Annotation of www/40.html, Revision 1.105
1.1 david 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
1.92 deraadt 4: <title>OpenBSD 4.0</title>
1.1 david 5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 4.0">
7: <meta name="copyright" content="This document copyright 2006 by OpenBSD.">
1.103 tj 8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.105 ! tb 10: <link rel="canonical" href="https://www.openbsd.org/40.html">
1.1 david 11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
1.103 tj 15: <h2>
1.1 david 16: <a href="index.html">
1.103 tj 17: <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
18: <font color="#e00000">4.0</font>
19: </h2>
1.94 deraadt 20: <p>
1.1 david 21:
1.46 deraadt 22: <a href="images/Pufferix.jpg">
1.92 deraadt 23: <img align="left" width="227" height="343" hspace="24"
1.46 deraadt 24: src="images/Pufferix.jpg" alt="OpenBSD 4.0 logo"></a>
1.87 jasper 25: Released Nov 1, 2006<br>
1.1 david 26: Copyright 1997-2006, Theo de Raadt.<br>
1.71 david 27: <font color="#e00000">ISBN 0-9731791-8-X</font>
1.1 david 28: <br>
1.100 deraadt 29: 4.0 Song: <a href="lyrics.html#40">"Humppa Negala"</a>
1.1 david 30: <p>
31: <ul>
1.97 deraadt 32: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
1.1 david 33: <li>See the information on <a href="ftp.html">The FTP page</a> for
34: a list of mirror machines.
35: <li>Go to the <font color="#e00000">pub/OpenBSD/4.0/</font> directory on
36: one of the mirror sites.
1.88 deraadt 37: <li>Have a look at <a href="errata40.html">The 4.0 Errata page</a> for a list
1.1 david 38: of bugs and workarounds.
1.86 deraadt 39: <li>See a <a href="plus40.html">detailed log of changes</a> between the
1.1 david 40: 3.9 and 4.0 releases.
41: </ul>
1.103 tj 42: <p>
43: All applicable copyrights and credits are in the src.tar.gz,
44: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
45: files fetched via ports.tar.gz.
1.1 david 46: <br clear=all>
1.103 tj 47:
48: <hr>
1.1 david 49:
50: <a name="new"></a>
51: <p>
52: <h3><font color="#0000e0">What's New</font></h3>
53: <p>
54: This is a partial list of new features and systems included in OpenBSD 4.0.
1.86 deraadt 55: For a comprehensive list, see the <a href="plus40.html">changelog</a> leading
1.1 david 56: to 4.0.
57: <p>
58:
59: <ul>
60:
1.66 deraadt 61: <li>New/extended platforms:
1.11 jsg 62: <ul>
63: <li><a href="armish.html">OpenBSD/armish</a>.<br>
1.66 deraadt 64: Various ARM-based appliances, using the Redboot boot loader, currently
65: only supporting the Thecus N2100 and IOData HDL-G.
66: <li><a href="sparc64.html">OpenBSD/sparc64</a>.<br>
67: UltraSPARC III based machines are now supported!
68: <li><a href="zaurus.html">OpenBSD/zaurus</a>.<br>
69: Support for the Zaurus SL-C3200.
1.11 jsg 70: </ul>
71: <p>
72:
1.1 david 73: <li>Improved hardware support, including:
74: <ul>
1.102 sthen 75: <li>New <a href="http://man.openbsd.org/?query=msk&sektion=4">msk(4)</a> driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.
76: <li>New <a href="http://man.openbsd.org/?query=bnx&sektion=4">bnx(4)</a> driver for Broadcom NetXtreme II Gigabit Ethernet.
77: <li>New <a href="http://man.openbsd.org/?query=xge&sektion=4">xge(4)</a> driver for Neterion Xframe/Xframe II 10Gb Ethernet.
78: <li>New <a href="http://man.openbsd.org/?query=rum&sektion=4">rum(4)</a> driver for Ralink Technology 2nd gen USB IEEE 802.11a/b/g wireless.
79: <li>New <a href="http://man.openbsd.org/?query=acx&sektion=4">acx(4)</a> driver for Texas Instruments ACX100/ACX111 IEEE 802.11a/b/g wireless.
80: <li>New <a href="http://man.openbsd.org/?query=pgt&sektion=4">pgt(4)</a> driver for Connexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless.
81: <li>New <a href="http://man.openbsd.org/?query=uath&sektion=4">uath(4)</a> driver for Atheros USB IEEE 802.11a/b/g wireless.
82: <li>New binary blob free <a href="http://man.openbsd.org/?query=wpi&sektion=4">wpi(4)</a> driver for Intel PRO/Wireless 3945ABG IEEE 802.11a/b/g wireless.
83: <li>New <a href="http://man.openbsd.org/?query=arc&sektion=4">arc(4)</a> driver for Areca Technology Corporation SATA RAID; including RAID management via <a href="http://man.openbsd.org/?query=bio&sektion=4">bio(4)</a>.
84: <li>New <a href="http://man.openbsd.org/?query=mfi&sektion=4">mfi(4)</a> driver for LSI Logic & Dell MegaRAID SAS RAID; including RAID management via <a href="http://man.openbsd.org/?query=bio&sektion=4">bio(4)</a>.
85: <li>New <a href="http://man.openbsd.org/?query=azalia&sektion=4">azalia(4)</a> driver for generic High Definition Audio.
