Annotation of www/44.html, Revision 1.27
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 4.4 Release</title>
5: <link rev=made href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
8: <meta name="description" content="OpenBSD 4.4">
9: <meta name="keywords" content="openbsd,main">
10: <meta name="distribution" content="global">
11: <meta name="copyright" content="This document copyright 2008 by OpenBSD.">
12: </head>
13:
14: <body bgcolor="#ffffff" text="#000000" link="#24248E">
15:
16: <a href="index.html">
17: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
18: <hr>
19:
20: <p>
21: <a href="images/Cryptonaut.jpg">
22: <img align="left" width="227" height="343" hspace="24" vspace="30"
23: src="images/???.jpg" alt="OpenBSD 4.4 logo"></a>
24: <h2><font color="#0000e0">The OpenBSD 4.4 Release:</font></h2>
25: <p>
26: Released Nov 1, 2008<br>
27: Copyright 1997-2008, Theo de Raadt.<br>
28: <font color="#e00000">ISBN 978-0-9784475-2-6</font>
29: <br>
30: <a href="lyrics.html#44">4.4 Song: "???"</a>
31: <p>
32:
33: <a href="#new">What's New</a><br>
34: <a href="#install">How to install</a><br>
35: <a href="#upgrade">How to upgrade</a><br>
36: <a href="#ports">How to use the ports tree</a><br>
37: <a href="orders.html">Ordering a CD set</a><br>
38:
39: <p>
40: <h3><font color="#0000e0">
41: To get the files for this release:
42: <ul>
43: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
44: <li>See the information on <a href="ftp.html">The FTP page</a> for
45: a list of mirror machines.
46: <li>Go to the <font color="#e00000">pub/OpenBSD/4.4/</font> directory on
47: one of the mirror sites.
48: <li>Briefly read the rest of this document.
49: <li>Have a look at <a href="errata44.html">The 4.4 Errata page</a> for a list
50: of bugs and workarounds.
51: <li>See a <a href="plus44.html">detailed log of changes</a> between the
52: 4.3 and 4.4 releases.
53: </ul>
54: </font></h3>
55: <br clear=all>
56:
57: <strong>Note:</strong> All applicable copyrights and credits can be found
58: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
59: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution
60: files used to build packages from the ports.tar.gz file are not included on
61: the CDROM because of lack of space.
62: <p>
63:
64: <a name="new"></a>
65: <hr>
66: <p>
67: <h3><font color="#0000e0">What's New</font></h3>
68: <p>
69: This is a partial list of new features and systems included in OpenBSD 4.4.
70: For a comprehensive list, see the <a href="plus44.html">changelog</a> leading
71: to 4.4.
72: <p>
73:
74: <ul>
75:
76: <li>New/extended platforms:
77: <ul>
78: <li><a href="sparc64.html">OpenBSD/sparc64</a><br>
79: Much more platform support. Machines using the Ultrasparc IV/T1/T2
80: and Fujitsu Sparc64-V/V/VII are now supported.
1.4 matthieu 81: <li><a href="socppc.html">OpenBSD/socppc</a><br>
1.8 deraadt 82: For machines based on the Freescale MPC8349E
83: System-on-Chip (SoC) platform that use Das U-Boot as a boot loader.
1.4 matthieu 84: <li><a href="landisk.html">OpenBSD/landisk</a><br>
1.8 deraadt 85: Added shared libraries support.
1.1 deraadt 86: </ul>
87: <p>
88:
89: <li>Improved hardware support, including:
90: <ul>
1.8 deraadt 91: <li>Several new/improved drivers for sensors, including:
92: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fins&sektion=4">fins(4)</a>,
93: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=andl&sektion=4">andl(4)</a>,
94: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=it&sektion=4">it(4)</a>,
95: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kate&sektion=4">kate(4)</a>,
96: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sdtemp&sektion=4">sdtemp(4)</a>,
97: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmtemp&sektion=4">lmtemp(4)</a>,
98: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adt&sektion=4">adt(4)</a> and
99: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=km&sektion=4">km(4)</a>.
1.17 deraadt 100: <li>Support for the Intel G33 and G35 chipsets in
101: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=agp&sektion=4">agp(4)</a>.
