Annotation of www/49.html, Revision 1.31
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 4.9 Release</title>
5: <link rev=made href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.19 stsp 8: <meta name="description" content="OpenBSD 4.9">
1.1 deraadt 9: <meta name="keywords" content="openbsd,main">
10: <meta name="distribution" content="global">
1.3 deraadt 11: <meta name="copyright" content="This document copyright 2011 by OpenBSD.">
1.1 deraadt 12: </head>
13:
14: <body bgcolor="#ffffff" text="#000000" link="#24248E">
15:
16: <a href="index.html">
17: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
18: <hr>
19:
20: <p>
21: <a href="images/Hitchhiker.jpg">
22: <img align="left" width="227" height="343" hspace="24" vspace="30"
23: src="images/Hitchhiker.jpg" alt="OpenBSD 4.9 logo"></a>
24: <h2><font color="#0000e0">The OpenBSD 4.9 Release:</font></h2>
25: <p>
26: Released May 1, 2011<br>
27: Copyright 1997-2011, Theo de Raadt.<br>
28: <font color="#e00000">ISBN 978-0-9784475-7-1</font>
29: <br>
30: <a href="lyrics.html#49">4.9 Song: "The Answer"</a>
31: <p>
32:
33: <a href="#new">What's New</a><br>
34: <a href="#install">How to install</a><br>
35: <a href="#upgrade">How to upgrade</a><br>
36: <a href="#ports">How to use the ports tree</a><br>
37: <a href="orders.html">Ordering a CD set</a><br>
38:
39: <p>
40: <h3><font color="#0000e0">
41: To get the files for this release:
42: <ul>
43: <li>Pre-order a CDROM from our <a href="orders.html">ordering system</a>.
44: <li>See the information on <a href="ftp.html">The FTP page</a> for
45: a list of mirror machines.
46: <li>Go to the <font color="#e00000">pub/OpenBSD/4.9/</font> directory on
47: one of the mirror sites.
48: <li>Briefly read the rest of this document.
49: <li>Have a look at <a href="errata49.html">The 4.9 Errata page</a> for a list
50: of bugs and workarounds.
51: <li>See a <a href="plus49.html">detailed log of changes</a> between the
52: 4.8 and 4.9 releases.
53: </ul>
54: </font></h3>
55: <br clear=all>
56:
57: <strong>Note:</strong> All applicable copyrights and credits can be found
58: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
59: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution
60: files used to build packages from the ports.tar.gz file are not included on
61: the CDROM because of lack of space.
62: <p>
63:
64: <a name="new"></a>
65: <hr>
66: <p>
67: <h3><font color="#0000e0">What's New</font></h3>
68: <p>
69: This is a partial list of new features and systems included in OpenBSD 4.9.
70: For a comprehensive list, see the <a href="plus49.html">changelog</a> leading
71: to 4.9.
72: <p>
73:
74: <ul>
75:
1.3 deraadt 76: <li>New/extended platforms:
77: <ul>
1.25 jsing 78: <li><a href="http://www.openbsd.org/amd64.html">OpenBSD/amd64</a>
79: and <a href="http://www.openbsd.org/i386.html">OpenBSD/i386</a>:
1.3 deraadt 80: <ul>
1.20 deraadt 81: <li>Enabled <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_ntfs&sektion=8&format=html">NTFS</a> by default on GENERIC kernels.
1.11 jj 82: <li>Added a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmt&sektion=4&format=html">vmt(4)</a> driver for VMWare tools support as a guest.
83: <li>SMP kernels can now boot on machines with up to 64 cores.
84: <li>Maximum allocation size for i386 bumped to 2G.
1.19 stsp 85: <li>Handle >16 disks when searching for kernel boot device.
1.20 deraadt 86: <li>Added support for AES-NI instructions found on recent Intel cores.
1.31 ! deraadt 87: <li>Further improvements in suspend and resume.
! 88: <li>Processes are now switched to TSS per cpu on the
! 89: <a href="http://www.openbsd.org/amd64.html">amd64</a> platform,
! 90: resulting in removal of the old limit of ~4000 processes.
1.3 deraadt 91: </ul>
1.25 jsing 92: <li><a href="http://www.openbsd.org/hppa.html">OpenBSD/hppa</a>:
1.21 jsing 93: <ul>
94: <li>Multiprocessor support.
