OpenBSD 3.4 Released

Post by petruha » 10:40 Friday 31 Oct 2003

We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a
little early and protect yourself from ghosts and goblins.

- OpenBSD 3.4 RELEASED -------------------------------------------------

Nov 1, 2003.

We are pleased to announce the official release of OpenBSD 3.4.
This is our 14th release on CD-ROM (and 15th via FTP). We remain
proud of OpenBSD's record of seven years with only a single remote
hole in the default install. As in our previous releases, 3.4
provides significant improvements, including new features, in nearly
all areas of the system:

- Ever-improving security (

o W^X (pronounced: "W xor X") improvements, especially on the i386
architecture. Native i386 binaries have their executable segments
rearranged to support isolating code from data, and the cpu CS limit
is used to impose a best effort limit on code execution.

o on ELF platforms now loads libraries in a randomized order.
Furthermore, on the i386 architecture, libraries and executable code
are mapped at random addresses. Together with W^X and ProPolice, these
changes increase the difficulty of successfully exploiting an
application error.

o A static bounds checker has been added to the system compiler, designed
to detect improper use of string and buffer manipulation functions.
Through use of this checker, hundreds of bugs of in the source and
ports trees were found and fixed.

o Privilege separation has been implemented for the syslog daemon, making
it much more robust against future errors. The child which listens to
network traffic now runs as a normal user and chroots itself, while
the parent process tracks the state of the child and performs privileged
operations on its behalf.

o Thousands of occurrences of unsafe library calls such as strcpy(),
strcat() and sprintf() have been changed to the safer alternatives
strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most
intensive audits yet performed by the OpenBSD project. The kernel is
now completely free of these functions, as is most of the userland
source tree.

o Many improvements and bug fixes in the ProPolice stack protector.
Several other code generation bugs for RISC architectures were also
found and fixed.

o The kernel is now also compiled with the ProPolice stack protector.

o Privilege separation has been implemented in the X server.
The privileged child process is responsible for the operations that
cannot be done after the main process has switched to a non-privileged
user. This greatly reduces the potential damage that could be caused
by malicious X clients, in case of bugs in the X server.

o Emulation support for binary compatibility is now controlled via
sysctl. Emulation is now disabled by default to limit exposure to
malicious binaries, and can be enabled in sysctl.conf(5).

o The ports tree now supports building programs with systrace(1),
reducing the risk of harm at compile time via trojaned configure

- Improved hardware support (

o Support for AES instruction on just released VIA C3 processors,
capable of 1.6Gbit/s AES128-CBC in openssl(1) speed tests.

o Kauai ATA controllers (Apple ATA100 wdc) enabling support for
Powerbook 12" and 17" models.

o Support for controlling LongRun registers on Transmeta CPUs.

o Many fixes to aac(4), ahc(4), osiop(4), siop(4) SCSI drivers.

o New it(4), lm(4) and viaenv(4) hardware monitor drivers.

o New safe(4) driver for SafeNet crypto accelerators.

o New mtd(4) driver for Myson Technologies network cards.

o More ethernet cards supported by sk(4), wi(4), fxp(4), and dc(4).

o Massive overhaul and sync with NetBSD of the entire usb(4) system.

o New and better support for various controllers in pciide(4), including
experimental support for Serial ATA controllers.

o New drivers to support mgx(4) and pninek(4) SPARC framebuffers.
The vigra(4) driver also supports more models.

o pcmcia(4) support for Tadpole SPARCBooks and SPARCs with pcmcia-sbus

- Major improvements in the pf packet filter, including:

o Packet tagging (e.g. filter on tags added by bridge based on MAC address)

o Stateful TCP normalization (prevent uptime calculation and NAT detection)

o Passive OS detection (filter or redirect connections based on source OS)

o SYN proxy (protect servers against SYN flood attacks)

o Adaptive state timeouts (prevent state table overflows under attack)

- New features and significant bug-fixes included with 3.4

o Symbol caching in reducing the start up time of large applications.

o More licenses fixes, including the removal of the advertising clause
for large parts of the source tree.

o Replacement of GNU diff/diff3, grep/egrep/fgrep/zgrep/zegrep/zfgrep,
and gzip/zcat/gunzip/gzcat/zcmp/zmore/zdiff/zforce/gzexe/znew with BSD
licensed equivalents.

o Addition of read-only support for NTFS file systems.

o Reliability improvements to layered file systems, enabling NULLFS
to work again.

o Import of growfs(8) utility, allowing expansion of existing file systems.

o Improvements to the Linux emulator enabling more applications to run
with greater stability.

o Significant improvements to the pthread library.

o Replace many static fd_set uses, to instead use poll(2) or dynamic

o ANSIfication and stricter prototypes for a large portion of the source tree.

o Legacy KerberosIV support has been removed, and the remaining KerberosV
codebase has been restructured for easier management.

o USER_LDT option now controllable via sysctl.

o Many, many man page improvements.

