Annotation of www/44.html, Revision 1.25
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 4.4 Release</title>
5: <link rev=made href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
8: <meta name="description" content="OpenBSD 4.4">
9: <meta name="keywords" content="openbsd,main">
10: <meta name="distribution" content="global">
11: <meta name="copyright" content="This document copyright 2008 by OpenBSD.">
12: </head>
13:
14: <body bgcolor="#ffffff" text="#000000" link="#24248E">
15:
16: <a href="index.html">
17: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
18: <hr>
19:
20: <p>
21: <a href="images/Cryptonaut.jpg">
22: <img align="left" width="227" height="343" hspace="24" vspace="30"
23: src="images/???.jpg" alt="OpenBSD 4.4 logo"></a>
24: <h2><font color="#0000e0">The OpenBSD 4.4 Release:</font></h2>
25: <p>
26: Released Nov 1, 2008<br>
27: Copyright 1997-2008, Theo de Raadt.<br>
28: <font color="#e00000">ISBN 978-0-9784475-2-6</font>
29: <br>
30: <a href="lyrics.html#44">4.4 Song: "???"</a>
31: <p>
32:
33: <a href="#new">What's New</a><br>
34: <a href="#install">How to install</a><br>
35: <a href="#upgrade">How to upgrade</a><br>
36: <a href="#ports">How to use the ports tree</a><br>
37: <a href="orders.html">Ordering a CD set</a><br>
38:
39: <p>
40: <h3><font color="#0000e0">
41: To get the files for this release:
42: <ul>
43: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
44: <li>See the information on <a href="ftp.html">The FTP page</a> for
45: a list of mirror machines.
46: <li>Go to the <font color="#e00000">pub/OpenBSD/4.4/</font> directory on
47: one of the mirror sites.
48: <li>Briefly read the rest of this document.
49: <li>Have a look at <a href="errata44.html">The 4.4 Errata page</a> for a list
50: of bugs and workarounds.
51: <li>See a <a href="plus44.html">detailed log of changes</a> between the
52: 4.3 and 4.4 releases.
53: </ul>
54: </font></h3>
55: <br clear=all>
56:
57: <strong>Note:</strong> All applicable copyrights and credits can be found
58: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
59: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution
60: files used to build packages from the ports.tar.gz file are not included on
61: the CDROM because of lack of space.
62: <p>
63:
64: <a name="new"></a>
65: <hr>
66: <p>
67: <h3><font color="#0000e0">What's New</font></h3>
68: <p>
69: This is a partial list of new features and systems included in OpenBSD 4.4.
70: For a comprehensive list, see the <a href="plus44.html">changelog</a> leading
71: to 4.4.
72: <p>
73:
74: <ul>
75:
76: <li>New/extended platforms:
77: <ul>
78: <li><a href="sparc64.html">OpenBSD/sparc64</a><br>
79: Much more platform support. Machines using the Ultrasparc IV/T1/T2
80: and Fujitsu Sparc64-V/V/VII are now supported.
1.4 matthieu 81: <li><a href="socppc.html">OpenBSD/socppc</a><br>
1.8 deraadt 82: For machines based on the Freescale MPC8349E
83: System-on-Chip (SoC) platform that use Das U-Boot as a boot loader.
1.4 matthieu 84: <li><a href="landisk.html">OpenBSD/landisk</a><br>
1.8 deraadt 85: Added shared libraries support.
1.1 deraadt 86: </ul>
87: <p>
88:
89: <li>Improved hardware support, including:
90: <ul>
1.8 deraadt 91: <li>Several new/improved drivers for sensors, including:
92: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fins&sektion=4">fins(4)</a>,
93: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=andl&sektion=4">andl(4)</a>,
94: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=it&sektion=4">it(4)</a>,
95: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kate&sektion=4">kate(4)</a>,
96: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sdtemp&sektion=4">sdtemp(4)</a>,
97: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmtemp&sektion=4">lmtemp(4)</a>,
98: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adt&sektion=4">adt(4)</a> and
99: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=km&sektion=4">km(4)</a>.
