Annotation of www/43.html, Revision 1.84
1.1 david 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
1.84 ! deraadt 4: <title>OpenBSD 4.3</title>
1.1 david 5: <meta name="resource-type" content="document">
6: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
7: <meta name="description" content="OpenBSD 4.3">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 2008 by OpenBSD.">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <a href="index.html">
16: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
17: <hr>
18:
19: <p>
1.26 david 20: <a href="images/Cryptonaut.jpg">
1.84 ! deraadt 21: <img align="left" width="227" height="343" hspace="24"
1.24 deraadt 22: src="images/Cryptonaut.jpg" alt="OpenBSD 4.3 logo"></a>
1.84 ! deraadt 23: <h2><font color="#0000e0">OpenBSD 4.3</font></h2>
1.1 david 24: <p>
1.81 deraadt 25: Released May 1, 2008<br>
1.1 david 26: Copyright 1997-2008, Theo de Raadt.<br>
1.16 deraadt 27: <font color="#e00000">ISBN 978-0-9784475-1-9</font>
1.1 david 28: <br>
1.72 deraadt 29: <a href="lyrics.html#43">4.3 Song: "Home to Hypocrisy"</a>
1.1 david 30: <p>
31: <ul>
32: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
33: <li>See the information on <a href="ftp.html">The FTP page</a> for
34: a list of mirror machines.
35: <li>Go to the <font color="#e00000">pub/OpenBSD/4.3/</font> directory on
36: one of the mirror sites.
37: <li>Briefly read the rest of this document.
38: <li>Have a look at <a href="errata43.html">The 4.3 Errata page</a> for a list
39: of bugs and workarounds.
40: <li>See a <a href="plus43.html">detailed log of changes</a> between the
41: 4.2 and 4.3 releases.
42: </ul>
43: <br clear=all>
1.84 ! deraadt 44: All applicable copyrights and credits can be found in the applicable
! 45: file sources found in the files src.tar.gz, sys.tar.gz,
! 46: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
! 47: distribution files used to build packages from the ports.tar.gz file
! 48: are not included on the CDROM because of lack of space.
1.1 david 49: <p>
50:
51: <a name="new"></a>
52: <hr>
53: <p>
54: <h3><font color="#0000e0">What's New</font></h3>
55: <p>
56: This is a partial list of new features and systems included in OpenBSD 4.3.
57: For a comprehensive list, see the <a href="plus43.html">changelog</a> leading
58: to 4.3.
59: <p>
60:
61: <ul>
62:
63: <li>New/extended platforms:
64: <ul>
1.41 miod 65: <li><a href="sparc64.html">OpenBSD/sparc64</a><br>
1.43 kettenis 66: SMP support. This should work on all supported systems,
67: with the exception of the Sun Enterprise 10000.
1.41 miod 68: <li><a href="hppa.html">OpenBSD/hppa</a><br>
1.3 kettenis 69: K-class servers like the K200 and K410 are supported now.
1.41 miod 70: <li><a href="mvme88k.html">OpenBSD/mvme88k</a><br>
71: SMP support on MVME188 and MVME188A systems.<br>
72: 88110 processor, and thus MVME197LE/SP/DP boards, are supported now.
1.74 jsing 73: <li><a href="sgi.html">OpenBSD/sgi</a><br>
74: Contains many new drivers, however the kernel requires an
75: important errata fix.
1.1 david 76: </ul>
77: <p>
78:
79: <li>Improved hardware support, including:
80: <ul>
1.20 kettenis 81: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a> driver now supports BCM5906/BCM5906M 10/100 and BCM5755 10/100/Gigabit Ethernet devices.
82: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cas&sektion=4">cas(4)</a> driver now supports Cassini+ 10/100/Gigabit Ethernet devices.
83: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> driver now supports ICH9 10/100 and 10/100/Gigabit Ethernet devices.
84: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a> driver now supports the onboard 1000base-SX interface on the Sun Fire V880 server.
85: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ixgb&sektion=4">ixgb(4)</a> driver now supports the Sun 10Gb PCI-X Ethernet devices.
86: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msk&sektion=4">msk(4)</a> driver now supports Yukon FE+ 10/100 and Yukon Supreme 10/100/Gigabit Ethernet devices.
87: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfe&sektion=4">nfe(4)</a> driver now supports MCP73, MCP77 and MCP79 10/100/Gigabit Ethernet devices.
1.29 damien 88: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ral&sektion=4">ral(4)</a> driver now supports RT2800 based wireless network devices.
1.20 kettenis 89: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cmpci&sektion=4">cmpci(4)</a> driver now supports CMI8768 based audio adapters.
90: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=it&sektion=4">it(4)</a> driver now supports ITE IT8705F/8712F/8716F/8718F/8726F and SiS SiS950 ICs. Watchdog timer functionality added.
91: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mfi&sektion=4">mfi(4)</a> driver now supports Dell CERC6/PERC6 and LSI SAS1078 RAID controllers.
92: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=viapm&sektion=4">viapm(4)</a> driver now supports the VIA VT8237S south bridges SMBus controller.
1.35 jsg 93: <li>Support for hotplugging ExpressCard devices has been added.
1.20 kettenis 94: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpcib&sektion=4&arch=amd64">amdpcib(4)</a> driver for the AMD-8111 series LPC bridge and timecounter on amd64.
95: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pctr&sektion=4&arch=amd64">pctr(4)</a> driver for the CPU performance counters on amd64.
96: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwi&sektion=4">bwi(4)</a> driver for the Broadcom AirForce IEEE 802.11b/g wireless network device.
97: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=envy&sektion=4">envy(4)</a> driver for the VIA Envy24 audio device.
98: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=et&sektion=4">et(4)</a> driver for the Agere/LSI ET1310 10/100/Gigabit Ethernet device.
99: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=etphy&sektion=4">etphy(4)</a> driver for the Agere/LSI ET1011 TruePHY Gigabit Ethernet PHY.
100: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpcib&sektion=4&arch=i386">amdpcib(4)</a> driver for the AMD-8111 series LPC bridge and timecounter on i386.
101: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcib&sektion=4&arch=i386">glxpcib(4)</a> driver for the AMD CS5536 PCI-ISA bridge with timecounter, watchdog timer, and GPIO on i386.
1.29 damien 102: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iwn&sektion=4">iwn(4)</a> driver for the Intel Wireless WiFi Link 4965AGN IEEE 802.11a/b/g/Draft-N wireless network device.
1.68 mbalmer 103: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msts&sektion=4">msts(4)</a> line discipline to interface the Meinberg Standard Time String devices to provide a timedelta sensor.
1.20 kettenis 104: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gbe&sektion=4&arch=sgi">gbe(4)</a> driver for the SGI Graphics Back End (GBE) Frame Buffer on sgi.
105: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkbc&sektion=4&arch=sgi">mkbc(4)</a> driver for the Moosehead PS/2 Controller on sgi.
106: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=power&sektion=4&arch=sgi">power(4)</a> driver for the power button on sgi.
107: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ecadc&sektion=4&arch=sparc64">ecadc(4)</a> driver for the Environmental Monitoring Subsystem temperature sensor on sparc64.
108: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tda&sektion=4&arch=sparc64">tda(4)</a> driver for the fan controller on the Sun Blade 1000/2000, making these machines much less noisy.
109: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spdmem&sektion=4">spdmem(4)</a> driver retrieves information about memory modules.
110: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=thmc&sektion=4">thmc(4)</a> driver for the TI THMC50, Analog ADM1022/1028 temperature sensor.
111: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uchcom&sektion=4">uchcom(4)</a> driver for the WinChipHead CH341/340 based USB serial adapter.
1.69 mbalmer 112: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umbg&sektion=4">umbg(4)</a> driver for the Meinberg Funkuhren USB5131 radio clock to provide
113: a timedelta sensor.
1.20 kettenis 114: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upgt&sektion=4">upgt(4)</a> driver for the Conexant/Intersil PrismGT SoftMAC USB IEEE 802.11b/g wireless network device.
115: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wbng&sektion=4">wbng(4)</a> driver for the Winbond W83793G temperature, voltage, and fan sensor.
116: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wbsio&sektion=4">wbsio(4)</a> driver for the Winbond LPC Super I/O ICs.
117: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adl&sektion=4">adl(4)</a> driver for the Andigilog aSC7621 temperature, voltage, and fan sensor.
1.70 sthen 118: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a> driver now supports the (non-PCI) NCR 53c720/770 in big-endian mode.
1.58 jj 119: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmn&sektion=4">lmn(4)</a> driver for the National Semiconductor LM93 sensor.
1.1 david 120: </ul>
121: <p>
122:
123: <li>New tools:
124: <ul>
1.20 kettenis 125: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snmpd&sektion=8">snmpd(8)</a>, implementing the Simple Network Management Protocol.
126: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snmpctl&sektion=8">snmpctl(8)</a> program controls the SNMP daemon.
127: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcidump&sektion=8">pcidump(8)</a> utility displays the device address, vendor, and product name of PCI devices.
