Annotation of www/47.html, Revision 1.43
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 4.7 Release</title>
5: <link rev=made href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
8: <meta name="description" content="OpenBSD 4.7">
9: <meta name="keywords" content="openbsd,main">
10: <meta name="distribution" content="global">
1.17 jasper 11: <meta name="copyright" content="This document copyright 2010 by OpenBSD.">
1.1 deraadt 12: </head>
13:
14: <body bgcolor="#ffffff" text="#000000" link="#24248E">
15:
16: <a href="index.html">
17: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
18: <hr>
19:
20: <p>
1.33 deraadt 21: <a href="images/Superfish.jpg">
1.1 deraadt 22: <img align="left" width="227" height="343" hspace="24" vspace="30"
1.33 deraadt 23: src="images/Superfish.jpg" alt="OpenBSD 4.7 logo"></a>
1.1 deraadt 24: <h2><font color="#0000e0">The OpenBSD 4.7 Release:</font></h2>
25: <p>
26: Released May 19, 2010<br>
27: Copyright 1997-2010, Theo de Raadt.<br>
28: <font color="#e00000">ISBN 978-0-9784475-5-7</font>
29: <br>
1.33 deraadt 30: <a href="lyrics.html#47">4.7 Song: "not yet titled"</a>
1.1 deraadt 31: <p>
32:
33: <a href="#new">What's New</a><br>
34: <a href="#install">How to install</a><br>
35: <a href="#upgrade">How to upgrade</a><br>
36: <a href="#ports">How to use the ports tree</a><br>
37: <a href="orders.html">Ordering a CD set</a><br>
38:
39: <p>
40: <h3><font color="#0000e0">
41: To get the files for this release:
42: <ul>
43: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
44: <li>See the information on <a href="ftp.html">The FTP page</a> for
45: a list of mirror machines.
46: <li>Go to the <font color="#e00000">pub/OpenBSD/4.7/</font> directory on
47: one of the mirror sites.
48: <li>Briefly read the rest of this document.
49: <li>Have a look at <a href="errata47.html">The 4.7 Errata page</a> for a list
50: of bugs and workarounds.
51: <li>See a <a href="plus47.html">detailed log of changes</a> between the
52: 4.6 and 4.7 releases.
53: </ul>
54: </font></h3>
55: <br clear=all>
56:
57: <strong>Note:</strong> All applicable copyrights and credits can be found
58: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
59: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution
60: files used to build packages from the ports.tar.gz file are not included on
61: the CDROM because of lack of space.
62: <p>
63:
64: <a name="new"></a>
65: <hr>
66: <p>
67: <h3><font color="#0000e0">What's New</font></h3>
68: <p>
69: This is a partial list of new features and systems included in OpenBSD 4.7.
70: For a comprehensive list, see the <a href="plus47.html">changelog</a> leading
71: to 4.7.
72: <p>
73:
74: <ul>
75:
76: <li>New/extended platforms:
77: <ul>
1.7 kettenis 78: <li><a href="alpha.html">OpenBSD/alpha</a>
79: <ul>
80: <li>Added support for the DS15/DS25/ES45.
81: </ul>
82: <li><a href="loongson.html">OpenBSD/loongson</a><br>
83: New platform for systems based on the Loongson 2E and 2F
84: MIPS-compatible processors. Supported machines include:
85: <ul>
86: <li>Lemote Fuloong 2F mini-PC
87: <li>Lemote Lynloong all-in-one-PC
88: <li>Lemote Yeeloong netbook (8.9" and 10.1" models)
89: <li>EMTEC Gdium Liberty 1000 netbook
90: </ul>
91: <li><a href="sgi.html">OpenBSD/sgi</a>
92: <ul>
1.29 miod 93: <li>Added support for multi-node SGI Origin systems, in M mode.
94: <li>Added support for the SGI Origin 350, Onyx 350, Onyx 4 and Tezro
95: systems.
96: <li>Added SMP support on the SGI Octane.
97: <li>Support for many more onboard devices on Octane and Origin
98: systems. (see below)
1.7 kettenis 99: </ul>
100: <li><a href="socppc.html">OpenBSD/socppc</a>
101: <ul>
102: <li>Added support for the RouterBOARD RB600A.
103: </ul>
1.30 kettenis 104: <li><a href="sparc64.html">OpenBSD/sparc64</a>
105: <ul>
106: <li>Preliminary support for running OpenBSD in a guest domain
107: on top of an OpenBSD control domain on sun4v machines.
108: </ul>
1.1 deraadt 109: </ul>
110: <p>
111:
112: <li>Improved hardware support, including:
113: <ul>
1.12 matthieu 114: <li>Revamped SCSI midlayer and improved driver support.
1.32 miod 115: <li>UDF 2.5 and 2.6 (HDDVD and Blu-ray) disks support.