86: <li>New SD/MMC/SDIO drivers (<a href="http://man.openbsd.org/?query=sdhc&sektion=4">sdhc(4)</a>, <a href="http://man.openbsd.org/?query=sdmmc&sektion=4">sdmmc(4)</a>), currently supporting SD memory cards as fake SCSI <a href="http://man.openbsd.org/?query=sd&sektion=4">sd(4)</a> drives.
87: <li>New <a href="http://man.openbsd.org/?query=udcf&sektion=4">udcf(4)</a> driver for Gude ADS Expert mouseCLOCK DCF77/HBG time signal station receivers.
88: <li>New <a href="http://man.openbsd.org/?query=uslcom&sektion=4">uslcom(4)</a> driver for Silicon Laboratories CP2101/CP2102 based USB serial adapters.
89: <li>New <a href="http://man.openbsd.org/?query=ucycom&sektion=4">ucycom(4)</a> driver for Cypress microcontroller based USB serial adapters.
90: <li>New <a href="http://man.openbsd.org/?query=uark&sektion=4">uark(4)</a> driver for Arkmicro Technologies ARK3116 based USB serial adapters.
91: <li>New <a href="http://man.openbsd.org/?query=umsm&sektion=4">umsm(4)</a> driver for Qualcomm MSM EVDO based modems.
1.21 jsg 92: <li>New Dallas/Maxim 1-Wire bus support, including:
93: <ul>
1.102 sthen 94: <li>New <a href="http://man.openbsd.org/?query=gpioow&sektion=4">gpioow(4)</a> driver for 1-Wire bus bit-banging through GPIO pin
95: <li>New <a href="http://man.openbsd.org/?query=onewire&sektion=4">onewire(4)</a> 1-Wire bus driver
96: <li>New <a href="http://man.openbsd.org/?query=owid&sektion=4">owid(4)</a> 1-Wire ID family driver
97: <li>New <a href="http://man.openbsd.org/?query=owtemp&sektion=4">owtemp(4)</a> 1-Wire temperature family driver
1.21 jsg 98: </ul>
1.102 sthen 99: <li>New <a href="http://man.openbsd.org/?query=isagpio&sektion=4">isagpio(4)</a> driver for ISA I/O mapped as GPIO.
100: <li>New <a href="http://man.openbsd.org/?query=nmea&sektion=4">nmea(4)</a>
1.49 mbalmer 101: line discipline for NMEA 0183 (GPS) devices. The new
1.102 sthen 102: <a href="http://man.openbsd.org/?query=nmeaattach&sektion=8">nmeaattach(8)</a>
1.49 mbalmer 103: utility can be used to receive NMEA 0183 data and provide the time
104: received as a timedelta sensor to be used by, for example,
1.102 sthen 105: <a href="http://man.openbsd.org/?query=ntpd&sektion=8">ntpd(8)</a>.
1.37 jsg 106: <li>New VAX framebuffer drivers:
107: <ul>
1.102 sthen 108: <li>New <a href="http://man.openbsd.org/?query=lcg&sektion=4&arch=vax">lcg(4)</a> driver for VAXstation 4000/60 and VLC color frame buffers
109: <li>New <a href="http://man.openbsd.org/?query=lcspx&sektion=4&arch=vax">lcspx(4)</a> driver for Low-Cost SPX color frame buffers
110: <li>New <a href="http://man.openbsd.org/?query=gpx&sektion=4&arch=vax">gpx(4)</a> driver for GPX color frame buffers
111: <li><a href="http://man.openbsd.org/?query=smg&sektion=4&arch=vax">smg(4)</a> driver for Small Monochrome Graphics frame buffers heavily updated to be a modern <a href="http://man.openbsd.org/?query=wscons&sektion=4">wscons(4)</a> driver
1.37 jsg 112: </ul>
1.52 miod 113: <li>Support for VAX-based Digital VXT2000 and VXT2000+ terminals.
1.102 sthen 114: <li>The <a href="http://man.openbsd.org/?query=bge&sektion=4">bge(4)</a> driver supporting newer chipsets, such as the Broadcom BCM5754, BCM5755, BCM5786, and BCM5787.
115: <li>The <a href="http://man.openbsd.org/?query=em&sektion=4">em(4)</a> driver supporting newer chipsets, such as the Intel ESB2 and ICH8.
116: <li>The <a href="http://man.openbsd.org/?query=nfe&sektion=4">nfe(4)</a> driver supporting newer chipsets, such as the NVIDIA MCP61 and MCP65.
117: <li>The <a href="http://man.openbsd.org/?query=re&sektion=4">re(4)</a> driver supporting newer chipsets, such as the Realtek RT8101E, RT8168, and RT8169SC.
118: <li>The <a href="http://man.openbsd.org/?query=dc&sektion=4">dc(4)</a> driver supporting newer chipsets, such as the ADMtek ADM9511 and ADM9513.
119: <li>The <a href="http://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a> driver supporting newer chipsets, such as:
1.6 brad 120: <ul>
1.38 jsg 121: <li>ATI IXP300 SATA, IXP600 IDE
122: <li>Intel 6321ESB IDE/SATA, 82801G SATA, and 82801H SATA
123: <li>IT Express IT8211F IDE
124: <li>NVIDIA MCP61 SATA, MCP65 SATA
1.6 brad 125: <li>Promise PDC205xx SATA
126: <li>ServerWorks SATA
1.38 jsg 127: <li>VIA VT8237A SATA
1.6 brad 128: </ul>
1.102 sthen 129: <li>The <a href="http://man.openbsd.org/?query=mpt&sektion=4">mpt(4)</a> driver has been replaced with <a href="http://man.openbsd.org/?query=mpi&sektion=4">mpi(4)</a>, a more stable driver that supports more hardware.
