Annotation of www/52.html, Revision 1.29
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.2 Release</title>
5: <link rev=made href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
8: <meta name="description" content="OpenBSD 5.2">
9: <meta name="keywords" content="openbsd,main">
10: <meta name="distribution" content="global">
11: <meta name="copyright" content="This document copyright 2012 by OpenBSD.">
12: </head>
13:
14: <body bgcolor="#ffffff" text="#000000" link="#24248E">
15:
16: <a href="index.html">
17: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
18: <hr>
19:
20: <p>
21: <a href="images/Brazil.jpg">
22: <img align="left" width="227" height="343" hspace="24" vspace="30"
23: src="images/Brazil.jpg" alt="OpenBSD 5.2 logo"></a>
24: <h2><font color="#0000e0">The OpenBSD 5.2 Release:</font></h2>
25: <p>
1.2 deraadt 26: To be released Nov 1, 2012<br>
1.1 deraadt 27: Copyright 1997-2012, Theo de Raadt.<br>
28: <font color="#e00000">ISBN 978-0-9881561-0-4</font>
29: <br>
30: <a href="lyrics.html#52">5.2 Song: song not released yet</a>
31: <p>
32:
33: <a href="#new">What's New</a><br>
34: <a href="#install">How to install</a><br>
35: <a href="#upgrade">How to upgrade</a><br>
36: <a href="#ports">How to use the ports tree</a><br>
37: <a href="orders.html">Ordering a CD set</a><br>
38:
39: <p>
40: <h3><font color="#0000e0">
41: To get the files for this release:
42: <ul>
43: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
44: <li>See the information on <a href="ftp.html">The FTP page</a> for
45: a list of mirror machines.
46: <li>Go to the <font color="#e00000">pub/OpenBSD/5.2/</font> directory on
47: one of the mirror sites.
48: <li>Briefly read the rest of this document.
49: <li>Have a look at <a href="errata52.html">The 5.2 Errata page</a> for a list
50: of bugs and workarounds.
51: <li>See a <a href="plus52.html">detailed log of changes</a> between the
52: 5.1 and 5.2 releases.
53: </ul>
54: </font></h3>
55: <br clear=all>
56:
57: <strong>Note:</strong> All applicable copyrights and credits can be found
58: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
59: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution
60: files used to build packages from the ports.tar.gz file are not included on
61: the CDROM because of lack of space.
62: <p>
63:
64: <a name="new"></a>
65: <hr>
66: <p>
67: <h3><font color="#0000e0">What's New</font></h3>
68: <p>
69: This is a partial list of new features and systems included in OpenBSD 5.2.
70: For a comprehensive list, see the <a href="plus52.html">changelog</a> leading
71: to 5.2.
72: <p>
73:
74: <ul>
1.17 lteo 75: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthreads&sektion=3">pthreads(3)</a> support:
1.1 deraadt 76: <ul>
77: <li>The most significant change in this release is the replacement of
1.29 ! matthew 78: the user-level uthreads by kernel-level rthreads, allowing multithreaded
! 79: programs to utilize multiple CPUs/cores.
1.1 deraadt 80: <li>Use PTHREAD_MUTEX_STRICT_NP as default mutex type.
1.6 guenther 81: <li>Added pthread spinlock and barrier routines.
82: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_mutex_lock&sektion=3">pthread_mutex_timedlock(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sem_wait&sektion=3">sem_timedwait(3)</a>.
83: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_condattr_init&sektion=3">pthread_condattr_setclock(3)</a>.
1.1 deraadt 84: <li>Added support for live multi-threaded debugging in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdb&sektion=1">gdb(1)</a>.
1.22 guenther 85: <li>Improved handling for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getrusage&sektion=2">rusage</a> totals and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getitimer&sektion=2">interval timers</a> in threaded processes.
86: <li>Changed the RLIMIT_NPROC <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getrlimit&sektion=2">rlimit</a> to count processes instead of threads.
1.6 guenther 87: <li>Added a new system limit <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">kern.maxthread</a> for the max number of threads.
88: <li>Closed race conditions in thread creation, and in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fork&sektion=2">fork(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> in a threaded process.
1.22 guenther 89: <li>Improved handling of threaded processes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>, and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a>.
1.19 guenther 90: <li>Changed the lock around <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlfcn&sektion=3">dlopen()</a> to be recursive, so that dl*() operations from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit()</a> handlers don't deadlock.
