Annotation of www/50.html, Revision 1.18
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
1.14 deraadt 4: <title>OpenBSD 5.0</title>
1.1 deraadt 5: <meta name="resource-type" content="document">
6: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
7: <meta name="description" content="OpenBSD 5.0">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 2011 by OpenBSD.">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <a href="index.html">
16: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
1.16 deraadt 17: <p>
1.1 deraadt 18:
19: <a href="images/MAD.jpg">
1.14 deraadt 20: <img align="left" width="227" height="343" hspace="24" src="images/MAD.jpg"></a>
21: <h2><font color="#0000e0">OpenBSD 5.0</font></h2>
1.1 deraadt 22: <p>
1.7 dcoppa 23: Released Nov 1, 2011<br>
1.1 deraadt 24: Copyright 1997-2011, Theo de Raadt.<br>
25: <font color="#e00000">ISBN 978-0-9784475-8-8</font>
26: <br>
27: <a href="lyrics.html#50">5.0 Song: "What Me Worry?"</a>
28: <p>
29: <ul>
1.18 ! deraadt 30: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
1.1 deraadt 31: <li>See the information on <a href="ftp.html">The FTP page</a> for
32: a list of mirror machines.
33: <li>Go to the <font color="#e00000">pub/OpenBSD/5.0/</font> directory on
34: one of the mirror sites.
35: <li>Have a look at <a href="errata50.html">The 5.0 Errata page</a> for a list
36: of bugs and workarounds.
37: <li>See a <a href="plus50.html">detailed log of changes</a> between the
38: 4.9 and 5.0 releases.
39: </ul>
40: <br clear=all>
1.15 deraadt 41: <p>
1.14 deraadt 42: All applicable copyrights and credits can be found in the applicable
43: file sources found in the files src.tar.gz, sys.tar.gz,
44: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
45: distribution files used to build packages from the ports.tar.gz file
46: are not included on the CDROM because of lack of space.
1.1 deraadt 47: <p>
48:
49: <a name="new"></a>
50: <hr>
51: <p>
52: <h3><font color="#0000e0">What's New</font></h3>
53: <p>
54: This is a partial list of new features and systems included in OpenBSD 5.0.
55: For a comprehensive list, see the <a href="plus50.html">changelog</a> leading
56: to 5.0.
57: <p>
58:
59: <ul>
60:
1.2 deraadt 61: <li>Improved hardware support, including:
62: <ul>
63: <li>MSI interrupts for many devices, on those architectures which can
64: support them (amd64, i386, sparc64 only so far).
1.6 deraadt 65: <li>A new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dma_alloc&sektion=9">dma_alloc(9)</a> API makes it easier for kernel code to allocate
1.2 deraadt 66: dma-safe memory. Many drivers (especially network drivers) and
67: subsystems (in particular scsi and the buffer cache) were adapted
68: to use this.
69: <li>As a result, big-memory support has been enabled on all possible
70: architectures.
1.6 deraadt 71: <li>The rather rare <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bce&sektion=4">bce(4)</a> driver now copies mbufs all the time, to cope
1.2 deraadt 72: with the hardware having a 1GB limit.
1.6 deraadt 73: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hds&sektion=4">hds(4)</a>, a driver for Hitachi Modular Storage SCSI devices.
74: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=myx&sektion=4">myx(4)</a>, a driver for the Myricom Myri-10G 10GB Ethernet devices.
1.11 miod 75: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dfs&sektion=4&arch=macppc">dfs(4)</a>, a driver for Dynamic Frequency Switching on some macppc
1.2 deraadt 76: systems.
1.6 deraadt 77: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cardbus&sektion=4">cardbus(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcmcia&sektion=4">pcmcia(4)</a> support on sgi.
1.2 deraadt 78: <li>Suspend/resume support on Loongson Yeelong laptops.
79: </ul>
80: <p>
81:
82: <li>Generic network stack improvements:
83: <ul>
1.6 deraadt 84: <li>Added support for sending Wake on Lan packets using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a>.
