File: [local] / www / 33.html (download) (as text)
Revision 1.52, Tue Jun 12 15:20:28 2018 UTC (5 years, 11 months ago) by tj
Branch: MAIN
Changes since 1.51: +2 -0 lines
remove openbsdstore links until their website issues can be resolved.
ok deraadt
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD 3.3</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="description" content="OpenBSD 3.3">
<meta name="copyright" content="This document copyright 2003 by OpenBSD.">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/33.html">
</head>
<body bgcolor="#ffffff" text="#000000" link="#24248E">
<h2>
<a href="index.html">
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
<font color="#e00000">3.3</font>
</h2>
<a href="images/Barbarian.gif">
<img align="left" width="255" height="343" hspace="24"
src="images/Barbarian.gif" alt="OpenBSD 3.3 logo"></a>
<p>
Released May 1, 2003<br>
Copyright 1997-2003, Theo de Raadt.<br>
<font color="#e00000">ISBN 0-9731791-1-2</font>
<br>
3.3 Song: <a href="lyrics.html#33">"Puff the Barbarian"</a>
<p>
<ul>
<!--
<li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
-->
<li>See the information on <a href="ftp.html">The FTP page</a> for
a list of mirror machines.
<li>Go to the <font color="#e00000">pub/OpenBSD/3.3/</font> directory on
one of the mirror sites.
<li>Have a look at <a href="errata33.html">The 3.3 Errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus33.html">detailed log of changes</a> between the
3.2 and 3.3 releases.
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via ports.tar.gz.
<br clear="all">
<hr>
<a name="new"></a>
<p>
<h3><font color="#0000e0">What's New</font></h3>
<p>
This is a partial list of new features and systems included in OpenBSD 3.3.
For a comprehensive list, see the <a href="plus33.html">changelog</a> leading
to 3.3.
<p>
<ul>
<li>Integration of the
<a href="http://www.research.ibm.com/trl/projects/security/ssp/">ProPolice</a>
stack protection technology, by Hiroaki Etoh, into the system
compiler. This protection is enabled by default. With this change,
function prologues are modified to rearrange the stack: a random
canary is placed before the return address, and buffer variables are
moved closer to the canary so that regular variables are below, and
harder to smash. The function epilogue then checks if the canary is
still intact. If it is not, the process is terminated. This change
makes it very hard for an attacker to modify the return address used
when returning from a function.
<p>
<li>W^X (pronounced: "W xor X") on architectures capable of
pure execute-bit support in the MMU (sparc, sparc64, alpha,
hppa). This is a fine-grained memory permissions layout, ensuring that
memory which can be written to by application programs can not be
executable at the same time and vice versa. This raises the bar on
potential buffer overflows and other attacks: as a result, an attacker
is unable to write code anywhere in memory where it can be executed.
(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current
already supports it on i386, and both these processors are expected to
support this change in 3.4).
<p>
<li>Still more reduction in setuid and setgid binaries, and more chroot
use throughout the system. While some programs are still setuid or
setgid, almost all of them grab a resource and then quickly revoke
privilege.
<p>
<li>The X window server and xconsole now use privilege separation,
for better security. Also, xterm has been modified to do privilege
revocation. xdm runs as a special user and group, to further constrain
what might go wrong.
<p>
<li>As usual, improvements to the documentation, notably the man pages and
the Web FAQ. An increasingly large part of the website is available in several
languages.
<p>
<li>More complete collection and better tested set of "ports".
setuid/setgid ports have been significantly reduced as well. Many of the
ones that remain setuid have been modified to revoke privileges as early
as possible.
<p>
<li>Over 2000 pre-built and tested packages.
<p>
<li>Significant improvements to the pthread library.
<p>
<li>An incredible amount of enhancements and stability improvements to
our packet filter, <a
href="https://man.openbsd.org/?query=pf&sektion=4">pf</a>,
including:
<ul>
<li>Queue, a bandwidth management system (uses altq underneath)
<li>Anchors, allowing subrulesets which can be loaded and modified independently
<li>Tables, a very efficient way for large address lists in rules
<li>Address pools, redirect/NAT to multiple addresses and thus load balancing
<li>Configuration language has been made much more flexible
<li>TCP window scaling support
<li>Full CIDR support
<li>Early checksum verification return on invalid packets
<li>Performance boost: large rulesets load much faster now
<li><a href="https://man.openbsd.org/?query=spamd">spamd</a>,
a spam deferral daemon, which SMTP connections can be redirected to.
