Annotation of www/41.html, Revision 1.3
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 4.1 Release</title>
5: <link rev=made href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
8: <meta name="description" content="OpenBSD 4.1">
9: <meta name="keywords" content="openbsd,main">
10: <meta name="distribution" content="global">
11: <meta name="copyright" content="This document copyright 2006 by OpenBSD.">
12: </head>
13:
14: <body bgcolor="#ffffff" text="#000000" link="#24248E">
15:
16: <a href="index.html">
17: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
18: <hr>
19:
20: <p>
21: <a href="images/XXX.jpg">
22: <img align="left" width="227" height="343" hspace="24" vspace="30"
23: src="images/XXX.jpg" alt="OpenBSD 4.1 logo"></a>
24: <h2><font color="#0000e0">The OpenBSD 4.1 Release:</font></h2>
25: <p>
26: Released May 1, 2007<br>
27: Copyright 1997-2007, Theo de Raadt.<br>
28: <font color="#e00000">ISBN 978-0-9731791-9-4</font>
29: <br>
30: <a href="lyrics.html#41">4.1 Song: (not yet announced)</a>
31: <p>
32:
33: <a href="#new">What's New</a><br>
34: <a href="#install">How to install</a><br>
35: <a href="#upgrade">How to upgrade</a><br>
36: <a href="#ports">How to use the ports tree</a><br>
37: <a href="orders.html">Ordering a CD set</a><br>
38:
39: <p>
40: <h3><font color="#0000e0">
41: To get the files for this release:
42: <ul>
43: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
44: <li>See the information on <a href="ftp.html">The FTP page</a> for
45: a list of mirror machines.
46: <li>Go to the <font color="#e00000">pub/OpenBSD/4.1/</font> directory on
47: one of the mirror sites.
48: <li>Briefly read the rest of this document.
49: <li>Have a look at <a href="errata.html">The 4.1 Errata page</a> for a list
50: of bugs and workarounds.
51: <li>See a <a href="plus.html">detailed log of changes</a> between the
52: 4.0 and 4.1 releases.
53: </ul>
54: </font></h3>
55: <br clear=all>
56:
57: <strong>Note:</strong> All applicable copyrights and credits can be found
58: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
59: XF4.tar.gz, or in the files fetched via ports.tar.gz. The distribution
60: files used to build packages from the ports.tar.gz file are not included on
61: the CDROM because of lack of space.
62: <p>
63:
64: <a name="new"></a>
65: <hr>
66: <p>
67: <h3><font color="#0000e0">What's New</font></h3>
68: <p>
69: This is a partial list of new features and systems included in OpenBSD 4.1.
1.2 deraadt 70: For a comprehensive list, see the <a href="plus.html">changelog</a> leading
1.1 deraadt 71: to 4.1.
72: <p>
73:
74: <ul>
75:
76: <li>New/extended platforms:
77: <ul>
1.2 deraadt 78: <li><a href="armish.html">OpenBSD/landisk</a>.<br>
79: Various SH4-based appliances, made by IO-Data and resold by Plextor.
1.1 deraadt 80: <li><a href="sparc64.html">OpenBSD/sparc64</a>.<br>
1.2 deraadt 81: UltraSPARC III based machines are now supported even better!
1.1 deraadt 82: </ul>
83: <p>
84:
85: <li>Improved hardware support, including:
86: <ul>
87: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msk&sektion=4">msk(4)</a> driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.
88: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bnx&sektion=4">bnx(4)</a> driver for Broadcom NetXtreme II Gigabit Ethernet.
89: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xge&sektion=4">xge(4)</a> driver for Neterion Xframe/Xframe II 10Gb Ethernet.
90: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rum&sektion=4">rum(4)</a> driver for Ralink Technology 2nd gen USB IEEE 802.11a/b/g wireless.
91: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acx&sektion=4">acx(4)</a> driver for Texas Instruments ACX100/ACX111 IEEE 802.11a/b/g wireless.
92: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pgt&sektion=4">pgt(4)</a> driver for Connexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless.
93: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uath&sektion=4">uath(4)</a> driver for Atheros USB IEEE 802.11a/b/g wireless.
94: <li>New binary blob free <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wpi&sektion=4">wpi(4)</a> driver for Intel PRO/Wireless 3945ABG IEEE 802.11a/b/g wireless.
