pad

Click to enlarge

A long list of changes and improvements!

What's New This is a partial list of new features and systems included in OpenBSD 4.0. For a comprehensive list, see the changelog leading to 4.0.

New/extended platforms:
  • OpenBSD/armish. Various ARM-based appliances, using the Redboot boot loader, currently only supporting the Thecus N2100 and IOData HDL-G.
  • OpenBSD/sparc64. UltraSPARC III based machines are now supported!
  • OpenBSD/zaurus. Support for the Zaurus SL-C3200.


Improved hardware support, including:
  • New msk(4) driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.
  • New bnx(4) driver for Broadcom NetXtreme II Gigabit Ethernet.
  • New xge(4) driver for Neterion Xframe/Xframe II 10Gb Ethernet.
  • New rum(4) driver for Ralink Technology 2nd gen USB IEEE 802.11a/b/g wireless.
  • New acx(4) driver for Texas Instruments ACX100/ACX111 IEEE 802.11a/b/g wireless.
  • New pgt(4) driver for Connexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless.
  • New uath(4) driver for Atheros USB IEEE 802.11a/b/g wireless.
  • New binary blob free wpi(4) driver for Intel PRO/Wireless 3945ABG IEEE 802.11a/b/g wireless.
  • New arc(4) driver for Areca Technology Corporation SATA RAID; including RAID management via bio(4).
  • New mfi(4) driver for LSI Logic & Dell MegaRAID SAS RAID; including RAID management via bio(4).
  • New azalia(4) driver for generic High Definition Audio.
  • New SD/MMC/SDIO drivers (sdhc(4), sdmmc(4)), currently supporting SD memory cards as fake SCSI sd(4) drives.
  • New udcf(4) driver for Gude ADS Expert mouseCLOCK DCF77/HBG time signal station receivers.
  • New uslcom(4) driver for Silicon Laboratories CP2101/CP2102 based USB serial adapters.
  • New ucycom(4) driver for Cypress microcontroller based USB serial adapters.
  • New uark(4) driver for Arkmicro Technologies ARK3116 based USB serial adapters.
  • New umsm(4) driver for Qualcomm MSM EVDO based modems.
  • New Dallas/Maxim 1-Wire bus support, including:
    • New gpioow(4) driver for 1-Wire bus bit-banging through GPIO pin
    • New onewire(4) 1-Wire bus driver
    • New owid(4) 1-Wire ID family driver
    • New owtemp(4) 1-Wire temperature family driver
  • New isagpio(4) driver for ISA I/O mapped as GPIO.
  • New nmea(4) line discipline for NMEA 0183 (GPS) devices. The new nmeaattach(8) utility can be used to receive NMEA 0183 data and provide the time received as a timedelta sensor to be used by, for example, ntpd(8).
  • New VAX framebuffer drivers:
    • New lcg(4) driver for VAXstation 4000/60 and VLC color frame buffers
    • New lcspx(4) driver for Low-Cost SPX color frame buffers
    • New gpx(4) driver for GPX color frame buffers
    • smg(4) driver for Small Monochrome Graphics frame buffers heavily updated to be a modern wscons(4) driver
  • Support for VAX-based Digital VXT2000 and VXT2000+ terminals.
  • The bge(4) driver supporting newer chipsets, such as the Broadcom BCM5754, BCM5755, BCM5786, and BCM5787.
  • The em(4) driver supporting newer chipsets, such as the Intel ESB2 and ICH8.
  • The nfe(4) driver supporting newer chipsets, such as the NVIDIA MCP61 and MCP65.
  • The re(4) driver supporting newer chipsets, such as the Realtek RT8101E, RT8168, and RT8169SC.
  • The dc(4) driver supporting newer chipsets, such as the ADMtek ADM9511 and ADM9513.
  • The pciide(4) driver supporting newer chipsets, such as:
    • ATI IXP300 SATA, IXP600 IDE
    • Intel 6321ESB IDE/SATA, 82801G SATA, and 82801H SATA
    • IT Express IT8211F IDE
    • NVIDIA MCP61 SATA, MCP65 SATA
    • Promise PDC205xx SATA
    • ServerWorks SATA
    • VIA VT8237A SATA
  • The mpt(4) driver has been replaced with mpi(4), a more stable driver that
  • supports more hardware.
  • The com(4) driver now supports pcmcia and cardbus cards on macppc.
  • Working interrupt routing on Sun Netra t1 105, Ultra 60 and possibly other sparc64 systems.
  • Work around broken VIA and NVIDIA MPBIOSes, fixes interrupt routing with GENERIC.MP on several systems.
  • Initial bio(4) support for Compaq/HP ciss(4) Smart ARRAY 5/6 SAS/SCSI RAID controllers.
  • Improved speed control on some systems:
    • New SpeedStep detection code, also adds support for VIA C7-M, and several newer Pentium M's.
    • Support SpeedStep in rudimentary fashion on most unknown CPU's that advertise the feature.
    • Zaurus can be moved into slower speeds now too.
    • The Pentium 4 Thermal Clock Control driver now supports more CPU's including the Intel Pentium M and Xeon, and provides an estimated performance impact.
    • Numerous improvements to PowerNow K7 and K8 support on i386, and support for K8 was added to amd64.
  • Support for Intel 945G/GM video chipsets (on i386).
  • Support for additional I2C sensors:
  • The adt(4) driver now supports the National Semiconductor LM9600, SMSC EMC6D10x and SMSC SCH5017 chips.
  • The admtemp(4) driver now supports the Analog Devices ADM1023, Genesys
  • Logic GL523SM and Global Mixed-mode Technology G781 chips.