1.17 deraadt 100: <li>Support for the Intel G33 and G35 chipsets in
101: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=agp&sektion=4">agp(4)</a>.
102: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lii&sektion=4">lii(4)</a>
103: driver for Attansic L2 10/100 Ethernet devices.
104: <li>Preliminary support for UVC USB webcams:
105: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvideo&sektion=4">uvideo(4)</a>
1.8 deraadt 106: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=video&sektion=4">video(4)</a>.
107: <li>WPA/WPA2-PSK support for several models wireless cards.
1.17 deraadt 108: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openchrome&sektion=4">openchrome(4)</a>
109: driver replaces the via X.Org driver for VIA video cards.
1.8 deraadt 110: <li>AMD Geode video card driver for X.Org.
1.17 deraadt 111: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmt&sektion=4">vmt(4)</a>
112: driver, implements VMware Tools.
113: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auglx&sektion=4&arch=i386">auglx(4)</a>
114: driver for AMD Geode LX CS5536 integrated AC'97 audio.
115: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ix&sektion=4">ix(4)</a>
116: driver for Intel 82598 PCI Express 10Gb Ethernet.
117: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpithinkpad&sektion=4">acpithinkpad(4)</a>
118: driver provides additional ACPI support for IBM/Lenovo ThinkPad laptops.
119: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpiasus&sektion=4">acpiasus(4)</a>
120: driver provides additional ACPI support for ASUS laptops including the EeePC.
121: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gecko&sektion=4">gecko(4)</a>
122: driver supporting the GeckoBOA BC GSC+ port found on some hppa systems.
123: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tsec&sektion=4">tsec(4)</a>
124: driver supporting the Freescale Triple Speed Ethernet Controller..
125: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=re&sektion=4">re(4)</a>
126: driver now supports RTL8102E and RTL8168 devices.
127: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cas&sektion=4">cas(4)</a>
128: driver now supports National Semiconductor Saturn devices.
129: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pccom&sektion=4">pccom(4)</a>
130: driver has been removed; all platforms use com(4) now.
131: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cardbus&sektion=4">cardbus(4)</a>
132: and
133: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcmcia&sektion=4">pcmcia(4)</a>
134: now work on most sparc64 machines.
135: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udcf&sektion=4">udcf(4)</a>
136: driver now supports mouseCLOCK USB II devices.
137: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msk&sektion=4">msk(4)</a>
1.21 deraadt 138: driver now supports 88E8040T devices.
1.17 deraadt 139: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ath&sektion=4">ath(4)</a>
140: now now supports many more Atheros wireless devices.
141: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ciss&sektion=4">ciss(4)</a>
142: driver now supports HP Smart Array P212, P410, P411, P411i
143: and P812 devices.
144: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>
145: driver now supports ELV Elektronik and FTDI 2232L devices.
146: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umsm&sektion=4">umsm(4)</a>
147: driver now supports Option GlobeTrotter 3G+, Huawei E220
148: and more HSDPA MSM devices.
149: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsa&sektion=4">ubsa(4)</a>
150: driver now supports ZTE CMDMA MSM devices.
151: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=axe&sektion=4">axe(4)</a>
152: driver now supports Apple USB A1277 devices.
153: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=puc&sektion=4">puc(4)</a>
154: driver now supports more Netmos devices.
155: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mgx&sektion=4">mgx(4)</a>
156: driver now supports 2D acceleration on selected boards.
1.19 deraadt 157: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a>
158: driver firmware for some controllers has been updated.
159: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a>
160: driver no longer hangs during probe some machines.
1.21 deraadt 161: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
162: driver has better support for BCM5704 chipsets in fiber
163: mode which helps with some blade servers.
164: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
165: driver has better support for the BCM5906 chipset on some systems.
166: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
167: driver has much better support for PCI Express chipsets
168: resulting in much faster transit performance.
1.24 damien 169: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ral&sektion=4">ral(4)</a>
170: driver now supports Ralink Technology RT2700 devices.
1.21 deraadt 171: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
172: driver has support for the BCM5714/5715/5780 chipsets using fiber interfaces.
