[continued from previous message]
o Merged client/server version negotiation code paths into one,
reducing much duplicate code.
o Removed error function codes from libssl and libcrypto.
o Fixed an issue where a truncated packet could crash via an OOB
read.
o Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
client-initiated renegotiation. This is the default for libtls
servers.
o Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being
used without the constant time flag being set. Reported by Cesar
Pereida Garcia and Billy Brumley (Tampere University of
Technology). The fix was developed by Cesar Pereida Garcia.
o iOS and MacOS compatibility updates from Simone Basso and Jacob
Berkman.
o Added the recallocarray(3) memory allocation function, and
converted various places in the library to use it, such as CBB and
BUF_MEM_grow. recallocarray(3) is similar to reallocarray. Newly
allocated memory is cleared similar to calloc(3). Memory that
becomes unallocated while shrinking or moving existing allocations
is explicitly discarded by unmapping or clearing to 0.
o Added new root CAs from SECOM Trust Systems / Security
Communication of Japan.
o Added EVP interface for MD5+SHA1 hashes.
o Improved nc(1) TLS handshake CPU usage and server-side error
reporting.
o Added a constant time version of BN_gcd and use it default for
BN_gcd to avoid the possibility of sidechannel timing attacks
against RSA private key generation - Thanks to Alejandro Cabrera
- mandoc 1.14.1
o New mandoc.db(5) file format: man(1), apropos(1), and
makewhatis(8) no longer need SQLite3.
o Much improved HTML output and CSS.
o In man(1), internal searching with less(1) :t has been improved.
o New mandoc(1) -mdoc -T markdown output mode (already a post-1.14.1
feature).
- Ports and packages:
o Many pre-built packages for each architecture:
- alpha: 7413 - mips64: 8072
- amd64: 9714 - mips64el: 6880
- arm: 7501 - powerpc: 7703
- hppa: 6422 - sparc64: 8606
- i386: 9697
- Some highlights:
o Afl 2.39b o Mutt 1.8.0
o Chromium 57.0.2987.133 o Node.js 6.10.1
o Emacs 21.4 and 24.5 o Ocaml 4.03.0
o GCC 4.9.4 o OpenLDAP 2.3.43 and 2.4.44
o GHC 7.10.3 o PHP 5.5.38, 5.6.30 and 7.0.16
o Gimp 2.8.18 o Postfix 3.2.0 and 3.3-20170218
o GNOME 3.22.2 o PostgreSQL 9.6.2
o Go 1.8 o Python 2.7.13, 3.4.5, 3.5.2 and
o Groff 1.22.3 3.6.0
o JDK 7u80 and 8u121 o R 3.3.3
o KDE 3.5.10 and 4.14.3 (plus o Ruby 1.8.7.374, 2.1.9, 2.2.6,
KDE4 core updates) 2.3.3 and 2.4.1
o LLVM/Clang 4.0.0 o Rust 1.16.0
o LibreOffice 5.2.4.2 o Sendmail 8.15.2
o Lua 5.1.5, 5.2.4, and 5.3.4 o SQLite 3.17.0
o MariaDB 10.0.30 o Sudo 1.8.19.2
o Mono 4.6.2.6 o Tcl/Tk 8.5.18 and 8.6.4
o Mozilla Firefox 52.0.2esr and o TeX Live 2015
52.0.2 o Vim 8.0.0388
o Mozilla Thunderbird 45.8.0 o Xfce 4.12
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
o Xenocara (based on X.Org 7.7 with xserver 1.18.3 + patches,
freetype 2.7.1, fontconfig 2.12.1, Mesa 13.0.6, xterm 327,
xkeyboard-config 2.20 and more)
o LLVM/Clang 4.0.0 (+ patches)
o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
o Perl 5.24.1 (+ patches)
o NSD 4.1.15
o Unbound 1.6.1
o Ncurses 5.7
o Binutils 2.17 (+ patches)
o Gdb 6.3 (+ patches)
o Awk Aug 10, 2011 version
o Expat 2.1.1
If you'd like to see a list of what has changed between OpenBSD 6.0
and 6.1, look at
http://www.OpenBSD.org/plus61.html
Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------
We provide patches for known security threats and other important
issues discovered after each release. Our continued research into
security means we will find new security problems -- and we always
provide patches as soon as possible. Therefore, we advise regular
visits to
http://www.OpenBSD.org/security.html
and
http://www.OpenBSD.org/errata.html
------------------------------------------------------------------------
- MAILING LISTS AND FAQ ------------------------------------------------
Mailing lists are an important means of communication among users and developers of OpenBSD. For information on OpenBSD mailing lists, please
see:
http://www.OpenBSD.org/mail.html
You are also encouraged to read the Frequently Asked Questions (FAQ) at:
http://www.OpenBSD.org/faq/
------------------------------------------------------------------------
- DONATIONS ------------------------------------------------------------
The OpenBSD Project is volunteer-driven software group funded by
donations. Besides OpenBSD itself, we also develop important software
like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet
filter, the quality work of our ports development process, and many
others. This ecosystem is all handled under the same funding umbrella.