128: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldattach&sektion=8">ldattach(8)</a> is used to attach a line discipline to a serial line to allow for in-kernel processing of the received and/or sent data.
1.1 david 129: </ul>
130: <p>
131:
132: <li>New functionality:
133: <ul>
1.20 kettenis 134: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eeprom&sektion=8&arch=sparc">eeprom(8)</a> is now able to display the OpenPROM device tree on systems that have it.
1.7 jasper 135: <li>Support for X11 on sgi has been added.
1.28 jasper 136: <li>The periodic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=security&sektion=8">security(8)</a> reports now include package changes.
1.25 jakemsr 137: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cmpci&sektion=4">cmpci(4)</a> driver now supports multichannel audio playback if the hardware supports it.
138: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a> driver now supports multichannel audio playback if the hardware supports it.
139: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auich&sektion=4">auich(4)</a> driver now supports recording from the microphone as well as full-duplex mode.
140: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eso&sektion=4">eso(4)</a> driver now supports recording as well as full-duplex mode.
1.31 otto 141: <li>The ffs layer is now 64-bit disk block address clean.
142: This means that disks, partitions and filesystems larger than 2TB are
1.32 sobrado 143: now supported, with the exception of statfs(2) and quotas.
1.45 krw 144: <li>DMA is now enabled for 1-sector devices such as flash drives, providing
145: significant speed improvement.
146: <li>Sparc and Sparc64 disklabels now provide automatic recognition of ext2fs
147: partitions.
148: <li>Filesystems on USB devices are automatically dismounted if the device is
149: disconnected.
1.46 mpf 150: <li>The configuration of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> load balancing has
151: been vastly simplified.
1.47 krw 152: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstab&sektion=5">
1.58 jj 153: fstab(5)</a> entries referring to non-existent mount points are now
1.47 krw 154: ignored, allowing subsequent entries to be processed.
1.50 sthen 155: <li>Additional configuration files can now be included in
156: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
1.58 jj 157: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4&format=html">sppp(4)</a> now has IPv6 support.
1.76 johan 158: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf&sektion=5">ipsec.conf(5)</a> now supports defining 192 and 256 bit keysizes for AES.
1.1 david 159: </ul>
160: <p>
161:
162: <li>Assorted improvements and code cleanup:
163: <ul>
1.13 mikeb 164: <li>Improved support for an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lkm&sektion=4">lkm(4)</a> subsystem on amd64.
1.25 jakemsr 165: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ossaudio&sektion=3">ossaudio(3)</a> received several bug fixes and enhancements including but not limited to improved recording and full-duplex support.
166: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a> received several bug fixes and enhancements including but not limited to improved recording and full-duplex support.
1.22 espie 167: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a> was heavily modified, mostly to improve support for parallel build.
168: Parallel builds now run commands in the same way the sequential builds do,
169: and the output from commands is more readable.
170: A large part of the source tree, xenocara, and quite a few ports now build
171: correctly with <code>make -j</code>.
1.77 xsa 172: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">rcs</a> tools improvements and bug fixes.
1.36 claudio 173: <li>RTM_VERSION was increased so that all routing messages could be modified
174: to include additional fields for upcoming networking features.
1.42 ray 175: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendbug&sektion=1">sendbug(1)</a>
176: has stricter comment parsing, to avoid mangling diffs.
1.45 krw 177: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umass&sektion=4">
178: umass(4)</a> devices no longer detect bogus LUNs.
1.47 krw 179: <li>USB<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=st&sektion=4">
180: st(4)</a> devices can now successfully disconnect.
181: <li>More deviant umass devices accommodated.
1.48 krw 182: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=svnd&sektion=4">
183: svnd(4)</a> devices now work on block devices.
184: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">
185: disklabel(8)</a> is now aware of NTFS partitions.
186: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raidctl&sektion=8">
187: raidctl(8)</a> now correctly handles trailing whitespace in configuration files.
188: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mt&sektion=1">
189: mt(1)</a> no longer triggers panics when processing the 'rewoffl' command.
190: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">
191: raid(4)</a> devices no longer hang when searching for components during boot.
192: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sd&sektion=4">
193: sd(4)</a> devices no longer receive spurious SYNCHRONIZE CACHE commands that
194: confuse some hardware.
1.58 jj 195: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sd&sektion=4">
196: sd(4)</a> no longer claim that SYNCHRONIZE CACHE commands are 16 bytes long when they
1.48 krw 197: are actually 10 bytes. Some devices took this too literally.
198: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">
199: dhcpd(8)</a> now always issues packets equal or larger than the minimum IP MTU.