95: </ul>
1.25 jsing 96: <li><a href="http://www.openbsd.org/loongson.html">OpenBSD/loongson</a>
97: and <a href="http://www.openbsd.org/sgi.html">OpenBSD/sgi</a>:
1.3 deraadt 98: <ul>
1.25 jsing 99: <li>All MIPS64 based platforms now use MI softfloat code, which
100: implements all MIPS IV specified floating point operations.
1.3 deraadt 101: </ul>
1.25 jsing 102: <li><a href="http://www.openbsd.org/sparc64.html">OpenBSD/sparc64</a>:
1.3 deraadt 103: <ul>
1.25 jsing 104: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vdsp&sektion=4&arch=sparc64">vdsp(4)</a> driver now supports the vDisk 1.1
105: protocol, allowing Solaris to run on top of an OpenBSD
106: control domain.
1.3 deraadt 107: </ul>
108: </ul>
109: <p>
110:
111: <li>Improved hardware support, including:
112: <ul>
1.25 jsing 113: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vte&sektion=4&format=html">vte(4)</a>
1.9 kevlo 114: driver for RDC R6040 10/100 Ethernet devices.</li>
1.25 jsing 115: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdcphy&sektion=4&format=html">rdcphy(4)</a>
1.10 jsg 116: driver for RDC Semiconductor R6040 10/100 Ethernet PHY.
1.25 jsing 117: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsu&sektion=4&format=html">rsu(4)</a>
1.24 jsing 118: driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU USB IEEE 802.11b/g/n.
1.25 jsing 119: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=urtwn&sektion=4&format=html">urtwn(4)</a>
1.10 jsg 120: driver for Realtek RTL8188CU/RTL8192CU USB IEEE 802.11b/g/n.
1.25 jsing 121: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=utwitch&sektion=4&format=html">utwitch(4)</a>
1.10 jsg 122: driver for YUREX USB twitch/jiggle of knee sensor.
123: <li>Support for AR9271, AR9280+AR7010 and AR9287+AR7010 USB IEEE 802.11a/g/n
1.25 jsing 124: adapters has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=athn&sektion=4&format=html">athn(4)</a>.
1.10 jsg 125: <li>Support for 82583V
126: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>.
127: <li>Support for Yukon 88E8059
128: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msk&sektion=4">msk(4)</a>.
129: <li>Support for SiS191
130: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=se&sektion=4">se(4)</a>.
131: <li>Support for SAS2004
132: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpii&sektion=4">mpii(4)</a>.
133: <li>Support for NVIDIA MCP89 SATA
134: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a>.
1.30 deraadt 135: <li>Support for Mobility Radeon HD 4200
1.10 jsg 136: has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radeondrm&sektion=4">radeondrm(4)</a>.
1.18 krw 137: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pms&sektion=4">pms(4)</a> support has been significantly reworked and expanded.
1.20 deraadt 138: <li>MCLGETI support has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
1.24 jsing 139: <li>Support for low latency interrupt modulation has been added to
140: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ix&sektion=4">ix(4)</a>.
141: <li>Port multiplier support has been added to
142: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahci&sektion=4">ahci(4)</a> and
143: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sili&sektion=4">sili(4)</a>.
144: <li>Support for Sun XVR-300 graphics has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radeonfb&sektion=4&arch=sparc64">radeonfb(4)</a>.
145: <li>Added workaround for BCM5906 A0/1/2 controller silicon bug in
146: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>.
1.3 deraadt 147: </ul>
148: <p>
149:
150: <li>Generic network stack improvements:
151: <ul>
1.7 dlg 152: <li>Reworking of the MCLGETI livelock algorithm to improve
153: forwarding and host performance under high network load.</li>
1.31 ! deraadt 154: <li>Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a> in the next release.
1.29 mikeb 155: <li>Added AES-GCM support for IPsec.
1.22 jsing 156: <li>Added automatic send and receive buffer scaling for TCP.
1.20 deraadt 157: <li>Added wpakey option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> replacing wpa-psk(8).
1.22 jsing 158: <li>TCP acknowledgments are no longer delayed on the loopback interface.
159: <li>Network livelock counters are now exported via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
160: <li>A radix tree sorting bug was fixed, which results in significant
161: improvements to IPsec performance under certain conditions.
1.25 jsing 162: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> now decodes Multicast DNS (MDNS) traffic.
163: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a>
164: now includes the original addresses and ports for packets that have been
165: rewritten. This is also displayed by
166: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>.
1.3 deraadt 167: </ul>
168: <p>
169:
1.29 mikeb 170: <li>IPsec stack audit was performed resulting in:
171: <ul>
172: <li>Several potential security problems have been identified and fixed.