102: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lii&sektion=4">lii(4)</a>
103: driver for Attansic L2 10/100 Ethernet devices.
104: <li>Preliminary support for UVC USB webcams:
105: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvideo&sektion=4">uvideo(4)</a>
1.8 deraadt 106: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=video&sektion=4">video(4)</a>.
1.26 deraadt 107: <li>WPA/WPA2-PSK support for several wireless cards.
1.17 deraadt 108: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openchrome&sektion=4">openchrome(4)</a>
109: driver replaces the via X.Org driver for VIA video cards.
1.8 deraadt 110: <li>AMD Geode video card driver for X.Org.
1.17 deraadt 111: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmt&sektion=4">vmt(4)</a>
1.26 deraadt 112: driver which implements VMware Tools.
1.17 deraadt 113: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auglx&sektion=4&arch=i386">auglx(4)</a>
114: driver for AMD Geode LX CS5536 integrated AC'97 audio.
115: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ix&sektion=4">ix(4)</a>
116: driver for Intel 82598 PCI Express 10Gb Ethernet.
117: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpithinkpad&sektion=4">acpithinkpad(4)</a>
118: driver provides additional ACPI support for IBM/Lenovo ThinkPad laptops.
119: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpiasus&sektion=4">acpiasus(4)</a>
1.26 deraadt 120: driver provides additional ACPI support for ASUS laptops, including the EeePC.
1.17 deraadt 121: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gecko&sektion=4">gecko(4)</a>
122: driver supporting the GeckoBOA BC GSC+ port found on some hppa systems.
123: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tsec&sektion=4">tsec(4)</a>
1.26 deraadt 124: driver supporting the Freescale Triple Speed Ethernet Controller.
1.17 deraadt 125: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=re&sektion=4">re(4)</a>
126: driver now supports RTL8102E and RTL8168 devices.
127: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cas&sektion=4">cas(4)</a>
128: driver now supports National Semiconductor Saturn devices.
129: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pccom&sektion=4">pccom(4)</a>
130: driver has been removed; all platforms use com(4) now.
131: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cardbus&sektion=4">cardbus(4)</a>
132: and
133: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcmcia&sektion=4">pcmcia(4)</a>
134: now work on most sparc64 machines.
135: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udcf&sektion=4">udcf(4)</a>
136: driver now supports mouseCLOCK USB II devices.
137: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msk&sektion=4">msk(4)</a>
1.21 deraadt 138: driver now supports 88E8040T devices.
1.17 deraadt 139: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ath&sektion=4">ath(4)</a>
140: now now supports many more Atheros wireless devices.
141: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ciss&sektion=4">ciss(4)</a>
142: driver now supports HP Smart Array P212, P410, P411, P411i
143: and P812 devices.
144: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>
145: driver now supports ELV Elektronik and FTDI 2232L devices.
146: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umsm&sektion=4">umsm(4)</a>
147: driver now supports Option GlobeTrotter 3G+, Huawei E220
148: and more HSDPA MSM devices.
149: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsa&sektion=4">ubsa(4)</a>
150: driver now supports ZTE CMDMA MSM devices.
151: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=axe&sektion=4">axe(4)</a>
152: driver now supports Apple USB A1277 devices.
153: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=puc&sektion=4">puc(4)</a>
154: driver now supports more Netmos devices.
155: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mgx&sektion=4">mgx(4)</a>
156: driver now supports 2D acceleration on selected boards.
1.19 deraadt 157: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a>
158: driver firmware for some controllers has been updated.
159: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a>
160: driver no longer hangs during probe some machines.
1.21 deraadt 161: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
162: driver has better support for BCM5704 chipsets in fiber
163: mode which helps with some blade servers.
164: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
165: driver has better support for the BCM5906 chipset on some systems.
166: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
167: driver has much better support for PCI Express chipsets
168: resulting in much faster transit performance.
169: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>
170: driver has support for the BCM5714/5715/5780 chipsets using fiber interfaces.
171: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bnx&sektion=4">bnx(4)</a>
172: driver has support for the BCM5706/5708 chipsets using fiber interfaces.
1.26 deraadt 173: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ral&sektion=4">ral(4)</a>
174: driver now supports Ralink Technology RT2700 devices.
175: <li>On i386 and amd64, make the serial console on non-primary ports work.
176: <li>On i386 and amd64, make the serial console handle non-default speeds.
1.1 deraadt 177: <li>...
178: </ul>
179: <p>
180:
181: <li>New tools:
182: <ul>
1.17 deraadt 183: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.statd&sektion=8">rpc.statd(8)</a>,
184: the host status monitoring daemon for use with the NFS file locking daemon.
185: <li>Initial import of
186: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yplapd&sektion=8">ypldap(8)</a>,
187: a drop-in replacement for ypserv to glue in an LDAP directory for
188: get{pw,gr}ent family of functions.
1.21 deraadt 189: <li>Deprecated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=slattach&sektion=8">slattach(8)</a>
190: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=slattach&sektion=8">slattach(8)</a>
191: in favor of
192: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=slattach&sektion=8">ldattach(8)</a>.
193: <li>Import of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpbench&sektion=8">tcpbench(1)</a>, a small TCP benchmarking tool.
1.1 deraadt 194: <li>...
195: </ul>
196: <p>
197:
198: <li>New functionality:
199: <ul>
1.3 ratchov 200: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aucat&sektion=1">aucat(1)</a>
1.26 deraadt 201: is now able to play and record audio in full-duplex,
202: mix unlimited number of streams, handle up to 16 channels,
203: resample streams on the fly, support various 24-bit and 32-bit
1.3 ratchov 204: encodings and does format conversions on the fly.
1.8 deraadt 205: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> now supports IPv6.
1.26 deraadt 206: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>
207: now supports basic synchronization of the /var/db/dhcpd.leases
208: file to allow running multiple instances for redundancy.
1.8 deraadt 209: <li>Many wireless network drivers now support WPA.
1.17 deraadt 210: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.lockd&sektion=8">rpc.lockd(8)</a>
211: now supports NLMv4 and does actually do locking.
212: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>
213: now supports recursive mget transfers.
1.19 deraadt 214: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>
215: now uses keep alive packets by default.
1.26 deraadt 216: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>
217: now accepts empty passwords in URLs.
1.17 deraadt 218: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>
219: in TAO mode to set the write speed.
1.19 deraadt 220: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>
221: no longer blanks media twice.
1.21 deraadt 222: <li>Add ability in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>
223: to determine media capabilities and make it figure out if media supports TAO or blanking.
1.17 deraadt 224: <li>Initial version of
225: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4">softraid(4)</a>
226: crypto support. Disabled for now.
1.19 deraadt 227: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>
1.26 deraadt 228: now groks options tftp-config-file and auto-proxy-script in
229: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd.conf&sektion=5">dhcpd.conf(5)</a>.
1.19 deraadt 230: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>
231: option handling much more resistant to abuse.
232: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>
233: now aware of interface link state and reacts to changes.
234: <li>DIOCRLDINFO, DIOCGPDINFO, and DIOCGPART support added to block devices
235: previously lacking it.
236: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
237: no longer supports the '-r' option, and obtains all disklabel information via ioctl's.
238: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
239: no longer suggests offsets and sizes that would result in partitions starting or ending
240: outside the OpenBSD section of the disk.
241: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
242: now correctly reads back the 'vendor' field from text disklabels.
243: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
244: editor mode '?' and 'p' commands are more compact and the 'l' command has been added
245: to produce previous verbose output.
246: <li>I/O's outside the bounds of the RAW_PART are now prevented, allowing
247: proper detection of invalid I/O's.
248: <li>USB floppies now have a valid cylinder count calculated, rather than 0.
249: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>
250: can now create filesystems on devices with sector sizes other than 512, although
251: such filesystems cannot yet be read.
252: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
253: probing displays less useless verbiage and fewer spurious error messages.
254: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=st&sektion=4">st(4)</a>
255: devices can now be detached.
256: <li>ATAPI devices are now identified as such, rather than as SCSIn devices.
257: <li>SATA tape drives now work.
