i386: 7229 o sparc64: 6599
o alpha: 5943 o sh: 2459
o amd64: 7181 o powerpc: 6852
o sparc: 4152 o arm: 5536
o hppa: 6159 o vax: 2199
o mips64: 5785 o mips64el: 5807
- Some highlights:
o Gnome 3.2.1 o KDE 3.5.10
o Xfce 4.8.3 o MySQL 5.1.60
o PostgreSQL 9.1.2 o Postfix 2.8.8
o OpenLDAP 2.3.43 and 2.4.26 o GHC 7.0.4
o Mozilla Firefox 3.5.19, 3.6.25 and 9.0.1
o Mozilla Thunderbird 9.0.1 o LibreOffice 3.4.5.2
o Emacs 21.4, 22.3 and 23.4 o Vim 7.3.154
o PHP 5.2.17 and 5.3.10 o Python 2.5.4, 2.7.1 and 3.2.2
o Ruby 1.8.7.357 and 1.9.3.0 o Tcl 8.5.11
o Jdk 1.7 o Mono 2.10.6
o Chromium 16.0.912.77 o Groff 1.21
- As usual, steady improvements in manual pages and other documentation.
o Base system and Xenocara manuals are now installed as source code,
making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
o If both formatted and source versions of manuals are installed,
man(1) automatically displays the newer version of each page.
- The system includes the following major components from outside suppliers:
o Xenocara (based on X.Org 7.6 with xserver 1.11.4 + patches,
freetype 2.4.8, fontconfig 2.8.0, Mesa 7.10.3, xterm 276,
xkeyboard-config 2.5 and more)
o Gcc 4.2.1 (+patches), 3.3.5 (+ patches) and 2.95.3 (+ patches)
o Perl 5.12.2 (+ patches)
o Our improved and secured version of Apache 1.3, with SSL/TLS
and DSO support
o OpenSSL 1.0.0f (+ patches)
o Sendmail 8.14.5, with libmilter
o Bind 9.4.2-P2 (+ patches)
o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
o Sudo 1.7.2p8
o Ncurses 5.7
o Heimdal 0.7.2 (+ patches)
o Arla 0.35.7
o Binutils 2.15 (+ patches)
o Gdb 6.3 (+ patches)
o Less 444 (+ patches)
o Awk Aug 10, 2011 version
If you'd like to see a list of what has changed between OpenBSD 5.0
and 5.1, look at
http://www.OpenBSD.org/plus51.html
Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
We provide patches for known security threats and other important
issues discovered after each CD release. As usual, between the
creation of the OpenBSD 5.1 FTP/CD-ROM binaries and the actual 5.1
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default). Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible. Therefore, we advise regular visits to
http://www.OpenBSD.org/security.html
and
http://www.OpenBSD.org/errata.html
Security patch announcements are sent to the security-announce*******
mailing list. For information on OpenBSD mailing lists, please see:
http://www.OpenBSD.org/mail.html
OpenBSD 5.1 is also available on CD-ROM. The 3-CD set costs $50 CDN and
is available via mail order and from a number of contacts around the
world. The set includes a colourful booklet which carefully explains the
installation of OpenBSD. A new set of cute little stickers is also
included (sorry, but our FTP mirror sites do not support STP, the Sticker
Transfer Protocol). As an added bonus, the second CD contains an audio
track, a song entitled "Bug Busters". MP3 and OGG versions of
the audio track can be found on the first CD.
Lyrics (and an explanation) for the songs may be found at:
http://www.OpenBSD.org/lyrics.html#51
Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.
The OpenBSD 5.1 CD-ROMs are bootable on the following four platforms:
o i386
o amd64
o macppc
o sparc64
(Other platforms must boot from floppy, network, or other method).
For more information on ordering CD-ROMs, see:
http://www.OpenBSD.org/orders.html
The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from. For our default mail order, go directly to:
https://https.OpenBSD.org/cgi-bin/order
All of our developers strongly urge you to buy a CD-ROM and support
our future efforts. Additionally, donations to the project are
highly appreciated, as described in more detail at:
http://www.OpenBSD.org/goals.html#funding
For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation ( http://www.openbsdfoundation.org ) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts. In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses. There may also be exposure benefits
since the Foundation may be interested in participating in press releases.
In turn, the Foundation then uses these contributions to assist OpenBSD's
infrastructure needs. Contact the foundation directors at
directors*******for more information.
The OpenBSD distribution companies also sell tshirts and polo shirts.
And our users like them, too. We have a variety of shirts available,
with the new and old designs, from our web ordering system at, as
described above.
If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP or HTTP downloads. Typically you need a single
small piece of boot media (e.g., a boot floppy) and then the rest
of the files can be installed from a number of locations, including
directly off the Internet. Follow this simple set of instructions
to ensure that you find all of the documentation you will need
while performing an install via FTP or HTTP. With the CD-ROMs,
the necessary documentation is easier to find.
1) Read either of the following two files for a list of ftp/http
mirrors which provide OpenBSD, then choose one near you:
http://www.OpenBSD.org/ftp.html
ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/ftplist
As of Nov 1, 2011, the following ftp mirror sites have the 5.1 release:
ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.1/ Stockholm, Sweden
ftp://ftp.bytemine.net/pub/OpenBSD/5.1/ Oldenburg, Germany
ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.1/ Zurich, Switzerland
ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.1/ Paris, France
ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/ Vienna, Austria
ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.1/ Brisbane, Australia
ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.1/ CO, USA
ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.1/ CA, USA
ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.1/ Michigan, USA
The release is also available at the master site:
ftp://ftp.openbsd.org/pub/OpenBSD/5.1/ Alberta, Canada
However it is strongly suggested you use a mirror.