173: <li>ARC4 based PRNG code was audited and revamped.
174: <li>New explicit_bzero kernel function was introduced to prevent a compiler
175: from optimizing
176: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">bzero</a>
177: calls away.
178: </ul>
179: <p>
180:
1.3 deraadt 181: <li>SCSI improvements:
182: <ul>
1.6 dlg 183: <li>Improved safety when detaching SCSI devices by waiting for
1.20 deraadt 184: the completion of pending commands.</li>
185: <li>Improved hotplug support on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpi&sektion=4">mpi(4)</a> and
186: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpii&sektion=4">mpii(4)</a>.</li>
1.6 dlg 187: <li>Continued iopoolification of SCSI drivers, notably on
1.20 deraadt 188: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umass&sektion=4">umass(4)</a> which improves the
189: reliability and performance of multi-LUN devices.</li>
190: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vscsi&sektion=4">vscsi(4)</a>, a driver for
191: userland handling of scsi device commands.
192: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iscsid&sektion=8">iscsid(8)</a>, an iSCSI initiator.
1.21 jsing 193: <li>Forcibly restrict devices incapable of tagged I/O to executing one command at a time.
1.17 krw 194: <li>Discover and honour read-only status of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sd&sektion=4">sd(4)</a> devices.
1.21 jsing 195: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=st&sektion=4">st(4)</a> handling of I/O residual information.
1.17 krw 196: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sd&sektion=4">sd(4)</a> devices that can only execute one command at a time (e.g. USB) will now be allowed to spin up if necessary.
197: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a> will now attach CDROM devices identified as non-removable.
1.3 deraadt 198: </ul>
199: <p>
200:
201: <li>Assorted improvements:
202: <ul>
1.16 krw 203: <li>Enabled wide character support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ncurses&sektion=3">ncurses(3)</a>.
204: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nsd&sektion=8">nsd(8)</a>, an authoritative name server implementation.
205: <li>Disklabel UID support improved and added to more utilities.
206: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rarpd&sektion=8">rarpd(8)</a> now accepts a list of interfaces to listen on.
207: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now accepts 'egress' as an interface name, meaning whichever interface is marked as being in the 'egress' group.
208: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> no longer listens on interfaces without a broadcast address (e.g. <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a>).
209: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=who&sektion=1">who(1)</a> now displays as much of the hostname as fits on the line.
210: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> now correctly handles 'net' primitives when processing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a> traffic.
1.17 krw 211: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8">fdisk(8)</a> now respects failure to read the MBR.
212: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8">fdisk(8)</a> will no longer infinitely loop when encountering an improperly constructed EBR.
1.31 ! deraadt 213: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> no longer reuses information from a failed partition addition on the next addition of the same partition.
1.17 krw 214: <li>Many unused and obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disktab&sektion=5">disktab(5)</a> entries removed.
1.31 ! deraadt 215: <li>Enabled X11 autoconfiguration on sparc and sparc64.
1.20 deraadt 216: <li>Implement attribute syntax from RFC4517 and support bsdauth in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldapd&sektion=8">ldapd(8)</a>.
217: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=video&sektion=1">video(1)</a> utility which can record or display images from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=video&sektion=4">video(4)</a>.
1.23 jsing 218: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> mod_headers now handles apache2 style RequestHeader directives.
219: <li>UNIX-domain socket support has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> (-u option).
220: <li>Added support for terabyte units in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>.
221: <li><a href="http://www.openbsd.org/loongson.html">loongson</a> and
222: <a href="http://www.openbsd.org/sgi.html">sgi</a> platforms have been
223: switched over to gcc4.
224: <li><code>ddb cpu</code> support was added to the
225: <a href="http://www.openbsd.org/sgi.html">sgi</a> platform.
226: <li>Fast path TLB miss handling was added to the
227: <a href="http://www.openbsd.org/landisk.html">landisk</a> platform,
228: resulting in a 44-50% gain in performance.
229: <li>PCIe extended configuration space can now be viewed using
230: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcidump&sektion=8">pcidump</a> (-xxx option).
231: <li>The number of spurious IPIs has been decreased on the
232: <a href="http://www.openbsd.org/amd64.html">amd64</a> platform,
233: resulting in improved performance.
1.25 jsing 234: <li>Numerous improvements and bug fixes to
235: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tmux&sektion=1">tmux(1)</a>.
1.27 mikeb 236: <li>Considerable robustness and interoperability improvements in the IKEv2
237: daemon
238: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iked&sektion=8">iked(8)</a>.