258: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
259: probing now displays the ID of the initiator on the bus.
260: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
261: debug capabilities improved to show commands and input or output data as appropriate.
262: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
263: probing makes better use of the TEST UNIT READY command to clear errors and allow
264: successfull attachments.
265: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a>
266: probing can now find more fibre channel attached devices.
1.21 deraadt 267: <li>Several mbuf pool cache corruption issues were fixed.
268: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a>
269: now supports IPv6 in standalone mode.
270: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cal&sektion=1">cal(1)</a>
271: now shows week numbers too.
272: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>,
273: implement a sloppy tcpstate tracker which does not look at sequence numbers at all.
1.25 mpf 274: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
275: rule accounting now has a counter to record how many states in total have been
276: created by a rule.
277: <li>The kill states feature in
278: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>
279: now supports two additional match targets: Kill by rule label or state ID.
1.21 deraadt 280: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>
281: use sloppy
282: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
283: state keeping for routed sessions (Direct Server Return).
284: <li>Added support in
285: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>
286: for transparent L7 forwarding in relays.
287: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=awk&sektion=1">awk(1)</a>
288: with bitwise operations.
1.8 deraadt 289: <li>...
1.1 deraadt 290: </ul>
291: <p>
292:
293: <li>Assorted improvements and code cleanup:
294: <ul>
1.8 deraadt 295: <li>A greatly changed buffer cache subsystem which maps cache pages only
296: when in use, resulting in improved filesystem performance, and
1.26 deraadt 297: allowing for the effective use of a much larger buffer cache.
1.11 espie 298: <li>A greatly improved implementation of
1.9 otto 299: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">
1.11 espie 300: malloc(3)</a>, the general purpose memory allocator,
301: which catches more mistakes, reduces address space fragmentation,
302: and is faster.
1.10 otto 303: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=statfs&sektion=2">
1.14 otto 304: statfs(2)</a> system call has been enhanced to support large
1.10 otto 305: filesystems.
1.20 deraadt 306: <li>Lots of features have been implemented in OpenCVS, which can now be used
1.19 deraadt 307: to do some real work.
308: <li>New APIs for arc4random, one to fill a buffer with random numbers
309: and the other to return a uniformly distributed random number without bias.
1.12 deraadt 310: <li>...
1.1 deraadt 311: </ul>
312: <p>
313:
314: <li>Install/Upgrade process changes:
315: <ul>
1.15 deraadt 316: <li>A new tool
1.18 sobrado 317: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysmerge&sektion=8">
318: sysmerge(8)</a>, derived from the old mergemaster port, makes
1.15 deraadt 319: it easier to merge configuration files changes during an upgrade.
1.16 deraadt 320: <li>Fully support OpenBSD inside extended partitions on i386 and amd64.
1.17 deraadt 321: <li>During installation 'dhcp' is now the initial default answer during
322: network configuration.
1.19 deraadt 323: <li>Fetching sets via FTP more reliable due to automatic use of keep alive.
324: <li>Fetching sets via NFS no longer hangs retrying a non-functional mount.
325: <li>Installation ensures hostname.* files are installed with mode 600.
326: <li>Serial console configuration now automatically detects speed.
327: <li>Serial console support extended to all architectures.
328: <li>Partition size display no longer limited to 32 bit sizes.
329: <li>Partition sizes now scaled and formatted to use human readable units.
1.26 deraadt 330: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd&sektion=8">ntpd(8)</a>
331: configuration questions improved.
1.19 deraadt 332: <li>Sparc miniroot root disk detection fixed.
333: <li>Invocations of
334: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
335: by the scripts are now less verbose.
1.1 deraadt 336: </ul>
337: <p>
338:
1.15 deraadt 339: <li>OpenSSH 5.1:
1.1 deraadt 340: <ul>
1.15 deraadt 341: <li>New experimental fingerprint ASCII art visualisation system for easier
342: verification of remote keys.
343: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">
344: chroot(2)</a> support for
345: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
346: <li>Added an extended test mode (-T) to
347: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
348: <li>Make
349: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
350: support negation of groups in a "Match group" block.
1.16 deraadt 351: <li>Increased the ephemeral key size in protocol1 from 768 to 1024 bits.
1.15 deraadt 352: <li>Better tests of primes in /etc/moduli
1.16 deraadt 353: <li>Refuse to read .shosts or authorized_keys files that are not regular
1.15 deraadt 354: files.
355: <li>Enable ~ escapes for multiplex slave sessions.
1.16 deraadt 356: <li>Support CIDR address matching in Match blocks and authorized_keys
1.15 deraadt 357: from="..." stanzas.
358: <li>Make port forwarding code try additional addresses when connecting to
359: a destination whose DNS name resolves to more than one address.
360: <li>Make the maximum number of
361: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
1.16 deraadt 362: sessions run-time controllable via MaxSessions in
1.15 deraadt 363: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">
364: ssh_config(5)</a>.
365: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_scan&sektion=1">
1.16 deraadt 366: ssh_scan(1)</a> now defaults to RSA protocol 2 keys, instead of RSA1.
1.15 deraadt 367: <li>Added an extension to sftp protocol to implement
368: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=statvfs&sektion=2">
369: statvfs(2)</a>-like operations and add a df command to
370: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">
371: sftp(1)</a>.
1.26 deraadt 372: <li>Disable execution of ~/.ssh/rc for sessions where a command has been
1.15 deraadt 373: forced by the sshd_config ForceCommand directive.
374: <li>And several bug fixes and performance enhancements.
1.1 deraadt 375: </ul>
376: <p>
377:
378: <li>Over ???? ports, minor robustness improvements in package tools.
379: <li>Many pre-built packages for each architecture:
380: <table border=0 cellspacing=0 cellpadding=2 width="95%">
381: <tr>
382: <td valign="top" width="25%">
383: <ul>
1.8 deraadt 384: <li>i386: 5033
385: <li>sparc64: 4862
1.1 deraadt 386: <li>alpha: ????
387: <li>sh: ????
388: </ul></td><td valign=top width="25%"><ul>
1.23 deraadt 389: <li>amd64: 4940
1.22 deraadt 390: <li>powerpc: 4258
1.1 deraadt 391: <li>sparc: ????
392: <li>m68k: ????
393: </ul></td><td valign=top width="25%"><ul>
394: <li>arm: ????
395: <li>hppa: ????
396: <li>vax: ????
397: <li>mips64: ????
398: </ul></td><td valign=top width="25%"><ul>
399: <li>m88k: ????
400: </ul></td></tr></table>
401: Some highlights:
402: <ul>
1.11 espie 403: <li>mozilla-firefox3
404: <li>drupal-5, core package and external modules, a modern CMS.
1.1 deraadt 405: </ul>
406: <p>
407:
408: <li>As usual, steady improvements in manual pages and other documentation.
409: <p>
410:
411: <li>The system includes the following major components from outside suppliers:
412: <ul>
413: <li>Xenocara (based on X.Org 7.3 + patches, freetype 2.3.5, fontconfig
1.2 matthieu 414: 2.4.2, Mesa 7.0.3, xterm 234 and more)
1.1 deraadt 415: <li>Gcc 2.95.3
416: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
417: and 3.3.5
418: (+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">patches</a>)
419: <li>Perl 5.8.8 (+ patches)
420: <li>Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
421: <li>OpenSSL 0.9.7j (+ patches)
422: <li>Groff 1.15
1.8 deraadt 423: <li>Sendmail 8.14.3, with libmilter
424: <li>Bind 9.4.2-P2 (+ patches)
1.1 deraadt 425: <li>Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
1.8 deraadt 426: <li>Sudo 1.6.9p17
1.1 deraadt 427: <li>Ncurses 5.2
428: <li>Latest KAME IPv6
429: <li>Heimdal 0.7.2 (+ patches)
430: <li>Arla 0.35.7
431: <li>Binutils 2.15 (+ patches)
432: <li>Gdb 6.3 (+ patches)
433: </ul>
434: <p>
435:
436: </ul>
437:
438: <a name="install"></a>
439: <hr>
440: <p>
441: <h3><font color="#0000e0">How to install</font></h3>
442: <p>
443: Following this are the instructions which you would have on a piece of
444: paper if you had purchased a CDROM set instead of doing an alternate
445: form of install. The instructions for doing an FTP (or other style
446: of) install are very similar; the CDROM instructions are left intact
447: so that you can see how much easier it would have been if you had
448: purchased a CDROM instead.