130: <li>The <a href="http://man.openbsd.org/?query=com&sektion=4">com(4)</a> driver now supports pcmcia and cardbus cards on macppc.
1.30 niallo 131: <li>Working interrupt routing on Sun Netra t1 105, Ultra 60 and possibly other <a href="sparc64.html">sparc64</a> systems.
132: <li>Work around broken VIA and NVIDIA MPBIOSes, fixes interrupt routing with GENERIC.MP on several systems.
1.102 sthen 133: <li>Initial <a href="http://man.openbsd.org/?query=bio&sektion=4">bio(4)</a> support for Compaq/HP <a href="http://man.openbsd.org/?query=ciss&sektion=4">ciss(4)</a> Smart ARRAY 5/6 SAS/SCSI RAID controllers.
1.61 deraadt 134: <li>Improved speed control on some systems:
135: <ul>
1.84 gwk 136: <li>New SpeedStep detection code, also adds support for VIA C7-M, and several newer Pentium M's.
137: <li>Support SpeedStep in rudimentary fashion on most unknown CPU's that advertise the feature.
1.61 deraadt 138: <li>Zaurus can be moved into slower speeds now too.
1.84 gwk 139: <li>The Pentium 4 Thermal Clock Control driver now supports more CPU's including the Intel Pentium M and Xeon, and provides an estimated performance impact.
140: <li>Numerous improvements to PowerNow K7 and K8 support on i386, and support for K8 was added to amd64.
1.61 deraadt 141: </ul>
142: <li>Support for Intel 945G/GM video chipsets (on i386).</li>
1.68 kettenis 143: <li>Support for additional I2C sensors:
144: <ul>
1.102 sthen 145: <li>The <a href="http://man.openbsd.org/?query=adt&sektion=4">adt(4)</a> driver now supports the National Semiconductor LM9600, SMSC EMC6D10x and SMSC SCH5017 chips.
146: <li>The <a href="http://man.openbsd.org/?query=admtemp&sektion=4">admtemp(4)</a> driver now supports the Analog Devices ADM1023, Genesys Logic GL523SM and Global Mixed-mode Technology G781 chips.
1.68 kettenis 147: </ul>
1.1 david 148: </ul>
149: <p>
150:
151: <li>New tools:
152: <ul>
1.102 sthen 153: <li>GNU RCS has been replaced with <a href="http://man.openbsd.org/?query=rcs&sektion=1">OpenRCS</a>.
1.1 david 154: </ul>
155: <p>
156:
157: <li>New functionality:
158: <ul>
1.102 sthen 159: <li><a href="http://man.openbsd.org/?query=ipsec&sektion=4">IPsec</a>
1.83 ray 160: has been greatly improved:
1.75 ray 161: <ul>
1.102 sthen 162: <li><a href="http://man.openbsd.org/?query=ipsecctl&sektion=8">ipsecctl(8)</a>
1.74 ray 163: has been greatly extended and completely supersedes ipsecadm(8):
164: <ul>
1.83 ray 165: <li>Lots of documentation improvements (man
1.102 sthen 166: <a href="http://man.openbsd.org/?query=ipsec.conf&sektion=5">ipsec.conf</a>)
1.74 ray 167: <li>IPv6 support
168: <li>AH support
169: <li>Transport mode support
1.76 ray 170: <li>Dynamic IKE support for roaming users
1.74 ray 171: <li>USER_FQDN id support
172: </ul>
1.102 sthen 173: <li><a href="http://man.openbsd.org/?query=sasyncd&sektion=8">sasyncd(8)</a>
1.83 ray 174: works much better:
175: <ul>
176: <li>communicates with
1.102 sthen 177: <a href="http://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>,
1.83 ray 178: telling it to run active or passive depending on the master/slave state of the
1.102 sthen 179: <a href="http://man.openbsd.org/?query=carp&sektion=4">carp(4)</a>
1.83 ray 180: interfaces. This makes
1.102 sthen 181: <a href="http://man.openbsd.org/?query=ipsec&sektion=4">IPsec</a>
1.83 ray 182: failover setups much more robust.
183: <li>looks at the
1.102 sthen 184: <a href="http://man.openbsd.org/?query=carp&sektion=4">carp(4)</a>
1.83 ray 185: interface group by default to suppress preemption of
1.102 sthen 186: <a href="http://man.openbsd.org/?query=ipsec&sektion=4">IPsec</a>
1.83 ray 187: traffic during system boot.
188: </ul>
1.102 sthen 189: <li><a href="http://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>
1.75 ray 190: can now be safely configured by
1.102 sthen 191: <a href="http://man.openbsd.org/?query=ipsecctl&sektion=8">ipsecctl(8)</a>
1.75 ray 192: on startup.
193: </ul>
1.102 sthen 194: <li><a href="http://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> now supports HTTPS.
195: <li><a href="http://man.openbsd.org/?query=cdio&sektion=1">cdio(1)</a> can now perform track-at-once burning and rewritable blanking.