95: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc&sektion=4">arc(4)</a> driver for Areca Technology Corporation SATA RAID; including RAID management via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a>.
96: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mfi&sektion=4">mfi(4)</a> driver for LSI Logic & Dell MegaRAID SAS RAID; including RAID management via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a>.
97: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=azalia&sektion=4">azalia(4)</a> driver for generic High Definition Audio.
98: <li>New SD/MMC/SDIO drivers (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sdhc&sektion=4">sdhc(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sdmmc&sektion=4">sdmmc(4)</a>), currently supporting SD memory cards as fake SCSI <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sd&sektion=4">sd(4)</a> drives.
99: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udcf&sektion=4">udcf(4)</a> driver for Gude ADS Expert mouseCLOCK DCF77/HBG time signal station receivers.
100: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uslcom&sektion=4">uslcom(4)</a> driver for Silicon Laboratories CP2101/CP2102 based USB serial adapters.
101: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ucycom&sektion=4">ucycom(4)</a> driver for Cypress microcontroller based USB serial adapters.
102: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uark&sektion=4">uark(4)</a> driver for Arkmicro Technologies ARK3116 based USB serial adapters.
103: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umsm&sektion=4">umsm(4)</a> driver for Qualcomm MSM EVDO based modems.
104: <li>New Dallas/Maxim 1-Wire bus support, including:
105: <ul>
106: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpioow&sektion=4">gpioow(4)</a> driver for 1-Wire bus bit-banging through GPIO pin
107: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=onewire&sektion=4">onewire(4)</a> 1-Wire bus driver
108: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=owid&sektion=4">owid(4)</a> 1-Wire ID family driver
109: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=owtemp&sektion=4">owtemp(4)</a> 1-Wire temperature family driver
110: </ul>
111: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isagpio&sektion=4">isagpio(4)</a> driver for ISA I/O mapped as GPIO.
112: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nmea&sektion=4">nmea(4)</a>
113: line discipline for NMEA 0183 (GPS) devices. The new
114: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nmeaattach&sektion=8">nmeaattach(8)</a>
115: utility can be used to receive NMEA 0183 data and provide the time
116: received as a timedelta sensor to be used by, for example,
117: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd&sektion=8">ntpd(8)</a>.
118: <li>New VAX framebuffer drivers:
119: <ul>
120: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lcg&sektion=4&arch=vax">lcg(4)</a> driver for VAXstation 4000/60 and VLC color frame buffers
121: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lcspx&sektion=4&arch=vax">lcspx(4)</a> driver for Low-Cost SPX color frame buffers
122: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpx&sektion=4&arch=vax">gpx(4)</a> driver for GPX color frame buffers
123: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smg&sektion=4&arch=vax">smg(4)</a> driver for Small Monochrome Graphics frame buffers heavily updated to be a modern <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> driver
124: </ul>
125: <li>Support for VAX-based Digital VXT2000 and VXT2000+ terminals.
126: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a> driver supporting newer chipsets, such as the Broadcom BCM5754, BCM5755, BCM5786, and BCM5787.
127: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> driver supporting newer chipsets, such as the Intel ESB2 and ICH8.
128: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfe&sektion=4">nfe(4)</a> driver supporting newer chipsets, such as the NVIDIA MCP61 and MCP65.
129: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=re&sektion=4">re(4)</a> driver supporting newer chipsets, such as the Realtek RT8101E, RT8168, and RT8169SC.
130: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> driver supporting newer chipsets, such as the ADMtek ADM9511 and ADM9513.
131: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> driver supporting newer chipsets, such as:
132: <ul>
133: <li>ATI IXP300 SATA, IXP600 IDE
134: <li>Intel 6321ESB IDE/SATA, 82801G SATA, and 82801H SATA
135: <li>IT Express IT8211F IDE
136: <li>NVIDIA MCP61 SATA, MCP65 SATA
137: <li>Promise PDC205xx SATA
138: <li>ServerWorks SATA
139: <li>VIA VT8237A SATA
140: </ul>
141: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpt&sektion=4">mpt(4)</a> driver has been replaced with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpi&sektion=4">mpi(4)</a>, a more stable driver that supports more hardware.
142: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=com&sektion=4">com(4)</a> driver now supports pcmcia and cardbus cards on macppc.