449: <p>
450:
451: <hr>
452: Please refer to the following files on the three CDROMs or FTP mirror for
453: extensive details on how to install OpenBSD 4.4 on your machine:
454: <p>
455: <ul>
456: <li>CD1:4.4/i386/INSTALL.i386
457: <p>
458: <li>CD2:4.4/amd64/INSTALL.amd64
459: <li>CD2:4.4/macppc/INSTALL.macppc
460: <p>
461: <li>CD3:4.4/sparc64/INSTALL.sparc64
462: <p>
463: <li>FTP:.../OpenBSD/4.4/alpha/INSTALL.alpha
464: <li>FTP:.../OpenBSD/4.4/armish/INSTALL.armish
465: <li>FTP:.../OpenBSD/4.4/hp300/INSTALL.hp300
466: <li>FTP:.../OpenBSD/4.4/hppa/INSTALL.hppa
467: <li>FTP:.../OpenBSD/4.4/landisk/INSTALL.landisk
468: <li>FTP:.../OpenBSD/4.4/mac68k/INSTALL.mac68k
469: <li>FTP:.../OpenBSD/4.4/mvme68k/INSTALL.mvme68k
470: <li>FTP:.../OpenBSD/4.4/mvme88k/INSTALL.mvme88k
471: <li>FTP:.../OpenBSD/4.4/sgi/INSTALL.sgi
472: <li>FTP:.../OpenBSD/4.4/sparc/INSTALL.sparc
473: <li>FTP:.../OpenBSD/4.4/vax/INSTALL.vax
474: <li>FTP:.../OpenBSD/4.4/zaurus/INSTALL.zaurus
475: </ul>
476: <hr>
477:
478: <p>
479: Quick installer information for people familiar with OpenBSD, and the
480: use of the "disklabel -E" command. If you are at all confused when
481: installing OpenBSD, read the relevant INSTALL.* file as listed above!
482: <p>
483:
484: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
485: <ul>
486: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
487: release is on CD1. If your BIOS does not support booting from CD, you will need
488: to create a boot floppy to install from. To create a boot floppy write
489: <i>CD1:4.4/i386/floppy44.fs</i> to a floppy and boot via the floppy drive.
490:
491: <p>
492: Use <i>CD1:4.4/i386/floppyB44.fs</i> instead for greater SCSI controller
493: support, or <i>CD1:4.4/i386/floppyC44.fs</i> for better laptop support.
494:
495: <p>
496: If you can't boot from a CD or a floppy disk,
497: you can install across the network using PXE as described in
498: the included INSTALL.i386 document.
499:
500: <p>
501: If you are planning on dual booting OpenBSD with another OS, you will need to
502: read INSTALL.i386.
503:
504: <p>
505: To make a boot floppy under MS-DOS, use the "rawrite" utility located
506: at <i>CD1:4.4/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
507: use the
508: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
509: utility. The following is an example usage of
510: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
511: where the device could be "floppy", "rfd0c", or
512: "rfd0a".
513:
514: <ul><pre>
515: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
516: </pre></ul>
517:
518: <p>
519: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
520: your install will most likely fail. For more information on creating a boot
521: floppy and installing OpenBSD/i386 please refer to
522: <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
523: </ul>
524:
525: <p>
526: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
527: <ul>
528: The 4.4 release of OpenBSD/amd64 is located on CD2.
529: Boot from the CD to begin the install - you may need to adjust
530: your BIOS options first.
531: If you can't boot from the CD, you can create a boot floppy to install from.
532: To do this, write <i>CD2:4.4/amd64/floppy44.fs</i> to a floppy, then
533: boot from the floppy drive.
534:
535: <p>
536: If you can't boot from a CD or a floppy disk,
537: you can install across the network using PXE as described in the included
538: INSTALL.amd64 document.
