OpenBSD 5.2 pre-orders are up

The OpenBSD project has announced that pre-orders for the up coming 5.2 release of the operating system are now on-line.  The release is due to hit shelves and mirrors on 1 November, 2012.

The inexpensive 3-CD sets of OpenBSD 5.2 are $50CDN, Posters $2oCDN and T-Shirts $25CDN.  While you are there, you can also make a donation or buy back copies of editions if you have some that you are missing (something that I have done for this order).

What are some of the features we are going to see with this release? (copied from the OpenBSD site – please see the official change log for further information):

 

• pthreads(3) support:
  • The most significant change in this release is the replacement of the user-level uthreads by kernel-level rthreads, allowing multithreaded programs to utilize multiple CPUs/cores.
  • Use PTHREAD_MUTEX_STRICT_NP as default mutex type.
  • Added pthread spinlock and barrier routines.
  • Added pthread_mutex_timedlock(3) and sem_timedwait(3).
  • Added pthread_condattr_setclock(3).
  • Added support for live multi-threaded debugging in gdb(1).
  • Improved handling for rusage totals and interval timers in threaded processes.
  • Changed the RLIMIT_NPROC rlimit to count processes instead of threads.
  • Added a new system limit kern.maxthread for the max number of threads.
  • Closed race conditions in thread creation, and in fork(2) and open(2) in a threaded process.
  • Improved handling of threaded processes in ps(1), top(1), and fstat(1).
  • Changed the lock around dlopen() to be recursive, so that dl*() operations from atexit() handlers don’t deadlock.
  • Many fixes to pthread attribute and mutex error checking and cancellation handling.

   

• Improved hardware support, including:
  • Added hibernation support on i386. Currently only working on pciide(4) and wd(4) disks.
  • Improved support for ALPS based touchpads in wsmouse(4) and the synaptics(4) X.Org input driver.
  • Performance improvements with ix(4) Intel 10Gb Ethernet NICs.
  • Support for i350 based devices in em(4).
  • Flow control support for bnx(4).
  • Hardware watchdog and HPET support for tcpcib(4) (Intel Atom E600) as found in some embedded x86 systems.
  • urndis(4) supports additional Android devices.
  • Support for Winbond W83627UHG has been added to wbsio(4).
  • Support for the SMBus controller of the AMD CS5536 in glxpcib(4) and the NVIDIA MCP89 in nviic(4).
  • Support for AX88772B based devices has been added to axe(4).
  • Support for MCS7832 based devices has been added to mos(4).
  • Support for the Roland UM-ONE has been added to umidi(4).
  • Support for the AMD Hudson-2 chipset has been added to azalia(4) and piixpm(4).
  • Support for NetMos NM9820 cardbus serial cards has been added to com(4).
  • Support for Huawei Mobile E303 has been added to umsm(4).
  • The sgi port now supports the R4000 Indigo (IP20), Indy (IP22), R4000 Indigo2 (IP24) and POWER Indigo2 R10000 (IP28) families.

   

• Generic network stack improvements:
  • Increased TCP initial window to 14600 bytes as proposed in draft-ietf-tcpm-initcwnd.
  • Cleanup handling of sockaddrs in degenerate use cases.
  • Improved handling of error and limit cases in file descriptor passing.
  • Improved socketbuffer handling for AF_UNIX sockets.
  • Fix yet another a file descriptor leak in message passing.
  • Improved error handling in socket splicing.
  • IPv6 privacy addresses now appear alongside SLAAC addresses.
  • Support for Extended Sequence Numbers has been added to the IPsec stack and iked(8).
  • Bridging two IPv4 networks over an IPv6 link with gif(4) is now possible.

   

• Routing daemons and other userland network improvements:
  • sndiod(1), bgpd(8), dvmrpd(8), ftp-proxy(8), iked(8), iscsid(8), ldapd(8), ldpd(8), nsd(8), ospf6d(8), ospfd(8), relayd(8), ripd(8), snmpd(8), spamd(8), sshd(8), tcpbench(1) and tmux(1)now rate limit their accepting of new connections when experiencing file descriptor exhaustion.
  • Allow route(8) destination/prefixlen syntax for IPv6 routes.
  • ASCII packet dumping support in tcpdump(8).
  • Better etherip and BGP protocol support in tcpdump(8).
  • isakmpd(8) and tcpdump(8) now recognize additional Internet Key Exchange DH groups.
  • Various improvements in iked(8) including support for retransmits.
  • ipsecctl(8) now allows SA lifetimes to be specified in its ipsec.conf(5) file.
  • Rewrote tftpd(8) as a persistent, non-blocking daemon.
  • tftp(1) client now supports IPv6.
  • snmpd(8) now supports PF-MIB, UCD-DISKIO-MIB, and additional OIDs in HOST-RESOURCES-MIB.
  • bgpd(8) is now more robust to network instability.
  • Adjust the bgpd(8) route decision code to cover checks needed due to route reflection.
  • Various fixes to improve error reporting in bgpd(8) including support of RFC 6608.
  • For debugging purposes bgpctl(8) can load MRT dumps into bgpd(8).
  • Fixed distribution of MPLS VPN routes in bgpd(8).
  • Introduced a new option “selected” to the bgpctl(8) “show rib” command to show only selected routes.
  • Correctly support the LSA_TYPE_AREA_OPAQ and LSA_TYPE_AS_OPAQ types in ospfd(8).
  • Make relayd(8) able to handle transactions larger than 2GB in size.
  • Various bug fixes and better HTTP standard compliance in relayd(8).
  • rtadvd(8) can now advertise DNS servers and search paths in router advertisements.
  • rtadvd(8) can now send router advertisements with no prefix information using the noifprefix option.
  • ftp(1) client now allows the source IP address of the connection to be specified.
  • ypldap(8) now handles larger directories and is more tolerant when processing groups.
  • Added support for AF_INET6 to inet_net_pton(3) and inet_net_ntop(3).