173: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bnx&sektion=4">bnx(4)</a>
174: driver has support for the BCM5706/5708 chipsets using fiber interfaces.
1.17 deraadt 175: <li>For i386 and amd64, make serial console on non-primary ports work.
1.1 deraadt 176: <li>...
177: </ul>
178: <p>
179:
180: <li>New tools:
181: <ul>
1.17 deraadt 182: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.statd&sektion=8">rpc.statd(8)</a>,
183: the host status monitoring daemon for use with the NFS file locking daemon.
184: <li>Initial import of
185: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yplapd&sektion=8">ypldap(8)</a>,
186: a drop-in replacement for ypserv to glue in an LDAP directory for
187: get{pw,gr}ent family of functions.
1.21 deraadt 188: <li>Deprecated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=slattach&sektion=8">slattach(8)</a>
189: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=slattach&sektion=8">slattach(8)</a>
190: in favor of
191: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=slattach&sektion=8">ldattach(8)</a>.
192: <li>Import of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpbench&sektion=8">tcpbench(1)</a>, a small TCP benchmarking tool.
1.1 deraadt 193: <li>...
194: </ul>
195: <p>
196:
197: <li>New functionality:
198: <ul>
1.3 ratchov 199: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aucat&sektion=1">aucat(1)</a>
200: is now able to play and record audio in fullduplex, it
201: can mix unlimited number of streams, handles up to 16 channels, can
202: resample streams on the fly, supports various 24-bit and 32-bit
203: encodings and does format conversions on the fly.
1.8 deraadt 204: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> now supports IPv6.
205: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> now supports basic
206: synchronization of the /etc/dhcpd.leases file to allow for running multiple instances for redundancy.
207: <li>Many wireless network drivers now support WPA.
1.17 deraadt 208: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.lockd&sektion=8">rpc.lockd(8)</a>
209: now supports NLMv4 and does actually do locking.
210: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>
211: now supports recursive mget transfers.
1.19 deraadt 212: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>
213: now uses keep alive packets by default.
1.21 deraadt 214: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>
215: accept empty passwords in URLs.
1.17 deraadt 216: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>
217: in TAO mode to set the write speed.
1.19 deraadt 218: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>
219: no longer blanks media twice.
1.21 deraadt 220: <li>Add ability in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>
221: to determine media capabilities and make it figure out if media supports TAO or blanking.
1.17 deraadt 222: <li>Initial version of
223: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4">softraid(4)</a>
224: crypto support. Disabled for now.
1.19 deraadt 225: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>
226: now groks options tftp-config-file and auto-proxy-script in dhcpd.conf.
227: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>
228: option handling much more resistant to abuse.
229: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>
230: now aware of interface link state and reacts to changes.
231: <li>DIOCRLDINFO, DIOCGPDINFO, and DIOCGPART support added to block devices
232: previously lacking it.
233: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
234: no longer supports the '-r' option, and obtains all disklabel information via ioctl's.
235: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
236: no longer suggests offsets and sizes that would result in partitions starting or ending
237: outside the OpenBSD section of the disk.
238: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
239: now correctly reads back the 'vendor' field from text disklabels.
240: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
241: editor mode '?' and 'p' commands are more compact and the 'l' command has been added
242: to produce previous verbose output.
243: <li>I/O's outside the bounds of the RAW_PART are now prevented, allowing
244: proper detection of invalid I/O's.
245: <li>USB floppies now have a valid cylinder count calculated, rather than 0.
246: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>
247: can now create filesystems on devices with sector sizes other than 512, although
248: such filesystems cannot yet be read.
249: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
250: probing displays less useless verbiage and fewer spurious error messages.
251: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=st&sektion=4">st(4)</a>
252: devices can now be detached.
253: <li>ATAPI devices are now identified as such, rather than as SCSIn devices.
254: <li>SATA tape drives now work.
255: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
256: probing now displays the ID of the initiator on the bus.
257: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
258: debug capabilities improved to show commands and input or output data as appropriate.
