Annotation of www/32.html, Revision 1.40
1.20 jufi 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 miod 2: <html>
3: <head>
1.29 deraadt 4: <title>OpenBSD 3.2</title>
1.21 jufi 5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.1 miod 6: <meta name="description" content="OpenBSD 3.2">
7: <meta name="copyright" content="This document copyright 1999-2002 by OpenBSD.">
1.40 ! tb 8: <meta name="viewport" content="width=device-width, initial-scale=1">
! 9: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.35 sthen 10: <link rel="canonical" href="http://www.openbsd.org/32.html">
1.1 miod 11: </head>
12:
1.24 david 13: <body bgcolor="#ffffff" text="#000000" link="#24248e">
1.1 miod 14:
1.40 ! tb 15: <h2>
1.17 jufi 16: <a href="index.html">
1.40 ! tb 17: <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
! 18: <font color="#e00000">3.2</font>
! 19: </h2>
1.1 miod 20:
1.29 deraadt 21: <a href="images/MrPond.gif">
22: <img align="left" width="255" height="323" hspace="24"
23: src="images/MrPond.gif" alt="MrPond.gif"></a>
1.1 miod 24: <p>
25: Released November 1, 2002<br>
26: Copyright 1997-2002, Theo de Raadt.<br>
27: <font color="#e00000">ISBN 0-9731791-0-4</font>
1.25 deraadt 28: <br>
1.37 deraadt 29: 3.2 Song: <a href="lyrics.html#32">"Goldflipper"</a>
1.1 miod 30: <p>
31: <ul>
1.34 deraadt 32: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
1.1 miod 33: <li>See the information on <a href="ftp.html">The FTP page</a> for
34: a list of mirror machines.
35: <li>Go to the <font color="#e00000">pub/OpenBSD/3.2/</font> directory on
36: one of the mirror sites.
1.23 deraadt 37: <li>Have a look at <a href="errata32.html">The 3.2 Errata page</a> for a list
1.1 miod 38: of bugs and workarounds.
1.15 miod 39: <li>See a <a href="plus32.html">detailed log of changes</a> between the
1.1 miod 40: 3.1 and 3.2 releases.
41: </ul>
1.40 ! tb 42: All applicable copyrights and credits are in the src.tar.gz,
! 43: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
! 44: files fetched via ports.tar.gz.
! 45: <br clear="all">
1.1 miod 46:
1.40 ! tb 47: <hr>
1.1 miod 48: <a name="new"></a>
49: <p>
50: <h3><font color="#0000e0">What's New</font></h3>
51: <p>
1.40 ! tb 52: This is a partial list of new features and systems included in OpenBSD 3.2.
1.15 miod 53: For a comprehensive list, see the <a href="plus32.html">changelog</a> leading
1.1 miod 54: to 3.2.
55: <p>
56:
57: <ul>
58: <li><a href="http://www.OpenSSH.com">OpenSSH</a> (supporting both the
1.2 mpech 59: SSH1 and SSH2 protocols) is now at version 3.5. Privilege separation is
1.1 miod 60: now enabled by default for greater robustness.
61: <p>
62:
1.12 deraadt 63: <li>Non-executable stack on i386, sparc, sparc64, alpha, powerpc.
64: No-exec data and bss on sparc, sparc64, and alpha. This makes some
65: classes of future potential buffer overflows unexploitable.
66: <p>
67:
68: <li>Apache runs chroot'd by default. To disable this, see the new <b>-u</b>
69: option.
70: <p>
71:
1.13 deraadt 72: <li>A very significant reduction in setuid binaries. Many of those binaries
73: which still retain setuid have been modified so the operations needing root
1.14 deraadt 74: are done early on, and then privilege is revoked immediately after that.
1.13 deraadt 75: <p>
76:
1.11 deraadt 77: <li>Asymmetric and symmetric hardware encryption support is now enabled by
1.10 deraadt 78: default, if you have such devices in your machine.
