Annotation of www/49.html, Revision 1.65
1.64 bentley 1: <!doctype html>
2: <html lang=en id=release>
3: <meta charset=utf-8>
4:
1.48 deraadt 5: <title>OpenBSD 4.9</title>
1.19 stsp 6: <meta name="description" content="OpenBSD 4.9">
1.58 tj 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.60 tb 9: <link rel="canonical" href="https://www.openbsd.org/49.html">
1.64 bentley 10: <style>
11: #sourcecode h3 {
12: color: var(--red);
13: }
14:
15: #sourcecode p {
16: margin-left: 2.75em;
17: }
18:
19: #sourcecode blockquote {
20: margin-left: 4.5em;
21: }
22: </style>
1.1 deraadt 23:
1.64 bentley 24: <h2 id=OpenBSD>
1.1 deraadt 25: <a href="index.html">
1.64 bentley 26: <i>Open</i><b>BSD</b></a>
27: 4.9
1.58 tj 28: </h2>
1.1 deraadt 29:
1.64 bentley 30: <table>
31: <tr>
32: <td>
1.1 deraadt 33: <a href="images/Hitchhiker.jpg">
1.64 bentley 34: <img width="227" height="343" src="images/Hitchhiker.jpg" alt="Hitchhiker"></a>
35: <td>
1.1 deraadt 36: Released May 1, 2011<br>
37: Copyright 1997-2011, Theo de Raadt.<br>
1.64 bentley 38: <cite class=isbn>ISBN 978-0-9784475-7-1</cite>
1.1 deraadt 39: <br>
1.55 deraadt 40: 4.9 Song: <a href="lyrics.html#49">"The Answer"</a>
1.63 deraadt 41: <br>
42: <br>
1.1 deraadt 43: <ul>
44: <li>See the information on <a href="ftp.html">The FTP page</a> for
45: a list of mirror machines.
1.64 bentley 46: <li>Go to the <code class=reldir>pub/OpenBSD/4.9/</code> directory on
1.1 deraadt 47: one of the mirror sites.
48: <li>Have a look at <a href="errata49.html">The 4.9 Errata page</a> for a list
49: of bugs and workarounds.
50: <li>See a <a href="plus49.html">detailed log of changes</a> between the
51: 4.8 and 4.9 releases.
52: </ul>
1.58 tj 53: <p>
54: All applicable copyrights and credits are in the src.tar.gz,
55: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
56: files fetched via ports.tar.gz.
1.64 bentley 57: </table>
1.58 tj 58:
59: <hr>
1.1 deraadt 60:
1.64 bentley 61: <section id=new>
62: <h3>What's New</h3>
63:
1.1 deraadt 64: <p>
65: This is a partial list of new features and systems included in OpenBSD 4.9.
66: For a comprehensive list, see the <a href="plus49.html">changelog</a> leading
67: to 4.9.
68: <p>
69:
70: <ul>
71:
1.3 deraadt 72: <li>New/extended platforms:
73: <ul>
1.60 tb 74: <li><a href="amd64.html">OpenBSD/amd64</a>
75: and <a href="i386.html">OpenBSD/i386</a>:
1.3 deraadt 76: <ul>
1.64 bentley 77: <li>Enabled <a href="https://man.openbsd.org/mount_ntfs.8">NTFS</a> by default (read-only) on GENERIC kernels.
78: <li>Enabled the <a href="https://man.openbsd.org/vmt.4">vmt(4)</a> driver by default for VMWare tools support as a guest.
1.11 jj 79: <li>SMP kernels can now boot on machines with up to 64 cores.
80: <li>Maximum allocation size for i386 bumped to 2G.
1.19 stsp 81: <li>Handle >16 disks when searching for kernel boot device.
1.37 jsg 82: <li>Added support for AES-NI instructions found in recent Intel
83: processors.
1.31 deraadt 84: <li>Further improvements in suspend and resume.
85: <li>Processes are now switched to TSS per cpu on the
1.60 tb 86: <a href="amd64.html">amd64</a> platform,
1.31 deraadt 87: resulting in removal of the old limit of ~4000 processes.
1.3 deraadt 88: </ul>
1.60 tb 89: <li><a href="hppa.html">OpenBSD/hppa</a>:
1.21 jsing 90: <ul>
91: <li>Multiprocessor support.
92: </ul>
1.60 tb 93: <li><a href="loongson.html">OpenBSD/loongson</a>
94: and <a href="sgi.html">OpenBSD/sgi</a>:
1.3 deraadt 95: <ul>
1.25 jsing 96: <li>All MIPS64 based platforms now use MI softfloat code, which
97: implements all MIPS IV specified floating point operations.
1.3 deraadt 98: </ul>
1.60 tb 99: <li><a href="sparc64.html">OpenBSD/sparc64</a>:
1.3 deraadt 100: <ul>
1.64 bentley 101: <li>The <a href="https://man.openbsd.org/sparc64/vdsp.4">vdsp(4)</a> driver now supports the vDisk 1.1
1.25 jsing 102: protocol, allowing Solaris to run on top of an OpenBSD
103: control domain.
1.3 deraadt 104: </ul>
105: </ul>
106: <p>
107:
108: <li>Improved hardware support, including:
109: <ul>
1.64 bentley 110: <li>New <a href="https://man.openbsd.org/vte.4">vte(4)</a>
1.65 ! deraadt 111: driver for RDC R6040 10/100 Ethernet devices.
1.64 bentley 112: <li>New <a href="https://man.openbsd.org/rdcphy.4">rdcphy(4)</a>
1.10 jsg 113: driver for RDC Semiconductor R6040 10/100 Ethernet PHY.
