1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.OPENBSD.ANN

  • OpenBSD 6.1 released - Apr 11, 2016 (2/2)

    From Theo de Raadt@21:1/5 to All on Tue Apr 11 18:40:01 2017
    [continued from previous message]

    o Merged client/server version negotiation code paths into one,
    reducing much duplicate code.
    o Removed error function codes from libssl and libcrypto.
    o Fixed an issue where a truncated packet could crash via an OOB
    read.
    o Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
    client-initiated renegotiation. This is the default for libtls
    servers.
    o Avoid a side-channel cache-timing attack that can leak the ECDSA
    private keys when signing. This is due to BN_mod_inverse() being
    used without the constant time flag being set. Reported by Cesar
    Pereida Garcia and Billy Brumley (Tampere University of
    Technology). The fix was developed by Cesar Pereida Garcia.
    o iOS and MacOS compatibility updates from Simone Basso and Jacob
    Berkman.
    o Added the recallocarray(3) memory allocation function, and
    converted various places in the library to use it, such as CBB and
    BUF_MEM_grow. recallocarray(3) is similar to reallocarray. Newly
    allocated memory is cleared similar to calloc(3). Memory that
    becomes unallocated while shrinking or moving existing allocations
    is explicitly discarded by unmapping or clearing to 0.
    o Added new root CAs from SECOM Trust Systems / Security
    Communication of Japan.
    o Added EVP interface for MD5+SHA1 hashes.
    o Improved nc(1) TLS handshake CPU usage and server-side error
    reporting.
    o Added a constant time version of BN_gcd and use it default for
    BN_gcd to avoid the possibility of sidechannel timing attacks
    against RSA private key generation - Thanks to Alejandro Cabrera

    - mandoc 1.14.1
    o New mandoc.db(5) file format: man(1), apropos(1), and
    makewhatis(8) no longer need SQLite3.
    o Much improved HTML output and CSS.
    o In man(1), internal searching with less(1) :t has been improved.
    o New mandoc(1) -mdoc -T markdown output mode (already a post-1.14.1
    feature).

    - Ports and packages:
    o Many pre-built packages for each architecture:
    - alpha: 7413 - mips64: 8072
    - amd64: 9714 - mips64el: 6880
    - arm: 7501 - powerpc: 7703
    - hppa: 6422 - sparc64: 8606
    - i386: 9697

    - Some highlights:

    o Afl 2.39b o Mutt 1.8.0
    o Chromium 57.0.2987.133 o Node.js 6.10.1
    o Emacs 21.4 and 24.5 o Ocaml 4.03.0
    o GCC 4.9.4 o OpenLDAP 2.3.43 and 2.4.44
    o GHC 7.10.3 o PHP 5.5.38, 5.6.30 and 7.0.16
    o Gimp 2.8.18 o Postfix 3.2.0 and 3.3-20170218
    o GNOME 3.22.2 o PostgreSQL 9.6.2
    o Go 1.8 o Python 2.7.13, 3.4.5, 3.5.2 and
    o Groff 1.22.3 3.6.0
    o JDK 7u80 and 8u121 o R 3.3.3
    o KDE 3.5.10 and 4.14.3 (plus o Ruby 1.8.7.374, 2.1.9, 2.2.6,
    KDE4 core updates) 2.3.3 and 2.4.1
    o LLVM/Clang 4.0.0 o Rust 1.16.0
    o LibreOffice 5.2.4.2 o Sendmail 8.15.2
    o Lua 5.1.5, 5.2.4, and 5.3.4 o SQLite 3.17.0
    o MariaDB 10.0.30 o Sudo 1.8.19.2
    o Mono 4.6.2.6 o Tcl/Tk 8.5.18 and 8.6.4
    o Mozilla Firefox 52.0.2esr and o TeX Live 2015
    52.0.2 o Vim 8.0.0388
    o Mozilla Thunderbird 45.8.0 o Xfce 4.12

    - As usual, steady improvements in manual pages and other documentation.