1.49 krw 200: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
201: -E mode does not allow manual editing of the 'c' partition, which
202: is always set to cover the entire disk.
203: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
204: -E mode does not allow changing the cpg value of a partition.
205: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
206: -E mode command 'r' now displays the list of free chunks on the disk.
207: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
208: -E mode no longer permits assigning arbitrary sizes to FS_BOOT and FS_UNUSED
209: partitions.
210: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a> driver problems receiving jumbo frames have been resolved.
1.55 deraadt 211: <li>Many dangerous unsigned comparisons with -1 when checking the
1.49 krw 212: results of read and write calls have been eliminated.
213: <li>The new M_ZERO flag for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=9">malloc(9)</a>
214: replaces many malloc+bzero/memset combinations, fixing a number of bugs
215: in memory initialization and shrinking the kernel.
1.54 krw 216: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">
217: dhcpd(8)</a> now correctly constructs response packets that use the overflow buffers to store options.
218: <li>SCSI drivers are more reliable in MP machines due to better locking
219: around command completion.
220: <li>TCP responses to highly fragmented packets are now constructed without
221: risking corruption of kernel memory.
1.58 jj 222: <li>Sockets now allow 4095 multicast group memberships.
1.1 david 223: </ul>
224: <p>
225:
226: <li>Install/Upgrade process changes:
227: <ul>
1.44 krw 228: <li>All platforms now have serial console support when installing.
229: <li>Serial console speed is detected and appropriate /etc/ttys entries
230: automatically created.
1.55 deraadt 231: <li><a href="vax.html">OpenBSD/vax</a> now also has both kinds of install ISO CD images.
1.54 krw 232: <li>DNS server addresses are remembered if an install is restarted.
1.74 jsing 233: <li><a href="sgi.html">OpenBSD/sgi</a> can now be installed using the glass console.
1.1 david 234: </ul>
235: <p>
236:
237: <li>OpenBGPD 4.3:
238: <ul>
1.39 deraadt 239: <li>Correctly handle prefixes which would cause a routing loop.
1.51 sobrado 240: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8">bgpctl</a>'s
241: detailed RIB output shows additional attributes like extended
1.36 claudio 242: communities or the cluster id list.
1.1 david 243: </ul>
244: <p>
245:
246: <li>OpenNTPD 4.3:
247: <ul>
1.38 otto 248: <li>Handle IP changes of clients more gracefully.
1.37 otto 249: <li>Log peer and sensor status to syslog if the majority of either is
250: bad, or if a SIGINFO signal is received.
1.38 otto 251: <li>Allow offsetting of time sensors that have a systematic error.
1.1 david 252: </ul>
253: <p>
254:
255: <li>OpenOSPFD 4.3:
256: <ul>
1.40 otto 257: <li>Equal cost multipath support -- don't forget to set the right sysctls.
1.39 deraadt 258: <li>Parser and commandline options are now in sync with bgpd.
1.1 david 259: </ul>
260: <p>
261:
1.30 reyk 262: <li>relayd 4.3:
1.1 david 263: <ul>
1.30 reyk 264: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hoststated&sektion=8&manpath=OpenBSD+4.2">hoststated(8)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hoststatectl&sektion=8&manpath=OpenBSD+4.2">hoststatectl(8)</a>
265: were renamed to
266: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayctl&sektion=8">relayctl(8)</a>.
267: <li>Improved configuration grammar for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd.conf&sektion=5">relayd.conf(5)</a>.
268: <li>Allow to send SNMP traps via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snmpd&sektion=8">snmpd(8)</a> when host states change.
269: <li>Improved support for URL filtering and protocol actions.
270: <li>Added support for UDP-based DNS relaying with request ID randomisation.
271: <li>Various bug fixes, optimisations, and cleanups.
272: <li>Improved reload support.
1.1 david 273: </ul>
274: <p>
275:
276: <li>OpenSSH 4.8:
277: <ul>
1.33 djm 278: <li>New features:
279: <ul>
280: <li>Added
281: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>
282: support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>,
283: controlled by a new option
284: <em>"ChrootDirectory"</em>. Please refer to
285: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
286: for details, and
287: please use this feature carefully.</li>
288: <li>Linked
289: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>
290: into
291: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>. The internal sftp server is
292: used when the command <em>"internal-sftp"</em> is specified in a Subsystem
293: or ForceCommand declaration. When used with <em>ChrootDirectory</em>, the
294: internal sftp server requires no special configuration of files
295: inside the chroot environment. Please refer to
296: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
297: for more information.</li>
298: <li>Added a protocol extension method "posix-rename@openssh.com" for
299: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>
300: to perform POSIX atomic rename() operations.</li>
301: <li>Removed the fixed limit of 100 file handles in
302: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>.
