[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: openbsd@sikurezza.org
Soggetto: [Todd.Miller@courtesan.com: OpenBSD 3.0 Released!]
Mittente: Igor Falcomata'
Data: 2 Dec 2001 18:56:57 -0000
----- Forwarded message from "Todd C. Miller" <Todd.Miller<at>courtesan.com> -----

To: announce<at>openbsd.org
Subject: OpenBSD 3.0 Released!
Date: Sat, 01 Dec 2001 17:16:14 -0700
From: "Todd C. Miller" <Todd.Miller<at>courtesan.com>

- OpenBSD 3.0 RELEASED -------------------------------------------------

December 1, 2001.

It is our pleasure to officially announce the release of OpenBSD
3.0.  Just over 6 weeks ago, on October 14, OpenBSD turned 6 years
old.  In celebration of this milestone, we invite you to enjoy our
10th release on CD-ROM (and 11th via FTP).  We continue to celebrate
OpenBSD's record of four years without a remote hole in the default
install.  Just like all of our previous releases, 3.0 provides
significant improvements, including new features, in nearly all
areas of the system:

- Improved hardware support             (http://www.OpenBSD.org/plat.html)

  o There is a new sparc64 platform for UltraSPARC hardware.

  o The alpha port supports more models and now uses ELF shared

  o Support for Apple Airport cards and other wireless cards
    supported by the wi(4) driver on the macppc port.

  o Significant improvements have been made in the PCI BIOS
    support of the i386 port.

  o Support for I2O adapters including the Adaptec 2100S and
    3200S RAID devices.

  o Improved support for the 3Com 3XP Typhoon/Sidewinder (3CR990)
    Ethernet interface including vlan support.

  o Improved vlan support including the Tigon I and II Gigabit
    Ethernet cards and the 3Com Typhoon/Sidewinder cards.

  o Support for Gigabit Ethernet devices based on the National
    Semiconductor DP83820 and DP83821 chips, Broadcom BCM570x chips,
    and Level 1 LXT1001 NetCellerator chip.

  o The hifn(4) hardware crypto driver now supports the Soekris
    Engineering vpn1201 and other boards based around the Hifn 7951
    chip, including support for the 7951's random number generator.

  o The ubsec(4) hardware crypto driver now supports the Broadcom
    5820 chip.

  o Support for various FM radio devices including Aztech/PackardBell
    and SoundForte RadioLink card.

  o Support for DEC EtherWORKS III ISA Ethernet cards.

  o Support Addonics FlexPort multiport ISA serial cards.

  o Support for PCI wireless card adapters based on the PLX 9052
    chip, such as the LinkSys WDT11.

- Ever-improving security            (http://www.OpenBSD.org/security.html)

  o Many fixes for potential signal handler races.  Work is ongoing in
    this area to fix the signal handlers in all programs, not just
    privileged ones.

  o More /tmp race conditions have been fixed.

  o Several other security issues fixed throughout the system, many
    of which were identified by members of the OpenBSD team themselves.
    Please see http://www.OpenBSD.org/errata29.html for more details
    on what was fixed.

- New subsystems included with 3.0

  o OpenBSD 3.0 ships with a new packet filter (including NAT
    support), called "pf".  As of version 3.0, OpenBSD no longer
    ships the old ipf packet filter.  OpenBSD developers have been
    running pf since shortly after the 2.9 release and we're sure
    you'll like it as much as we do.  Most ipf rulesets are easily
    converted to pf.  A user-mode ftp proxy that interacts with pf
    is also included in 3.0.

  o BSD authentication has been tightly integrated into OpenBSD
    3.0.  This is a modular system of authentication methods that
    supports password, Kerberos, and S/Key authentication as well
    as authentication via ActivCard, CRYPTOCard and SNK-004 token
    cards.  Radius authentication is also supported.  OpenBSD
    components that need to authenticate users now all utilize
    BSD authentication (including OpenSSH).

  o ALTQ has been integrated into the base system and network device
    drivers.  The queueing disciplines provided by ALTQ can be used
    for bandwidth rate limiting and flexible traffic scheduling.

  o Heimdal 0.3f is now included in OpenBSD for Kerberos V support.
    Thanks to the aforementioned BSD authentication system, Kerberos
    V authentication is automatically available to programs supporting
    BSD authentication (including most everything shipped with

  o The popa3d POP3 daemon from Solar Designer is now included in
    the base OpenBSD install.  This provides our users with a secure,
    trustworthy POP3 daemon.

  o The mg editor now has a M-x theo mode.

- Many other bugs fixed                 (http://www.OpenBSD.org/plus30.html)

- The "ports" tree is greatly improved  (http://www.OpenBSD.org/ports.html)

  o The 3.0 CD-ROMs ship with many more pre-built packages for the
    common architectures.  The FTP site contains hundreds more
    packages (for the important architectures) which we could not
    fit onto the CD-ROMs.

- Many subsystems improved and updated since the last release:

  o XFree86 4.1.0
  o perl 5.6.1
  o sendmail 8.12.1
  o Latest KAME IPv6
  o KTH Kerberos 1.0.8
  o KTH Heimdal 0.3f
  o OpenSSH 3.0

If you'd like to see a list of what has changed between OpenBSD 2.9
and 3.0, look at


Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.

This is our eleventh OpenBSD release, and the tenth release which
is available on CD-ROM.  Our releases have been spaced six months
apart, and we plan to continue this timing.

- SECURITY AND ERRATA --------------------------------------------------

We provide patches for known security threats and other important
issues discovered after each CD release.  As usual, between the
creation of the OpenBSD 3.0 FTP/CD-ROM binaries and the actual 3.0
release date, our team found and fixed some new reliability problems
(note: most are minor, and in subsystems that are not enabled by
default).  Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible.  Therefore, we advise regular visits to


Security patch announcements are sent to the security-announce<at>OpenBSD.org
mailing list.  For information on OpenBSD mailing lists, please see:


- CD-ROM SALES ----------------------------------------------------------

OpenBSD 3.0 is also available on CD-ROM.  The 3-CD set costs $40USD
and is available via mail order and from a number of contacts around
the world.  The set includes a colourful booklet which carefully
explains the installation of OpenBSD.  A new set of cute little
stickers are also included (sorry, but our FTP mirror sites do not
support STP, the Sticker Transfer Protocol).  As an added bonus,
the second CD contains an exclusive audio track by the Plaid Tongued
Devils, http://www.thedevils.com/.

Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

The OpenBSD 3.0 CD-ROMs are bootable on the following six platforms:
  o i386
  o alpha
  o sparc
  o sparc64 (UltraSPARC)
  o macppc
  o hp300

(Other platforms must boot from floppy, network, or other method).

For more information on ordering CD-ROMs, see:


The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from.  For our default mail order, go directly to:


or, for European orders:


All of our developers strongly urge you to buy a CD-ROM and support
our future efforts.  As well, donations to the project are highly
appreciated, as described in more detail at:


- T-SHIRT SALES --------------------------------------------------------

The project continues to expand its funding base by selling t-shirts
and polo shirts.  And our users like them too.  We have a variety
of shirts available, with the new and old designs, from our web
ordering system at:


The new 3.0 t-shirt is not available at this time but will be
available shortly.

- FTP INSTALLS ---------------------------------------------------------

If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP.  Typically you need a single small piece of boot
media (e.g., a boot floppy) and then the rest of the files can be
installed from a number of locations, including directly off the
Internet.  Follow this simple set of instructions to ensure that
you find all of the documentation you will need while performing
an install via FTP.  With the CD-ROMs, the necessary documentation
is easier to find.

1) Read either of the following two files for a list of ftp
   mirrors which provide OpenBSD, then choose one near you:


2) Connect to that ftp mirror site and go into the directory
   pub/OpenBSD/3.0/ which contains these files and directories.
   This is a list of what you will see:

	Changelogs/    alpha/         macppc/        sparc64/
	HARDWARE       amiga/         mvme68k/       src.tar.gz 
	PACKAGES       ftplist        packages/      srcsys.tar.gz 
	PORTS          hp300/         ports.tar.gz   tools/
	README         i386/          root.mail      vax/
	XF4.tar.gz     mac68k/        sparc/         

   It is quite likely that you will want at LEAST the following
   files which apply to all the architectures OpenBSD supports.

        README          - generic README
        HARDWARE        - list of hardware we support
        PORTS           - description of our "ports" tree
        PACKAGES        - description of pre-compiled packages
        root.mail       - a copy of root's mail at initial login.
			  (This is really worthwhile reading).

3) Read the file README.  It is short, and a quick read will make
   sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
   for example, i386.  This is a list of what you will see:

	CKSUM          INSTALL.os2br  comp30.tgz     man30.tgz 
	INSTALL.ata    INSTALL.pt     etc30.tgz      misc30.tgz 
	INSTALL.chs    MD5            floppy30.fs    xbase30.tgz 
	INSTALL.dbr    base30.tgz     floppyB30.fs   xfont30.tgz 
	INSTALL.i386   bsd            floppyC30.fs   xserv30.tgz 
	INSTALL.linux  bsd.rd         game30.tgz     xshare30.tgz 
	INSTALL.mbr    cdrom30.fs     index.txt      

   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
   and the appropriate floppy*.fs file.  Consult the INSTALL.i386
   file if you don't know which of the floppy images you need (or
   simply fetch all of them).

5) If you are an expert, follow the instructions in the file called
   README; otherwise, use the more complete instructions in the
   file called INSTALL.i386.  INSTALL.i386 may tell you that you
   need to fetch other files.

6) Just in case, take a peek at:


   This is the page where we talk about the mistakes we made while
   creating the 3.0 release, or the significant bugs we fixed
   post-release which we think our users should have fixes for.
   Patches and workarounds are clearly described there.

