Annotation of www/49.html, Revision 1.59
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
1.48 deraadt 4: <title>OpenBSD 4.9</title>
1.1 deraadt 5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.19 stsp 6: <meta name="description" content="OpenBSD 4.9">
1.3 deraadt 7: <meta name="copyright" content="This document copyright 2011 by OpenBSD.">
1.58 tj 8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.53 sthen 10: <link rel="canonical" href="http://www.openbsd.org/49.html">
1.1 deraadt 11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
1.58 tj 15: <h2>
1.1 deraadt 16: <a href="index.html">
1.58 tj 17: <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
18: <font color="#e00000">4.9</font>
19: </h2>
1.50 deraadt 20: <p>
1.1 deraadt 21:
22: <a href="images/Hitchhiker.jpg">
1.48 deraadt 23: <img align="left" width="227" height="343" hspace="24" src="images/Hitchhiker.jpg"></a>
1.1 deraadt 24: Released May 1, 2011<br>
25: Copyright 1997-2011, Theo de Raadt.<br>
26: <font color="#e00000">ISBN 978-0-9784475-7-1</font>
27: <br>
1.55 deraadt 28: 4.9 Song: <a href="lyrics.html#49">"The Answer"</a>
1.1 deraadt 29: <p>
30: <ul>
1.52 deraadt 31: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
1.1 deraadt 32: <li>See the information on <a href="ftp.html">The FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <font color="#e00000">pub/OpenBSD/4.9/</font> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata49.html">The 4.9 Errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus49.html">detailed log of changes</a> between the
39: 4.8 and 4.9 releases.
40: </ul>
1.58 tj 41: <p>
42: All applicable copyrights and credits are in the src.tar.gz,
43: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
44: files fetched via ports.tar.gz.
1.1 deraadt 45: <br clear=all>
1.58 tj 46:
47: <hr>
1.1 deraadt 48:
49: <a name="new"></a>
50: <p>
51: <h3><font color="#0000e0">What's New</font></h3>
52: <p>
53: This is a partial list of new features and systems included in OpenBSD 4.9.
54: For a comprehensive list, see the <a href="plus49.html">changelog</a> leading
55: to 4.9.
56: <p>
57:
58: <ul>
59:
1.3 deraadt 60: <li>New/extended platforms:
61: <ul>
1.25 jsing 62: <li><a href="http://www.openbsd.org/amd64.html">OpenBSD/amd64</a>
63: and <a href="http://www.openbsd.org/i386.html">OpenBSD/i386</a>:
1.3 deraadt 64: <ul>
1.57 sthen 65: <li>Enabled <a href="http://man.openbsd.org/?query=mount_ntfs&sektion=8&format=html">NTFS</a> by default (read-only) on GENERIC kernels.
66: <li>Enabled the <a href="http://man.openbsd.org/?query=vmt&sektion=4&format=html">vmt(4)</a> driver by default for VMWare tools support as a guest.
1.11 jj 67: <li>SMP kernels can now boot on machines with up to 64 cores.
68: <li>Maximum allocation size for i386 bumped to 2G.
1.19 stsp 69: <li>Handle >16 disks when searching for kernel boot device.
1.37 jsg 70: <li>Added support for AES-NI instructions found in recent Intel
71: processors.
1.31 deraadt 72: <li>Further improvements in suspend and resume.
73: <li>Processes are now switched to TSS per cpu on the
74: <a href="http://www.openbsd.org/amd64.html">amd64</a> platform,
75: resulting in removal of the old limit of ~4000 processes.
1.3 deraadt 76: </ul>
1.25 jsing 77: <li><a href="http://www.openbsd.org/hppa.html">OpenBSD/hppa</a>:
1.21 jsing 78: <ul>
79: <li>Multiprocessor support.
80: </ul>
1.25 jsing 81: <li><a href="http://www.openbsd.org/loongson.html">OpenBSD/loongson</a>
82: and <a href="http://www.openbsd.org/sgi.html">OpenBSD/sgi</a>:
1.3 deraadt 83: <ul>
1.25 jsing 84: <li>All MIPS64 based platforms now use MI softfloat code, which
85: implements all MIPS IV specified floating point operations.
1.3 deraadt 86: </ul>
1.25 jsing 87: <li><a href="http://www.openbsd.org/sparc64.html">OpenBSD/sparc64</a>:
1.3 deraadt 88: <ul>
1.57 sthen 89: <li>The <a href="http://man.openbsd.org/?query=vdsp&sektion=4&arch=sparc64">vdsp(4)</a> driver now supports the vDisk 1.1
1.25 jsing 90: protocol, allowing Solaris to run on top of an OpenBSD
91: control domain.
1.3 deraadt 92: </ul>
93: </ul>
94: <p>
95:
96: <li>Improved hardware support, including:
97: <ul>
1.57 sthen 98: <li>New <a href="http://man.openbsd.org/?query=vte&sektion=4&format=html">vte(4)</a>
1.9 kevlo 99: driver for RDC R6040 10/100 Ethernet devices.</li>
1.57 sthen 100: <li>New <a href="http://man.openbsd.org/?query=rdcphy&sektion=4&format=html">rdcphy(4)</a>
1.10 jsg 101: driver for RDC Semiconductor R6040 10/100 Ethernet PHY.
1.57 sthen 102: <li>New <a href="http://man.openbsd.org/?query=rsu&sektion=4&format=html">rsu(4)</a>
1.33 jcs 103: driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU USB IEEE 802.11b/g/n wireless devices.
