ProHoster > Blog > internet news > Release of OpenBSD 7.0

Release of OpenBSD 7.0

The release of the free cross-platform UNIX-like operating system OpenBSD 7.0 is presented. It is noted that this is the 51st edition of the project, which will turn 18 on October 26. The OpenBSD project was founded by Theo de Raadt in 1995 after a conflict with the NetBSD developers that denied Theo access to the NetBSD CVS repository. After that, Theo de Raadt and a group of like-minded people created a new open operating system based on the NetBSD source tree, the main development goals of which were portability (13 hardware platforms are supported), standardization, correct operation, proactive security and integrated cryptographic tools. The size of the full installation ISO image of the base OpenBSD 7.0 system is 554 MB.

In addition to the operating system itself, the OpenBSD project is known for its components, which have become widespread in other systems and have proven to be one of the most secure and high-quality solutions. Among them: LibreSSL (OpenSSL fork), OpenSSH, PF packet filter, OpenBGPD and OpenOSPFD routing daemons, OpenNTPD NTP server, OpenSMTPD mail server, text terminal multiplexer (similar to GNU screen) tmux, identd daemon with IDENT protocol implementation, BSDL alternative to the GNU groff package - mandoc, CARP (Common Address Redundancy Protocol) protocol for organizing fault-tolerant systems, lightweight http server, OpenRSYNC file synchronization utility.

Main improvements:

  • Added a port for 64-bit systems based on the RISC-V architecture. Currently, work is supported on HiFive Unmatched boards and partially on PolarFire SoC Icicle Kit.
  • The port for ARM64 platforms has improved, but is still incomplete, support for Apple devices with the M1 processor. It currently supports installing OpenBSD on a GPT disk and has drivers for USB 3, NVME, GPIO, and SPMI. In addition to M1, the ARM64 port also expands support for Raspberry Pi 3 Model B+ and boards based on the Rockchip RK3399 SoC.
  • For the AMD64 architecture, the GCC compiler is disabled by default (only Clang is left). GCC was previously disabled for armv7 and i386 architectures.
  • Support for the SGI platform has been discontinued.
  • For amd64, arm64, i386, sparc64, and powerpc64 platforms, by default, the kernel build with support for the dt dynamic tracing system is enabled. Added kprobes provider to collect information about events at the kernel level.
  • btrace now supports the "<" and ">" operators in filters and displays the time spent in user space when parsing the kernel stack.
  • Added configuration file /etc/bsd.re-config which can be used to configure the kernel at boot time and enable/disable certain devices.
  • Detection of the presence of TPM 2.0 devices and correct execution of commands to enter sleep mode (resolves the problem of waking up ThinkPad X1 Carbon Gen 9 and ThinkPad X1 Nano laptops).
  • Implementation of kqueue has been changed to use mutex.
  • Implemented the ability to configure the buffer size for PF_UNIX sockets via sysctl. The default buffer size has been increased to 8 KB.
  • Improved support for multiprocessor systems (SMP). Converted pmap_extract() call to mp-safe on hppa and amd64 systems. The code for counting references to anonymous objects, part of the exception handler, and the lseek, connect, and setrtable functions have been derived from the general kernel lock. Implemented separate message buffers for each CPU core when crashing (panic).
  • The implementation of the drm framework (Direct Rendering Manager) is synchronized with the Linux 5.10.65 kernel. The inteldrm driver has improved support for Intel chips based on the Tiger Lake microarchitecture. The amdgpu driver supports Navi 12, Navi 21 "Sienna Cichlid", Arcturus GPUs and Cezanne "Green Sardine" Ryzen 5000 APUs.
  • Added support for new hardware, including Aquantia AQC111U/AQC112U USB Ethernet, Aquantia 1/2.5/5/10Gb/s PCIe Ethernet, Cadence GEM, Broadcom BCM5725, RTL8168FP/RTL8111FP/RTL8117 Improved support for Intel platforms based on Tiger Lake microarchitecture. Added a ucc driver for USB HID Consumer Control keyboards that use application launch, audio control, and volume buttons.
  • Improvements have been made to the VMM hypervisor. Added limit of 512 VCPU per virtual machine. Fixed issues with VCPU locks. The backend for managing vmd virtual machines now supports protection against guest systems with malicious virtio drivers.
  • The timeout utility has been ported from NetBSD to allow you to limit the execution time of commands.
  • The openrsync file synchronization utility implements the "include" and "exclude" options.
  • The ps utility provides information about related groups.
  • Added "dired-jump" command to mg text editor.
  • Improved support for 4K sector size disks in the fdisk and newfs utilities. fdisk redesigned MBR/GPT initialization code and added recognition of GPT partitions "BIOS Boot", "APFS", "APFS ISC", "APFS Recovry" (sic), "HiFive FSBL" and "HiFive BBL". Added "-A" option to initialize GPT without deleting boot partitions.
  • In the traceroute utility, processing of test packets and DNS queries in asynchronous mode is implemented to speed up work.
  • The doas utility provides three password attempts.
  • xterm provides filesystem access isolation with the unveil() system call. The ftpd processes are protected by the pledge call.
  • Implemented output to the log of information about the incorrect use of the format parameter "%n" in the printf function.
  • iked's implementation of IPsec adds support for client-side DNS configuration.
  • snmpd disables support for SNMPv1 and SNMPv2c by default in favor of using SNMPv3.
  • The dhcpleased and resolvd processes are enabled by default, providing the ability to configure IPv4 addresses via DHCP. The dhclient utility is left as an option on the system. Added "nameserver" command to route utility to pass DNS server information to resolvd.
  • LibreSSL adds support for the OpenSSL 3 TLSv1.1.1 API and activates a new X.509 validator that supports correct validation of cross-signed certificates.
  • Support for TLS options "cafile=(path)", "nosni", "noverify", and "servername=(name)" has been added to OpenSMTPD. In smtp, it is allowed to select parameters for ciphers and TLS protocols.
  • Updated OpenSSH package. A detailed overview of the improvements can be found here: OpenSSH 8.7, OpenSSH 8.8. Disabled support for rsa-sha digital signatures.
  • The number of ports for the AMD64 architecture was 11325, for aarch64 - 11034, for i386 - 10248. Among the application versions in the ports: FFmpeg 4.4 GCC 8.4.0 and 11.2.0 GNOME 40.4 Go 1.17 JDK 8u302, 11.0.12 and 16.0.2 KDE Applications 21.08.1 KDE Frameworks 5.85.0 LLVM/Clang 11.1.0 LibreOffice 7.2.1.2 Lua 5.1.5, 5.2.4 and 5.3.6 MariaDB 10.6.4 Node.js 12.22.6 PHP 7.3.30, 7.4.23 and 8.0.10 .3.5.12 Postfix 13.4 PostgreSQL 2.7.18 Python 3.8.12, 3.9.7 and 5.15.2 Qt 6.0.4 and 2.6.8 Ruby 2.7.4, 3.0.2 and 1.55.0 Rust 3.35.5 SQLite 4.16 Xfce XNUMX
  • Updated third party components included with OpenBSD 7.0:
    • Xenocara graphics stack based on X.Org 7.7 with xserver 1.20.13 + patches, freetype 2.10.4, fontconfig 2.12.4, Mesa 21.1.8, xterm 367, xkeyboard-config 2.20, fonttosfnt 1.2.2.
    • LLVM/Clang 11.1.0 (+ patches)
    • GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    • Perl 5.32.1 (+ patches)
    • NSD 4.3.7
    • Unbound 1.13.3
    • Ncurses 5.7
    • Binutils 2.17 (+ patches)
    • Gdb 6.3 (+ patch)
    • Awk 18.12.2020/XNUMX/XNUMX
    • Expat 2.4.1

Source: opennet.ru

Add a comment