   At the time of this writing only one installation issue was
   known.  A small bug in the installation script causes the
   /etc/hosts file to be incorrectly created.  The resulting file
   contains a line which reads like:
	#.#.#.# hostname. hostname

    This line should actually read something like:

	#.#.#.# hostname.domainname.com hostname

    To correct this problem, simply edit the file and insert the
    domainname in the required place.

Note: If you end up needing to write a raw floppy using Windows,
      you can use "fdimage.exe" located in the pub/OpenBSD/3.0/tools
      directory to do so.

- XFree86 FOR MOST ARCHITECTURES ---------------------------------------

XFree86 has been integrated more closely into the system.  This
release contains both XFree86 4.1.0.  Most of our architectures
ship with XFree86, including the sparc and macppc.  During installation,
you can install XFree86 quite easily.  Be sure to try out xdm(1)
and see how we have customized it for OpenBSD.

On the i386 platform a number of older X servers are included from
XFree86 3.3.6.  These can be used for cards that are not supported
by XFree86 4.1.0 or where XFree86 4.1.0 support is buggy.  Please
read the /usr/X11R6/README file for post-installation information.

- PORTS TREE -----------------------------------------------------------

The OpenBSD ports tree contains automated instructions for building
third party software.  The software has been verified to build and
run on the various OpenBSD architectures.  The 3.0 ports collection,
including many of the distribution files, is included on the 3-CD
set.  Please see PORTS file for more information.

Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD.  Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see PACKAGES, below).

- BINARY PACKAGES WE PROVIDE -------------------------------------------

A large number of binary packages are provided.  Please see PACKAGES
file (ftp://ftp.OpenBSD.org/pub/OpenBSD/PACKAGES) for more details.

- SYSTEM SOURCE CODE ---------------------------------------------------

The CD-ROMs contain source code for all the subsystems explained
above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/README)
file explains how to deal with these source files.  For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/3.0/ directory:

        XF4.tar.gz     ports.tar.gz   src.tar.gz     srcsys.tar.gz

- THANKS ---------------------------------------------------------------

OpenBSD 3.0 includes artwork and CD artistic layout by Ty Semaka
(who as it happens, performs in a band called the Plaid Tongued
Devils, http://www.thedevils.com/ which is featured on an audio
track on the OpenBSD 3.0 CD set).  Ports tree and package building
by Brad Smith, Christian Weisgerber, Hugh Graham, Marc Espie, Miod
Vallat, Peter Stromberg and Peter Valchev.  System builds by
Theo de Raadt, Janne Johansson, Hugh Graham, Todd Fries and Bob Beck.
ISO-9660 filesystem layout by Theo de Raadt.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use.  We would also like
to thank those who bought our previous CD-ROMs.  Those who did not
support us financially have still helped us with our goal of improving
the quality of the software.

Our developers are:

    Aaron Campbell, Angelos D. Keromytis, Anil Madhavapeddy,
    Artur Grabowski, Assar Westerlund, Ben Laurie, Ben Lindstrom,
    Bob Beck, Brad Smith, Brandon Creighton, Brian Caswell,
    Brian Somers, Bruno Rohee, Camiel Dobbelaar, Chris Cappuccio,
    Christian Weisgerber, Constantine Sapuntzakis, Dale Rahn,
    Damien Miller, Dan Harnett, Daniel Hartmeier, David B Terrell,
    David Lebel, David Leonard, Dug Song, Eric Jackson,
    Federico G.  Schwindt, Grigoriy Orlov, Hakan Olsson,
    Hans Insulander, Heikki Korpela, Horacio Menezo Ganau,
    Hugh Graham, Ian Darwin, Jakob Schlyter, Jan-Uwe Finck,
    Janne Johansson, Jason Ish, Jason Peel, Jason Wright,
    Jean-Baptiste Marchand, Jean-Jacques Bernard-Gundol,
    Jeremy Jethro, Jim Rees, Joshua Stein, Jun-ichiro itojun Hagino,
    Kenjiro Cho, Kenneth R Westerback, Kevin Lo, Kevin Steves,
    Kjell Wooding, Louis Bertrand, M. Warner Losh, Marc Espie,
    Marco S Hyman, Mark Grimes, Markus Friedl, Mats O Jansson,
    Matt Behrens, Matt Smart, Matthew Jacob, Matthieu Herrb,
    Michael Shalayeff, Michael T. Stolarchuk, Mike Frantzen,
    Mike Pechkin, Miod Vallat, Nathan Binkert, Nick Holland,
    Niels Provos, Niklas Hallqvist, Oleg Safiullin, Paul Janzen,
    Peter Galbavy, Peter Stromberg, Peter Valchev, Reinhard J.  Sammer,
    Shell Hin-lik Hung, Steve Murphree, Theo de Raadt,
    Thorsten Lockert, Tobias Weingartner, Todd C. Miller,
    Todd T. Fries, Wim Vandeputte

----- End forwarded message -----

http://www.sikurezza.org - Italian Security Mailing List

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005