Annotation of www/43.html, Revision 1.109
1.101 bentley 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
1.84 deraadt 5: <title>OpenBSD 4.3</title>
1.1 david 6: <meta name="description" content="OpenBSD 4.3">
1.94 tj 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.96 tb 9: <link rel="canonical" href="https://www.openbsd.org/43.html">
1.1 david 10:
1.101 bentley 11: <h2 id=OpenBSD>
1.1 david 12: <a href="index.html">
1.101 bentley 13: <i>Open</i><b>BSD</b></a>
14: 4.3
1.94 tj 15: </h2>
1.1 david 16:
1.101 bentley 17: <table>
18: <tr>
19: <td>
1.26 david 20: <a href="images/Cryptonaut.jpg">
1.101 bentley 21: <img width="227" height="343"
22: src="images/Cryptonaut.jpg" alt="Cryptonaut"></a>
23: <td>
1.81 deraadt 24: Released May 1, 2008<br>
1.1 david 25: Copyright 1997-2008, Theo de Raadt.<br>
1.101 bentley 26: <cite class=isbn>ISBN 978-0-9784475-1-9</cite>
1.1 david 27: <br>
1.91 deraadt 28: 4.3 Song: <a href="lyrics.html#43">"Home to Hypocrisy"</a>
1.100 deraadt 29: <br>
30: <br>
1.1 david 31: <ul>
1.107 deraadt 32: <li>See the information on <a href="ftp.html">the FTP page</a> for
1.1 david 33: a list of mirror machines.
1.101 bentley 34: <li>Go to the <code class=reldir>pub/OpenBSD/4.3/</code> directory on
1.1 david 35: one of the mirror sites.
36: <li>Have a look at <a href="errata43.html">The 4.3 Errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus43.html">detailed log of changes</a> between the
39: 4.2 and 4.3 releases.
40: </ul>
1.94 tj 41: <p>
42: All applicable copyrights and credits are in the src.tar.gz,
43: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
1.106 deraadt 44: files fetched via <code>ports.tar.gz</code>.
1.101 bentley 45: </table>
1.94 tj 46:
47: <hr>
1.1 david 48:
1.101 bentley 49: <section id=new>
50: <h3>What's New</h3>
1.1 david 51: <p>
52: This is a partial list of new features and systems included in OpenBSD 4.3.
53: For a comprehensive list, see the <a href="plus43.html">changelog</a> leading
54: to 4.3.
55: <p>
56:
57: <ul>
58:
59: <li>New/extended platforms:
60: <ul>
1.41 miod 61: <li><a href="sparc64.html">OpenBSD/sparc64</a><br>
1.43 kettenis 62: SMP support. This should work on all supported systems,
63: with the exception of the Sun Enterprise 10000.
1.41 miod 64: <li><a href="hppa.html">OpenBSD/hppa</a><br>
1.3 kettenis 65: K-class servers like the K200 and K410 are supported now.
1.41 miod 66: <li><a href="mvme88k.html">OpenBSD/mvme88k</a><br>
67: SMP support on MVME188 and MVME188A systems.<br>
68: 88110 processor, and thus MVME197LE/SP/DP boards, are supported now.
1.103 deraadt 69: <li><a href="sgi.html">OpenBSD/sgi</a><br>
1.74 jsing 70: Contains many new drivers, however the kernel requires an
71: important errata fix.
1.1 david 72: </ul>
73: <p>
74:
75: <li>Improved hardware support, including:
76: <ul>
1.101 bentley 77: <li>The <a href="https://man.openbsd.org/bge.4">bge(4)</a> driver now supports BCM5906/BCM5906M 10/100 and BCM5755 10/100/Gigabit Ethernet devices.
78: <li>The <a href="https://man.openbsd.org/cas.4">cas(4)</a> driver now supports Cassini+ 10/100/Gigabit Ethernet devices.
79: <li>The <a href="https://man.openbsd.org/em.4">em(4)</a> driver now supports ICH9 10/100 and 10/100/Gigabit Ethernet devices.
80: <li>The <a href="https://man.openbsd.org/gem.4">gem(4)</a> driver now supports the onboard 1000base-SX interface on the Sun Fire V880 server.
81: <li>The <a href="https://man.openbsd.org/ixgb.4">ixgb(4)</a> driver now supports the Sun 10Gb PCI-X Ethernet devices.
82: <li>The <a href="https://man.openbsd.org/msk.4">msk(4)</a> driver now supports Yukon FE+ 10/100 and Yukon Supreme 10/100/Gigabit Ethernet devices.
83: <li>The <a href="https://man.openbsd.org/nfe.4">nfe(4)</a> driver now supports MCP73, MCP77 and MCP79 10/100/Gigabit Ethernet devices.
84: <li>The <a href="https://man.openbsd.org/ral.4">ral(4)</a> driver now supports RT2800 based wireless network devices.
85: <li>The <a href="https://man.openbsd.org/cmpci.4">cmpci(4)</a> driver now supports CMI8768 based audio adapters.
86: <li>The <a href="https://man.openbsd.org/it.4">it(4)</a> driver now supports ITE IT8705F/8712F/8716F/8718F/8726F and SiS SiS950 ICs. Watchdog timer functionality added.
87: <li>The <a href="https://man.openbsd.org/mfi.4">mfi(4)</a> driver now supports Dell CERC6/PERC6 and LSI SAS1078 RAID controllers.