85: <li>Permit turning Wake on Lan support on/off using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>.
86: <li>Added Wake on Lan support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=re&sektion=4">re(4)</a>, and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4">vr(4)</a>.
87: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> to proxy across rdomains.
1.2 deraadt 88: <li>The IPv4 stack will no longer accept ICMP redirects when
89: acting as a router.
90: <li>By default the IPv6 stack will not process ICMP6 redirects.
1.6 deraadt 91: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsol&sektion=8">rtsol(8)</a> will turn it back if -F is used.
92: <li>Reworked large parts of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> options processing for better
1.2 deraadt 93: interoperability.
1.6 deraadt 94: <li>Fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> to work in IPv6 only setups.
95: <li>Make it possible to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bind&sektion=2">bind(2)</a> to the local network broadcast address
1.2 deraadt 96: on datagram and raw sockets.
97: <li>The default multicast reject route is now ignored if the UDP socket
98: uses the IP_MULTICAST_IF socket option.
1.6 deraadt 99: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> work between systems in the same LAN.
100: <li>Removed the link1 mode special addressing mode on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lo&sektion=4">lo(4)</a>.
1.2 deraadt 101: <li>Kernel randomization speed and quality improved substantially.
102: </ul>
103: <p>
104:
105: <li>Routing daemons and other userland network improvements:
106: <ul>
1.6 deraadt 107: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> no longer bumps the rlimits: the rc.d framework respects
1.2 deraadt 108: login classes which is a much better solution.
1.6 deraadt 109: <li>Correctly set the network filtersets on reload in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>.
1.2 deraadt 110: <li>The routing socket is now sending RTM_DESYNC messages if the
111: socketbuffer overflows.
1.6 deraadt 112: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospfd&sektion=8">ospfd(8)</a> to send out LS updates and other messages
1.2 deraadt 113: larger than the MTU.
1.6 deraadt 114: <li>Fixed nexthop calculation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospfd&sektion=8">ospfd(8)</a> for directly connected P2P links.
115: <li>First bits to support opaque LSA in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospfd&sektion=8">ospfd(8)</a>. Only basic redistribute
1.2 deraadt 116: logic and LSDB handling for now.
1.6 deraadt 117: <li>Creating new interfaces will no longer cause a fatal error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospf6d&sektion=8">ospf6d(8)</a>.
118: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospf6d&sektion=8">ospf6d(8)</a> handles link-state changes better.
119: <li>Better loopback handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospf6d&sektion=8">ospf6d(8)</a>.
120: <li>No longer install extra multicast routes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ripd&sektion=8">ripd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldpd&sektion=8">ldpd(8)</a>.
121: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> work with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sosplice&sektion=9">sosplice(9)</a>.
122: <li>Enabled <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sosplice&sektion=9">sosplice(9)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a> for TCP.
1.2 deraadt 123: <li>Added support for divert-to which provides some benefits over
1.6 deraadt 124: rdr-to in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>.
125: <li>Fixed trap sending in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snmpd&sektion=8">snmpd(8)</a>.
126: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> compare minimum amount of bytes between what
1.2 deraadt 127: was received and what was sent out.
1.6 deraadt 128: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> with type-of-service setted (-t) display
1.2 deraadt 129: a message if the returned packet has a different tos type.
130: <li>Added the socket splicing fields of struct socket to netstat -vP output.
131: </ul>
132: <p>
133:
1.6 deraadt 134: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> improvements:
1.2 deraadt 135: <ul>
1.6 deraadt 136: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> reassemble IPv6 fragments. In the forward case, pf
1.2 deraadt 137: refragments the packets with the same maximum size.
1.6 deraadt 138: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> to filter on the rdomain a packet belongs to.
139: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> allow userland proxies to establish cross rdomain
1.2 deraadt 140: proxy sessions.
1.6 deraadt 141: <li>Added IPv6 ACK prioritization in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.12 nick 142: <li>Change 'set skip on <...>' to work with interface groups.
1.6 deraadt 143: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> supports IPv6 as network protocol.
