OpenBSD 5.2 pre-orders are up

The OpenBSD project has announced that pre-orders for the up coming 5.2 release of the operating system are now on-line.  The release is due to hit shelves and mirrors on 1 November, 2012.

The inexpensive 3-CD sets of OpenBSD 5.2 are $50CDN, Posters $2oCDN and T-Shirts $25CDN.  While you are there, you can also make a donation or buy back copies of editions if you have some that you are missing (something that I have done for this order).

What are some of the features we are going to see with this release? (copied from the OpenBSD site – please see the official change log for further information):

 

  • pthreads(3) support:
    • The most significant change in this release is the replacement of the user-level uthreads by kernel-level rthreads, allowing multithreaded programs to utilize multiple CPUs/cores.
    • Use PTHREAD_MUTEX_STRICT_NP as default mutex type.
    • Added pthread spinlock and barrier routines.
    • Added pthread_mutex_timedlock(3) and sem_timedwait(3).
    • Added pthread_condattr_setclock(3).
    • Added support for live multi-threaded debugging in gdb(1).
    • Improved handling for rusage totals and interval timers in threaded processes.
    • Changed the RLIMIT_NPROC rlimit to count processes instead of threads.
    • Added a new system limit kern.maxthread for the max number of threads.
    • Closed race conditions in thread creation, and in fork(2) and open(2) in a threaded process.
    • Improved handling of threaded processes in ps(1)top(1), and fstat(1).
    • Changed the lock around dlopen() to be recursive, so that dl*() operations from atexit() handlers don’t deadlock.
    • Many fixes to pthread attribute and mutex error checking and cancellation handling.

     

  • Improved hardware support, including:
    • Added hibernation support on i386. Currently only working on pciide(4) and wd(4) disks.
    • Improved support for ALPS based touchpads in wsmouse(4) and the synaptics(4) X.Org input driver.
    • Performance improvements with ix(4) Intel 10Gb Ethernet NICs.
    • Support for i350 based devices in em(4).
    • Flow control support for bnx(4).
    • Hardware watchdog and HPET support for tcpcib(4) (Intel Atom E600) as found in some embedded x86 systems.
    • urndis(4) supports additional Android devices.
    • Support for Winbond W83627UHG has been added to wbsio(4).
    • Support for the SMBus controller of the AMD CS5536 in glxpcib(4) and the NVIDIA MCP89 in nviic(4).
    • Support for AX88772B based devices has been added to axe(4).
    • Support for MCS7832 based devices has been added to mos(4).
    • Support for the Roland UM-ONE has been added to umidi(4).
    • Support for the AMD Hudson-2 chipset has been added to azalia(4) and piixpm(4).
    • Support for NetMos NM9820 cardbus serial cards has been added to com(4).
    • Support for Huawei Mobile E303 has been added to umsm(4).
    • The sgi port now supports the R4000 Indigo (IP20), Indy (IP22), R4000 Indigo2 (IP24) and POWER Indigo2 R10000 (IP28) families.

     

  • Generic network stack improvements:
    • Increased TCP initial window to 14600 bytes as proposed in draft-ietf-tcpm-initcwnd.
    • Cleanup handling of sockaddrs in degenerate use cases.
    • Improved handling of error and limit cases in file descriptor passing.
    • Improved socketbuffer handling for AF_UNIX sockets.
    • Fix yet another a file descriptor leak in message passing.
    • Improved error handling in socket splicing.
    • IPv6 privacy addresses now appear alongside SLAAC addresses.
    • Support for Extended Sequence Numbers has been added to the IPsec stack and iked(8).
    • Bridging two IPv4 networks over an IPv6 link with gif(4) is now possible.

     

  • Routing daemons and other userland network improvements:
    • sndiod(1)bgpd(8)dvmrpd(8)ftp-proxy(8)iked(8)iscsid(8)ldapd(8)ldpd(8)nsd(8)ospf6d(8)ospfd(8)relayd(8)ripd(8)snmpd(8)spamd(8)sshd(8)tcpbench(1) and tmux(1)now rate limit their accepting of new connections when experiencing file descriptor exhaustion.
    • Allow route(8) destination/prefixlen syntax for IPv6 routes.
    • ASCII packet dumping support in tcpdump(8).
    • Better etherip and BGP protocol support in tcpdump(8).
    • isakmpd(8) and tcpdump(8) now recognize additional Internet Key Exchange DH groups.
    • Various improvements in iked(8) including support for retransmits.
    • ipsecctl(8) now allows SA lifetimes to be specified in its ipsec.conf(5) file.
    • Rewrote tftpd(8) as a persistent, non-blocking daemon.
    • tftp(1) client now supports IPv6.
    • snmpd(8) now supports PF-MIB, UCD-DISKIO-MIB, and additional OIDs in HOST-RESOURCES-MIB.
    • bgpd(8) is now more robust to network instability.
    • Adjust the bgpd(8) route decision code to cover checks needed due to route reflection.
    • Various fixes to improve error reporting in bgpd(8) including support of RFC 6608.
    • For debugging purposes bgpctl(8) can load MRT dumps into bgpd(8).
    • Fixed distribution of MPLS VPN routes in bgpd(8).
    • Introduced a new option “selected” to the bgpctl(8) “show rib” command to show only selected routes.
    • Correctly support the LSA_TYPE_AREA_OPAQ and LSA_TYPE_AS_OPAQ types in ospfd(8).
    • Make relayd(8) able to handle transactions larger than 2GB in size.
    • Various bug fixes and better HTTP standard compliance in relayd(8).
    • rtadvd(8) can now advertise DNS servers and search paths in router advertisements.
    • rtadvd(8) can now send router advertisements with no prefix information using the noifprefix option.
    • ftp(1) client now allows the source IP address of the connection to be specified.
    • ypldap(8) now handles larger directories and is more tolerant when processing groups.
    • Added support for AF_INET6 to inet_net_pton(3) and inet_net_ntop(3).

