Annotation of www/32.html, Revision 1.25
1.20 jufi 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 miod 2: <html>
3: <head>
4: <title>OpenBSD 3.2 Release</title>
1.2 mpech 5: <link rev=made href="mailto:www@openbsd.org">
1.1 miod 6: <meta name="resource-type" content="document">
1.21 jufi 7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.1 miod 8: <meta name="description" content="OpenBSD 3.2">
9: <meta name="keywords" content="openbsd,main">
10: <meta name="distribution" content="global">
11: <meta name="copyright" content="This document copyright 1999-2002 by OpenBSD.">
12: </head>
13:
1.24 david 14: <body bgcolor="#ffffff" text="#000000" link="#24248e">
1.1 miod 15:
1.17 jufi 16: <a href="index.html">
17: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
1.1 miod 18: <hr>
19:
20: <p>
1.19 miod 21: <a href="images/MrPond.gif"><img align="left" width="255" height="323"
1.21 jufi 22: hspace="24" src="images/MrPond.gif" alt="MrPond.gif"></a>
1.1 miod 23: <h2><font color="#0000e0">The OpenBSD 3.2 Release:</font></h2>
24: <p>
25:
26: Released November 1, 2002<br>
27: Copyright 1997-2002, Theo de Raadt.<br>
28: <font color="#e00000">ISBN 0-9731791-0-4</font>
1.25 ! deraadt 29: <br>
! 30: <a href="lyrics.html#32">3.2 Song: "Goldflipper"</a>
1.1 miod 31: <p>
32:
33: <a href="#new">What's New</a><br>
34: <a href="#install">How to install</a><br>
35: <a href="#ports">How to use the ports tree</a><br>
36: <a href="orders.html">Ordering a CD set</a><br>
37:
38: <p>
39: <h3><font color="#0000e0">
40: To get the files for this release:
41: <ul>
1.17 jufi 42: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
1.1 miod 43: <li>See the information on <a href="ftp.html">The FTP page</a> for
44: a list of mirror machines.
45: <li>Go to the <font color="#e00000">pub/OpenBSD/3.2/</font> directory on
46: one of the mirror sites.
47: <li>Briefly read the rest of this document.
1.23 deraadt 48: <li>Have a look at <a href="errata32.html">The 3.2 Errata page</a> for a list
1.1 miod 49: of bugs and workarounds.
1.15 miod 50: <li>See a <a href="plus32.html">detailed log of changes</a> between the
1.1 miod 51: 3.1 and 3.2 releases.
52: </ul>
53: </font></h3>
54: <br clear=all>
55: <br>
56: <p>
57:
58: <strong>Note:</strong> All applicable copyrights and credits can be found
59: in the applicable file sources found in the files src.tar.gz, srcsys.tar.gz,
60: XF4.tar.gz, or in the files fetched via ports.tar.gz. The distribution
61: files used to build packages from the ports.tar.gz file are not included on
62: the CDROM because of lack of space.
63: <p>
64:
65: <a name="new"></a>
66: <hr>
67: <p>
68: <h3><font color="#0000e0">What's New</font></h3>
69: <p>
70: This is a partial list of new features and systems included in OpenBSD 3.2.
1.15 miod 71: For a comprehensive list, see the <a href="plus32.html">changelog</a> leading
1.1 miod 72: to 3.2.
73: <p>
74:
75: <ul>
76: <li><a href="http://www.OpenSSH.com">OpenSSH</a> (supporting both the
1.2 mpech 77: SSH1 and SSH2 protocols) is now at version 3.5. Privilege separation is
1.1 miod 78: now enabled by default for greater robustness.
79: <p>
80:
1.12 deraadt 81: <li>Non-executable stack on i386, sparc, sparc64, alpha, powerpc.
82: No-exec data and bss on sparc, sparc64, and alpha. This makes some
83: classes of future potential buffer overflows unexploitable.
84: <p>
85:
86: <li>Apache runs chroot'd by default. To disable this, see the new <b>-u</b>
87: option.