303: The server will now dynamically allocate handles up to the number of
304: available file descriptors.</li>
305: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
306: will now skip generation of SSH protocol 1 ephemeral server
307: keys when in inetd mode and protocol 2 connections are negotiated.
308: This speeds up protocol 2 connections to inetd-mode servers that
309: also allow Protocol 1.</li>
310: <li>Accept the <em>PermitRootLogin</em> directive in a
311: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
312: <em>Match</em>
313: block. Allows for, e.g. permitting root only from the local
314: network.</li>
315: <li>Reworked
316: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
317: argument splitting and escaping to be more
318: internally consistent (i.e. between sftp commands) and more
319: consistent with
320: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sh&sektion=1">sh(1)</a>.
321: Please note that this will change the
322: interpretation of some quoted strings, especially those with
323: embedded backslash escape sequences.</li>
324: <li>Support <em>"Banner=none"</em> in
325: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
326: to disable sending of a
327: pre-login banner (e.g. in a <em>Match</em> block).</li>
328: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
329: <em>ProxyCommand</em>s are now executed with $SHELL rather than
330: /bin/sh.</li>
331: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)'s</a>
332: <em>ConnectTimeout</em> option is now applied to both the TCP
333: connection and the SSH banner exchange (previously it just covered
334: the TCP connection). This allows callers of
335: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
336: to better detect
337: and deal with stuck servers that accept a TCP connection but don't
338: progress the protocol, and also makes <em>ConnectTimeout</em> useful for
339: connections via a <em>ProxyCommand</em>.</li>
340: <li>Many new regression tests, including interop tests against PuTTY's
1.55 deraadt 341: plink.</li>
1.33 djm 342: </ul></li>
343: <li>The following significant bugs have been fixed in this release:
344: <ul>
345: <li>SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client
346: keepalive logic, causing disconnections on servers that did not
347: explicitly implement "keepalive@openssh.com".</li>
348: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
1.61 okan 349: used the obsolete SIG DNS RRtype for host keys in DNS,
1.33 djm 350: instead of the current standard RRSIG.</li>
351: <li>Correctly drain ACKs when a
352: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
353: upload write fails midway,
354: avoids a fatal() exit from what should be a recoverable condition.</li>
355: <li>Fixed packet size advertisements. Previously TCP and agent
356: forwarding incorrectly advertised the channel window size as the
357: packet size, causing fatal errors under some conditions.</li>
358: <li><em>Many more bugfixes. Please refer to the
359: <a href="http://www.openssh.com/txt/release-4.8">Release Notes</a>.</em>
360: </li>
361: </ul></li>
1.1 david 362: </ul>
363: <p>
364:
365: <li>Over 4,900 ports, minor robustness improvements in package tools.
366: <li>Many pre-built packages for each architecture:
367: <table border=0 cellspacing=0 cellpadding=2 width="95%">
368: <tr>
1.67 deraadt 369: <td valign="top" width="25%">
1.1 david 370: <ul>
1.52 deraadt 371: <li>i386: 4782
1.56 deraadt 372: <li>sparc64: 4613
1.62 deraadt 373: <li>alpha: 4233
1.79 pvalchev 374: <li>sh: 2046
1.67 deraadt 375: </ul></td><td valign=top width="25%"><ul>
1.52 deraadt 376: <li>amd64: 4708
1.57 deraadt 377: <li>powerpc: 4634
1.63 deraadt 378: <li>sparc: 3159
1.73 deraadt 379: <li>m68k: 830
1.67 deraadt 380: </ul></td><td valign=top width="25%"><ul>
1.80 pvalchev 381: <li>arm: 3377
1.65 deraadt 382: <li>hppa: 3971
1.78 pvalchev 383: <li>vax: 296
1.73 deraadt 384: <li>mips64: 1897
1.67 deraadt 385: </ul></td><td valign=top width="25%"><ul>
386: <li>m88k: 27
1.1 david 387: </ul></td></tr></table>
388: Some highlights:
389: <ul>
1.2 jasper 390: <li>Gnome 2.20.3.
391: <li>GNUstep 1.14.2.
1.64 jasper 392: <li>KDE 3.5.8.
1.2 jasper 393: <li>Mozilla Firefox 2.0.0.12.
394: <li>Mozilla Thunderbird 2.0.0.12.
395: <li>MySQL 5.0.51a.
