Published : 2012-11-02

OpenBSD 5.2

6 months exactly after the release of 5.1 (which brought nice improvements for IPv6 and firewalling), a new OpenBSD release is out today.

Services are gradually improving their IPv6 support and associated performance. rthreads (kernel-level threads) appear in this release and may significantly change pthread performance by moving user-level uthreads into the kernel, enabling multi-core/multi-CPU threading.

Below is a summary of notable changes reported by the OpenBSD team (source: http://www.openbsd.org/fr/52.html), and the detailed chronological list is available here: http://www.openbsd.org/plus52.html.

To download the amd64 ISO for OpenBSD 5.2 see: ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.2/amd64/install52.iso

This is a partial list of features in OpenBSD 5.2. For the complete changelog see: http://www.openbsd.org/plus52.html

  • pthreads(3) support:

    • The most significant change is replacing user-level uthreads with kernel-level rthreads, allowing multithreaded programs to use multiple CPUs/cores.
    • PTHREAD_MUTEX_STRICT_NP is now the default mutex type.
    • pthread spinlocks and barrier routines were added.
    • Added pthread_mutex_timedlock(3) and sem_timedwait(3).
    • Added pthread_condattr_setclock(3).
    • Hot multi-thread debugging added to gdb(1).
    • Improved accounting for rusage totals and interval timers in threaded processes.
    • RLIMIT_NPROC now counts processes rather than threads.
    • Race conditions fixed in thread creation and in fork(2)/open(2) within threaded processes.
    • Improved threaded process handling in ps(1), top(1), and fstat(1).
    • The lock around dlopen() was made recursive so dl*() operations from atexit() handlers do not deadlock.
    • Various pthread attribute, error handling, and mutex cancellation fixes.

  • Improved hardware support:

    • Hibernation support added on i386 (currently works with pciide(4) and wd(4) disks).
    • Improved ALPS touchpad support in X.Org drivers (wsmouse(4) and synaptics(4)).
    • Performance improvements for Intel 10Gb NICs in ix(4).
    • i350 device support added to em(4).
    • Flow-control support added to bnx(4).
    • Hardware monitoring and HPET support added for tcpcib(4) (Intel Atom E600) on embedded x86 systems.
    • Additional Android devices supported by urndis(4).
    • Winbond W83627UHG support added to wbsio(4).
    • SMBus controller support (AMD CS5536) added to glxpcib(4) and NVIDIA MCP89 to nviic(4).
    • AX88772B device support added to axe(4).
    • MCS7832 device support added to mos(4).
    • Roland UM-ONE support added to umidi(4).
    • AMD Hudson-2 chipset support added to azalia(4) and piixpm(4).
    • Cardbus NetMos NM9820 serial card support added to com(4).
    • Huawei Mobile E303 support added to umsm(4).
    • The SGI port now supports the R4000 Indigo, Indy, R4000 Indigo2 and POWER Indigo2 R10000 families.

  • Generic network stack improvements:

    • Initial TCP window increased to 14600 bytes as proposed in draft-ietf-tcpm-initcwnd.
    • Improved cleanup of sockaddrs in degenerate cases.
    • Better error handling and edge-case fixes when passing file descriptors.
    • Improved socket buffer handling for AF_UNIX sockets.
    • Fixed a file descriptor leak in message passing.
    • Improved error handling in socket connection code.
    • IPv6 private addresses now appear alongside SLAAC addresses.
    • Support for extended sequence numbers added to the IPsec stack and iked(8).
    • Bridging two IPv4 networks over an IPv6 link with gif(4) is now possible.

  • Routing daemons and userland networking improvements:

    • sndiod(1), bgpd(8), dvmrpd(8), ftp-proxy(8), iked(8), iscsid(8), ldapd(8), ldpd(8), nsd(8), ospf6d(8), ospfd(8), relayd(8), ripd(8), snmpd(8), spamd(8), sshd(8), tcpbench(1), and tmux(1) now throttle acceptance of new connections when file descriptors are exhausted.
    • Added destination/prefixlen syntax to route(8) for IPv6 routes.
    • Added ASCII packet dumping support to tcpdump(8).
    • Improved support for EtherIP and BGP in tcpdump(8).
    • isakmpd(8) and tcpdump(8) now recognize additional Internet Key Exchange DH groups.
    • iked(8) gained various improvements including retransmission support.
    • ipsecctl(8) SA lifetimes can now be specified in ipsec.conf(5).
    • tftpd(8) was rewritten as a persistent non-blocking daemon.
    • tftp(1) now supports IPv6.
    • snmpd(8) now supports PF-MIB, UCD-DISKIO-MIB, and additional HOST-RESOURCES-MIB OIDs.
    • bgpd(8) is more robust when facing network instability.
    • bgpd(8) route decision logic was adjusted to better cover route-reflector checks.
    • bgpd(8) gained error-reporting fixes including RFC 6608 support.
    • bgpctl(8) can now trigger MRT dumps in bgpd(8) for debugging purposes.
    • MPLS VPN route distribution was fixed in bgpd(8).
    • The selected option was added to bgpctl show rib.
    • ospfd(8) now properly supports LSA_TYPE_AREA_OPAQ and LSA_TYPE_AS_OPAQ.
    • relayd(8) can now handle transactions larger than 2 GiB.
    • relayd(8) received various bug fixes and HTTP conformance improvements.
    • rtadvd(8) can now advertise DNS servers and route search lists.
    • rtadvd(8) can now send router advertisements without prefix information using the noifprefix option.
    • ftp(1) now lets you choose the source IP address of the connection.
    • ypldap(8) now handles larger directories and is more tolerant of group processing.
    • Added AF_INET6 support to inet_net_pton(3) and inet_net_ntop(3).