1.57 sthen 104: <li>New <a href="http://man.openbsd.org/?query=urtwn&sektion=4&format=html">urtwn(4)</a>
1.33 jcs 105: driver for Realtek RTL8188CU/RTL8192CU USB IEEE 802.11b/g/n wireless devices.
1.57 sthen 106: <li>New <a href="http://man.openbsd.org/?query=utwitch&sektion=4&format=html">utwitch(4)</a>
1.10 jsg 107: driver for YUREX USB twitch/jiggle of knee sensor.
1.33 jcs 108: <li>Support for AR9271, AR9280+AR7010 and AR9287+AR7010 USB IEEE 802.11a/g/n wireless
1.57 sthen 109: adapters has been added to <a href="http://man.openbsd.org/?query=athn&sektion=4&format=html">athn(4)</a>.
1.10 jsg 110: <li>Support for 82583V
1.57 sthen 111: has been added to <a href="http://man.openbsd.org/?query=em&sektion=4">em(4)</a>.
1.10 jsg 112: <li>Support for Yukon 88E8059
1.57 sthen 113: has been added to <a href="http://man.openbsd.org/?query=msk&sektion=4">msk(4)</a>.
1.10 jsg 114: <li>Support for SiS191
1.57 sthen 115: has been added to <a href="http://man.openbsd.org/?query=se&sektion=4">se(4)</a>.
1.10 jsg 116: <li>Support for SAS2004
1.57 sthen 117: has been added to <a href="http://man.openbsd.org/?query=mpii&sektion=4">mpii(4)</a>.
1.10 jsg 118: <li>Support for NVIDIA MCP89 SATA
1.57 sthen 119: has been added to <a href="http://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a>.
1.30 deraadt 120: <li>Support for Mobility Radeon HD 4200
1.57 sthen 121: has been added to <a href="http://man.openbsd.org/?query=radeondrm&sektion=4">radeondrm(4)</a>.
122: <li><a href="http://man.openbsd.org/?query=pms&sektion=4">pms(4)</a> support has been significantly reworked and expanded.
123: <li>MCLGETI support has been added to <a href="http://man.openbsd.org/?query=xl&sektion=4">xl(4)</a>.
1.24 jsing 124: <li>Support for low latency interrupt modulation has been added to
1.57 sthen 125: <a href="http://man.openbsd.org/?query=ix&sektion=4">ix(4)</a>.
1.24 jsing 126: <li>Port multiplier support has been added to
1.57 sthen 127: <a href="http://man.openbsd.org/?query=ahci&sektion=4">ahci(4)</a> and
128: <a href="http://man.openbsd.org/?query=sili&sektion=4">sili(4)</a>.
129: <li>Support for Sun XVR-300 graphics has been added to <a href="http://man.openbsd.org/?query=radeonfb&sektion=4&arch=sparc64">radeonfb(4)</a>.
1.24 jsing 130: <li>Added workaround for BCM5906 A0/1/2 controller silicon bug in
1.57 sthen 131: <a href="http://man.openbsd.org/?query=bge&sektion=4">bge(4)</a>.
132: <li><a href="http://man.openbsd.org/?query=ugen&sektion=4">ugen(4)</a>
1.34 jakemsr 133: can now be attached along with other drivers to multifunction devices.
1.57 sthen 134: <li><a href="http://man.openbsd.org/?query=umodem&sektion=4">umodem(4)</a>
1.34 jakemsr 135: now supports more devices.
1.57 sthen 136: <li><a href="http://man.openbsd.org/?query=umsm&sektion=4">umsm(4)</a>
1.40 sthen 137: now supports more mobile broadband devices.
1.34 jakemsr 138: <li>Support for more image processing controls was added to
1.57 sthen 139: <a href="http://man.openbsd.org/?query=uvideo&sektion=4">uvideo(4)</a>.
1.3 deraadt 140: </ul>
141: <p>
142:
143: <li>Generic network stack improvements:
144: <ul>
1.7 dlg 145: <li>Reworking of the MCLGETI livelock algorithm to improve
146: forwarding and host performance under high network load.</li>
1.57 sthen 147: <li>Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by <a href="http://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> in the next release.
1.29 mikeb 148: <li>Added AES-GCM support for IPsec.
1.22 jsing 149: <li>Added automatic send and receive buffer scaling for TCP.
1.57 sthen 150: <li>Added wpakey option to <a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> replacing wpa-psk(8).
1.22 jsing 151: <li>TCP acknowledgments are no longer delayed on the loopback interface.
1.57 sthen 152: <li>Network livelock counters are now exported via <a href="http://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a>.
1.22 jsing 153: <li>A radix tree sorting bug was fixed, which results in significant
154: improvements to IPsec performance under certain conditions.
1.57 sthen 155: <li><a href="http://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a> now decodes Multicast DNS (mDNS) traffic.
156: <li>Wake on Lan support has been added to <a href="http://man.openbsd.org/?query=arp&sektion=8">arp(8)</a>.