396: <li>OpenMotif 2.3.0.
397: <li>OpenOffice.org 2.3.1.
398: <li>PostgreSQL 8.2.6.
399: <li>Xfce 4.4.2.
1.1 david 400: </ul>
401: <p>
402:
403: <li>As usual, steady improvements in manual pages and other documentation.
404: <p>
405:
406: <li>The system includes the following major components from outside suppliers:
407: <ul>
1.4 matthieu 408: <li>Xenocara (based on X.Org 7.3 + patches, freetype 2.3.5, fontconfig
1.1 david 409: 2.4.2, Mesa 7.0.2, xterm 232 and more)
410: <li>Gcc 2.95.3
411: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
412: and 3.3.5
413: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
414: <li>Perl 5.8.8 (+ patches)
415: <li>Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
416: <li>OpenSSL 0.9.7j (+ patches)
417: <li>Groff 1.15
418: <li>Sendmail 8.14.1, with libmilter
419: <li>Bind 9.4.2 (+ patches)
420: <li>Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
421: <li>Sudo 1.6.9p12
422: <li>Ncurses 5.2
423: <li>Latest KAME IPv6
424: <li>Heimdal 0.7.2 (+ patches)
425: <li>Arla 0.35.7
426: <li>Binutils 2.15 (+ patches)
427: <li>Gdb 6.3 (+ patches)
428: </ul>
429: <p>
430:
431: </ul>
432:
433: <a name="install"></a>
434: <hr>
435: <p>
436: <h3><font color="#0000e0">How to install</font></h3>
437: <p>
438: Following this are the instructions which you would have on a piece of
439: paper if you had purchased a CDROM set instead of doing an alternate
440: form of install. The instructions for doing an FTP (or other style
441: of) install are very similar; the CDROM instructions are left intact
442: so that you can see how much easier it would have been if you had
443: purchased a CDROM instead.
444: <p>
445:
446: <hr>
447: Please refer to the following files on the three CDROMs or FTP mirror for
448: extensive details on how to install OpenBSD 4.3 on your machine:
449: <p>
450: <ul>
451: <li>CD1:4.3/i386/INSTALL.i386
452: <p>
453: <li>CD2:4.3/amd64/INSTALL.amd64
454: <li>CD2:4.3/macppc/INSTALL.macppc
455: <p>
456: <li>CD3:4.3/sparc64/INSTALL.sparc64
457: <p>
458: <li>FTP:.../OpenBSD/4.3/alpha/INSTALL.alpha
459: <li>FTP:.../OpenBSD/4.3/armish/INSTALL.armish
460: <li>FTP:.../OpenBSD/4.3/hp300/INSTALL.hp300
461: <li>FTP:.../OpenBSD/4.3/hppa/INSTALL.hppa
462: <li>FTP:.../OpenBSD/4.3/landisk/INSTALL.landisk
463: <li>FTP:.../OpenBSD/4.3/mac68k/INSTALL.mac68k
464: <li>FTP:.../OpenBSD/4.3/mvme68k/INSTALL.mvme68k
465: <li>FTP:.../OpenBSD/4.3/mvme88k/INSTALL.mvme88k
1.27 david 466: <li>FTP:.../OpenBSD/4.3/sgi/INSTALL.sgi
1.1 david 467: <li>FTP:.../OpenBSD/4.3/sparc/INSTALL.sparc
468: <li>FTP:.../OpenBSD/4.3/vax/INSTALL.vax
469: <li>FTP:.../OpenBSD/4.3/zaurus/INSTALL.zaurus
470: </ul>
471: <hr>
472:
473: <p>
474: Quick installer information for people familiar with OpenBSD, and the
475: use of the "disklabel -E" command. If you are at all confused when
476: installing OpenBSD, read the relevant INSTALL.* file as listed above!
477: <p>
478:
479: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
480: <ul>
481: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
482: release is on CD1. If your BIOS does not support booting from CD, you will need
483: to create a boot floppy to install from. To create a boot floppy write
484: <i>CD1:4.3/i386/floppy43.fs</i> to a floppy and boot via the floppy drive.
485:
486: <p>
487: Use <i>CD1:4.3/i386/floppyB43.fs</i> instead for greater SCSI controller
488: support, or <i>CD1:4.3/i386/floppyC43.fs</i> for better laptop support.
489:
490: <p>
491: If you can't boot from a CD or a floppy disk,
492: you can install across the network using PXE as described in
493: the included INSTALL.i386 document.
494:
495: <p>
496: If you are planning on dual booting OpenBSD with another OS, you will need to
497: read INSTALL.i386.