    - The system includes the following major components from outside suppliers:
    o Xenocara (based on X.Org 7.7 with xserver 1.18.3 + patches,
    freetype 2.7.1, fontconfig 2.12.1, Mesa 13.0.6, xterm 327,
    xkeyboard-config 2.20 and more)
    o LLVM/Clang 4.0.0 (+ patches)
    o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    o Perl 5.24.1 (+ patches)
    o NSD 4.1.15
    o Unbound 1.6.1
    o Ncurses 5.7
    o Binutils 2.17 (+ patches)
    o Gdb 6.3 (+ patches)
    o Awk Aug 10, 2011 version
    o Expat 2.1.1

    If you'd like to see a list of what has changed between OpenBSD 6.0
    and 6.1, look at

    http://www.OpenBSD.org/plus61.html

    Even though the list is a summary of the most important changes
    made to OpenBSD, it still is a very very long list.

    ------------------------------------------------------------------------
    - SECURITY AND ERRATA --------------------------------------------------

    We provide patches for known security threats and other important
    issues discovered after each release. Our continued research into
    security means we will find new security problems -- and we always
    provide patches as soon as possible. Therefore, we advise regular
    visits to

    http://www.OpenBSD.org/security.html
    and
    http://www.OpenBSD.org/errata.html

    ------------------------------------------------------------------------
    - MAILING LISTS AND FAQ ------------------------------------------------

    Mailing lists are an important means of communication among users and developers of OpenBSD. For information on OpenBSD mailing lists, please
    see:

    http://www.OpenBSD.org/mail.html

    You are also encouraged to read the Frequently Asked Questions (FAQ) at:

    http://www.OpenBSD.org/faq/

    ------------------------------------------------------------------------
    - DONATIONS ------------------------------------------------------------

    The OpenBSD Project is volunteer-driven software group funded by
    donations. Besides OpenBSD itself, we also develop important software
    like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet
    filter, the quality work of our ports development process, and many
    others. This ecosystem is all handled under the same funding umbrella.

    We hope our quality software will result in contributions that maintain
    our build/development infrastructure, pay our electrical/internet costs,
    and allow us to continue operating very productive developer hackathon
    events.

    All of our developers strongly urge you to donate and support our future efforts. Donations to the project are highly appreciated, and are
    described in more detail at:

    http://www.OpenBSD.org/donations.html

    ------------------------------------------------------------------------
    - OPENBSD FOUNDATION ---------------------------------------------------

    For those unable to make their contributions as straightforward gifts,
    the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian not-for-profit corporation that can accept larger contributions and
    issue receipts. In some situations, their receipt may qualify as a
    business expense write-off, so this is certainly a consideration for
    some organizations or businesses.

    There may also be exposure benefits since the Foundation may be
    interested in participating in press releases. In turn, the Foundation
    then uses these contributions to assist OpenBSD's infrastructure needs.
    Contact the foundation directors at directors@openbsdfoundation.org for
    more information.

    ------------------------------------------------------------------------
    - RELEASE SONGS --------------------------------------------------------

    Every OpenBSD release is accompanied by artwork and a song. OpenBSD 6.1
    comes with the song "Winter of 95".

    Lyrics (and an explanation) of the song may be found at:

    http://www.OpenBSD.org/lyrics.html#61

    ------------------------------------------------------------------------
    - HTTP INSTALLS --------------------------------------------------------

    OpenBSD can be easily installed via HTTP downloads. Typically you need
    a single small piece of boot media (e.g., a USB flash drive) and then
    the rest of the files can be installed from a number of locations,
    including directly off the Internet. Follow this simple set of
    instructions to ensure that you find all of the documentation you will
    need while performing an install via HTTP.