88: <li>The <a href="https://man.openbsd.org/viapm.4">viapm(4)</a> driver now supports the VIA VT8237S south bridges SMBus controller.
1.35 jsg 89: <li>Support for hotplugging ExpressCard devices has been added.
1.101 bentley 90: <li>New <a href="https://man.openbsd.org/amd64/amdpcib.4">amdpcib(4)</a> driver for the AMD-8111 series LPC bridge and timecounter on amd64.
91: <li>New <a href="https://man.openbsd.org/amd64/pctr.4">pctr(4)</a> driver for the CPU performance counters on amd64.
92: <li>New <a href="https://man.openbsd.org/bwi.4">bwi(4)</a> driver for the Broadcom AirForce IEEE 802.11b/g wireless network device.
93: <li>New <a href="https://man.openbsd.org/envy.4">envy(4)</a> driver for the VIA Envy24 audio device.
94: <li>New <a href="https://man.openbsd.org/et.4">et(4)</a> driver for the Agere/LSI ET1310 10/100/Gigabit Ethernet device.
95: <li>New <a href="https://man.openbsd.org/etphy.4">etphy(4)</a> driver for the Agere/LSI ET1011 TruePHY Gigabit Ethernet PHY.
96: <li>New <a href="https://man.openbsd.org/i386/amdpcib.4">amdpcib(4)</a> driver for the AMD-8111 series LPC bridge and timecounter on i386.
97: <li>New <a href="https://man.openbsd.org/i386/glxpcib.4">glxpcib(4)</a> driver for the AMD CS5536 PCI-ISA bridge with timecounter, watchdog timer, and GPIO on i386.
98: <li>New <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> driver for the Intel Wireless WiFi Link 4965AGN IEEE 802.11a/b/g/Draft-N wireless network device.
99: <li>New <a href="https://man.openbsd.org/msts.4">msts(4)</a> line discipline to interface the Meinberg Standard Time String devices to provide a timedelta sensor.
100: <li>New <a href="https://man.openbsd.org/sgi/gbe.4">gbe(4)</a> driver for the SGI Graphics Back End (GBE) Frame Buffer on sgi.
101: <li>New <a href="https://man.openbsd.org/sgi/mkbc.4">mkbc(4)</a> driver for the Moosehead PS/2 Controller on sgi.
102: <li>New <a href="https://man.openbsd.org/sgi/power.4">power(4)</a> driver for the power button on sgi.
103: <li>New <a href="https://man.openbsd.org/sparc64/ecadc.4">ecadc(4)</a> driver for the Environmental Monitoring Subsystem temperature sensor on sparc64.
104: <li>New <a href="https://man.openbsd.org/sparc64/tda.4">tda(4)</a> driver for the fan controller on the Sun Blade 1000/2000, making these machines much less noisy.
105: <li>New <a href="https://man.openbsd.org/spdmem.4">spdmem(4)</a> driver retrieves information about memory modules.
106: <li>New <a href="https://man.openbsd.org/thmc.4">thmc(4)</a> driver for the TI THMC50, Analog ADM1022/1028 temperature sensor.
107: <li>New <a href="https://man.openbsd.org/uchcom.4">uchcom(4)</a> driver for the WinChipHead CH341/340 based USB serial adapter.
108: <li>New <a href="https://man.openbsd.org/umbg.4">umbg(4)</a> driver for the Meinberg Funkuhren USB5131 radio clock to provide
1.69 mbalmer 109: a timedelta sensor.
1.101 bentley 110: <li>New <a href="https://man.openbsd.org/upgt.4">upgt(4)</a> driver for the Conexant/Intersil PrismGT SoftMAC USB IEEE 802.11b/g wireless network device.
111: <li>New <a href="https://man.openbsd.org/wbng.4">wbng(4)</a> driver for the Winbond W83793G temperature, voltage, and fan sensor.
112: <li>New <a href="https://man.openbsd.org/wbsio.4">wbsio(4)</a> driver for the Winbond LPC Super I/O ICs.
113: <li>New <a href="https://man.openbsd.org/adl.4">adl(4)</a> driver for the Andigilog aSC7621 temperature, voltage, and fan sensor.
114: <li>The <a href="https://man.openbsd.org/siop.4">siop(4)</a> driver now supports the (non-PCI) NCR 53c720/770 in big-endian mode.
115: <li>New <a href="https://man.openbsd.org/lmn.4">lmn(4)</a> driver for the National Semiconductor LM93 sensor.
1.1 david 116: </ul>
117: <p>
118:
119: <li>New tools:
120: <ul>
1.101 bentley 121: <li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>, implementing the Simple Network Management Protocol.
122: <li>The <a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a> program controls the SNMP daemon.
123: <li>The <a href="https://man.openbsd.org/pcidump.8">pcidump(8)</a> utility displays the device address, vendor, and product name of PCI devices.
124: <li><a href="https://man.openbsd.org/ldattach.8">ldattach(8)</a> is used to attach a line discipline to a serial line to allow for in-kernel processing of the received and/or sent data.
1.1 david 125: </ul>
126: <p>
127:
128: <li>New functionality:
129: <ul>
1.101 bentley 130: <li><a href="https://man.openbsd.org/sparc/eeprom.8">eeprom(8)</a> is now able to display the OpenPROM device tree on systems that have it.
1.7 jasper 131: <li>Support for X11 on sgi has been added.
1.101 bentley 132: <li>The periodic <a href="https://man.openbsd.org/security.8">security(8)</a> reports now include package changes.