498:
499: <p>
500: To make a boot floppy under MS-DOS, use the "rawrite" utility located
501: at <i>CD1:4.3/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
502: use the
503: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
504: utility. The following is an example usage of
505: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
506: where the device could be "floppy", "rfd0c", or
507: "rfd0a".
508:
509: <ul><pre>
510: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
511: </pre></ul>
512:
513: <p>
514: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
515: your install will most likely fail. For more information on creating a boot
516: floppy and installing OpenBSD/i386 please refer to
517: <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
518: </ul>
519:
520: <p>
521: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
522: <ul>
523: The 4.3 release of OpenBSD/amd64 is located on CD2.
524: Boot from the CD to begin the install - you may need to adjust
525: your BIOS options first.
526: If you can't boot from the CD, you can create a boot floppy to install from.
527: To do this, write <i>CD2:4.3/amd64/floppy43.fs</i> to a floppy, then
528: boot from the floppy drive.
529:
530: <p>
531: If you can't boot from a CD or a floppy disk,
532: you can install across the network using PXE as described in the included
533: INSTALL.amd64 document.
534:
535: <p>
536: If you are planning to dual boot OpenBSD with another OS, you will need to
537: read INSTALL.amd64.
538: </ul>
539:
540: <p>
541: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
542: <ul>
543: Put CD2 in your CDROM drive and poweron your machine while holding down the
544: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
545:
546: <p>
547: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
548: /4.3/macppc/bsd.rd</i>
549: </ul>
550:
551: <p>
552: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
553: <ul>
554: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
555:
556: <p>
557: If this doesn't work, or if you don't have a CDROM drive, you can write
558: <i>CD3:4.3/sparc64/floppy43.fs</i> or <i>CD3:4.3/sparc64/floppyB43.fs</i>
559: (depending on your machine) to a floppy and boot it with <i>boot
560: floppy</i>. Refer to INSTALL.sparc64 for details.
561:
562: <p>
563: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
564: will most likely fail.
565:
566: <p>
567: You can also write <i>CD3:4.3/sparc64/miniroot43.fs</i> to the swap partition on
568: the disk and boot with <i>boot disk:b</i>.
569:
570: <p>
571: If nothing works, you can boot over the network as described in INSTALL.sparc64.
572: </ul>
573:
574: <p>
575: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
576: <ul>
577: <p>Write <i>FTP:4.3/alpha/floppy43.fs</i> or
578: <i>FTP:4.3/alpha/floppyB43.fs</i> (depending on your machine) to a diskette and
579: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
580:
581: <p>
582: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
583: will most likely fail.
584:
585: </ul>
586:
587: <p>
588: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
589: <ul>
590: <p>
591: After connecting a serial port, Thecus can boot directly from the network
592: either tftp or http. Configure the network using fconfig, reset,
593: then load bsd.rd, see INSTALL.armish for specific details.
594: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
595: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
596: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
597: More details are available in INSTALL.armish.
598: </ul>
599:
600: <p>
601: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
602: <ul>
603: <p>
604: Boot over the network by following the instructions in INSTALL.hp300.
605: </ul>
606:
607: <p>
608: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
609: <ul>
610: <p>
611: Boot over the network by following the instructions in INSTALL.hppa or the
612: <a href="hppa.html#install">hppa platform page</a>.
613: </ul>
614:
615: <p>
616: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
617: <ul>
618: <p>
619: Write <i>miniroot43.fs</i> to the start of the CF
620: or disk, and boot normally.
621: </ul>
622:
623: <p>
624: <h3><font color="#e00000">OpenBSD/mac68k:</font></h3>
625: <ul>
626: <p>
627: Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from
628: <i>FTP:4.3/mac68k/utils</i> onto your hard disk. Configure the "BSD/Mac68k
629: Booter" with the location of your bsd.rd kernel and boot into the installer.
630: Refer to the instructions in INSTALL.mac68k for more details.
631: </ul>
632:
633: <p>
634: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
635: <ul>
636: <p>
637: You can create a bootable installation tape or boot over the network.<br>
638: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
639: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
640: for more details.
641: </ul>
642:
643: <p>
644: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
645: <ul>
646: <p>
647: You can create a bootable installation tape or boot over the network.<br>
648: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
649: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
650: for more details.
651: </ul>
652:
653: <p>
654: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
655: <ul>
656: Boot from one of the provided install ISO images, using one of the two
657: commands listed below, depending on the version of your ROM.
