Annotation of www/32.html, Revision 1.54
1.48 bentley 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
1.29 deraadt 5: <title>OpenBSD 3.2</title>
1.1 miod 6: <meta name="description" content="OpenBSD 3.2">
1.40 tb 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.43 tb 9: <link rel="canonical" href="https://www.openbsd.org/32.html">
1.1 miod 10:
1.48 bentley 11: <h2 id=OpenBSD>
1.17 jufi 12: <a href="index.html">
1.48 bentley 13: <i>Open</i><b>BSD</b></a>
14: 3.2
1.40 tb 15: </h2>
1.1 miod 16:
1.48 bentley 17: <table>
18: <tr>
19: <td>
1.29 deraadt 20: <a href="images/MrPond.gif">
1.48 bentley 21: <img width="255" height="323" src="images/MrPond.gif" alt="MrPond"></a>
22: <td>
1.1 miod 23: Released November 1, 2002<br>
24: Copyright 1997-2002, Theo de Raadt.<br>
1.48 bentley 25: <cite class=isbn>ISBN 0-9731791-0-4</cite>
1.25 deraadt 26: <br>
1.37 deraadt 27: 3.2 Song: <a href="lyrics.html#32">"Goldflipper"</a>
1.47 deraadt 28: <br>
29: <br>
1.1 miod 30: <ul>
1.52 deraadt 31: <li>See the information on <a href="ftp.html">the FTP page</a> for
1.1 miod 32: a list of mirror machines.
1.48 bentley 33: <li>Go to the <code class=reldir>pub/OpenBSD/3.2/</code> directory on
1.1 miod 34: one of the mirror sites.
1.23 deraadt 35: <li>Have a look at <a href="errata32.html">The 3.2 Errata page</a> for a list
1.1 miod 36: of bugs and workarounds.
1.15 miod 37: <li>See a <a href="plus32.html">detailed log of changes</a> between the
1.1 miod 38: 3.1 and 3.2 releases.
39: </ul>
1.41 tb 40: <p>
1.40 tb 41: All applicable copyrights and credits are in the src.tar.gz,
42: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
1.51 deraadt 43: files fetched via <code>ports.tar.gz</code>.
1.48 bentley 44: </table>
1.1 miod 45:
1.40 tb 46: <hr>
1.48 bentley 47:
48: <section id=new>
49: <h3>What's New</h3>
1.1 miod 50: <p>
1.40 tb 51: This is a partial list of new features and systems included in OpenBSD 3.2.
1.15 miod 52: For a comprehensive list, see the <a href="plus32.html">changelog</a> leading
1.1 miod 53: to 3.2.
54: <p>
55:
56: <ul>
1.44 tb 57: <li><a href="https://www.OpenSSH.com">OpenSSH</a> (supporting both the
1.2 mpech 58: SSH1 and SSH2 protocols) is now at version 3.5. Privilege separation is
1.1 miod 59: now enabled by default for greater robustness.
60: <p>
61:
1.12 deraadt 62: <li>Non-executable stack on i386, sparc, sparc64, alpha, powerpc.
63: No-exec data and bss on sparc, sparc64, and alpha. This makes some
64: classes of future potential buffer overflows unexploitable.
65: <p>
66:
67: <li>Apache runs chroot'd by default. To disable this, see the new <b>-u</b>
68: option.
69: <p>
70:
1.13 deraadt 71: <li>A very significant reduction in setuid binaries. Many of those binaries
72: which still retain setuid have been modified so the operations needing root
1.14 deraadt 73: are done early on, and then privilege is revoked immediately after that.
1.13 deraadt 74: <p>
75:
1.11 deraadt 76: <li>Asymmetric and symmetric hardware encryption support is now enabled by
1.10 deraadt 77: default, if you have such devices in your machine.
78: <p>
79:
1.1 miod 80: <li>As usual, improvements to the documentation, notably the man pages and
81: the Web FAQ. A larger part of the website is now available in several
82: languages.
83: <p>
84:
85: <li>More complete collection and better tested set of "ports".
1.16 pvalchev 86: setuid/setgid ports have been significantly reduced as well. Many of the
87: ones that remain setuid have been modified to revoke privileges as early
88: as possible.
1.1 miod 89: <p>
90:
1.16 pvalchev 91: <li>Over 1800 pre-built and tested packages.