This daemon handles connections based on black lists and white lists,
tar-pits the connections, and ensures that the spammer knows why their
mail has not been accepted.
</ul>
<p>
<li>Much improved <a href="sparc64.html">sparc64</a> support: support for
more models and several major bugs eradicated.
<p>
<li>The system includes the following major components from outside suppliers:
<ul>
<li>XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
<li>Gcc 2.95.3 (+ patches)
<li>Perl 5.8.0 (+ patches)
<li>Apache 1.3.27, mod_ssl 2.8.12, DSO support (+ patches)
<li>OpenSSL 0.9.7beta3 (+ patches)
<li>Groff 1.15
<li>Sendmail 8.12.9
<li>Bind 9.2.2 (+ patches)
<li>Lynx 2.8.2rel.1 with HTTPS support added (+ patches)
<li>Sudo 1.6.7
<li>Ncurses 5.2
<li>Latest KAME IPv6
<li>KTH Kerberos 1.1.1
<li>Heimdal 0.4e (+ patches)
<li>OpenSSH 3.6
</ul>
<p>
<li>Many improvements for security and reliability (look for the red
print in the <a href="plus33.html">complete changelog</a>).
<p>
<li> and much more.
</ul>
<a name="install"></a>
<hr>
<p>
<h3><font color="#0000e0">How to install</font></h3>
<p>
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an ftp (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.
<p>
<hr>
Please refer to the following files on the three CDROMs or ftp mirror for
extensive details on how to install OpenBSD 3.3 on your machine:
<p>
<ul>
<li> CD1:3.3/i386/INSTALL.i386
<p>
<li> CD2:3.3/macppc/INSTALL.macppc
<li> CD2:3.3/vax/INSTALL.vax
<p>
<li> CD3:3.3/sparc/INSTALL.sparc
<li> CD3:3.3/sparc64/INSTALL.sparc64
<p>
<li> FTP:.../OpenBSD/3.3/alpha/INSTALL.alpha
<li> FTP:.../OpenBSD/3.3/hp300/INSTALL.hp300
<li> FTP:.../OpenBSD/3.3/hppa/INSTALL.hppa
<li> FTP:.../OpenBSD/3.3/mac68k/INSTALL.mac68k
<li> FTP:.../OpenBSD/3.3/mvme68k/INSTALL.mvme68k
</ul>
<hr>
<p>
Quick installer information for people familiar with OpenBSD, and the
use of the "disklabel -E" command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!
<p>
<h3><font color="#e00000">OpenBSD/i386:</font></h3>
<ul>
Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
release is on CD1. If your BIOS does not support booting from CD, you will need
to create a boot floppy to install from. To create a boot floppy write
<i>CD1:3.3/i386/floppy33.fs</i> to a floppy and boot via the floppy drive.
<p>
Use <i>CD1:3.3/i386/floppyB33.fs</i> instead for greater scsi controller
support, or <i>CD1:3.3/i386/floppyC33.fs</i> for better laptop support.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to read the included INSTALL.i386 document.
<p>
To make a boot floppy under MS-DOS, use the "rawrite" utility located
at <i>CD:/3.3/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, use the <a href="https://man.openbsd.org/?query=dd&sektion=1">dd(1)</a> utility. The following is an example usage of <a href="https://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>, where the device could be "floppy", "rfd0c", or "rfd0a".
<ul><pre>
# <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
</pre></ul>
<p>
Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to <a href="faq/faq4.html#MkFlop">this page</a>.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/macppc:</font></h3>
<ul>
Put the CD2 in your CDROM drive and poweron your machine while holding down the
<i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/3.3/macppc/bsd.rd</i>
</ul>
<p>
<h3><font color="#e00000">OpenBSD/vax:</font></h3>
<ul>
Boot over the network via mopbooting as described in INSTALL.vax.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/sparc:</font></h3>
<ul>
The 3.3 release of OpenBSD/sparc is located on CD3. To boot off of this CD you can use one of the two commands listed below, depending on the version of your ROM.