133: <li>The <a href="https://man.openbsd.org/cmpci.4">cmpci(4)</a> driver now supports multichannel audio playback if the hardware supports it.
134: <li>The <a href="https://man.openbsd.org/auvia.4">auvia(4)</a> driver now supports multichannel audio playback if the hardware supports it.
135: <li>The <a href="https://man.openbsd.org/auich.4">auich(4)</a> driver now supports recording from the microphone as well as full-duplex mode.
136: <li>The <a href="https://man.openbsd.org/eso.4">eso(4)</a> driver now supports recording as well as full-duplex mode.
1.31 otto 137: <li>The ffs layer is now 64-bit disk block address clean.
138: This means that disks, partitions and filesystems larger than 2TB are
1.103 deraadt 139: now supported, with the exception of statfs(2) and quotas.
1.45 krw 140: <li>DMA is now enabled for 1-sector devices such as flash drives, providing
141: significant speed improvement.
142: <li>Sparc and Sparc64 disklabels now provide automatic recognition of ext2fs
143: partitions.
144: <li>Filesystems on USB devices are automatically dismounted if the device is
145: disconnected.
1.101 bentley 146: <li>The configuration of <a href="https://man.openbsd.org/carp.4">carp(4)</a> load balancing has
1.46 mpf 147: been vastly simplified.
1.101 bentley 148: <li><a href="https://man.openbsd.org/fstab.5">
1.58 jj 149: fstab(5)</a> entries referring to non-existent mount points are now
1.47 krw 150: ignored, allowing subsequent entries to be processed.
1.50 sthen 151: <li>Additional configuration files can now be included in
1.101 bentley 152: <a href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a>.
153: <li><a href="https://man.openbsd.org/sppp.4">sppp(4)</a> now has IPv6 support.
154: <li><a href="https://man.openbsd.org/ipsec.conf.5">ipsec.conf(5)</a> now supports defining 192 and 256 bit keysizes for AES.
1.1 david 155: </ul>
156: <p>
157:
158: <li>Assorted improvements and code cleanup:
159: <ul>
1.101 bentley 160: <li>Improved support for an <a href="https://man.openbsd.org/lkm.4">lkm(4)</a> subsystem on amd64.
161: <li><a href="https://man.openbsd.org/ossaudio.3">ossaudio(3)</a> received several bug fixes and enhancements including but not limited to improved recording and full-duplex support.
162: <li><a href="https://man.openbsd.org/audio.4">audio(4)</a> received several bug fixes and enhancements including but not limited to improved recording and full-duplex support.
163: <li><a href="https://man.openbsd.org/make.1">make(1)</a> was heavily modified, mostly to improve support for parallel build.
1.22 espie 164: Parallel builds now run commands in the same way the sequential builds do,
165: and the output from commands is more readable.
166: A large part of the source tree, xenocara, and quite a few ports now build
167: correctly with <code>make -j</code>.
1.101 bentley 168: <li><a href="https://man.openbsd.org/rcs.1">rcs</a> tools improvements and bug fixes.
1.36 claudio 169: <li>RTM_VERSION was increased so that all routing messages could be modified
170: to include additional fields for upcoming networking features.
1.101 bentley 171: <li><a href="https://man.openbsd.org/sendbug.1">sendbug(1)</a>
1.42 ray 172: has stricter comment parsing, to avoid mangling diffs.
1.101 bentley 173: <li><a href="https://man.openbsd.org/umass.4">
1.45 krw 174: umass(4)</a> devices no longer detect bogus LUNs.
1.101 bentley 175: <li>USB<a href="https://man.openbsd.org/st.4">
1.47 krw 176: st(4)</a> devices can now successfully disconnect.
177: <li>More deviant umass devices accommodated.
1.101 bentley 178: <li><a href="https://man.openbsd.org/svnd.4">
1.48 krw 179: svnd(4)</a> devices now work on block devices.
1.101 bentley 180: <li><a href="https://man.openbsd.org/disklabel.8">
1.48 krw 181: disklabel(8)</a> is now aware of NTFS partitions.
1.101 bentley 182: <li><a href="https://man.openbsd.org/raidctl.8">
1.48 krw 183: raidctl(8)</a> now correctly handles trailing whitespace in configuration files.
1.101 bentley 184: <li><a href="https://man.openbsd.org/mt.1">
1.48 krw 185: mt(1)</a> no longer triggers panics when processing the 'rewoffl' command.
1.101 bentley 186: <li><a href="https://man.openbsd.org/raid.4">
1.48 krw 187: raid(4)</a> devices no longer hang when searching for components during boot.
1.101 bentley 188: <li><a href="https://man.openbsd.org/sd.4">
1.48 krw 189: sd(4)</a> devices no longer receive spurious SYNCHRONIZE CACHE commands that
190: confuse some hardware.
1.101 bentley 191: <li><a href="https://man.openbsd.org/sd.4">
1.58 jj 192: sd(4)</a> no longer claim that SYNCHRONIZE CACHE commands are 16 bytes long when they
1.48 krw 193: are actually 10 bytes. Some devices took this too literally.
1.101 bentley 194: <li><a href="https://man.openbsd.org/dhcpd.8">
1.48 krw 195: dhcpd(8)</a> now always issues packets equal or larger than the minimum IP MTU.
1.101 bentley 196: <li>The <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
1.49 krw 197: -E mode does not allow manual editing of the 'c' partition, which
198: is always set to cover the entire disk.