   

• pf(4) improvements:
  • pf(4) now ignores/preserves the lower 2 bits of the tos-header (used for Explicit Congestion Notification).
  • Allow more than 16 pflog(4) interfaces.
  • pf(4) now supports weighted least-states load balancing.
  • The prio and tos options are now part of the “set { }” block. See pf.conf(5).
  • Allow to set the tos on IPv6 packets.
  • Better demotion handling in pfsync(4) to prevent failovers without having a full state table.
  • Fixed printing of wildcard anchors in pfctl(8).

   

• Assorted improvements:
  • Added nginx(8), an HTTP server, reverse proxy server and mail proxy server.
  • Added SQLite 3.7.13, a self-contained SQL database engine.
  • libpcap has been updated with several core functions from tcpdump.org’s libpcap-1.2.0 API, without the clutter.
  • Disabled SSLv2 in OpenSSL.
  • Moved libtool(1) into the base system. Much work remains to be done.
  • Removed lint(1).
  • Removed the raid(4) RAIDframe driver and its corresponding raidctl(8) utility. RAIDframe has been superseded by softraid(4).
  • Added posix_spawn(3).
  • Added mbsnrtowcs(3) and wcsnrtombs(3).
  • Added getdelim(3) and getline(3).
  • More configuration variables for sysconf(3) and pathconf(2).
  • dirfd(3) is now a function instead of a macro.
  • posix_memalign(3) supports arbitrarily large alignments.
  • Improved realloc(3) performance.
  • ld.so(1) recognizes the DF_1_NOOPEN flag and refuses to dlopen(3) shared objects linked with “-z nodlopen”.
  • Improved compliance and/or cleanliness of header files, particularly <dirent.h>, <time.h>, <sys/time.h>, <limits.h>, <arpa/inet.h>, <netinet/in.h>, and <sys/param.h>.
  • Improved kernel uvm memory allocator.
  • Added support for using AMT to provide console-over-Ethernet (c.f. the amtterm package).
  • Improved support for amd64 systems with many memory extents.
  • compat_linux(8) improvements: TLS-vs-clone and futex fixes, added support for statfs64(), tgkill(), gettid(), SOCK_CLOEXEC, and SOCK_NONBLOCK.
  • kdump(1) improvements, including the ability to show thread IDs and dumping of timespec, timeval, sigaction, rlimit, sigset, clockid, and fdset arguments and results.
  • Various improvements in smtpd(8): reliability fixes, new MTA client, new scheduler and improved queue logic, simplified smtpd.conf(5) syntax, better RFC compliance and several cosmetic changes.
  • The mg(1) emacs-like editor now supports cscope functionality. Also, backup files can now be saved to a user’s home directory in addition to the current working directory.
  • Fixed operation of kvm_getfile2() (and therefore fstat(1) and pstat(8)) on kernel crash dumps.
  • Improved emacs-style key bindings and handling of large arrays in ksh(1).
  • halt(8) disables “suspend-on-lid-close” so that you don’t accidentally suspend instead of shutting down.
  • Improvements to parallel make(1): added the .CHEAP and .EXPENSIVE special targets and fixed glitches in already-rebuilt logic.
  • The libusb package is able to access non-ugen(4) devices for some operations, allowing e.g. programming YubiKeys with a standard kernel.
  • Various improvements in tmux(1): a new unified tree view to select sessions or windows, new move-pane and renumber-windows commands, a history of pane layouts, simple output rate limiting, and custom formats (-F) have been extended and are now accepted by more commands.
  • fsck_msdos(8) now works on devices with non-512 byte sectors.
  • quotacheck(8) now works with DUID based fstab(5) files.
  • Numerous minor improvement to fdisk(8), including more sanity checking and better default partition sizing on large disks.
  • dhclient(8) now discards trailing NULs in option data, and in general parses option data with more paranoia.
  • Various improvements to dhclient(8) startup and timeout handling.
  • disklabel(8) does a better job of calculating physical memory during partition auto-allocation of devices with non-512 byte sectors.
  • SCSI errors are now correctly propogated to userland. e.g. mount(2) now reports specific errors such as trying to mount RW filesystems from RO media.
  • Improved FAT media handling: autorecognize such media even if the 0x55aa signature is missing and prevent the writing of an OpenBSD disklabel over top of the FAT data structures.
  • The MS-DOS FAT filesystem implementation gained a significant write speedup for large files (up to twice as fast).