79: <p>
80:
1.1 miod 81: <li>As usual, improvements to the documentation, notably the man pages and
82: the Web FAQ. A larger part of the website is now available in several
83: languages.
84: <p>
85:
86: <li>More complete collection and better tested set of "ports".
1.16 pvalchev 87: setuid/setgid ports have been significantly reduced as well. Many of the
88: ones that remain setuid have been modified to revoke privileges as early
89: as possible.
1.1 miod 90: <p>
91:
1.16 pvalchev 92: <li>Over 1800 pre-built and tested packages.
1.1 miod 93: <p>
94:
95: <li>Better video and X11 support for the
96: <a href="sparc.html">OpenBSD/sparc</a>,
97: <a href="sparc64.html">OpenBSD/sparc64</a> and
98: <a href="alpha.html">OpenBSD/alpha</a> ports.
99: <p>
100:
101: <li>A lot of enhancements and stability improvements to our packet filter, <a
1.39 sthen 102: href="http://man.openbsd.org/?query=pf&sektion=4">pf</a>,
1.19 miod 103: including:
1.8 henning 104: <ul>
105: <li>new "antispoof" keyword: spoofing protection made easy
106: <li>much simplified rule file language
107: <li>extended filtering capabilities
108: <li>control state table entries on a per-rule granularity
109: <li>support dynamic interface expansion. No more need to reload the ruleset
110: on IP changes.
111: </ul>
1.1 miod 112: <p>
113:
114: <li>A new tool,
1.39 sthen 115: <a href="http://man.openbsd.org/?query=systrace&sektion=4">systrace</a>,
1.1 miod 116: for controlling in detail applications behaviour and rights at the system call
117: level.
1.7 jufi 118: <p>
1.1 miod 119:
120: <li>The system includes the following major components from outside suppliers:
121: <p>
122: <ul>
1.20 jufi 123: <li>XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
124: <li>gcc 2.95.3 (+ patches)
125: <li>perl 5.6.1 (+ patches)
126: <li>Apache 1.3.26, mod_ssl 2.8.10, DSO support
127: <li>OpenSSL 0.9.7beta3 (+ patches)
128: <li>groff 1.15
129: <li>sendmail 8.12.6
130: <li>lynx 2.8.2rel.1 with HTTPS support added
131: <li>sudo 1.6.6
132: <li>ncurses 5.2
133: <li>Latest KAME IPv6
134: <li>KTH Kerberos 1.0.8
135: <li>Heimdal 0.4e (+ patches)
136: <li>OpenSSH 3.5
1.1 miod 137: </ul>
138: <p>
139:
140: <li>Many improvements for security and reliability (look for the red
1.15 miod 141: print in the <a href="plus32.html">complete changelog</a>).
1.1 miod 142: <p>
143: </ul>
144:
145: <a name="install"></a>
146: <hr>
147: <p>
148: <h3><font color="#0000e0">How to install</font></h3>
149: <p>
150: Following this are the instructions which you would have on a piece of
151: paper if you had purchased a CDROM set instead of doing an alternate
152: form of install. The instructions for doing an ftp (or other style
153: of) install are very similar; the CDROM instructions are left intact
154: so that you can see how much easier it would have been if you had
155: purchased a CDROM instead.
156: <p>
157:
158: <hr>
159: Please refer to the following files on the three CDROMs for extensive
160: details on how to install OpenBSD 3.2 on your machine:
161: <p>
162: <ul>
1.20 jufi 163: <li> CD1:3.2/i386/INSTALL.i386
164: <li> CD1:3.2/alpha/INSTALL.alpha
1.1 miod 165: <p>
1.20 jufi 166: <li> CD2:3.2/macppc/INSTALL.macppc
167: <li> CD2:3.2/vax/INSTALL.vax
1.1 miod 168: <p>
1.20 jufi 169: <li> CD3:3.2/sparc/INSTALL.sparc
170: <li> CD3:3.2/sparc64/INSTALL.sparc64
1.1 miod 171: </ul>
172: <hr>
173:
174: <p>
175: Quick installer information for people familiar with OpenBSD, and the
176: use of the "disklabel -E" command. If you are at all confused when
177: installing OpenBSD, read the relevant INSTALL.* file as listed above!