1.29 niallo 196: <li>spppcontrol(8) and wicontrol(8) functionality has been merged into
1.102 sthen 197: <a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a>.
1.16 steven 198: <li>gcc(1) provides a new warning, -Wstack-larger-than-N, to report functions
199: which are too greedy in stack variables, see
1.102 sthen 200: <a href="http://man.openbsd.org/?query=gcc-local&sektion=1">gcc-local(1)</a> for details.
201: <li>An in-kernel <a href="http://man.openbsd.org/?query=getcwd&sektion=3">getcwd(3)</a> implementation.
202: <li>A new system call <a href="http://man.openbsd.org/?query=adjfreq&sektion=2">adjfreq(2)</a>
203: to allow <a href="http://man.openbsd.org/?query=ntpd&sektion=8">ntpd(8)</a>
1.12 otto 204: to adjust the tick rate of the system clock automatically.
1.37 jsg 205: <li>Support for X11 on VAX has been added
1.102 sthen 206: <li>Virtual Allocation Table (VAT) support for <a href="http://man.openbsd.org/?query=mount_udf&sektion=8">UDF</a>.
1.16 steven 207: <li>C99 functions
1.102 sthen 208: <a href="http://man.openbsd.org/?query=round&sektion=3">round(3)</a>,
209: <a href="http://man.openbsd.org/?query=roundf&sektion=3">roundf(3)</a>,
210: <a href="http://man.openbsd.org/?query=trunc&sektion=3">trunc(3)</a>, and
211: <a href="http://man.openbsd.org/?query=truncf&sektion=3">truncf(3)</a>
1.16 steven 212: have been added to libm, the math library.
1.102 sthen 213: <li><a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>
1.34 djm 214: now supports Unicast Reverse Path Forwarding (uRPF) checks for simplified
1.35 aanriot 215: ingress filtering.
1.102 sthen 216: <li><a href="http://man.openbsd.org/?query=bpf&sektion=4">bpf(4)</a>
1.34 djm 217: can now ignore packets based on their direction (inbound/outbound) using the
1.35 aanriot 218: BIOCSDIRFILT ioctl.
1.102 sthen 219: <li><a href="http://man.openbsd.org/?query=pdisk&sektion=8&arch=mac68k">pdisk(8)</a>
1.36 martin 220: can now set up slices on HFS(DPME) partitioned disks on mac68k.
1.58 stevesk 221: <li>New dissectors have been added to
1.102 sthen 222: <a href="http://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a>:
1.55 reyk 223: <ul>
1.56 reyk 224: <li>Cisco's VQP (VLAN Query Protocol)
225: <li>IEEE 802.1AB LLDP (Link Layer Discovery Protocol)
1.55 reyk 226: </ul>
1.102 sthen 227: <li><a href="http://man.openbsd.org/?query=trunk&sektion=4">trunk(4)</a> now
1.55 reyk 228: supports the new loadbalance mode to balance outgoing traffic based on hashed protocol header
229: information.
1.102 sthen 230: <li><a href="http://man.openbsd.org/?query=bioctl&sektion=8">bioctl(8)</a> has been extended to provide runtime information on rebuilds, scrubs and initialization.
1.78 david 231: <li>New sysctls to check the system vendor, product, version, serial number, and UUID.
1.65 claudio 232: <li>Equal cost multipath routing support. Needs to be enabled by a sysctl.
1.67 drahn 233: <li>Prebind, a secure implementation of prelinking, has been added to
1.102 sthen 234: <a href="http://man.openbsd.org/?query=ldconfig&sektion=8" >ldconfig(8)</a>,
1.67 drahn 235: it speeds up launching of shared binaries. Prebind is compatible with
1.77 ray 236: address space randomization, unlike prelink.
1.102 sthen 237: <li><a href="http://man.openbsd.org/?query=vnconfig&sektion=8">vnconfig(8)</a> can now use PKCS #5 PBKDF2 to create a more secure key when using encryption.
1.1 david 238: </ul>
239: <p>
240:
241: <li>Assorted improvements and code cleanup:
242: <ul>
1.13 otto 243: <li>Much better time keeping for multiprocessor <a href="i386.html">OpenBSD/i386</a>
244: systems.
1.102 sthen 245: <li>Much improved implementation of <a href="http://man.openbsd.org/?query=telldir&sektion=3">telldir(3)</a>
1.13 otto 246: and friends.
1.53 ray 247: <li>Replacement of many
1.102 sthen 248: <a href="http://man.openbsd.org/?query=malloc&sektion=3">malloc(3)</a>
1.34 djm 249: calls that follow a pattern prone to integer overflow with safer constructs.
1.44 mpf 250: <li>Improved failover handling in
1.102 sthen 251: <a href="http://man.openbsd.org/?query=carp&sektion=4">carp(4)</a>:
1.44 mpf 252: <ul>
253: <li>Extend the carp protocol with the demotion counter to act smarter on multiple failures.
254: <li>Group failovers now work without carp running preempt mode.
255: <li>Demotion can now be controlled via interface groups.
256: </ul>
1.54 krw 257: <li>
1.102 sthen 258: <a href="http://man.openbsd.org/?query=chio&sektion=1">chio(1)</a>
1.54 krw 259: is now a useful tool for controlling tape changers.
260: <li>Much improved
1.102 sthen 261: <a href="http://man.openbsd.org/?query=st&sektion=4">st(4)</a>
1.54 krw 262: device setup, tape handling and error processing.
