ProHoster > Blog > internet news > Release of OpenBSD 7.2

Release of OpenBSD 7.2

The release of the free UNIX-like operating system OpenBSD 7.2 is presented. The OpenBSD project was founded by Theo de Raadt in 1995 after a conflict with the NetBSD developers that denied Theo access to the NetBSD CVS repository. After that, Theo de Raadt and a group of like-minded people created a new open operating system based on the NetBSD source tree, the main development goals of which were portability (13 hardware platforms are supported), standardization, correct operation, proactive security and integrated cryptographic tools. The size of the full installation ISO image of the base OpenBSD 7.2 system is 556 MB.

In addition to the operating system itself, the OpenBSD project is known for its components, which have become widespread in other systems and have proven to be one of the most secure and high-quality solutions. Among them: LibreSSL (OpenSSL fork), OpenSSH, PF packet filter, OpenBGPD and OpenOSPFD routing daemons, OpenNTPD NTP server, OpenSMTPD mail server, text terminal multiplexer (similar to GNU screen) tmux, identd daemon with IDENT protocol implementation, BSDL alternative to the GNU groff package - mandoc, CARP (Common Address Redundancy Protocol) protocol for organizing fault-tolerant systems, lightweight http server, OpenRSYNC file synchronization utility.

Main improvements:

  • Improved support for ARM-based systems, including support for Apple M2 and Ampere Altra ARM chips. Added support for Lenovo ThinkPad x13s laptop and other devices based on SoC Qualcomm Snapdragon 8cx Gen 3 (SC8280XP).
  • Added ability to load kernel for ramdisk (bsd.rd) and kernel for multi-process systems (bsd.mp) in Oracle Cloud environments.
  • A kstat device is included, which exports kernel statistics that can be viewed with the kstat utility.
  • CPU frequency sensors are implemented for each processor core with MPERF/APERF support. When running on battery, CPU frequency scaling is enabled depending on the load.
  • Added initial hibernation support on ARM64 systems. The limit on the number of supported CPUs has been increased to 256. The ability to switch from a framebuffer-based console (glass console) to a serial-port-based console (serial console) has been implemented.
  • Removed code to detect CPU 386sx/386dx, NexGen, Rise and older Cyrix processors prior to the Cyrix M2 chip.
  • Improved support for multiprocessor systems (SMP). Transferred to the mp-safe category are the functions of limiting bandwidth (rate limit), searching for ARP records and route timer. The possibility of parallel execution of such operations as reassembly of IPv4 packets and redirection of IP packets has been implemented. Socket blocking using mutex has been added to the functions for processing incoming UDP and IP packets. The kbind and pledge system calls are freed from blocking. Implemented blocking of UNIX sockets, acting at the level of individual sockets.
  • The implementation of the drm framework (Direct Rendering Manager) is synchronized with the Linux kernel 5.15.69 (in the previous release - 5.15.26). Added support for Intel chips based on Alder Lake and Raptor Lake microarchitectures to the inteldrm driver. Implemented support for framebuffers that are not aligned to the memory page boundary (used, for example, in the MacBook Pro 2021 14β€³ and 16β€³).
  • Improvements have been made to the VMM hypervisor. Support for MMIO-based userspace handlers has been added to vmd. Moved I/O port emulation to user space in vmm. Unified internal structures and interfaces in vmd, vmctl and vmm. Added the ability to monitor virtual machines with SNMP AgentX using VM-MIB parameters (RFC7666).
  • The $rcexec variable in the rc.d initialization scripts has been replaced with the rc_exec function. A new daemon_execdir variable has been added to allow the directory to be changed before the rc_exec function is executed. A new action configtest has been added to rc.d and rcctl to check configuration syntax.
  • The ts utility is included, which adds to the lines received via standard input, the time, reflecting the moment of arrival of each line.
  • Added "-f" option to the ps utility for tree grouping of processes, reflecting the relationship between parent and child processes.
  • The openrsync utility implements the "--contimeout" option to define the connection establishment timeout.
  • The pkg_add utility has caching enabled by default, package handling is optimized, and a progress bar is displayed during data transfer.
  • Improved work with GPT and MBR tables in fdisk, added warnings for misplaced MBR and GPT partitions.
  • The disklabel utility has added support for the raid keyword in templates for automatically placing RAID partitions. Discontinued support for editing disk geometry information. The attributes 'bs' (boot block size), 'sb' (superblock size), and d[0-4] (disk data) have been dropped.
  • The /usr/share/btrace directory contains a selection of useful btrace scripts for dynamic tracing and application inspection.
  • Added sio_flush function to sndio sound library to stop playback immediately.
  • The llvm-profdata utility is included for working with profiling data.
  • The wc utility speeds up word counting.
  • Added support for new hardware, including new drivers included:
    • aplaudio (Apple audio subsystem).
    • aplmca (Apple MCA controller).
    • aplsart (Apple SART).
    • alpdc, apldchidev, apldckbd, apldcms, aplrtk (Apple M2 keyboard and trackpad).
    • qcgpio, qciic (GPIO and GENI I2C controllers for Qualcomm Snapdragon).
    • sfgpio, stfclock, stfpinctrl, stftemp (drivers for GPIO, timer and sensors on SiFive boards).
    • sxirintc (interrupt controller for Allwinner chips).
    • gpiorestart (driver for reset via GPIO).
    • Support for power sensors has been expanded in ipmi.
    • Added support for the controller used in Marvell 3720 boards to ehci.
  • The igc driver for the Intel I225 Gigabit Ethernet adapters has hardware-accelerated checksum calculation for IPv4, TCP, and UDP enabled. The ix driver for the Intel 82598/82599/X540/X550 Ethernet adapters implements support for hardware-accelerated processing of TCP segments (Large Receive Offloading), which is enabled using the tso option in ifconfig.
  • The iwx driver now supports Intel AX210/AX211 chips and expands the range of detected wireless devices.
  • Added ability to boot from software RAID 1 (softraid) partitions on amd64, sparc64 and arm64 systems.
  • Snmpd and xlock implement privilege sharing.
  • The bind and connect functions for UNIX sockets provide isolation based on the unveil system call.
  • Added a new ypconnect system call to create a socket to connect to the YP server using the IP address from the blocked ypbinding. Added 'local bind' mode to ypldap, which binds an RPC socket to a loopback interface to prevent external connections to the server.
  • The hcpleased, mountd, nfsd, pflogd, resolvd, slaacd, and unwind programs located in the /sbin directory have been switched to use dynamic linking to enable additional protections applicable to dynamically linked executables.
  • The network stack implements the sendmmsg and recvmmsg system calls, which allow sending and reading multiple messages at once within a single system call, which would previously require separate calls to sendmsg and recvmsg.
  • In the pf packet filter, the processing of IGMP and ICMP6 MLD (Multicast Listener Discovery) packets has been changed, which made it possible to work with multicast control packets in the default configuration. Stricter checking of IGMP/MLD messages has been implemented.
  • Improved handling of certificates in IPsec. iked has improved compatibility with OpenIKED. Added display of statistics about successful and failed connections to iked in the ikectl show stats command.
  • Added max-communities filter to bgpd to limit the number of allowed communities, implemented RFC 9234 (Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages), fully supported RFC 7911 (Advertisement of Multiple Paths in BGP), static hashes replaced with RB -trees to improve the performance of large systems. Added bgplgd process with FastCGI server implementation providing REST API for bgpctl commands.
  • rpki-client allows using more than one CRL URI in certificates, implemented the skiplist parameter to ignore domains, added the ability to check ASPA (Autonomous System Provider Authorization) and sig files, implemented TAL decoding (RFC 8630), tightened verification of EE certificates, improved compatible with HTTP specifications.
  • snmpd allows object names other than OIDs to be used in snmpd.conf. Implemented the ability to set a black list to exclude subtrees from the output. Support for the master agent has been added to the implementation of the AgentX protocol.
  • httpd has proposed new MIME type definitions.
  • The ftp utility has been changed to use connections processed in non-blocking mode using ppoll.
  • In tmux ("terminal multiplexer"), the ability to use ACLs to organize the connection of several users through one socket has been added.
  • Updated LibreSSL and OpenSSH packages. A detailed overview of the improvements can be found in the LibreSSL 3.6.0 and OpenSSH 9.1 reviews.
  • The number of ports for the AMD64 architecture was 11451 (was 11301), for aarch64 - 11261 (was 11081), for i386 - 10225 (was 10136). Among the versions of applications in ports:
    • Asterisk 16.28.0, 18.14.0 and 19.6.0
    • Audacity 2.4.2
    • CMake 3.24.2
    • Chromium 105.0.5195.125
    • Emacs 28.2
    • ffmpeg 4.4.2
    • GCC 8.4.0 and 11.2.0
    • GHC 9.2.4
    • GNOME 42.4
    • Go 1.19.1
    • JDK 8u342, 11.0.16 and 17.0.4
    • KDE Gear 22.08.1
    • KDE Framework 5.98.0
    • Krita 5.1.1
    • LLVM/Clang 13.0.0
    • LibreOffice 7.4.1.2
    • Lua 5.1.5, 5.2.4 and 5.3.6
    • MariaDB 10.9.3
    • Mono 6.12.0.182
    • Mozilla Firefox 105.0.1 and ESR 102.3.0
    • Mozilla Thunderbird 102.3.0
    • Mutt 2.2.7 and NeoMutt 20220429
    • Node.js 16.17.1
    • OCaml 4.12.1
    • OpenLDAP 2.6.3
    • PHP 7.4.30, 8.0.23 and 8.1.10
    • Postfix 3.7.2
    • PostgreSQL 14.5
    • Python 2.7.18, 3.9.14 and 3.10.7
    • Qt 5.15.6 and 6.3.1
    • R4.2.1
    • Ruby 2.7.6, 3.0.4 and 3.1.2
    • Rest 1.63.0
    • SQLite 3.39.3
    • Shotcut 22.06.23
    • Sudo 1.9.11.2
    • Meerkat 6.0.6
    • Tcl/Tk 8.5.19 and 8.6.12
    • TeX Live 2021
    • Vim 9.0.0192 and Neovim 0.7.2
    • Xfce 4.16
  • Updated third party components included with OpenBSD 7.2:
    • Xenocara graphics stack based on X.Org 7.7 with xserver 1.21.4 + patches, freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372, xkeyboard-config 2.20, fonttosfnt 1.2.2.
    • LLVM/Clang 13.0.0 (+ patches)
    • GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    • Perl 5.32.1 (+ patches)
    • NSD 4.6.0
    • Unbound 1.16.3
    • Ncurses 5.7
    • Binutils 2.17 (+ patches)
    • Gdb 6.3 (+ patch)
    • Awk 12.9.2022/XNUMX/XNUMX
    • Expat 2.4.9

Source: opennet.ru

Add a comment