Other mirror sites may take a day or two to update.
2) Connect to that ftp mirror site and go into the directory
pub/OpenBSD/5.1/ which contains these files and directories.
This is a list of what you will see:
ANNOUNCEMENT armish/ mvme68k/ sparc64/
Changelogs/ ftplist mvme88k/ src.tar.gz
HARDWARE hp300/ packages/ sys.tar.gz
PACKAGES hppa/ ports.tar.gz tools/
PORTS i386/ root.mail vax/
README landisk/ sgi/ xenocara.tar.gz
alpha/ mac68k/ socppc/ zaurus/
amd64/ macppc/ sparc/
It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.
README - generic README
HARDWARE - list of hardware we support
PORTS - description of our "ports" tree
PACKAGES - description of pre-compiled packages
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).
3) Read the README file. It is short, and a quick read will make
sure you understand what else you need to fetch.
4) Next, go into the directory that applies to your architecture,
for example, i386. This is a list of what you will see:
INSTALL.i386 cd51.iso floppyB51.fs pxeboot*
INSTALL.linux cdboot* floppyC51.fs xbase51.tgz
MD5 cdbr* game51.tgz xetc51.tgz
base51.tgz cdemu51.iso index.txt xfont51.tgz
bsd* comp51.tgz install51.iso xserv51.tgz
bsd.mp* etc51.tgz man51.tgz xshare51.tgz
bsd.rd* floppy51.fs misc51.tgz
If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
and the appropriate floppy*.fs or install51.iso files. Consult the
INSTALL.i386 file if you don't know which of the floppy images
you need (or simply fetch all of them).
If you use the install51.iso file (roughly 250MB in size), then you
do not need the various *.tgz files since they are contained on that
one-step ISO-format install CD.
5) If you are an expert, follow the instructions in the file called
README; otherwise, use the more complete instructions in the
file called INSTALL.i386. INSTALL.i386 may tell you that you
need to fetch other files.
6) Just in case, take a peek at:
http://www.OpenBSD.org/errata.html
This is the page where we talk about the mistakes we made while
creating the 5.1 release, or the significant bugs we fixed
post-release which we think our users should have fixes for.
Patches and workarounds are clearly described there.
Note: If you end up needing to write a raw floppy using Windows,
you can use "fdimage.exe" located in the pub/OpenBSD/5.1/tools
directory to do so.
X.Org has been integrated more closely into the system. This release
contains X.Org 7.6. Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc. During installation, you can install
X.Org quite easily. Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.
The OpenBSD ports tree contains automated instructions for building
third party software. The software has been verified to build and
run on the various OpenBSD architectures. The 5.1 ports collection,
including many of the distribution files, is included on the 3-CD
set. Please see the PORTS file for more information.
Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD. Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).
A large number of binary packages are provided. Please see the PACKAGES
file ( ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/PACKAGES ) for more details.
The CD-ROMs contain source code for all the subsystems explained
above, and the README ( ftp://ftp.OpenBSD.org/pub/OpenBSD/5.1/README )
file explains how to deal with these source files. For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/5.1/ directory:
xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
Ports tree and package building by Jasper Lievisse Adriaanse,
Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler,
Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber.
System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat.
X11 builds by Todd Fries and Miod Vallat. ISO-9660 filesystem
layout by Theo de Raadt.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who pre-ordered the 5.1 CD-ROM or bought our previous
CD-ROMs. Those who did not support us financially have still helped
us with our goal of improving the quality of the software.
Our developers are:
Alexander Bluhm, Alexander Hall, Alexander Schrijver,
Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov,
Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers,
Bob Beck, Bret Lambert, Bryan Steele, Camiel Dobbelaar,
Can Erkin Acar, Charles Longeau, Chris Kuethe, Christian Weisgerber,
Christiano F. Haesbaert, Claudio Jeker, Dale Rahn, Damien Bergamini,
Damien Miller, Darren Tucker, David Coppa, David Gwynne, David Hill,
David Krause, Edd Barrett, Eric Faurot, Federico G. Schwindt,
Felix Kronlage, Gilles Chehade, Giovanni Bechis, Gleydson Soares,
Henning Brauer, Ian Darwin, Igor Sobrado, Ingo Schwarze,
Jacek Masiulaniec, Jakob Schlyter, Janne Johansson, Jason George,
Jason McIntyre, Jason Meltzer, Jasper Lievisse Adriaanse,
Jeremy Evans, Jim Razmus II, Joel Knight, Joel Sing, Joerg Zinke,
Jolan Luff, Jonathan Armani, Jonathan Gray, Jonathan Matthew,
Jordan Hargrave, Joshua Elsasser, Joshua Stein, Kenji Aoyama,
Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller,
Landry Breuil, Laurent Fanis, Luke Tymowski, Marc Espie,
Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden,
Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus,
Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb,
Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat,
Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth,
Pascal Stumpf, Paul de Weerd, Paul Irofti, Peter Hessler,
Peter Valchev, Philip Guenther, Pierre-Emmanuel Andre,
Pierre-Yves Ritschard, Remi Pointel, Reyk Floeter, Robert Nagy,
Ryan Freeman, Ryan Thomas McBride, Sasano, Sebastian Benoit,
Sebastian Reitenbach, Simon Bertrang, Simon Perreault,
Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh,
Stuart Cassoff, Stuart Henderson, Takuya Asada, Ted Unangst,
Theo de Raadt, Thordur I Bjornsson, Tobias Stoeckmann,
Tobias Weingartner, Todd C. Miller, Todd Fries, Uwe Stuehler,
Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo
