Annotation of www/32.html, Revision 1.33
1.20 jufi 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 miod 2: <html>
3: <head>
1.29 deraadt 4: <title>OpenBSD 3.2</title>
1.1 miod 5: <meta name="resource-type" content="document">
1.21 jufi 6: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.1 miod 7: <meta name="description" content="OpenBSD 3.2">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1999-2002 by OpenBSD.">
11: </head>
12:
1.24 david 13: <body bgcolor="#ffffff" text="#000000" link="#24248e">
1.1 miod 14:
1.17 jufi 15: <a href="index.html">
16: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
1.31 deraadt 17: <p>
1.1 miod 18:
1.29 deraadt 19: <a href="images/MrPond.gif">
20: <img align="left" width="255" height="323" hspace="24"
21: src="images/MrPond.gif" alt="MrPond.gif"></a>
22: <h2><font color="#0000e0">OpenBSD 3.2</font></h2>
1.1 miod 23: <p>
24: Released November 1, 2002<br>
25: Copyright 1997-2002, Theo de Raadt.<br>
26: <font color="#e00000">ISBN 0-9731791-0-4</font>
1.25 deraadt 27: <br>
28: <a href="lyrics.html#32">3.2 Song: "Goldflipper"</a>
1.1 miod 29: <p>
30: <ul>
1.17 jufi 31: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
1.1 miod 32: <li>See the information on <a href="ftp.html">The FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <font color="#e00000">pub/OpenBSD/3.2/</font> directory on
35: one of the mirror sites.
1.23 deraadt 36: <li>Have a look at <a href="errata32.html">The 3.2 Errata page</a> for a list
1.1 miod 37: of bugs and workarounds.
1.15 miod 38: <li>See a <a href="plus32.html">detailed log of changes</a> between the
1.1 miod 39: 3.1 and 3.2 releases.
40: </ul>
41: <br clear=all>
1.30 deraadt 42: <p>
1.29 deraadt 43: All applicable copyrights and credits can be found in the applicable
1.33 ! jsg 44: file sources found in the files src.tar.gz, srcsys.tar.gz,
! 45: XF4.tar.gz, or in the files fetched via ports.tar.gz. The
1.29 deraadt 46: distribution files used to build packages from the ports.tar.gz file
47: are not included on the CDROM because of lack of space.
1.1 miod 48: <p>
49:
50: <a name="new"></a>
51: <hr>
52: <p>
53: <h3><font color="#0000e0">What's New</font></h3>
54: <p>
55: This is a partial list of new features and systems included in OpenBSD 3.2.
1.15 miod 56: For a comprehensive list, see the <a href="plus32.html">changelog</a> leading
1.1 miod 57: to 3.2.
58: <p>
59:
60: <ul>
61: <li><a href="http://www.OpenSSH.com">OpenSSH</a> (supporting both the
1.2 mpech 62: SSH1 and SSH2 protocols) is now at version 3.5. Privilege separation is
1.1 miod 63: now enabled by default for greater robustness.
64: <p>
65:
1.12 deraadt 66: <li>Non-executable stack on i386, sparc, sparc64, alpha, powerpc.
67: No-exec data and bss on sparc, sparc64, and alpha. This makes some
68: classes of future potential buffer overflows unexploitable.
69: <p>
70:
71: <li>Apache runs chroot'd by default. To disable this, see the new <b>-u</b>
72: option.
73: <p>
74:
1.13 deraadt 75: <li>A very significant reduction in setuid binaries. Many of those binaries
76: which still retain setuid have been modified so the operations needing root
1.14 deraadt 77: are done early on, and then privilege is revoked immediately after that.
1.13 deraadt 78: <p>
79:
1.11 deraadt 80: <li>Asymmetric and symmetric hardware encryption support is now enabled by
1.10 deraadt 81: default, if you have such devices in your machine.
82: <p>
83:
1.1 miod 84: <li>As usual, improvements to the documentation, notably the man pages and
85: the Web FAQ. A larger part of the website is now available in several
86: languages.
87: <p>
88:
89: <li>More complete collection and better tested set of "ports".
1.16 pvalchev 90: setuid/setgid ports have been significantly reduced as well. Many of the
91: ones that remain setuid have been modified to revoke privileges as early
92: as possible.
1.1 miod 93: <p>
94:
1.16 pvalchev 95: <li>Over 1800 pre-built and tested packages.
1.1 miod 96: <p>
97:
98: <li>Better video and X11 support for the
99: <a href="sparc.html">OpenBSD/sparc</a>,
100: <a href="sparc64.html">OpenBSD/sparc64</a> and
101: <a href="alpha.html">OpenBSD/alpha</a> ports.
102: <p>
103:
104: <li>A lot of enhancements and stability improvements to our packet filter, <a
1.21 jufi 105: href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf</a>,
1.19 miod 106: including:
1.8 henning 107: <ul>
108: <li>new "antispoof" keyword: spoofing protection made easy
109: <li>much simplified rule file language
110: <li>extended filtering capabilities
111: <li>control state table entries on a per-rule granularity
112: <li>support dynamic interface expansion. No more need to reload the ruleset
113: on IP changes.
114: </ul>
1.1 miod 115: <p>
116:
117: <li>A new tool,
1.21 jufi 118: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace</a>,
1.1 miod 119: for controlling in detail applications behaviour and rights at the system call
120: level.
1.7 jufi 121: <p>
1.1 miod 122:
123: <li>The system includes the following major components from outside suppliers:
124: <p>
125: <ul>
1.20 jufi 126: <li>XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
127: <li>gcc 2.95.3 (+ patches)
128: <li>perl 5.6.1 (+ patches)
129: <li>Apache 1.3.26, mod_ssl 2.8.10, DSO support
130: <li>OpenSSL 0.9.7beta3 (+ patches)
131: <li>groff 1.15
132: <li>sendmail 8.12.6
133: <li>lynx 2.8.2rel.1 with HTTPS support added
134: <li>sudo 1.6.6
135: <li>ncurses 5.2
136: <li>Latest KAME IPv6
137: <li>KTH Kerberos 1.0.8
138: <li>Heimdal 0.4e (+ patches)
139: <li>OpenSSH 3.5
1.1 miod 140: </ul>
141: <p>
142:
143: <li>Many improvements for security and reliability (look for the red
1.15 miod 144: print in the <a href="plus32.html">complete changelog</a>).
1.1 miod 145: <p>
146: </ul>
147:
148: <a name="install"></a>
149: <hr>
150: <p>
151: <h3><font color="#0000e0">How to install</font></h3>
152: <p>
153: Following this are the instructions which you would have on a piece of
154: paper if you had purchased a CDROM set instead of doing an alternate
155: form of install. The instructions for doing an ftp (or other style
156: of) install are very similar; the CDROM instructions are left intact
157: so that you can see how much easier it would have been if you had
158: purchased a CDROM instead.
159: <p>
160:
161: <hr>
162: Please refer to the following files on the three CDROMs for extensive
163: details on how to install OpenBSD 3.2 on your machine:
164: <p>
165: <ul>
1.20 jufi 166: <li> CD1:3.2/i386/INSTALL.i386
167: <li> CD1:3.2/alpha/INSTALL.alpha
1.1 miod 168: <p>
1.20 jufi 169: <li> CD2:3.2/macppc/INSTALL.macppc
170: <li> CD2:3.2/vax/INSTALL.vax
1.1 miod 171: <p>
1.20 jufi 172: <li> CD3:3.2/sparc/INSTALL.sparc
173: <li> CD3:3.2/sparc64/INSTALL.sparc64
1.1 miod 174: </ul>
175: <hr>
176:
177: <p>
178: Quick installer information for people familiar with OpenBSD, and the
179: use of the "disklabel -E" command. If you are at all confused when
180: installing OpenBSD, read the relevant INSTALL.* file as listed above!
181: <p>
182:
183: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
184: <ul>
185: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
186: release is on CD1. If your BIOS does not support booting from CD, you will need
187: to create a boot floppy to install from. To create a boot floppy write
1.3 jufi 188: <i>CD1:3.2/i386/floppy32.fs</i> to a floppy and boot via the floppy drive.
1.1 miod 189:
190: <p>
1.3 jufi 191: Use <i>CD1:3.2/i386/floppyB32.fs</i> instead for greater scsi controller
192: support, or <i>CD1:3.2/i386/floppyC32.fs</i> for better laptop support.
1.1 miod 193:
194: <p>
195: If you are planning on dual booting OpenBSD with another OS, you will need to read the included INSTALL.i386 document.
196:
197: <p>
198: To make a boot floppy under MS-DOS, use the "rawrite" utility located
1.21 jufi 199: at <i>CD:/3.2/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, use the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a> utility. The following is an example usage of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>, where the device could be "floppy", "rfd0c", or "rfd0a".
1.1 miod 200:
201: <ul><pre>
202: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
203: </pre></ul>
204:
205: <p>
206: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to <a href="faq/faq4.html#4.1">FAQ4.1</a>.
207: </ul>
208:
209: <p>
210: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
211: <ul>
212: At the SRM prompt, enter <i>boot -fi 3.2/alpha/bsd.rd dka6</i> where <i>dka6</i>
213: is the short name for the CDROM drive (you can check with <i>show dev</i>).
214:
1.3 jufi 215: <p>If you can't boot from CDROM, write <i>CD1:3.2/alpha/floppy32.fs</i> or
216: <i>CD1:3.2/alpha/floppyB32.fs</i> (depending on your machine) to a diskette and
1.1 miod 217: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
218:
219: <p>
220: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
221:
222: </ul>
223:
224: <p>
225: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
226: <ul>
227: Put the CD2 in your CDROM drive and poweron your machine while holding down the
228: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
229:
230: <p>
231: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
232: /3.2/macppc/bsd.rd</i>
233: </ul>
234:
235: <p>
236: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
237: <ul>
238: Boot over the network via mopbooting as described in INSTALL.vax.
239: </ul>
240:
241: <p>
242: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
243: <ul>
244: The 3.2 release of OpenBSD/sparc is located on CD3. To boot off of this CD you can use one of the two commands listed below, depending on the version of your ROM.
245:
246: <ul><pre>
247: > <strong>boot cdrom 3.2/sparc/bsd.rd</strong>
248: or
249: > <strong>b sd(0,6,0)3.2/sparc/bsd.rd</strong>
250: </pre></ul>
251:
252: <p>
253: If your sparc does not have a CD drive, you can alternatively boot from floppy.
1.3 jufi 254: To do so you need to write "CD3:3.2/sparc/floppy32.fs" to a floppy. For more information see <a href="faq/faq4.html#4.1">FAQ4.1</a>. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.
1.1 miod 255:
256: <ul><pre>
257: > <strong>boot floppy</strong>
258: or
259: > <strong>boot fd()</strong>
260: </pre></ul>
261:
262: <p>
263: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
264:
265: <p>
266: If your sparc doesn't have a floppy drive nor a CD drive, you can either
267: setup a bootable tape, or install via network, as told in the
268: INSTALL.sparc file.
269: </ul>
270:
271: <p>
272: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
273: <ul>
274: Put the CD3 in your CDROM drive and type <i>boot cdrom</i>.
275:
276: <p>
277: If this doesn't work, or if you don't have a CDROM drive, you can write
1.3 jufi 278: <i>CD3:3.2/sparc64/floppy32.fs</i> to a floppy and boot it with <i>boot
1.1 miod 279: floppy</i>.<br>
280: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
281:
282: <p>
1.4 henning 283: You can also write <i>CD3:3.2/sparc64/miniroot32.fs</i> to the swap partition on
1.1 miod 284: the disk and boot with <i>boot disk:b</i>.
285:
286: <p>
287: If nothing works, you can boot over the network as described in INSTALL.sparc64
288: </ul>
289:
290: <p>
291: <h3><font color="#e00000">Notes about the source code:</font></h3>
292: <ul>
293: src.tar.gz contains a source archive starting at /usr/src. This file
294: contains everything you need except for the kernel sources, which are
295: in a separate archive. To extract:
296: <p>
297: <ul><pre>
298: # <strong>mkdir -p /usr/src</strong>
299: # <strong>cd /usr/src</strong>
300: # <strong>tar xvfz /tmp/src.tar.gz</strong>
301: </pre></ul>
302: <p>
303: srcsys.tar.gz contains a source archive starting at /usr/src/sys.
304: This file contains all the kernel sources you need to rebuild kernels.
305: To extract:
306: <p>
307: <ul><pre>
308: # <strong>mkdir -p /usr/src/sys</strong>
309: # <strong>cd /usr/src</strong>
310: # <strong>tar xvfz /tmp/srcsys.tar.gz</strong>
311: </pre></ul>
312: <p>
313: Both of these trees are a regular CVS checkout. Using these trees it
314: is possible to get a head-start on using the anoncvs servers as
1.5 miod 315: described at <a href="anoncvs.html">http://www.OpenBSD.org/anoncvs.html</a>.
1.1 miod 316: Using these files
317: results in a much faster initial CVS update than you could expect from
318: a fresh checkout of the full OpenBSD source tree.
319: <p>
320: </ul>
321: <a name="ports"></a>
322: <hr>
323: <p>
324: <h3><font color="#0000e0">Ports Tree</font></h3>
325: <p>
326: A ports tree archive is also provided. To extract:
327: <p>
328: <ul><pre>
329: # <strong>cd /usr</strong>
330: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
331: # <strong>cd ports</strong>
332: </pre></ul>
333: <p>
334: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
1.27 jasper 335: read <a href="faq/faq15.html">http://www.OpenBSD.org/faq/faq15.html</a>
1.1 miod 336: if you know nothing about ports
337: at this point. This text is not a manual of how to use ports.
338: Rather, it is a set of notes meant to kickstart the user on the
339: OpenBSD ports system.
340: <p>
341: Certainly, the OpenBSD ports system is not complete. It is doubtful it
342: will ever be. However, it is growing very fast and getting more stable.
343: Almost all ports provided with this release should build without problems
344: on most architectures (over 2000 packages build on i386, for instance).
345: <p>
346: The <i>ports/</i> directory represents a CVS (see the manpage for
1.21 jufi 347: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
1.1 miod 348: cvs(1)</a> if
349: you aren't familiar with CVS) checkout of our ports. As with our complete
350: source tree, our ports tree is available via anoncvs. So, in
351: order to keep current with it, you must make the <i>ports/</i> tree
352: available on a read-write medium and update the tree with a command
353: like:
354: <p>
355: <ul><pre>
1.26 deraadt 356: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_3_2</strong>
1.1 miod 357: </pre></ul>
358: <p>
359: [Of course, you must replace the local directory and server name here
360: with the location of your ports collection and a nearby anoncvs
361: server.]
362: <p>
363: Note that most ports are available as packages through ftp. Updated
364: packages for the 3.2 release will be made available if problems arise.
365: <p>
366: If you're interested in seeing a port added, would like to help out, or just
367: would like to know more, the mailing list ports@openbsd.org is a good
368: place to know.
369: <p>
370:
371: </body>
372: </html>