1.21 guenther 91: <li>Many fixes to pthread attribute and mutex error checking and cancellation handling.
1.1 deraadt 92: </ul>
93: <p>
94:
95: <li>Improved hardware support, including:
96: <ul>
1.17 lteo 97: <li>Added hibernation support on i386. Currently only working on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wd&sektion=4">wd(4)</a> disks.
1.10 sthen 98: <li>Improved support for ALPS based touchpads in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsmouse&sektion=4">wsmouse(4)</a> and the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=synaptics&sektion=4">synaptics(4)</a> X.Org input driver</a>.
99: <li>Performance improvements with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ix&sektion=4">ix(4)</a> Intel 10Gb ethernet NICs.
100: <li>Support for i350 based devices in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>.
101: <li>Flow control support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bnx&sektion=4">bnx(4)</a>.
102: <li>Hardware watchdog and HPET support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpcib&sektion=4">tcpcib(4)</a> (Intel Atom E600) as found in some embedded x86 systems.
103: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=urndis&sektion=4">urndis(4)</a> supports additional Android devices.
1.20 lteo 104: <li>Support for Winbond W83627UHG has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wbsio&sektion=4">wbsio(4)</a>.
1.23 jsg 105: <li>Support for the SMBus controller of the AMD CS5536 in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcib&sektion=4&arch=i386">glxpcib(4)</a>.
106: <li>Support for AX88772B based devices has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=axe&sektion=4">axe(4)</a>.
107: <li>Support for MCS7832 based devices has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mos&sektion=4">mos(4)</a>.
1.1 deraadt 108: <li>...
109: </ul>
110: <p>
111:
112: <li>Generic network stack improvements:
113: <ul>
1.10 sthen 114: <li>Cleanup handling of sockaddrs in degenerate use cases.
1.6 guenther 115: <li>Improved handling of error and limit cases in file-descriptor passing.
116: <li>Improved error handling in socket splicing.
1.12 sperreau 117: <li>IPv6 privacy addresses now appear alongside SLAAC addresses.
1.1 deraadt 118: <li>...
119: </ul>
120: <p>
121:
122: <li>Routing daemons and other userland network improvements:
123: <ul>
1.22 guenther 124: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aucat&sektion=1">sndiod(1)</a>,
1.5 camield 125: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>,
126: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dvmrpd&sektion=8">dvmrpd(8)</a>,
127: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a>,
128: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iked&sektion=8">iked(8)</a>,
129: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iscsid&sektion=8">iscsid(8)</a>,
1.1 deraadt 130: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldapd&sektion=8">ldapd(8)</a>,
1.5 camield 131: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldpd&sektion=8">ldpd(8)</a>,
132: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nsd&sektion=8">nsd(8)</a>,
133: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospf6d&sektion=8">ospf6d(8)</a>,
134: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospfd&sektion=8">ospfd(8)</a>,
135: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>,
136: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ripd&sektion=8">ripd(8)</a>,
137: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snmpd&sektion=8">snmpd(8)</a>,
138: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>,
139: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>,
140: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpbench&sektion=1">tcpbench(1)</a> and
141: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tmux&sektion=1">tmux(1)</a>
1.1 deraadt 142: now rate limit their accepting of new connections when experiencing file descriptor exhaustion.
143: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>
144: now recognizes additional Internet Key Exchange DH groups.
145: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecctl&sektion=8">ipsecctl(8)</a>
146: now allows SA lifetimes to be specified in its
147: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf&sektion=5">ipsec.conf(5)</a>
148: file.
149: <li>Rewrote <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftpd&sektion=8">tftpd(8)</a> as a persistent, non-blocking daemon.
1.9 sthen 150: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snmpd&sektion=8">snmpd(8)</a> now supports PF-MIB, UCD-DISKIO-MIB, and
151: additional OIDs in HOST-RESOURCES-MIB.
152: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> is now more robust to network instability.
153: <li>ASCII packet dumping support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>.
154: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftp&sektion=1">tftp(1)</a> client now supports IPv6.
1.17 lteo 155: <li>Various bug fixes and better standard compliance in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8">relayd(8)</a>.
1.20 lteo 156: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>
157: can now advertise DNS servers and search paths in router advertisements.
158: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>
159: can now send router advertisements with no prefix information using the noifprefix option.