1.64 bentley 114: <li>New <a href="https://man.openbsd.org/rsu.4">rsu(4)</a>
1.33 jcs 115: driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU USB IEEE 802.11b/g/n wireless devices.
1.64 bentley 116: <li>New <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
1.33 jcs 117: driver for Realtek RTL8188CU/RTL8192CU USB IEEE 802.11b/g/n wireless devices.
1.64 bentley 118: <li>New <a href="https://man.openbsd.org/utwitch.4">utwitch(4)</a>
1.10 jsg 119: driver for YUREX USB twitch/jiggle of knee sensor.
1.33 jcs 120: <li>Support for AR9271, AR9280+AR7010 and AR9287+AR7010 USB IEEE 802.11a/g/n wireless
1.64 bentley 121: adapters has been added to <a href="https://man.openbsd.org/athn.4">athn(4)</a>.
1.10 jsg 122: <li>Support for 82583V
1.64 bentley 123: has been added to <a href="https://man.openbsd.org/em.4">em(4)</a>.
1.10 jsg 124: <li>Support for Yukon 88E8059
1.64 bentley 125: has been added to <a href="https://man.openbsd.org/msk.4">msk(4)</a>.
1.10 jsg 126: <li>Support for SiS191
1.64 bentley 127: has been added to <a href="https://man.openbsd.org/se.4">se(4)</a>.
1.10 jsg 128: <li>Support for SAS2004
1.64 bentley 129: has been added to <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
1.10 jsg 130: <li>Support for NVIDIA MCP89 SATA
1.64 bentley 131: has been added to <a href="https://man.openbsd.org/pciide.4">pciide(4)</a>.
1.30 deraadt 132: <li>Support for Mobility Radeon HD 4200
1.64 bentley 133: has been added to <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>.
134: <li><a href="https://man.openbsd.org/pms.4">pms(4)</a> support has been significantly reworked and expanded.
135: <li>MCLGETI support has been added to <a href="https://man.openbsd.org/xl.4">xl(4)</a>.
1.24 jsing 136: <li>Support for low latency interrupt modulation has been added to
1.64 bentley 137: <a href="https://man.openbsd.org/ix.4">ix(4)</a>.
1.24 jsing 138: <li>Port multiplier support has been added to
1.64 bentley 139: <a href="https://man.openbsd.org/ahci.4">ahci(4)</a> and
140: <a href="https://man.openbsd.org/sili.4">sili(4)</a>.
141: <li>Support for Sun XVR-300 graphics has been added to <a href="https://man.openbsd.org/sparc64/radeonfb.4">radeonfb(4)</a>.
1.24 jsing 142: <li>Added workaround for BCM5906 A0/1/2 controller silicon bug in
1.64 bentley 143: <a href="https://man.openbsd.org/bge.4">bge(4)</a>.
144: <li><a href="https://man.openbsd.org/ugen.4">ugen(4)</a>
1.34 jakemsr 145: can now be attached along with other drivers to multifunction devices.
1.64 bentley 146: <li><a href="https://man.openbsd.org/umodem.4">umodem(4)</a>
1.34 jakemsr 147: now supports more devices.
1.64 bentley 148: <li><a href="https://man.openbsd.org/umsm.4">umsm(4)</a>
1.40 sthen 149: now supports more mobile broadband devices.
1.34 jakemsr 150: <li>Support for more image processing controls was added to
1.64 bentley 151: <a href="https://man.openbsd.org/uvideo.4">uvideo(4)</a>.
1.3 deraadt 152: </ul>
153: <p>
154:
155: <li>Generic network stack improvements:
156: <ul>
1.7 dlg 157: <li>Reworking of the MCLGETI livelock algorithm to improve
1.65 ! deraadt 158: forwarding and host performance under high network load.
1.64 bentley 159: <li>Added support for socket splicing; sockets can be temporarily connected so that the kernel moves data without userland intervention. This will be used by <a href="https://man.openbsd.org/relayd.8">relayd(8)</a> in the next release.
1.29 mikeb 160: <li>Added AES-GCM support for IPsec.
1.22 jsing 161: <li>Added automatic send and receive buffer scaling for TCP.
1.64 bentley 162: <li>Added wpakey option to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> replacing wpa-psk(8).
1.22 jsing 163: <li>TCP acknowledgments are no longer delayed on the loopback interface.
1.64 bentley 164: <li>Network livelock counters are now exported via <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a>.
1.22 jsing 165: <li>A radix tree sorting bug was fixed, which results in significant
166: improvements to IPsec performance under certain conditions.
1.64 bentley 167: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> now decodes Multicast DNS (mDNS) traffic.
168: <li>Wake on Lan support has been added to <a href="https://man.openbsd.org/arp.8">arp(8)</a>.
1.65 ! deraadt 169: <li>Enabled MPLS and <a href="https://man.openbsd.org/mpe.4">mpe(4)</a> by default on GENERIC kernels.
! 170: <li>Added a mpls option to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> to enable MPLS on a per interface basis replacing the global sysctl knob.
1.35 henning 171: </ul>
172: <p>
173:
1.45 claudio 174: <li>OpenBGPD, OpenOSPFD and other routing daemon improvements:
175: <ul>
1.65 ! deraadt 176: <li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> handles various message encoding errors more gracefully now.
! 177: <li>Notification messages are now logged in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
! 178: <li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> will now correctly redistribute overlapping routes.
! 179: <li><a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a> now prints the LSDB checksum in the show summary output for quick verification that two LSDBs are in sync.