539:
540: <p>
541: If you are planning to dual boot OpenBSD with another OS, you will need to
542: read INSTALL.amd64.
543: </ul>
544:
545: <p>
546: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
547: <ul>
548: Put CD2 in your CDROM drive and poweron your machine while holding down the
549: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
550:
551: <p>
552: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
553: /4.4/macppc/bsd.rd</i>
554: </ul>
555:
556: <p>
557: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
558: <ul>
559: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
560:
561: <p>
562: If this doesn't work, or if you don't have a CDROM drive, you can write
563: <i>CD3:4.4/sparc64/floppy44.fs</i> or <i>CD3:4.4/sparc64/floppyB44.fs</i>
564: (depending on your machine) to a floppy and boot it with <i>boot
565: floppy</i>. Refer to INSTALL.sparc64 for details.
566:
567: <p>
568: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
569: will most likely fail.
570:
571: <p>
572: You can also write <i>CD3:4.4/sparc64/miniroot44.fs</i> to the swap partition on
573: the disk and boot with <i>boot disk:b</i>.
574:
575: <p>
576: If nothing works, you can boot over the network as described in INSTALL.sparc64.
577: </ul>
578:
579: <p>
580: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
581: <ul>
582: <p>Write <i>FTP:4.4/alpha/floppy44.fs</i> or
583: <i>FTP:4.4/alpha/floppyB44.fs</i> (depending on your machine) to a diskette and
584: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
585:
586: <p>
587: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
588: will most likely fail.
589:
590: </ul>
591:
592: <p>
593: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
594: <ul>
595: <p>
596: After connecting a serial port, Thecus can boot directly from the network
597: either tftp or http. Configure the network using fconfig, reset,
598: then load bsd.rd, see INSTALL.armish for specific details.
599: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
600: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
601: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
602: More details are available in INSTALL.armish.
603: </ul>
604:
605: <p>
606: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
607: <ul>
608: <p>
609: Boot over the network by following the instructions in INSTALL.hp300.
610: </ul>
611:
612: <p>
613: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
614: <ul>
615: <p>
616: Boot over the network by following the instructions in INSTALL.hppa or the
617: <a href="hppa.html#install">hppa platform page</a>.
618: </ul>
619:
620: <p>
621: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
622: <ul>
623: <p>
624: Write <i>miniroot44.fs</i> to the start of the CF
625: or disk, and boot normally.
626: </ul>
627:
628: <p>
629: <h3><font color="#e00000">OpenBSD/mac68k:</font></h3>
630: <ul>
631: <p>
632: Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from
633: <i>FTP:4.4/mac68k/utils</i> onto your hard disk. Configure the "BSD/Mac68k
634: Booter" with the location of your bsd.rd kernel and boot into the installer.
635: Refer to the instructions in INSTALL.mac68k for more details.
636: </ul>
637:
638: <p>
639: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
640: <ul>
641: <p>
642: You can create a bootable installation tape or boot over the network.<br>
643: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
644: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
645: for more details.
646: </ul>
647:
648: <p>
649: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
650: <ul>
651: <p>
652: You can create a bootable installation tape or boot over the network.<br>
653: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
654: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
655: for more details.
656: </ul>
657:
658: <p>
659: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
660: <ul>
661: Boot from one of the provided install ISO images, using one of the two
662: commands listed below, depending on the version of your ROM.
663:
664: <ul><pre>
665: ok <strong>boot cdrom 4.4/sparc/bsd.rd</strong>
666: or
667: > <strong>b sd(0,6,0)4.4/sparc/bsd.rd</strong>
668: </pre></ul>
669:
670: <p>
671: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
672: To do so you need to write <i>floppy44.fs</i> to a floppy.
673: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
674: To boot from the floppy use one of the two commands listed below,
675: depending on the version of your ROM.
676:
677: <ul><pre>
678: ok <strong>boot floppy</strong>
679: or
680: > <strong>b fd()</strong>
681: </pre></ul>
682:
683: <p>
684: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
685: will most likely fail.
686:
687: <p>
688: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
689: setup a bootable tape, or install via network, as told in the
690: INSTALL.sparc file.