  • pf(4) improvements:

    • pf(4) now ignores/preserves the 2 least significant bits of the TOS header used for ECN.
    • More than 16 pflog(4) interfaces are now supported.
    • pf(4) now supports weighted load balancing of states.
    • The prio and tos options are now part of set { } blocks in pf.conf(5).
    • It is now possible to set TOS on IPv6 packets.
    • pfsync(4) handles demotion better to avoid failovers with incomplete state tables.
    • Display of anchors containing special characters was fixed in pfctl(8).

  • Miscellaneous improvements:

    • nginx(8) was added to the base system as an HTTP, reverse-proxy, and mail-proxy server.
    • SQLite 3.7.13 was added.
    • libpcap was updated with key API features from libpcap 1.2.0.
    • SSLv2 was disabled in OpenSSL.
    • libtool(1) is now included in base.
    • lint(1) was removed.
    • RAIDframe (raid(4) and raidctl(8)) was removed in favor of softraid(4).
    • Added posix_spawn(3).
    • Added mbsnrtowcs(3) and wcsnrtombs(3).
    • Added getdelim(3) and getline(3).
    • Added more configuration variables to sysconf(3) and pathconf(2).
    • dirfd(3) is now a function rather than a macro.
    • posix_memalign(3) now supports arbitrary large alignments.
    • realloc(3) performance improved.
    • ld.so(1) now honors DF_1_NOOPEN and refuses to dlopen(3) shared objects linked with -z nodlopen.
    • Header conformance and cleanliness were improved across many system headers.
    • The kernel uvm allocator improved.
    • Added support for Intel AMT console-over-Ethernet scenarios.
    • Improved support for amd64 systems with memory extensions.
    • compat_linux(8) gained several fixes and compatibility additions.
    • kdump(1) can now show thread IDs and dump more argument/result structures.
    • smtpd(8) received broad reliability and feature work.
    • mg(1) now supports cscope and can save backup files in the user’s home directory.
    • kvm_getfile2() support for kernel crash dumps was fixed.
    • ksh(1) improved Emacs-style shortcuts and long-string handling.
    • halt(8) now disables suspend-on-lid-close to avoid suspending instead of halting.
    • make(1) gained .CHEAP and .EXPENSIVE targets and other fixes.
    • libusb can now access some non-ugen(4) devices, enabling tasks such as programming YubiKeys with a standard kernel.
    • tmux(1) gained a session/window tree view, more commands, layout history, and wider -F format support.
    • fsck_msdos(8) now works with devices whose sectors are not 512 bytes.
    • quotacheck(8) now supports DUID-based fstab(5) files.
    • fdisk(8) received many small improvements, including stronger validation and better partition sizing on large disks.
    • dhclient(8) now rejects NULL values in option data and parses input more defensively.
    • disklabel(8) improved physical-memory calculations during auto-allocation on non-512-byte sector devices.
    • SCSI errors are now propagated more cleanly to userland.
    • FAT handling improved, including better media recognition and protection against overwriting FAT metadata with an OpenBSD disklabel.
    • The MS-DOS FAT filesystem implementation gained significantly better write performance for large files.

  • OpenSSH 6.1:

    • Pre-auth sandboxing is enabled by default for new installations through UsePrivilegeSeparation=sandbox.
    • ssh-keygen(1) gained options for parallel candidate-module processing.
    • sshd(8) match rules can now use local listen address and port.
    • sshd_config match directives can now control AcceptEnv and {Allow,Deny}{Users,Groups}.
    • Added support for RFC 6594 SSHFP DNS records for ECDSA keys.
    • ssh-keygen(1) can now convert RSA1 keys to PEM and PKCS8.
    • PermitOpen can now accept none.
    • AuthorizedPrincipalsFile also supports none.
    • ssh-keyscan(1) now searches ECDSA keys by default.
    • VersionAddendum was added to sshd_config.
    • Important bugs were fixed in descriptor-exhaustion handling, deprecated MAC removal, long configuration comments, tty flag handling, and /etc/nologin behavior.

  • More than 7600 ports were available, with major build performance and stability improvements.

  • Prebuilt package counts by architecture included:

    • i386: 7483
    • sparc64: 6820
    • alpha: 5993
    • sh: 2412
    • amd64: 7439
    • powerpc: 7050
    • sparc: 4466
    • arm: 5802
    • hppa: 6316
    • vax: 2279
    • mips64: 5845
    • mips64el: 5908

  • Some packaged software versions included:

    • GNOME 3.4.2
    • KDE 3.5.10
    • Xfce 4.10
    • MySQL 5.1.63
    • PostgreSQL 9.1.4
    • Postfix 2.9.3
    • OpenLDAP 2.3.43 and 2.4.31
    • Firefox 3.5.19, 3.6.28, and 13.0.1
    • Thunderbird 13.0.1
    • GHC 7.0.4
    • LibreOffice 3.5.5.3
    • Emacs 21.4, 22.3, and 23.4
    • Vim 7.3.154
    • PHP 5.2.17 and 5.3.14
    • Python 2.5.4, 2.7.3, and 3.2.3
    • Ruby 1.8.7.370 and 1.9.3.194
    • Tcl/Tk 8.5.11
    • JDK 1.7
    • Mono 2.10.9
    • Chromium 20.0.1132.57
    • Groff 1.21
    • Go 1.0.2
    • GCC 4.6.3 and 4.7.1
    • LLVM/Clang 3.1
    • Lua 5.1.5 and 5.2.1

As usual, many manual pages and other documentation were also improved.