New tools:
  • GNU RCS has been replaced with OpenRCS.


New functionality:
  • IPsec has been greatly improved:
    • ipsecctl(8) has been greatly extended and completely supersedes ipsecadm(8):
      • Lots of documentation improvements (man ipsec.conf)
      • IPv6 support
      • AH support
      • Transport mode support
      • Dynamic IKE support for roaming users
      • USER_FQDN id support
    • sasyncd(8) works much better:
      • communicates with isakmpd(8), telling it to run active or passive depending on the master/slave state of the carp(4) interfaces. This makes IPsec failover setups much more robust.
      • looks at the carp(4) interface group by default to suppress preemption of IPsec traffic during system boot.
    • isakmpd(8) can now be safely configured by ipsecctl(8) on startup.
  • ftp(1) now supports HTTPS.
  • cdio(1) can now perform track-at-once burning and rewritable blanking.
  • spppcontrol(8) and wicontrol(8) functionality has been merged into ifconfig(8).
  • gcc(1) provides a new warning, -Wstack-larger-than-N, to report functions which are too greedy in stack variables, see gcc-local(1) for details.
  • An in-kernel getcwd(3) implementation.
  • A new system call adjfreq(2) to allow ntpd(8) to adjust the tick rate of the system clock automatically.
  • Support for X11 on VAX has been added
  • Virtual Allocation Table (VAT) support for UDF.
  • C99 functions round(3), roundf(3), trunc(3), and truncf(3) have been added to libm, the math library.
  • pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for simplified ingress filtering.
  • bpf(4) can now ignore packets based on their direction (inbound/outbound) using the BIOCSDIRFILT ioctl.
  • pdisk(8) can now set up slices on HFS(DPME) partitioned disks on mac68k.
  • New dissectors have been added to tcpdump(8):
    • Cisco's VQP (VLAN Query Protocol)
    • IEEE 802.1AB LLDP (Link Layer Discovery Protocol)
  • trunk(4) now supports the new loadbalance mode to balance outgoing traffic based on hashed protocol header information.
  • bioctl(8) has been extended to provide runtime information on rebuilds, scrubs and initialization.
  • New sysctls to check the system vendor, product, version, serial number, and UUID.
  • Equal cost multipath routing support. Needs to be enabled by a sysctl. Prebind, a secure implementation of prelinking, has been added to ldconfig(8), it speeds up launching of shared binaries. Prebind is compatible with address space randomization, unlike prelink.
  • vnconfig(8) can now use PKCS #5 PBKDF2 to create a more secure key when using encryption.