144: <li>Switched <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> over to divert-to instead of rdr-to.
145: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftp-proxy&sektion=8">tftp-proxy(8)</a> uses 'divert-to' as well.
1.2 deraadt 146: </ul>
147: <p>
148:
149: <li>SCSI improvements:
150: <ul>
151: <li>most SCSI hardware drivers now use the new iopools infrastructure.
1.6 deraadt 152: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sci&sektion=4">scsi(4)</a> devices are now all provided with a unique devid, which
1.2 deraadt 153: is displayed during the probe process.
154: <li>ASC/ASCQ error codes and verbiage now in sync with
155: http://www.t10.org/lists/asc-num.txt.
156: <li>progress on iSCSI includes better login, better logout, preliminary
1.6 deraadt 157: FSM support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iscsid&sektion=8">iscsid(8)</a>, and improved logging and debug information.
158: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uk&sektion=4">uk(4)</a> can now safely and reliably detach an unknown SCSI device.
159: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpath&sektion=4">mpath(4)</a> device and kernel support is improved.
160: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vscsi&sektion=4">vscsi(4)</a> now ensures output always goes to the correct connection.
161: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vscsi&sektion=4">vscsi(4)</a> connections can now be reset gracefully.
162: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> devices on fibre channel fabrics no longer inherit the adapter's
1.2 deraadt 163: address.
164: </ul>
165: <p>
166:
167: <li>Assorted improvements:
168: <ul>
1.6 deraadt 169: <li>For additional security, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=security&sektion=8">security(8)</a> was rewritten in Perl.
170: <li>Mandoc 1.11.4: Now accepts <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eqn&sektion=7">eqn(7)</a> input (no fancy formatting yet)
1.2 deraadt 171: and supports -Tutf8 output (but no utf8 input yet).
172: <li>Removed a variety of OS-compat emulation code, leaving just the Linux
173: support.
174: <li>Small improvements to Linux compat (only available on i386).
1.6 deraadt 175: <li>Improved our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg-config&sektion=1">pkg-config(1)</a> implementation with extended comparison
1.2 deraadt 176: scheme and implementing various new options.
177: <li>The math library, libm, was fully fleshed out to support all C99 required
178: parts. Many bugs for various architectures were fixed along the way.
1.6 deraadt 179: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> is a lot faster and has a few further security features (more
1.2 deraadt 180: randomization, as well as the 'S' flag to enable all paranoia checks).
181: <li>'make depend' is no longer neccessary in kernel compilation directories
182: since the dependencies are calculated automatically.
183: <li>Increased the default size of the buffer cache.
1.6 deraadt 184: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> now works on /dev/random and spliced sockets
1.2 deraadt 185: <li>On MBR-based disks, scan through up to 256 extended partition tables
186: when looking for an OpenBSD partition table.
1.6 deraadt 187: <li>Added POSIX 2008 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdopendir&sektion=3">fdopendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opennat&sektion=2">openat(2)</a> functions, as well as the
1.2 deraadt 188: O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
189: <li>Improved lint format string checks and added a few other checks.
1.6 deraadt 190: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a> now dumps stat and sockaddr structures, sysctl mib
1.2 deraadt 191: strings, and decodes syscall flags and operation bits.
192: <li>Improved kernel pool debug checking.
193: <li>Improved correctness of signals and various syscalls when rthreads
194: are in use.
1.6 deraadt 195: <li>Kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=9">malloc(9)</a> space and stacks moved to non-dma memory.
1.2 deraadt 196: <li>Fixed some shutdown/reboot hangs on NFS clients.
197: <li>UNIX-domain socket paths are now guaranteed to be NUL-terminated.
1.6 deraadt 198: <li>Added support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wprintf&sektion=3">*wprintf(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wcscasecmp&sektion=3">wcs{,n}casecmp(3)</a>, and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wcsdup&sektion=3">wcsdup(3)</a>.
1.2 deraadt 199: <li>NULL is now a (void *).
200: </ul>
201: <p>
202:
203: <li>Install/Upgrade process changes:
204: <ul>
205: <li>Completed support for DUID disk installs, and enabled it fully.