691: </ul>
692:
693: <p>
694: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
695: <ul>
696: <p>
697: Burn cd44.iso on a CD-R, put it in the CD drive of your machine and
698: select <i>Install System Software</i> from the System Maintenance menu.
699:
700: <p>
701: If your machine doesn't have a CD drive, you can
702: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd".
703: Refer to the instructions in INSTALL.sgi for more details.
704: </ul>
705:
706: <p>
707: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
708: <ul>
709: Boot over the network via mopbooting as described in INSTALL.vax.
710: </ul>
711:
712: <p>
713: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
714: <ul>
715: <p>
716: Using the Linux built-in graphical ipkg installer, install the
717: openbsd44_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
718: for a few important details.
719: </ul>
720:
721: <p>
722: <h3><font color="#e00000">Notes about the source code:</font></h3>
723: <ul>
724: src.tar.gz contains a source archive starting at /usr/src. This file
725: contains everything you need except for the kernel sources, which are
726: in a separate archive. To extract:
727: <p>
728: <ul><pre>
729: # <strong>mkdir -p /usr/src</strong>
730: # <strong>cd /usr/src</strong>
731: # <strong>tar xvfz /tmp/src.tar.gz</strong>
732: </pre></ul>
733: <p>
734: sys.tar.gz contains a source archive starting at /usr/src/sys.
735: This file contains all the kernel sources you need to rebuild kernels.
736: To extract:
737: <p>
738: <ul><pre>
739: # <strong>mkdir -p /usr/src/sys</strong>
740: # <strong>cd /usr/src</strong>
741: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
742: </pre></ul>
743: <p>
744: Both of these trees are a regular CVS checkout. Using these trees it
745: is possible to get a head-start on using the anoncvs servers as
746: described <a href="anoncvs.html">here</a>.
747: Using these files
748: results in a much faster initial CVS update than you could expect from
749: a fresh checkout of the full OpenBSD source tree.
750: <p>
751: </ul>
752:
753: <a name="upgrade"></a>
754: <hr>
755: <p>
756: <h3><font color="#0000e0">How to upgrade</font></h3>
757: <p>
758: If you already have an OpenBSD 4.3 system, and do not want to reinstall,
759: upgrade instructions and advice can be found in the
760: <a href="faq/upgrade44.html">Upgrade Guide</a>.
761:
762: <a name="ports"></a>
763: <hr>
764: <p>
765: <h3><font color="#0000e0">Ports Tree</font></h3>
766: <p>
767: A ports tree archive is also provided. To extract:
768: <p>
769: <ul><pre>
770: # <strong>cd /usr</strong>
771: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
772: # <strong>cd ports</strong>
773: </pre></ul>
774: <p>
775: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
776: read the <a href="ports.html">ports</a> page
777: if you know nothing about ports
778: at this point. This text is not a manual of how to use ports.
779: Rather, it is a set of notes meant to kickstart the user on the
780: OpenBSD ports system.
781: <p>
782: The <i>ports/</i> directory represents a CVS (see the manpage for
783: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">
784: cvs(1)</a> if
785: you aren't familiar with CVS) checkout of our ports. As with our complete
786: source tree, our ports tree is available via anoncvs. So, in
787: order to keep current with it, you must make the <i>ports/</i> tree
788: available on a read-write medium and update the tree with a command
789: like:
790: <p>
791: <ul><pre>
792: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_4</strong>
793: </pre></ul>
794: <p>
795: [Of course, you must replace the local directory and server name here
796: with the location of your ports collection and a nearby anoncvs
797: server.]
798: <p>
799: Note that most ports are available as packages through FTP. Updated
800: packages for the 4.4 release will be made available if problems arise.
801: <p>
802: If you're interested in seeing a port added, would like to help out, or just
803: would like to know more, the mailing list ports@openbsd.org is a good
804: place to know.
805: <p>
806:
807: <hr>
808: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
809: alt="OpenBSD"></a>
810: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
811: <br><small>
1.27 ! deraadt 812: $OpenBSD: 44.html,v 1.26 2008/08/26 17:29:45 deraadt Exp $
1.1 deraadt 813: </small>
814:
815: </body>
816: </html>