263: <li>Many
1.102 sthen 264: <a href="http://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a>
1.54 krw 265: fixes, including 'alias' handling and improved interface initialization.
266: <li>
1.102 sthen 267: <a href="http://man.openbsd.org/?query=scsi&sektion=4">scsi(4)</a>
1.54 krw 268: devices detect the correct SCSI version.
269: <li>More
1.102 sthen 270: <a href="http://man.openbsd.org/?query=umass&sektion=4">umass(4)</a>
1.54 krw 271: devices properly detected.
272: <li>Improved detection of fibre channel devices and devices in SCSI enclosures.
1.102 sthen 273: <li>The new RSSI header has been added to the <a href="http://man.openbsd.org/?query=ieee80211_radiotap&sektion=9">ieee80211_radiotap(9)</a>
1.56 reyk 274: framework as a replacement for ANTSIGNAL headers.
1.73 ray 275: <li>Many integer type safety cleanups with
1.102 sthen 276: <a href="http://man.openbsd.org/?query=lint&sektion=1">lint(1)</a>.
1.54 krw 277: </ul>
278: <p>
279:
280: <li>Install/Upgrade process changes
281: <ul>
282: <li>Host specific site files add easy customization for individual hosts
283: <li>X Window aperture support, where available, now defaults to off
1.1 david 284: </ul>
285: <p>
286:
1.56 reyk 287: <li>New functionality for
1.102 sthen 288: <a href="http://man.openbsd.org/?query=hostapd&sektion=8">hostapd(8)</a>,
1.56 reyk 289: the Host Access Point Daemon:
290: <ul>
291: <li>IP based roaming to build wireless networks without the requirement
292: of a single broadcast domain.
293: <li>New event rules to match optional elements of radiotap headers:
294: signal percentage, transmit rate and channel frequency.
295: <li>Various bug fixes and improvements.
296: </ul>
297: <p>
298:
1.1 david 299: <li>OpenSSH 4.4:
300: <ul>
1.40 dtucker 301: <li>Conditional configuration in <a href=
1.102 sthen 302: "http://man.openbsd.org/?query=sshd_config&sektion=5"
1.40 dtucker 303: >sshd_config(5)</a> using the <b>Match</b> directive. This allows some
304: configuration options to be selectively overridden if specific criteria
305: (based on user, group, hostname and/or address) are met.
306: <li>Add support for Diffie-Hellman group exchange key agreement with a
307: final hash of SHA256.
308: <li>Added a <b>ForceCommand</b> directive to <a href=
1.102 sthen 309: "http://man.openbsd.org/?query=sshd_config&sektion=5"
1.40 dtucker 310: >sshd_config(5)</a>, similar to the command="..." option in
311: ~/.ssh/authorized_keys.
312: <li>Added a <b>PermitOpen</b> directive to <a href=
1.102 sthen 313: "http://man.openbsd.org/?query=sshd_config&sektion=5"
1.40 dtucker 314: >sshd_config(5)</a>, similar to the permitopen="..." option in
315: authorized_keys, to allow control over the port-forwardings that a
316: user is allowed to establish.
317: <li>Added an <b>ExitOnForwardFailure</b> option to cause ssh(1) to exit (with
318: a non-zero exit code) when requested port forwardings could not be
319: established.
320: <li>Added optional logging of transactions to <a href=
1.102 sthen 321: "http://man.openbsd.org/?query=sftp-server&sektion=8"
1.40 dtucker 322: >sftp-server(8)</a>.
1.102 sthen 323: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1"
1.40 dtucker 324: >ssh(1)</a> will now record port numbers for hosts stored in
325: ~/.ssh/authorized_keys when a non-standard port has been requested.
326: <li>Extended the <a href=
1.102 sthen 327: "http://man.openbsd.org/?query=sshd_config&sektion=5"
1.40 dtucker 328: >sshd_config(5)</a> "SubSystem" directive to allow the
329: specification of commandline arguments.
330: <li>Many manpage fixes and improvements
1.1 david 331: </ul>
332: <p>
333:
334: <li>OpenBGPD 4.0:
335: <ul>
1.48 henning 336: <li>new nexthop selection logic ignoring bgpd routes, helps in complex setups
337: with ospfd
338: <li>add a "detailed" show rib view to bgpctl, including communities
339: <li>allow requesting a route refresh from a peer that supports it
340: <li>have bgpd always report back the result of an operation to bgpctl, so
341: the operator can spot errors quicker
342: <li>allow bgpd to manipulate carp demotion counters based on session states,
343: gives even greater failover support
344: <li>support restarting sessions that reached max-prefix after a given time
345: <li>bgpctl can now show all routes received from a neighbor before filters
346: were applied, and routes sent to neighbors
347: <li>assorted fixes and improvements, as usual
1.1 david 348: </ul>
349: <p>
350:
1.41 norby 351: <li>OpenOSPFD 4.0:
1.1 david 352: <ul>
1.41 norby 353: <li>Track uptime of the daemon itself.
354: <li>Track uptime of all ospf enabled interfaces.
355: <li>Adjust logging behaviour to prevent unwanted logging.
356: <li>Delay LSA updates when removing and adding - prevent flapping.
357: <li>Fix plaintext authentication.
1.43 brad 358: <li>Improve the output of 'ospfctl show interfaces'.