1.6 deraadt 206: <li>Tried to make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysmerge&sektion=8">sysmerge(8)</a> work in the installer, but ran into small
1.2 deraadt 207: problems and decided to disable it.
208: <li>Install non-free firmwares from the internet upon first boot, based on a
209: question in the installer.
1.6 deraadt 210: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=svnd&sektion=4">svnd(4)</a>-like behaviour became the default for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vnd&sektion=4">vnd(4)</a> devices. This is
1.2 deraadt 211: what is used to build the media.
212: </ul>
213: <p>
214:
1.6 deraadt 215: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.d&sektion=8">rc.d(8)</a> framework improvements:
1.2 deraadt 216: <ul>
1.6 deraadt 217: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.d&sektion=8">rc.d(8)</a> is now also used for the base system daemons.
1.2 deraadt 218: <li>Backward compatible with the historic way of starting daemons.
219: <li>Notify the user by appending (ok) or (failed) in interactive mode.
220: <li>Better diagnostics with the introduction of RC_DEBUG.
221: </ul>
222: <p>
223:
1.5 djm 224: <li>OpenSSH 5.9:
1.2 deraadt 225: <ul>
226: <li>New features:
227: <ul>
1.5 djm 228: <li>Introduce sandboxing of the pre-auth privsep child using an optional
229: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
230: "UsePrivilegeSeparation=sandbox" mode that enables mandatory
231: restrictions on the syscalls the privsep child can perform.
232: <li>Add new SHA256-based HMAC transport integrity modes from
233: http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
234: These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
235: and hmac-sha2-512-96, and are available by default in
236: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
237: and
238: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
239: <li>The pre-authentication
240: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
241: privilege separation slave process now logs via a socket shared with
242: the master process, avoiding the need to maintain /dev/log inside the
243: chroot.
244: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
245: now warns when a server refuses X11 forwarding.
246: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>'s
247: AuthorizedKeysFile now accepts multiple paths, separated by whitespace.
248: The undocumented AuthorizedKeysFile2 option is deprecated (though the
249: default for AuthorizedKeysFile includes .ssh/authorized_keys2).
250: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>:
251: similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by
252: making UserKnownHostsFile and GlobalKnownHostsFile accept multiple
253: options and default to include known_hosts2.
254: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>'s
255: ControlPath option now expands %L to the host portion of the
256: destination host name.
257: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
258: "Host" options now support negated Host matching.
259: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>:
260: a new RequestTTY option provides control over when a TTY is requested
261: for a connection, similar to the existing -t/-tt/-T
262: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
263: commandline options.
264: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
265: Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for
266: which host keys do not exist, generate the host keys with the default
267: key file path, an empty passphrase, default bits for the key type, and
268: default comment. This is useful for system initialisation scripts.
269: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
270: Allow graceful shutdown of multiplexing: request that a mux server
271: removes its listener socket and refuse future multiplexing requests but
272: don't kill existing connections. This may be requested using
273: "ssh -O stop ...".
274: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>:
275: now accepts keys piped from standard input.
1.2 deraadt 276: </ul>
277: <li>The following significant bugs have been fixed in this release:
278: <ul>
1.5 djm 279: <li>Retain key comments when loading v.2 keys. These will be visible in
280: "ssh-add -l" and other places. (bz#439)
281: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
282: and
283: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
284: set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855)
285: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
286: allow GSSAPI authentication to detect when a server-side failure causes
287: authentication failure and don't count such failures against
288: MaxAuthTries. (bz#1244)
289: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>:
290: now signs hostbased authentication challenges correctly using ECDSA
291: keys. (bz#1858)
292: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
293: document that sftp accepts square brackets to delimit addresses
294: (useful for IPv6). (bz#1847a)
295: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
296: when using session multiplexing, the master process will change its
297: process title to reflect the control path in use and when a
298: ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911)
1.9 sobrado 299: <li>Other minor bugs fixed: bz#1849, bz#1861, bz#1862, bz#1869, bz#1875,
300: bz#1878, bz#1879, bz#1892, bz#1900, bz#1905, and bz#1913.
1.2 deraadt 301: </ul>
302: </ul>
303: <p>
304:
305: <li>Over 7,200 ports, major robustness and speed improvements in package tools.
306: <li>Many pre-built packages for each architecture:
307: <table border=0 cellspacing=0 cellpadding=2 width="95%">
308: <tr>
309: <td valign="top" width="25%">
310: <ul>
311: <li>i386: 7008
312: <li>sparc64: 6456
313: <li>alpha: 6046
314: </ul></td><td valign=top width="25%"><ul>
315: <li>sh: 3721
316: <li>amd64: 6960
317: <li>powerpc: 6691
318: </ul></td><td valign=top width="25%"><ul>
319: <li>sparc: 3277
320: <li>arm: 2963
321: <li>hppa: 6125
322: </ul></td><td valign=top width="25%"><ul>
323: <li>vax: 1409
324: <li>mips64: 5689
325: <li>mips64el: 5709
326: </ul></td></tr></table>
327: <p>
328:
329: <li>Some highlights:
330: <ul>
331: <li>Gnome 2.32.2 <li>KDE 3.5.10
332: <li>Xfce 4.8.0 <li>MySQL 5.1.54
333: <li>PostgreSQL 9.0.5 <li>Postfix 2.8.4
334: <li>OpenLDAP 2.3.43 and 2.4.25 <li>Mozilla Firefox 3.5.19, 3.6.18 and 5.0
335: <li>Mozilla Thunderbird 5.0 <li>GHC 7.0.4
336: <li>LibreOffice 3.4.1.3 <li>Emacs 21.4, 22.3 and 23.3
337: <li>Vim 7.3.154 <li>PHP 5.2.17 and 5.3.6
338: <li>Python 2.4.6, 2.5.4 and 2.7.1 <li>Ruby 1.8.7.352 and 1.9.2.200
1.10 stu 339: <li>Tcl 8.5.9 <li>Jdk 1.7
1.2 deraadt 340: <li>Mono 2.10.2 <li>Chromium 12.0.742.122
341: <li>Groff 1.21
342: </ul>
343: <p>
344:
345: <li>As usual, steady improvements in manual pages and other documentation.
346: <li>Base system and Xenocara manuals are now installed as source code,
1.6 deraadt 347: making <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a> more useful in /usr/share/man/ and /usr/X11R6/man/.
1.2 deraadt 348: <li>If both formatted and source versions of manuals are installed,
1.6 deraadt 349: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man&sektion=1">man(1)</a> automatically displays the newer version of each page.
1.2 deraadt 350:
351: - The system includes the following major components from outside suppliers:
352: <li>Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
353: freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270,
354: xkeyboard-config 2.3 and more)
355: <li>Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
356: <li>Perl 5.12.2 (+ patches)
357: <li>Our improved and secured version of Apache 1.3, with
358: SSL/TLS and DSO support
359: <li>OpenSSL 1.0.0a (+ patches)
360: <li>Sendmail 8.14.5, with libmilter
361: <li>Bind 9.4.2-P2 (+ patches)
362: <li>Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
363: <li>Sudo 1.7.2p8
364: <li>Ncurses 5.7
365: <li>Heimdal 0.7.2 (+ patches)
366: <li>Arla 0.35.7
367: <li>Binutils 2.15 (+ patches)
368: <li>Gdb 6.3 (+ patches)
369: </ul>
1.1 deraadt 370:
371: </ul>
372:
373: <a name="install"></a>
374: <hr>
375: <p>
376: <h3><font color="#0000e0">How to install</font></h3>
377: <p>
378: Following this are the instructions which you would have on a piece of
379: paper if you had purchased a CDROM set instead of doing an alternate
380: form of install. The instructions for doing an FTP (or other style
381: of) install are very similar; the CDROM instructions are left intact
382: so that you can see how much easier it would have been if you had
383: purchased a CDROM instead.