88: <p>
89:
1.13 deraadt 90: <li>A very significant reduction in setuid binaries. Many of those binaries
91: which still retain setuid have been modified so the operations needing root
1.14 deraadt 92: are done early on, and then privilege is revoked immediately after that.
1.13 deraadt 93: <p>
94:
1.11 deraadt 95: <li>Asymmetric and symmetric hardware encryption support is now enabled by
1.10 deraadt 96: default, if you have such devices in your machine.
97: <p>
98:
1.1 miod 99: <li>As usual, improvements to the documentation, notably the man pages and
100: the Web FAQ. A larger part of the website is now available in several
101: languages.
102: <p>
103:
104: <li>More complete collection and better tested set of "ports".
1.16 pvalchev 105: setuid/setgid ports have been significantly reduced as well. Many of the
106: ones that remain setuid have been modified to revoke privileges as early
107: as possible.
1.1 miod 108: <p>
109:
1.16 pvalchev 110: <li>Over 1800 pre-built and tested packages.
1.1 miod 111: <p>
112:
113: <li>Better video and X11 support for the
114: <a href="sparc.html">OpenBSD/sparc</a>,
115: <a href="sparc64.html">OpenBSD/sparc64</a> and
116: <a href="alpha.html">OpenBSD/alpha</a> ports.
117: <p>
118:
119: <li>A lot of enhancements and stability improvements to our packet filter, <a
1.21 jufi 120: href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>,
1.19 miod 121: including:
1.8 henning 122: <ul>
123: <li>new "antispoof" keyword: spoofing protection made easy
124: <li>much simplified rule file language
125: <li>extended filtering capabilities
126: <li>control state table entries on a per-rule granularity
127: <li>support dynamic interface expansion. No more need to reload the ruleset
128: on IP changes.
129: </ul>
1.1 miod 130: <p>
131:
132: <li>A new tool,
1.21 jufi 133: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace</a>,
1.1 miod 134: for controlling in detail applications behaviour and rights at the system call
135: level.
1.7 jufi 136: <p>
1.1 miod 137:
138: <li>The system includes the following major components from outside suppliers:
139: <p>
140: <ul>
1.20 jufi 141: <li>XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
142: <li>gcc 2.95.3 (+ patches)
143: <li>perl 5.6.1 (+ patches)
144: <li>Apache 1.3.26, mod_ssl 2.8.10, DSO support
145: <li>OpenSSL 0.9.7beta3 (+ patches)
146: <li>groff 1.15
147: <li>sendmail 8.12.6
148: <li>lynx 2.8.2rel.1 with HTTPS support added
149: <li>sudo 1.6.6
150: <li>ncurses 5.2
151: <li>Latest KAME IPv6
152: <li>KTH Kerberos 1.0.8
153: <li>Heimdal 0.4e (+ patches)
154: <li>OpenSSH 3.5
1.1 miod 155: </ul>
156: <p>
157:
158: <li>Many improvements for security and reliability (look for the red
1.15 miod 159: print in the <a href="plus32.html">complete changelog</a>).
1.1 miod 160: <p>
161: </ul>
162:
163: <a name="install"></a>
164: <hr>
165: <p>
166: <h3><font color="#0000e0">How to install</font></h3>
167: <p>
168: Following this are the instructions which you would have on a piece of
169: paper if you had purchased a CDROM set instead of doing an alternate
170: form of install. The instructions for doing an ftp (or other style
171: of) install are very similar; the CDROM instructions are left intact
172: so that you can see how much easier it would have been if you had
173: purchased a CDROM instead.
174: <p>
175:
176: <hr>
177: Please refer to the following files on the three CDROMs for extensive
178: details on how to install OpenBSD 3.2 on your machine:
179: <p>
180: <ul>
1.20 jufi 181: <li> CD1:3.2/i386/INSTALL.i386
182: <li> CD1:3.2/alpha/INSTALL.alpha
1.1 miod 183: <p>
1.20 jufi 184: <li> CD2:3.2/macppc/INSTALL.macppc
185: <li> CD2:3.2/vax/INSTALL.vax
1.1 miod 186: <p>
1.20 jufi 187: <li> CD3:3.2/sparc/INSTALL.sparc
188: <li> CD3:3.2/sparc64/INSTALL.sparc64
1.1 miod 189: </ul>
190: <hr>
191:
192: <p>
193: Quick installer information for people familiar with OpenBSD, and the
194: use of the "disklabel -E" command. If you are at all confused when
195: installing OpenBSD, read the relevant INSTALL.* file as listed above!