1.101 bentley 199: <li>The <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
1.49 krw 200: -E mode does not allow changing the cpg value of a partition.
1.101 bentley 201: <li>The <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
1.49 krw 202: -E mode command 'r' now displays the list of free chunks on the disk.
1.101 bentley 203: <li>The <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
1.49 krw 204: -E mode no longer permits assigning arbitrary sizes to FS_BOOT and FS_UNUSED
205: partitions.
1.101 bentley 206: <li>The <a href="https://man.openbsd.org/bge.4">bge(4)</a> driver problems receiving jumbo frames have been resolved.
1.55 deraadt 207: <li>Many dangerous unsigned comparisons with -1 when checking the
1.49 krw 208: results of read and write calls have been eliminated.
1.101 bentley 209: <li>The new M_ZERO flag for <a href="https://man.openbsd.org/malloc.9">malloc(9)</a>
1.49 krw 210: replaces many malloc+bzero/memset combinations, fixing a number of bugs
211: in memory initialization and shrinking the kernel.
1.101 bentley 212: <li><a href="https://man.openbsd.org/dhcpd.8">
1.54 krw 213: dhcpd(8)</a> now correctly constructs response packets that use the overflow buffers to store options.
214: <li>SCSI drivers are more reliable in MP machines due to better locking
215: around command completion.
216: <li>TCP responses to highly fragmented packets are now constructed without
217: risking corruption of kernel memory.
1.58 jj 218: <li>Sockets now allow 4095 multicast group memberships.
1.1 david 219: </ul>
220: <p>
221:
222: <li>Install/Upgrade process changes:
223: <ul>
1.44 krw 224: <li>All platforms now have serial console support when installing.
225: <li>Serial console speed is detected and appropriate /etc/ttys entries
226: automatically created.
1.55 deraadt 227: <li><a href="vax.html">OpenBSD/vax</a> now also has both kinds of install ISO CD images.
1.54 krw 228: <li>DNS server addresses are remembered if an install is restarted.
1.74 jsing 229: <li><a href="sgi.html">OpenBSD/sgi</a> can now be installed using the glass console.
1.1 david 230: </ul>
231: <p>
232:
233: <li>OpenBGPD 4.3:
234: <ul>
1.39 deraadt 235: <li>Correctly handle prefixes which would cause a routing loop.
1.101 bentley 236: <li><a href="https://man.openbsd.org/bgpctl.8">bgpctl</a>'s
1.51 sobrado 237: detailed RIB output shows additional attributes like extended
1.36 claudio 238: communities or the cluster id list.
1.1 david 239: </ul>
240: <p>
241:
242: <li>OpenNTPD 4.3:
243: <ul>
1.38 otto 244: <li>Handle IP changes of clients more gracefully.
1.37 otto 245: <li>Log peer and sensor status to syslog if the majority of either is
246: bad, or if a SIGINFO signal is received.
1.38 otto 247: <li>Allow offsetting of time sensors that have a systematic error.
1.1 david 248: </ul>
249: <p>
250:
251: <li>OpenOSPFD 4.3:
252: <ul>
1.101 bentley 253: <li>Equal cost multipath support – don't forget to set the right sysctls.
1.39 deraadt 254: <li>Parser and commandline options are now in sync with bgpd.
1.1 david 255: </ul>
256: <p>
257:
1.30 reyk 258: <li>relayd 4.3:
1.1 david 259: <ul>
1.101 bentley 260: <li><a href="https://man.openbsd.org/OpenBSD-4.2/hoststated.8">hoststated(8)</a>/<a href="https://man.openbsd.org/OpenBSD-4.2/hoststatectl.8">hoststatectl(8)</a>
1.30 reyk 261: were renamed to
1.101 bentley 262: <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>/<a href="https://man.openbsd.org/relayctl.8">relayctl(8)</a>.
263: <li>Improved configuration grammar for <a href="https://man.openbsd.org/relayd.conf.5">relayd.conf(5)</a>.
264: <li>Allow to send SNMP traps via <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> when host states change.
1.30 reyk 265: <li>Improved support for URL filtering and protocol actions.
266: <li>Added support for UDP-based DNS relaying with request ID randomisation.
267: <li>Various bug fixes, optimisations, and cleanups.
268: <li>Improved reload support.
1.1 david 269: </ul>
270: <p>
271:
272: <li>OpenSSH 4.8:
273: <ul>
1.33 djm 274: <li>New features:
275: <ul>
1.103 deraadt 276: <li>Added
1.101 bentley 277: <a href="https://man.openbsd.org/chroot.2">chroot(2)</a>
278: support for <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>,
1.33 djm 279: controlled by a new option
1.103 deraadt 280: <em>"ChrootDirectory"</em>. Please refer to
1.101 bentley 281: <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>
1.33 djm 282: for details, and
1.102 deraadt 283: please use this feature carefully.
1.33 djm 284: <li>Linked
1.101 bentley 285: <a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>
1.33 djm 286: into
1.101 bentley 287: <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>. The internal sftp server is
1.33 djm 288: used when the command <em>"internal-sftp"</em> is specified in a Subsystem
289: or ForceCommand declaration. When used with <em>ChrootDirectory</em>, the
290: internal sftp server requires no special configuration of files
1.103 deraadt 291: inside the chroot environment. Please refer to
1.101 bentley 292: <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>
1.102 deraadt 293: for more information.