157: <li>Enabled MPLS and <a href="http://man.openbsd.org/?query=mpe&sektion=4">mpe(4)</a> by default on GENERIC kernels.</li>
158: <li>Added a mpls option to <a href="http://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> to enable MPLS on a per interface basis replacing the global sysctl knob.</li>
1.35 henning 159: </ul>
160: <p>
161:
1.45 claudio 162: <li>OpenBGPD, OpenOSPFD and other routing daemon improvements:
163: <ul>
1.57 sthen 164: <li><a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> handles various message encoding errors more gracefully now.</li>
165: <li>Notification messages are now logged in <a href="http://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a>.</li>
166: <li><a href="http://man.openbsd.org/?query=ospfd&sektion=8">ospfd(8)</a> will now correctly redistribute overlapping routes.</li>
167: <li><a href="http://man.openbsd.org/?query=ospfctl&sektion=8">ospfctl(8)</a> now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync.</li>
168: <li>Fixed <a href="http://man.openbsd.org/?query=ldpd&sektion=8">ldpd(8)</a>'s message parser to work on all architectures and more LDP messages are now implemented.</li>
169: <li>Various improvements in <a href="http://man.openbsd.org/?query=ospf6d&sektion=8">ospf6d(8)</a>.</li>
1.45 claudio 170: </ul>
171: <p>
1.57 sthen 172: <li><a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> improvements:
1.35 henning 173: <ul>
1.43 deraadt 174: <li>The logging subsystem has been largely rewritten, now logging the
1.44 deraadt 175: translated addresses again instead of the original ones.
1.35 henning 176: <li>match log rules cause a log on the fly, showing the packet exactly
1.57 sthen 177: as <a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> sees it at the moment of evaluating that rule. A packet can also
1.35 henning 178: be logged more than once now.
1.44 deraadt 179: <li>match log(matches) rules allow the further rule matching to be traced.
1.57 sthen 180: <li><a href="http://man.openbsd.org/?query=pflog&sektion=4">pflog(4)</a>
1.25 jsing 181: now includes the original addresses and ports for packets that have been
182: rewritten. This is also displayed by
1.57 sthen 183: <a href="http://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a>.
1.3 deraadt 184: </ul>
185: <p>
186:
1.33 jcs 187: <li>IPsec stack audit was performed, resulting in:
1.29 mikeb 188: <ul>
189: <li>Several potential security problems have been identified and fixed.
190: <li>ARC4 based PRNG code was audited and revamped.
191: <li>New explicit_bzero kernel function was introduced to prevent a compiler
192: from optimizing
1.57 sthen 193: <a href="http://man.openbsd.org/?query=bzero&sektion=3">bzero</a>
1.29 mikeb 194: calls away.
195: </ul>
196: <p>
197:
1.3 deraadt 198: <li>SCSI improvements:
199: <ul>
1.6 dlg 200: <li>Improved safety when detaching SCSI devices by waiting for
1.20 deraadt 201: the completion of pending commands.</li>
1.57 sthen 202: <li>Improved hotplug support on <a href="http://man.openbsd.org/?query=mpi&sektion=4">mpi(4)</a> and
203: <a href="http://man.openbsd.org/?query=mpii&sektion=4">mpii(4)</a>.</li>
1.6 dlg 204: <li>Continued iopoolification of SCSI drivers, notably on
1.57 sthen 205: <a href="http://man.openbsd.org/?query=umass&sektion=4">umass(4)</a> which improves the
1.20 deraadt 206: reliability and performance of multi-LUN devices.</li>
1.57 sthen 207: <li>Added <a href="http://man.openbsd.org/?query=vscsi&sektion=4">vscsi(4)</a>, a driver for
1.33 jcs 208: userland handling of SCSI device commands.
1.57 sthen 209: <li>Added <a href="http://man.openbsd.org/?query=iscsid&sektion=8">iscsid(8)</a>, an iSCSI initiator.
1.21 jsing 210: <li>Forcibly restrict devices incapable of tagged I/O to executing one command at a time.
1.57 sthen 211: <li>Discover and honour read-only status of <a href="http://man.openbsd.org/?query=sd&sektion=4">sd(4)</a> devices.
212: <li>Improve <a href="http://man.openbsd.org/?query=st&sektion=4">st(4)</a> handling of I/O residual information.
213: <li><a href="http://man.openbsd.org/?query=sd&sektion=4">sd(4)</a> devices that can only execute one command at a time (e.g. USB) will now be allowed to spin up if necessary.
214: <li><a href="http://man.openbsd.org/?query=cd&sektion=4">cd(4)</a> will now attach CDROM devices identified as non-removable.
1.3 deraadt 215: </ul>
216: <p>
217:
218: <li>Assorted improvements:
219: <ul>
1.57 sthen 220: <li>Enabled wide character support in <a href="http://man.openbsd.org/?query=ncurses&sektion=3">ncurses(3)</a>.
221: <li>Added <a href="http://man.openbsd.org/?query=nsd&sektion=8">nsd(8)</a>, an authoritative name server implementation.
1.16 krw 222: <li>Disklabel UID support improved and added to more utilities.
1.57 sthen 223: <li><a href="http://man.openbsd.org/?query=rarpd&sektion=8">rarpd(8)</a> now accepts a list of interfaces to listen on.
224: <li><a href="http://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> now accepts 'egress' as an interface name, meaning whichever interface is marked as being in the 'egress' group.
225: <li><a href="http://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> no longer listens on interfaces without a broadcast address (e.g. <a href="http://man.openbsd.org/?query=pflog&sektion=4">pflog(4)</a>).
226: <li><a href="http://man.openbsd.org/?query=who&sektion=1">who(1)</a> now displays as much of the hostname as fits on the line.
227: <li><a href="http://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a> now correctly handles 'net' primitives when processing <a href="http://man.openbsd.org/?query=pflog&sektion=4">pflog(4)</a> traffic.
228: <li><a href="http://man.openbsd.org/?query=fdisk&sektion=8">fdisk(8)</a> now respects failure to read the MBR.
229: <li><a href="http://man.openbsd.org/?query=fdisk&sektion=8">fdisk(8)</a> will no longer infinitely loop when encountering an improperly constructed EBR.