143: <li>Working interrupt routing on Sun Netra t1 105, Ultra 60 and possibly other <a href="sparc64.html">sparc64</a> systems.
144: <li>Work around broken VIA and NVIDIA MPBIOSes, fixes interrupt routing with GENERIC.MP on several systems.
145: <li>Initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a> support for Compaq/HP <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ciss&sektion=4">ciss(4)</a> Smart ARRAY 5/6 SAS/SCSI RAID controllers.
146: <li>Improved speed control on some systems:
147: <ul>
148: <li>New SpeedStep detection code, also adds support for VIA C7-M, and several newer Pentium M's.
149: <li>Support SpeedStep in rudimentary fashion on most unknown CPU's that advertise the feature.
150: <li>Zaurus can be moved into slower speeds now too.
151: <li>The Pentium 4 Thermal Clock Control driver now supports more CPU's including the Intel Pentium M and Xeon, and provides an estimated performance impact.
152: <li>Numerous improvements to PowerNow K7 and K8 support on i386, and support for K8 was added to amd64.
153: </ul>
154: <li>Support for Intel 945G/GM video chipsets (on i386).</li>
155: <li>Support for additional I2C sensors:
156: <ul>
157: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adt&sektion=4">adt(4)</a> driver now supports the National Semiconductor LM9600, SMSC EMC6D10x and SMSC SCH5017 chips.
158: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=admtemp&sektion=4">admtemp(4)</a> driver now supports the Analog Devices ADM1023, Genesys Logic GL523SM and Global Mixed-mode Technology G781 chips.
159: </ul>
160: </ul>
161: <p>
162:
163: <li>New tools:
164: <ul>
165: <li>GNU RCS has been replaced with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">OpenRCS</a>.
166: </ul>
167: <p>
168:
169: <li>New functionality:
170: <ul>
171: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">IPsec</a>
172: has been greatly improved:
173: <ul>
174: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecctl&sektion=8">ipsecctl(8)</a>
175: has been greatly extended and completely supersedes ipsecadm(8):
176: <ul>
177: <li>Lots of documentation improvements (man
178: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf&sektion=5">ipsec.conf</a>)
179: <li>IPv6 support
180: <li>AH support
181: <li>Transport mode support
182: <li>Dynamic IKE support for roaming users
183: <li>USER_FQDN id support
184: </ul>
185: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sasyncd&sektion=8">sasyncd(8)</a>
186: works much better:
187: <ul>
188: <li>communicates with
189: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>,
190: telling it to run active or passive depending on the master/slave state of the
191: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>
192: interfaces. This makes
193: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">IPsec</a>
194: failover setups much more robust.
195: <li>looks at the
196: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>
197: interface group by default to suppress preemption of
198: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">IPsec</a>
199: traffic during system boot.
200: </ul>
201: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>
202: can now be safely configured by
203: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecctl&sektion=8">ipsecctl(8)</a>
204: on startup.
205: </ul>
206: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> now supports HTTPS.
207: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a> can now perform track-at-once burning and rewritable blanking.
208: <li>spppcontrol(8) and wicontrol(8) functionality has been merged into
209: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>.
210: <li>gcc(1) provides a new warning, -Wstack-larger-than-N, to report functions
211: which are too greedy in stack variables, see
212: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">gcc-local(1)</a> for details.
213: <li>An in-kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcwd&sektion=3">getcwd(3)</a> implementation.
214: <li>A new system call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adjfreq&sektion=2">adjfreq(2)</a>
215: to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd&sektion=8">ntpd(8)</a>
216: to adjust the tick rate of the system clock automatically.
217: <li>Support for X11 on VAX has been added
218: <li>Virtual Allocation Table (VAT) support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_udf&sektion=8">UDF</a>.
219: <li>C99 functions
220: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=round&sektion=3">round(3)</a>,
221: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=roundf&sektion=3">roundf(3)</a>,
222: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trunc&sektion=3">trunc(3)</a>, and
223: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=truncf&sektion=3">truncf(3)</a>
224: have been added to libm, the math library.
225: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
226: now supports Unicast Reverse Path Forwarding (uRPF) checks for simplified
227: ingress filtering.
228: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a>
229: can now ignore packets based on their direction (inbound/outbound) using the
230: BIOCSDIRFILT ioctl.