We hope our quality software will result in contributions that maintain
our build/development infrastructure, pay our electrical/internet costs,
and allow us to continue operating very productive developer hackathon
events.
All of our developers strongly urge you to donate and support our future efforts. Donations to the project are highly appreciated, and are
described in more detail at:
http://www.OpenBSD.org/donations.html
------------------------------------------------------------------------
- OPENBSD FOUNDATION ---------------------------------------------------
For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation (
http://www.openbsdfoundation.org) is a Canadian not-for-profit corporation that can accept larger contributions and
issue receipts. In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses.
There may also be exposure benefits since the Foundation may be
interested in participating in press releases. In turn, the Foundation
then uses these contributions to assist OpenBSD's infrastructure needs.
Contact the foundation directors at
directors@openbsdfoundation.org for
more information.
------------------------------------------------------------------------
- RELEASE SONGS --------------------------------------------------------
Every OpenBSD release is accompanied by artwork and a song. OpenBSD 6.1
comes with the song "Winter of 95".
Lyrics (and an explanation) of the song may be found at:
http://www.OpenBSD.org/lyrics.html#61
------------------------------------------------------------------------
- HTTP INSTALLS --------------------------------------------------------
OpenBSD can be easily installed via HTTP downloads. Typically you need
a single small piece of boot media (e.g., a USB flash drive) and then
the rest of the files can be installed from a number of locations,
including directly off the Internet. Follow this simple set of
instructions to ensure that you find all of the documentation you will
need while performing an install via HTTP.
1) Read either of the following two files for a list of HTTP
mirrors which provide OpenBSD, then choose one near you:
http://www.OpenBSD.org/ftp.html
http://ftp.openbsd.org/pub/OpenBSD/ftplist
As of April 11, 2017, the following HTTP mirror sites have the 6.1 release:
http://ftp.eu.openbsd.org/pub/OpenBSD/6.1/ Stockholm, Sweden
http://ftp.bytemine.net/pub/OpenBSD/6.1/ Oldenburg, Germany
http://ftp.ch.openbsd.org/pub/OpenBSD/6.1/ Zurich, Switzerland
http://ftp.fr.openbsd.org/pub/OpenBSD/6.1/ Paris, France
http://ftp5.eu.openbsd.org/pub/OpenBSD/6.1/ Vienna, Austria
http://mirror.aarnet.edu.au/pub/OpenBSD/6.1/ Brisbane, Australia
http://ftp.usa.openbsd.org/pub/OpenBSD/6.1/ CO, USA
http://ftp5.usa.openbsd.org/pub/OpenBSD/6.1/ CA, USA
http://mirror.esc7.net/pub/OpenBSD/6.1/ TX, USA
The release is also available at the master site:
http://ftp.openbsd.org/pub/OpenBSD/6.1/ Alberta, Canada
However it is strongly suggested you use a mirror.
Other mirror sites may take a day or two to update.
2) Connect to that HTTP mirror site and go into the directory
pub/OpenBSD/6.1/ which contains these files and directories.
This is a list of what you will see:
ANNOUNCEMENT amd64/ luna88k/ sgi/
Changelogs/ arm64/ macppc/ sparc64/
README armv7/ octeon/ src.tar.gz
SHA256 hppa/ packages/ sys.tar.gz
SHA256.sig i386/ ports.tar.gz tools/
alpha/ landisk/ root.mail xenocara.tar.gz
It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.
README - generic README
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).
3) Read the README file. It is short, and a quick read will make
sure you understand what else you need to fetch.
4) Next, go into the directory that applies to your architecture,
for example, amd64. This is a list of what you will see:
BOOTIA32.EFI* bsd* floppy61.fs pxeboot*
BOOTX64.EFI* bsd.mp* game61.tgz xbase61.tgz
BUILDINFO bsd.rd* index.txt xfont61.tgz
INSTALL.amd64 cd61.iso install61.fs xserv61.tgz
SHA256 cdboot* install61.iso xshare61.tgz
SHA256.sig cdbr* man61.tgz
base61.tgz comp61.tgz miniroot61.fs
If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
and install61.iso. The install61.iso file (roughly 220MB in size)
is a one-step ISO-format install CD image which contains the various
*.tgz files so you do not need to fetch them separately.
If you prefer to use a USB flash drive, fetch install61.fs and
follow the instructions in INSTALL.amd64.
5) If you are an expert, follow the instructions in the file called
README; otherwise, use the more complete instructions in the
file called INSTALL.amd64. INSTALL.amd64 may tell you that you
need to fetch other files.
6) Just in case, take a peek at:
http://www.OpenBSD.org/errata.html
This is the page where we talk about the mistakes we made while
creating the 6.1 release, or the significant bugs we fixed
post-release which we think our users should have fixes for.