230: <li><a href="http://man.openbsd.org/?query=disklabel&sektion=8">disklabel(8)</a> no longer reuses information from a failed partition addition on the next addition of the same partition.
231: <li>Many unused and obsolete <a href="http://man.openbsd.org/?query=disktab&sektion=5">disktab(5)</a> entries removed.
1.33 jcs 232: <li>Enabled X11 autoconfiguration on <a href="http://www.openbsd.org/sparc.html">sparc</a> and <a href="http://www.openbsd.org/sparc64.html">sparc64</a>.
1.57 sthen 233: <li>Implement attribute syntax from RFC4517 and support bsdauth in <a href="http://man.openbsd.org/?query=ldapd&sektion=8">ldapd(8)</a>.
234: <li>New <a href="http://man.openbsd.org/?query=video&sektion=1">video(1)</a> utility which can record or display images from <a href="http://man.openbsd.org/?query=video&sektion=4">video(4)</a>.
235: <li><a href="http://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a> mod_headers now handles apache2 style RequestHeader directives.
236: <li>UNIX-domain datagram socket support has been added to <a href="http://man.openbsd.org/?query=nc&sektion=1">nc(1)</a> (-uU option).
237: <li>Added support for terabyte units in <a href="http://man.openbsd.org/?query=disklabel&sektion=8">disklabel(8)</a>.
1.23 jsing 238: <li><a href="http://www.openbsd.org/loongson.html">loongson</a> and
239: <a href="http://www.openbsd.org/sgi.html">sgi</a> platforms have been
240: switched over to gcc4.
241: <li><code>ddb cpu</code> support was added to the
242: <a href="http://www.openbsd.org/sgi.html">sgi</a> platform.
243: <li>Fast path TLB miss handling was added to the
244: <a href="http://www.openbsd.org/landisk.html">landisk</a> platform,
245: resulting in a 44-50% gain in performance.
246: <li>PCIe extended configuration space can now be viewed using
1.57 sthen 247: <a href="http://man.openbsd.org/?query=pcidump&sektion=8">pcidump(8)</a> (-xxx option).
1.23 jsing 248: <li>The number of spurious IPIs has been decreased on the
249: <a href="http://www.openbsd.org/amd64.html">amd64</a> platform,
250: resulting in improved performance.
1.25 jsing 251: <li>Numerous improvements and bug fixes to
1.57 sthen 252: <a href="http://man.openbsd.org/?query=tmux&sektion=1">tmux(1)</a>.
1.27 mikeb 253: <li>Considerable robustness and interoperability improvements in the IKEv2
254: daemon
1.57 sthen 255: <a href="http://man.openbsd.org/?query=iked&sektion=8">iked(8)</a>.
1.28 mikeb 256: <li>Skipjack and libdes were retired from the system.
1.31 deraadt 257: CAST-128 implementation was also removed from libc.
1.34 jakemsr 258: <li>Removed some races in the USB subsystem, substantially increasing
259: reliability.
1.41 pirofti 260: <li>Added a few more
1.57 sthen 261: <a href="http://man.openbsd.org/?query=compat_linux&sektion=8&format=html">compat_linux(8)</a>
1.41 pirofti 262: system calls to make it possible for newer versions of applications,
263: such as Skype, to execute.
1.39 sthen 264: <li>OpenBSD-specific package documentation is now centralised in
265: /usr/local/share/doc/pkg-readmes.
1.3 deraadt 266: </ul>
267: <p>
268:
269: <li>Install/Upgrade process changes:
270: <ul>
1.8 deraadt 271: <li>Fixed the hppa CD installation process.
272: <li>Added some more free firmwares to the CD media that could fit them.
273: <li>Make the macppc upgrade script update the boot blocks (oddly, this
1.31 deraadt 274: had been broken a very long time and no one noticed).
1.8 deraadt 275: <li>Teach the install script about the configuration of 802.11 interfaces.
276: Visible networks can be listed, and even configured for WPA.
277: <li>The install script now passes collected entropy better to the
278: system which is booted next.
1.15 krw 279: <li>Upgrade now defaults to checking only the root filesystem.
280: <li>Upgrade no longer checks filesystems with a fs_passno of 0.
281: <li>Upgrade now asks if it should proceed even if one or more filesystem mounts fail.
1.57 sthen 282: <li>Installer now configures <a href="http://man.openbsd.org/?query=ntpd&sektion=8">ntpd(8)</a> to use all provided time source IPs.
1.3 deraadt 283: </ul>
284: <p>
285:
1.57 sthen 286: <li>New <a href="http://man.openbsd.org/?query=rc.d&sektion=8">rc.d(8)</a>
1.12 ajacouto 287: for starting, stopping and reconfiguring package daemons:
288: <ul>
1.57 sthen 289: <li>The <a href="http://man.openbsd.org/?query=rc.subr&sektion=8">rc.subr(8)</a>
1.12 ajacouto 290: framework allows for easy creation of rc scripts.
291: This framework is still evolving.
292: <li>Only a handful of packages have migrated for now.
293: <li>rc.local can still be used instead of or in addition to
1.57 sthen 294: <a href="http://man.openbsd.org/?query=rc.d&sektion=8">rc.d(8)</a>.