259: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
260: probing makes better use of the TEST UNIT READY command to clear errors and allow
261: successfull attachments.
262: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
263: probing can now find more fibre channel attached devices.
1.21 deraadt 264: <li>Several mbuf pool cache corruption issues were fixed.
265: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a>
266: now supports IPv6 in standalone mode.
267: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cal&sektion=1">cal(1)</a>
268: now shows week numbers too.
269: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>,
270: implement a sloppy tcpstate tracker which does not look at sequence numbers at all.
1.25 ! mpf 271: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
! 272: rule accounting now has a counter to record how many states in total have been
! 273: created by a rule.
! 274: <li>The kill states feature in
! 275: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>
! 276: now supports two additional match targets: Kill by rule label or state ID.
1.21 deraadt 277: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>
278: use sloppy
279: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
280: state keeping for routed sessions (Direct Server Return).
281: <li>Added support in
282: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>
283: for transparent L7 forwarding in relays.
284: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=awk&sektion=1">awk(1)</a>
285: with bitwise operations.
1.8 deraadt 286: <li>...
1.1 deraadt 287: </ul>
288: <p>
289:
290: <li>Assorted improvements and code cleanup:
291: <ul>
1.8 deraadt 292: <li>A greatly changed buffer cache subsystem which maps cache pages only
293: when in use, resulting in improved filesystem performance, and
294: allowing for the effective use of a much larger buffer cache
1.11 espie 295: <li>A greatly improved implementation of
1.9 otto 296: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">
1.11 espie 297: malloc(3)</a>, the general purpose memory allocator,
298: which catches more mistakes, reduces address space fragmentation,
299: and is faster.
1.10 otto 300: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=statfs&sektion=2">
1.14 otto 301: statfs(2)</a> system call has been enhanced to support large
1.10 otto 302: filesystems.
1.20 deraadt 303: <li>Lots of features have been implemented in OpenCVS, which can now be used
1.19 deraadt 304: to do some real work.
305: <li>New APIs for arc4random, one to fill a buffer with random numbers
306: and the other to return a uniformly distributed random number without bias.
1.12 deraadt 307: <li>...
1.1 deraadt 308: </ul>
309: <p>
310:
311: <li>Install/Upgrade process changes:
312: <ul>
1.15 deraadt 313: <li>A new tool
1.18 sobrado 314: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysmerge&sektion=8">
315: sysmerge(8)</a>, derived from the old mergemaster port, makes
1.15 deraadt 316: it easier to merge configuration files changes during an upgrade.
1.16 deraadt 317: <li>Fully support OpenBSD inside extended partitions on i386 and amd64.
1.17 deraadt 318: <li>During installation 'dhcp' is now the initial default answer during
319: network configuration.
1.19 deraadt 320: <li>Fetching sets via FTP more reliable due to automatic use of keep alive.
321: <li>Fetching sets via NFS no longer hangs retrying a non-functional mount.
322: <li>Installation ensures hostname.* files are installed with mode 600.
323: <li>Serial console configuration now automatically detects speed.
324: <li>Serial console support extended to all architectures.
325: <li>Partition size display no longer limited to 32 bit sizes.
326: <li>Partition sizes now scaled and formatted to use human readable units.
327: <li>NTPD configuration questions improved.
328: <li>Sparc miniroot root disk detection fixed.
329: <li>Invocations of
330: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
331: by the scripts are now less verbose.
1.1 deraadt 332: </ul>
333: <p>
334:
1.15 deraadt 335: <li>OpenSSH 5.1:
1.1 deraadt 336: <ul>
1.15 deraadt 337: <li>New experimental fingerprint ASCII art visualisation system for easier
338: verification of remote keys.
339: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">
340: chroot(2)</a> support for
341: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
342: <li>Added an extended test mode (-T) to
343: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
344: <li>Make
345: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
346: support negation of groups in a "Match group" block.
1.16 deraadt 347: <li>Increased the ephemeral key size in protocol1 from 768 to 1024 bits.
1.15 deraadt 348: <li>Better tests of primes in /etc/moduli
1.16 deraadt 349: <li>Refuse to read .shosts or authorized_keys files that are not regular
1.15 deraadt 350: files.