231: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pdisk&sektion=8&arch=mac68k">pdisk(8)</a>
232: can now set up slices on HFS(DPME) partitioned disks on mac68k.
233: <li>New dissectors have been added to
234: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>:
235: <ul>
236: <li>Cisco's VQP (VLAN Query Protocol)
237: <li>IEEE 802.1AB LLDP (Link Layer Discovery Protocol)
238: </ul>
239: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trunk&sektion=4">trunk(4)</a> now
240: supports the new loadbalance mode to balance outgoing traffic based on hashed protocol header
241: information.
242: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bioctl&sektion=8">bioctl(8)</a> has been extended to provide runtime information on rebuilds, scrubs and initialization.
243: <li>New sysctls to check the system vendor, product, version, serial number, and UUID.
244: <li>Equal cost multipath routing support. Needs to be enabled by a sysctl.
245: <li>Prebind, a secure implementation of prelinking, has been added to
246: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8" >ldconfig(8)</a>,
247: it speeds up launching of shared binaries. Prebind is compatible with
248: address space randomization, unlike prelink.
249: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8">vnconfig(8)</a> can now use PKCS #5 PBKDF2 to create a more secure key when using encryption.
250: </ul>
251: <p>
252:
253: <li>Assorted improvements and code cleanup:
254: <ul>
255: <li>Much better time keeping for multiprocessor <a href="i386.html">OpenBSD/i386</a>
256: systems.
257: <li>Much improved implementation of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telldir&sektion=3">telldir(3)</a>
258: and friends.
259: <li>Replacement of many
260: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a>
261: calls that follow a pattern prone to integer overflow with safer constructs.
262: <li>Improved failover handling in
263: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>:
264: <ul>
265: <li>Extend the carp protocol with the demotion counter to act smarter on multiple failures.
266: <li>Group failovers now work without carp running preempt mode.
267: <li>Demotion can now be controlled via interface groups.
268: </ul>
269: <li>
270: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chio&sektion=1">chio(1)</a>
271: is now a useful tool for controlling tape changers.
272: <li>Much improved
273: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=st&sektion=4">st(4)</a>
274: device setup, tape handling and error processing.
275: <li>Many
276: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>
277: fixes, including 'alias' handling and improved interface initialization.
278: <li>
279: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=8">scsi(4)</a>
280: devices detect the correct SCSI version.
281: <li>More
282: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umass&sektion=4">umass(4)</a>
283: devices properly detected.
284: <li>Improved detection of fibre channel devices and devices in SCSI enclosures.
285: <li>The new RSSI header has been added to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ieee80211_radiotap&sektion=9">ieee80211_radiotap(9)</a>
286: framework as a replacement for ANTSIGNAL headers.
287: <li>Many integer type safety cleanups with
288: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lint&sektion=1">lint(1)</a>.
289: </ul>
290: <p>
291:
292: <li>Install/Upgrade process changes
293: <ul>
294: <li>Host specific site files add easy customization for individual hosts
295: <li>X Window aperture support, where available, now defaults to off
296: </ul>
297: <p>
298:
299: <li>New functionality for
300: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hostapd&sektion=8">hostapd(8)</a>,
301: the Host Access Point Daemon:
302: <ul>
303: <li>IP based roaming to build wireless networks without the requirement
304: of a single broadcast domain.
305: <li>New event rules to match optional elements of radiotap headers:
306: signal percentage, transmit rate and channel frequency.
307: <li>Various bug fixes and improvements.
308: </ul>
309: <p>
310:
311: <li>OpenSSH 4.4:
312: <ul>
313: <li>Conditional configuration in <a href=
314: "http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5"
315: >sshd_config(5)</a> using the <b>Match</b> directive. This allows some
316: configuration options to be selectively overridden if specific criteria
317: (based on user, group, hostname and/or address) are met.
318: <li>Add support for Diffie-Hellman group exchange key agreement with a
319: final hash of SHA256.
320: <li>Added a <b>ForceCommand</b> directive to <a href=
321: "http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5"
322: >sshd_config(5)</a>, similar to the command="..." option in
323: ~/.ssh/authorized_keys.
324: <li>Added a <b>PermitOpen</b> directive to <a href=
325: "http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5"
326: >sshd_config(5)</a>, similar to the permitopen="..." option in
327: authorized_keys, to allow control over the port-forwardings that a
328: user is allowed to establish.