! 180: <li>Fixed <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>'s message parser to work on all architectures and more LDP messages are now implemented.
! 181: <li>Various improvements in <a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>.
1.45 claudio 182: </ul>
183: <p>
1.64 bentley 184: <li><a href="https://man.openbsd.org/pf.4">pf(4)</a> improvements:
1.35 henning 185: <ul>
1.43 deraadt 186: <li>The logging subsystem has been largely rewritten, now logging the
1.44 deraadt 187: translated addresses again instead of the original ones.
1.35 henning 188: <li>match log rules cause a log on the fly, showing the packet exactly
1.64 bentley 189: as <a href="https://man.openbsd.org/pf.4">pf(4)</a> sees it at the moment of evaluating that rule. A packet can also
1.35 henning 190: be logged more than once now.
1.44 deraadt 191: <li>match log(matches) rules allow the further rule matching to be traced.
1.64 bentley 192: <li><a href="https://man.openbsd.org/pflog.4">pflog(4)</a>
1.25 jsing 193: now includes the original addresses and ports for packets that have been
194: rewritten. This is also displayed by
1.64 bentley 195: <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
1.3 deraadt 196: </ul>
197: <p>
198:
1.33 jcs 199: <li>IPsec stack audit was performed, resulting in:
1.29 mikeb 200: <ul>
201: <li>Several potential security problems have been identified and fixed.
202: <li>ARC4 based PRNG code was audited and revamped.
203: <li>New explicit_bzero kernel function was introduced to prevent a compiler
204: from optimizing
1.64 bentley 205: <a href="https://man.openbsd.org/bzero.3">bzero</a>
1.29 mikeb 206: calls away.
207: </ul>
208: <p>
209:
1.3 deraadt 210: <li>SCSI improvements:
211: <ul>
1.6 dlg 212: <li>Improved safety when detaching SCSI devices by waiting for
1.65 ! deraadt 213: the completion of pending commands.
1.64 bentley 214: <li>Improved hotplug support on <a href="https://man.openbsd.org/mpi.4">mpi(4)</a> and
1.65 ! deraadt 215: <a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
1.6 dlg 216: <li>Continued iopoolification of SCSI drivers, notably on
1.64 bentley 217: <a href="https://man.openbsd.org/umass.4">umass(4)</a> which improves the
1.65 ! deraadt 218: reliability and performance of multi-LUN devices.
1.64 bentley 219: <li>Added <a href="https://man.openbsd.org/vscsi.4">vscsi(4)</a>, a driver for
1.33 jcs 220: userland handling of SCSI device commands.
1.64 bentley 221: <li>Added <a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a>, an iSCSI initiator.
1.21 jsing 222: <li>Forcibly restrict devices incapable of tagged I/O to executing one command at a time.
1.64 bentley 223: <li>Discover and honour read-only status of <a href="https://man.openbsd.org/sd.4">sd(4)</a> devices.
224: <li>Improve <a href="https://man.openbsd.org/st.4">st(4)</a> handling of I/O residual information.
225: <li><a href="https://man.openbsd.org/sd.4">sd(4)</a> devices that can only execute one command at a time (e.g. USB) will now be allowed to spin up if necessary.
226: <li><a href="https://man.openbsd.org/cd.4">cd(4)</a> will now attach CDROM devices identified as non-removable.
1.3 deraadt 227: </ul>
228: <p>
229:
230: <li>Assorted improvements:
231: <ul>
1.64 bentley 232: <li>Enabled wide character support in <a href="https://man.openbsd.org/ncurses.3">ncurses(3)</a>.
233: <li>Added <a href="https://man.openbsd.org/nsd.8">nsd(8)</a>, an authoritative name server implementation.
1.16 krw 234: <li>Disklabel UID support improved and added to more utilities.
1.64 bentley 235: <li><a href="https://man.openbsd.org/rarpd.8">rarpd(8)</a> now accepts a list of interfaces to listen on.
236: <li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> now accepts 'egress' as an interface name, meaning whichever interface is marked as being in the 'egress' group.
237: <li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> no longer listens on interfaces without a broadcast address (e.g. <a href="https://man.openbsd.org/pflog.4">pflog(4)</a>).
238: <li><a href="https://man.openbsd.org/who.1">who(1)</a> now displays as much of the hostname as fits on the line.
239: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> now correctly handles 'net' primitives when processing <a href="https://man.openbsd.org/pflog.4">pflog(4)</a> traffic.
240: <li><a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> now respects failure to read the MBR.
241: <li><a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> will no longer infinitely loop when encountering an improperly constructed EBR.
242: <li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a> no longer reuses information from a failed partition addition on the next addition of the same partition.
243: <li>Many unused and obsolete <a href="https://man.openbsd.org/disktab.5">disktab(5)</a> entries removed.
1.60 tb 244: <li>Enabled X11 autoconfiguration on <a href="sparc.html">sparc</a> and <a href="sparc64.html">sparc64</a>.
1.64 bentley 245: <li>Implement attribute syntax from RFC4517 and support bsdauth in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>.
246: <li>New <a href="https://man.openbsd.org/video.1">video(1)</a> utility which can record or display images from <a href="https://man.openbsd.org/video.4">video(4)</a>.
247: <li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a> mod_headers now handles apache2 style RequestHeader directives.
248: <li>UNIX-domain datagram socket support has been added to <a href="https://man.openbsd.org/nc.1">nc(1)</a> (-uU option).
249: <li>Added support for terabyte units in <a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>.
