ProHoster > Blog > internet news > Release of OpenBSD 7.1

Release of OpenBSD 7.1

The release of the free cross-platform UNIX-like operating system OpenBSD 7.1 is presented. The OpenBSD project was founded by Theo de Raadt in 1995 after a conflict with the NetBSD developers, as a result of which Theo was denied access to the NetBSD CVS repository. After this, Theo de Raadt and a group of like-minded people created a new open operating system based on the NetBSD source tree, the main development goals of which were portability (13 hardware platforms are supported), standardization, correct operation, proactive security and integrated cryptographic tools. The full installation ISO image of the OpenBSD 7.1 base system is 580 MB.

In addition to the operating system itself, the OpenBSD project is known for its components, which have become widespread in other systems and have proven to be one of the most secure and high-quality solutions. Among them: LibreSSL (OpenSSL fork), OpenSSH, PF packet filter, OpenBGPD and OpenOSPFD routing daemons, OpenNTPD NTP server, OpenSMTPD mail server, text terminal multiplexer (similar to GNU screen) tmux, identd daemon with IDENT protocol implementation, BSDL alternative to the GNU groff package - mandoc, CARP (Common Address Redundancy Protocol) protocol for organizing fault-tolerant systems, lightweight http server, OpenRSYNC file synchronization utility.

Main improvements:

  • Support for Mac computers equipped with the Apple M1 (Apple Silicon) ARM chip, such as the Apple M1 Pro/Max and Apple T2 Macs, has been announced as ready-to-use. Added drivers for SPI, I2C, DMA controller, keyboard, touchpad, power and performance management. Provides support for Wi-Fi, GPIO, framebuffer, USB, screen, NVMe drives.
  • Improved support for ARM64 architecture. Added drivers gpiocharger, gpioleds and gpiokeys, providing support for charges, lights and buttons connected to GPIO (for example, this is done in Pinebook Pro). Added new drivers: mpfclock (PolarFire SoC MSS clock controller), cdsdhc (Cadence SD/SDIO/eMMC host controller), mpfiic (PolarFire SoC MSS I2C controller) and mpfgpio (PolarFire SoC MSS GPIO).
  • Improved support for the RISC-V 64 architecture, for which uhid and fido drivers are included, and support for installation on GPT disks.
  • The mount_msdos utility enables the use of long file names by default.
  • The garbage collector code for unix sockets has been reworked.
  • sysctl hw.perfpolicy is set to “auto” by default, which means that full performance mode is enabled when stationary power is connected and the adaptive algorithm is used when powered by a battery.
  • Improved support for multiprocessor (SMP) systems. Event filters for unnamed channels, kqread, audio and sockets, as well as the BPF mechanism, have been transferred to the mp-safe category. The poll, select, ppoll and pselect system calls have been rewritten and are now implemented on top of kqueue. The kevent, getsockname, getpeername, accept and accept4 system calls have been removed from blocking. Added a kernel interface for the load and store atomic functions, allowing the use of int and long types in elements of structures to which reference counting is applied.
  • The implementation of the drm (Direct Rendering Manager) framework is synchronized with the Linux kernel 5.15.26 (last release - 5.10.65). The inteldrm driver has added support for Intel chips based on Elkhart Lake, Jasper Lake and Rocket Lake microarchitectures. The amdgpu driver supports APU/GPU Van Gogh, Rembrandt "Yellow Carp" Ryzen 6000, Navi 22 "Navy Flounder", Navi 23 "Dimgrey Cavefish" and Navi 24 "Beige Goby".
  • Subpixel font rendering is enabled in the FreeType library.
  • Added realpath utility to display the absolute path to a file.
  • Added "ls rogue" command to the rcctl utility to show background processes that are running but not included in rc.conf.local.
  • BPFtrace now supports variables for checks. The scripts kprofile.bt for profiling the kernel stack and runqlat.bt for identifying delays in the scheduler have been added to btrace.
  • Added support for RFC6840 to libc, which defines support for the AD flag and the 'trust-ad' setting for DNSSEC.
  • Apm and apmd include displaying the predicted battery recharge time.
  • The ability to store the capability database in /etc/login.conf.d has been provided to simplify adding your own account classes from packages.
  • Malloc provides caching for memory regions ranging in size from 128k to 2M.
  • The pax archiver supports extended headers with mtime, atime and ctime data.
  • Added a "-k" option to the gzip and gunzip utilities to save the source file.
  • The following options have been added to the openrsync utility: “—compare-dest” to check for the presence of files in additional directories; “—max-size” and “—min-size” to limit file size.
  • Added seq command to print sequences of numbers.
  • The universal software implementation of trigonometric functions has been moved from FreeBSD 13 (assembler implementations for x86 are disabled).
  • The implementation of the lrint, lrintf, llrint and llrintf functions has been moved from FreeBSD (previously the implementation from NetBSD was used).
  • The fdisk utility contains numerous changes and fixes related to working with disk partitions.
  • Added support for new hardware, including Intel PCH GPIO controller (for Cannon Lake H and Tiger Lake H platforms), NXP PCF85063A/TP RTC, Synopsys Designware UART, Intel 2.5Gb Ethernet, SIMCom SIM7600, RTL8156B, MediaTek MT7601U USB wifi, BCM4387 wifi
  • The package includes relicensed firmware for Realtek wireless chips, allowing you to use rsu, rtwn and urtwn drivers without manually downloading firmware.
  • The ixl (Intel Ethernet 700), ix (Intel 82598/82599/X540/X550) and aq (Aquantia AQC1xx) drivers include support for hardware processing of VLAN tags and checksum calculation/verification for IPv4, TCP4/6 and UDP4/6.
  • Added sound driver for Intel Jasper Lake chips. Added support for the XBox One game controller.
  • The IEEE 802.11 wireless stack provides support for 40MHz channels for 802.11n mode and initial support for the 802.11ac (VHT) standard. An optional background scan handler has been added for drivers. When choosing an access point, points with 5GHz channels are now given priority, and only then points with 2GHz channels are selected.
  • The implementation of the vxlan driver has been rewritten, which now works independently of the bridge subsystem.
  • The installer has reworked the logic for calling the pkg_add utility to reduce the intensity of file movements during the update process. The install.site file documents the installation and upgrade setup process. For all architectures, firmware has been added, the distribution of which is allowed in third-party products. To install proprietary firmware available on the installation media, the fw_update utility is used.
  • In xterm, mouse tracking is disabled by default for security reasons.
  • usbhidctl and usbhidaction provide file system access isolation using the unveil system call.
  • By default, dhcpd also provides attachment to network interfaces that are in the inactive state ('down'), in order to ensure that packets are received immediately after the network interface is activated.
  • OpenSMTPD (smtpd) has TLS checking enabled by default for outgoing "smtps://" and "smtp+tls://" connections.
  • httpd has implemented protocol version checking, added the ability to define its own files with error texts, and improved processing of compressed data, including the addition of the gzip-static option to httpd.conf for delivering pre-compressed files with the gzip flag set in the content-encoding header.
  • In IPsec, the proto parameter from iked.conf allows specifying a list of protocols. Added "show certinfo" command to ikectl utility to display trusted CAs and certificates. iked has improved handling of fragmented messages.
  • Added support for checking BGPsec Router public keys to rpki-client and improved checking of X509 certificates. Added cache of verified files. Improved compatibility with RFC 6488.
  • bgpd added the “port” parameter, which can be used in the “listen on” and “neighbor” sections to bind to a non-standard network port number. The code was refactored to work with RIB (Routing Information Base), carried out with an eye to providing multipath support in the future.
  • The console window manager tmux (“terminal multiplexer”) has expanded capabilities for color output. Added pane-border-format, cursor-colour and cursor-style commands.
  • LibreSSL has ported from OpenSSL support for RFC 3779 (X.509 extensions for IP addresses and autonomous systems) and the Certificate Transparency mechanism (an independent public log of all issued and revoked certificates, which makes it possible to independently audit all changes and actions of certification authorities, and allows you to immediately track any attempts to covertly create fake records). Compatibility with OpenSSL 1.1 has been significantly improved and cipher names for TLSv1.3 are identical to OpenSSL. Many functions have been converted to use calloc(). A large portion of new calls have been added to libssl and libcrypto.
  • Updated OpenSSH package. For a detailed overview of the improvements, see the reviews of OpenSSH 8.9 and OpenSSH 9.0. The scp utility has been moved by default to use SFTP instead of the legacy SCP/RCP protocol.
  • The number of ports for the AMD64 architecture was 11301 (from 11325), for aarch64 - 11081 (from 11034), for i386 - 10136 (from 10248). Among the application versions in the ports: Asterisk 16.25.1, 18.11.1 and 19.3.1 Audacity 2.4.2 CMake 3.20.3 Chromium 100.0.4896.75 Emacs 27.2 FFmpeg 4.4.1 GCC 8.4.0 and 11.2.0 GNOME 41.5 Go 1.17.7 JDK 8u322, 11.0.14 and 17.0.2 KDE Applications 21.12.2 KDE Frameworks 5.91.0 Krita 5.0.2 LLVM/Clang 13.0.0 LibreOffice 7.3.2.2 Lua 5.1.5, 5.2.4 and 5.3.6 MariaDB 10.6.7 Mono 6.12.0.122 Firefox 99.0 and ESR 91.8.0 Thunderbird 91.8.0 Mutt 2.2.2 and NeoMutt 20211029 Node.js 16.14.2 OpenLDAP 2.4.59 PHP 7.4.28, 8.0.17 and 8.1.4 Postfix 3.5.14 Postg reSQL 14.2 Python 2.7.18, 3.8.13, 3.9.12 and 3.10.4 Qt 5.15.2 and 6.0.4 R 4.1.2 Ruby 2.7.5, 3.0.3 and 3.1.1 Rust 1.59.0 SQLite 2.8.17 and 3.38.2 .21.10.31 Shotcut 1.9.10 Sudo 6.0.4 Suricata 8.5.19 Tcl/Tk 8.6.8 and 2021 TeX Live 8.2.4600 Vim 0.6.1 and Neovim 4.16 Xfce XNUMX
  • Updated third party components included with OpenBSD 7.1:
    • Xenocara graphics stack based on X.Org 7.7 with xserver 1.21.1 + patches, freetype 2.11.0, fontconfig 2.12.94, Mesa 21.3.7, xterm 369, xkeyboard-config 2.20, fonttosfnt 1.2.2.
    • LLVM/Clang 13.0.0 (+ patches)
    • GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    • Perl 5.32.1 (+ patches)
    • NSD 4.4.0
    • Unbound 1.15.0
    • Ncurses 5.7
    • Binutils 2.17 (+ patches)
    • Gdb 6.3 (+ patch)
    • Awk 12.10.2021/XNUMX/XNUMX
    • Expat 2.4.7

Source: opennet.ru

Add a comment