351: <li>Enable ~ escapes for multiplex slave sessions.
1.16 deraadt 352: <li>Support CIDR address matching in Match blocks and authorized_keys
1.15 deraadt 353: from="..." stanzas.
354: <li>Make port forwarding code try additional addresses when connecting to
355: a destination whose DNS name resolves to more than one address.
356: <li>Make the maximum number of
357: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
1.16 deraadt 358: sessions run-time controllable via MaxSessions in
1.15 deraadt 359: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">
360: ssh_config(5)</a>.
361: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_scan&sektion=1">
1.16 deraadt 362: ssh_scan(1)</a> now defaults to RSA protocol 2 keys, instead of RSA1.
1.15 deraadt 363: <li>Added an extension to sftp protocol to implement
364: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=statvfs&sektion=2">
365: statvfs(2)</a>-like operations and add a df command to
366: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">
367: sftp(1)</a>.
368: <li>Disable execution of /.ssh/rc for sessions where a command has been
369: forced by the sshd_config ForceCommand directive.
370: <li>And several bug fixes and performance enhancements.
1.1 deraadt 371: </ul>
372: <p>
373:
374: <li>Over ???? ports, minor robustness improvements in package tools.
375: <li>Many pre-built packages for each architecture:
376: <table border=0 cellspacing=0 cellpadding=2 width="95%">
377: <tr>
378: <td valign="top" width="25%">
379: <ul>
1.8 deraadt 380: <li>i386: 5033
381: <li>sparc64: 4862
1.1 deraadt 382: <li>alpha: ????
383: <li>sh: ????
384: </ul></td><td valign=top width="25%"><ul>
1.23 deraadt 385: <li>amd64: 4940
1.22 deraadt 386: <li>powerpc: 4258
1.1 deraadt 387: <li>sparc: ????
388: <li>m68k: ????
389: </ul></td><td valign=top width="25%"><ul>
390: <li>arm: ????
391: <li>hppa: ????
392: <li>vax: ????
393: <li>mips64: ????
394: </ul></td><td valign=top width="25%"><ul>
395: <li>m88k: ????
396: </ul></td></tr></table>
397: Some highlights:
398: <ul>
1.11 espie 399: <li>mozilla-firefox3
400: <li>drupal-5, core package and external modules, a modern CMS.
1.1 deraadt 401: </ul>
402: <p>
403:
404: <li>As usual, steady improvements in manual pages and other documentation.
405: <p>
406:
407: <li>The system includes the following major components from outside suppliers:
408: <ul>
409: <li>Xenocara (based on X.Org 7.3 + patches, freetype 2.3.5, fontconfig
1.2 matthieu 410: 2.4.2, Mesa 7.0.3, xterm 234 and more)
1.1 deraadt 411: <li>Gcc 2.95.3
412: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
413: and 3.3.5
414: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
415: <li>Perl 5.8.8 (+ patches)
416: <li>Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
417: <li>OpenSSL 0.9.7j (+ patches)
418: <li>Groff 1.15
1.8 deraadt 419: <li>Sendmail 8.14.3, with libmilter
420: <li>Bind 9.4.2-P2 (+ patches)
1.1 deraadt 421: <li>Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
1.8 deraadt 422: <li>Sudo 1.6.9p17
1.1 deraadt 423: <li>Ncurses 5.2
424: <li>Latest KAME IPv6
425: <li>Heimdal 0.7.2 (+ patches)
426: <li>Arla 0.35.7
427: <li>Binutils 2.15 (+ patches)
428: <li>Gdb 6.3 (+ patches)
429: </ul>
430: <p>
431:
432: </ul>
433:
434: <a name="install"></a>
435: <hr>
436: <p>
437: <h3><font color="#0000e0">How to install</font></h3>
438: <p>
439: Following this are the instructions which you would have on a piece of
440: paper if you had purchased a CDROM set instead of doing an alternate
441: form of install. The instructions for doing an FTP (or other style
442: of) install are very similar; the CDROM instructions are left intact
443: so that you can see how much easier it would have been if you had
444: purchased a CDROM instead.
