Theo de Raadt has announced the release of OpenBSD 4.9, a BSD-based operating system specialising in high-security solutions through thorough code review. What's new?
- New/extended platforms:
- OpenBSD/amd64 and OpenBSD/i386:
- Enabled NTFS by default (read-only) on GENERIC kernels.
- Enabled the vmt(4) driver by default for VMWare tools support as a guest.
- SMP kernels can now boot on machines with up to 64 cores.
- Maximum allocation size for i386 bumped to 2G.
- Handle >16 disks when searching for kernel boot device.
- Added support for AES-NI instructions found in recent Intel processors.
- Further improvements in suspend and resume.
- Processes are now switched to TSS per cpu on the amd64 platform, resulting in removal of the old limit of ~4000 processes.
- OpenBSD/hppa:
- OpenBSD/loongson and OpenBSD/sgi:
- All MIPS64 based platforms now use MI softfloat code, which implements all MIPS IV specified floating point operations.
- OpenBSD/sparc64:
- The vdsp(4) driver now supports the vDisk 1.1 protocol, allowing Solaris to run on top of an OpenBSD control domain.
- Improved hardware support, including:
- New vte(4) driver for RDC R6040 10/100 Ethernet devices.
- New rdcphy(4) driver for RDC Semiconductor R6040 10/100 Ethernet PHY.
- New rsu(4) driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU USB IEEE 802.11b/g/n wireless devices.
- New urtwn(4) driver for Realtek RTL8188CU/RTL8192CU USB IEEE 802.11b/g/n wireless devices.
- New utwitch(4) driver for YUREX USB twitch/jiggle of knee sensor.
- Support for AR9271, AR9280+AR7010 and AR9287+AR7010 USB IEEE 802.11a/g/n wireless adapters has been added to athn(4).
- Support for 82583V has been added to em(4).
- Support for Yukon 88E8059 has been added to msk(4).
- Support for SiS191 has been added to se(4).
- Support for SAS2004 has been added to mpii(4).
- Support for NVIDIA MCP89 SATA has been added to pciide(4).
- Support for Mobility Radeon HD 4200 has been added to radeondrm(4).
- pms(4) support has been significantly reworked and expanded.
- MCLGETI support has been added to xl(4).
- Support for low latency interrupt modulation has been added to ix(4).
- Port multiplier support has been added to ahci(4) and sili(4).
- Support for Sun XVR-300 graphics has been added to radeonfb(4).
- Added workaround for BCM5906 A0/1/2 controller silicon bug in bge(4).
- ugen(4) can now be attached along with other drivers to multifunction devices.
- umodem(4) now supports more devices.
- umsm(4) now supports more mobile broadband devices.
- Support for more image processing controls was added to uvideo(4).
- Generic network stack improvements:
- Reworking of the MCLGETI livelock algorithm to improve forwarding and host performance under high network load.
- Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by relayd(8) in the next release.
- Added AES-GCM support for IPsec.
- Added automatic send and receive buffer scaling for TCP.
- Added wpakey option to ifconfig(8) replacing wpa-psk(8).
- TCP acknowledgments are no longer delayed on the loopback interface.
- Network livelock counters are now exported via sysctl(3).
- A radix tree sorting bug was fixed, which results in significant improvements to IPsec performance under certain conditions.
- tcpdump(8) now decodes Multicast DNS (mDNS) traffic.
- Wake on Lan support has been added to arp(8).
- Enabled MPLS and mpe(4) by default on GENERIC kernels.
- Added a mpls option to ifconfig(8) to enable MPLS on a per interface basis replacing the global sysctl knob.
- OpenBGPD, OpenOSPFD and other routing daemon improvements:
- bgpd(8) handles various message encoding errors more gracefully now.
- Notification messages are now logged in bgpd(8).
- ospfd(8) will now correctly redistribute overlapping routes.
- ospfctl(8) now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync.
- Fixed ldpd(8)'s message parser to work on all architectures and more LDP messages are now implemented.
- Various improvements in ospf6d(8).
- pf(4) improvements:
- The logging subsystem has been largely rewritten, now logging the translated addresses again instead of the original ones.
- match log rules cause a log on the fly, showing the packet exactly as pf(4) sees it at the moment of evaluating that rule. A packet can also be logged more than once now.
- match log(matches) rules allow the further rule matching to be traced.
- pflog(4) now includes the original addresses and ports for packets that have been rewritten. This is also displayed by tcpdump(8).
- IPsec stack audit was performed, resulting in:
- Several potential security problems have been identified and fixed.
- ARC4 based PRNG code was audited and revamped.
- New explicit_bzero kernel function was introduced to prevent a compiler from optimizing bzero calls away.
- SCSI improvements:
- Improved safety when detaching SCSI devices by waiting for the completion of pending commands.
- Improved hotplug support on mpi(4) and mpii(4).
- Continued iopoolification of SCSI drivers, notably on umass(4) which improves the reliability and performance of multi-LUN devices.
- Added vscsi(4), a driver for userland handling of SCSI device commands.
- Added iscsid(8), an iSCSI initiator.
- Forcibly restrict devices incapable of tagged I/O to executing one command at a time.
- Discover and honour read-only status of sd(4) devices.
- Improve st(4) handling of I/O residual information.
- sd(4) devices that can only execute one command at a time (e.g. USB) will now be allowed to spin up if necessary.
- cd(4) will now attach CDROM devices identified as non-removable.
|