1.60 tb 250: <li><a href="loongson.html">loongson</a> and
251: <a href="sgi.html">sgi</a> platforms have been
1.23 jsing 252: switched over to gcc4.
253: <li><code>ddb cpu</code> support was added to the
1.60 tb 254: <a href="sgi.html">sgi</a> platform.
1.23 jsing 255: <li>Fast path TLB miss handling was added to the
1.60 tb 256: <a href="landisk.html">landisk</a> platform,
1.23 jsing 257: resulting in a 44-50% gain in performance.
258: <li>PCIe extended configuration space can now be viewed using
1.64 bentley 259: <a href="https://man.openbsd.org/pcidump.8">pcidump(8)</a> (-xxx option).
1.23 jsing 260: <li>The number of spurious IPIs has been decreased on the
1.60 tb 261: <a href="amd64.html">amd64</a> platform,
1.23 jsing 262: resulting in improved performance.
1.25 jsing 263: <li>Numerous improvements and bug fixes to
1.64 bentley 264: <a href="https://man.openbsd.org/tmux.1">tmux(1)</a>.
1.27 mikeb 265: <li>Considerable robustness and interoperability improvements in the IKEv2
266: daemon
1.64 bentley 267: <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
1.28 mikeb 268: <li>Skipjack and libdes were retired from the system.
1.31 deraadt 269: CAST-128 implementation was also removed from libc.
1.34 jakemsr 270: <li>Removed some races in the USB subsystem, substantially increasing
271: reliability.
1.41 pirofti 272: <li>Added a few more
1.64 bentley 273: <a href="https://man.openbsd.org/compat_linux.8">compat_linux(8)</a>
1.41 pirofti 274: system calls to make it possible for newer versions of applications,
275: such as Skype, to execute.
1.39 sthen 276: <li>OpenBSD-specific package documentation is now centralised in
277: /usr/local/share/doc/pkg-readmes.
1.3 deraadt 278: </ul>
279: <p>
280:
281: <li>Install/Upgrade process changes:
282: <ul>
1.8 deraadt 283: <li>Fixed the hppa CD installation process.
284: <li>Added some more free firmwares to the CD media that could fit them.
285: <li>Make the macppc upgrade script update the boot blocks (oddly, this
1.31 deraadt 286: had been broken a very long time and no one noticed).
1.8 deraadt 287: <li>Teach the install script about the configuration of 802.11 interfaces.
288: Visible networks can be listed, and even configured for WPA.
289: <li>The install script now passes collected entropy better to the
290: system which is booted next.
1.15 krw 291: <li>Upgrade now defaults to checking only the root filesystem.
292: <li>Upgrade no longer checks filesystems with a fs_passno of 0.
293: <li>Upgrade now asks if it should proceed even if one or more filesystem mounts fail.
1.64 bentley 294: <li>Installer now configures <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> to use all provided time source IPs.
1.3 deraadt 295: </ul>
296: <p>
297:
1.64 bentley 298: <li>New <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>
1.12 ajacouto 299: for starting, stopping and reconfiguring package daemons:
300: <ul>
1.64 bentley 301: <li>The <a href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>
1.12 ajacouto 302: framework allows for easy creation of rc scripts.
303: This framework is still evolving.
304: <li>Only a handful of packages have migrated for now.
305: <li>rc.local can still be used instead of or in addition to
1.64 bentley 306: <a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>.
1.12 ajacouto 307: </ul>
308: <p>
309:
1.4 sobrado 310: <li>OpenSSH 5.8:
1.3 deraadt 311: <ul>
312: <li>New features:
1.4 sobrado 313: <ul>
314: <li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
315: and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
316: offer better performance than plain DH and DSA at the same
1.65 ! deraadt 317: equivalent symmetric key length, as well as much shorter keys.
1.64 bentley 318: <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>
1.4 sobrado 319: and
1.64 bentley 320: <a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>:
1.4 sobrado 321: add a protocol extension to support a hard link operation. It is
322: available through the "ln" command in the client. The old "ln"
323: behaviour of creating a symlink is available using its "-s" option
1.65 ! deraadt 324: or through the preexisting "symlink" command.
1.64 bentley 325: <li><a href="https://man.openbsd.org/scp.1">scp(1)</a>:
1.4 sobrado 326: Add a new -3 option to scp: Copies between two remote hosts are
327: transferred through the local host. Without this option the data is
1.65 ! deraadt 328: copied directly between the two remote hosts.
1.64 bentley 329: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
1.4 sobrado 330: automatically order the hostkeys requested by the client based on
331: which hostkeys are already recorded in known_hosts. This avoids
332: hostkey warnings when connecting to servers with new ECDSA keys,
333: since these are now preferred when learning hostkeys for the first
1.65 ! deraadt 334: time.
1.64 bentley 335: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.4 sobrado 336: and
1.64 bentley 337: <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
1.4 sobrado 338: add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values
1.65 ! deraadt 339: instead of hardcoding lowdelay/throughput. (bz#1733)
1.64 bentley 340: <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>:
1.4 sobrado 341: the sftp client is now significantly faster at performing directory
342: listings, using OpenBSD glob(3) extensions to preserve the results
343: of stat(3) operations performed in the course of its execution
344: rather than performing expensive round trips to fetch them again
1.65 ! deraadt 345: afterwards.
1.64 bentley 346: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
1.4 sobrado 347: "atomically" create the listening mux socket by binding it on a
348: temporary name and then linking it into position after listen() has
349: succeeded. This allows the mux clients to determine that the server
350: socket is either ready or stale without races. Stale server sockets
1.65 ! deraadt 351: are now automatically removed. (also fixes bz#1711)
1.64 bentley 352: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.4 sobrado 353: and
1.64 bentley 354: <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
1.4 sobrado 355: add a <em>KexAlgorithms</em> knob to the client and server
356: configuration to allow selection of which key exchange methods are
357: used by
1.64 bentley 358: <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.4 sobrado 359: and
1.64 bentley 360: <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>
1.65 ! deraadt 361: and their order of preference.
1.64 bentley 362: <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>
1.4 sobrado 363: and
1.64 bentley 364: <a href="https://man.openbsd.org/scp.1">scp(1)</a>:
1.4 sobrado 365: factor out bandwidth limiting code from
1.64 bentley 366: <a href="https://man.openbsd.org/scp.1">scp(1)</a>
1.4 sobrado 367: into a generic bandwidth limiter that can be attached using the
368: <em>atomicio</em> callback mechanism and use it to add a bandwidth
369: limit option to
1.64 bentley 370: <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>.
1.65 ! deraadt 371: (bz#1147)
1.3 deraadt 372: </ul>
373: <li>The following significant bugs have been fixed in this release:
374: <ul>
1.64 bentley 375: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
1.4 sobrado 376: and
1.64 bentley 377: <a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>:
1.4 sobrado 378: honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary
1.65 ! deraadt 379: directories. (bz#1809)
1.64 bentley 380: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
1.4 sobrado 381: avoid <em>NULL</em> deref on receiving a channel request on an
1.65 ! deraadt 382: unknown or invalid channel. (bz#1842)
1.64 bentley 383: <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
1.4 sobrado 384: remove a <em>debug()</em> that pollutes stderr on client connecting
1.65 ! deraadt 385: to a server in debug mode. (bz#1719)
1.64 bentley 386: <li><a href="https://man.openbsd.org/scp.1">scp(1)</a>:
1.4 sobrado 387: pass through ssh command-line flags and options when doing
388: remote-remote transfers, e.g. to enable agent forwarding which is
1.65 ! deraadt 389: particularly useful in this case. (bz#1837)
1.64 bentley 390: <li><a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>:
1.65 ! deraadt 391: <em>umask</em> should be parsed as octal.
1.64 bentley 392: <li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>:
1.65 ! deraadt 393: escape '[' in filename tab-completion.
1.64 bentley 394: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
1.65 ! deraadt 395: Typo in confirmation message. (bz#1827)
1.64 bentley 396: <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
1.4 sobrado 397: prevent <em>free()</em> of string in <em>.rodata</em> when
1.65 ! deraadt 398: overriding <em>AuthorizedKeys</em> in a <em>Match</em> block.
1.64 bentley 399: <li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
1.65 ! deraadt 400: Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is "".
1.64 bentley 401: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
1.4 sobrado 402: kill proxy command on <em>fatal()</em> (we already killed it on
1.65 ! deraadt 403: clean exit).
1.64 bentley 404: <li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
1.5 sobrado 405: install a <em>SIGCHLD</em> handler to reap expired child process.
1.65 ! deraadt 406: (bz#1812)
! 407: <li>Support building against openssl-1.0.0a
1.4 sobrado 408: <li>Fix vulnerability in legacy certificate signing introduced in
1.65 ! deraadt 409: OpenSSH-5.6 and found by Mateusz Kocielski.
1.3 deraadt 410: </ul>
411: </ul>
412: <p>
413:
414: <li>Mandoc 1.10.9:
415: <ul>
1.64 bentley 416: <li>New integrated <a href="https://man.openbsd.org/tbl.7">tbl(7)</a> parser and renderer.
417: <li>Support the <a href="https://man.openbsd.org/roff.7">roff(7)</a> .de, .rm, and .so requests.
418: <li>Support all roff code used in the standard <a href="https://man.openbsd.org/pod2man.1">pod2man(1)</a> preamble.
419: <li>Fully support roff quoting in <a href="https://man.openbsd.org/man.7">man(7)</a> documents.
1.3 deraadt 420: <li>Mandoc now copes with most formatting errors that used to be fatal.
421: <li>Much simplified and improved reporting of errors and warnings.
422: <li>Significantly improved -Thtml output quality.
423: <li>The ports tree now allows ports to use either mandoc or groff
424: to render manuals.
425: </ul>
426: <p>
427:
1.14 deraadt 428: <li>Over 6,800 ports, major robustness and speed improvements in package tools.
1.3 deraadt 429: <li>Many pre-built packages for each architecture:
1.64 bentley 430: <ul style="column-count: 4">
1.3 deraadt 431: <li>i386: 6620
432: <li>sparc64: 6225
433: <li>alpha: 6000
1.20 deraadt 434: <li>sh: 3656
1.3 deraadt 435: <li>amd64: 6570
436: <li>powerpc: 6272
437: <li>sparc: 4184
1.20 deraadt 438: <li>arm: 5679
1.8 deraadt 439: <li>hppa: 5838
1.3 deraadt 440: <li>vax: 1068
441: <li>mips64: 5492
442: <li>mips64el: 5499
1.64 bentley 443: </ul>
1.3 deraadt 444: Some highlights:
445: <ul>
446: <li>Gnome 2.32.1.
447: <li>KDE 3.5.10.
448: <li>Xfce 4.8.0.
449: <li>MySQL 5.1.54.
450: <li>PostgreSQL 9.0.3.
451: <li>Postfix 2.7.2.
452: <li>OpenLDAP 2.3.43 and 2.4.23.
453: <li>Mozilla Firefox 3.5.16 and 3.6.13.