196: <p>
197:
198: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
199: <ul>
200: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
201: release is on CD1. If your BIOS does not support booting from CD, you will need
202: to create a boot floppy to install from. To create a boot floppy write
1.3 jufi 203: <i>CD1:3.2/i386/floppy32.fs</i> to a floppy and boot via the floppy drive.
1.1 miod 204:
205: <p>
1.3 jufi 206: Use <i>CD1:3.2/i386/floppyB32.fs</i> instead for greater scsi controller
207: support, or <i>CD1:3.2/i386/floppyC32.fs</i> for better laptop support.
1.1 miod 208:
209: <p>
210: If you are planning on dual booting OpenBSD with another OS, you will need to read the included INSTALL.i386 document.
211:
212: <p>
213: To make a boot floppy under MS-DOS, use the "rawrite" utility located
1.21 jufi 214: at <i>CD:/3.2/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, use the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a> utility. The following is an example usage of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>, where the device could be "floppy", "rfd0c", or "rfd0a".
1.1 miod 215:
216: <ul><pre>
217: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
218: </pre></ul>
219:
220: <p>
221: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to <a href="faq/faq4.html#4.1">FAQ4.1</a>.
222: </ul>
223:
224: <p>
225: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
226: <ul>
227: At the SRM prompt, enter <i>boot -fi 3.2/alpha/bsd.rd dka6</i> where <i>dka6</i>
228: is the short name for the CDROM drive (you can check with <i>show dev</i>).
229:
1.3 jufi 230: <p>If you can't boot from CDROM, write <i>CD1:3.2/alpha/floppy32.fs</i> or
231: <i>CD1:3.2/alpha/floppyB32.fs</i> (depending on your machine) to a diskette and
1.1 miod 232: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
233:
234: <p>
235: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
236:
237: </ul>
238:
239: <p>
240: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
241: <ul>
242: Put the CD2 in your CDROM drive and poweron your machine while holding down the
243: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
244:
245: <p>
246: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
247: /3.2/macppc/bsd.rd</i>
248: </ul>
249:
250: <p>
251: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
252: <ul>
253: Boot over the network via mopbooting as described in INSTALL.vax.
254: </ul>
255:
256: <p>
257: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
258: <ul>
259: The 3.2 release of OpenBSD/sparc is located on CD3. To boot off of this CD you can use one of the two commands listed below, depending on the version of your ROM.
260:
261: <ul><pre>
262: > <strong>boot cdrom 3.2/sparc/bsd.rd</strong>
263: or
264: > <strong>b sd(0,6,0)3.2/sparc/bsd.rd</strong>
265: </pre></ul>
266:
267: <p>
268: If your sparc does not have a CD drive, you can alternatively boot from floppy.
1.3 jufi 269: To do so you need to write "CD3:3.2/sparc/floppy32.fs" to a floppy. For more information see <a href="faq/faq4.html#4.1">FAQ4.1</a>. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.
1.1 miod 270:
271: <ul><pre>
272: > <strong>boot floppy</strong>
273: or
274: > <strong>boot fd()</strong>
275: </pre></ul>
276:
277: <p>
278: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
279:
280: <p>
281: If your sparc doesn't have a floppy drive nor a CD drive, you can either
282: setup a bootable tape, or install via network, as told in the
283: INSTALL.sparc file.
284: </ul>
285:
286: <p>
287: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
288: <ul>
289: Put the CD3 in your CDROM drive and type <i>boot cdrom</i>.
290:
291: <p>
292: If this doesn't work, or if you don't have a CDROM drive, you can write
1.3 jufi 293: <i>CD3:3.2/sparc64/floppy32.fs</i> to a floppy and boot it with <i>boot
1.1 miod 294: floppy</i>.<br>
295: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
296:
297: <p>
1.4 henning 298: You can also write <i>CD3:3.2/sparc64/miniroot32.fs</i> to the swap partition on
1.1 miod 299: the disk and boot with <i>boot disk:b</i>.
