May 1, 2007.
We are pleased to announce the official release of OpenBSD 4.1.
This is our 21st release on CD-ROM (and 22nd via FTP). We remain
proud of OpenBSD's record of ten years with only two remote
holes in the default install. As in our previous releases, 4.1
provides significant improvements, including new features, in nearly
all areas of the system:
- New/extended platforms:
o OpenBSD/landisk.
Various SH4-based appliances, made by IO-Data and resold by
Plextor.
o OpenBSD/sparc64.
UltraSPARC III based machines are supported even better, and
now run at full speed!
- Improved hardware support, including:
o New USB client controller support:
o Support for the USB client functionality in the pxaudc(4)
driver on the Zaurus.
o New usbf(4) midlayer for USB Client controllers.
o New cdcef(4) driver for providing a CDCE function on USB
client controllers.
o New cas(4) driver for Sun Cassini 10/100/Gigabit Ethernet devices.
o New uow(4) driver for Maxim/Dallas DS2490 USB 1-Wire devices.
o New owsbm(4) driver for 1-Wire smart battery monitor devices.
o New zyd(4) driver for ZyDAS ZD1211/ZD1211B USB IEEE 802.11b/g
wireless network devices.
o New moscom(4) driver for MosChip Semiconductor MCS7703 based USB
serial adapters.
o New glxsb(4) driver for hardware random numbers and AES
acceleration on the AMD Geode LX processor.
o New vic(4) driver for VMware VMXnet Virtual Interface Controllers.
o New malo(4) driver for Marvell Libertas IEEE 802.11b/g wireless
network devices.
o New pwdog(4) driver for Quancom PWDOG1 watchdog timer devices.
o New uberry(4) driver for Research In Motion Blackberry devices.
o New mbg(4) driver for Meinberg Funkuhren radio clocks.
o New mesh(4) driver for the on-board SCSI controller of old world
Apple Power Macintosh systems.
o New mc(4) driver for the on-board Ethernet of many old world Apple
Power Macintosh systems
o Improved msk(4) driver now supports many more Marvell Yukon-2
variants including dual port cards and fiber cards.
o The gem(4) driver now supports fiber cards.
o The OpenBSD/amd64 platform now has more accurate and robust time
keeping.
o The OpenBSD/i386 boot(8) program now works properly on Intel-based
Macs.
o The pciide(4) driver has had support added for newer chipsets,
including:
o AMD CS5536 IDE;
o Intel i31244;
o NVIDIA MCP67 PATA, MCP67 SATA.
o The com(4) driver now supports ST16C654 devices.
o The adt(4) driver supports some newer chipsets, such as the
ADT7475.
o The OpenBSD/macppc platform now automatically turns the machine
back on following an unexpected loss of power.
o boot.mac, an XCOFF formated boot loader for OpenBSD/macppc capable
of booting on many old world macs.
- New tools:
o BSD-licensed pkg-config(1), a complete rewrite of the GNU tool of
the same name, significantly smaller and more maintainable.
o hoststated(8), a layer 3 and layer 7 server load balancing daemon
with host monitoring capacities.
o new BSD-licensed ripd(8).
o bgplg(8), a CGI looking glass for OpenBGPD, is now available for
use with the system httpd.
o bgplgsh(8), a looking glass shell for OpenBGPD, is now available
for use as a restricted read-only command line interface.
- New functionality:
o syslogd(8) can now pipe logs directly to other programs, making
real-time log analysis easier.
o The IP_RECVTTL ip(4) socket option allows programs to receive the
incoming ttl on raw and udp sockets.
o The IP_MINTTL ip(4) socket option allows programs to ask the
kernel to discard any packets with a ttl smaller than the given
one, for implementing the IP TTL security hack aka the Generalized
TTL Security Mechanism specified in RFC 3682.
o Multiple, independent routing tables, with pf(4) acting as
selector. route(8) can be told which table to work with now, and
routing daemons have been modified to cope as well.
o The pflog(4) interface is now clonable. pf(4) can log to multiple
pflog interfaces now, each rule can specify which pflog interface
to log to. pflogd(8) and spamlogd(8) can now be told which pflog
interface to work with.
o The pfsync(4) interface is now clonable as well, thus only there
when actually needed.
o pfctl(8) can now expire table entries.
o keep state is now the default for pf.conf(5) rules, as is the
flags S/SA option on TCP connections. no state and flags any can
be used to disable stateful filtering or TCP flags checking.
o The pfctl(8) ruleset optimiser can be enabled in pf.conf(5).
o pf(4) anchors can now be loaded inline in the main pf.conf(5) and