160: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>
161: client now allows the source IP address of the connection to be specified.
1.24 jmatthew 162: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ypldap&sektion=8">ypldap(8)</a>
163: now handles larger directories and is more tolerant when processing groups.
1.1 deraadt 164: <li>...
165: </ul>
166: <p>
167:
168: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> improvements:
169: <ul>
1.9 sthen 170: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now ignores/preserves the lower 2 bits of the tos-header (used for Explicit Congestion Notification).
1.17 lteo 171: <li>Allow more than 16 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a> interfaces.
1.15 benno 172: <li>...
1.1 deraadt 173: </ul>
174: <p>
175:
176: <li>Assorted improvements:
177: <ul>
178: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nginx&sektion=8">nginx(8)</a>,
179: an HTTP server, reverse proxy server and mail proxy server.
1.8 espie 180: <li>Added SQLite 3.7.13, a self-contained SQL database engine.
1.1 deraadt 181: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcap&sektion=3">libpcap</a>
182: has been updated with several core functions from tcpdump.org's libpcap-1.2.0 API, without
183: the clutter.
184: <li>Disabled SSLv2 in OpenSSL.
1.8 espie 185: <li>Moved <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=libtool&sektion=1">libtool(1)</a> into the base system. Much work remains to be done.
1.18 lteo 186: <li>Removed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lint&sektion=1&manpath=OpenBSD+5.1">lint(1)</a>.
187: <li>Removed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4&manpath=OpenBSD+5.1">raid(4)</a>
188: RAIDframe driver and the corresponding
189: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raidctl&sektion=8&manpath=OpenBSD+5.1">raidctl(8)</a> utility.
1.16 lteo 190: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=posix_spawn&sektion=3">posix_spawn(3)</a>.
1.28 matthew 191: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbsnrtowcs&sektion=3">mbsnrtowcs(3)</a>
1.16 lteo 192: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wcsnrtombs&sektion=3">wcsnrtombs(3)</a>.
193: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getdelim&sektion=3">getdelim(3)</a>
194: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getline&sektion=3">getline(3)</a>.
195: <li>More configuration variables for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysconf&sektion=3">sysconf(3)</a> and
196: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pathconf&sektion=2">pathconf(2)</a>.
197: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dirfd&sektion=3">dirfd(3)</a>
1.17 lteo 198: is now a function instead of a macro.
1.16 lteo 199: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=posix_memalign&sektion=3">posix_memalign(3)</a>
200: supports arbitrarily large alignments.
201: <li>Improved <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> performance.
202: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>
203: recognizes the DF_1_NOOPEN flag and refuses to
204: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a>
205: shared objects linked with "-z nodlopen".
1.6 guenther 206: <li>Improved compliance and/or cleanliness of header files, particularly
1.7 guenther 207: <dirent.h>, <time.h>, <sys/time.h>, <limits.h>,
1.6 guenther 208: <arpa/inet.h>, <netinet/in.h>, and <sys/param.h>.
209: <li>Improved kernel uvm memory allocator.
1.22 guenther 210: <li>Added support for using AMT to provide console-over-ethernet (c.f. the amtterm port).
1.6 guenther 211: <li>Improved support for amd64 boxes with many memory extents.
1.16 lteo 212: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_linux&sektion=8">compat_linux(8)</a>
213: improvements: TLS-vs-clone and futex fixes, added support
1.6 guenther 214: for statfs64(), tgkill(), gettid(), SOCK_CLOEXEC, and SOCK_NONBLOCK.
1.7 guenther 215: <li>Improved handling of bare FAT media.
1.16 lteo 216: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a>
217: improvements, including the ability to show thread IDs and dumping of timespec, timeval, sigaction, rlimit, sigset, clockid, and fdset arguments and results.
218: <li>Various improvements in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sektion=8">smtpd(8)</a>:
1.17 lteo 219: reliability fixes, new MTA client, new scheduler and improved queue logic, simplified smtpd.conf syntax, better RFC compliance and several cosmetic changes.
1.16 lteo 220: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>
1.17 lteo 221: emacs-like editor now allows backup files to be saved in a user's home directory.
1.22 guenther 222: <li>Fixed operation of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_getfiles&sektion=3">kvm_getfile2()</a> (and therefore <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pstat&sektion=8">pstat(8)</a>) on kernel crash dumps.