1.12 ajacouto 295: </ul>
296: <p>
297:
1.4 sobrado 298: <li>OpenSSH 5.8:
1.3 deraadt 299: <ul>
300: <li>New features:
1.4 sobrado 301: <ul>
302: <li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
303: and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
304: offer better performance than plain DH and DSA at the same
305: equivalent symmetric key length, as well as much shorter keys.</li>
1.57 sthen 306: <li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>
1.4 sobrado 307: and
1.57 sthen 308: <a href="http://man.openbsd.org/?query=sftp-server&sektion=8">sftp-server(8)</a>:
1.4 sobrado 309: add a protocol extension to support a hard link operation. It is
310: available through the "ln" command in the client. The old "ln"
311: behaviour of creating a symlink is available using its "-s" option
312: or through the preexisting "symlink" command.</li>
1.57 sthen 313: <li><a href="http://man.openbsd.org/?query=scp&sektion=1">scp(1)</a>:
1.4 sobrado 314: Add a new -3 option to scp: Copies between two remote hosts are
315: transferred through the local host. Without this option the data is
316: copied directly between the two remote hosts.</li>
1.57 sthen 317: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.4 sobrado 318: automatically order the hostkeys requested by the client based on
319: which hostkeys are already recorded in known_hosts. This avoids
320: hostkey warnings when connecting to servers with new ECDSA keys,
321: since these are now preferred when learning hostkeys for the first
322: time.</li>
1.57 sthen 323: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>
1.4 sobrado 324: and
1.57 sthen 325: <a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.4 sobrado 326: add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values
327: instead of hardcoding lowdelay/throughput. (bz#1733)</li>
1.57 sthen 328: <li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>:
1.4 sobrado 329: the sftp client is now significantly faster at performing directory
330: listings, using OpenBSD glob(3) extensions to preserve the results
331: of stat(3) operations performed in the course of its execution
332: rather than performing expensive round trips to fetch them again
333: afterwards.</li>
1.57 sthen 334: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.4 sobrado 335: "atomically" create the listening mux socket by binding it on a
336: temporary name and then linking it into position after listen() has
337: succeeded. This allows the mux clients to determine that the server
338: socket is either ready or stale without races. Stale server sockets
339: are now automatically removed. (also fixes bz#1711)</li>
1.57 sthen 340: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>
1.4 sobrado 341: and
1.57 sthen 342: <a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.4 sobrado 343: add a <em>KexAlgorithms</em> knob to the client and server
344: configuration to allow selection of which key exchange methods are
345: used by
1.57 sthen 346: <a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>
1.4 sobrado 347: and
1.57 sthen 348: <a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>
1.4 sobrado 349: and their order of preference.</li>
1.57 sthen 350: <li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>
1.4 sobrado 351: and
1.57 sthen 352: <a href="http://man.openbsd.org/?query=scp&sektion=1">scp(1)</a>:
1.4 sobrado 353: factor out bandwidth limiting code from
1.57 sthen 354: <a href="http://man.openbsd.org/?query=scp&sektion=1">scp(1)</a>
1.4 sobrado 355: into a generic bandwidth limiter that can be attached using the
356: <em>atomicio</em> callback mechanism and use it to add a bandwidth
357: limit option to
1.57 sthen 358: <a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>.
1.4 sobrado 359: (bz#1147)</li>
1.3 deraadt 360: </ul>
361: <li>The following significant bugs have been fixed in this release:
362: <ul>
1.57 sthen 363: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>
1.4 sobrado 364: and
1.57 sthen 365: <a href="http://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
1.4 sobrado 366: honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary
367: directories. (bz#1809)</li>
1.57 sthen 368: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.4 sobrado 369: avoid <em>NULL</em> deref on receiving a channel request on an
370: unknown or invalid channel. (bz#1842)</li>
1.57 sthen 371: <li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.4 sobrado 372: remove a <em>debug()</em> that pollutes stderr on client connecting
373: to a server in debug mode. (bz#1719)</li>
1.57 sthen 374: <li><a href="http://man.openbsd.org/?query=scp&sektion=1">scp(1)</a>:
1.4 sobrado 375: pass through ssh command-line flags and options when doing
376: remote-remote transfers, e.g. to enable agent forwarding which is
377: particularly useful in this case. (bz#1837)</li>
1.57 sthen 378: <li><a href="http://man.openbsd.org/?query=sftp-server&sektion=8">sftp-server(8)</a>:
1.4 sobrado 379: <em>umask</em> should be parsed as octal.</li>
1.57 sthen 380: <li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>:
1.5 sobrado 381: escape '[' in filename tab-completion.</li>
1.57 sthen 382: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.4 sobrado 383: Typo in confirmation message. (bz#1827)</li>
1.57 sthen 384: <li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.4 sobrado 385: prevent <em>free()</em> of string in <em>.rodata</em> when
386: overriding <em>AuthorizedKeys</em> in a <em>Match</em> block.</li>
1.57 sthen 387: <li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.5 sobrado 388: Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is "".</li>
1.57 sthen 389: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.4 sobrado 390: kill proxy command on <em>fatal()</em> (we already killed it on
391: clean exit).</li>
1.57 sthen 392: <li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.5 sobrado 393: install a <em>SIGCHLD</em> handler to reap expired child process.
1.4 sobrado 394: (bz#1812)</li>
395: <li>Support building against openssl-1.0.0a</li>
396: <li>Fix vulnerability in legacy certificate signing introduced in
397: OpenSSH-5.6 and found by Mateusz Kocielski.</li>
1.3 deraadt 398: </ul>
399: </ul>
400: <p>
401:
402: <li>Mandoc 1.10.9:
403: <ul>
1.57 sthen 404: <li>New integrated <a href="http://man.openbsd.org/?query=tbl&sektion=7">tbl(7)</a> parser and renderer.
405: <li>Support the <a href="http://man.openbsd.org/?query=roff&sektion=7">roff(7)</a> .de, .rm, and .so requests.
406: <li>Support all roff code used in the standard <a href="http://man.openbsd.org/?query=pod2man&sektion=1">pod2man(1)</a> preamble.