1.41 norby 359: <li>Support rtlabels when redistributing routes.
1.1 david 360: </ul>
361: <p>
1.41 norby 362:
1.50 henning 363: <li>OpenNTPD 4.0:
1.49 mbalmer 364: <ul>
1.50 henning 365: <li>support timedelta sensors, such as DCF77 receivers supported by
1.102 sthen 366: <a href="http://man.openbsd.org/?query=udcf&sektion=4">udcf(4)</a>
1.50 henning 367: and GPS receivers supported by
1.102 sthen 368: <a href="http://man.openbsd.org/?query=nmea&sektion=4">nmea(4)</a>.
1.50 henning 369: <li>Adjust the kernel tick frequency, using
1.102 sthen 370: <a href="http://man.openbsd.org/?query=adjfreq&sektion=2">adjfreq(2)</a>,
1.50 henning 371: improving accuracy on many machines.
372: <li>allow for weight to be added to sensors or servers, so that one can
373: weight timedelta sensors higher than ntp peers
1.49 mbalmer 374: </ul>
375: <p>
1.1 david 376:
1.9 steven 377: <li>Over 3700 ports, 3400 pre-built packages, improved package tools.
1.57 espie 378: <li>Full support for pkg_add(1) over ssh(1), using one single connection.
1.1 david 379: <p>
380:
381: <li>As usual, steady improvements in manual pages and other documentation.
382: <p>
383:
384: <li>The system includes the following major components from outside suppliers:
385: <ul>
386: <li>X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers
387: (+ patches) for legacy chipsets not supported by X.Org)
388: <li>Gcc 2.95.3
1.102 sthen 389: (+ <a href="http://man.openbsd.org/?query=gcc-local&sektion=1">patches</a>)
1.1 david 390: and 3.3.5
1.102 sthen 391: (+ <a href="http://man.openbsd.org/?query=gcc-local&sektion=1">patches</a>)
1.1 david 392: <li>Perl 5.8.8 (+ patches)
393: <li>Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
394: <li>OpenSSL 0.9.7j (+ patches)
395: <li>Groff 1.15
396: <li>Sendmail 8.13.8, with libmilter
1.26 david 397: <li>Bind 9.3.2-P1 (+ patches)
1.1 david 398: <li>Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
399: <li>Sudo 1.6.8p9
400: <li>Ncurses 5.2
401: <li>Latest KAME IPv6
1.24 biorn 402: <li>Heimdal 0.7.2 (+ patches)
1.1 david 403: <li>Arla 0.35.7
404: <li>Binutils 2.15 (+ patches)
1.69 kettenis 405: <li>Gdb 6.3 (+ patches)
1.1 david 406: </ul>
407: <p>
408:
409: </ul>
410:
411: <a name="install"></a>
412: <hr>
413: <p>
414: <h3><font color="#0000e0">How to install</font></h3>
415: <p>
416: Following this are the instructions which you would have on a piece of
417: paper if you had purchased a CDROM set instead of doing an alternate
418: form of install. The instructions for doing an FTP (or other style
419: of) install are very similar; the CDROM instructions are left intact
420: so that you can see how much easier it would have been if you had
421: purchased a CDROM instead.
422: <p>
423:
424: <hr>
425: Please refer to the following files on the three CDROMs or FTP mirror for
426: extensive details on how to install OpenBSD 4.0 on your machine:
427: <p>
428: <ul>
429: <li>CD1:4.0/i386/INSTALL.i386
430: <p>
431: <li>CD2:4.0/amd64/INSTALL.amd64
432: <li>CD2:4.0/macppc/INSTALL.macppc
433: <p>
434: <li>CD3:4.0/sparc/INSTALL.sparc
435: <li>CD3:4.0/sparc64/INSTALL.sparc64
436: <p>
437: <li>FTP:.../OpenBSD/4.0/alpha/INSTALL.alpha
1.33 brad 438: <li>FTP:.../OpenBSD/4.0/armish/INSTALL.armish
1.1 david 439: <li>FTP:.../OpenBSD/4.0/cats/INSTALL.cats
440: <li>FTP:.../OpenBSD/4.0/hp300/INSTALL.hp300
441: <li>FTP:.../OpenBSD/4.0/hppa/INSTALL.hppa
442: <li>FTP:.../OpenBSD/4.0/luna88k/INSTALL.luna88k
443: <li>FTP:.../OpenBSD/4.0/mac68k/INSTALL.mac68k
444: <li>FTP:.../OpenBSD/4.0/mvme68k/INSTALL.mvme68k
445: <li>FTP:.../OpenBSD/4.0/mvme88k/INSTALL.mvme88k
446: <li>FTP:.../OpenBSD/4.0/sgi/INSTALL.sgi
447: <li>FTP:.../OpenBSD/4.0/vax/INSTALL.vax
448: <li>FTP:.../OpenBSD/4.0/zaurus/INSTALL.zaurus
449: </ul>
450: <hr>
451:
452: <p>
453: Quick installer information for people familiar with OpenBSD, and the
454: use of the "disklabel -E" command. If you are at all confused when
455: installing OpenBSD, read the relevant INSTALL.* file as listed above!
456: <p>
457:
458: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
459: <ul>
460: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
461: release is on CD1. If your BIOS does not support booting from CD, you will need
462: to create a boot floppy to install from. To create a boot floppy write
463: <i>CD1:4.0/i386/floppy40.fs</i> to a floppy and boot via the floppy drive.
