ProHoster > Blog > internet news > Release of OpenBSD 7.3

Release of OpenBSD 7.3

The release of the free UNIX-like operating system OpenBSD 7.3 is presented. The OpenBSD project was founded by Theo de Raadt in 1995 after a conflict with the NetBSD developers that denied Theo access to the NetBSD CVS repository. After that, Theo de Raadt and a group of like-minded people created a new open operating system based on the NetBSD source tree, the main development goals of which were portability (13 hardware platforms are supported), standardization, correct operation, proactive security and integrated cryptographic tools. The size of the full installation ISO image of the base OpenBSD 7.3 system is 620 MB.

In addition to the operating system itself, the OpenBSD project is known for its components, which have become widespread in other systems and have proven to be one of the most secure and high-quality solutions. Among them: LibreSSL (OpenSSL fork), OpenSSH, PF packet filter, OpenBGPD and OpenOSPFD routing daemons, OpenNTPD NTP server, OpenSMTPD mail server, text terminal multiplexer (similar to GNU screen) tmux, identd daemon with IDENT protocol implementation, BSDL alternative to the GNU groff package - mandoc, CARP (Common Address Redundancy Protocol) protocol for organizing fault-tolerant systems, lightweight http server, OpenRSYNC file synchronization utility.

Main improvements:

  • The system calls waitid (waiting for a process state change), pinsyscall (to pass information about the execve entry point to protect against ROP exploits), getthrname and setthrname (getting and setting the thread name) are implemented.
  • All architectures use clockintr, a hardware-independent timer interrupt scheduler.
  • Added sysctl kern.autoconf_serial, which can be used to monitor device tree state changes in the kernel from user space.
  • Improved support for multiprocessor systems (SMP). The event filters for tun and tap devices have been converted to mp-safe. Removed select, pselect, poll, ppoll, getsockopt, setsockopt, mmap, munmap, mprotect, sched_yield, minherit, and utrace function locks, as well as SIOCGIFCONF, SIOCGIFGMEMB, SIOCGIFGATTR, and SIOCGIFGLIST ioctls. Improved work with blocking in the pf packet filter. Improved system and network stack performance on multi-core systems.
  • The implementation of the drm (Direct Rendering Manager) framework is synchronized with the Linux 6.1.15 kernel (5.15.69 in the previous release). Added support for Ryzen 7000 "Raphael", Ryzen 7020 "Mendocino", Ryzen 7045 "Dragon Range", Radeon RX 7900 XT/XTX "Navi 31", Radeon RX 7600M (XT), 7700S and 7600S "Navi 33" GPUs to amdgpu driver . Added support for backlight control in amdgpu and made xbacklight work when using the modesetting X.Org driver. Mesa has shader caching enabled by default.
  • Improvements have been made to the VMM hypervisor.
  • Features for additional protection of process memory in user space have been implemented: the mimmutable system call and the associated library function of the same name, which allows you to fix access rights when reflected in memory (memory mappings). After fixing, the rights set for the memory area, for example, the prohibition of writing and executing, cannot be changed later through subsequent calls to the mmap (), mprotect () and munmap () functions, which, when attempting to change, will generate an EPERM error.
  • On the AMD64 architecture, the RETGUARD protection mechanism is enabled for system calls, which is aimed at complicating the execution of exploits built using code snippets and return-oriented programming techniques.
  • Exploitation protection is enabled based on random relinking of the sshd executable on every system boot. Relinking makes it hard to predict function offsets in sshd, making it harder to create exploits that use return-oriented programming techniques.
  • More aggressive stack location randomization on 64-bit systems.
  • Added protection against the Specter-BHB vulnerability in processor microarchitectural structures.
  • On ARM64 processors, the DIT (Data Independent Timing) flag is enabled for user space and kernel space to block side-channel attacks that manipulate the dependence of instruction execution time on the data processed in these instructions.
  • Provides the ability to use lladdr when defining network configurations. For example, in addition to binding to the interface name (hostname.fxp0), you can also bind to the MAC address (hostname.00:00:6e:00:34:8f).
  • Improved hibernation support for ARM64 based systems.
  • Significantly expanded support for Apple ARM chips.
  • Added support for new hardware and included new drivers.
  • The bwfm driver for wireless cards based on Broadcom and Cypress chips implements encryption support for WEP.
  • The installer has improved work with software RAID and implemented initial support for Guided Disk Encryption.
  • Added new scroll-top and scroll-bottom commands to tmux ("terminal multiplexer") to scroll cursor to top and bottom LibreSSL and OpenSSH packages updated. For a detailed overview of the improvements, see LibreSSL 3.7.0, OpenSSH 9.2, and OpenSSH 9.3 reviews.
  • The number of ports for the AMD64 architecture was 11764 (was 11451), for aarch64 - 11561 (was 11261), for i386 - 10572 (was 10225). Among the versions of applications in ports:
    • Asterisk 16.30.0, 18.17.0 and 20.2.0
    • Audacity 3.2.5
    • CMake 3.25.2
    • Chromium 111.0.5563.110
    • Emacs 28.2
    • ffmpeg 4.4.3
    • GCC 8.4.0 and 11.2.0
    • GHC 9.2.7
    • GNOME 43.3
    • Go 1.20.1
    • JDK 8u362, 11.0.18 and 17.0.6
    • KDE Gears 22.12.3
    • KDE Framework 5.103.0
    • Krita 5.1.5
    • LLVM/Clang 13.0.0
    • LibreOffice 7.5.1.2
    • Lua 5.1.5, 5.2.4, 5.3.6 and 5.4.4
    • MariaDB 10.9.4
    • Mono 6.12.0.182
    • Mozilla Firefox 111.0 and ESR 102.9.0
    • Mozilla Thunderbird 102.9.0
    • Mutt 2.2.9 and NeoMutt 20220429
    • Node.js 18.15.0
    • OCaml 4.12.1
    • OpenLDAP 2.6.4
    • PHP 7.4.33, 8.0.28, 8.1.16 and 8.2.3
    • Postfix 3.5.17 and 3.7.3
    • PostgreSQL 15.2
    • Python 2.7.18, 3.9.16, 3.10.10 and 3.11.2
    • Qt 5.15.8 and 6.4.2
    • R4.2.1
    • Ruby 3.0.5, 3.1.3 and 3.2.1
    • Rest 1.68.0
    • SQLite 2.8.17 and 3.41.0
    • Shotcut 22.12.21
    • Sudo 1.9.13.3
    • Meerkat 6.0.10
    • Tcl/Tk 8.5.19 and 8.6.13
    • TeX Live 2022
    • Vim 9.0.1388 and Neovim 0.8.3
    • Xfce 4.18
  • Updated third party components included with OpenBSD 7.3:
    • Xenocara graphics stack based on X.Org 7.7 with xserver 1.21.6 + patches, freetype 2.12.1, fontconfig 2.14, Mesa 22.3.4, xterm 378, xkeyboard-config 2.20, fonttosfnt 1.2.2.
    • LLVM/Clang 13.0.0 (+ patches)
    • GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    • Perl 5.36.1 (+ patches)
    • NSD 4.6.1
    • Unbound 1.17
    • Ncurses 5.7
    • Binutils 2.17 (+ patches)
    • Gdb 6.3 (+ patch)
    • Awk 12.9.2022/XNUMX/XNUMX
    • Expat 2.5.0.

    Source: opennet.ru

Add a comment