November 8, 2004
We are pleased to announce the official release of OpenBGPD 3.6.

This is our first formal release.
OpenBGPD is a fairly complete implementation of the Border Gateway

Protocol, Version 4, as described in RFC 1771. BGP is a protocol used

by routers to exchange routing information, and is one of the core

protocols of the Internet.
Highlights include:

-full support for the BGP protocol as defined in RFC 1771

-full support for tcp md5 signatures (RFC 2385)

-full ipsec integration, with both static and dynamic keying supported

-pf integration

-communities support (RFC 1997)

-route refresh (RFC 2918)

-capabilities advertisement (RFC 3392)

-low memory footprint: under 30 MB with one full-mesh session,

 still under 40 MB for three

-kernel routing table can be coupled and decoupled any time

-easy, straightforward configuration language

-very good performance

-easy to use bgpctl program, to control bgpd at runtime

-complete and accurate manpages
OpenBGPD is in use in many production environments, with dozens to

hundreds of peers.
OpenBGPD 3.6 comes with OpenBSD 3.6, or can be downloaded seperately

from one of the mirrors listed at http://www.openbgpd.org/.
OpenBGPD is developed as part of the OpenBSD project, which offers CDs,

T-Shirts and Posters. Sales of these items help funding OpenBGPD

development. Orders can be placed via

  http://www.openbsd.org/orders.html
OpenBGPD is primarily written by Claudio Jeker and Henning Brauer.

Parts of the design were done by Andre Oppermann. Many thanks to him, the

whole OpenBSD developer base and especially Theo de Raadt for their

continued help and support.

Special Thanks to Ty Semaka for the graphics.

------------------------------------------------------------------------

- OpenBSD 4.3 RELEASED -------------------------------------------------
May 1, 2008.
We are pleased to announce the official release of OpenBSD 4.3.

This is our 23nd release on CD-ROM (and 24rd via FTP).  We remain

proud of OpenBSD's record of more than ten years with only two remote

holes in the default install.
As in our previous releases, 4.3 provides significant improvements,

including new features, in nearly all areas of the system:
- New/extended platforms:

    o OpenBSD/sparc64.

      SMP support. This should work on all supported systems, with

      the exception of the Sun Enterprise 10000.

    o OpenBSD/hppa.

      K-class servers like the K200 and K410 are supported now.

    o OpenBSD/mvme88k

      SMP support on MVME188 and MVME188A systems.

      88110 processor, and thus MVME197LE/SP/DP boards, are supported now.

    o OpenBSD/sgi.

      Contains many new drivers, however the kernel requires an important

      errata fix.
- Improved hardware support, including:

    o The bge(4) driver now supports BCM5906/BCM5906M 10/100 and BCM5755

      10/100/Gigabit Ethernet devices.

    o The cas(4) driver now supports Cassini+ 10/100/Gigabit Ethernet devices.

    o The em(4) driver now supports ICH9 10/100 and 10/100/Gigabit Ethernet

      devices.

    o The gem(4) driver now supports the onboard 1000base-SX interface on

      the Sun Fire V880 server.

    o The ixgb(4) driver now supports the Sun 10Gb PCI-X Ethernet devices.

    o The msk(4) driver now supports Yukon FE+ 10/100 and Yukon Supreme

      10/100/Gigabit Ethernet devices.

    o The nfe(4) driver now supports MCP73, MCP77 and MCP79 10/100/Gigabit

      Ethernet devices.

    o The ral(4) driver now supports RT2800 based wireless network devices.

    o The cmpci(4) driver now supports CMI8768 based audio adapters.

    o The it(4) driver now supports ITE IT8705F/8712F/8716F/8718F/8726F and

      SiS SiS950 ICs. Watchdog timer func...
[ message continues ]

the sparc64 just underwent a flag day.  The memory model has been changed.
There will be no upgrade from 3.0 to 3.1 on the sparc64.  You must

reinstall, due to the binaries having been changed in fiddly internal

ways.  Just reinstall.  You could very carefully upgrade, but then

other issues might happen, like packages you are using, etc.
So just reinstall if you have a sparc64, ok?  You will be happy.  Some

compiler bugs are fixed as a result!