1.1 miod 92: <p>
93:
94: <li>Better video and X11 support for the
95: <a href="sparc.html">OpenBSD/sparc</a>,
96: <a href="sparc64.html">OpenBSD/sparc64</a> and
97: <a href="alpha.html">OpenBSD/alpha</a> ports.
98: <p>
99:
100: <li>A lot of enhancements and stability improvements to our packet filter, <a
1.48 bentley 101: href="https://man.openbsd.org/pf.4">pf</a>,
1.19 miod 102: including:
1.8 henning 103: <ul>
104: <li>new "antispoof" keyword: spoofing protection made easy
105: <li>much simplified rule file language
106: <li>extended filtering capabilities
107: <li>control state table entries on a per-rule granularity
108: <li>support dynamic interface expansion. No more need to reload the ruleset
109: on IP changes.
110: </ul>
1.1 miod 111: <p>
112:
113: <li>A new tool,
1.48 bentley 114: <a href="https://man.openbsd.org/systrace.4">systrace</a>,
1.1 miod 115: for controlling in detail applications behaviour and rights at the system call
116: level.
1.7 jufi 117: <p>
1.1 miod 118:
119: <li>The system includes the following major components from outside suppliers:
120: <p>
121: <ul>
1.20 jufi 122: <li>XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
123: <li>gcc 2.95.3 (+ patches)
124: <li>perl 5.6.1 (+ patches)
125: <li>Apache 1.3.26, mod_ssl 2.8.10, DSO support
126: <li>OpenSSL 0.9.7beta3 (+ patches)
127: <li>groff 1.15
128: <li>sendmail 8.12.6
129: <li>lynx 2.8.2rel.1 with HTTPS support added
130: <li>sudo 1.6.6
131: <li>ncurses 5.2
132: <li>Latest KAME IPv6
133: <li>KTH Kerberos 1.0.8
134: <li>Heimdal 0.4e (+ patches)
135: <li>OpenSSH 3.5
1.1 miod 136: </ul>
137: <p>
138:
139: <li>Many improvements for security and reliability (look for the red
1.15 miod 140: print in the <a href="plus32.html">complete changelog</a>).
1.1 miod 141: <p>
142: </ul>
1.48 bentley 143: </section>
1.1 miod 144:
145: <hr>
1.48 bentley 146:
147: <section id=install>
148: <h3>How to install</h3>
1.1 miod 149: <p>
150: Following this are the instructions which you would have on a piece of
151: paper if you had purchased a CDROM set instead of doing an alternate
152: form of install. The instructions for doing an ftp (or other style
153: of) install are very similar; the CDROM instructions are left intact
154: so that you can see how much easier it would have been if you had
155: purchased a CDROM instead.
156: <p>
157:
158: <hr>
159: Please refer to the following files on the three CDROMs for extensive
160: details on how to install OpenBSD 3.2 on your machine:
161: <p>
162: <ul>
1.49 deraadt 163: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.2/i386/INSTALL.i386">
164: .../OpenBSD/3.2/i386/INSTALL.i386 (on CD1)</a>
165: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.2/alpha/INSTALL.alpha">
166: .../OpenBSD/3.2/alpha/INSTALL.alpha (on CD1)</a>
167: <p>
168: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.2/macppc/INSTALL.macppc">
169: .../OpenBSD/3.2/macppc/INSTALL.macppc (on CD2)</a>
170: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.2/vax/INSTALL.vax">
171: .../OpenBSD/3.2/vax/INSTALL.vax (on CD2)</a>
172: <p>
173: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.2/sparc/INSTALL.sparc">
174: .../OpenBSD/3.2/sparc/INSTALL.sparc (on CD3)</a>
175: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.2/sparc64/INSTALL.sparc64">
176: .../OpenBSD/3.2/sparc64/INSTALL.sparc64 (on CD3)</a>
1.1 miod 177: </ul>
1.49 deraadt 178: </section>
179:
1.1 miod 180: <hr>
181:
1.48 bentley 182: <section id=quickinstall>
183:
1.1 miod 184: <p>
185: Quick installer information for people familiar with OpenBSD, and the
186: use of the "disklabel -E" command. If you are at all confused when
187: installing OpenBSD, read the relevant INSTALL.* file as listed above!