1.33 djm 294: <li>Added a protocol extension method "posix-rename@openssh.com" for
1.101 bentley 295: <a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>
1.102 deraadt 296: to perform POSIX atomic rename() operations.
1.33 djm 297: <li>Removed the fixed limit of 100 file handles in
1.101 bentley 298: <a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>.
1.33 djm 299: The server will now dynamically allocate handles up to the number of
1.102 deraadt 300: available file descriptors.
1.101 bentley 301: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.33 djm 302: will now skip generation of SSH protocol 1 ephemeral server
303: keys when in inetd mode and protocol 2 connections are negotiated.
304: This speeds up protocol 2 connections to inetd-mode servers that
1.102 deraadt 305: also allow Protocol 1.
1.103 deraadt 306: <li>Accept the <em>PermitRootLogin</em> directive in a
1.101 bentley 307: <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>
1.33 djm 308: <em>Match</em>
309: block. Allows for, e.g. permitting root only from the local
1.102 deraadt 310: network.
1.103 deraadt 311: <li>Reworked
1.101 bentley 312: <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>
1.33 djm 313: argument splitting and escaping to be more
314: internally consistent (i.e. between sftp commands) and more
315: consistent with
1.101 bentley 316: <a href="https://man.openbsd.org/sh.1">sh(1)</a>.
1.33 djm 317: Please note that this will change the
318: interpretation of some quoted strings, especially those with
1.102 deraadt 319: embedded backslash escape sequences.
1.103 deraadt 320: <li>Support <em>"Banner=none"</em> in
1.101 bentley 321: <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>
1.33 djm 322: to disable sending of a
1.102 deraadt 323: pre-login banner (e.g. in a <em>Match</em> block).
1.101 bentley 324: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.33 djm 325: <em>ProxyCommand</em>s are now executed with $SHELL rather than
1.102 deraadt 326: /bin/sh.
1.101 bentley 327: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)'s</a>
1.33 djm 328: <em>ConnectTimeout</em> option is now applied to both the TCP
329: connection and the SSH banner exchange (previously it just covered
330: the TCP connection). This allows callers of
1.101 bentley 331: <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.33 djm 332: to better detect
333: and deal with stuck servers that accept a TCP connection but don't
334: progress the protocol, and also makes <em>ConnectTimeout</em> useful for
1.102 deraadt 335: connections via a <em>ProxyCommand</em>.
1.33 djm 336: <li>Many new regression tests, including interop tests against PuTTY's
1.102 deraadt 337: plink.
338: </ul>
1.33 djm 339: <li>The following significant bugs have been fixed in this release:
340: <ul>
341: <li>SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client
342: keepalive logic, causing disconnections on servers that did not
1.102 deraadt 343: explicitly implement "keepalive@openssh.com".
1.101 bentley 344: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.61 okan 345: used the obsolete SIG DNS RRtype for host keys in DNS,
1.102 deraadt 346: instead of the current standard RRSIG.
1.103 deraadt 347: <li>Correctly drain ACKs when a
1.101 bentley 348: <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>
1.33 djm 349: upload write fails midway,
1.102 deraadt 350: avoids a fatal() exit from what should be a recoverable condition.
1.33 djm 351: <li>Fixed packet size advertisements. Previously TCP and agent
352: forwarding incorrectly advertised the channel window size as the
1.102 deraadt 353: packet size, causing fatal errors under some conditions.
1.33 djm 354: <li><em>Many more bugfixes. Please refer to the
1.97 tb 355: <a href="https://www.openssh.com/txt/release-4.8">Release Notes</a>.</em>
1.103 deraadt 356:
1.102 deraadt 357: </ul>
1.1 david 358: </ul>
359: <p>
360:
361: <li>Over 4,900 ports, minor robustness improvements in package tools.
362: <li>Many pre-built packages for each architecture:
1.101 bentley 363: <ul style="column-count: 3">
1.52 deraadt 364: <li>i386: 4782
1.56 deraadt 365: <li>sparc64: 4613
1.62 deraadt 366: <li>alpha: 4233
1.79 pvalchev 367: <li>sh: 2046
1.52 deraadt 368: <li>amd64: 4708
1.57 deraadt 369: <li>powerpc: 4634
1.63 deraadt 370: <li>sparc: 3159
1.73 deraadt 371: <li>m68k: 830
1.80 pvalchev 372: <li>arm: 3377
1.65 deraadt 373: <li>hppa: 3971
1.78 pvalchev 374: <li>vax: 296
1.73 deraadt 375: <li>mips64: 1897
1.67 deraadt 376: <li>m88k: 27
1.101 bentley 377: </ul>
1.1 david 378: Some highlights:
379: <ul>
1.2 jasper 380: <li>Gnome 2.20.3.
381: <li>GNUstep 1.14.2.
1.64 jasper 382: <li>KDE 3.5.8.
1.2 jasper 383: <li>Mozilla Firefox 2.0.0.12.
384: <li>Mozilla Thunderbird 2.0.0.12.
385: <li>MySQL 5.0.51a.
386: <li>OpenMotif 2.3.0.
387: <li>OpenOffice.org 2.3.1.
388: <li>PostgreSQL 8.2.6.
389: <li>Xfce 4.4.2.
1.1 david 390: </ul>
391: <p>
392:
393: <li>As usual, steady improvements in manual pages and other documentation.