<ul><pre>
> <strong>boot cdrom 3.3/sparc/bsd.rd</strong>
or
> <strong>b sd(0,6,0)3.3/sparc/bsd.rd</strong>
</pre></ul>
<p>
If your sparc does not have a CD drive, you can alternatively boot from floppy.
To do so you need to write "CD3:3.3/sparc/floppy33.fs" to a floppy. For more information see <a href="faq/faq4.html#MkFlop">this page</a>. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.
<ul><pre>
> <strong>boot floppy</strong>
or
> <strong>boot fd()</strong>
</pre></ul>
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
<p>
If your sparc doesn't have a floppy drive nor a CD drive, you can either
setup a bootable tape, or install via network, as told in the
INSTALL.sparc file.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
<ul>
Put the CD3 in your CDROM drive and type <i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>CD3:3.3/sparc64/floppy33.fs</i> to a floppy and boot it with <i>boot
floppy</i>.<br>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
<p>
You can also write <i>CD3:3.3/sparc64/miniroot33.fs</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64
</ul>
<p>
<h3><font color="#e00000">OpenBSD/alpha:</font></h3>
<ul>
<p>Write <i>FTP:3.3/alpha/floppy33.fs</i> or
<i>FTP:3.3/alpha/floppyB33.fs</i> (depending on your machine) to a diskette and
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/hp300:</font></h3>
<ul>
<p>
Boot over the network by following the instructions in INSTALL.hp300.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/hppa:</font></h3>
<ul>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#netboot">hppa platform page</a>.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/mac68k:</font></h3>
<ul>
<p>
Boot MacOS as normal and partition your disk with the appropriate A/UX
configurations. Then, extract the Macside utilities from
<i>FTP:3.3/mac68k/utils</i> onto your hard disk. Run Mkfs to create your
filesystems on the A/UX partitions you just made. Then, use the
"BSD/Mac68k Installer" to copy all the sets in <i>FTP:3.3/mac68k/</i> onto your
partitions. Finally, you will be ready to configure the "BSD/Mac68k
Booter" with the location of your kernel and boot the system.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
<ul>
<p>
You can create a bootable installation tape or boot over the network.<br>
The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
for more details.
</ul>
<p>
<h3><font color="#e00000">Notes about the source code:</font></h3>
<ul>
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
<p>
<ul><pre>
# <strong>mkdir -p /usr/src</strong>
# <strong>cd /usr/src</strong>
# <strong>tar xvfz /tmp/src.tar.gz</strong>
</pre></ul>
<p>
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<p>
<ul><pre>
# <strong>mkdir -p /usr/src/sys</strong>
# <strong>cd /usr/src</strong>
# <strong>tar xvfz /tmp/sys.tar.gz</strong>
</pre></ul>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
<p>
</ul>
<a name="ports"></a>
<hr>
<p>
<h3><font color="#0000e0">Ports Tree</font></h3>
<p>
A ports tree archive is also provided. To extract:
<p>
<ul><pre>
# <strong>cd /usr</strong>
# <strong>tar xvfz /tmp/ports.tar.gz</strong>
# <strong>cd ports</strong>
</pre></ul>
<p>
The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
read the <a href="faq/faq15.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
Certainly, the OpenBSD ports system is not complete. It is doubtful it
will ever be. However, it is growing very fast and getting more stable.
Almost all ports provided with this release should build without problems
on most architectures (over 2000 packages build on i386, for instance).
<p>
The <i>ports/</i> directory represents a CVS (see the manpage for
<a href="https://man.openbsd.org/?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
cvs(1)</a> if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via anoncvs. So, in
order to keep current with it, you must make the <i>ports/</i> tree
available on a read-write medium and update the tree with a command
like:
<p>
<ul><pre>
# <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_3_3</strong>
</pre></ul>
<p>
[Of course, you must replace the local directory and server name here
with the location of your ports collection and a nearby anoncvs
server.]
<p>
Note that most ports are available as packages through ftp. Updated
packages for the 3.3 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list ports@openbsd.org is a good
place to know.
<p>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to 33.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www