384: <p>
385:
386: <hr>
387: Please refer to the following files on the three CDROMs or FTP mirror for
388: extensive details on how to install OpenBSD 5.0 on your machine:
389: <p>
390: <ul>
391: <li>CD1:5.0/i386/INSTALL.i386
392: <p>
393: <li>CD2:5.0/amd64/INSTALL.amd64
394: <li>CD2:5.0/macppc/INSTALL.macppc
395: <p>
396: <li>CD3:5.0/sparc64/INSTALL.sparc64
397: <p>
398: <li>FTP:.../OpenBSD/5.0/alpha/INSTALL.alpha
399: <li>FTP:.../OpenBSD/5.0/armish/INSTALL.armish
400: <li>FTP:.../OpenBSD/5.0/hp300/INSTALL.hp300
401: <li>FTP:.../OpenBSD/5.0/hppa/INSTALL.hppa
402: <li>FTP:.../OpenBSD/5.0/landisk/INSTALL.landisk
403: <li>FTP:.../OpenBSD/5.0/loongson/INSTALL.loongson
404: <li>FTP:.../OpenBSD/5.0/mvme68k/INSTALL.mvme68k
405: <li>FTP:.../OpenBSD/5.0/mvme88k/INSTALL.mvme88k
406: <li>FTP:.../OpenBSD/5.0/sgi/INSTALL.sgi
407: <li>FTP:.../OpenBSD/5.0/socppc/INSTALL.socppc
408: <li>FTP:.../OpenBSD/5.0/sparc/INSTALL.sparc
409: <li>FTP:.../OpenBSD/5.0/vax/INSTALL.vax
410: <li>FTP:.../OpenBSD/5.0/zaurus/INSTALL.zaurus
411: </ul>
412: <hr>
413:
414: <p>
415: Quick installer information for people familiar with OpenBSD, and the
416: use of the "disklabel -E" command. If you are at all confused when
417: installing OpenBSD, read the relevant INSTALL.* file as listed above!
418: <p>
419:
420: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
421: <ul>
422: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
423: release is on CD1. If your BIOS does not support booting from CD, you will need
424: to create a boot floppy to install from. To create a boot floppy write
425: <i>CD1:5.0/i386/floppy50.fs</i> to a floppy and boot via the floppy drive.
426:
427: <p>
428: Use <i>CD1:5.0/i386/floppyB50.fs</i> instead for greater SCSI controller
429: support, or <i>CD1:5.0/i386/floppyC50.fs</i> for better laptop support.
430:
431: <p>
432: If you can't boot from a CD or a floppy disk,
433: you can install across the network using PXE as described in
434: the included INSTALL.i386 document.
435:
436: <p>
437: If you are planning on dual booting OpenBSD with another OS, you will need to
438: read INSTALL.i386.
439:
440: <p>
441: To make a boot floppy under MS-DOS, use the "rawrite" utility located
442: at <i>CD1:5.0/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
443: use the
444: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
445: utility. The following is an example usage of
446: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
447: where the device could be "floppy", "rfd0c", or
448: "rfd0a".
449:
450: <ul><pre>
451: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
452: </pre></ul>
453:
454: <p>
455: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
456: your install will most likely fail. For more information on creating a boot
457: floppy and installing OpenBSD/i386 please refer to
458: <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
459: </ul>
460:
461: <p>
462: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
463: <ul>
464: The 5.0 release of OpenBSD/amd64 is located on CD2.
465: Boot from the CD to begin the install - you may need to adjust
466: your BIOS options first.
467: If you can't boot from the CD, you can create a boot floppy to install from.
468: To do this, write <i>CD2:5.0/amd64/floppy50.fs</i> to a floppy, then
469: boot from the floppy drive.
470:
471: <p>
472: If you can't boot from a CD or a floppy disk,
473: you can install across the network using PXE as described in the included
474: INSTALL.amd64 document.
475:
476: <p>
477: If you are planning to dual boot OpenBSD with another OS, you will need to
478: read INSTALL.amd64.