394: <p>
395:
396: <li>The system includes the following major components from outside suppliers:
397: <ul>
1.4 matthieu 398: <li>Xenocara (based on X.Org 7.3 + patches, freetype 2.3.5, fontconfig
1.1 david 399: 2.4.2, Mesa 7.0.2, xterm 232 and more)
400: <li>Gcc 2.95.3
1.101 bentley 401: (+ <a href="https://man.openbsd.org/gcc-local.1">patches</a>)
1.1 david 402: and 3.3.5
1.101 bentley 403: (+ <a href="https://man.openbsd.org/gcc-local.1">patches</a>)
1.1 david 404: <li>Perl 5.8.8 (+ patches)
405: <li>Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
406: <li>OpenSSL 0.9.7j (+ patches)
407: <li>Groff 1.15
408: <li>Sendmail 8.14.1, with libmilter
409: <li>Bind 9.4.2 (+ patches)
410: <li>Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
411: <li>Sudo 1.6.9p12
412: <li>Ncurses 5.2
413: <li>Latest KAME IPv6
414: <li>Heimdal 0.7.2 (+ patches)
415: <li>Arla 0.35.7
416: <li>Binutils 2.15 (+ patches)
417: <li>Gdb 6.3 (+ patches)
418: </ul>
419:
420: </ul>
1.101 bentley 421: </section>
1.1 david 422:
423: <hr>
1.101 bentley 424:
425: <section id=install>
426: <h3>How to install</h3>
1.1 david 427: <p>
428: Following this are the instructions which you would have on a piece of
429: paper if you had purchased a CDROM set instead of doing an alternate
430: form of install. The instructions for doing an FTP (or other style
431: of) install are very similar; the CDROM instructions are left intact
432: so that you can see how much easier it would have been if you had
433: purchased a CDROM instead.
434: <p>
435:
436: <hr>
437: Please refer to the following files on the three CDROMs or FTP mirror for
438: extensive details on how to install OpenBSD 4.3 on your machine:
439: <p>
440: <ul>
1.104 deraadt 441: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/i386/INSTALL.i386">
442: .../OpenBSD/4.3/i386/INSTALL.i386 (on CD1)</a>
1.1 david 443: <p>
1.104 deraadt 444: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/amd64/INSTALL.amd64">
445: .../OpenBSD/4.3/amd64/INSTALL.amd64 (on CD2)</a>
446: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/macppc/INSTALL.macppc">
447: .../OpenBSD/4.3/macppc/INSTALL.macppc (on CD2)</a>
448: <p>
449: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/sparc64/INSTALL.sparc64">
450: .../OpenBSD/4.3/sparc64/INSTALL.sparc64 (on CD3)</a>
451: <p>
452: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/alpha/INSTALL.alpha">
453: .../OpenBSD/4.3/alpha/INSTALL.alpha</a>
454: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/armish/INSTALL.armish">
455: .../OpenBSD/4.3/armish/INSTALL.armish</a>
456: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/hp300/INSTALL.hp300">
457: .../OpenBSD/4.3/hp300/INSTALL.hp300</a>
458: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/hppa/INSTALL.hppa">
459: .../OpenBSD/4.3/hppa/INSTALL.hppa</a>
460: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/landisk/INSTALL.landisk">
461: .../OpenBSD/4.3/landisk/INSTALL.landisk</a>
462: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/mac68k/INSTALL.mac68k">
463: .../OpenBSD/4.3/mac68k/INSTALL.mac68k</a>
464: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/mvme68k/INSTALL.mvme68k">
465: .../OpenBSD/4.3/mvme68k/INSTALL.mvme68k</a>
466: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/mvme88k/INSTALL.mvme88k">
467: .../OpenBSD/4.3/mvme88k/INSTALL.mvme88k</a>
468: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/sgi/INSTALL.sgi">
469: .../OpenBSD/4.3/sgi/INSTALL.sgi</a>
470: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/sparc/INSTALL.sparc">
471: .../OpenBSD/4.3/sparc/INSTALL.sparc</a>
472: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/vax/INSTALL.vax">
473: .../OpenBSD/4.3/vax/INSTALL.vax</a>
474: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/4.3/zaurus/INSTALL.zaurus">
475: .../OpenBSD/4.3/zaurus/INSTALL.zaurus</a>
1.1 david 476: </ul>
1.104 deraadt 477: </section>
478:
1.1 david 479: <hr>
480:
1.101 bentley 481: <section id=quickinstall>
482:
1.1 david 483: <p>
484: Quick installer information for people familiar with OpenBSD, and the
485: use of the "disklabel -E" command. If you are at all confused when
486: installing OpenBSD, read the relevant INSTALL.* file as listed above!
1.101 bentley 487:
488: <h3>OpenBSD/i386:</h3>
489:
1.1 david 490: <p>
491: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
492: release is on CD1. If your BIOS does not support booting from CD, you will need
493: to create a boot floppy to install from. To create a boot floppy write
494: <i>CD1:4.3/i386/floppy43.fs</i> to a floppy and boot via the floppy drive.
495:
496: <p>
497: Use <i>CD1:4.3/i386/floppyB43.fs</i> instead for greater SCSI controller
498: support, or <i>CD1:4.3/i386/floppyC43.fs</i> for better laptop support.
499:
500: <p>
501: If you can't boot from a CD or a floppy disk,
502: you can install across the network using PXE as described in
503: the included INSTALL.i386 document.
504:
505: <p>
506: If you are planning on dual booting OpenBSD with another OS, you will need to
507: read INSTALL.i386.