329: <li>Added an <b>ExitOnForwardFailure</b> option to cause ssh(1) to exit (with
330: a non-zero exit code) when requested port forwardings could not be
331: established.
332: <li>Added optional logging of transactions to <a href=
333: "http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8"
334: >sftp-server(8)</a>.
335: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1"
336: >ssh(1)</a> will now record port numbers for hosts stored in
337: ~/.ssh/authorized_keys when a non-standard port has been requested.
338: <li>Extended the <a href=
339: "http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5"
340: >sshd_config(5)</a> "SubSystem" directive to allow the
341: specification of commandline arguments.
342: <li>Many manpage fixes and improvements
343: </ul>
344: <p>
345:
346: <li>OpenBGPD 4.1:
347: <ul>
348: <li>new nexthop selection logic ignoring bgpd routes, helps in complex setups
349: with ospfd
350: <li>add a "detailed" show rib view to bgpctl, including communities
351: <li>allow requesting a route refresh from a peer that supports it
352: <li>have bgpd always report back the result of an operation to bgpctl, so
353: the operator can spot errors quicker
354: <li>allow bgpd to manipulate carp demotion counters based on session states,
355: gives even greater failover support
356: <li>support restarting sessions that reached max-prefix after a given time
357: <li>bgpctl can now show all routes received from a neighbor before filters
358: were applied, and routes sent to neighbors
359: <li>assorted fixes and improvements, as usual
360: </ul>
361: <p>
362:
363: <li>OpenOSPFD 4.1:
364: <ul>
365: <li>Track uptime of the daemon itself.
366: <li>Track uptime of all ospf enabled interfaces.
367: <li>Adjust logging behaviour to prevent unwanted logging.
368: <li>Delay LSA updates when removing and adding - prevent flapping.
369: <li>Fix plaintext authentication.
370: <li>Improve the output of 'ospfctl show interfaces'.
371: <li>Support rtlabels when redistributing routes.
372: </ul>
373: <p>
374:
375: <li>OpenNTPD 4.1:
376: <ul>
377: <li>support timedelta sensors, such as DCF77 receivers supported by
378: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udcf&sektion=4">udcf(4)</a>
379: and GPS receivers supported by
380: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nmea&sektion=4">nmea(4)</a>.
381: <li>Adjust the kernel tick frequency, using
382: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adjfreq&sektion=2">adjfreq(2)</a>,
383: improving accuracy on many machines.
384: <li>allow for weight to be added to sensors or servers, so that one can
385: weight timedelta sensors higher than ntp peers
386: </ul>
387: <p>
388:
389: <li>Over 3700 ports, 3400 pre-built packages, improved package tools.
390: <li>Full support for pkg_add(1) over ssh(1), using one single connection.
391: <p>
392:
393: <li>As usual, steady improvements in manual pages and other documentation.
394: <p>
395:
396: <li>The system includes the following major components from outside suppliers:
397: <ul>
398: <li>X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers
399: (+ patches) for legacy chipsets not supported by X.Org)
400: <li>Gcc 2.95.3
401: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
402: and 3.3.5
403: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
404: <li>Perl 5.8.8 (+ patches)
405: <li>Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
406: <li>OpenSSL 0.9.7j (+ patches)
407: <li>Groff 1.15
408: <li>Sendmail 8.13.8, with libmilter
409: <li>Bind 9.3.2-P1 (+ patches)
410: <li>Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
411: <li>Sudo 1.6.8p9
412: <li>Ncurses 5.2
413: <li>Latest KAME IPv6
414: <li>Heimdal 0.7.2 (+ patches)
415: <li>Arla 0.35.7
416: <li>Binutils 2.15 (+ patches)
417: <li>Gdb 6.3 (+ patches)
418: </ul>
419: <p>
420:
421: </ul>
422:
423: <a name="install"></a>
424: <hr>
425: <p>
426: <h3><font color="#0000e0">How to install</font></h3>
427: <p>
428: Following this are the instructions which you would have on a piece of
429: paper if you had purchased a CDROM set instead of doing an alternate
430: form of install. The instructions for doing an FTP (or other style
431: of) install are very similar; the CDROM instructions are left intact
432: so that you can see how much easier it would have been if you had
433: purchased a CDROM instead.