   

• OpenSSH 6.1:
  • New features:
    • sshd(8): This release turns on pre-auth sandboxing sshd by default for new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
    • sshd-keygen(1): Add options to specify starting line number and number of lines to process when screening moduli candidates, allowing processing of different parts of a candidate moduli file in parallel.
    • sshd(8): The Match directive now supports matching on the local (listen) address and port upon which the incoming connection was received via LocalAddress and LocalPort clauses.
    • sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups}.
    • Add support for RFC6594 SSHFP DNS records for ECDSA key types. (bz#1978)
    • sshd-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
    • sshd(8): Allow the sshd_config PermitOpen directive to accept “none” as an argument to refuse all port-forwarding requests.
    • sshd(8): Support “none” as an argument for AuthorizedPrincipalsFile.
    • sshd-keyscan(1): Look for ECDSA keys by default. (bz#1971)
    • sshd(8): Add “VersionAddendum” to sshd_config to allow server operators to append some arbitrary text to the server SSH protocol banner.
  • The following significant bugs have been fixed in this release:
    • sshd(8) and ssh(1): Don’t spin in accept() in situations of file descriptor exhaustion. Instead back off for a while.
    • sshd(8) and ssh(1): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from the specification. (bz#2023)
    • sshd(8): Handle long comments in config files better. (bz#2025)
    • ssh(1): Delay setting tty_flag so RequestTTY options are correctly picked up. (bz#1995)
    • sshd(8): Fix handling of /etc/nologin incorrectly being applied to root on platforms that use login_cap.

   

• Over 7600 ports, major performance and stability improvements in the package build process:
  • dpb got simpler and faster. Handles distfiles, works without any option.
  • Simpler and less error-prone mechanisms for handling MD differences.
  • dpb is now used for mirroring distfiles, to the great joy of ftp://ftp.openbsd.org/pub/OpenBSD/distfiles/
  • full databases of all ports available as packages:
    • pkglocatedb – a locate(1) database of all files in all packages
    • sqlports – a sqlite3(1) database of all meta-info for all packages
    • ports-readmes – a tree of html files for browsing thru available packages

   

• Many pre-built packages for each architecture:
  

  i386: 7483 sparc64: 6820 alpha: 5993

  sh: XXXX amd64: 7439 powerpc: 7050

  sparc: 4466 arm: XXXX hppa: 6316

  vax: 2279 mips64: 5845 mips64el: 5908

   

• Some highlights:
  • GNOME 3.4.2
  • KDE 3.5.10
  • Xfce 4.10
  • MySQL 5.1.63
  • PostgreSQL 9.1.4
  • Postfix 2.9.3
  • OpenLDAP 2.3.43 and 2.4.31
  • Mozilla Firefox 3.5.19, 3.6.28 and 13.0.1
  • Mozilla Thunderbird 13.0.1
  • GHC 7.0.4
  • LibreOffice 3.5.5.3
  • Emacs 21.4, 22.3 and 23.4
  • Vim 7.3.154
  • PHP 5.2.17 and 5.3.14
  • Python 2.5.4, 2.7.3 and 3.2.3
  • Ruby 1.8.7.370 and 1.9.3.194
  • Tcl/Tk 8.5.11
  • Jdk 1.7
  • Mono 2.10.9
  • Chromium 20.0.1132.57
  • Groff 1.21
  • Go 1.0.2
  • GCC 4.6.3 and 4.7.1
  • LLVM/Clang 3.1
  • Lua 5.1.5 and 5.2.1

   

• As usual, steady improvements in manual pages and other documentation.
• The system includes the following major components from outside suppliers:
  • Xenocara (based on X.Org 7.7 with xserver 1.12.2 + patches, freetype 2.4.10, fontconfig 2.8.0, Mesa 7.10.3, xterm 279, xkeyboard-config 2.6 and more)
  • Gcc 4.2.1 (+patches) and 2.95.3 (+ patches)
  • Perl 5.12.2 (+ patches)
  • Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
  • Nginx 1.2.2 (+ patches)
  • OpenSSL 1.0.0f (+ patches)
  • SQLite 3.7.13 (+ patches)
  • Sendmail 8.14.5, with libmilter
  • Bind 9.4.2-P2 (+ patches)
  • NSD 3.2.11
  • Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
  • Sudo 1.7.2p8
  • Ncurses 5.7
  • Heimdal 0.7.2 (+ patches)
  • Arla 0.35.7
  • Binutils 2.15 (+ patches)
  • Gdb 6.3 (+ patches)
  • Less 444 (+ patches)
  • Awk Aug 10, 2011 version