508:
509: <p>
510: To make a boot floppy under MS-DOS, use the "rawrite" utility located
511: at <i>CD1:4.3/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
512: use the
1.101 bentley 513: <a href="https://man.openbsd.org/dd.1">dd(1)</a>
1.1 david 514: utility. The following is an example usage of
1.101 bentley 515: <a href="https://man.openbsd.org/dd.1">dd(1)</a>,
1.1 david 516: where the device could be "floppy", "rfd0c", or
517: "rfd0a".
518:
1.101 bentley 519: <blockquote><pre>
1.104 deraadt 520: # <kbd>dd if=<file> of=/dev/<device> bs=32k</kbd>
1.101 bentley 521: </pre></blockquote>
1.1 david 522:
523: <p>
524: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
525: your install will most likely fail. For more information on creating a boot
526: floppy and installing OpenBSD/i386 please refer to
1.95 tj 527: <a href="faq/faq4.html#MkFlop">this page</a>.
1.101 bentley 528:
529: <h3>OpenBSD/amd64:</h3>
1.1 david 530:
531: <p>
532: The 4.3 release of OpenBSD/amd64 is located on CD2.
533: Boot from the CD to begin the install - you may need to adjust
534: your BIOS options first.
535: If you can't boot from the CD, you can create a boot floppy to install from.
536: To do this, write <i>CD2:4.3/amd64/floppy43.fs</i> to a floppy, then
537: boot from the floppy drive.
538:
539: <p>
540: If you can't boot from a CD or a floppy disk,
541: you can install across the network using PXE as described in the included
542: INSTALL.amd64 document.
543:
544: <p>
545: If you are planning to dual boot OpenBSD with another OS, you will need to
546: read INSTALL.amd64.
1.101 bentley 547:
548: <h3>OpenBSD/macppc:</h3>
1.1 david 549:
550: <p>
551: Put CD2 in your CDROM drive and poweron your machine while holding down the
552: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
553:
554: <p>
555: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
556: /4.3/macppc/bsd.rd</i>
1.101 bentley 557:
558: <h3>OpenBSD/sparc64:</h3>
1.1 david 559:
560: <p>
561: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
562:
563: <p>
564: If this doesn't work, or if you don't have a CDROM drive, you can write
565: <i>CD3:4.3/sparc64/floppy43.fs</i> or <i>CD3:4.3/sparc64/floppyB43.fs</i>
566: (depending on your machine) to a floppy and boot it with <i>boot
567: floppy</i>. Refer to INSTALL.sparc64 for details.
568:
569: <p>
570: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
571: will most likely fail.
572:
573: <p>
574: You can also write <i>CD3:4.3/sparc64/miniroot43.fs</i> to the swap partition on
575: the disk and boot with <i>boot disk:b</i>.
576:
577: <p>
578: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1.101 bentley 579:
580: <h3>OpenBSD/alpha:</h3>
1.1 david 581:
582: <p>
1.104 deraadt 583: Write <i>4.3/alpha/floppy43.fs</i> or
584: <i>4.3/alpha/floppyB43.fs</i> (depending on your machine) to a diskette and
1.1 david 585: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
586:
587: <p>
588: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
589: will most likely fail.
590:
1.101 bentley 591: <h3>OpenBSD/armish:</h3>
1.1 david 592:
593: <p>
594: After connecting a serial port, Thecus can boot directly from the network
595: either tftp or http. Configure the network using fconfig, reset,
596: then load bsd.rd, see INSTALL.armish for specific details.
597: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
598: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
599: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
600: More details are available in INSTALL.armish.
601:
1.101 bentley 602: <h3>OpenBSD/hp300:</h3>
603:
1.1 david 604: <p>
605: Boot over the network by following the instructions in INSTALL.hp300.
1.101 bentley 606:
607: <h3>OpenBSD/hppa:</h3>
1.1 david 608:
609: <p>
610: Boot over the network by following the instructions in INSTALL.hppa or the
611: <a href="hppa.html#install">hppa platform page</a>.
612:
1.101 bentley 613: <h3>OpenBSD/landisk:</h3>
614:
1.1 david 615: <p>
616: Write <i>miniroot43.fs</i> to the start of the CF
617: or disk, and boot normally.
1.101 bentley 618:
619: <h3>OpenBSD/mac68k:</h3>
1.1 david 620:
621: <p>
622: Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from
1.104 deraadt 623: <i>4.3/mac68k/utils</i> onto your hard disk. Configure the "BSD/Mac68k
1.1 david 624: Booter" with the location of your bsd.rd kernel and boot into the installer.
625: Refer to the instructions in INSTALL.mac68k for more details.
626:
1.101 bentley 627: <h3>OpenBSD/mvme68k:</h3>
628:
1.1 david 629: <p>
630: You can create a bootable installation tape or boot over the network.<br>
631: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
632: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
633: for more details.
1.101 bentley 634:
635: <h3>OpenBSD/mvme88k:</h3>
1.1 david 636:
637: <p>
638: You can create a bootable installation tape or boot over the network.<br>
639: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
640: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
641: for more details.
1.101 bentley 642:
643: <h3>OpenBSD/sparc:</h3>
1.1 david 644:
645: <p>
646: Boot from one of the provided install ISO images, using one of the two
647: commands listed below, depending on the version of your ROM.
