ProHoster > Blog > internet news > Release of OpenBSD 6.9

Release of OpenBSD 6.9

The release of the free cross-platform UNIX-like operating system OpenBSD 6.9 is presented. It is noted that this is the 50th edition of the project, which will turn 26 this year. The OpenBSD project was founded by Theo de Raadt in 1995 after a conflict with the NetBSD developers that denied Theo access to the NetBSD CVS repository. After that, Theo de Raadt and a group of like-minded people created a new open operating system based on the NetBSD source tree, the main development goals of which were portability (13 hardware platforms are supported), standardization, correct operation, active security and integrated cryptographic tools. The size of the full installation ISO image of the base OpenBSD 6.9 system is 544 MB.

In addition to the operating system itself, the OpenBSD project is known for its components, which have become widespread in other systems and have proven to be one of the most secure and high-quality solutions. Among them: LibreSSL (OpenSSL fork), OpenSSH, PF packet filter, OpenBGPD and OpenOSPFD routing daemons, OpenNTPD NTP server, OpenSMTPD mail server, text terminal multiplexer (similar to GNU screen) tmux, identd daemon with IDENT protocol implementation, BSDL alternative to the GNU groff package - mandoc, CARP (Common Address Redundancy Protocol) protocol for organizing fault-tolerant systems, lightweight http server, OpenRSYNC file synchronization utility.

Main improvements:

  • Added RAID1C mode to softraid driver with implementation of software RAID1 with data encryption.
  • Two new background processes, dhcpleased and resolvd, are included, which work in conjunction with slaacd and unwind to automatically configure network interfaces and resolve DNS names. dhcpleased implements DHCP to obtain IP addresses, and resolvd manages the content of resolv.conf based on nameserver information provided by dhcpleased, slaacd, and drivers like umb.
  • Added initial support for Apple devices with M1 processor. This includes recognition of Apple Icestorm/Firestorm arm64 cores and added support for BCM4378 wireless chips used in the Apple M1 SoC.
  • Improved support for the powerpc64 platform developed for 64-bit systems based on POWER8 and POWER9 processors. Compared to the previous release for powerpc64, support for the RETGUARD protection mechanism was implemented, the astfb driver for the Aspeed BMC framebuffer was added, problems with the operation of the radeondrm and amdgpu drivers on systems with AMD GPUs were resolved, the ability to network boot was added to the kernel assemblies for the ramdisk, support for modes was added POWER9 CPU power saving, added support for floating point exceptions, implemented IPMI support for PowerNV systems.
  • For ARM64 platforms, support for Cortex-A78AE, Cortex-X1, and Neoverse V1 CPUs is provided, ARM64-optimized copyin, copyout, and kcopy call options are implemented, a cryptox driver is added to support ARMv8 cryptoextensions, and an smmu driver for RM System MMU with Guard Page support is added. Improved support for Raspberry Pi, Rock Pi N10, NanoPi and Pinebook Pro devices.
  • The sysctl parameter kern.video.record has been added to the video driver, which, by analogy with kern.audio.record, controls the inclusion of an empty image output when trying to capture video (to enable capture, you need to change the value to 1). Allow processes to open the video device multiple times (resolves webcam issues in Firefox and BigBlueButton).
  • Added tracepoints to malloc and free calls to allow dt and btrace to track memory allocation activity. Added '-n' option to btrace to parse the program without doing anything.
  • Improved support for multiprocessor systems (SMP). The implementation of UNIX sockets was removed from the general kernel lock, a common mutex was added for serializing operations with msgbuf, the uvm_pagealloc call was transferred to the mp-safe category, getppid and sendsyslog calls were freed from blocking.
  • Issues in DRM (Direct Rendering Manager) components have been fixed, including crashes in the radeondrm driver on Powerbook5/6 and RV350 systems, DRI3 support in amdgpu and ati drivers has been fixed, device creation in the /dev/dri/ directory has been implemented for compatibility with Linux .
  • Improvements have been made to the VMM hypervisor. Support for loading compressed RAM disks has appeared in the backend for managing vmd virtual machines.
  • Improvements have been made to the sound subsystem. Provided the ability to separately assign sndio audio devices for playback only and recording only. sndiod uses an eighth-order finite impulse response (FIR) low-pass filter to eliminate aliasing noise during resampling. By default, the function of automatically reducing the volume when a new program starts playing (autovolume) is disabled, the volume level is set to 127 as the default value. Audio mixing from alternative devices is allowed, which differ in the level of functionality supported in sndiod.
  • The build and installation of the LLDB debugger is enabled by default.
  • Support for the logger handler has been added to rcctl, rc.subr and rc.d, which makes it possible to organize the output of logs from background processes that send data to stdout / stderr.
  • For touchpads, the ability to customize the button layout via wsconsctl is provided. wscons has improved handling of simultaneous touches.
  • For ARM64 devices, the ability to use APM to obtain data on power consumption and battery charge is implemented. The unveil call is used to limit the access of the apmd process to the file system.
  • Expanded hardware support. Added new drivers acpige (for handling ACPI events such as power button presses), pchgpio (for GPIO controllers found on modern Intel PCHs), ujoy (for game controllers), uhidpp (for Logitech HID++ devices). Added support for AMD Vi and Intel VTD IOMMU extensions to isolate PCI devices and block incorrect memory access. Added support for Lynloong LM9002/9003 and LM9013 computers. Added ACPI support to pcamux and imxiic drivers.
  • Improved network adapter support: mvpp (SFP+ and 10G for Marvel Armada Ethernet), mvneta (1000base-x and 2500base-x), mvsw (Marvel SOHO switches), rge (Wake on LAN support), Netgear ProSecure UTM25. Added RA (802.11n Tx Rate Adaptation) support for iwm, iwn and athn wireless drivers. The wireless stack has an automatic selection of 11a / b / g / n / ac modes when using a network interface in the form of an access point.
  • The network stack implements the web (Virtual Ethernet Bridge) driver. Implemented support for monitoring mode, in which packets arriving at the network interface are not passed to the network stack for processing, but traffic analysis mechanisms such as BPF can be applied to them. Added a new type of network interfaces - etherbridge. The possibility (the route sourceaddr command) of redefining the source IP address for programs is provided, bypassing the standard address selection algorithm. Provided automatic lifting of network interfaces when autoconfiguration mode is enabled (AUTOCONF4 and AUTOCONF6).
  • The installer implements the delivery of a compressed ram-disk image (bsd.rd) on all platforms that support such a download.
  • Implemented syslog output of a warning about the use of "%n" string format substitution in printf.
  • Support for Resource Public Key Infrastructure (RPKI) to Router Protocol (RTR) has been added to the OpenBGPD routing daemon. Added "bgpctl show rtr" command to display basic information about RTR sessions.
  • The ospfd and ospf6d code has been restructured in order to unify them with other routing daemons and simplify maintenance. Established support for network interfaces in point-to-point mode.
  • The built-in httpd HTTP server implements new "location (found|notfound)" options to check for the existence of resources.
  • Support for the RRDP protocol (The RPKI Repository Delta Protocol, RFC 8182) has been added to the rpki-client utility. Implemented the ability to specify more than one URI in a TAL file.
  • The dig utility supports RFC 8914 (Extended DNS Error) and RFC 8976 (ZONEMD).
  • Added the ability to specify options in hostname.if files using "dhcp" strings in dhclient.
  • The snmpd daemon has full support for converting Trapv1 to Trapv2 (RFC 3584). New read, write, and notify keywords have been added to snmpd.conf. The snmp utility implements support for SMI enums.
  • Added support for DNS64 and accepting connections via TCP port to unwind DNS resolver.
  • Support for persistent redirects (RFC 7538) and the ability to send an If-Modified-Since header when sending HTTP/HTTPS requests has been added to the ftp utility.
  • Added "-a" option to OpenSMTPD to perform authentication before sending a message. Encryption tools have been converted to use the libtls library. Listening sockets for TLS implement the ability to configure multiple certificates based on the domain name (SNI).
  • Support for the DTLSv1.2 protocol has been added to LibreSSL. Implemented the ability to build only libtls ('--enable-libtls-only') without libcrypto and libssl.
  • Updated OpenSSH package. A detailed overview of the improvements can be found here: OpenSSH 8.5, OpenSSH 8.6.
  • The number of ports for the AMD64 architecture was 11310, for aarch64 - 10943, for i386 - 10468. Among the application versions in the ports: Xfce 4.16, Asterisk 18.3.0, Chromium 90.0.4430.72, FFmpeg 4.3.2, GCC 8.4.0, GNOME 3.38, Go 1.16.2, KDE Applications 20.12.3, Krita 4.4.3, LLVM/Clang 10.0.1, LibreOffice 7.0.5.2, Lua 5.3.6, MariaDB 10.5.9, Firefox 88.0 and ESR 78.10.0, Thunderbird 78.10.0 , Node.js 12.16.1, PHP 8.0.3, Postfix 3.5.10, PostgreSQL 13.2, Python 3.9.2, Ruby 3.0.1, Rust 1.51.0.

    Updated third party components included with OpenBSD 6.9:

    • Xenocara graphics stack based on X.Org 7.7 with xserver 1.20.10 + patches, freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 367, xkeyboard-config 2.20, fonttosfnt 1.2.1.
    • LLVM/Clang 10.0.1 (+ patches)
    • GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    • Perl 5.32.1 (+ patches)
    • NSD 4.3.6
    • Unbound 1.13.1
    • Ncurses 5.7
    • Binutils 2.17 (+ patches)
    • Gdb 6.3 (+ patch)
    • Awk 18.12.2020/XNUMX/XNUMX
    • Expat 2.2.10

A new song "Vetera Novis" is timed to coincide with the release of OpenBSD 6.9.

Source: opennet.ru

Add a comment