The OpenBSD 5.4 Release

OpenBSD 5.4 ist ein vollständiges BSD-basiertes Betriebssystem (BSD=Berkley Software Distribution, historisches Unix) und wird allgemein als sehr sicher eingeschätzt dank proaktiven Security-Features und integrierter Kryptographie. Dieses Paket enthält die offizielle, gepresste Version von Open-BSD 5.4 auf 3 CDs incl. Aufkleber für die Architekturen i386, AMD64 (64-Bit-PC), PowerPC (Mac) und Sparc64. Durch den Kauf dieses Paketes unterstützen Sie die Weiterentwicklung von Open BSD direkt, da der überwiegende Teil des Verkaufserlöses dem Projekt zugute kommt.

---

This is a partial list of new features and systems included in OpenBSD 5.4. For a comprehensive list, see the changelog leading to 5.4.
New/extended platforms:
OpenBSD/octeon
New platform for systems based on the Cavium Octeon MIPS-compatible processors. Supported machines include:

• Portwell CAM-0100
• Ubiquiti Networks EdgeRouter LITE (no local storage)

Improved hardware support, including:
inteldrm(4) has been overhauled, including:

• Now mostly in sync with Linux 3.8.13.
• Support for Kernel Mode Setting (KMS) including support for additional output types such as DisplayPort.
• Sandy Bridge and newer parts which previously had only ShadowFB acceleration now have full hardware acceleration including use of the 3D rings.
• wsdisplay(4) now attaches to inteldrm(4) and providers a framebuffer console.

vgafb(4/macppc) now supports multiple virtual consoles.
Support for Elantech touchpads version 4 (clickpad) added to pms(4).

Generic network stack improvements:

• Reworked checksum handling for network protocols.

Routing daemons and other userland network improvements:

• Support SSL inspection in relayd(8).
• Added slowcgi(8), a libevent-based FastCGI implementation.
• Enabled ECDHE support in httpd(8).
• Do not start inetd(8) by default any more.

OpenSMTPD 5.3.3:
Performance improvements:

• Don't require the kernel lock when processing audio interrupts.
• Improved kernel bcopy/memmove/memcpy implementations and made more careful choices between them.
• Implemented symbol caching and RELCOUNT/RELACOUNT optimizations in ld.so(1).
Threading improvements:

• Closed various race conditions between exit/fork/execve/__tfork/__threxit/ptrace in both the kernel and libpthread.
Assorted improvements:
• Added a locale(1) utility.
• Added ltrace(1), a tool to trace PLT calls.
• Added a new implementation of cu(1).
• Added shm_open(3)/shm_unlink(3).
• Added getprogname(3)/setprogname(3).
• Added clock_getcpuclockid(3) and pthread_getcpuclockid(3).
• Added fmemopen(3).
• Added open_memstream(3)/open_wmemstream(3).
• Added memmem(3).
• Added fdatasync(2).
• Added ppoll(2).
• Added pselect(2).
• Added utrace(2).
• Switched the VAX platform to ELF.
• Fixed kernel profiling on multiprocessor systems.
• Experimental support for fuse(4).
• Added support for write_opt=nodir and the 'path' and 'linkpath' extended headers to pax(1) (aka tar(1)).
• Brought getconf(1) up to date with recent POSIX updates.
• Added -L and -P options to ln(1).
• More structures and symbolic values displayed by kdump(1).
• The standard oodles of manpage improvements.

OpenSSH 6.3:
New features:

• sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards.
• ssh(1) and sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config(5) as well as on the client.
• sshd(8): standardise logging of information during user authentication.
• ssh(1): add the ability to query supported ciphers, MAC algorithms, key types and key exchange methods.
• ssh(1): support ProxyCommand=- to allow support cases where stdin and stdout already point to the proxy.
• ssh(1): allow IdentityFile=none.
• ssh(1) and sshd(8): add -E option to ssh(1) and sshd(8) to append debugging logs to a specified file instead of stderr or syslog.
• sftp(1): add support for resuming partial downloads using the reget command and on the sftp(1) commandline or on the get commandline using the -a (append) option.
• ssh(1): add an IgnoreUnknown configuration option to selectively suppress errors arising from unknown configuration directives.
• sshd(8): add support for submethods to be appended to required authentication methods listed via AuthenticationMethods.
The following significant bugs have been fixed in this release:
• sshd(8): fix refusal to accept certificate if a key of a different type to the CA key appeared in authorized_keys before the CA key.
• ssh(1), ssh-agent(1) and sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps.
• sftp(1): update progressmeter when data is acknowledged, not when it's sent. (bz#2108)
• ssh(1) and ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd. (bz#2125)
• ssh(1): reset the order in which public keys are tried after partial authentication success.
• ssh-agent(1): clean up socket files after SIGINT when in debug mode. (bz#2120)
• ssh(1) and others: avoid confusing error messages in the case of broken system resolver configurations. (bz#2122)
• ssh(1): set TCP nodelay for connections started with -N. (bz#2124)
• ssh(1): correct manual for permission requirements on ~/.ssh/config. (bz#2078)
• ssh(1): fix ControlPersist timeout not triggering in cases where TCP connections have hung. (bz#1917)
• ssh(1): properly deatch a ControlPersist master from its controlling terminal.
• sftp(1): avoid crashes in libedit when it has been compiled with multi-byte character support. (bz#1990)
• sshd(8): when running sshd -D, close stderr unless we have explicitly requested logging to stderr. (bz#1976)
• ssh(1): fix incomplete bzero. (bz#2100)
• sshd(8): log and error and exit if ChrootDirectory is specified and running without root privileges.
• Many improvements to the regression test suite. In particular log files are now saved from ssh(1) and sshd(8) after failures.
• Fix a number of memory leaks. (bz#1967, bz#2096 and others)
• sshd(8): fix public key authentication when a :style is appended to the requested username.
• ssh(1): do not fatally exit when attempting to cleanup multiplexing-created channels that are incompletely opened. (bz#2079)

Over 7,800 ports, major performance and stability improvements in the package build process
• The parallel ports builder is more efficient. The main improvement is that dpb consumes much less cpu on busy boxes, but there are lots of small optimizations that amount to a large performance increase: dpb can now build selected large ports using parallel make, and it has a notion of affinity, so that ports failing on a cluster will be preferentially restarted on the same machine.

Many pre-built packages for each architecture:

• i386: 7976
• sparc64: 6959
• alpha: 6062
• sh: 1111
• amd64: 7941
• powerpc: 7483
• sparc: 4823
• arm: 5582
• hppa: 6607
• vax: 2226
• mips64: 6739
• mips64el: 6306

Some highlights:

• GNOME 3.8.3
• KDE 3.5.10
• Xfce 4.10
• MySQL 5.1.70
• PostgreSQL 9.2.4
• Postfix 2.10.1
• OpenLDAP 2.3.43 and 2.4.35
• Mozilla Firefox 3.6.28 and 22.0
• Mozilla Thunderbird 17.0.7
• GHC 7.6.3
• LibreOffice 4.0.4.2
• Emacs 21.4 and 24.3
• Vim 7.3.850
• PHP 5.2.17 and 5.3.27
• Python 2.7.5 and 3.3.2
• Ruby 1.8.7.374, 1.9.3.448 and 2.0.0.247
• Tcl/Tk 8.4.20, 8.5.14 and 8.6.0
• JDK 1.6.0.32 and 1.7.0.21
• Mono 2.10.9
• Chromium 28.0.1500.45
• Groff 1.22.2
• Go 1.1.1
• GCC 4.6.4 and 4.8.1
• LLVM/Clang 3.3
• Node.js 0.10.12

As usual, steady improvements in manual pages and other documentation.

The system includes the following major components from outside suppliers:

• Xenocara (based on X.Org 7.7 with xserver 1.14.1 + patches, freetype 2.4.12, fontconfig 2.10.91, Mesa 7.11.2, xterm 293, xkeyboard-config 2.7 and more)
• Gcc 4.2.1 (+patches), 3.3.6 (+ patches) and 2.95.4 (+ patches)
• Perl 5.16.3 (+ patches)
• Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
• Nginx 1.4.1 (+ patches)
• OpenSSL 1.0.1c (+ patches)
• SQLite 3.7.17 (+ patches)
• Sendmail 8.14.7, with libmilter
• Bind 9.4.2-P2 (+ patches)
• NSD 3.2.15
• Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
• Sudo 1.7.2p8
• Ncurses 5.7
• Heimdal 1.5.2 (+ patches)
• Binutils 2.15 (+ patches)
• Gdb 6.3 (+ patches)
• Less 444 (+ patches)
• Awk Aug 10, 2011 version