OpenBSD 3.4 Released

tedu writes "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. More details at the OpenBSD website and official announcement. Remember to please use a mirror."

What he/she really meant is...

"Remember to please use a mirror."

shocking concern

[t0ny]

Remember to please use a mirror

Since when does Slashdot care about overloading webservers?

no, no, you don't understand...

[jusdisgi]

...perfect code is irrelevant to security! Didn't you hear me?!

-Bill

OpenBSD song

[Malcolm+Scott]

And make sure you listen to the release song too. It's great :-)

Thoughts on security

[arvindn]

From the release notes:

Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have been changed to the safer alternatives strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most intensive audits yet performed by the OpenBSD project. The kernel is now completely free of these functions, as is most of the userland source tree.

That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc. Of course its a pain to keep track of the length of each string (making them fixed size is not always feasible), but I would have expected that in kernel level code convenience would take the back seat.

Note: this is purely an academic question, it is not my intention to critisize anyone, but just to learn why these things happen, not being a very experienced programmer myself.

Re:Thoughts on security

[__past__]

That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc.

You realize that OpenBSD is not a clean-room reimplementation of Unix? Most of the code is probably simply ages old, probably older than strlcpy and friends, or the OpenBSD project itself. Obviously, there was a time where programmers thought gets would be a useful function...

From the changelog

[debilo]

Remove unlicensed MATH_EMULATE code (written by some guy named Torvalds) from the kernel, leaving only the GNU emulation code for the moment.

Gotta love that.

Unfortunately

[Ryvar]

Unlike 3.3, which made it months before a single security-related patch was issued, 3.4 LAUNCHES with 3 such patches.

That said, it's such a huge release in terms of changes made (x86 Write or eXecute memory pages, for one) that it's more than worth the upgrade.

As with most such fundamental updates to OBSD, though, I expect this release to be significantly patchier than the last couple.

--Ryv

Binary format changed to ELF

[snake_dad]

Be careful when upgrading from older versions of OpenBSD, the upgrade procedure for i386 is a little bit more complicated than usual. As noted here and here. There's a document describing a possible upgrade path available from 3.3 to 3.4.

As I was lucky enough to run into this on a relatively new install I could just do a complete reinstall, but not reading the upgrade instructions can get you in a lot of trouble this time... :)

Re:Via C3 support

[Homology]

1.6 Gbit/sec of AES-128? Damn, I gotta get me one of these!

This is before optimization is done, and according to Theo, this is what they are doing right now. The chip is capable of 12.5 Gbit.