454: <li>Mozilla Thunderbird 3.1.7.
455: <li>OpenOffice.org 3.3.0rc9.
1.26 jasper 456: <li>LibreOffice 3.3.0.4.
1.3 deraadt 457: <li>Emacs 21.4 and 22.3.
458: <li>Vim 7.3.3.
459: <li>PHP 5.2.16.
460: <li>Python 2.4.6, 2.5.4 and 2.6.6.
461: <li>Ruby 1.8.7.330 and 1.9.2.136.
462: <li>Mono 2.8.2.
1.26 jasper 463: <li>Chromium 9.0.597.94.
1.3 deraadt 464: </ul>
465: <p>
466:
467: <li>As usual, steady improvements in manual pages and other documentation.
468: <p>
469:
470: <li>The system includes the following major components from outside suppliers:
471: <ul>
1.13 matthieu 472: <li>Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
473: freetype 2.4.4,
1.19 stsp 474: fontconfig 2.8.0, Mesa 7.8.2, xterm 267 and more)
1.20 deraadt 475: <li>Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+ patches)
476: <li>Perl 5.12.2 (+ patches)
1.3 deraadt 477: <li>Our improved and secured version of Apache 1.3, with SSL/TLS
1.20 deraadt 478: and DSO support
479: <li>OpenSSL 1.0.0a (+ patches)
480: <li>Sendmail 8.14.3, with libmilter
481: <li>Bind 9.4.2-P2 (+ patches)
482: <li>Lynx 2.8.6rel.5 with HTTPS and IPv6 support (+ patches)
483: <li>Sudo 1.7.2p8
484: <li>Ncurses 5.7
485: <li>Heimdal 0.7.2 (+ patches)
486: <li>Arla 0.35.7
487: <li>Binutils 2.15 (+ patches)
488: <li>Gdb 6.3 (+ patches)
1.3 deraadt 489: </ul>
1.1 deraadt 490: </ul>
1.64 bentley 491: </section>
1.1 deraadt 492:
493: <hr>
1.64 bentley 494:
495: <section id=install>
496: <h3>How to install</h3>
497:
1.1 deraadt 498: <p>
499: Following this are the instructions which you would have on a piece of
500: paper if you had purchased a CDROM set instead of doing an alternate
501: form of install. The instructions for doing an FTP (or other style
502: of) install are very similar; the CDROM instructions are left intact
503: so that you can see how much easier it would have been if you had
504: purchased a CDROM instead.
505: <p>
506:
507: <hr>
508: Please refer to the following files on the three CDROMs or FTP mirror for
509: extensive details on how to install OpenBSD 4.9 on your machine:
510: <p>
511: <ul>
512: <li>CD1:4.9/i386/INSTALL.i386
513: <p>
514: <li>CD2:4.9/amd64/INSTALL.amd64
515: <li>CD2:4.9/macppc/INSTALL.macppc
516: <p>
517: <li>CD3:4.9/sparc64/INSTALL.sparc64
518: <p>
519: <li>FTP:.../OpenBSD/4.9/alpha/INSTALL.alpha
520: <li>FTP:.../OpenBSD/4.9/armish/INSTALL.armish
521: <li>FTP:.../OpenBSD/4.9/hp300/INSTALL.hp300
522: <li>FTP:.../OpenBSD/4.9/hppa/INSTALL.hppa
523: <li>FTP:.../OpenBSD/4.9/landisk/INSTALL.landisk
524: <li>FTP:.../OpenBSD/4.9/loongson/INSTALL.loongson
525: <li>FTP:.../OpenBSD/4.9/mvme68k/INSTALL.mvme68k
526: <li>FTP:.../OpenBSD/4.9/mvme88k/INSTALL.mvme88k
527: <li>FTP:.../OpenBSD/4.9/sgi/INSTALL.sgi
528: <li>FTP:.../OpenBSD/4.9/socppc/INSTALL.socppc
529: <li>FTP:.../OpenBSD/4.9/sparc/INSTALL.sparc
530: <li>FTP:.../OpenBSD/4.9/vax/INSTALL.vax
531: <li>FTP:.../OpenBSD/4.9/zaurus/INSTALL.zaurus
532: </ul>
533: <hr>
534:
1.64 bentley 535: <section id=quickinstall>
536:
1.1 deraadt 537: <p>
538: Quick installer information for people familiar with OpenBSD, and the
539: use of the "disklabel -E" command. If you are at all confused when
540: installing OpenBSD, read the relevant INSTALL.* file as listed above!
1.64 bentley 541:
542: <h3>OpenBSD/i386:</h3>
543:
1.1 deraadt 544: <p>
545: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
546: release is on CD1. If your BIOS does not support booting from CD, you will need
547: to create a boot floppy to install from. To create a boot floppy write
548: <i>CD1:4.9/i386/floppy49.fs</i> to a floppy and boot via the floppy drive.
549:
550: <p>
551: Use <i>CD1:4.9/i386/floppyB49.fs</i> instead for greater SCSI controller
552: support, or <i>CD1:4.9/i386/floppyC49.fs</i> for better laptop support.
553:
554: <p>
555: If you can't boot from a CD or a floppy disk,
556: you can install across the network using PXE as described in
557: the included INSTALL.i386 document.
558:
559: <p>
560: If you are planning on dual booting OpenBSD with another OS, you will need to
561: read INSTALL.i386.
562:
563: <p>
564: To make a boot floppy under MS-DOS, use the "rawrite" utility located
565: at <i>CD1:4.9/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
566: use the
1.64 bentley 567: <a href="https://man.openbsd.org/dd.1">dd(1)</a>
1.1 deraadt 568: utility. The following is an example usage of
1.64 bentley 569: <a href="https://man.openbsd.org/dd.1">dd(1)</a>,
1.1 deraadt 570: where the device could be "floppy", "rfd0c", or
571: "rfd0a".
572:
1.64 bentley 573: <blockquote><pre>
1.1 deraadt 574: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
1.64 bentley 575: </pre></blockquote>
1.1 deraadt 576:
577: <p>
578: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
579: your install will most likely fail. For more information on creating a boot
580: floppy and installing OpenBSD/i386 please refer to
1.59 tj 581: <a href="faq/faq4.html#MkFlop">this page</a>.
1.64 bentley 582:
583: <h3>OpenBSD/amd64:</h3>
1.1 deraadt 584:
585: <p>
586: The 4.9 release of OpenBSD/amd64 is located on CD2.
587: Boot from the CD to begin the install - you may need to adjust
588: your BIOS options first.
589: If you can't boot from the CD, you can create a boot floppy to install from.
590: To do this, write <i>CD2:4.9/amd64/floppy49.fs</i> to a floppy, then
591: boot from the floppy drive.
592:
593: <p>
594: If you can't boot from a CD or a floppy disk,
595: you can install across the network using PXE as described in the included
596: INSTALL.amd64 document.
597:
598: <p>
599: If you are planning to dual boot OpenBSD with another OS, you will need to
600: read INSTALL.amd64.
1.64 bentley 601:
602: <h3>OpenBSD/macppc:</h3>
1.1 deraadt 603:
604: <p>
605: Put CD2 in your CDROM drive and poweron your machine while holding down the
606: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
607:
608: <p>
609: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
610: /4.9/macppc/bsd.rd</i>
1.64 bentley 611:
612: <h3>OpenBSD/sparc64:</h3>
1.1 deraadt 613:
614: <p>
615: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
616:
617: <p>
618: If this doesn't work, or if you don't have a CDROM drive, you can write
619: <i>CD3:4.9/sparc64/floppy49.fs</i> or <i>CD3:4.9/sparc64/floppyB49.fs</i>
620: (depending on your machine) to a floppy and boot it with <i>boot
621: floppy</i>. Refer to INSTALL.sparc64 for details.
622:
623: <p>
624: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
625: will most likely fail.
626:
627: <p>
628: You can also write <i>CD3:4.9/sparc64/miniroot49.fs</i> to the swap partition on
629: the disk and boot with <i>boot disk:b</i>.
630:
631: <p>
632: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1.64 bentley 633:
634: <h3>OpenBSD/alpha:</h3>
1.1 deraadt 635:
636: <p>
1.64 bentley 637: Write <i>FTP:4.9/alpha/floppy49.fs</i> or
1.1 deraadt 638: <i>FTP:4.9/alpha/floppyB49.fs</i> (depending on your machine) to a diskette and
639: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
640:
641: <p>
642: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
643: will most likely fail.
644:
1.64 bentley 645: <h3>OpenBSD/armish:</h3>
1.1 deraadt 646:
647: <p>
648: After connecting a serial port, Thecus can boot directly from the network
649: either tftp or http. Configure the network using fconfig, reset,
650: then load bsd.rd, see INSTALL.armish for specific details.
651: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
652: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
653: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
654: More details are available in INSTALL.armish.
655:
1.64 bentley 656: <h3>OpenBSD/hp300:</h3>
657:
1.1 deraadt 658: <p>
659: Boot over the network by following the instructions in INSTALL.hp300.
660:
1.64 bentley 661: <h3>OpenBSD/hppa:</h3>
662:
1.1 deraadt 663: <p>
664: Boot over the network by following the instructions in INSTALL.hppa or the
665: <a href="hppa.html#install">hppa platform page</a>.
1.64 bentley 666:
667: <h3>OpenBSD/landisk:</h3>
1.1 deraadt 668:
669: <p>
670: Write <i>miniroot49.fs</i> to the start of the CF
671: or disk, and boot normally.
672:
1.64 bentley 673: <h3>OpenBSD/loongson:</h3>
674:
1.1 deraadt 675: <p>
676: Write <i>miniroot49.fs</i> to a USB stick and boot bsd.rd from it
677: or boot bsd.rd via tftp.
678: Refer to the instructions in INSTALL.loongson for more details.
679:
1.64 bentley 680: <h3>OpenBSD/mvme68k:</h3>
681:
1.1 deraadt 682: <p>
683: You can create a bootable installation tape or boot over the network.<br>
684: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
685: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
686: for more details.
687:
1.64 bentley 688: <h3>OpenBSD/mvme88k:</h3>
689:
1.1 deraadt 690: <p>
691: You can create a bootable installation tape or boot over the network.<br>
692: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
693: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
694: for more details.
1.64 bentley 695:
696: <h3>OpenBSD/sgi:</h3>
1.1 deraadt 697:
698: <p>
699: To install on an O2, burn cd49.iso on a CD-R, put it in the CD drive of your
700: machine and select <i>Install System Software</i> from the System Maintenance
701: menu.
702:
703: <p>
704: On other systems, or if your machine doesn't have a CD drive, you can
705: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
706: the kernel matching your system type.
707: Refer to the instructions in INSTALL.sgi for more details.
708:
1.64 bentley 709: <h3>OpenBSD/socppc:</h3>
710:
1.1 deraadt 711: <p>
712: After connecting a serial port, boot over the network via DHCP/tftp.
713: Refer to the instructions in INSTALL.socppc for more details.
