Theo de Raadt announced the release of OpenBSD 4.5

Announcement | Changelog | Download | Errata

New/extended platforms:

• Initial ports to the xscale based gumstix platform and the ARM based OpenMoko
• OpenBSD/sparc64
  • New vdsk(4) and vnet(4) drivers provide support for virtual I/O between logical domains on Sun's CoolThreads servers, including UltraSPARC T2+ machines.
  • Workstations and laptops with UltraSPARC IIe CPUs can now scale down the CPU frequency to save power.

Install/Upgrade process changes:

• crunchgen(1) and crunchide(1) have been merged into crunchgen(8), which is now built and installed by default.
• mksuncd(1) now lives in base and is installed by default.
• CD-ROM installs are now supported on SGI.
• Accept initial root passwords containing backslash characters.
• Install now allows multiple interfaces to be configured with dhcp(8).
• Upgrades now use the minimal protocols(5) and services(5) files provided on the install media.
• The install media no longer contain a disktab(5) file.
• Serial console speed is correctly determined on macppc.

OpenSSH 5.2:

• New features:
  • Added an option to ssh(1) to force logging to syslog rather than stderr.
  • The sshd_config(5) ForceCommand directive now accepts commandline arguments for the internal-sftp server.
  • The ssh(1) ~C escape commandline now support runtime creation of dynamic port forwards.
  • Support the SOCKS4A protocol in ssh(1) dynamic forwards.
  • Support remote port forwarding with a listen port of '0'.
  • sshd(8) now supports setting PermitEmptyPasswords and AllowAgentForwarding in Match blocks.
• The following significant bugs have been fixed in this release:
  • Repair a ssh(1) crash introduced in openssh-5.1 when the client is sent a zero-length banner.
  • The eow@openssh.com and no-more-sessions@openssh.com protocol extensions are now only sent to peers that identify themselves as OpenSSH.
  • Avoid printing "Non-public channel" warnings in sshd(8), since ssh(1) has sent incorrect channel numbers since ~2004; make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE.
  • Avoid double-free in ssh(1) ~C escape -L handler.
  • Correct fail-on-error behaviour in sftp(1) batchmode for remote stat operations.
  • Avoid hang in ssh(1) when attempting to connect to a server that has MaxSessions set to zero.

Over 5500 ports, minor robustness improvements in package tools.

Many pre-built packages for each architecture:

• i386: 5379
• sparc64: 5174
• alpha: 5132
• sh: 1543
• amd64: 5312
• powerpc: 5162
• sparc: 2651
• arm: 4120
• hppa: 4689
• vax: 1718
• mips64: 3278

Some highlights:

• Gnome 2.24.3.
• GNUstep 1.18.0.
• KDE 3.5.10.
• Mozilla Firefox 3.0.6.
• Mozilla Thunderbird 2.0.0.19.
• MySQL 5.0.77.
• OpenOffice.org 2.4.2 and 3.0.1.
• PostgreSQL 8.3.6.
• Xfce 4.4.3.
• OpenArena 0.8.1 (only for amd64, i386 and macppc)

As usual, steady improvements in manual pages and other documentation.

The system includes the following major components from outside suppliers:

• Xenocara (based on X.Org 7.4 + patches, freetype 2.3.7, fontconfig 2.4.2, Mesa 7.2, xterm 239 and more)
• Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
• Perl 5.10.0 (+ patches)
• Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
• OpenSSL 0.9.8j (+ patches)
• Groff 1.15
• Sendmail 8.14.3, with libmilter
• Bind 9.4.2-P2 (+ patches)
• Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
• Sudo 1.7
• Ncurses 5.2
• Latest KAME IPv6
• Heimdal 0.7.2 (+ patches)
• Arla 0.35.7
• Binutils 2.15 (+ patches)
• Gdb 6.3 (+ patches)

Improved hardware support, including:

• Several new/improved drivers for sensors, including:
  • The cac(4) driver now has bio and sensor support.
  • The mpi(4) driver now has bio and sensor support.
  • New gpiodcf(4) driver for DCF77/HBG timedelta sensors through GPIO pins.
  • New schsio(4) driver for SMSC SCH311x LPC Super I/O devices.
  • The it(4) driver now supports IT8720F chips.
  • The it(4) driver now supports FAN4 and FAN5 sensors for IT8716F/IT8718F/IT8720F/IT8726F chips.
  • The owtemp(4) driver now supports Maxim/Dallas DS18B20 and DS1822 temperature sensors.
  • The km(4) driver now supports AMD Family 11h processors (Turion X2 Ultra et al).
  • The lm(4) driver now supports W83627DHG attachment on the I²C bus.
  • The lmenv(4) driver now has better support for the fan sensors on lm81, adm9240 and ds1780 chips.
  • The sdtemp(4) driver now supports ST STTS424 chips.
• The em(4) driver now supports ICH9 IGP M and IGP M AMT chips, and link status detection has improved.
• The sdmmc(4) driver now supports SDHC cards.
• The msk(4) driver now supports Yukon-2 FE+ (88E8040, 88E8042) based devices.
• The iwn(4) driver now supports Intel WiFi Link 5100/5300 devices.
• The wpi(4) and iwn(4) drivers now support hardware CCMP cryptography.
• The ath(4) driver now has WPA-PSK support.
• age(4), a driver for Attansic L1 gigabit Ethernet devices was added.
• ale(4), a driver for Atheros AR81xx (aka Attansic L1E) Ethernet devices was added.
• mos(4), a driver for Moschip MCS7730/7830 10/100 USB Ethernet devices was added.
• jme(4), a driver for JMicron JMC250/JMC260 10/100 and Gigabit Ethernet devices was added.
• run(4), a driver for Ralink USB IEEE 802.11a/b/g/Draft-N devices was added.
• auacer(4), a driver for Acer Labs M5455 audio devices was added.
• ifb(4), a driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (accelerated).
• wildcatfb(4), an X driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (unaccelerated).
• sunffb(4), an accelerated X driver for Sun Creator, Creator 3D and Elite 3D framebuffers.
• vdsk(4), a driver for virtual disks of sun4v logical domains.
• vnet(4), a driver for virtual network adapters of sun4v logical domains.
• vrng(4), a driver for the random number generator on Sun UltraSPARC T2/T2+ CPUs.
• The vcons(4) driver is now interrupt driven.
• ips(4), a driver for IBM SATA/SCSI ServeRAID controllers was added.
• udfu(4), a driver for device firmware upgrade (DFU) was added.
• Many improvements were made to the acpi(4) subsystem.
• The umsm(4) driver supports several new EVDO/UMTS devices.
• The mfi(4) driver now supports the next generation of MegaRAID SAS controllers.
• New vsbic(4) driver for the MVME327A SCSI and floppy controller on mvme68k and mvme88k machines.
• The re(4) driver now supports 8168D/8111D-based devices, and multicast reception on 8110SB/SC-based devices.
• The ehci(4) driver now supports isochronous transfers.
• S/PDIF output support has been added to the ac97(4), auich(4), auvia(4) and azalia(4) drivers.
• azalia(4) mixer has been clarified and simplified, support for 20-bit and 24-bit encodings has been added.
• The gbe(4) frame buffer driver now supports acceleration.

New tools:

• ypldap(8), an YP server using LDAP as a backend.
• xcompmgr(1) was added to xenocara.

New functionality:

• The libc resolver(3) may now be forced to perform lookups by TCP only using a new resolv.conf(5) option. The nameserver declaration in resolv.conf(5) has also been extended to allow specification of non-default nameserver ports.
• apropos(1) has two new options (-S and -s) to allow searching by machine architecture and manual section.
• aucat(1) now has audio server capability. Audio devices can be shared between multiple applications. Applications can run natively on fixed sample rate devices or on devices with unusual encodings. Multi-channel audio devices can be split into smaller independent subdevices.
• aucat(1) now has a deviceless mode, in which it can be used as a general purpose audio file format conversion utility (to mix, demultiplex, resample or reencode files).
• ifconfig(8) can now list channels supported by an IEEE 802.11 device.
• New views were added to systat(8): malloc, bucket and pool. Improvements were made to existing views.
• vnconfig(8) can now create devices with arbitrary geometry with the new -t option.
• FFS filesystems are now supported on most devices, e.g. CD's, that have sector sizes other than 512 bytes.
• Disklabels are now correctly placed and found on most devices, e.g. CD's, that have sector sizes other than 512 bytes.

Assorted improvements and code cleanup:

• malloc(3) has gained new attack mitigation measures; critical bookkeeping structures are protected at runtime using mprotect(2) and allocated at random addresses where possible.
• A new version of the gdtoa code has been integrated, bringing better C99 support to printf(3) and friends.
• Vastly improved C99 support in libm, including complex math support.
• The sppp(4) layer and thus kernel pppoe(4) now support usernames and passwords of up to 255 characters.
• Recognize and spoof disklabel entries for more FAT and FAT32 variants.
• Automatically recognize tapes with 64K records.
• Improve option handling in dhcpd(8).
• When booting from a cd the root file system is now assumed to be on the cd, rather than always asking for the location.
• Disklabels constructed from native disklabels are now subject to the same consistancy checks as all other disklabels.
• No longer display geometry information for sd(4) disk drives, since it was mostly fictitious these days.
• Fix handling of tftp ERROR frames so OpenBSD pxeboot can be loaded from picky tftp servers.
• Many scsi(4) drivers now retry operations that can't be immediately started rather than giving up.
• MBR and DPME disklabels are no longer written out with invalid checksum information in some circumstances.