407: <li>Fully support roff quoting in <a href="http://man.openbsd.org/?query=man&sektion=7">man(7)</a> documents.
1.3 deraadt 408: <li>Mandoc now copes with most formatting errors that used to be fatal.
409: <li>Much simplified and improved reporting of errors and warnings.
410: <li>Significantly improved -Thtml output quality.
411: <li>The ports tree now allows ports to use either mandoc or groff
412: to render manuals.
413: </ul>
414: <p>
415:
1.14 deraadt 416: <li>Over 6,800 ports, major robustness and speed improvements in package tools.
1.3 deraadt 417: <li>Many pre-built packages for each architecture:
418: <table border=0 cellspacing=0 cellpadding=2 width="95%">
419: <tr>
420: <td valign="top" width="25%">
421: <ul>
422: <li>i386: 6620
423: <li>sparc64: 6225
424: <li>alpha: 6000
425: </ul></td><td valign=top width="25%"><ul>
1.20 deraadt 426: <li>sh: 3656
1.3 deraadt 427: <li>amd64: 6570
428: <li>powerpc: 6272
429: </ul></td><td valign=top width="25%"><ul>
430: <li>sparc: 4184
1.20 deraadt 431: <li>arm: 5679
1.8 deraadt 432: <li>hppa: 5838
1.3 deraadt 433: </ul></td><td valign=top width="25%"><ul>
434: <li>vax: 1068
435: <li>mips64: 5492
436: <li>mips64el: 5499
437: </ul></td></tr></table>
438: Some highlights:
439: <ul>
440: <li>Gnome 2.32.1.
441: <li>KDE 3.5.10.
442: <li>Xfce 4.8.0.
443: <li>MySQL 5.1.54.
444: <li>PostgreSQL 9.0.3.
445: <li>Postfix 2.7.2.
446: <li>OpenLDAP 2.3.43 and 2.4.23.
447: <li>Mozilla Firefox 3.5.16 and 3.6.13.
448: <li>Mozilla Thunderbird 3.1.7.
449: <li>OpenOffice.org 3.3.0rc9.
1.26 jasper 450: <li>LibreOffice 3.3.0.4.
1.3 deraadt 451: <li>Emacs 21.4 and 22.3.
452: <li>Vim 7.3.3.
453: <li>PHP 5.2.16.
454: <li>Python 2.4.6, 2.5.4 and 2.6.6.
455: <li>Ruby 1.8.7.330 and 1.9.2.136.
456: <li>Mono 2.8.2.
1.26 jasper 457: <li>Chromium 9.0.597.94.
1.3 deraadt 458: </ul>
459: <p>
460:
461: <li>As usual, steady improvements in manual pages and other documentation.
462: <p>
463:
464: <li>The system includes the following major components from outside suppliers:
465: <ul>
1.13 matthieu 466: <li>Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
467: freetype 2.4.4,
1.19 stsp 468: fontconfig 2.8.0, Mesa 7.8.2, xterm 267 and more)
1.20 deraadt 469: <li>Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+ patches)
470: <li>Perl 5.12.2 (+ patches)
1.3 deraadt 471: <li>Our improved and secured version of Apache 1.3, with SSL/TLS
1.20 deraadt 472: and DSO support
473: <li>OpenSSL 1.0.0a (+ patches)
474: <li>Sendmail 8.14.3, with libmilter
475: <li>Bind 9.4.2-P2 (+ patches)
476: <li>Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
477: <li>Sudo 1.7.2p8
478: <li>Ncurses 5.7
479: <li>Heimdal 0.7.2 (+ patches)
480: <li>Arla 0.35.7
481: <li>Binutils 2.15 (+ patches)
482: <li>Gdb 6.3 (+ patches)
1.3 deraadt 483: </ul>
1.1 deraadt 484: <p>
485:
486: </ul>
487:
488: <a name="install"></a>
489: <hr>
490: <p>
491: <h3><font color="#0000e0">How to install</font></h3>
492: <p>
493: Following this are the instructions which you would have on a piece of
494: paper if you had purchased a CDROM set instead of doing an alternate
495: form of install. The instructions for doing an FTP (or other style
496: of) install are very similar; the CDROM instructions are left intact
497: so that you can see how much easier it would have been if you had
498: purchased a CDROM instead.
499: <p>
500:
501: <hr>
502: Please refer to the following files on the three CDROMs or FTP mirror for
503: extensive details on how to install OpenBSD 4.9 on your machine:
504: <p>
505: <ul>
506: <li>CD1:4.9/i386/INSTALL.i386
507: <p>
508: <li>CD2:4.9/amd64/INSTALL.amd64
509: <li>CD2:4.9/macppc/INSTALL.macppc
510: <p>
511: <li>CD3:4.9/sparc64/INSTALL.sparc64
512: <p>
513: <li>FTP:.../OpenBSD/4.9/alpha/INSTALL.alpha
514: <li>FTP:.../OpenBSD/4.9/armish/INSTALL.armish
515: <li>FTP:.../OpenBSD/4.9/hp300/INSTALL.hp300
516: <li>FTP:.../OpenBSD/4.9/hppa/INSTALL.hppa
517: <li>FTP:.../OpenBSD/4.9/landisk/INSTALL.landisk
518: <li>FTP:.../OpenBSD/4.9/loongson/INSTALL.loongson
519: <li>FTP:.../OpenBSD/4.9/mvme68k/INSTALL.mvme68k
520: <li>FTP:.../OpenBSD/4.9/mvme88k/INSTALL.mvme88k
521: <li>FTP:.../OpenBSD/4.9/sgi/INSTALL.sgi
522: <li>FTP:.../OpenBSD/4.9/socppc/INSTALL.socppc
523: <li>FTP:.../OpenBSD/4.9/sparc/INSTALL.sparc
524: <li>FTP:.../OpenBSD/4.9/vax/INSTALL.vax
525: <li>FTP:.../OpenBSD/4.9/zaurus/INSTALL.zaurus
526: </ul>
527: <hr>
528:
529: <p>
530: Quick installer information for people familiar with OpenBSD, and the
531: use of the "disklabel -E" command. If you are at all confused when
532: installing OpenBSD, read the relevant INSTALL.* file as listed above!