1.64 bentley 714:
715: <h3>OpenBSD/sparc:</h3>
1.1 deraadt 716:
717: <p>
718: Boot from one of the provided install ISO images, using one of the two
719: commands listed below, depending on the version of your ROM.
720:
1.64 bentley 721: <blockquote><pre>
722: ok <kbd>boot cdrom 4.9/sparc/bsd.rd</kbd>
1.1 deraadt 723: or
1.64 bentley 724: > <kbd>b sd(0,6,0)4.9/sparc/bsd.rd</kbd>
725: </pre></blockquote>
1.1 deraadt 726:
727: <p>
728: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
729: To do so you need to write <i>floppy49.fs</i> to a floppy.
1.59 tj 730: For more information see <a href="faq/faq4.html#MkFlop">this page</a>.
1.1 deraadt 731: To boot from the floppy use one of the two commands listed below,
732: depending on the version of your ROM.
733:
1.64 bentley 734: <blockquote><pre>
735: ok <kbd>boot floppy</kbd>
1.1 deraadt 736: or
1.64 bentley 737: > <kbd>b fd()</kbd>
738: </pre></blockquote>
1.1 deraadt 739:
740: <p>
741: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
742: will most likely fail.
743:
744: <p>
745: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
746: setup a bootable tape, or install via network, as told in the
747: INSTALL.sparc file.
1.64 bentley 748:
749: <h3>OpenBSD/vax:</h3>
1.1 deraadt 750:
751: <p>
752: Boot over the network via mopbooting as described in INSTALL.vax.
753:
1.64 bentley 754: <h3>OpenBSD/zaurus:</h3>
755:
1.1 deraadt 756: <p>
757: Using the Linux built-in graphical ipkg installer, install the
758: openbsd49_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
759: for a few important details.
1.64 bentley 760:
761: </section>
762:
763: <section id=sourcecode>
764: <h3>Notes about the source code:</h3>
1.1 deraadt 765:
766: <p>
767: src.tar.gz contains a source archive starting at /usr/src. This file
768: contains everything you need except for the kernel sources, which are
769: in a separate archive. To extract:
1.64 bentley 770:
771: <blockquote><pre>
772: # <kbd>mkdir -p /usr/src</kbd>
773: # <kbd>cd /usr/src</kbd>
774: # <kbd>tar xvfz /tmp/src.tar.gz</kbd>
775: </pre></blockquote>
776:
1.1 deraadt 777: <p>
778: sys.tar.gz contains a source archive starting at /usr/src/sys.
779: This file contains all the kernel sources you need to rebuild kernels.
780: To extract:
1.64 bentley 781:
782: <blockquote><pre>
783: # <kbd>mkdir -p /usr/src/sys</kbd>
784: # <kbd>cd /usr/src</kbd>
1.1 deraadt 785: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
1.64 bentley 786: </pre></blockquote>
787:
1.1 deraadt 788: <p>
789: Both of these trees are a regular CVS checkout. Using these trees it
790: is possible to get a head-start on using the anoncvs servers as
791: described <a href="anoncvs.html">here</a>.
792: Using these files
793: results in a much faster initial CVS update than you could expect from
794: a fresh checkout of the full OpenBSD source tree.
795:
1.64 bentley 796: </section>
797: </section>
798:
1.1 deraadt 799: <hr>
1.64 bentley 800:
801: <section id=upgrade>
802: <h3>How to upgrade</h3>
1.1 deraadt 803: <p>
1.2 deraadt 804: If you already have an OpenBSD 4.8 system, and do not want to reinstall,
1.1 deraadt 805: upgrade instructions and advice can be found in the
806: <a href="faq/upgrade49.html">Upgrade Guide</a>.
1.64 bentley 807: </section>
1.1 deraadt 808:
809: <hr>
1.64 bentley 810:
811: <section id=ports>
812: <h3>Ports Tree</h3>
1.1 deraadt 813: <p>
814: A ports tree archive is also provided. To extract:
815: <p>
1.64 bentley 816: <blockquote><pre>
817: # <kbd>cd /usr</kbd>
818: # <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
819: # <kbd>cd ports</kbd>
820: </pre></blockquote>
1.1 deraadt 821: <p>
822: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
823: read the <a href="faq/ports/index.html">ports</a> page
824: if you know nothing about ports
825: at this point. This text is not a manual of how to use ports.
826: Rather, it is a set of notes meant to kickstart the user on the
827: OpenBSD ports system.
828: <p>
829: The <i>ports/</i> directory represents a CVS (see the manpage for
1.64 bentley 830: <a href="https://man.openbsd.org/cvs.1">
1.1 deraadt 831: cvs(1)</a> if
832: you aren't familiar with CVS) checkout of our ports. As with our complete
833: source tree, our ports tree is available via anoncvs. So, in
834: order to keep current with it, you must make the <i>ports/</i> tree
835: available on a read-write medium and update the tree with a command
836: like:
837: <p>
1.64 bentley 838: <blockquote><pre>
1.1 deraadt 839: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_9</strong>
1.64 bentley 840: </pre></blockquote>
1.1 deraadt 841: <p>
842: [Of course, you must replace the local directory and server name here
843: with the location of your ports collection and a nearby anoncvs
844: server.]
845: <p>
846: Note that most ports are available as packages through FTP. Updated
847: packages for the 4.9 release will be made available if problems arise.
848: <p>
849: If you're interested in seeing a port added, would like to help out, or just
850: would like to know more, the mailing list ports@openbsd.org is a good
851: place to know.
1.64 bentley 852: </section>