     

  • pf(4) improvements:
    • pf(4) now ignores/preserves the lower 2 bits of the tos-header (used for Explicit Congestion Notification).
    • Allow more than 16 pflog(4) interfaces.
    • pf(4) now supports weighted least-states load balancing.
    • The prio and tos options are now part of the “set { }” block. See pf.conf(5).
    • Allow to set the tos on IPv6 packets.
    • Better demotion handling in pfsync(4) to prevent failovers without having a full state table.
    • Fixed printing of wildcard anchors in pfctl(8).

     

  • Assorted improvements:
    • Added nginx(8), an HTTP server, reverse proxy server and mail proxy server.
    • Added SQLite 3.7.13, a self-contained SQL database engine.
    • libpcap has been updated with several core functions from tcpdump.org’s libpcap-1.2.0 API, without the clutter.
    • Disabled SSLv2 in OpenSSL.
    • Moved libtool(1) into the base system. Much work remains to be done.
    • Removed lint(1).
    • Removed the raid(4) RAIDframe driver and its corresponding raidctl(8) utility. RAIDframe has been superseded by softraid(4).
    • Added posix_spawn(3).
    • Added mbsnrtowcs(3) and wcsnrtombs(3).
    • Added getdelim(3) and getline(3).
    • More configuration variables for sysconf(3) and pathconf(2).
    • dirfd(3) is now a function instead of a macro.
    • posix_memalign(3) supports arbitrarily large alignments.
    • Improved realloc(3) performance.
    • ld.so(1) recognizes the DF_1_NOOPEN flag and refuses to dlopen(3) shared objects linked with “-z nodlopen”.
    • Improved compliance and/or cleanliness of header files, particularly <dirent.h>, <time.h>, <sys/time.h>, <limits.h>, <arpa/inet.h>, <netinet/in.h>, and <sys/param.h>.
    • Improved kernel uvm memory allocator.
    • Added support for using AMT to provide console-over-Ethernet (c.f. the amtterm package).
    • Improved support for amd64 systems with many memory extents.
    • compat_linux(8) improvements: TLS-vs-clone and futex fixes, added support for statfs64(), tgkill(), gettid(), SOCK_CLOEXEC, and SOCK_NONBLOCK.
    • kdump(1) improvements, including the ability to show thread IDs and dumping of timespec, timeval, sigaction, rlimit, sigset, clockid, and fdset arguments and results.
    • Various improvements in smtpd(8): reliability fixes, new MTA client, new scheduler and improved queue logic, simplified smtpd.conf(5) syntax, better RFC compliance and several cosmetic changes.
    • The mg(1) emacs-like editor now supports cscope functionality. Also, backup files can now be saved to a user’s home directory in addition to the current working directory.
    • Fixed operation of kvm_getfile2() (and therefore fstat(1) and pstat(8)) on kernel crash dumps.
    • Improved emacs-style key bindings and handling of large arrays in ksh(1).
    • halt(8) disables “suspend-on-lid-close” so that you don’t accidentally suspend instead of shutting down.
    • Improvements to parallel make(1): added the .CHEAP and .EXPENSIVE special targets and fixed glitches in already-rebuilt logic.
    • The libusb package is able to access non-ugen(4) devices for some operations, allowing e.g. programming YubiKeys with a standard kernel.
    • Various improvements in tmux(1): a new unified tree view to select sessions or windows, new move-pane and renumber-windows commands, a history of pane layouts, simple output rate limiting, and custom formats (-F) have been extended and are now accepted by more commands.
    • fsck_msdos(8) now works on devices with non-512 byte sectors.
    • quotacheck(8) now works with DUID based fstab(5) files.
    • Numerous minor improvement to fdisk(8), including more sanity checking and better default partition sizing on large disks.
    • dhclient(8) now discards trailing NULs in option data, and in general parses option data with more paranoia.
    • Various improvements to dhclient(8) startup and timeout handling.
    • disklabel(8) does a better job of calculating physical memory during partition auto-allocation of devices with non-512 byte sectors.
    • SCSI errors are now correctly propogated to userland. e.g. mount(2) now reports specific errors such as trying to mount RW filesystems from RO media.
    • Improved FAT media handling: autorecognize such media even if the 0x55aa signature is missing and prevent the writing of an OpenBSD disklabel over top of the FAT data structures.
    • The MS-DOS FAT filesystem implementation gained a significant write speedup for large files (up to twice as fast).