1.13 matthieu 116: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpath&sektion=4&format=html">mpath(4)</a>,
117: a driver that steals paths to scsi devices if they could be
118: available via multiple paths and then made available
1.32 miod 119: via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpath&sektion=4&format=html">mpath(4)</a>.
1.13 matthieu 120: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aibs&sektion=4&format=html">aibs(4)</a>
1.32 miod 121: driver for ASUSTeK AI Booster hardware monitoring.
1.16 matthieu 122: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uthum&sektion=4">uthum(4)</a>
1.32 miod 123: driver for the TEMPerHUM USB temperature and humidity sensors.
1.20 jsg 124: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=utrh&sektion=4">utrh(4)</a>
125: driver for USBRH temperature and humidity sensors.
1.12 matthieu 126: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uyurex&sektion=4">uyurex(4)</a>
1.32 miod 127: driver for the Maywa-denki & KAYAC YUREX twitch/jiggle of knee sensor.
1.12 matthieu 128: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=urndis&sektion=4">urndis(4)</a>
1.32 miod 129: driver for remote NDIS Ethernet over USB devices (phones).
1.13 matthieu 130: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsudl&sektion=0">xf86-video-wsudl(4)</a>
1.32 miod 131: Xorg driver for USB DisplayLink devices supported by
1.12 matthieu 132: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udl&sektion=4">udl(4)</a>.
1.20 jsg 133: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpii&sektion=4">mpii(4)</a>
134: driver for LSI Logic Fusion MPT Message Passing Interface II based SAS 2 controllers.
135: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=athn&sektion=4">athn(4)</a>
136: driver for Atheros IEEE 802.11a/g/n wireless network devices.
137: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=alc&sektion=4">alc(4)</a>
138: driver for Atheros AR8131/AR8132 10/100/Gigabit Ethernet devices.
139: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lisa&sektion=4">lisa(4)</a>
140: driver for STMicroelectronics LIS331DL MEMS motion sensors.
141: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcu&sektion=4">gcu(4)</a>
142: driver for Intel EP80579 Global Configuration Unit.
1.30 kettenis 143: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lom&sektion=4&arch=sparc64">lom(4)</a>
144: driver for LOMLite and LOMLite2 as found on many of Sun's UltraSPARC-IIi
145: servers.
146: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vsw&sektion=4&arch=sparc64">vsw(4)</a>
147: driver for virtual switches on sun4v machines.
148: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vds&sektion=4&arch=sparc64">vds(4)</a>
149: driver for virtual disk servers on sun4v machines.
1.20 jsg 150: <li>Support for EP80579 integrated Ethernet and ICH9 M V has been added to
1.30 kettenis 151: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>.
1.20 jsg 152: <li>Support for 82599 and SFP+ 82598 devices has been added to
1.30 kettenis 153: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ix&sektion=4">ix(4)</a>.
154: <li>Support for the Sun GigabitEthernet SBus Adapter 1.0/1.1 has been added
155: to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ti&sektion=4">ti(4)</a>.
156: <li>Support for SBus variants of the QLogic Fibre Channel host adapters has
157: been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a>.
1.32 miod 158: <li>Support for SBus variants of the Sun Gigabit Ethernet has
159: been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
1.36 damien 160: <li>Support for Intel WiFi Link 1000 and Intel Centrino Advanced-N 6250/Ultimate-N 6300
161: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iwn&sektion=4">iwn(4)</a>.
162: <li>Support for Ralink RT3572 based 802.11n devices
163: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=run&sektion=4">run(4)</a>.
1.37 damien 164: <li>Support for AC97 codecs and VIA Tremor 5.1, M-Audio Revolution 5.1 cards
165: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=envy&sektion=4">envy(4)</a>.
1.32 miod 166: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uhts&sektion=4">uhts(4)</a>
167: driver for USB touchscreens.
1.13 matthieu 168: <li>Improved touchscreen support in
169: the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ws&sektion=0">xf86-input-ws(4)</a>
170: Xorg driver and improved calibration using the new device
171: properties from Xinput.
1.32 miod 172: <li>Support for ON CAT6095 and ON CAT34TS02 temperature sensors added to
173: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sdtemp&sektion=4">sdtemp(4)</a>.
1.43 ! jsg 174: <li>Several improvements and bug fixes to existing Ethernet
1.13 matthieu 175: drivers, including
1.32 miod 176: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>,
177: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=re&sektion=4">re(4)</a>,
178: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ti&sektion=4">ti(4)</a>
1.13 matthieu 179: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vge&sektion=4">vge(4)</a>.
1.29 miod 180: <li>Support for the <i>PIC</i> PCI-X controller added to the SGI
181: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xbridge&sektion=4&arch=sgi">xbridge(4)</a> driver.