300:
301: <p>
302: If nothing works, you can boot over the network as described in INSTALL.sparc64
303: </ul>
304:
305: <p>
306: <h3><font color="#e00000">Notes about the source code:</font></h3>
307: <ul>
308: src.tar.gz contains a source archive starting at /usr/src. This file
309: contains everything you need except for the kernel sources, which are
310: in a separate archive. To extract:
311: <p>
312: <ul><pre>
313: # <strong>mkdir -p /usr/src</strong>
314: # <strong>cd /usr/src</strong>
315: # <strong>tar xvfz /tmp/src.tar.gz</strong>
316: </pre></ul>
317: <p>
318: srcsys.tar.gz contains a source archive starting at /usr/src/sys.
319: This file contains all the kernel sources you need to rebuild kernels.
320: To extract:
321: <p>
322: <ul><pre>
323: # <strong>mkdir -p /usr/src/sys</strong>
324: # <strong>cd /usr/src</strong>
325: # <strong>tar xvfz /tmp/srcsys.tar.gz</strong>
326: </pre></ul>
327: <p>
328: Both of these trees are a regular CVS checkout. Using these trees it
329: is possible to get a head-start on using the anoncvs servers as
1.5 miod 330: described at <a href="anoncvs.html">http://www.OpenBSD.org/anoncvs.html</a>.
1.1 miod 331: Using these files
332: results in a much faster initial CVS update than you could expect from
333: a fresh checkout of the full OpenBSD source tree.
334: <p>
335: </ul>
336: <a name="ports"></a>
337: <hr>
338: <p>
339: <h3><font color="#0000e0">Ports Tree</font></h3>
340: <p>
341: A ports tree archive is also provided. To extract:
342: <p>
343: <ul><pre>
344: # <strong>cd /usr</strong>
345: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
346: # <strong>cd ports</strong>
347: </pre></ul>
348: <p>
349: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
350: read <a href="ports.html">http://www.OpenBSD.org/ports.html</a>
351: if you know nothing about ports
352: at this point. This text is not a manual of how to use ports.
353: Rather, it is a set of notes meant to kickstart the user on the
354: OpenBSD ports system.
355: <p>
356: Certainly, the OpenBSD ports system is not complete. It is doubtful it
357: will ever be. However, it is growing very fast and getting more stable.
358: Almost all ports provided with this release should build without problems
359: on most architectures (over 2000 packages build on i386, for instance).
360: <p>
361: The <i>ports/</i> directory represents a CVS (see the manpage for
1.21 jufi 362: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
1.1 miod 363: cvs(1)</a> if
364: you aren't familiar with CVS) checkout of our ports. As with our complete
365: source tree, our ports tree is available via anoncvs. So, in
366: order to keep current with it, you must make the <i>ports/</i> tree
367: available on a read-write medium and update the tree with a command
368: like:
369: <p>
370: <ul><pre>
1.18 brad 371: # <strong>cd [portsdir]/; cvs -d anoncvsserver.openbsd.org:/cvs update -Pd -rOPENBSD_3_2</strong>
1.1 miod 372: </pre></ul>
373: <p>
374: [Of course, you must replace the local directory and server name here
375: with the location of your ports collection and a nearby anoncvs
376: server.]
377: <p>
378: Note that most ports are available as packages through ftp. Updated
379: packages for the 3.2 release will be made available if problems arise.
380: <p>
381: If you're interested in seeing a port added, would like to help out, or just
382: would like to know more, the mailing list ports@openbsd.org is a good
383: place to know.
384: <p>
385:
386: <hr>
387: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
388: alt="OpenBSD"></a>
1.2 mpech 389: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.6 jufi 390: <br><small>
1.25 ! deraadt 391: $OpenBSD: 32.html,v 1.24 2004/03/04 06:37:25 david Exp $
1.6 jufi 392: </small>
1.1 miod 393:
394: </body>
395: </html>