1.28 mikeb 239: <li>Skipjack and libdes were retired from the system.
1.31 ! deraadt 240: CAST-128 implementation was also removed from libc.
1.3 deraadt 241: </ul>
242: <p>
243:
244: <li>Install/Upgrade process changes:
245: <ul>
1.8 deraadt 246: <li>Fixed the hppa CD installation process.
247: <li>Added some more free firmwares to the CD media that could fit them.
248: <li>Make the macppc upgrade script update the boot blocks (oddly, this
1.31 ! deraadt 249: had been broken a very long time and no one noticed).
1.8 deraadt 250: <li>Teach the install script about the configuration of 802.11 interfaces.
251: Visible networks can be listed, and even configured for WPA.
252: <li>The install script now passes collected entropy better to the
253: system which is booted next.
1.15 krw 254: <li>Upgrade now defaults to checking only the root filesystem.
255: <li>Upgrade no longer checks filesystems with a fs_passno of 0.
256: <li>Upgrade now asks if it should proceed even if one or more filesystem mounts fail.
257: <li>Installer now configures <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd&sektion=8">ntpd(8)</a> to use all provided time source IPs.
1.3 deraadt 258: </ul>
259: <p>
260:
1.12 ajacouto 261: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.d&sektion=8">rc.d(8)</a>
262: for starting, stopping and reconfiguring package daemons:
263: <ul>
264: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.subr&sektion=8">rc.subr(8)</a>
265: framework allows for easy creation of rc scripts.
266: This framework is still evolving.
267: <li>Only a handful of packages have migrated for now.
268: <li>rc.local can still be used instead of or in addition to
269: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.d&sektion=8">rc.d(8)</a>.
270: </ul>
271: <p>
272:
1.4 sobrado 273: <li>OpenSSH 5.8:
1.3 deraadt 274: <ul>
275: <li>New features:
1.4 sobrado 276: <ul>
277: <li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
278: and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
279: offer better performance than plain DH and DSA at the same
280: equivalent symmetric key length, as well as much shorter keys.</li>
281: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
282: and
283: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
284: add a protocol extension to support a hard link operation. It is
285: available through the "ln" command in the client. The old "ln"
286: behaviour of creating a symlink is available using its "-s" option
287: or through the preexisting "symlink" command.</li>
288: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>:
289: Add a new -3 option to scp: Copies between two remote hosts are
290: transferred through the local host. Without this option the data is
291: copied directly between the two remote hosts.</li>
292: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
293: automatically order the hostkeys requested by the client based on
294: which hostkeys are already recorded in known_hosts. This avoids
295: hostkey warnings when connecting to servers with new ECDSA keys,
296: since these are now preferred when learning hostkeys for the first
297: time.</li>
298: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
299: and
300: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
301: add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values
302: instead of hardcoding lowdelay/throughput. (bz#1733)</li>
303: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
304: the sftp client is now significantly faster at performing directory
305: listings, using OpenBSD glob(3) extensions to preserve the results
306: of stat(3) operations performed in the course of its execution
307: rather than performing expensive round trips to fetch them again
308: afterwards.</li>
309: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
310: "atomically" create the listening mux socket by binding it on a
311: temporary name and then linking it into position after listen() has
312: succeeded. This allows the mux clients to determine that the server
313: socket is either ready or stale without races. Stale server sockets
314: are now automatically removed. (also fixes bz#1711)</li>
315: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
316: and
317: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
318: add a <em>KexAlgorithms</em> knob to the client and server
319: configuration to allow selection of which key exchange methods are
320: used by
321: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
322: and
323: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
324: and their order of preference.</li>
325: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
326: and
327: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>:
328: factor out bandwidth limiting code from
329: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>
330: into a generic bandwidth limiter that can be attached using the
331: <em>atomicio</em> callback mechanism and use it to add a bandwidth
332: limit option to
333: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>.