445: <p>
446:
447: <hr>
448: Please refer to the following files on the three CDROMs or FTP mirror for
449: extensive details on how to install OpenBSD 4.4 on your machine:
450: <p>
451: <ul>
452: <li>CD1:4.4/i386/INSTALL.i386
453: <p>
454: <li>CD2:4.4/amd64/INSTALL.amd64
455: <li>CD2:4.4/macppc/INSTALL.macppc
456: <p>
457: <li>CD3:4.4/sparc64/INSTALL.sparc64
458: <p>
459: <li>FTP:.../OpenBSD/4.4/alpha/INSTALL.alpha
460: <li>FTP:.../OpenBSD/4.4/armish/INSTALL.armish
461: <li>FTP:.../OpenBSD/4.4/hp300/INSTALL.hp300
462: <li>FTP:.../OpenBSD/4.4/hppa/INSTALL.hppa
463: <li>FTP:.../OpenBSD/4.4/landisk/INSTALL.landisk
464: <li>FTP:.../OpenBSD/4.4/mac68k/INSTALL.mac68k
465: <li>FTP:.../OpenBSD/4.4/mvme68k/INSTALL.mvme68k
466: <li>FTP:.../OpenBSD/4.4/mvme88k/INSTALL.mvme88k
467: <li>FTP:.../OpenBSD/4.4/sgi/INSTALL.sgi
468: <li>FTP:.../OpenBSD/4.4/sparc/INSTALL.sparc
469: <li>FTP:.../OpenBSD/4.4/vax/INSTALL.vax
470: <li>FTP:.../OpenBSD/4.4/zaurus/INSTALL.zaurus
471: </ul>
472: <hr>
473:
474: <p>
475: Quick installer information for people familiar with OpenBSD, and the
476: use of the "disklabel -E" command. If you are at all confused when
477: installing OpenBSD, read the relevant INSTALL.* file as listed above!
478: <p>
479:
480: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
481: <ul>
482: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
483: release is on CD1. If your BIOS does not support booting from CD, you will need
484: to create a boot floppy to install from. To create a boot floppy write
485: <i>CD1:4.4/i386/floppy44.fs</i> to a floppy and boot via the floppy drive.
486:
487: <p>
488: Use <i>CD1:4.4/i386/floppyB44.fs</i> instead for greater SCSI controller
489: support, or <i>CD1:4.4/i386/floppyC44.fs</i> for better laptop support.
490:
491: <p>
492: If you can't boot from a CD or a floppy disk,
493: you can install across the network using PXE as described in
494: the included INSTALL.i386 document.
495:
496: <p>
497: If you are planning on dual booting OpenBSD with another OS, you will need to
498: read INSTALL.i386.
499:
500: <p>
501: To make a boot floppy under MS-DOS, use the "rawrite" utility located
502: at <i>CD1:4.4/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
503: use the
504: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
505: utility. The following is an example usage of
506: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
507: where the device could be "floppy", "rfd0c", or
508: "rfd0a".
509:
510: <ul><pre>
511: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
512: </pre></ul>
513:
514: <p>
515: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
516: your install will most likely fail. For more information on creating a boot
517: floppy and installing OpenBSD/i386 please refer to
518: <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
519: </ul>
520:
521: <p>
522: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
523: <ul>
524: The 4.4 release of OpenBSD/amd64 is located on CD2.
525: Boot from the CD to begin the install - you may need to adjust
526: your BIOS options first.
527: If you can't boot from the CD, you can create a boot floppy to install from.
528: To do this, write <i>CD2:4.4/amd64/floppy44.fs</i> to a floppy, then
529: boot from the floppy drive.
530:
531: <p>
532: If you can't boot from a CD or a floppy disk,
533: you can install across the network using PXE as described in the included
534: INSTALL.amd64 document.
535:
536: <p>
537: If you are planning to dual boot OpenBSD with another OS, you will need to
538: read INSTALL.amd64.
