OpenBSD 5.4

OpenBSD releases occur every six months. This release (5.4) marks the end-of-life for 5.2 and brings a number of improvements.

Highlights

SSH / SFTP

• SFTP now supports resume for partial downloads
• Encrypted keys stored on smartcards are now supported by the SSH agent

Packet Filter

• Changes to behavior when IP fragmentation occurs
• pfctl can now display match counters for tables
• divert-to and divert-reply options now support IPv6
• Fixed a bug that prevented creation of ICMP states when PF was used in stateful mode

SMTPd

OpenSMTPD upgraded to 5.3.3 with several enhancements:

• New SQLite and LDAP backends
• Improved mail queue handling
• Ability to suspend/resume per-message scheduling
• smtpctl can now show message routing status, enable routes, and show message states per MX domain
• If the filesystem or queue falls below 10% free space, the daemon temporarily refuses new messages
• LTMP protocol support added

Networking

• Multiple fixes landed in bgpd
• Driver fixes were made for bge, especially BCM5717/5718/5720 cards
• Bugs in the virtio drivers that could trigger kernel panics or IPv6 neighbor discovery issues were fixed
• ldpd received many improvements
• RFC 4191 route information advertisements are now supported by icmp6 and rtadvd
• Link aggregation (trunk) now supports jumbo frames
• Several fixes landed in npppd (PPTP/L2TP)
• Protocol checksum calculation code was rewritten
• dhcpd now follows RFC 2131 more strictly

Security

• HTTPS compression was disabled in httpd to mitigate CRIME attacks
• inetd no longer starts by default

Software

• drm 2.4.46
• heimdal 1.5.2
• sqlite 3.7.17
• nginx 1.5.7
• OpenSMTPD 5.3.3
• perl 5.16.3

Drivers

• VMware VMXNet3 virtual NIC support
• Realtek 8211C(L) GbE support
• Various virtio driver fixes
• Intel E7221 graphics chipset support
• KMS support for AMD and Intel graphics drivers
• Experimental FUSE support

Hardware platforms

OpenBSD added support for two new platforms:

• octeon
• beagle (BeagleBone/Pandaboard)

Performance

Overall performance was improved through work in several areas:

• Kernel bcopy/memmove/memcpy implementations were revised
• Interrupts related to the audio subsystem no longer require the Giant Lock
• A symbol cache mechanism was added

Upgrade process

To upgrade, boot from the OpenBSD 5.4 CD and choose upgrade, then follow the prompts. Once the system has rebooted, mount the CD and run sysmerge:

mount -t cd9660 /dev/cd0a /mnt
sysmerge -s /mnt/5.4/amd64/etc54.tgz

Review the diffs proposed by sysmerge and choose the changes you want to keep. For a more detailed upgrade procedure, refer to the official OpenBSD upgrade guide.

Sources:

• Full changelog: http://www.openbsd.org/plus54.html
• Release notes: http://openbsd.org/54.html
• Release song “Our Favorite Hacks”: http://openbsd.org/lyrics.html#54
• Original French announcement: http://linuxfr.org/news/openbsd-5-4
• Official upgrade process: http://www.openbsd.org/faq/upgrade54.html