434: <p>
435:
436: <hr>
437: Please refer to the following files on the three CDROMs or FTP mirror for
438: extensive details on how to install OpenBSD 4.1 on your machine:
439: <p>
440: <ul>
441: <li>CD1:4.1/i386/INSTALL.i386
442: <p>
443: <li>CD2:4.1/amd64/INSTALL.amd64
444: <li>CD2:4.1/macppc/INSTALL.macppc
445: <p>
446: <li>CD3:4.1/sparc/INSTALL.sparc
447: <li>CD3:4.1/sparc64/INSTALL.sparc64
448: <p>
449: <li>FTP:.../OpenBSD/4.1/alpha/INSTALL.alpha
450: <li>FTP:.../OpenBSD/4.1/armish/INSTALL.armish
451: <li>FTP:.../OpenBSD/4.1/hp300/INSTALL.hp300
452: <li>FTP:.../OpenBSD/4.1/hppa/INSTALL.hppa
1.3 ! deraadt 453: <li>FTP:.../OpenBSD/4.1/landisk/INSTALL.landisk
1.1 deraadt 454: <li>FTP:.../OpenBSD/4.1/luna88k/INSTALL.luna88k
455: <li>FTP:.../OpenBSD/4.1/mac68k/INSTALL.mac68k
456: <li>FTP:.../OpenBSD/4.1/mvme68k/INSTALL.mvme68k
457: <li>FTP:.../OpenBSD/4.1/mvme88k/INSTALL.mvme88k
458: <li>FTP:.../OpenBSD/4.1/sgi/INSTALL.sgi
459: <li>FTP:.../OpenBSD/4.1/vax/INSTALL.vax
460: <li>FTP:.../OpenBSD/4.1/zaurus/INSTALL.zaurus
461: </ul>
462: <hr>
463:
464: <p>
465: Quick installer information for people familiar with OpenBSD, and the
466: use of the "disklabel -E" command. If you are at all confused when
467: installing OpenBSD, read the relevant INSTALL.* file as listed above!
468: <p>
469:
470: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
471: <ul>
472: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
473: release is on CD1. If your BIOS does not support booting from CD, you will need
474: to create a boot floppy to install from. To create a boot floppy write
475: <i>CD1:4.1/i386/floppy41.fs</i> to a floppy and boot via the floppy drive.
476:
477: <p>
478: Use <i>CD1:4.1/i386/floppyB41.fs</i> instead for greater SCSI controller
479: support, or <i>CD1:4.1/i386/floppyC41.fs</i> for better laptop support.
480:
481: <p>
482: If you can't boot from a CD or a floppy disk,
483: you can install across the network using PXE as described in
484: the included INSTALL.i386 document.
485:
486: <p>
487: If you are planning on dual booting OpenBSD with another OS, you will need to
488: read INSTALL.i386.
489:
490: <p>
491: To make a boot floppy under MS-DOS, use the "rawrite" utility located
492: at <i>CD1:4.1/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
493: use the
494: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
495: utility. The following is an example usage of
496: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
497: where the device could be "floppy", "rfd0c", or
498: "rfd0a".
499:
500: <ul><pre>
501: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
502: </pre></ul>
503:
504: <p>
505: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
506: your install will most likely fail. For more information on creating a boot
507: floppy and installing OpenBSD/i386 please refer to
508: <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
509: </ul>
510:
511: <p>
512: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
513: <ul>
514: The 4.1 release of OpenBSD/amd64 is located on CD2.
515: Boot from the CD to begin the install - you may need to adjust
516: your BIOS options first.
517: If you can't boot from the CD, you can create a boot floppy to install from.
518: To do this, write <i>CD2:4.1/amd64/floppy41.fs</i> to a floppy, then
519: boot from the floppy drive.
520:
521: <p>
522: If you can't boot from a CD or a floppy disk,
523: you can install across the network using PXE as described in the included
524: INSTALL.amd64 document.
525:
526: <p>
527: If you are planning to dual boot OpenBSD with another OS, you will need to
528: read INSTALL.amd64.
529: </ul>
530:
531: <p>
532: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
533: <ul>
534: Put CD2 in your CDROM drive and poweron your machine while holding down the
535: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
536:
537: <p>
538: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
539: /4.1/macppc/bsd.rd</i>
540: </ul>
541:
542: <p>
543: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
544: <ul>
545: The 4.1 release of OpenBSD/sparc is located on CD3. To boot off of this CD you
546: can use one of the two commands listed below, depending on the version of your
547: ROM.