Patches and workarounds are clearly described there.
------------------------------------------------------------------------
- X.ORG FOR MOST ARCHITECTURES -----------------------------------------
X.Org has been integrated more closely into the system. This release
contains X.Org 7.7. Most of our architectures ship with X.Org, including amd64, sparc64 and macppc. During installation, you can install X.Org
quite easily. Be sure to try out xenodm(1), our new, simplified X11
display manager forked from xdm(1).
------------------------------------------------------------------------
- PACKAGES AND PORTS ---------------------------------------------------
Many third party software applications have been ported to OpenBSD and
can be installed as pre-compiled binary packages on the various OpenBSD architectures. Please see
http://www.openbsd.org/faq/faq15.html for
more information on working with packages and ports.
Note: a few popular ports, e.g., NSD, Unbound, and several X
applications, come standard with OpenBSD and do not need to be installed separately.
------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------
The source code for all four subsystems can be found in the
pub/OpenBSD/6.1/ directory:
xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
The README (
http://ftp.OpenBSD.org/pub/OpenBSD/6.1/README) file explains
how to deal with these source files.
------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------
Ports tree and package building by Pierre-Emmanuel Andre, Landry Breuil,
Visa Hankala, Stuart Henderson, Peter Hessler, Paul Irofti, and
Christian Weisgerber. Base and X system builds by Kenji Aoyama,
Theo de Raadt, Jonathan Gray, and Visa Hankala.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who bought our previous CD sets. Those who did not
support us financially have still helped us with our goal of improving
the quality of the software.
Our developers are:
Aaron Bieber, Adam Wolk, Alexander Bluhm, Alexander Hall,
Alexandr Nedvedicky, Alexandr Shadchin, Alexandre Ratchov,
Andrew Fresh, Anil Madhavapeddy, Anthony J. Bentley,
Antoine Jacoutot, Benoit Lecocq, Bob Beck, Brandon Mercer,
Brent Cook, Bret Lambert, Bryan Steele, Can Erkin Acar,
Charles Longeau, Chris Cappuccio, Christian Weisgerber,
Christopher Zimmermann, Claudio Jeker, Dale Rahn, Damien Miller,
Daniel Boulet, Daniel Dickman, Daniel Jakots, Darren Tucker,
David Coppa, David Gwynne, David Hill, Dmitrij Czarkoff, Doug Hogan,
Edd Barrett, Eric Faurot, Florian Obser, Frederic Cambus,
Gerhard Roth, Giannis Tsaraias, Gilles Chehade, Giovanni Bechis,
Gleydson Soares, Gonzalo L. Rodriguez, Henning Brauer, Ian Darwin,
Igor Sobrado, Ingo Feinerer, Ingo Schwarze, Inoguchi Kinichiro,
James Turner, Jason McIntyre, Jasper Lievisse Adriaanse,
Jeremie Courreges-Anglas, Jeremy Evans, Joel Sing, Joerg Jung,
Jonathan Armani, Jonathan Gray, Jonathan Matthew, Joris Vink,
Joshua Stein, Juan Francisco Cantero Hurtado, Kazuya Goda,
Kenji Aoyama, Kenneth R Westerback, Kent R. Spillner,
Kirill Bychkov, Kurt Miller, Landry Breuil, Lawrence Teo,
Luke Tymowski, Marc Espie, Marcus Glocker, Mark Kettenis,
Mark Lumsden, Markus Friedl, Martijn van Duren, Martin Natano,
Martin Pieuchot, Martynas Venckus, Mats O Jansson, Matthew Dempsky,
Matthias Kilian, Matthieu Herrb, Michal Mazurek, Mike Belopuhov,
Mike Larkin, Miod Vallat, Nayden Markatchev, Nicholas Marriott,
Nigel Taylor, Okan Demirmen, Otto Moerbeek, Pascal Stumpf,
Patrick Wildt, Paul Irofti, Peter Hessler, Philip Guenther,
Pierre-Emmanuel Andre, Rafael Zalamena, Remi Pointel,
Renato Westphal, Reyk Floeter, Ricardo Mestre, Richard Procter,
Robert Nagy, Robert Peichaer, Sasano Takayoshi, Sebastian Benoit,
Sebastian Reitenbach, Sebastien Marie, Stefan Fritsch, Stefan Kempf,
Stefan Sperling, Steven Mestdagh, Stuart Cassoff, Stuart Henderson,
Sunil Nimmagadda, T.J. Townsend, Ted Unangst, Theo Buehler,
Theo de Raadt, Tim van der Molen, Tobias Stoeckmann, Todd C. Miller,
Tom Cosgrove, Ulf Brosziewski, Vadim Zhukov, Vincent Gross,
Visa Hankala, Yasuoka Masahiko, Yojiro Uo
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)