533: <p>
534:
535: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
536: <ul>
537: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
538: release is on CD1. If your BIOS does not support booting from CD, you will need
539: to create a boot floppy to install from. To create a boot floppy write
540: <i>CD1:4.9/i386/floppy49.fs</i> to a floppy and boot via the floppy drive.
541:
542: <p>
543: Use <i>CD1:4.9/i386/floppyB49.fs</i> instead for greater SCSI controller
544: support, or <i>CD1:4.9/i386/floppyC49.fs</i> for better laptop support.
545:
546: <p>
547: If you can't boot from a CD or a floppy disk,
548: you can install across the network using PXE as described in
549: the included INSTALL.i386 document.
550:
551: <p>
552: If you are planning on dual booting OpenBSD with another OS, you will need to
553: read INSTALL.i386.
554:
555: <p>
556: To make a boot floppy under MS-DOS, use the "rawrite" utility located
557: at <i>CD1:4.9/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
558: use the
1.57 sthen 559: <a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>
1.1 deraadt 560: utility. The following is an example usage of
1.57 sthen 561: <a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>,
1.1 deraadt 562: where the device could be "floppy", "rfd0c", or
563: "rfd0a".
564:
565: <ul><pre>
566: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
567: </pre></ul>
568:
569: <p>
570: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
571: your install will most likely fail. For more information on creating a boot
572: floppy and installing OpenBSD/i386 please refer to
1.59 ! tj 573: <a href="faq/faq4.html#MkFlop">this page</a>.
1.1 deraadt 574: </ul>
575:
576: <p>
577: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
578: <ul>
579: The 4.9 release of OpenBSD/amd64 is located on CD2.
580: Boot from the CD to begin the install - you may need to adjust
581: your BIOS options first.
582: If you can't boot from the CD, you can create a boot floppy to install from.
583: To do this, write <i>CD2:4.9/amd64/floppy49.fs</i> to a floppy, then
584: boot from the floppy drive.
585:
586: <p>
587: If you can't boot from a CD or a floppy disk,
588: you can install across the network using PXE as described in the included
589: INSTALL.amd64 document.
590:
591: <p>
592: If you are planning to dual boot OpenBSD with another OS, you will need to
593: read INSTALL.amd64.
594: </ul>
595:
596: <p>
597: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
598: <ul>
599: Put CD2 in your CDROM drive and poweron your machine while holding down the
600: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
601:
602: <p>
603: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
604: /4.9/macppc/bsd.rd</i>
605: </ul>
606:
607: <p>
608: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
609: <ul>
610: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
611:
612: <p>
613: If this doesn't work, or if you don't have a CDROM drive, you can write
614: <i>CD3:4.9/sparc64/floppy49.fs</i> or <i>CD3:4.9/sparc64/floppyB49.fs</i>
615: (depending on your machine) to a floppy and boot it with <i>boot
616: floppy</i>. Refer to INSTALL.sparc64 for details.
617:
618: <p>
619: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
620: will most likely fail.
621:
622: <p>
623: You can also write <i>CD3:4.9/sparc64/miniroot49.fs</i> to the swap partition on
624: the disk and boot with <i>boot disk:b</i>.
625:
626: <p>
627: If nothing works, you can boot over the network as described in INSTALL.sparc64.
628: </ul>
629:
630: <p>
631: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
632: <ul>
633: <p>Write <i>FTP:4.9/alpha/floppy49.fs</i> or
634: <i>FTP:4.9/alpha/floppyB49.fs</i> (depending on your machine) to a diskette and
635: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
636:
637: <p>
638: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
639: will most likely fail.
640:
641: </ul>
642:
643: <p>
644: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
645: <ul>
646: <p>
647: After connecting a serial port, Thecus can boot directly from the network
648: either tftp or http. Configure the network using fconfig, reset,
649: then load bsd.rd, see INSTALL.armish for specific details.
650: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
651: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
652: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
653: More details are available in INSTALL.armish.
654: </ul>
655:
656: <p>
657: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
658: <ul>
659: <p>
660: Boot over the network by following the instructions in INSTALL.hp300.
661: </ul>
662:
663: <p>
664: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
665: <ul>
666: <p>
667: Boot over the network by following the instructions in INSTALL.hppa or the
668: <a href="hppa.html#install">hppa platform page</a>.
669: </ul>
670:
671: <p>
672: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
673: <ul>
674: <p>
675: Write <i>miniroot49.fs</i> to the start of the CF
676: or disk, and boot normally.
677: </ul>
678:
679: <p>
680: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
681: <ul>
682: <p>
683: Write <i>miniroot49.fs</i> to a USB stick and boot bsd.rd from it
684: or boot bsd.rd via tftp.
685: Refer to the instructions in INSTALL.loongson for more details.
686: </ul>
687: <p>
688:
689: <p>
690: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
691: <ul>
692: <p>
693: You can create a bootable installation tape or boot over the network.<br>
694: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
695: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
696: for more details.