479: </ul>
480:
481: <p>
482: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
483: <ul>
484: Put CD2 in your CDROM drive and poweron your machine while holding down the
485: <i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
486:
487: <p>
488: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
489: /5.0/macppc/bsd.rd</i>
490: </ul>
491:
492: <p>
493: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
494: <ul>
495: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
496:
497: <p>
498: If this doesn't work, or if you don't have a CDROM drive, you can write
499: <i>CD3:5.0/sparc64/floppy50.fs</i> or <i>CD3:5.0/sparc64/floppyB50.fs</i>
500: (depending on your machine) to a floppy and boot it with <i>boot
501: floppy</i>. Refer to INSTALL.sparc64 for details.
502:
503: <p>
504: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
505: will most likely fail.
506:
507: <p>
508: You can also write <i>CD3:5.0/sparc64/miniroot50.fs</i> to the swap partition on
509: the disk and boot with <i>boot disk:b</i>.
510:
511: <p>
512: If nothing works, you can boot over the network as described in INSTALL.sparc64.
513: </ul>
514:
515: <p>
516: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
517: <ul>
518: <p>Write <i>FTP:5.0/alpha/floppy50.fs</i> or
519: <i>FTP:5.0/alpha/floppyB50.fs</i> (depending on your machine) to a diskette and
520: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
521:
522: <p>
523: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
524: will most likely fail.
525:
526: </ul>
527:
528: <p>
529: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
530: <ul>
531: <p>
532: After connecting a serial port, Thecus can boot directly from the network
533: either tftp or http. Configure the network using fconfig, reset,
534: then load bsd.rd, see INSTALL.armish for specific details.
535: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
536: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
537: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
538: More details are available in INSTALL.armish.
539: </ul>
540:
541: <p>
542: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
543: <ul>
544: <p>
545: Boot over the network by following the instructions in INSTALL.hp300.
546: </ul>
547:
548: <p>
549: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
550: <ul>
551: <p>
552: Boot over the network by following the instructions in INSTALL.hppa or the
553: <a href="hppa.html#install">hppa platform page</a>.
554: </ul>
555:
556: <p>
557: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
558: <ul>
559: <p>
560: Write <i>miniroot50.fs</i> to the start of the CF
561: or disk, and boot normally.
562: </ul>
563:
564: <p>
565: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
566: <ul>
567: <p>
568: Write <i>miniroot50.fs</i> to a USB stick and boot bsd.rd from it
569: or boot bsd.rd via tftp.
570: Refer to the instructions in INSTALL.loongson for more details.
571: </ul>
572: <p>
573:
574: <p>
575: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
576: <ul>
577: <p>
578: You can create a bootable installation tape or boot over the network.<br>
579: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
580: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
581: for more details.
582: </ul>
583:
584: <p>
585: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
586: <ul>
587: <p>
588: You can create a bootable installation tape or boot over the network.<br>
589: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
590: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
591: for more details.
592: </ul>
593:
594: <p>
595: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
596: <ul>
597: <p>
598: To install on an O2, burn cd50.iso on a CD-R, put it in the CD drive of your
599: machine and select <i>Install System Software</i> from the System Maintenance
600: menu.
601:
602: <p>
603: On other systems, or if your machine doesn't have a CD drive, you can
604: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
605: the kernel matching your system type.
606: Refer to the instructions in INSTALL.sgi for more details.
607: </ul>
608:
609: <p>
610: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
611: <ul>
612: <p>
613: After connecting a serial port, boot over the network via DHCP/tftp.
614: Refer to the instructions in INSTALL.socppc for more details.
615: </ul>
616:
617: <p>
618: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
619: <ul>
620: Boot from one of the provided install ISO images, using one of the two
621: commands listed below, depending on the version of your ROM.
622:
623: <ul><pre>
624: ok <strong>boot cdrom 5.0/sparc/bsd.rd</strong>
625: or
626: > <strong>b sd(0,6,0)5.0/sparc/bsd.rd</strong>
627: </pre></ul>
628:
629: <p>
630: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
631: To do so you need to write <i>floppy50.fs</i> to a floppy.