178: <p>
179:
180: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
181: <ul>
182: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
183: release is on CD1. If your BIOS does not support booting from CD, you will need
184: to create a boot floppy to install from. To create a boot floppy write
1.3 jufi 185: <i>CD1:3.2/i386/floppy32.fs</i> to a floppy and boot via the floppy drive.
1.1 miod 186:
187: <p>
1.3 jufi 188: Use <i>CD1:3.2/i386/floppyB32.fs</i> instead for greater scsi controller
189: support, or <i>CD1:3.2/i386/floppyC32.fs</i> for better laptop support.
1.1 miod 190:
191: <p>
192: If you are planning on dual booting OpenBSD with another OS, you will need to read the included INSTALL.i386 document.
193:
194: <p>
195: To make a boot floppy under MS-DOS, use the "rawrite" utility located
1.39 sthen 196: at <i>CD:/3.2/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, use the <a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a> utility. The following is an example usage of <a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>, where the device could be "floppy", "rfd0c", or "rfd0a".
1.1 miod 197:
198: <ul><pre>
199: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
200: </pre></ul>
201:
202: <p>
203: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to <a href="faq/faq4.html#4.1">FAQ4.1</a>.
204: </ul>
205:
206: <p>
207: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
208: <ul>
209: At the SRM prompt, enter <i>boot -fi 3.2/alpha/bsd.rd dka6</i> where <i>dka6</i>
210: is the short name for the CDROM drive (you can check with <i>show dev</i>).
211:
1.3 jufi 212: <p>If you can't boot from CDROM, write <i>CD1:3.2/alpha/floppy32.fs</i> or
213: <i>CD1:3.2/alpha/floppyB32.fs</i> (depending on your machine) to a diskette and
1.1 miod 214: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
215:
216: <p>
217: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
218:
219: </ul>
220:
221: <p>
222: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
223: <ul>
224: Put the CD2 in your CDROM drive and poweron your machine while holding down the
225: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
226:
227: <p>
228: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
229: /3.2/macppc/bsd.rd</i>
230: </ul>
231:
232: <p>
233: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
234: <ul>
235: Boot over the network via mopbooting as described in INSTALL.vax.
236: </ul>
237:
238: <p>
239: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
240: <ul>
241: The 3.2 release of OpenBSD/sparc is located on CD3. To boot off of this CD you can use one of the two commands listed below, depending on the version of your ROM.
242:
243: <ul><pre>
244: > <strong>boot cdrom 3.2/sparc/bsd.rd</strong>
245: or
246: > <strong>b sd(0,6,0)3.2/sparc/bsd.rd</strong>
247: </pre></ul>
248:
249: <p>
250: If your sparc does not have a CD drive, you can alternatively boot from floppy.
1.3 jufi 251: To do so you need to write "CD3:3.2/sparc/floppy32.fs" to a floppy. For more information see <a href="faq/faq4.html#4.1">FAQ4.1</a>. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.
1.1 miod 252:
253: <ul><pre>
254: > <strong>boot floppy</strong>
255: or
256: > <strong>boot fd()</strong>
257: </pre></ul>
258:
259: <p>
260: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
261:
262: <p>
263: If your sparc doesn't have a floppy drive nor a CD drive, you can either
264: setup a bootable tape, or install via network, as told in the
265: INSTALL.sparc file.
266: </ul>
267:
268: <p>
269: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
270: <ul>
271: Put the CD3 in your CDROM drive and type <i>boot cdrom</i>.