  • Assorted improvements and code cleanup:
    • Much better time keeping for multiprocessor OpenBSD/i386 systems.
    • Much improved implementation of telldir(3) and friends.
    • Replacement of many malloc(3) calls that follow a pattern prone to integer overflow with safer constructs.
    • Improved failover handling in carp(4):
      • Extend the carp protocol with the demotion counter to act smarter on multiple failures.
      • Group failovers now work without carp running preempt mode.
      • Demotion can now be controlled via interface groups.
    • chio(1) is now a useful tool for controlling tape changers.
    • Much improved st(4) device setup, tape handling and error processing.
    • Many dhclient(8) fixes, including 'alias' handling and improved interface initialization.
    • scsi(4) devices detect the correct SCSI version.
    • More umass(4) devices properly detected.
    • Improved detection of fibre channel devices and devices in SCSI enclosures.
    • The new RSSI header has been added to the ieee80211_radiotap(9) framework as a replacement for ANTSIGNAL headers.
    • Many integer type safety cleanups with lint(1).


  • Install/Upgrade process changes
    • Host specific site files add easy customization for individual hosts
    • X Window aperture support, where available, now defaults to off


  • New functionality for hostapd(8), the Host Access Point Daemon:
    • IP based roaming to build wireless networks without the requirement of a single broadcast domain.
    • New event rules to match optional elements of radiotap headers: signal percentage, transmit rate and channel frequency.
    • Various bug fixes and improvements.


  • OpenSSH 4.4:
    • Conditional configuration in sshd_config(5) using the Match directive.
    • This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256.
    • Added a ForceCommand directive to sshd_config(5), similar to the
    • command="..." option in ~/.ssh/authorized_keys.
    • Added a PermitOpen directive to sshd_config(5), similar to the permitopen="..." option in authorized_keys, to allow control over the port-forwardings that a user is allowed to establish.
    • Added an ExitOnForwardFailure option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established.
    • Added optional logging of transactions to sftp-server(8).
    • ssh(1) will now record port numbers for hosts stored in ~/.ssh/authorized_keys when a non-standard port has been requested.
    • Extended the sshd_config(5) "SubSystem" directive to allow the specification of commandline arguments.
    • Many manpage fixes and improvements


  • OpenBGPD 4.0:
    • new nexthop selection logic ignoring bgpd routes, helps in complex setups with ospfd
    • add a "detailed" show rib view to bgpctl, including communities
    • allow requesting a route refresh from a peer that supports it
    • have bgpd always report back the result of an operation to bgpctl, so the
    • operator can spot errors quicker
    • allow bgpd to manipulate carp demotion counters based on session states,
    • gives even greater failover support
    • support restarting sessions that reached max-prefix after a given time
    • bgpctl can now show all routes received from a neighbor before filters were applied, and routes sent to neighbors
    • assorted fixes and improvements, as usual


  • OpenOSPFD 4.0:
    • Track uptime of the daemon itself.
    • Track uptime of all ospf enabled interfaces.
    • Adjust logging behaviour to prevent unwanted logging.
    • Delay LSA updates when removing and adding - prevent flapping.
    • Fix plaintext authentication.
    • Improve the output of 'ospfctl show interfaces'.
    • Support rtlabels when redistributing routes.


  • OpenNTPD 4.0:
    • support timedelta sensors, such as DCF77 receivers supported by udcf(4) and GPS receivers supported by nmea(4).
    • Adjust the kernel tick frequency, using adjfreq(2), improving accuracy on many machines.
    • allow for weight to be added to sensors or servers, so that one can weight timedelta sensors higher than ntp peers


  • Over 3700 ports, 3400 pre-built packages, improved package tools.
  • Full support for pkg_add(1) over ssh(1), using one single connection.

  • As usual, steady improvements in manual pages and other documentation.

  • The system includes the following major components from outside suppliers:
    • X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org)
    • Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
    • Perl 5.8.8 (+ patches)
    • Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
    • OpenSSL 0.9.7j (+ patches)
    • Groff 1.15
    • Sendmail 8.13.8, with libmilter
    • Bind 9.3.2-P1 (+ patches)
    • Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
    • Sudo 1.6.8p9
    • Ncurses 5.2
    • Latest KAME IPv6
    • Heimdal 0.7.2 (+ patches)
    • Arla 0.35.7
    • Binutils 2.15 (+ patches)
    • Gdb 6.3 (+ patches)



    OpenBSD 4.0
    Obsd40padRegular price: $50.00padSale price: $45.00pad
    • BSD Mall




    sales@bsdmall.com     		Phone: +1 (650) 267-5095