182: <li>Support for the onboard Fast Ethernet interface found on SGI Octane and
183: many SGI Origin family systems,
184: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iec&sektion=4&arch=sgi">iec(4)</a>.
185: <li>Support for more SGI input and video devices on Octane and Origin systems, with
186: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iockbc&sektion=4&arch=sgi">iockbc(4)</a>,
187: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=impact&sektion=4&arch=sgi">impact(4)</a>,
188: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=odyssey&sektion=4&arch=sgi">odyssey(4)</a>.
1.35 otto 189: <li>Improved PCI resource allocation; more hardware left unconfigured by
190: the machine's firmware (including hotplugged hardware) should work now.
1.1 deraadt 191: </ul>
192: <p>
193:
194: <li>New tools:
195: <ul>
1.9 otto 196: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs_ext2fs&sektion=8">newfs_ext2fs(8)</a> for creating ext2 filesystems.
1.27 sobrado 197: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkuboot&sektion=8">mkuboot(8)</a> for creating U-Boot boot loader images.
1.1 deraadt 198: <li>...
199: </ul>
200: <p>
201:
1.43 ! jsg 202: <li>Filesystem midlayer improvements:
1.2 beck 203: <ul>
204: <li> Dynamic Buffer Cache now supported to a max size set with sysctl <tt>kern.bufcachepercent</tt>
205: <li> Dynamic VFS name cache rewrite, now uses Red/Black trees instead of linked lists.
1.32 miod 206: <li> Numerous NFS client stability fixes.
1.2 beck 207: </ul>
208: <p>
209:
1.1 deraadt 210: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> improvements:
211: <ul>
1.34 claudio 212: <li>nat-to, rdr-to, binat-to options replace the nat, rdr and binat
213: translation rules. See
214: <a href="http://www.openbsd.org/faq/current.html#20090901">
215: 2009/09/01 - pf(4) address translation changes</a> for more info.
216: <li>The route-to, reply-to, dup-to and fastroute options in pf.conf move to
217: filteropts. See <a href="http://www.openbsd.org/faq/current.html#20090902">
218: 2009/09/02 - pf(4) route-to/reply-to syntax change</a> for more info.
219: <li>pf(4) can now <i>translate</i> packets between different routing
220: domains.
1.42 claudio 221: <li>Added -S and -L options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8&format=html">pfctl(8)</a> to store and load pf state table from a file.
222: <li>Added support for IPV4 and IPv6 divert sockets.
1.1 deraadt 223: </ul>
224: <p>
225:
226: <li>OpenBGPD, OpenOSPFD and other routing daemon improvements:
227: <ul>
1.42 claudio 228: <li>Update capability code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8&format=html">bgpd(8)</a> to follow RFC 5492.
1.34 claudio 229: <li>BGP MPLS VPN (RFC 4364) support added to the bgpd RIB.
1.42 claudio 230: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8&format=html">bgpd(8)</a>, implement the RFC4486 BGP Cease Notification Message subcodes.
1.34 claudio 231: <li>It is now possible to enable/disable specific BGP capabilities.
1.42 claudio 232: <li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8&format=html">bgpctl(8)</a> irrfilter to support IPv6 and 4-byte AS numbers.
1.41 claudio 233: <li>Minimal router-dead-time of 1 second and sub-second hello intervals
1.42 claudio 234: added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospfd&sektion=8">ospfd(8)</a>.
1.41 claudio 235: Additionaly it is now possible to specify sub-second SPF timers for faster
236: route fail-over.
1.39 stsp 237: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospf6d&sektion=8">ospf6d(8)</a> is now installed by default.
238: The RIB can be synced with the kernel routing table now.
239: Support for AS-ext LSA has been added.
240: This is still work-in-progress but testing is highly appreciated.
1.34 claudio 241: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldpd&sektion=8">ldpd</a> -- the MPLS label distribution protocol daemon -- is now installed by default. A custom kernel with option MPLS is needed to use it.
1.1 deraadt 242: </ul>
243: <p>
244:
1.43 ! jsg 245: <li>Generic network stack improvements:
1.1 deraadt 246: <ul>
1.34 claudio 247: <li>brconfig is now integrated into
248: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>
1.43 ! jsg 249: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vether&sektion=4&format=html">vether(4)</a>, a virtual Ethernet device.
1.34 claudio 250: <li>Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibilityr
251: with the HMAC-SHA-256/384/512 hash algorithms with previous versions of
252: OpenBSD and other IPsec implementations sharing the bugs.
1.42 claudio 253: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8&format=html">dhcpd(8)</a>, echo back the Relay Agent Information option if present, and add support for the ipsec-tunnel hardware type.
254: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8&format=html">dhcrelay(8)</a> pick up the routing domain from the specified interface and use that rdomain for relaying the packets to the server.