- The "ports" tree is greatly improved (

o The 3.4 CD-ROMs ship with many pre-built packages for the common
architectures. The FTP site contains hundreds more packages
(for the important architectures) which we could not fit onto
the CD-ROMs (or which had prohibitive licenses).

- The system includes the following major components from outside suppliers:

o XFree86 4.3.0 (+ patches).

o gcc 2.95.3 (+ patches and ProPolice).

o Perl 5.8.0 (+ patches).

o Apache 1.3.28 and mod_ssl 2.8.15, DSO support (+ patches).

o OpenSSL 0.9.7b (+ patches).

o Groff 1.15.

o Sendmail 8.12.9.

o Bind 9.2.2 (+ patches).

o Lynx 2.8.4rel.1 with HTTPS and IPv6 support (+ patches)

o Sudo 1.6.7p5.

o Ncurses 5.2.

o KAME-stable IPv6.

o Heimdal 0.6rc1 (+ patches)

o Arla-current

o OpenSSH 3.7.1

If you'd like to see a list of what has changed between OpenBSD 3.3
and 3.4, look at

Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.

Post by Vells » 18:39 Friday 31 Oct 2003

Ir OK. Tikai lai iisaak varbuut var Linku naakoshreiz paluugt?
thnx par sapratni jau ieprieksh
search.php , ja nau gaaz valjaa

OpenBSD 3.2 End Of Life

Post by petruha » 11:30 Wednesday 5 Nov 2003

OpenBSD 3.2 End Of Life

Due to the release of OpenBSD 3.4, the 3.2-STABLE branch will be
be out of regular maintainance starting today.
There will be NO MORE fixes commited to this branch nor new patches.

People relying on 3.2-STABLE (or older releases even) are strongly
advised to upgrade to a more recent release (preferrably 3.4 as it
was released on Oct 30th) as soon as possible.


Post by edgars » 19:07 Thursday 6 Nov 2003

aaah... man vot kaarteejo reizi kaukaadas probleemas ar X'iem.
shoreiz pat konfiguatoru nevar palaist. dziivosim redzeesim =)

Post by petruha » 09:56 Friday 7 Nov 2003

nu a kaadus x'us tu liki? pats buildoji vai izmantoji obsd packages vai sources? un ko vinjsh teu pukst?

Post by edgars » 11:19 Friday 7 Nov 2003

kurnu kauko bildot degunu nepaspeeju apsildiit tai reliizaa. uzliku no ftp. pusliidz kauko sakonfigureeju iznjeemu to ko nevaig man i domaaju moka jaapalaizh kaukaac Xlogs kaa nekaa pieliku tachu klaat. sataisos laist xkonfigu... a shis man saka ej @##!@@#!@. DOmaaju mozh to tur sysctla'a mainoogo aizmirsu nomainiit, bet nee staav 2. ai nu nafig tagad atmetu ar roku pagaidaam, nav iisti laiks ap vinju tur njemties.

Post by petruha » 23:26 Friday 7 Nov 2003

taa arii pateica "ej @##!@@#!@"? :) he, buus kaada lokalizeeta versija gadiijusies :)

Post by Dietrich » 00:44 Saturday 8 Nov 2003

Vot kaa taa dziive iet uz leju... 3.3 es vel priecaajos, kaa X labi liekas un logu menedzeris tiiri smuks - a re ka 3.4 jau nem juzeri prieksha naturaa. Bus janovelk un japamegina (mazohists esu - bet tikai prieksh beastie))

Post by petruha » 18:59 Monday 12 Jan 2004

nu ja kas, tad uzliku openbsd 3.4 i386 iso teiten ar. nau oficiaalais, bet straadaa kaa oficiaalais :)

kaadu laiku tas tur veel pastaavees.

Post by Jurz » 19:10 Monday 12 Jan 2004

kaifa vairaak instalējot vienkārši no vienas disketītes un tad pārējo no weba vai caur reverso kabelīti no portatīvā (:
vismaz laba sajūta, ka visu sho jauko openbsd serveri deplojo no vienas disketes.