632: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
633: To boot from the floppy use one of the two commands listed below,
634: depending on the version of your ROM.
635:
636: <ul><pre>
637: ok <strong>boot floppy</strong>
638: or
639: > <strong>b fd()</strong>
640: </pre></ul>
641:
642: <p>
643: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
644: will most likely fail.
645:
646: <p>
647: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
648: setup a bootable tape, or install via network, as told in the
649: INSTALL.sparc file.
650: </ul>
651:
652: <p>
653: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
654: <ul>
655: Boot over the network via mopbooting as described in INSTALL.vax.
656: </ul>
657:
658: <p>
659: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
660: <ul>
661: <p>
662: Using the Linux built-in graphical ipkg installer, install the
663: openbsd50_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
664: for a few important details.
665: </ul>
666:
667: <p>
668: <h3><font color="#e00000">Notes about the source code:</font></h3>
669: <ul>
670: src.tar.gz contains a source archive starting at /usr/src. This file
671: contains everything you need except for the kernel sources, which are
672: in a separate archive. To extract:
673: <p>
674: <ul><pre>
675: # <strong>mkdir -p /usr/src</strong>
676: # <strong>cd /usr/src</strong>
677: # <strong>tar xvfz /tmp/src.tar.gz</strong>
678: </pre></ul>
679: <p>
680: sys.tar.gz contains a source archive starting at /usr/src/sys.
681: This file contains all the kernel sources you need to rebuild kernels.
682: To extract:
683: <p>
684: <ul><pre>
685: # <strong>mkdir -p /usr/src/sys</strong>
686: # <strong>cd /usr/src</strong>
687: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
688: </pre></ul>
689: <p>
690: Both of these trees are a regular CVS checkout. Using these trees it
691: is possible to get a head-start on using the anoncvs servers as
692: described <a href="anoncvs.html">here</a>.
693: Using these files
694: results in a much faster initial CVS update than you could expect from
695: a fresh checkout of the full OpenBSD source tree.
696: <p>
697: </ul>
698:
699: <a name="upgrade"></a>
700: <hr>
701: <p>
702: <h3><font color="#0000e0">How to upgrade</font></h3>
703: <p>
704: If you already have an OpenBSD 4.9 system, and do not want to reinstall,
705: upgrade instructions and advice can be found in the
706: <a href="faq/upgrade50.html">Upgrade Guide</a>.
707:
708: <a name="ports"></a>
709: <hr>
710: <p>
711: <h3><font color="#0000e0">Ports Tree</font></h3>
712: <p>
713: A ports tree archive is also provided. To extract:
714: <p>
715: <ul><pre>
716: # <strong>cd /usr</strong>
717: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
718: # <strong>cd ports</strong>
719: </pre></ul>
720: <p>
721: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
722: read the <a href="faq/ports/index.html">ports</a> page
723: if you know nothing about ports
724: at this point. This text is not a manual of how to use ports.
725: Rather, it is a set of notes meant to kickstart the user on the
726: OpenBSD ports system.
727: <p>
728: The <i>ports/</i> directory represents a CVS (see the manpage for
729: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386">
730: cvs(1)</a> if
731: you aren't familiar with CVS) checkout of our ports. As with our complete
732: source tree, our ports tree is available via anoncvs. So, in
733: order to keep current with it, you must make the <i>ports/</i> tree
734: available on a read-write medium and update the tree with a command
735: like:
736: <p>
737: <ul><pre>
1.4 nick 738: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_0</strong>
1.1 deraadt 739: </pre></ul>
740: <p>
741: [Of course, you must replace the local directory and server name here
742: with the location of your ports collection and a nearby anoncvs
743: server.]
744: <p>
745: Note that most ports are available as packages through FTP. Updated
746: packages for the 5.0 release will be made available if problems arise.
747: <p>
748: If you're interested in seeing a port added, would like to help out, or just
749: would like to know more, the mailing list ports@openbsd.org is a good
750: place to know.
751: <p>
752:
753: </body>
754: </html>