539: </ul>
540:
541: <p>
542: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
543: <ul>
544: Put CD2 in your CDROM drive and poweron your machine while holding down the
545: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
546:
547: <p>
548: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
549: /4.4/macppc/bsd.rd</i>
550: </ul>
551:
552: <p>
553: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
554: <ul>
555: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
556:
557: <p>
558: If this doesn't work, or if you don't have a CDROM drive, you can write
559: <i>CD3:4.4/sparc64/floppy44.fs</i> or <i>CD3:4.4/sparc64/floppyB44.fs</i>
560: (depending on your machine) to a floppy and boot it with <i>boot
561: floppy</i>. Refer to INSTALL.sparc64 for details.
562:
563: <p>
564: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
565: will most likely fail.
566:
567: <p>
568: You can also write <i>CD3:4.4/sparc64/miniroot44.fs</i> to the swap partition on
569: the disk and boot with <i>boot disk:b</i>.
570:
571: <p>
572: If nothing works, you can boot over the network as described in INSTALL.sparc64.
573: </ul>
574:
575: <p>
576: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
577: <ul>
578: <p>Write <i>FTP:4.4/alpha/floppy44.fs</i> or
579: <i>FTP:4.4/alpha/floppyB44.fs</i> (depending on your machine) to a diskette and
580: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
581:
582: <p>
583: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
584: will most likely fail.
585:
586: </ul>
587:
588: <p>
589: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
590: <ul>
591: <p>
592: After connecting a serial port, Thecus can boot directly from the network
593: either tftp or http. Configure the network using fconfig, reset,
594: then load bsd.rd, see INSTALL.armish for specific details.
595: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
596: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
597: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
598: More details are available in INSTALL.armish.
599: </ul>
600:
601: <p>
602: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
603: <ul>
604: <p>
605: Boot over the network by following the instructions in INSTALL.hp300.
606: </ul>
607:
608: <p>
609: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
610: <ul>
611: <p>
612: Boot over the network by following the instructions in INSTALL.hppa or the
613: <a href="hppa.html#install">hppa platform page</a>.
614: </ul>
615:
616: <p>
617: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
618: <ul>
619: <p>
620: Write <i>miniroot44.fs</i> to the start of the CF
621: or disk, and boot normally.
622: </ul>
623:
624: <p>
625: <h3><font color="#e00000">OpenBSD/mac68k:</font></h3>
626: <ul>
627: <p>
628: Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from
629: <i>FTP:4.4/mac68k/utils</i> onto your hard disk. Configure the "BSD/Mac68k
630: Booter" with the location of your bsd.rd kernel and boot into the installer.
631: Refer to the instructions in INSTALL.mac68k for more details.
632: </ul>
633:
634: <p>
635: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
636: <ul>
637: <p>
638: You can create a bootable installation tape or boot over the network.<br>
639: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
640: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
641: for more details.
642: </ul>
643:
644: <p>
645: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
646: <ul>
647: <p>
648: You can create a bootable installation tape or boot over the network.<br>
649: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
650: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
651: for more details.
652: </ul>
653:
654: <p>
655: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
656: <ul>
657: Boot from one of the provided install ISO images, using one of the two
658: commands listed below, depending on the version of your ROM.
659:
660: <ul><pre>
661: ok <strong>boot cdrom 4.4/sparc/bsd.rd</strong>
662: or
663: > <strong>b sd(0,6,0)4.4/sparc/bsd.rd</strong>
664: </pre></ul>
665:
666: <p>
667: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
668: To do so you need to write <i>floppy44.fs</i> to a floppy.
669: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
670: To boot from the floppy use one of the two commands listed below,
671: depending on the version of your ROM.
672:
673: <ul><pre>
674: ok <strong>boot floppy</strong>
675: or
676: > <strong>b fd()</strong>
677: </pre></ul>
678:
679: <p>
680: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
681: will most likely fail.
682:
683: <p>
684: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
685: setup a bootable tape, or install via network, as told in the
686: INSTALL.sparc file.
