November 8, 2004

We are pleased to announce the official release of OpenBGPD 3.6.
This is our first formal release.

OpenBGPD is a fairly complete implementation of the Border Gateway 
Protocol, Version 4, as described in RFC 1771. BGP is a protocol used 
by routers to exchange routing information, and is one of the core 
protocols of the Internet.

Highlights include:
-full support for the BGP protocol as defined in RFC 1771
-full support for tcp md5 signatures (RFC 2385)
-full ipsec integration, with both static and dynamic keying supported
-pf integration
-communities support (RFC 1997)
-route refresh (RFC 2918)
-capabilities advertisement (RFC 3392)
-low memory footprint: under 30 MB with one full-mesh session, 
 still under 40 MB for three
-kernel routing table can be coupled and decoupled any time
-easy, straightforward configuration language
-very good performance
-easy to use bgpctl program, to control bgpd at runtime
-complete and accurate manpages

OpenBGPD is in use in many production environments, with dozens to
hundreds of peers.

OpenBGPD 3.6 comes with OpenBSD 3.6, or can be downloaded seperately 
from one of the mirrors listed at http://www.openbgpd.org/.

OpenBGPD is developed as part of the OpenBSD project, which offers CDs, 
T-Shirts and Posters. Sales of these items help funding OpenBGPD 
development. Orders can be placed via 
  http://www.openbsd.org/orders.html

OpenBGPD is primarily written by Claudio Jeker and Henning Brauer. 
Parts of the design were done by Andre Oppermann. Many thanks to him, the 
whole OpenBSD developer base and especially Theo de Raadt for their 
continued help and support.
Special Thanks to Ty Semaka for the graphics.

------------------------------------------------------------------------
- OpenBSD 4.3 RELEASED -------------------------------------------------

May 1, 2008.

We are pleased to announce the official release of OpenBSD 4.3.
This is our 23nd release on CD-ROM (and 24rd via FTP).  We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.

As in our previous releases, 4.3 provides significant improvements,
including new features, in nearly all areas of the system:

- New/extended platforms:
    o OpenBSD/sparc64.
      SMP support. This should work on all supported systems, with
      the exception of the Sun Enterprise 10000.
    o OpenBSD/hppa.
      K-class servers like the K200 and K410 are supported now.
    o OpenBSD/mvme88k
      SMP support on MVME188 and MVME188A systems.
      88110 processor, and thus MVME197LE/SP/DP boards, are supported now.
    o OpenBSD/sgi.
      Contains many new drivers, however the kernel requires an important
      errata fix.

- Improved hardware support, including:
    o The bge(4) driver now supports BCM5906/BCM5906M 10/100 and BCM5755
      10/100/Gigabit Ethernet devices.
    o The cas(4) driver now supports Cassini+ 10/100/Gigabit Ethernet devices.
    o The em(4) driver now supports ICH9 10/100 and 10/100/Gigabit Ethernet
      devices.
    o The gem(4) driver now supports the onboard 1000base-SX interface on
      the Sun Fire V880 server.
    o The ixgb(4) driver now supports the Sun 10Gb PCI-X Ethernet devices.
    o The msk(4) driver now supports Yukon FE+ 10/100 and Yukon Supreme
      10/100/Gigabit Ethernet devices.
    o The nfe(4) driver now supports MCP73, MCP77 and MCP79 10/100/Gigabit
      Ethernet devices.
    o The ral(4) driver now supports RT2800 based wireless network devices.
    o The cmpci(4) driver now supports CMI8768 based audio adapters.
    o The it(4) driver now supports ITE IT8705F/8712F/8716F/8718F/8726F and
      SiS SiS950 ICs. Watchdog timer func...
[ message continues ]

the sparc64 just underwent a flag day.  The memory model has been changed.

There will be no upgrade from 3.0 to 3.1 on the sparc64.  You must
reinstall, due to the binaries having been changed in fiddly internal
ways.  Just reinstall.  You could very carefully upgrade, but then
other issues might happen, like packages you are using, etc.

So just reinstall if you have a sparc64, ok?  You will be happy.  Some
compiler bugs are fixed as a result!

OpenSSH 3.2.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.