255: <li>Added support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8&format=html">dhcrelay(8)</a> for RFC3046 "DHCP-over-ipsec".
256: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8&format=html">tcpdump(8)</a> BGP OPEN capability parser RFC 5492 compliant.
1.43 ! jsg 257: <li>Added an exec command to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8&format=html">route(8)</a> to run a process and it's children in a specified routing domain.
1.1 deraadt 258: </ul>
259: <p>
260:
1.9 otto 261: <li>Assorted improvements:
262: <ul>
263: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(2)</a>
264: now has an <tt>S</tt> flag to turn on the options that help debugging
265: and improve security.
266: <li>updated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=terminfo&sektion=3">terminfo(3)</a>
267: database and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ncurses&sektion=3">ncurses(3)</a>
268: library.
1.16 matthieu 269: <li>added support for lazy binding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>
270: on hppa.
1.32 miod 271: <li>added POSIX silent check option (<tt>-C</tt>) to
272: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sort&sektion=1">sort(1)</a>.
273: <li>added POSIX extended regular expression support to
274: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a> (<tt>-E</tt> option).
275: <li>added GNU-compatible macro prefix option (<tt>-P</tt>) to
276: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a>.
1.42 claudio 277: <li>Make it possible to specify a port in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5&format=html">resolv.conf(5)</a>.
1.9 otto 278: </ul>
279: <p>
280:
1.1 deraadt 281: <li>Install/Upgrade process changes:
282: <ul>
1.24 deraadt 283: <li>...
1.1 deraadt 284: </ul>
285: <p>
286:
1.16 matthieu 287: <li>OpenSSH 5.4:
1.1 deraadt 288: <ul>
1.21 sobrado 289: <li>New features:
290: <ul>
291: <li>SSH protocol 1 is disabled by default.
292: <li>Remove the libsectok/OpenSC-based smartcard code and add support
293: for PKCS#11 tokens.
294: <li>Add support for certificate authentication of users and hosts using
295: a new, minimal OpenSSH certificate format (not X.509).
296: <li>Added a 'netcat mode' to
297: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
298: <li>Add the ability to revoke keys in
299: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
300: and
301: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
302: <li>Rewrite the
303: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
304: multiplexing support to support non-blocking operation of the mux
305: master.
306: <li>Add a 'read-only' mode to
307: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>
308: that disables open in write mode and all other fs-modifying
309: protocol methods. (bz#430)
310: <li>Allow setting an explicit umask on the
311: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>
312: commandline to override whatever default the user has. (bz#1229)
313: <li>Many improvements to the
314: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
315: client.
1.23 sobrado 316: <li>New RSA keys will be generated with a public exponent of 65537
317: instead of the previous value 35.
1.21 sobrado 318: <li>Passphrase-protected SSH protocol 2 private keys are now protected
319: with AES-128 instead of 3DES.
320: </ul>
321: <li>The following significant bugs have been fixed in this release:
322: <ul>
323: <li>Fixed a minor information leak of environment variables specified
324: in authorized_keys if an attacker happens to know the public key
325: in use.
326: <li>When using <em>ChrootDirectory</em>, make sure we test for the
327: existence of the user's shell inside the chroot and not outside.
328: (bz#1679)
329: <li>Cache user and group name lookups in sftp-server using
330: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwcache&sektion=3">user_from_[ug]id(3)</a>
331: to improve performance on hosts where these operations are slow.
332: (bz#1495)
333: <li>Fix problem that prevented passphrase reading from being
334: interrupted in some circumstances. (bz#1590)
335: <li>Ignore and log any Protocol 1 keys where the claimed size is not
336: equal to the actual size.
337: <li>Make <em>HostBased</em> authentication work with a
338: <em>ProxyCommand</em>. (bz#1569)
339: <li>Avoid run-time failures when specifying hostkeys via a relative
340: path by prepending the current working directory in these cases.
341: (bz#1290)
342: <li>Do not prompt for a passphrase if we fail to open a keyfile, and
343: log the reason why the open failed to debug. (bz#1693)
344: <li>Document that the <em>PubkeyAuthentication</em> directive is
345: allowed in a
346: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
347: <em>Match</em> block. (bz#1577)
348: <li>When converting keys, truncate key comments at 72 chars as per
349: RFC4716. (bz#1630)
350: <li>Do not allow logins if <em>/etc/nologin</em> exists but is not
351: readable by the user logging in.