548:
549: <ul><pre>
550: ok <strong>boot cdrom 4.1/sparc/bsd.rd</strong>
551: or
552: > <strong>b sd(0,6,0)4.1/sparc/bsd.rd</strong>
553: </pre></ul>
554:
555: <p>
556: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
557: To do so you need to write <i>CD3:4.1/sparc/floppy41.fs</i> to a floppy.
558: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
559: To boot from the floppy use one of the two commands listed below,
560: depending on the version of your ROM.
561:
562: <ul><pre>
563: ok <strong>boot floppy</strong>
564: or
565: > <strong>b fd()</strong>
566: </pre></ul>
567:
568: <p>
569: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
570: will most likely fail.
571:
572: <p>
573: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
574: setup a bootable tape, or install via network, as told in the
575: INSTALL.sparc file.
576: </ul>
577:
578: <p>
579: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
580: <ul>
581: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
582:
583: <p>
584: If this doesn't work, or if you don't have a CDROM drive, you can write
585: <i>CD3:4.1/sparc64/floppy41.fs</i> or <i>CD3:4.1/sparc64/floppyB41.fs</i>
586: (depending on your machine) to a floppy and boot it with <i>boot
587: floppy</i>. Refer to INSTALL.sparc64 for details.
588:
589: <p>
590: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
591: will most likely fail.
592:
593: <p>
594: You can also write <i>CD3:4.1/sparc64/miniroot41.fs</i> to the swap partition on
595: the disk and boot with <i>boot disk:b</i>.
596:
597: <p>
598: If nothing works, you can boot over the network as described in INSTALL.sparc64.
599: </ul>
600:
601: <p>
602: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
603: <ul>
604: <p>Write <i>FTP:4.1/alpha/floppy41.fs</i> or
605: <i>FTP:4.1/alpha/floppyB41.fs</i> (depending on your machine) to a diskette and
606: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
607:
608: <p>
609: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
610: will most likely fail.
611:
612: </ul>
613:
614: <p>
615: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
616: <ul>
617: <p>
618: After connecting a serial port, Thecus can boot directly from the network
619: either tftp or http. Configure the network using fconfig, reset,
620: then load bsd.rd, see INSTALL.armish for specific details.
621: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
622: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
623: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
624: More details are available in INSTALL.armish.
625: </ul>
626:
627: <p>
1.3 ! deraadt 628: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
1.1 deraadt 629: <ul>
630: <p>
1.3 ! deraadt 631: Boot over the network by following the instructions in INSTALL.hp300.
1.1 deraadt 632: </ul>
633:
634: <p>
1.3 ! deraadt 635: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
1.1 deraadt 636: <ul>
637: <p>
1.3 ! deraadt 638: Boot over the network by following the instructions in INSTALL.hppa or the
! 639: <a href="hppa.html#install">hppa platform page</a>.
1.1 deraadt 640: </ul>
641:
642: <p>
1.3 ! deraadt 643: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
1.1 deraadt 644: <ul>
1.3 ! deraadt 645: Write <i>CD3:4.1/landisk/miniroot41.fs</i> to the start of the CF
! 646: or disk, and boot normally.
1.1 deraadt 647: <p>
648: </ul>
649:
650: <p>
651: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
652: <ul>
653: <p>
654: Copy bsd.rd to a Mach or UniOS partition, and boot it from the PROM.
655: Alternatively, you can create a bootable tape and boot from it. Refer to
656: the instructions in INSTALL.luna88k for more details.
657: </ul>
658:
659: <p>
660: <h3><font color="#e00000">OpenBSD/mac68k:</font></h3>
661: <ul>
662: <p>
663: Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from
664: <i>FTP:4.1/mac68k/utils</i> onto your hard disk. Configure the "BSD/Mac68k
665: Booter" with the location of your bsd.rd kernel and boot into the installer.
666: Refer to the instructions in INSTALL.mac68k for more details.
667: </ul>
668:
669: <p>
670: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
671: <ul>
672: <p>
673: You can create a bootable installation tape or boot over the network.<br>
674: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
675: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
676: for more details.