648:
1.101 bentley 649: <blockquote><pre>
650: ok <kbd>boot cdrom 4.3/sparc/bsd.rd</kbd>
1.1 david 651: or
1.101 bentley 652: > <kbd>b sd(0,6,0)4.3/sparc/bsd.rd</kbd>
653: </pre></blockquote>
1.1 david 654:
655: <p>
656: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
657: To do so you need to write <i>floppy43.fs</i> to a floppy.
1.95 tj 658: For more information see <a href="faq/faq4.html#MkFlop">this page</a>.
1.1 david 659: To boot from the floppy use one of the two commands listed below,
660: depending on the version of your ROM.
661:
1.101 bentley 662: <blockquote><pre>
663: ok <kbd>boot floppy</kbd>
1.1 david 664: or
1.101 bentley 665: > <kbd>b fd()</kbd>
666: </pre></blockquote>
1.1 david 667:
668: <p>
669: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
670: will most likely fail.
671:
672: <p>
673: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
674: setup a bootable tape, or install via network, as told in the
675: INSTALL.sparc file.
676:
1.101 bentley 677: <h3>OpenBSD/sgi:</h3>
678:
1.1 david 679: <p>
680: Burn cd43.iso on a CD-R, put it in the CD drive of your machine and
681: select <i>Install System Software</i> from the System Maintenance menu.
682:
683: <p>
684: If your machine doesn't have a CD drive, you can
685: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd".
686: Refer to the instructions in INSTALL.sgi for more details.
1.101 bentley 687:
688: <h3>OpenBSD/vax:</h3>
1.1 david 689:
690: <p>
691: Boot over the network via mopbooting as described in INSTALL.vax.
1.101 bentley 692:
693: <h3>OpenBSD/zaurus:</h3>
1.1 david 694:
695: <p>
696: Using the Linux built-in graphical ipkg installer, install the
697: openbsd43_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
698: for a few important details.
1.104 deraadt 699: </section>
1.101 bentley 700:
1.104 deraadt 701: <hr>
1.101 bentley 702:
703: <section id=sourcecode>
1.104 deraadt 704: <h3>Notes about the source code</h3>
1.1 david 705: <p>
1.106 deraadt 706: <code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
707: This file contains everything you need except for the kernel sources, which are
1.1 david 708: in a separate archive. To extract:
1.101 bentley 709: <blockquote><pre>
710: # <kbd>mkdir -p /usr/src</kbd>
711: # <kbd>cd /usr/src</kbd>
712: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
713: </pre></blockquote>
1.1 david 714: <p>
1.106 deraadt 715: <code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
1.1 david 716: This file contains all the kernel sources you need to rebuild kernels.
717: To extract:
1.101 bentley 718: <blockquote><pre>
719: # <kbd>mkdir -p /usr/src/sys</kbd>
720: # <kbd>cd /usr/src</kbd>
1.104 deraadt 721: # <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
1.101 bentley 722: </pre></blockquote>
1.1 david 723: <p>
724: Both of these trees are a regular CVS checkout. Using these trees it
725: is possible to get a head-start on using the anoncvs servers as
726: described <a href="anoncvs.html">here</a>.
727: Using these files
728: results in a much faster initial CVS update than you could expect from
729: a fresh checkout of the full OpenBSD source tree.
1.101 bentley 730: </section>
731:
1.1 david 732: <hr>
1.101 bentley 733:
734: <section id=upgrade>
735: <h3>How to upgrade</h3>
1.1 david 736: <p>
737: If you already have an OpenBSD 4.2 system, and do not want to reinstall,
738: upgrade instructions and advice can be found in the
739: <a href="faq/upgrade43.html">Upgrade Guide</a>.
1.101 bentley 740: </section>
1.1 david 741:
742: <hr>
1.101 bentley 743:
744: <section id=ports>
745: <h3>Ports Tree</h3>
1.1 david 746: <p>
747: A ports tree archive is also provided. To extract:
1.101 bentley 748: <blockquote><pre>
749: # <kbd>cd /usr</kbd>
750: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
751: </pre></blockquote>
1.1 david 752: <p>
753: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
1.82 jasper 754: read the <a href="faq/faq15.html">ports</a> page
1.1 david 755: if you know nothing about ports
756: at this point. This text is not a manual of how to use ports.
757: Rather, it is a set of notes meant to kickstart the user on the
758: OpenBSD ports system.
759: <p>
760: The <i>ports/</i> directory represents a CVS (see the manpage for
1.105 bentley 761: <a href="https://man.openbsd.org/cvs.1">cvs(1)</a> if
1.1 david 762: you aren't familiar with CVS) checkout of our ports. As with our complete
763: source tree, our ports tree is available via anoncvs. So, in
764: order to keep current with it, you must make the <i>ports/</i> tree
765: available on a read-write medium and update the tree with a command
766: like:
1.101 bentley 767: <blockquote><pre>
1.104 deraadt 768: # <kbd>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_3</kbd>
1.101 bentley 769: </pre></blockquote>
1.1 david 770: <p>
771: [Of course, you must replace the local directory and server name here
772: with the location of your ports collection and a nearby anoncvs
773: server.]
774: <p>
1.104 deraadt 775: Note that most ports are available as packages on our mirrors. Updated
1.1 david 776: packages for the 4.3 release will be made available if problems arise.
777: <p>
778: If you're interested in seeing a port added, would like to help out, or just
1.104 deraadt 779: would like to know more, the mailing list
780: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1.101 bentley 781: </section>