    1) Read either of the following two files for a list of HTTP
    mirrors which provide OpenBSD, then choose one near you:

    http://www.OpenBSD.org/ftp.html
    http://ftp.openbsd.org/pub/OpenBSD/ftplist

    As of April 11, 2017, the following HTTP mirror sites have the 6.1 release:

    http://ftp.eu.openbsd.org/pub/OpenBSD/6.1/ Stockholm, Sweden
    http://ftp.bytemine.net/pub/OpenBSD/6.1/ Oldenburg, Germany
    http://ftp.ch.openbsd.org/pub/OpenBSD/6.1/ Zurich, Switzerland
    http://ftp.fr.openbsd.org/pub/OpenBSD/6.1/ Paris, France
    http://ftp5.eu.openbsd.org/pub/OpenBSD/6.1/ Vienna, Austria
    http://mirror.aarnet.edu.au/pub/OpenBSD/6.1/ Brisbane, Australia
    http://ftp.usa.openbsd.org/pub/OpenBSD/6.1/ CO, USA
    http://ftp5.usa.openbsd.org/pub/OpenBSD/6.1/ CA, USA
    http://mirror.esc7.net/pub/OpenBSD/6.1/ TX, USA

    The release is also available at the master site:

    http://ftp.openbsd.org/pub/OpenBSD/6.1/ Alberta, Canada

    However it is strongly suggested you use a mirror.

    Other mirror sites may take a day or two to update.

    2) Connect to that HTTP mirror site and go into the directory
    pub/OpenBSD/6.1/ which contains these files and directories.
    This is a list of what you will see:

    ANNOUNCEMENT amd64/ luna88k/ sgi/
    Changelogs/ arm64/ macppc/ sparc64/
    README armv7/ octeon/ src.tar.gz
    SHA256 hppa/ packages/ sys.tar.gz
    SHA256.sig i386/ ports.tar.gz tools/
    alpha/ landisk/ root.mail xenocara.tar.gz

    It is quite likely that you will want at LEAST the following
    files which apply to all the architectures OpenBSD supports.

    README - generic README
    root.mail - a copy of root's mail at initial login.
    (This is really worthwhile reading).

    3) Read the README file. It is short, and a quick read will make
    sure you understand what else you need to fetch.

    4) Next, go into the directory that applies to your architecture,
    for example, amd64. This is a list of what you will see:

    BOOTIA32.EFI* bsd* floppy61.fs pxeboot*
    BOOTX64.EFI* bsd.mp* game61.tgz xbase61.tgz
    BUILDINFO bsd.rd* index.txt xfont61.tgz
    INSTALL.amd64 cd61.iso install61.fs xserv61.tgz
    SHA256 cdboot* install61.iso xshare61.tgz
    SHA256.sig cdbr* man61.tgz
    base61.tgz comp61.tgz miniroot61.fs

    If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
    and install61.iso. The install61.iso file (roughly 220MB in size)
    is a one-step ISO-format install CD image which contains the various
    *.tgz files so you do not need to fetch them separately.

    If you prefer to use a USB flash drive, fetch install61.fs and
    follow the instructions in INSTALL.amd64.

    5) If you are an expert, follow the instructions in the file called
    README; otherwise, use the more complete instructions in the
    file called INSTALL.amd64. INSTALL.amd64 may tell you that you
    need to fetch other files.

    6) Just in case, take a peek at:

    http://www.OpenBSD.org/errata.html

    This is the page where we talk about the mistakes we made while
    creating the 6.1 release, or the significant bugs we fixed
    post-release which we think our users should have fixes for.
    Patches and workarounds are clearly described there.

    ------------------------------------------------------------------------
    - X.ORG FOR MOST ARCHITECTURES -----------------------------------------

    X.Org has been integrated more closely into the system. This release
    contains X.Org 7.7. Most of our architectures ship with X.Org, including amd64, sparc64 and macppc. During installation, you can install X.Org
    quite easily. Be sure to try out xenodm(1), our new, simplified X11
    display manager forked from xdm(1).

    ------------------------------------------------------------------------
    - PACKAGES AND PORTS ---------------------------------------------------

    Many third party software applications have been ported to OpenBSD and
    can be installed as pre-compiled binary packages on the various OpenBSD architectures. Please see http://www.openbsd.org/faq/faq15.html for
    more information on working with packages and ports.

    Note: a few popular ports, e.g., NSD, Unbound, and several X
    applications, come standard with OpenBSD and do not need to be installed separately.

    ------------------------------------------------------------------------
    - SYSTEM SOURCE CODE ---------------------------------------------------

    The source code for all four subsystems can be found in the
    pub/OpenBSD/6.1/ directory:

    xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz

    The README (http://ftp.OpenBSD.org/pub/OpenBSD/6.1/README) file explains
    how to deal with these source files.