697: </ul>
698:
699: <p>
700: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
701: <ul>
702: <p>
703: You can create a bootable installation tape or boot over the network.<br>
704: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
705: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
706: for more details.
707: </ul>
708:
709: <p>
710: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
711: <ul>
712: <p>
713: To install on an O2, burn cd49.iso on a CD-R, put it in the CD drive of your
714: machine and select <i>Install System Software</i> from the System Maintenance
715: menu.
716:
717: <p>
718: On other systems, or if your machine doesn't have a CD drive, you can
719: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
720: the kernel matching your system type.
721: Refer to the instructions in INSTALL.sgi for more details.
722: </ul>
723:
724: <p>
725: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
726: <ul>
727: <p>
728: After connecting a serial port, boot over the network via DHCP/tftp.
729: Refer to the instructions in INSTALL.socppc for more details.
730: </ul>
731:
732: <p>
733: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
734: <ul>
735: Boot from one of the provided install ISO images, using one of the two
736: commands listed below, depending on the version of your ROM.
737:
738: <ul><pre>
739: ok <strong>boot cdrom 4.9/sparc/bsd.rd</strong>
740: or
741: > <strong>b sd(0,6,0)4.9/sparc/bsd.rd</strong>
742: </pre></ul>
743:
744: <p>
745: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
746: To do so you need to write <i>floppy49.fs</i> to a floppy.
1.59 ! tj 747: For more information see <a href="faq/faq4.html#MkFlop">this page</a>.
1.1 deraadt 748: To boot from the floppy use one of the two commands listed below,
749: depending on the version of your ROM.
750:
751: <ul><pre>
752: ok <strong>boot floppy</strong>
753: or
754: > <strong>b fd()</strong>
755: </pre></ul>
756:
757: <p>
758: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
759: will most likely fail.
760:
761: <p>
762: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
763: setup a bootable tape, or install via network, as told in the
764: INSTALL.sparc file.
765: </ul>
766:
767: <p>
768: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
769: <ul>
770: Boot over the network via mopbooting as described in INSTALL.vax.
771: </ul>
772:
773: <p>
774: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
775: <ul>
776: <p>
777: Using the Linux built-in graphical ipkg installer, install the
778: openbsd49_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
779: for a few important details.
780: </ul>
781:
782: <p>
783: <h3><font color="#e00000">Notes about the source code:</font></h3>
784: <ul>
785: src.tar.gz contains a source archive starting at /usr/src. This file
786: contains everything you need except for the kernel sources, which are
787: in a separate archive. To extract:
788: <p>
789: <ul><pre>
790: # <strong>mkdir -p /usr/src</strong>
791: # <strong>cd /usr/src</strong>
792: # <strong>tar xvfz /tmp/src.tar.gz</strong>
793: </pre></ul>
794: <p>
795: sys.tar.gz contains a source archive starting at /usr/src/sys.
796: This file contains all the kernel sources you need to rebuild kernels.
797: To extract:
798: <p>
799: <ul><pre>
800: # <strong>mkdir -p /usr/src/sys</strong>
801: # <strong>cd /usr/src</strong>
802: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
803: </pre></ul>
804: <p>
805: Both of these trees are a regular CVS checkout. Using these trees it
806: is possible to get a head-start on using the anoncvs servers as
807: described <a href="anoncvs.html">here</a>.
808: Using these files
809: results in a much faster initial CVS update than you could expect from
810: a fresh checkout of the full OpenBSD source tree.
811: <p>
812: </ul>
813:
814: <a name="upgrade"></a>
815: <hr>
816: <p>
817: <h3><font color="#0000e0">How to upgrade</font></h3>
818: <p>
1.2 deraadt 819: If you already have an OpenBSD 4.8 system, and do not want to reinstall,
1.1 deraadt 820: upgrade instructions and advice can be found in the
821: <a href="faq/upgrade49.html">Upgrade Guide</a>.
822:
823: <a name="ports"></a>
824: <hr>
825: <p>
826: <h3><font color="#0000e0">Ports Tree</font></h3>
827: <p>
828: A ports tree archive is also provided. To extract:
829: <p>
830: <ul><pre>
831: # <strong>cd /usr</strong>
832: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
833: # <strong>cd ports</strong>
834: </pre></ul>
835: <p>
836: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
837: read the <a href="faq/ports/index.html">ports</a> page
838: if you know nothing about ports
839: at this point. This text is not a manual of how to use ports.
840: Rather, it is a set of notes meant to kickstart the user on the
841: OpenBSD ports system.
842: <p>
843: The <i>ports/</i> directory represents a CVS (see the manpage for
1.57 sthen 844: <a href="http://man.openbsd.org/?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386">
1.1 deraadt 845: cvs(1)</a> if
846: you aren't familiar with CVS) checkout of our ports. As with our complete
847: source tree, our ports tree is available via anoncvs. So, in
848: order to keep current with it, you must make the <i>ports/</i> tree
849: available on a read-write medium and update the tree with a command
850: like:
851: <p>
852: <ul><pre>
853: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_9</strong>
854: </pre></ul>
855: <p>
856: [Of course, you must replace the local directory and server name here
857: with the location of your ports collection and a nearby anoncvs
858: server.]
859: <p>
860: Note that most ports are available as packages through FTP. Updated
861: packages for the 4.9 release will be made available if problems arise.
862: <p>
863: If you're interested in seeing a port added, would like to help out, or just
864: would like to know more, the mailing list ports@openbsd.org is a good
865: place to know.
866: <p>
867:
868: </body>
869: </html>