     

  • OpenSSH 6.1:
    • New features:
      • sshd(8): This release turns on pre-auth sandboxing sshd by default for new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
      • sshd-keygen(1): Add options to specify starting line number and number of lines to process when screening moduli candidates, allowing processing of different parts of a candidate moduli file in parallel.
      • sshd(8): The Match directive now supports matching on the local (listen) address and port upon which the incoming connection was received via LocalAddress and LocalPort clauses.
      • sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups}.
      • Add support for RFC6594 SSHFP DNS records for ECDSA key types. (bz#1978)
      • sshd-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
      • sshd(8): Allow the sshd_config PermitOpen directive to accept “none” as an argument to refuse all port-forwarding requests.
      • sshd(8): Support “none” as an argument for AuthorizedPrincipalsFile.
      • sshd-keyscan(1): Look for ECDSA keys by default. (bz#1971)
      • sshd(8): Add “VersionAddendum” to sshd_config to allow server operators to append some arbitrary text to the server SSH protocol banner.
    • The following significant bugs have been fixed in this release:
      • sshd(8) and ssh(1): Don’t spin in accept() in situations of file descriptor exhaustion. Instead back off for a while.
      • sshd(8) and ssh(1): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from the specification. (bz#2023)
      • sshd(8): Handle long comments in config files better. (bz#2025)
      • ssh(1): Delay setting tty_flag so RequestTTY options are correctly picked up. (bz#1995)
      • sshd(8): Fix handling of /etc/nologin incorrectly being applied to root on platforms that use login_cap.

     

  • Over 7600 ports, major performance and stability improvements in the package build process:
    • dpb got simpler and faster. Handles distfiles, works without any option.
    • Simpler and less error-prone mechanisms for handling MD differences.
    • dpb is now used for mirroring distfiles, to the great joy of ftp://ftp.openbsd.org/pub/OpenBSD/distfiles/
    • full databases of all ports available as packages:
      • pkglocatedb – a locate(1) database of all files in all packages
      • sqlports – a sqlite3(1) database of all meta-info for all packages
      • ports-readmes – a tree of html files for browsing thru available packages

     

  • Many pre-built packages for each architecture:
    • i386: 7483
    • sparc64: 6820
    • alpha: 5993
    • sh: XXXX
    • amd64: 7439
    • powerpc: 7050
    • sparc: 4466
    • arm: XXXX
    • hppa: 6316
    • vax: 2279
    • mips64: 5845
    • mips64el: 5908

     

  • Some highlights:
    • GNOME 3.4.2
    • KDE 3.5.10
    • Xfce 4.10
    • MySQL 5.1.63
    • PostgreSQL 9.1.4
    • Postfix 2.9.3
    • OpenLDAP 2.3.43 and 2.4.31
    • Mozilla Firefox 3.5.19, 3.6.28 and 13.0.1
    • Mozilla Thunderbird 13.0.1
    • GHC 7.0.4
    • LibreOffice 3.5.5.3
    • Emacs 21.4, 22.3 and 23.4
    • Vim 7.3.154
    • PHP 5.2.17 and 5.3.14
    • Python 2.5.4, 2.7.3 and 3.2.3
    • Ruby 1.8.7.370 and 1.9.3.194
    • Tcl/Tk 8.5.11
    • Jdk 1.7
    • Mono 2.10.9
    • Chromium 20.0.1132.57
    • Groff 1.21
    • Go 1.0.2
    • GCC 4.6.3 and 4.7.1
    • LLVM/Clang 3.1
    • Lua 5.1.5 and 5.2.1

     

  • As usual, steady improvements in manual pages and other documentation.
  • The system includes the following major components from outside suppliers:
    • Xenocara (based on X.Org 7.7 with xserver 1.12.2 + patches, freetype 2.4.10, fontconfig 2.8.0, Mesa 7.10.3, xterm 279, xkeyboard-config 2.6 and more)
    • Gcc 4.2.1 (+patches) and 2.95.3 (+ patches)
    • Perl 5.12.2 (+ patches)
    • Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
    • Nginx 1.2.2 (+ patches)
    • OpenSSL 1.0.0f (+ patches)
    • SQLite 3.7.13 (+ patches)
    • Sendmail 8.14.5, with libmilter
    • Bind 9.4.2-P2 (+ patches)
    • NSD 3.2.11
    • Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
    • Sudo 1.7.2p8
    • Ncurses 5.7
    • Heimdal 0.7.2 (+ patches)
    • Arla 0.35.7
    • Binutils 2.15 (+ patches)
    • Gdb 6.3 (+ patches)
    • Less 444 (+ patches)
    • Awk Aug 10, 2011 version