    ------------------------------------------------------------------------
    - THANKS ---------------------------------------------------------------

    Ports tree and package building by Pierre-Emmanuel Andre, Landry Breuil,
    Visa Hankala, Stuart Henderson, Peter Hessler, Paul Irofti, and
    Christian Weisgerber. Base and X system builds by Kenji Aoyama,
    Theo de Raadt, Jonathan Gray, and Visa Hankala.

    We would like to thank all of the people who sent in bug reports, bug
    fixes, donation cheques, and hardware that we use. We would also like
    to thank those who bought our previous CD sets. Those who did not
    support us financially have still helped us with our goal of improving
    the quality of the software.

    Our developers are:

    Aaron Bieber, Adam Wolk, Alexander Bluhm, Alexander Hall,
    Alexandr Nedvedicky, Alexandr Shadchin, Alexandre Ratchov,
    Andrew Fresh, Anil Madhavapeddy, Anthony J. Bentley,
    Antoine Jacoutot, Benoit Lecocq, Bob Beck, Brandon Mercer,
    Brent Cook, Bret Lambert, Bryan Steele, Can Erkin Acar,
    Charles Longeau, Chris Cappuccio, Christian Weisgerber,
    Christopher Zimmermann, Claudio Jeker, Dale Rahn, Damien Miller,
    Daniel Boulet, Daniel Dickman, Daniel Jakots, Darren Tucker,
    David Coppa, David Gwynne, David Hill, Dmitrij Czarkoff, Doug Hogan,
    Edd Barrett, Eric Faurot, Florian Obser, Frederic Cambus,
    Gerhard Roth, Giannis Tsaraias, Gilles Chehade, Giovanni Bechis,
    Gleydson Soares, Gonzalo L. Rodriguez, Henning Brauer, Ian Darwin,
    Igor Sobrado, Ingo Feinerer, Ingo Schwarze, Inoguchi Kinichiro,
    James Turner, Jason McIntyre, Jasper Lievisse Adriaanse,
    Jeremie Courreges-Anglas, Jeremy Evans, Joel Sing, Joerg Jung,
    Jonathan Armani, Jonathan Gray, Jonathan Matthew, Joris Vink,
    Joshua Stein, Juan Francisco Cantero Hurtado, Kazuya Goda,
    Kenji Aoyama, Kenneth R Westerback, Kent R. Spillner,
    Kirill Bychkov, Kurt Miller, Landry Breuil, Lawrence Teo,
    Luke Tymowski, Marc Espie, Marcus Glocker, Mark Kettenis,
    Mark Lumsden, Markus Friedl, Martijn van Duren, Martin Natano,
    Martin Pieuchot, Martynas Venckus, Mats O Jansson, Matthew Dempsky,
    Matthias Kilian, Matthieu Herrb, Michal Mazurek, Mike Belopuhov,
    Mike Larkin, Miod Vallat, Nayden Markatchev, Nicholas Marriott,
    Nigel Taylor, Okan Demirmen, Otto Moerbeek, Pascal Stumpf,
    Patrick Wildt, Paul Irofti, Peter Hessler, Philip Guenther,
    Pierre-Emmanuel Andre, Rafael Zalamena, Remi Pointel,
    Renato Westphal, Reyk Floeter, Ricardo Mestre, Richard Procter,
    Robert Nagy, Robert Peichaer, Sasano Takayoshi, Sebastian Benoit,
    Sebastian Reitenbach, Sebastien Marie, Stefan Fritsch, Stefan Kempf,
    Stefan Sperling, Steven Mestdagh, Stuart Cassoff, Stuart Henderson,
    Sunil Nimmagadda, T.J. Townsend, Ted Unangst, Theo Buehler,
    Theo de Raadt, Tim van der Molen, Tobias Stoeckmann, Todd C. Miller,
    Tom Cosgrove, Ulf Brosziewski, Vadim Zhukov, Vincent Gross,
    Visa Hankala, Yasuoka Masahiko, Yojiro Uo

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)