272:
273: <p>
274: If this doesn't work, or if you don't have a CDROM drive, you can write
1.3 jufi 275: <i>CD3:3.2/sparc64/floppy32.fs</i> to a floppy and boot it with <i>boot
1.1 miod 276: floppy</i>.<br>
277: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
278:
279: <p>
1.4 henning 280: You can also write <i>CD3:3.2/sparc64/miniroot32.fs</i> to the swap partition on
1.1 miod 281: the disk and boot with <i>boot disk:b</i>.
282:
283: <p>
284: If nothing works, you can boot over the network as described in INSTALL.sparc64
285: </ul>
286:
287: <p>
288: <h3><font color="#e00000">Notes about the source code:</font></h3>
289: <ul>
290: src.tar.gz contains a source archive starting at /usr/src. This file
291: contains everything you need except for the kernel sources, which are
292: in a separate archive. To extract:
293: <p>
294: <ul><pre>
295: # <strong>mkdir -p /usr/src</strong>
296: # <strong>cd /usr/src</strong>
297: # <strong>tar xvfz /tmp/src.tar.gz</strong>
298: </pre></ul>
299: <p>
300: srcsys.tar.gz contains a source archive starting at /usr/src/sys.
301: This file contains all the kernel sources you need to rebuild kernels.
302: To extract:
303: <p>
304: <ul><pre>
305: # <strong>mkdir -p /usr/src/sys</strong>
306: # <strong>cd /usr/src</strong>
307: # <strong>tar xvfz /tmp/srcsys.tar.gz</strong>
308: </pre></ul>
309: <p>
310: Both of these trees are a regular CVS checkout. Using these trees it
311: is possible to get a head-start on using the anoncvs servers as
1.5 miod 312: described at <a href="anoncvs.html">http://www.OpenBSD.org/anoncvs.html</a>.
1.1 miod 313: Using these files
314: results in a much faster initial CVS update than you could expect from
315: a fresh checkout of the full OpenBSD source tree.
316: <p>
317: </ul>
318: <a name="ports"></a>
319: <hr>
320: <p>
321: <h3><font color="#0000e0">Ports Tree</font></h3>
322: <p>
323: A ports tree archive is also provided. To extract:
324: <p>
325: <ul><pre>
326: # <strong>cd /usr</strong>
327: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
328: # <strong>cd ports</strong>
329: </pre></ul>
330: <p>
331: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
1.27 jasper 332: read <a href="faq/faq15.html">http://www.OpenBSD.org/faq/faq15.html</a>
1.1 miod 333: if you know nothing about ports
334: at this point. This text is not a manual of how to use ports.
335: Rather, it is a set of notes meant to kickstart the user on the
336: OpenBSD ports system.
337: <p>
338: Certainly, the OpenBSD ports system is not complete. It is doubtful it
339: will ever be. However, it is growing very fast and getting more stable.
340: Almost all ports provided with this release should build without problems
341: on most architectures (over 2000 packages build on i386, for instance).
342: <p>
1.40 ! tb 343: The <i>ports/</i> directory represents a CVS (see the manpage for
1.39 sthen 344: <a href="http://man.openbsd.org/?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
1.40 ! tb 345: cvs(1)</a> if
! 346: you aren't familiar with CVS) checkout of our ports. As with our complete
1.1 miod 347: source tree, our ports tree is available via anoncvs. So, in
348: order to keep current with it, you must make the <i>ports/</i> tree
349: available on a read-write medium and update the tree with a command
350: like:
351: <p>
352: <ul><pre>
1.26 deraadt 353: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_3_2</strong>
1.1 miod 354: </pre></ul>
355: <p>
356: [Of course, you must replace the local directory and server name here
357: with the location of your ports collection and a nearby anoncvs
358: server.]
359: <p>
360: Note that most ports are available as packages through ftp. Updated
361: packages for the 3.2 release will be made available if problems arise.
362: <p>
363: If you're interested in seeing a port added, would like to help out, or just
364: would like to know more, the mailing list ports@openbsd.org is a good
365: place to know.
366: <p>
367:
368: </body>
369: </html>