352: <li>Output a debug log if
353: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
354: can't open an existing <em>authorized_keys</em>. (bz#1694)
355: <li>Quell
356: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcsetattr&sektion=3">tc[gs]etattr(3)</a>
357: warnings when forcing a tty (ssh -tt), since we usually don't
358: actually have a tty to read/set. (bz#1686)
359: <li>Prevent
360: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
361: from crashing when given a "-" without a command; also, allow
362: whitespace to follow a "-". (bz#1691)
363: <li>After
364: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
365: receives a SIGHUP, ignore subsequent HUPs while
366: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
367: re-execs itself; prevents two HUPs in quick succession from
368: resulting in
369: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
370: dying. (bz#1692)
371: <li>Clarify in
372: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
373: that <em>StrictModes</em> does not apply to
374: <em>ChrootDirectory</em>; permissions and ownership are always
375: checked when chrooting. (bz#1532)
376: <li>Set close-on-exec on various descriptors so they don't get leaked
377: to child processes. (bz#1643)
378: <li>Fix very rare race condition in x11/agent channel allocation
379: <li>Fix incorrect exit status when multiplexing and channel ID 0 is
380: recycled. (bz#1570)
381: <li>Fail with an error when an attempt is made to connect to a server
382: with <em>ForceCommand=internal-sftp</em> with a shell session.
383: (bz#1606)
384: <li>Warn but do not fail if
385: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=stat&sektion=2">stat(2)</a>ing
386: the subsystem binary fails. (bz#1599)
387: <li>Change "Connecting to host..." message to "Connected to host."
388: and delay it until after the sftp protocol connection has been
389: established. (bz#1588)
390: <li>Use the <em>HostKeyAlias</em> rather than the hostname specified
391: on the commandline when prompting for passwords. (bz#1039)
1.25 sobrado 392: <li>Correct off-by-one in percent_expand(). (bz#1607)
1.21 sobrado 393: <li>Fix passing of empty options from
394: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>
395: and
396: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
397: to the underlying
398: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>;
399: also add support for the stop option "--".
400: <li>Fix an incorrect magic number and typo in PROTOCOL. (bz#1688)
401: <li>Don't escape backslashes when displaying the SSH2 banner. (bz#1533)
402: <li>Don't unnecessarily dup() the in and out fds for
403: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>.
404: (bz#1566)
405: <li>Force use of the correct hash function for random-art signature
406: display. (bz#1611)
407: <li>Do not fall back to adding keys without constraints when the agent
408: refuses the constrained add request. (bz#1612)
409: <li>Fix a race condition in
410: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>
411: that could result in a wedged or spinning agent. (bz#1633)
412: <li>Flush stdio before exec() to ensure that everying has made it out
413: before the streams go away. (bz#1596)
414: <li>Set <em>FD_CLOEXEC</em> on in/out sockets in
415: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
416: (bz#1706)
417: </ul>
1.1 deraadt 418: </ul>
419: <p>
420:
1.15 espie 421: <li>Over 5,800 ports, major robustness and speed improvements in package tools.
1.1 deraadt 422: <li>Many pre-built packages for each architecture:
423: <table border=0 cellspacing=0 cellpadding=2 width="95%">
424: <tr>
425: <td valign="top" width="25%">
426: <ul>
1.5 deraadt 427: <li>i386: 5951
428: <li>sparc64: 5745
429: <li>alpha: 5489
1.1 deraadt 430: </ul></td><td valign=top width="25%"><ul>
1.5 deraadt 431: <li>sh: 1261
432: <li>amd64: 5889
433: <li>powerpc: 5783
1.1 deraadt 434: </ul></td><td valign=top width="25%"><ul>
1.5 deraadt 435: <li>sparc: 3584
436: <li>arm: 839
437: <li>hppa: 5179
1.1 deraadt 438: </ul></td><td valign=top width="25%"><ul>
1.5 deraadt 439: <li>vax: 1785
440: <li>mips64: 3677
441: <li>mips64el: 3661
1.1 deraadt 442: </ul></td></tr></table>
443: Some highlights:
444: <ul>
1.18 jasper 445: <li>Gnome 2.28.2.
1.1 deraadt 446: <li>KDE 3.5.10.
1.18 jasper 447: <li>Xfce 4.6.1.
1.11 otto 448: <li>MySQL 5.1.42.
1.18 jasper 449: <li>PostgreSQL 8.4.2.
450: <li>Postfix 2.6.5.
1.1 deraadt 451: <li>OpenLDAP 2.3.43.
1.22 jsg 452: <li>Mozilla Firefox 3.0.18 and 3.5.8.
1.11 otto 453: <li>Mozilla Thunderbird 2.0.0.23.
1.18 jasper 454: <li>OpenOffice.org 3.1.1.
1.1 deraadt 455: <li>Emacs 21.4 and 22.3
1.18 jasper 456: <li>Vim 7.2.267.
1.40 giovanni 457: <li>PHP 5.2.12.
458: <li>Python 2.4.6, 2.5.4 and 2.6.3.
1.1 deraadt 459: <li>Ruby 1.8.6.369.