334: (bz#1147)</li>
1.3 deraadt 335: </ul>
336: <li>The following significant bugs have been fixed in this release:
337: <ul>
1.4 sobrado 338: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
339: and
340: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
341: honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary
342: directories. (bz#1809)</li>
343: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
344: avoid <em>NULL</em> deref on receiving a channel request on an
345: unknown or invalid channel. (bz#1842)</li>
346: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
347: remove a <em>debug()</em> that pollutes stderr on client connecting
348: to a server in debug mode. (bz#1719)</li>
349: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>:
350: pass through ssh command-line flags and options when doing
351: remote-remote transfers, e.g. to enable agent forwarding which is
352: particularly useful in this case. (bz#1837)</li>
353: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
354: <em>umask</em> should be parsed as octal.</li>
355: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
1.5 sobrado 356: escape '[' in filename tab-completion.</li>
1.4 sobrado 357: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
358: Typo in confirmation message. (bz#1827)</li>
359: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
360: prevent <em>free()</em> of string in <em>.rodata</em> when
361: overriding <em>AuthorizedKeys</em> in a <em>Match</em> block.</li>
362: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
1.5 sobrado 363: Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is "".</li>
1.4 sobrado 364: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
365: kill proxy command on <em>fatal()</em> (we already killed it on
366: clean exit).</li>
367: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
1.5 sobrado 368: install a <em>SIGCHLD</em> handler to reap expired child process.
1.4 sobrado 369: (bz#1812)</li>
370: <li>Support building against openssl-1.0.0a</li>
371: <li>Fix vulnerability in legacy certificate signing introduced in
372: OpenSSH-5.6 and found by Mateusz Kocielski.</li>
1.3 deraadt 373: </ul>
374: </ul>
375: <p>
376:
377: <li>Mandoc 1.10.9:
378: <ul>
379: <li>New integrated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tbl&sektion=7">tbl(7)</a> parser and renderer.
380: <li>Support the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=roff&sektion=7">roff(7)</a> .de, .rm, and .so requests.
381: <li>Support all roff code used in the standard <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pod2man&sektion=1">pod2man(1)</a> preamble.
382: <li>Fully support roff quoting in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man&sektion=7">man(7)</a> documents.
383: <li>Mandoc now copes with most formatting errors that used to be fatal.
384: <li>Much simplified and improved reporting of errors and warnings.
385: <li>Significantly improved -Thtml output quality.
386: <li>The ports tree now allows ports to use either mandoc or groff
387: to render manuals.
388: </ul>
389: <p>
390:
1.14 deraadt 391: <li>Over 6,800 ports, major robustness and speed improvements in package tools.
1.3 deraadt 392: <li>Many pre-built packages for each architecture:
393: <table border=0 cellspacing=0 cellpadding=2 width="95%">
394: <tr>
395: <td valign="top" width="25%">
396: <ul>
397: <li>i386: 6620
398: <li>sparc64: 6225
399: <li>alpha: 6000
400: </ul></td><td valign=top width="25%"><ul>
1.20 deraadt 401: <li>sh: 3656
1.3 deraadt 402: <li>amd64: 6570
403: <li>powerpc: 6272
404: </ul></td><td valign=top width="25%"><ul>
405: <li>sparc: 4184
1.20 deraadt 406: <li>arm: 5679
1.8 deraadt 407: <li>hppa: 5838
1.3 deraadt 408: </ul></td><td valign=top width="25%"><ul>
409: <li>vax: 1068
410: <li>mips64: 5492
411: <li>mips64el: 5499
412: </ul></td></tr></table>
413: Some highlights:
414: <ul>
415: <li>Gnome 2.32.1.
416: <li>KDE 3.5.10.
417: <li>Xfce 4.8.0.
418: <li>MySQL 5.1.54.
419: <li>PostgreSQL 9.0.3.
420: <li>Postfix 2.7.2.
421: <li>OpenLDAP 2.3.43 and 2.4.23.
422: <li>Mozilla Firefox 3.5.16 and 3.6.13.
423: <li>Mozilla Thunderbird 3.1.7.
424: <li>OpenOffice.org 3.3.0rc9.
1.26 jasper 425: <li>LibreOffice 3.3.0.4.
1.3 deraadt 426: <li>Emacs 21.4 and 22.3.
427: <li>Vim 7.3.3.
428: <li>PHP 5.2.16.
429: <li>Python 2.4.6, 2.5.4 and 2.6.6.
430: <li>Ruby 1.8.7.330 and 1.9.2.136.
431: <li>Mono 2.8.2.
1.26 jasper 432: <li>Chromium 9.0.597.94.
1.3 deraadt 433: </ul>
434: <p>
435:
436: <li>As usual, steady improvements in manual pages and other documentation.
437: <p>
438:
439: <li>The system includes the following major components from outside suppliers:
440: <ul>
1.13 matthieu 441: <li>Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
442: freetype 2.4.4,
1.19 stsp 443: fontconfig 2.8.0, Mesa 7.8.2, xterm 267 and more)
1.20 deraadt 444: <li>Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+ patches)
445: <li>Perl 5.12.2 (+ patches)
1.3 deraadt 446: <li>Our improved and secured version of Apache 1.3, with SSL/TLS
1.20 deraadt 447: and DSO support
448: <li>OpenSSL 1.0.0a (+ patches)
449: <li>Sendmail 8.14.3, with libmilter
450: <li>Bind 9.4.2-P2 (+ patches)
451: <li>Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
452: <li>Sudo 1.7.2p8
453: <li>Ncurses 5.7
454: <li>Heimdal 0.7.2 (+ patches)
455: <li>Arla 0.35.7
456: <li>Binutils 2.15 (+ patches)
457: <li>Gdb 6.3 (+ patches)
1.3 deraadt 458: </ul>
1.1 deraadt 459: <p>
460:
461: </ul>
462:
463: <a name="install"></a>
464: <hr>
465: <p>
466: <h3><font color="#0000e0">How to install</font></h3>
467: <p>
468: Following this are the instructions which you would have on a piece of
469: paper if you had purchased a CDROM set instead of doing an alternate
470: form of install. The instructions for doing an FTP (or other style
471: of) install are very similar; the CDROM instructions are left intact
472: so that you can see how much easier it would have been if you had
473: purchased a CDROM instead.
474: <p>
475:
476: <hr>
477: Please refer to the following files on the three CDROMs or FTP mirror for
478: extensive details on how to install OpenBSD 4.9 on your machine:
479: <p>
480: <ul>
481: <li>CD1:4.9/i386/INSTALL.i386
482: <p>
483: <li>CD2:4.9/amd64/INSTALL.amd64
484: <li>CD2:4.9/macppc/INSTALL.macppc
485: <p>
486: <li>CD3:4.9/sparc64/INSTALL.sparc64
487: <p>
488: <li>FTP:.../OpenBSD/4.9/alpha/INSTALL.alpha
489: <li>FTP:.../OpenBSD/4.9/armish/INSTALL.armish
490: <li>FTP:.../OpenBSD/4.9/hp300/INSTALL.hp300
491: <li>FTP:.../OpenBSD/4.9/hppa/INSTALL.hppa
492: <li>FTP:.../OpenBSD/4.9/landisk/INSTALL.landisk
493: <li>FTP:.../OpenBSD/4.9/loongson/INSTALL.loongson
494: <li>FTP:.../OpenBSD/4.9/mvme68k/INSTALL.mvme68k
495: <li>FTP:.../OpenBSD/4.9/mvme88k/INSTALL.mvme88k
496: <li>FTP:.../OpenBSD/4.9/sgi/INSTALL.sgi
497: <li>FTP:.../OpenBSD/4.9/socppc/INSTALL.socppc
498: <li>FTP:.../OpenBSD/4.9/sparc/INSTALL.sparc
499: <li>FTP:.../OpenBSD/4.9/vax/INSTALL.vax
500: <li>FTP:.../OpenBSD/4.9/zaurus/INSTALL.zaurus
501: </ul>
502: <hr>
503:
504: <p>
505: Quick installer information for people familiar with OpenBSD, and the
506: use of the "disklabel -E" command. If you are at all confused when
507: installing OpenBSD, read the relevant INSTALL.* file as listed above!
508: <p>
509:
510: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
511: <ul>
512: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
513: release is on CD1. If your BIOS does not support booting from CD, you will need
514: to create a boot floppy to install from. To create a boot floppy write
515: <i>CD1:4.9/i386/floppy49.fs</i> to a floppy and boot via the floppy drive.
516:
517: <p>
518: Use <i>CD1:4.9/i386/floppyB49.fs</i> instead for greater SCSI controller
519: support, or <i>CD1:4.9/i386/floppyC49.fs</i> for better laptop support.
520:
521: <p>
522: If you can't boot from a CD or a floppy disk,
523: you can install across the network using PXE as described in
524: the included INSTALL.i386 document.
525:
526: <p>
527: If you are planning on dual booting OpenBSD with another OS, you will need to
528: read INSTALL.i386.
529:
530: <p>
531: To make a boot floppy under MS-DOS, use the "rawrite" utility located
532: at <i>CD1:4.9/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
533: use the
534: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
535: utility. The following is an example usage of
536: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
537: where the device could be "floppy", "rfd0c", or
538: "rfd0a".
539:
540: <ul><pre>
541: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
542: </pre></ul>
543:
544: <p>
545: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
546: your install will most likely fail. For more information on creating a boot
547: floppy and installing OpenBSD/i386 please refer to
548: <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
549: </ul>
550:
551: <p>
552: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
553: <ul>
554: The 4.9 release of OpenBSD/amd64 is located on CD2.