1.48 bentley 188:
189: <h3>OpenBSD/i386:</h3>
190:
1.1 miod 191: <p>
192: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
193: release is on CD1. If your BIOS does not support booting from CD, you will need
194: to create a boot floppy to install from. To create a boot floppy write
1.3 jufi 195: <i>CD1:3.2/i386/floppy32.fs</i> to a floppy and boot via the floppy drive.
1.1 miod 196:
197: <p>
1.3 jufi 198: Use <i>CD1:3.2/i386/floppyB32.fs</i> instead for greater scsi controller
199: support, or <i>CD1:3.2/i386/floppyC32.fs</i> for better laptop support.
1.1 miod 200:
201: <p>
202: If you are planning on dual booting OpenBSD with another OS, you will need to read the included INSTALL.i386 document.
203:
204: <p>
205: To make a boot floppy under MS-DOS, use the "rawrite" utility located
1.48 bentley 206: at <i>CD:/3.2/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, use the <a href="https://man.openbsd.org/dd.1">dd(1)</a> utility. The following is an example usage of <a href="https://man.openbsd.org/dd.1">dd(1)</a>, where the device could be "floppy", "rfd0c", or "rfd0a".
1.1 miod 207:
1.48 bentley 208: <blockquote><pre>
1.49 deraadt 209: # <kbd>dd if=<file> of=/dev/<device> bs=32k</kbd>
1.48 bentley 210: </pre></blockquote>
1.1 miod 211:
212: <p>
1.42 tj 213: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to <a href="faq/faq4.html#4.1">this page</a>.
1.48 bentley 214:
215: <h3>OpenBSD/alpha:</h3>
1.1 miod 216:
217: <p>
218: At the SRM prompt, enter <i>boot -fi 3.2/alpha/bsd.rd dka6</i> where <i>dka6</i>
219: is the short name for the CDROM drive (you can check with <i>show dev</i>).
220:
1.48 bentley 221: <p>
222: If you can't boot from CDROM, write <i>CD1:3.2/alpha/floppy32.fs</i> or
1.3 jufi 223: <i>CD1:3.2/alpha/floppyB32.fs</i> (depending on your machine) to a diskette and
1.1 miod 224: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
225:
226: <p>
227: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
228:
1.48 bentley 229: <h3>OpenBSD/macppc:</h3>
1.1 miod 230:
231: <p>
232: Put the CD2 in your CDROM drive and poweron your machine while holding down the
233: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
234:
235: <p>
236: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
237: /3.2/macppc/bsd.rd</i>
1.48 bentley 238:
239: <h3>OpenBSD/vax:</h3>
1.1 miod 240:
241: <p>
242: Boot over the network via mopbooting as described in INSTALL.vax.
1.48 bentley 243:
244: <h3>OpenBSD/sparc:</h3>
1.1 miod 245:
246: <p>
247: The 3.2 release of OpenBSD/sparc is located on CD3. To boot off of this CD you can use one of the two commands listed below, depending on the version of your ROM.
248:
1.48 bentley 249: <blockquote><pre>
250: > <kbd>boot cdrom 3.2/sparc/bsd.rd</kbd>
1.1 miod 251: or
1.48 bentley 252: > <kbd>b sd(0,6,0)3.2/sparc/bsd.rd</kbd>
253: </pre></blockquote>
1.1 miod 254:
255: <p>
256: If your sparc does not have a CD drive, you can alternatively boot from floppy.
1.42 tj 257: To do so you need to write "CD3:3.2/sparc/floppy32.fs" to a floppy. For more information see <a href="faq/faq4.html#4.1">this page</a>. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.
1.1 miod 258:
1.48 bentley 259: <blockquote><pre>
260: > <kbd>boot floppy</kbd>
1.1 miod 261: or
1.49 deraadt 262: > <kbd>boot fd()</kbd>
1.48 bentley 263: </pre></blockquote>
1.1 miod 264:
265: <p>
266: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
267:
268: <p>
269: If your sparc doesn't have a floppy drive nor a CD drive, you can either
270: setup a bootable tape, or install via network, as told in the
271: INSTALL.sparc file.
1.48 bentley 272:
273: <h3>OpenBSD/sparc64:</h3>
1.1 miod 274:
275: <p>
276: Put the CD3 in your CDROM drive and type <i>boot cdrom</i>.