460: </ul>
461: <p>
462:
463: <li>As usual, steady improvements in manual pages and other documentation.
464: <p>
465:
466: <li>The system includes the following major components from outside suppliers:
467: <ul>
1.32 miod 468: <li>Xenocara (based on X.Org 7.4 with xserver 1.6.5 + patches,
1.8 matthieu 469: freetype 2.3.9,
470: fontconfig 2.6.0, Mesa 7.4.2, xterm 250 and more)
1.1 deraadt 471: <li>Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
1.10 otto 472: <li>Perl 5.10.1 (+ patches)
1.1 deraadt 473: <li>Our improved and secured version of Apache 1.3, with SSL/TLS
474: and DSO support
475: <li>OpenSSL 0.9.8k (+ patches)
476: <li>Groff 1.15
477: <li>Sendmail 8.14.3, with libmilter
478: <li>Bind 9.4.2-P2 (+ patches)
479: <li>Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
480: <li>Sudo 1.7.2
1.10 otto 481: <li>Ncurses 5.7
1.1 deraadt 482: <li>Latest KAME IPv6
483: <li>Heimdal 0.7.2 (+ patches)
484: <li>Arla 0.35.7
485: <li>Binutils 2.15 (+ patches)
486: <li>Gdb 6.3 (+ patches)
487: </ul>
488: <p>
489:
490: </ul>
491:
492: <a name="install"></a>
493: <hr>
494: <p>
495: <h3><font color="#0000e0">How to install</font></h3>
496: <p>
497: Following this are the instructions which you would have on a piece of
498: paper if you had purchased a CDROM set instead of doing an alternate
499: form of install. The instructions for doing an FTP (or other style
500: of) install are very similar; the CDROM instructions are left intact
501: so that you can see how much easier it would have been if you had
502: purchased a CDROM instead.
503: <p>
504:
505: <hr>
506: Please refer to the following files on the three CDROMs or FTP mirror for
507: extensive details on how to install OpenBSD 4.7 on your machine:
508: <p>
509: <ul>
510: <li>CD1:4.7/i386/INSTALL.i386
511: <p>
512: <li>CD2:4.7/amd64/INSTALL.amd64
513: <li>CD2:4.7/macppc/INSTALL.macppc
514: <p>
515: <li>CD3:4.7/sparc64/INSTALL.sparc64
516: <p>
517: <li>FTP:.../OpenBSD/4.7/alpha/INSTALL.alpha
518: <li>FTP:.../OpenBSD/4.7/armish/INSTALL.armish
519: <li>FTP:.../OpenBSD/4.7/hp300/INSTALL.hp300
520: <li>FTP:.../OpenBSD/4.7/hppa/INSTALL.hppa
521: <li>FTP:.../OpenBSD/4.7/landisk/INSTALL.landisk
1.19 otto 522: <li>FTP:.../OpenBSD/4.7/loongson/INSTALL.loongson
1.1 deraadt 523: <li>FTP:.../OpenBSD/4.7/mvme68k/INSTALL.mvme68k
524: <li>FTP:.../OpenBSD/4.7/mvme88k/INSTALL.mvme88k
525: <li>FTP:.../OpenBSD/4.7/sgi/INSTALL.sgi
526: <li>FTP:.../OpenBSD/4.7/socppc/INSTALL.socppc
527: <li>FTP:.../OpenBSD/4.7/sparc/INSTALL.sparc
528: <li>FTP:.../OpenBSD/4.7/vax/INSTALL.vax
529: <li>FTP:.../OpenBSD/4.7/zaurus/INSTALL.zaurus
530: </ul>
531: <hr>
532:
533: <p>
534: Quick installer information for people familiar with OpenBSD, and the
535: use of the "disklabel -E" command. If you are at all confused when
536: installing OpenBSD, read the relevant INSTALL.* file as listed above!
537: <p>
538:
539: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
540: <ul>
541: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
542: release is on CD1. If your BIOS does not support booting from CD, you will need
543: to create a boot floppy to install from. To create a boot floppy write
544: <i>CD1:4.7/i386/floppy47.fs</i> to a floppy and boot via the floppy drive.
545:
546: <p>
547: Use <i>CD1:4.7/i386/floppyB47.fs</i> instead for greater SCSI controller
548: support, or <i>CD1:4.7/i386/floppyC47.fs</i> for better laptop support.
549:
550: <p>
551: If you can't boot from a CD or a floppy disk,
552: you can install across the network using PXE as described in
553: the included INSTALL.i386 document.
554:
555: <p>
556: If you are planning on dual booting OpenBSD with another OS, you will need to
557: read INSTALL.i386.