OpenSSH 3.2.3 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support and encouragement.
Changes since OpenSSH 3.2.2:

============================ 
  This release fixes several problems in OpenSSH 3.2.2:
    - a defect in the BSD_AUTH access control handling for

      OpenBSD and BSD/OS systems:
      Under certain conditions, on systems using YP with netgroups

      in the password database, it is possible that sshd does ACL

      checks for the requested user name but uses the password

      database entry of a different user for authentication. This

      means that denied users might authenticate successfully while

      permitted users could be locked out (OpenBSD PR 2659).
    - login/tty problems on Solaris (bug #245)
    - build problems on Cygwin systems
Changes between OpenSSH 3.1 and OpenSSH 3.2.2:

==============================================
  Security Changes:

  =================
  - fixed buffer overflow in Kerberos/AFS token passing

  - fixed overflow in Kerberos client code

  - sshd no longer auto-enables Kerberos/AFS

  - experimental support for privilege separation,

    see UsePrivilegeSeparation in sshd(8) and

  	  http://www.citi.umich.edu/u/provos/ssh/privsep.html

    for more information.

  - only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger
  Other Changes:

  ==============
  - improved smartcard support (including support for OpenSC,

    see www.opensc.org)

  - improved Kerberos support (including support for MIT-Kerberos V)

  - fixed stderr handling in protocol v2

  - client reports failure if -R style TCP forwarding fails in protocol v2

  - support configuration of TCP forwarding during interactive sessions (~C)

  - improved support for older sft...
[ message continues ]

OpenSSH 3.4 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support and encouragement.
Changes since OpenSSH 3.3:

============================ 
Security Changes:

=================
  All versions of OpenSSH's sshd between 2.9.9 and 3.3

  contain an input validation error that can result in

  an integer overflow and privilege escalation.
  OpenSSH 3.4 fixes this bug.
  In addition, OpenSSH 3.4 adds many checks to detect

  invalid input and mitigate resource exhaustion attacks.
  OpenSSH 3.2 and later prevent privilege escalation

  if UsePrivilegeSeparation is enabled in sshd_config.

  OpenSSH 3.3 enables UsePrivilegeSeparation by

  default.
Reporting Bugs:

===============
- please read http://www.openssh.com/report.html

  and http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,

Kevin Steves, Damien Miller and Ben Lindstrom.

Hello folks,
  Due to the upcoming release of OpenBSD 3.3, the 3.1-STABLE branch will

be out of regular maintainance starting June 1st.  There will be NO

MORE fixes commited to this branch after this day.
  People relying on 3.1-STABLE (or older releases even) are strongly

advised to upgrade to a more recent release (preferrably 3.3 as it

becomes available on May 1st) as soon as possible.
  Thanks for reading,

Miod

OpenSSH 3.7 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support to the project, especially those who contributed source and

bought T-shirts or posters.
We have a new design of T-shirt available, more info on

        http://www.openbsd.org/tshirts.html#18
For international orders use http://https.openbsd.org/cgi-bin/order

and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Security Changes:

=================
  All versions of OpenSSH's sshd prior to 3.7 contain a buffer

  management error.  It is uncertain whether this error is

  potentially exploitable, however, we prefer to see bugs

  fixed proactively.
  OpenSSH 3.7 fixes this bug.
Changes since OpenSSH 3.6.1:

============================ 
* The entire OpenSSH code-base has undergone a license review. As

  a result, all non-ssh1.x code is under a BSD-style license with no

  advertising requirement. Please refer to README in the source

  distribution for the exact license terms.
* Rhosts authentication has been removed in ssh(1) and sshd(8).
* Changes in Kerberos support:
    - KerberosV password support now uses a file cache instead of

      a memory cache.
    - KerberosIV and AFS support has been removed.
    - KerberosV support has been removed from SSH protocol 1.
    - KerberosV password authentication support remains for SSH

      protocols 1 and 2.
    - This release contains some GSSAPI user authentication support

      to replace legacy KerberosV authentication support. At present

      this code is still considered experimental and SHOULD NOT BE

      USED.
* Changed order that keys are tried in public key authentication.

  The ssh(1) client tries the keys in the following order:
     1. ssh-agent(1) keys that a...
[ message continues ]