658:
659: <ul><pre>
660: ok <strong>boot cdrom 4.3/sparc/bsd.rd</strong>
661: or
662: > <strong>b sd(0,6,0)4.3/sparc/bsd.rd</strong>
663: </pre></ul>
664:
665: <p>
666: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
667: To do so you need to write <i>floppy43.fs</i> to a floppy.
668: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
669: To boot from the floppy use one of the two commands listed below,
670: depending on the version of your ROM.
671:
672: <ul><pre>
673: ok <strong>boot floppy</strong>
674: or
675: > <strong>b fd()</strong>
676: </pre></ul>
677:
678: <p>
679: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
680: will most likely fail.
681:
682: <p>
683: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
684: setup a bootable tape, or install via network, as told in the
685: INSTALL.sparc file.
686: </ul>
687:
688: <p>
689: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
690: <ul>
691: <p>
692: Burn cd43.iso on a CD-R, put it in the CD drive of your machine and
693: select <i>Install System Software</i> from the System Maintenance menu.
694:
695: <p>
696: If your machine doesn't have a CD drive, you can
697: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd".
698: Refer to the instructions in INSTALL.sgi for more details.
699: </ul>
700:
701: <p>
702: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
703: <ul>
704: Boot over the network via mopbooting as described in INSTALL.vax.
705: </ul>
706:
707: <p>
708: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
709: <ul>
710: <p>
711: Using the Linux built-in graphical ipkg installer, install the
712: openbsd43_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
713: for a few important details.
714: </ul>
715:
716: <p>
717: <h3><font color="#e00000">Notes about the source code:</font></h3>
718: <ul>
719: src.tar.gz contains a source archive starting at /usr/src. This file
720: contains everything you need except for the kernel sources, which are
721: in a separate archive. To extract:
722: <p>
723: <ul><pre>
724: # <strong>mkdir -p /usr/src</strong>
725: # <strong>cd /usr/src</strong>
726: # <strong>tar xvfz /tmp/src.tar.gz</strong>
727: </pre></ul>
728: <p>
729: sys.tar.gz contains a source archive starting at /usr/src/sys.
730: This file contains all the kernel sources you need to rebuild kernels.
731: To extract:
732: <p>
733: <ul><pre>
734: # <strong>mkdir -p /usr/src/sys</strong>
735: # <strong>cd /usr/src</strong>
736: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
737: </pre></ul>
738: <p>
739: Both of these trees are a regular CVS checkout. Using these trees it
740: is possible to get a head-start on using the anoncvs servers as
741: described <a href="anoncvs.html">here</a>.
742: Using these files
743: results in a much faster initial CVS update than you could expect from
744: a fresh checkout of the full OpenBSD source tree.
745: <p>
746: </ul>
747:
748: <a name="upgrade"></a>
749: <hr>
750: <p>
751: <h3><font color="#0000e0">How to upgrade</font></h3>
752: <p>
753: If you already have an OpenBSD 4.2 system, and do not want to reinstall,
754: upgrade instructions and advice can be found in the
755: <a href="faq/upgrade43.html">Upgrade Guide</a>.
756:
757: <a name="ports"></a>
758: <hr>
759: <p>
760: <h3><font color="#0000e0">Ports Tree</font></h3>
761: <p>
762: A ports tree archive is also provided. To extract:
763: <p>
764: <ul><pre>
765: # <strong>cd /usr</strong>
766: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
767: # <strong>cd ports</strong>
768: </pre></ul>
769: <p>
770: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
1.82 jasper 771: read the <a href="faq/faq15.html">ports</a> page
1.1 david 772: if you know nothing about ports
773: at this point. This text is not a manual of how to use ports.
774: Rather, it is a set of notes meant to kickstart the user on the
775: OpenBSD ports system.
776: <p>
777: The <i>ports/</i> directory represents a CVS (see the manpage for
778: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
779: cvs(1)</a> if
780: you aren't familiar with CVS) checkout of our ports. As with our complete
781: source tree, our ports tree is available via anoncvs. So, in
782: order to keep current with it, you must make the <i>ports/</i> tree
783: available on a read-write medium and update the tree with a command
784: like:
785: <p>
786: <ul><pre>
787: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_3</strong>
788: </pre></ul>
789: <p>
790: [Of course, you must replace the local directory and server name here
791: with the location of your ports collection and a nearby anoncvs
792: server.]
793: <p>
794: Note that most ports are available as packages through FTP. Updated
795: packages for the 4.3 release will be made available if problems arise.
796: <p>
797: If you're interested in seeing a port added, would like to help out, or just
798: would like to know more, the mailing list ports@openbsd.org is a good
799: place to know.
800: <p>
801:
802: </body>
803: </html>