558:
559: <p>
560: To make a boot floppy under MS-DOS, use the "rawrite" utility located
561: at <i>CD1:4.7/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
562: use the
563: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
564: utility. The following is an example usage of
565: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
566: where the device could be "floppy", "rfd0c", or
567: "rfd0a".
568:
569: <ul><pre>
570: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
571: </pre></ul>
572:
573: <p>
574: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
575: your install will most likely fail. For more information on creating a boot
576: floppy and installing OpenBSD/i386 please refer to
577: <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
578: </ul>
579:
580: <p>
581: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
582: <ul>
583: The 4.7 release of OpenBSD/amd64 is located on CD2.
584: Boot from the CD to begin the install - you may need to adjust
585: your BIOS options first.
586: If you can't boot from the CD, you can create a boot floppy to install from.
587: To do this, write <i>CD2:4.7/amd64/floppy47.fs</i> to a floppy, then
588: boot from the floppy drive.
589:
590: <p>
591: If you can't boot from a CD or a floppy disk,
592: you can install across the network using PXE as described in the included
593: INSTALL.amd64 document.
594:
595: <p>
596: If you are planning to dual boot OpenBSD with another OS, you will need to
597: read INSTALL.amd64.
598: </ul>
599:
600: <p>
601: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
602: <ul>
603: Put CD2 in your CDROM drive and poweron your machine while holding down the
604: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
605:
606: <p>
607: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
608: /4.7/macppc/bsd.rd</i>
609: </ul>
610:
611: <p>
612: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
613: <ul>
614: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
615:
616: <p>
617: If this doesn't work, or if you don't have a CDROM drive, you can write
618: <i>CD3:4.7/sparc64/floppy47.fs</i> or <i>CD3:4.7/sparc64/floppyB47.fs</i>
619: (depending on your machine) to a floppy and boot it with <i>boot
620: floppy</i>. Refer to INSTALL.sparc64 for details.
621:
622: <p>
623: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
624: will most likely fail.
625:
626: <p>
627: You can also write <i>CD3:4.7/sparc64/miniroot47.fs</i> to the swap partition on
628: the disk and boot with <i>boot disk:b</i>.
629:
630: <p>
631: If nothing works, you can boot over the network as described in INSTALL.sparc64.
632: </ul>
633:
634: <p>
635: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
636: <ul>
637: <p>Write <i>FTP:4.7/alpha/floppy47.fs</i> or
638: <i>FTP:4.7/alpha/floppyB47.fs</i> (depending on your machine) to a diskette and
639: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
640:
641: <p>
642: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
643: will most likely fail.
644:
645: </ul>
646:
647: <p>
648: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
649: <ul>
650: <p>
651: After connecting a serial port, Thecus can boot directly from the network
652: either tftp or http. Configure the network using fconfig, reset,
653: then load bsd.rd, see INSTALL.armish for specific details.
654: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
655: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
656: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
657: More details are available in INSTALL.armish.
658: </ul>
659:
660: <p>
661: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
662: <ul>
663: <p>
664: Boot over the network by following the instructions in INSTALL.hp300.
665: </ul>
666:
667: <p>
668: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
669: <ul>
670: <p>
671: Boot over the network by following the instructions in INSTALL.hppa or the
672: <a href="hppa.html#install">hppa platform page</a>.
673: </ul>
674:
675: <p>
676: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
677: <ul>
678: <p>
679: Write <i>miniroot47.fs</i> to the start of the CF
680: or disk, and boot normally.
681: </ul>
682:
683: <p>
1.19 otto 684: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
685: <ul>
686: <p>
687: Write <i>miniroot47.fs</i> to a USB stick and boot bsd.rd from it
688: or boot bsd.rd via tftp.
689: Refer to the instructions in INSTALL.loongson for more details.
690: </ul>
691: <p>
692:
1.1 deraadt 693: <p>
694: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
695: <ul>
696: <p>
697: You can create a bootable installation tape or boot over the network.<br>
698: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
699: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
700: for more details.
701: </ul>
702:
703: <p>
704: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
705: <ul>
706: <p>
707: You can create a bootable installation tape or boot over the network.<br>
708: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
709: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
710: for more details.
711: </ul>
712:
713: <p>
1.29 miod 714: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
715: <ul>
716: <p>
717: To install on an O2, burn cd47.iso on a CD-R, put it in the CD drive of your
718: machine and select <i>Install System Software</i> from the System Maintenance
719: menu.
720:
721: <p>
722: On other systems, or if your machine doesn't have a CD drive, you can
723: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
724: the kernel matching your system type.
725: Refer to the instructions in INSTALL.sgi for more details.
726: </ul>
727:
728: <p>
729: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
730: <ul>
731: <p>
732: After connecting a serial port, boot over the network via DHCP/tftp.
733: Refer to the instructions in INSTALL.socppc for more details.