464:
465: <p>
466: Use <i>CD1:4.0/i386/floppyB40.fs</i> instead for greater SCSI controller
467: support, or <i>CD1:4.0/i386/floppyC40.fs</i> for better laptop support.
468:
469: <p>
470: If you can't boot from a CD or a floppy disk,
471: you can install across the network using PXE as described in
472: the included INSTALL.i386 document.
473:
474: <p>
475: If you are planning on dual booting OpenBSD with another OS, you will need to
476: read INSTALL.i386.
477:
478: <p>
479: To make a boot floppy under MS-DOS, use the "rawrite" utility located
480: at <i>CD1:4.0/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
481: use the
1.102 sthen 482: <a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>
1.1 david 483: utility. The following is an example usage of
1.102 sthen 484: <a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>,
1.1 david 485: where the device could be "floppy", "rfd0c", or
486: "rfd0a".
487:
488: <ul><pre>
489: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
490: </pre></ul>
491:
492: <p>
493: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
494: your install will most likely fail. For more information on creating a boot
495: floppy and installing OpenBSD/i386 please refer to
1.104 tj 496: <a href="faq/faq4.html#MkFlop">this page</a>.
1.1 david 497: </ul>
498:
499: <p>
500: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
501: <ul>
502: The 4.0 release of OpenBSD/amd64 is located on CD2.
503: Boot from the CD to begin the install - you may need to adjust
504: your BIOS options first.
505: If you can't boot from the CD, you can create a boot floppy to install from.
506: To do this, write <i>CD2:4.0/amd64/floppy40.fs</i> to a floppy, then
507: boot from the floppy drive.
508:
509: <p>
510: If you can't boot from a CD or a floppy disk,
511: you can install across the network using PXE as described in the included
512: INSTALL.amd64 document.
513:
514: <p>
515: If you are planning to dual boot OpenBSD with another OS, you will need to
516: read INSTALL.amd64.
517: </ul>
518:
519: <p>
520: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
521: <ul>
522: Put CD2 in your CDROM drive and poweron your machine while holding down the
523: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
524:
525: <p>
526: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
527: /4.0/macppc/bsd.rd</i>
528: </ul>
529:
530: <p>
531: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
532: <ul>
533: The 4.0 release of OpenBSD/sparc is located on CD3. To boot off of this CD you
534: can use one of the two commands listed below, depending on the version of your
535: ROM.
536:
537: <ul><pre>
538: ok <strong>boot cdrom 4.0/sparc/bsd.rd</strong>
539: or
540: > <strong>b sd(0,6,0)4.0/sparc/bsd.rd</strong>
541: </pre></ul>
542:
543: <p>
544: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
545: To do so you need to write <i>CD3:4.0/sparc/floppy40.fs</i> to a floppy.
1.104 tj 546: For more information see <a href="faq/faq4.html#MkFlop">this page</a>.
1.1 david 547: To boot from the floppy use one of the two commands listed below,
548: depending on the version of your ROM.
549:
550: <ul><pre>
551: ok <strong>boot floppy</strong>
552: or
553: > <strong>b fd()</strong>
554: </pre></ul>
555:
556: <p>
557: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
558: will most likely fail.
559:
560: <p>
561: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
562: setup a bootable tape, or install via network, as told in the
563: INSTALL.sparc file.
564: </ul>
565:
566: <p>
567: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
568: <ul>
569: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
570:
571: <p>
572: If this doesn't work, or if you don't have a CDROM drive, you can write
573: <i>CD3:4.0/sparc64/floppy40.fs</i> or <i>CD3:4.0/sparc64/floppyB40.fs</i>
574: (depending on your machine) to a floppy and boot it with <i>boot
575: floppy</i>. Refer to INSTALL.sparc64 for details.
576:
577: <p>
578: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
579: will most likely fail.
580:
581: <p>
582: You can also write <i>CD3:4.0/sparc64/miniroot40.fs</i> to the swap partition on
583: the disk and boot with <i>boot disk:b</i>.
584:
585: <p>
586: If nothing works, you can boot over the network as described in INSTALL.sparc64.
587: </ul>
588:
589: <p>
590: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
591: <ul>
592: <p>Write <i>FTP:4.0/alpha/floppy40.fs</i> or
593: <i>FTP:4.0/alpha/floppyB40.fs</i> (depending on your machine) to a diskette and
594: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
595:
596: <p>
597: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
598: will most likely fail.
599:
600: </ul>
601:
602: <p>
603: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
604: <ul>
605: <p>
1.67 drahn 606: After connecting a serial port, Thecus can boot directly from the network
607: either tftp or http. Configure the network using fconfig, reset,
608: then load bsd.rd, see INSTALL.armish for specific details.
1.82 steven 609: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
1.67 drahn 610: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
611: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
612: More details are available in INSTALL.armish.
1.1 david 613: </ul>
614:
615: <p>
616: <h3><font color="#e00000">OpenBSD/cats:</font></h3>
617: <ul>
618: <p>
619: After updating the firmware to at least ABLE 1.95 if necessary, boot
620: <i>FTP:4.0/cats/bsd.rd</i> from an ABLE-supported device (such as a CD-ROM
621: or an existing FFS or EXT2FS partition).
622: </ul>
623:
624: <p>
625: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
626: <ul>
627: <p>
628: Boot over the network by following the instructions in INSTALL.hp300.