277:
278: <p>
279: If this doesn't work, or if you don't have a CDROM drive, you can write
1.3 jufi 280: <i>CD3:3.2/sparc64/floppy32.fs</i> to a floppy and boot it with <i>boot
1.1 miod 281: floppy</i>.<br>
282: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
283:
284: <p>
1.4 henning 285: You can also write <i>CD3:3.2/sparc64/miniroot32.fs</i> to the swap partition on
1.1 miod 286: the disk and boot with <i>boot disk:b</i>.
287:
288: <p>
289: If nothing works, you can boot over the network as described in INSTALL.sparc64
1.49 deraadt 290: </section>
1.48 bentley 291:
1.49 deraadt 292: <hr>
1.48 bentley 293:
294: <section id=sourcecode>
1.49 deraadt 295: <h3>Notes about the source code</h3>
1.1 miod 296: <p>
1.51 deraadt 297: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
298: This file contains everything you need except for the kernel sources, which are
1.1 miod 299: in a separate archive. To extract:
1.48 bentley 300: <blockquote><pre>
301: # <kbd>mkdir -p /usr/src</kbd>
302: # <kbd>cd /usr/src</kbd>
303: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
304: </pre></blockquote>
1.1 miod 305: <p>
1.51 deraadt 306: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1.1 miod 307: This file contains all the kernel sources you need to rebuild kernels.
308: To extract:
1.48 bentley 309: <blockquote><pre>
310: # <kbd>mkdir -p /usr/src/sys</kbd>
311: # <kbd>cd /usr/src</kbd>
312: # <kbd>tar xvfz /tmp/srcsys.tar.gz</kbd>
313: </pre></blockquote>
1.1 miod 314: <p>
315: Both of these trees are a regular CVS checkout. Using these trees it
316: is possible to get a head-start on using the anoncvs servers as
1.49 deraadt 317: described <a href="anoncvs.html">here</a>.
1.1 miod 318: Using these files
319: results in a much faster initial CVS update than you could expect from
320: a fresh checkout of the full OpenBSD source tree.
1.48 bentley 321: </section>
322:
1.1 miod 323: <hr>
1.48 bentley 324:
325: <section id=ports>
326: <h3>Ports Tree</h3>
1.1 miod 327: <p>
328: A ports tree archive is also provided. To extract:
1.48 bentley 329: <blockquote><pre>
330: # <kbd>cd /usr</kbd>
331: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
332: </pre></blockquote>
1.1 miod 333: <p>
334: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
1.50 bentley 335: read <a href="faq/faq15.html">https://www.OpenBSD.org/faq/faq15.html</a>
1.1 miod 336: if you know nothing about ports
337: at this point. This text is not a manual of how to use ports.
338: Rather, it is a set of notes meant to kickstart the user on the
339: OpenBSD ports system.
340: <p>
341: Certainly, the OpenBSD ports system is not complete. It is doubtful it
342: will ever be. However, it is growing very fast and getting more stable.
343: Almost all ports provided with this release should build without problems
344: on most architectures (over 2000 packages build on i386, for instance).
345: <p>
1.40 tb 346: The <i>ports/</i> directory represents a CVS (see the manpage for
1.50 bentley 347: <a href="https://man.openbsd.org/cvs.1">cvs(1)</a> if
1.40 tb 348: you aren't familiar with CVS) checkout of our ports. As with our complete
1.1 miod 349: source tree, our ports tree is available via anoncvs. So, in
350: order to keep current with it, you must make the <i>ports/</i> tree
351: available on a read-write medium and update the tree with a command
352: like:
1.48 bentley 353: <blockquote><pre>
1.49 deraadt 354: # <kbd>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_3_2</kbd>
1.48 bentley 355: </pre></blockquote>
1.1 miod 356: <p>
357: [Of course, you must replace the local directory and server name here
358: with the location of your ports collection and a nearby anoncvs
359: server.]
360: <p>
1.49 deraadt 361: Note that most ports are available as packages on our mirrors. Updated
1.1 miod 362: packages for the 3.2 release will be made available if problems arise.
363: <p>
364: If you're interested in seeing a port added, would like to help out, or just
1.49 deraadt 365: would like to know more, the mailing list
366: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1.48 bentley 367: </section>