734: </ul>
735:
736: <p>
1.1 deraadt 737: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
738: <ul>
739: Boot from one of the provided install ISO images, using one of the two
740: commands listed below, depending on the version of your ROM.
741:
742: <ul><pre>
743: ok <strong>boot cdrom 4.7/sparc/bsd.rd</strong>
744: or
745: > <strong>b sd(0,6,0)4.7/sparc/bsd.rd</strong>
746: </pre></ul>
747:
748: <p>
749: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
750: To do so you need to write <i>floppy47.fs</i> to a floppy.
751: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.1</a>.
752: To boot from the floppy use one of the two commands listed below,
753: depending on the version of your ROM.
754:
755: <ul><pre>
756: ok <strong>boot floppy</strong>
757: or
758: > <strong>b fd()</strong>
759: </pre></ul>
760:
761: <p>
762: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
763: will most likely fail.
764:
765: <p>
766: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
767: setup a bootable tape, or install via network, as told in the
768: INSTALL.sparc file.
769: </ul>
770:
771: <p>
772: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
773: <ul>
774: Boot over the network via mopbooting as described in INSTALL.vax.
775: </ul>
776:
777: <p>
778: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
779: <ul>
780: <p>
781: Using the Linux built-in graphical ipkg installer, install the
782: openbsd47_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
783: for a few important details.
784: </ul>
785:
786: <p>
787: <h3><font color="#e00000">Notes about the source code:</font></h3>
788: <ul>
789: src.tar.gz contains a source archive starting at /usr/src. This file
790: contains everything you need except for the kernel sources, which are
791: in a separate archive. To extract:
792: <p>
793: <ul><pre>
794: # <strong>mkdir -p /usr/src</strong>
795: # <strong>cd /usr/src</strong>
796: # <strong>tar xvfz /tmp/src.tar.gz</strong>
797: </pre></ul>
798: <p>
799: sys.tar.gz contains a source archive starting at /usr/src/sys.
800: This file contains all the kernel sources you need to rebuild kernels.
801: To extract:
802: <p>
803: <ul><pre>
804: # <strong>mkdir -p /usr/src/sys</strong>
805: # <strong>cd /usr/src</strong>
806: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
807: </pre></ul>
808: <p>
809: Both of these trees are a regular CVS checkout. Using these trees it
810: is possible to get a head-start on using the anoncvs servers as
811: described <a href="anoncvs.html">here</a>.
812: Using these files
813: results in a much faster initial CVS update than you could expect from
814: a fresh checkout of the full OpenBSD source tree.
815: <p>
816: </ul>
817:
818: <a name="upgrade"></a>
819: <hr>
820: <p>
821: <h3><font color="#0000e0">How to upgrade</font></h3>
822: <p>
823: If you already have an OpenBSD 4.6 system, and do not want to reinstall,
824: upgrade instructions and advice can be found in the
825: <a href="faq/upgrade47.html">Upgrade Guide</a>.
826:
827: <a name="ports"></a>
828: <hr>
829: <p>
830: <h3><font color="#0000e0">Ports Tree</font></h3>
831: <p>
832: A ports tree archive is also provided. To extract:
833: <p>
834: <ul><pre>
835: # <strong>cd /usr</strong>
836: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
837: # <strong>cd ports</strong>
838: </pre></ul>
839: <p>
840: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
841: read the <a href="ports.html">ports</a> page
842: if you know nothing about ports
843: at this point. This text is not a manual of how to use ports.
844: Rather, it is a set of notes meant to kickstart the user on the
845: OpenBSD ports system.
846: <p>
847: The <i>ports/</i> directory represents a CVS (see the manpage for
848: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386">
849: cvs(1)</a> if
850: you aren't familiar with CVS) checkout of our ports. As with our complete
851: source tree, our ports tree is available via anoncvs. So, in
852: order to keep current with it, you must make the <i>ports/</i> tree
853: available on a read-write medium and update the tree with a command
854: like:
855: <p>
856: <ul><pre>
1.26 deraadt 857: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_7</strong>
1.1 deraadt 858: </pre></ul>
859: <p>
860: [Of course, you must replace the local directory and server name here
861: with the location of your ports collection and a nearby anoncvs
862: server.]
863: <p>
864: Note that most ports are available as packages through FTP. Updated
865: packages for the 4.7 release will be made available if problems arise.
866: <p>
867: If you're interested in seeing a port added, would like to help out, or just
868: would like to know more, the mailing list ports@openbsd.org is a good
869: place to know.
870: <p>
871:
872: <hr>
873: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
874: alt="OpenBSD"></a>
875: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
876: <br><small>
1.43 ! jsg 877: $OpenBSD: 47.html,v 1.42 2010/03/17 08:06:24 claudio Exp $
1.1 deraadt 878: </small>
879:
880: </body>
881: </html>