677: </ul>
678:
679: <p>
680: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
681: <ul>
682: <p>
683: You can create a bootable installation tape or boot over the network.<br>
684: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
685: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
686: for more details.
687: </ul>
688:
689: <p>
690: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
691: <ul>
692: <p>
693: Burn cd41.iso on a CD-R, put it in the CD drive of your machine and
694: select <i>Install System Software</i> from the System Maintenance menu.
695:
696: <p>
697: If your machine doesn't have a CD drive, you can
698: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd".
699: Refer to the instructions in INSTALL.sgi for more details.
700: </ul>
701:
702: <p>
703: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
704: <ul>
705: Boot over the network via mopbooting as described in INSTALL.vax.
706: </ul>
707:
708: <p>
709: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
710: <ul>
711: <p>
712: Using the Linux built-in graphical ipkg installer, install the
713: openbsd41_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
714: for a few important details.
715: </ul>
716:
717: <p>
718: <h3><font color="#e00000">Notes about the source code:</font></h3>
719: <ul>
720: src.tar.gz contains a source archive starting at /usr/src. This file
721: contains everything you need except for the kernel sources, which are
722: in a separate archive. To extract:
723: <p>
724: <ul><pre>
725: # <strong>mkdir -p /usr/src</strong>
726: # <strong>cd /usr/src</strong>
727: # <strong>tar xvfz /tmp/src.tar.gz</strong>
728: </pre></ul>
729: <p>
730: sys.tar.gz contains a source archive starting at /usr/src/sys.
731: This file contains all the kernel sources you need to rebuild kernels.
732: To extract:
733: <p>
734: <ul><pre>
735: # <strong>mkdir -p /usr/src/sys</strong>
736: # <strong>cd /usr/src</strong>
737: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
738: </pre></ul>
739: <p>
740: Both of these trees are a regular CVS checkout. Using these trees it
741: is possible to get a head-start on using the anoncvs servers as
742: described <a href="anoncvs.html">here</a>.
743: Using these files
744: results in a much faster initial CVS update than you could expect from
745: a fresh checkout of the full OpenBSD source tree.
746: <p>
747: </ul>
748:
749: <a name="upgrade"></a>
750: <hr>
751: <p>
752: <h3><font color="#0000e0">How to upgrade</font></h3>
753: <p>
754: If you already have an OpenBSD 4.0 system, and do not want to reinstall,
755: upgrade instructions and advice can be found in the
756: <a href="faq/upgrade41.html">Upgrade Guide</a>.
757:
758: <a name="ports"></a>
759: <hr>
760: <p>
761: <h3><font color="#0000e0">Ports Tree</font></h3>
762: <p>
763: A ports tree archive is also provided. To extract:
764: <p>
765: <ul><pre>
766: # <strong>cd /usr</strong>
767: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
768: # <strong>cd ports</strong>
769: </pre></ul>
770: <p>
771: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
772: read the <a href="ports.html">ports</a> page
773: if you know nothing about ports
774: at this point. This text is not a manual of how to use ports.
775: Rather, it is a set of notes meant to kickstart the user on the
776: OpenBSD ports system.
777: <p>
778: The <i>ports/</i> directory represents a CVS (see the manpage for
779: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
780: cvs(1)</a> if
781: you aren't familiar with CVS) checkout of our ports. As with our complete
782: source tree, our ports tree is available via anoncvs. So, in
783: order to keep current with it, you must make the <i>ports/</i> tree
784: available on a read-write medium and update the tree with a command
785: like:
786: <p>
787: <ul><pre>
788: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_0</strong>
789: </pre></ul>
790: <p>
791: [Of course, you must replace the local directory and server name here
792: with the location of your ports collection and a nearby anoncvs
793: server.]
794: <p>
795: Note that most ports are available as packages through FTP. Updated
796: packages for the 4.1 release will be made available if problems arise.
797: <p>
798: If you're interested in seeing a port added, would like to help out, or just
799: would like to know more, the mailing list ports@openbsd.org is a good
800: place to know.
801: <p>
802:
803: <hr>
804: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
805: alt="OpenBSD"></a>
806: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
807: <br><small>
1.3 ! deraadt 808: $OpenBSD: 41.html,v 1.2 2007/03/06 00:39:46 deraadt Exp $
1.1 deraadt 809: </small>
810:
811: </body>
812: </html>