555: Boot from the CD to begin the install - you may need to adjust
556: your BIOS options first.
557: If you can't boot from the CD, you can create a boot floppy to install from.
558: To do this, write <i>CD2:4.9/amd64/floppy49.fs</i> to a floppy, then
559: boot from the floppy drive.
560:
561: <p>
562: If you can't boot from a CD or a floppy disk,
563: you can install across the network using PXE as described in the included
564: INSTALL.amd64 document.
565:
566: <p>
567: If you are planning to dual boot OpenBSD with another OS, you will need to
568: read INSTALL.amd64.
569: </ul>
570:
571: <p>
572: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
573: <ul>
574: Put CD2 in your CDROM drive and poweron your machine while holding down the
575: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
576:
577: <p>
578: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
579: /4.9/macppc/bsd.rd</i>
580: </ul>
581:
582: <p>
583: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
584: <ul>
585: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
586:
587: <p>
588: If this doesn't work, or if you don't have a CDROM drive, you can write
589: <i>CD3:4.9/sparc64/floppy49.fs</i> or <i>CD3:4.9/sparc64/floppyB49.fs</i>
590: (depending on your machine) to a floppy and boot it with <i>boot
591: floppy</i>. Refer to INSTALL.sparc64 for details.
592:
593: <p>
594: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
595: will most likely fail.
596:
597: <p>
598: You can also write <i>CD3:4.9/sparc64/miniroot49.fs</i> to the swap partition on
599: the disk and boot with <i>boot disk:b</i>.
600:
601: <p>
602: If nothing works, you can boot over the network as described in INSTALL.sparc64.
603: </ul>
604:
605: <p>
606: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
607: <ul>
608: <p>Write <i>FTP:4.9/alpha/floppy49.fs</i> or
609: <i>FTP:4.9/alpha/floppyB49.fs</i> (depending on your machine) to a diskette and
610: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
611:
612: <p>
613: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
614: will most likely fail.
615:
616: </ul>
617:
618: <p>
619: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
620: <ul>
621: <p>
622: After connecting a serial port, Thecus can boot directly from the network
623: either tftp or http. Configure the network using fconfig, reset,
624: then load bsd.rd, see INSTALL.armish for specific details.
625: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
626: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
627: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
628: More details are available in INSTALL.armish.
629: </ul>
630:
631: <p>
632: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
633: <ul>
634: <p>
635: Boot over the network by following the instructions in INSTALL.hp300.
636: </ul>
637:
638: <p>
639: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
640: <ul>
641: <p>
642: Boot over the network by following the instructions in INSTALL.hppa or the
643: <a href="hppa.html#install">hppa platform page</a>.
644: </ul>
645:
646: <p>
647: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
648: <ul>
649: <p>
650: Write <i>miniroot49.fs</i> to the start of the CF
651: or disk, and boot normally.
652: </ul>
653:
654: <p>
655: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
656: <ul>
657: <p>
658: Write <i>miniroot49.fs</i> to a USB stick and boot bsd.rd from it
659: or boot bsd.rd via tftp.
660: Refer to the instructions in INSTALL.loongson for more details.
661: </ul>
662: <p>
663:
664: <p>
665: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
666: <ul>
667: <p>
668: You can create a bootable installation tape or boot over the network.<br>
669: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
670: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
671: for more details.
672: </ul>
673:
674: <p>
675: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
676: <ul>
677: <p>
678: You can create a bootable installation tape or boot over the network.<br>
679: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
680: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
681: for more details.
682: </ul>
683:
684: <p>
685: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
686: <ul>
687: <p>
688: To install on an O2, burn cd49.iso on a CD-R, put it in the CD drive of your
689: machine and select <i>Install System Software</i> from the System Maintenance
690: menu.
691:
692: <p>
693: On other systems, or if your machine doesn't have a CD drive, you can
694: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
695: the kernel matching your system type.
696: Refer to the instructions in INSTALL.sgi for more details.
697: </ul>
698:
699: <p>
700: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
701: <ul>
702: <p>
703: After connecting a serial port, boot over the network via DHCP/tftp.
704: Refer to the instructions in INSTALL.socppc for more details.
705: </ul>
706:
707: <p>
708: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
709: <ul>
710: Boot from one of the provided install ISO images, using one of the two
711: commands listed below, depending on the version of your ROM.