629: </ul>
630:
631: <p>
632: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
633: <ul>
634: <p>
635: Boot over the network by following the instructions in INSTALL.hppa or the
636: <a href="hppa.html#install">hppa platform page</a>.
637: </ul>
638:
639: <p>
640: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
641: <ul>
642: <p>
643: Copy bsd.rd to a Mach or UniOS partition, and boot it from the PROM.
644: Alternatively, you can create a bootable tape and boot from it. Refer to
645: the instructions in INSTALL.luna88k for more details.
646: </ul>
647:
648: <p>
649: <h3><font color="#e00000">OpenBSD/mac68k:</font></h3>
650: <ul>
651: <p>
652: Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from
653: <i>FTP:4.0/mac68k/utils</i> onto your hard disk. Configure the "BSD/Mac68k
654: Booter" with the location of your bsd.rd kernel and boot into the installer.
655: Refer to the instructions in INSTALL.mac68k for more details.
656: </ul>
657:
658: <p>
659: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
660: <ul>
661: <p>
662: You can create a bootable installation tape or boot over the network.<br>
663: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
664: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
665: for more details.
666: </ul>
667:
668: <p>
669: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
670: <ul>
671: <p>
672: You can create a bootable installation tape or boot over the network.<br>
673: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
674: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
675: for more details.
676: </ul>
677:
678: <p>
679: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
680: <ul>
681: <p>
682: Burn cd40.iso on a CD-R, put it in the CD drive of your machine and
683: select <i>Install System Software</i> from the System Maintenance menu.
684:
685: <p>
686: If your machine doesn't have a CD drive, you can
687: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd".
688: Refer to the instructions in INSTALL.sgi for more details.
689: </ul>
690:
691: <p>
692: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
693: <ul>
694: Boot over the network via mopbooting as described in INSTALL.vax.
695: </ul>
696:
697: <p>
698: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
699: <ul>
700: <p>
701: Using the Linux built-in graphical ipkg installer, install the
702: openbsd40_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
703: for a few important details.
704: </ul>
705:
706: <p>
707: <h3><font color="#e00000">Notes about the source code:</font></h3>
708: <ul>
709: src.tar.gz contains a source archive starting at /usr/src. This file
710: contains everything you need except for the kernel sources, which are
711: in a separate archive. To extract:
712: <p>
713: <ul><pre>
714: # <strong>mkdir -p /usr/src</strong>
715: # <strong>cd /usr/src</strong>
716: # <strong>tar xvfz /tmp/src.tar.gz</strong>
717: </pre></ul>
718: <p>
719: sys.tar.gz contains a source archive starting at /usr/src/sys.
720: This file contains all the kernel sources you need to rebuild kernels.
721: To extract:
722: <p>
723: <ul><pre>
724: # <strong>mkdir -p /usr/src/sys</strong>
725: # <strong>cd /usr/src</strong>
726: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
727: </pre></ul>
728: <p>
729: Both of these trees are a regular CVS checkout. Using these trees it
730: is possible to get a head-start on using the anoncvs servers as
731: described <a href="anoncvs.html">here</a>.
732: Using these files
733: results in a much faster initial CVS update than you could expect from
734: a fresh checkout of the full OpenBSD source tree.
735: <p>
736: </ul>
737:
738: <a name="upgrade"></a>
739: <hr>
740: <p>
741: <h3><font color="#0000e0">How to upgrade</font></h3>
742: <p>
743: If you already have an OpenBSD 3.9 system, and do not want to reinstall,
744: upgrade instructions and advice can be found in the
1.14 henning 745: <a href="faq/upgrade40.html">Upgrade Guide</a>.
1.1 david 746:
747: <a name="ports"></a>
748: <hr>
749: <p>
750: <h3><font color="#0000e0">Ports Tree</font></h3>
751: <p>
752: A ports tree archive is also provided. To extract:
753: <p>
754: <ul><pre>
755: # <strong>cd /usr</strong>
756: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
757: # <strong>cd ports</strong>
758: </pre></ul>
759: <p>
760: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
1.90 jasper 761: read the <a href="faq/faq15.html">ports</a> page
1.1 david 762: if you know nothing about ports
763: at this point. This text is not a manual of how to use ports.
764: Rather, it is a set of notes meant to kickstart the user on the
765: OpenBSD ports system.
766: <p>
767: The <i>ports/</i> directory represents a CVS (see the manpage for
1.102 sthen 768: <a href="http://man.openbsd.org/?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
1.1 david 769: cvs(1)</a> if
770: you aren't familiar with CVS) checkout of our ports. As with our complete
771: source tree, our ports tree is available via anoncvs. So, in
772: order to keep current with it, you must make the <i>ports/</i> tree
773: available on a read-write medium and update the tree with a command
774: like:
775: <p>
776: <ul><pre>
777: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_0</strong>
778: </pre></ul>
779: <p>
780: [Of course, you must replace the local directory and server name here
781: with the location of your ports collection and a nearby anoncvs
782: server.]
783: <p>
784: Note that most ports are available as packages through FTP. Updated
785: packages for the 4.0 release will be made available if problems arise.
786: <p>
787: If you're interested in seeing a port added, would like to help out, or just
788: would like to know more, the mailing list ports@openbsd.org is a good
789: place to know.
790: <p>
791:
792: </body>
793: </html>