According to the press release from de Raadt, the following changes, bugfixes, additions and enhancements have been made to 3.6:
- New platform:
Expanding the mvme88k porting effort by supporting Omron's
line of 88100-based workstations.
- SMP support on OpenBSD/i386 and OpenBSD/amd64 platforms.
- New functionality:
- A cleaned-up DHCP server and client implementation,
now featuring privilege separation and safe defaults.
- A new NTP daemon written from scratch, which ought to fit
the needs of most NTP users.
- pfctl(8) now provides a rules optimizer to help improve
- The packet filter, pf(4), now supports nested anchors.
- tcpdrop(8), a command to drop TCP connections.
- The NMBCLUSTERS option has been eliminated, replaced by a
sysctl with higher default values on many platforms.
- Added support for cksum (three flavours), md4, sha256, sha384
and sha512 to the md5(1) command.
- Memory file systems created by the mount_mfs(8) command
now can be populated immediately after creation.
- New hotplugd(8) daemon and hotplug(4) device that
watch for newly attached devices.
- isakmpd(8) now supports NAT-traversal and Dead Peer Detection
- strtonum(3), a simple, robust and therefore safe function
to convert strings to numbers, has been added.
- On the OpenBSD/sparc platform, StackGhost buffer overflow
exploit protection has been added.
- A generic IEEE 802.11 framework has been added.
- Improved hardware support, including:
- Sangoma T1 and E1 cards (san(4)).
- Jumbo frames now work reliably on em(4),
sk(4), and ti(4) adapters.
- USB 2.0 (ehci(4)) controllers.
- AIC79xx-based Ultra320 SCSI adapters, such as the Adaptec
29320 and 39320 (ahd(4)).
- The i386 and amd64 CD bootloader code no longer emulates a
floppy which improves the chances of booting on newer
- New re(4) driver for Realtek 8169/8169S/8110S PCI
- New atw(4) driver for ADMtek ADM8211 802.11b wireless
- New axe(4) driver for ASIX Electronics AX88172 USB
- New cdce(4) driver for Ethernet over USB bridges.
- New ichpcib(4) driver for Intel ICHx/ICHx-M LPC PCI-ISA
- New gscpcib(4) driver for National Semiconductor Geode
SC1100 PCI-ISA bridges.
- New iic(4) driver for Inter IC (I2C) master/slave buses.
- New lmtemp(4) driver for National Semiconductor LM75/LM77
- New gscsio(4) driver for National Semiconductor Geode
SC1100 Super I/O chips.
- New gpio(4) driver and accompanying gpioctl(8)
utility for supporting General Purpose Input/Output.
- New mediabay(4) macppc driver for the ATA33 HD controller
over removable CD.
- hw.setperf sysctl hooks for PowerNow in AMD K6 and K7
- New functionality for bgpd(8), the Border Gateway Protocol Daemon:
- Kernel memory management improvements now allow the full
global routing table to be kept in memory without customizing
- Support for adding received prefixes to a pf(4) table.
- Support for IPsec, both manually keyed and using IKE.
- Support for setting BGP communities (RFC1997) on incoming and
- Support for NOPEER community (RFC3765).
- Partial support for RFC2858 Multiprotocol Capabilities,
currently only IPv4-unicast is announced.
- Support for Route Reflection (RFC2796).
- Support for dynamic network announcements.
- Support for Route Refresh Capability (RFC2918).
- Improved NFS performance and reliability.
- Shared libraries and gcc 3.3.2 on the OpenBSD/hppa port.
- Privilege separation or revocation for the following programs:
- dhcrelay(8), dhclient(8), and dhcpd(8)
- Over 2700 ports, 2500 pre-built packages.
- Many improvements for security and reliability (look for the red print in the complete changelog).
- As usual, many improvements in manual pages and other documentation.
- OpenSSH 3.9:
- sshd(8) now re-executes itself on accepting a new
connection. This security measure ensures that all
execute-time randomizations are reapplied for each connection
rather than once, for the master process' lifetime. This
includes mmap and malloc mappings, shared library addressing,
shared library mapping order, ProPolice and StackGhost
cookies on architectures that support such things.
- Selected environment variables can now be passed between the
client and the server.
- Session multiplexing: a single ssh connection can now carry
multiple login/command/file transfer sessions.
- This release of OpenBSD includes the following major components from outside suppliers:
- XFree86 4.4.0 unencumbered (+ patches, and i386 contains
3.3.6 servers (+ patches) for chipsets not supported by 4.4).
- Gcc 2.95.3 (+ patches) and 3.3.2 (+ patches)
- Perl 5.8.5 (+ patches)
- Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
- OpenSSL 0.9.7d (+ patches)
- Groff 1.15
- Sendmail 8.13.0, with libmilter
- Bind 9.2.3 (+ patches)
- Lynx 2.8.5rel.2 with HTTPS and IPv6 support (+ patches)
- Sudo 1.6.7p5
- Ncurses 5.2
- Latest KAME IPv6
- Heimdal 0.6rc1 (+ patches)
- Arla 0.35.7
- Binutils 2.14
- Gdb 6.1
A complete list of changes since the 3.5 release can be found here.
Is this is the last CD release?
3.6 represents the 17th release of OpenBSD, 16 of which have been released on CD. But the future of OpenBSD CD releases seems to be in question due to a lack of 3.6 pre-order sales. OpenBSD users and supporters are encouraged to make a donation or buy a CD set or other merchandise to help financially support the project.
FTP mirrors and installation
OpenBSD maintains a list of download mirrors for installation images. Installation instructions are specific to architecture and can be found in the architecture's directory on any of the download mirrors. Instructions for the i386 (x86) FTP install can be found here. The CD sets install entirely from the CD and have paper instructions included.