712:
713: <ul><pre>
714: ok <strong>boot cdrom 4.9/sparc/bsd.rd</strong>
715: or
716: > <strong>b sd(0,6,0)4.9/sparc/bsd.rd</strong>
717: </pre></ul>
718:
719: <p>
720: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
721: To do so you need to write <i>floppy49.fs</i> to a floppy.
722: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
723: To boot from the floppy use one of the two commands listed below,
724: depending on the version of your ROM.
725:
726: <ul><pre>
727: ok <strong>boot floppy</strong>
728: or
729: > <strong>b fd()</strong>
730: </pre></ul>
731:
732: <p>
733: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
734: will most likely fail.
735:
736: <p>
737: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
738: setup a bootable tape, or install via network, as told in the
739: INSTALL.sparc file.
740: </ul>
741:
742: <p>
743: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
744: <ul>
745: Boot over the network via mopbooting as described in INSTALL.vax.
746: </ul>
747:
748: <p>
749: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
750: <ul>
751: <p>
752: Using the Linux built-in graphical ipkg installer, install the
753: openbsd49_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
754: for a few important details.
755: </ul>
756:
757: <p>
758: <h3><font color="#e00000">Notes about the source code:</font></h3>
759: <ul>
760: src.tar.gz contains a source archive starting at /usr/src. This file
761: contains everything you need except for the kernel sources, which are
762: in a separate archive. To extract:
763: <p>
764: <ul><pre>
765: # <strong>mkdir -p /usr/src</strong>
766: # <strong>cd /usr/src</strong>
767: # <strong>tar xvfz /tmp/src.tar.gz</strong>
768: </pre></ul>
769: <p>
770: sys.tar.gz contains a source archive starting at /usr/src/sys.
771: This file contains all the kernel sources you need to rebuild kernels.
772: To extract:
773: <p>
774: <ul><pre>
775: # <strong>mkdir -p /usr/src/sys</strong>
776: # <strong>cd /usr/src</strong>
777: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
778: </pre></ul>
779: <p>
780: Both of these trees are a regular CVS checkout. Using these trees it
781: is possible to get a head-start on using the anoncvs servers as
782: described <a href="anoncvs.html">here</a>.
783: Using these files
784: results in a much faster initial CVS update than you could expect from
785: a fresh checkout of the full OpenBSD source tree.
786: <p>
787: </ul>
788:
789: <a name="upgrade"></a>
790: <hr>
791: <p>
792: <h3><font color="#0000e0">How to upgrade</font></h3>
793: <p>
1.2 deraadt 794: If you already have an OpenBSD 4.8 system, and do not want to reinstall,
1.1 deraadt 795: upgrade instructions and advice can be found in the
796: <a href="faq/upgrade49.html">Upgrade Guide</a>.
797:
798: <a name="ports"></a>
799: <hr>
800: <p>
801: <h3><font color="#0000e0">Ports Tree</font></h3>
802: <p>
803: A ports tree archive is also provided. To extract:
804: <p>
805: <ul><pre>
806: # <strong>cd /usr</strong>
807: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
808: # <strong>cd ports</strong>
809: </pre></ul>
810: <p>
811: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
812: read the <a href="faq/ports/index.html">ports</a> page
813: if you know nothing about ports
814: at this point. This text is not a manual of how to use ports.
815: Rather, it is a set of notes meant to kickstart the user on the
816: OpenBSD ports system.
817: <p>
818: The <i>ports/</i> directory represents a CVS (see the manpage for
819: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386">
820: cvs(1)</a> if
821: you aren't familiar with CVS) checkout of our ports. As with our complete
822: source tree, our ports tree is available via anoncvs. So, in
823: order to keep current with it, you must make the <i>ports/</i> tree
824: available on a read-write medium and update the tree with a command
825: like:
826: <p>
827: <ul><pre>
828: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_9</strong>
829: </pre></ul>
830: <p>
831: [Of course, you must replace the local directory and server name here
832: with the location of your ports collection and a nearby anoncvs
833: server.]
834: <p>
835: Note that most ports are available as packages through FTP. Updated
836: packages for the 4.9 release will be made available if problems arise.
837: <p>
838: If you're interested in seeing a port added, would like to help out, or just
839: would like to know more, the mailing list ports@openbsd.org is a good
840: place to know.
841: <p>
842:
843: <hr>
844: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
845: alt="OpenBSD"></a>
846: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
847: <br><small>
1.31 ! deraadt 848: $OpenBSD: 49.html,v 1.30 2011/04/25 21:55:35 deraadt Exp $
1.1 deraadt 849: </small>
850:
851: </body>
852: </html>