Changes since OpenSSH 3.2.2:
============================ 

  This release fixes several problems in OpenSSH 3.2.2:

    - a defect in the BSD_AUTH access control handling for
      OpenBSD and BSD/OS systems:

      Under certain conditions, on systems using YP with netgroups
      in the password database, it is possible that sshd does ACL
      checks for the requested user name but uses the password
      database entry of a different user for authentication. This
      means that denied users might authenticate successfully while
      permitted users could be locked out (OpenBSD PR 2659).

    - login/tty problems on Solaris (bug #245)

    - build problems on Cygwin systems


Changes between OpenSSH 3.1 and OpenSSH 3.2.2:
==============================================

  Security Changes:
  =================
  
  - fixed buffer overflow in Kerberos/AFS token passing
  - fixed overflow in Kerberos client code
  - sshd no longer auto-enables Kerberos/AFS
  - experimental support for privilege separation,
    see UsePrivilegeSeparation in sshd(8) and
  	  http://www.citi.umich.edu/u/provos/ssh/privsep.html
    for more information.
  - only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger
  
  Other Changes:
  ==============
  
  - improved smartcard support (including support for OpenSC,
    see www.opensc.org)
  - improved Kerberos support (including support for MIT-Kerberos V)
  - fixed stderr handling in protocol v2
  - client reports failure if -R style TCP forwarding fails in protocol v2
  - support configuration of TCP forwarding during interactive sessions (~C)
  - improved support for older sft...
[ message continues ]

OpenSSH 3.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.


Changes since OpenSSH 3.3:
============================ 

Security Changes:
=================

  All versions of OpenSSH's sshd between 2.9.9 and 3.3
  contain an input validation error that can result in
  an integer overflow and privilege escalation.

  OpenSSH 3.4 fixes this bug.

  In addition, OpenSSH 3.4 adds many checks to detect 
  invalid input and mitigate resource exhaustion attacks.

  OpenSSH 3.2 and later prevent privilege escalation
  if UsePrivilegeSeparation is enabled in sshd_config.
  OpenSSH 3.3 enables UsePrivilegeSeparation by
  default.


Reporting Bugs:
===============

- please read http://www.openssh.com/report.html
  and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.

Hello folks,

  Due to the upcoming release of OpenBSD 3.3, the 3.1-STABLE branch will
be out of regular maintainance starting June 1st.  There will be NO
MORE fixes commited to this branch after this day.

  People relying on 3.1-STABLE (or older releases even) are strongly
advised to upgrade to a more recent release (preferrably 3.3 as it
becomes available on May 1st) as soon as possible.

  Thanks for reading,
Miod

OpenSSH 3.7 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or posters.

We have a new design of T-shirt available, more info on
        http://www.openbsd.org/tshirts.html#18

For international orders use http://https.openbsd.org/cgi-bin/order
and for European orders, use http://https.openbsd.org/cgi-bin/order.eu

Security Changes:
=================

  All versions of OpenSSH's sshd prior to 3.7 contain a buffer
  management error.  It is uncertain whether this error is
  potentially exploitable, however, we prefer to see bugs
  fixed proactively.

  OpenSSH 3.7 fixes this bug.

Changes since OpenSSH 3.6.1:
============================ 

* The entire OpenSSH code-base has undergone a license review. As
  a result, all non-ssh1.x code is under a BSD-style license with no
  advertising requirement. Please refer to README in the source
  distribution for the exact license terms.

* Rhosts authentication has been removed in ssh(1) and sshd(8).

* Changes in Kerberos support:

    - KerberosV password support now uses a file cache instead of
      a memory cache.

    - KerberosIV and AFS support has been removed.

    - KerberosV support has been removed from SSH protocol 1.

    - KerberosV password authentication support remains for SSH
      protocols 1 and 2.

    - This release contains some GSSAPI user authentication support
      to replace legacy KerberosV authentication support. At present
      this code is still considered experimental and SHOULD NOT BE
      USED.
  
* Changed order that keys are tried in public key authentication.
  The ssh(1) client tries the keys in the following order:

     1. ssh-agent(1) keys that a...
[ message continues ]