687: </ul>
688:
689: <p>
690: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
691: <ul>
692: <p>
693: Burn cd44.iso on a CD-R, put it in the CD drive of your machine and
694: select <i>Install System Software</i> from the System Maintenance menu.
695:
696: <p>
697: If your machine doesn't have a CD drive, you can
698: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd".
699: Refer to the instructions in INSTALL.sgi for more details.
700: </ul>
701:
702: <p>
703: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
704: <ul>
705: Boot over the network via mopbooting as described in INSTALL.vax.
706: </ul>
707:
708: <p>
709: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
710: <ul>
711: <p>
712: Using the Linux built-in graphical ipkg installer, install the
713: openbsd44_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
714: for a few important details.
715: </ul>
716:
717: <p>
718: <h3><font color="#e00000">Notes about the source code:</font></h3>
719: <ul>
720: src.tar.gz contains a source archive starting at /usr/src. This file
721: contains everything you need except for the kernel sources, which are
722: in a separate archive. To extract:
723: <p>
724: <ul><pre>
725: # <strong>mkdir -p /usr/src</strong>
726: # <strong>cd /usr/src</strong>
727: # <strong>tar xvfz /tmp/src.tar.gz</strong>
728: </pre></ul>
729: <p>
730: sys.tar.gz contains a source archive starting at /usr/src/sys.
731: This file contains all the kernel sources you need to rebuild kernels.
732: To extract:
733: <p>
734: <ul><pre>
735: # <strong>mkdir -p /usr/src/sys</strong>
736: # <strong>cd /usr/src</strong>
737: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
738: </pre></ul>
739: <p>
740: Both of these trees are a regular CVS checkout. Using these trees it
741: is possible to get a head-start on using the anoncvs servers as
742: described <a href="anoncvs.html">here</a>.
743: Using these files
744: results in a much faster initial CVS update than you could expect from
745: a fresh checkout of the full OpenBSD source tree.
746: <p>
747: </ul>
748:
749: <a name="upgrade"></a>
750: <hr>
751: <p>
752: <h3><font color="#0000e0">How to upgrade</font></h3>
753: <p>
754: If you already have an OpenBSD 4.3 system, and do not want to reinstall,
755: upgrade instructions and advice can be found in the
756: <a href="faq/upgrade44.html">Upgrade Guide</a>.
757:
758: <a name="ports"></a>
759: <hr>
760: <p>
761: <h3><font color="#0000e0">Ports Tree</font></h3>
762: <p>
763: A ports tree archive is also provided. To extract:
764: <p>
765: <ul><pre>
766: # <strong>cd /usr</strong>
767: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
768: # <strong>cd ports</strong>
769: </pre></ul>
770: <p>
771: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
772: read the <a href="ports.html">ports</a> page
773: if you know nothing about ports
774: at this point. This text is not a manual of how to use ports.
775: Rather, it is a set of notes meant to kickstart the user on the
776: OpenBSD ports system.
777: <p>
778: The <i>ports/</i> directory represents a CVS (see the manpage for
779: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
780: cvs(1)</a> if
781: you aren't familiar with CVS) checkout of our ports. As with our complete
782: source tree, our ports tree is available via anoncvs. So, in
783: order to keep current with it, you must make the <i>ports/</i> tree
784: available on a read-write medium and update the tree with a command
785: like:
786: <p>
787: <ul><pre>
788: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_4</strong>
789: </pre></ul>
790: <p>
791: [Of course, you must replace the local directory and server name here
792: with the location of your ports collection and a nearby anoncvs
793: server.]
794: <p>
795: Note that most ports are available as packages through FTP. Updated
796: packages for the 4.4 release will be made available if problems arise.
797: <p>
798: If you're interested in seeing a port added, would like to help out, or just
799: would like to know more, the mailing list ports@openbsd.org is a good
800: place to know.
801: <p>
802:
803: <hr>
804: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
805: alt="OpenBSD"></a>
806: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
807: <br><small>
1.25 ! mpf 808: $OpenBSD: 44.html,v 1.24 2008/08/26 07:56:11 damien Exp $
1.1 deraadt 809: </small>
810:
811: </body>
812: </html>