223: <li>Improved emacs-style key bindings and handling of large arrays in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>.
224: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=halt&sektion=8">halt(8)</a> disables "suspend-on-lid-close" so that you don't accidentally suspend instead of shutting down.
225: <li>Improvements to parallel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>: added the .CHEAP and .EXPENSIVE special targets and fixed glitches in already-rebuilt logic.
1.26 sthen 226: <li>The <a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/libusb1/">libusb</a> package is able to access non-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ugen&sektion=4">ugen(4)</a> devices for some operations, allowing e.g. <a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/sysutils/ykpers/">programming YubiKeys</a> with a standard kernel.
1.1 deraadt 227: <li>...
228: </ul>
229: <p>
230:
231: <li>OpenSSH 6.1:
232: <ul>
233: <li>New features:
234: <ul>
1.27 rpe 235: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
236: This release turns on pre-auth sandboxing sshd by default for new installs,
237: by setting UsePrivilegeSeparation=sandbox in sshd_config.
238: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">sshd-keygen(1)</a>:
239: Add options to specify starting line number and number of lines to process
240: when screening moduli candidates, allowing processing of different parts of
241: a candidate moduli file in parallel
242: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
243: The Match directive now supports matching on the local (listen) address and
244: port upon which the incoming connection was received via LocalAddress and
245: LocalPort clauses.
246: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
247: Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups}
248: <li>Add support for RFC6594 SSHFP DNS records for ECDSA key types. (bz#1978)
249: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">sshd-keygen(1)</a>:
250: Allow conversion of RSA1 keys to public PEM and PKCS8
251: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
252: Allow the sshd_config PermitOpen directive to accept "none" as an argument to
253: refuse all port-forwarding requests.
254: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
255: Support "none" as an argument for AuthorizedPrincipalsFile
256: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keyscan&sektion=1">sshd-keyscan(1)</a>:
257: Look for ECDSA keys by default. (bz#1971)
258: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
259: Add "VersionAddendum" to sshd_config to allow server operators to append some
260: arbitrary text to the server SSH protocol banner.
1.1 deraadt 261: </ul>
262: <li>The following significant bugs have been fixed in this release:
263: <ul>
1.27 rpe 264: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> and
265: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
266: Don't spin in accept() in situations of file descriptor exhaustion. Instead
267: back off for a while.
268: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> and
269: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
270: Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from
271: the specification. (bz#2023)
272: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
273: Handle long comments in config files better. (bz#2025)
274: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
275: Delay setting tty_flag so RequestTTY options are correctly picked up. (bz#1995)
276: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
277: Fix handling of /etc/nologin incorrectly being applied to root on platforms
278: that use login_cap.
1.1 deraadt 279: </ul>
280: </ul>
281: <p>
282:
1.8 espie 283: <li>Over 7600 ports, major performance and stability improvements in
1.1 deraadt 284: the package build process
285: <ul>
1.8 espie 286: <li>dpb got simpler and faster. Handles distfiles, works without any
287: option.
1.17 lteo 288: <li>Simpler and less error-prone mechanisms for handling MD differences.
1.8 espie 289: <li>dpb is now used for mirroring distfiles, to the great joy of
290: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/distfiles/">ftp://ftp.openbsd.org/pub/OpenBSD/distfiles/</a>
1.1 deraadt 291: </ul>
292: <p>
293: <li>Many pre-built packages for each architecture:
294: <table border=0 cellspacing=0 cellpadding=2 width="95%">
295: <tr>
296: <td valign="top" width="25%">
297: <ul>
298: <li>i386: 7483
299: <li>sparc64: 6820
300: <li>alpha: 5993
301: </ul></td><td valign=top width="25%"><ul>
302: <li>sh: XXXX
303: <li>amd64: 7439
304: <li>powerpc: 7050
305: </ul></td><td valign=top width="25%"><ul>
306: <li>sparc: 4466
307: <li>arm: XXXX
308: <li>hppa: 6316
309: </ul></td><td valign=top width="25%"><ul>
310: <li>vax: XXXX
311: <li>mips64: 5845
312: <li>mips64el: 5908
313: </ul></td></tr></table>
314: <p>
315:
316: <li>Some highlights:
317: <ul>
1.11 sthen 318: <li>GNOME 3.4.2 <li>KDE 3.5.10
1.1 deraadt 319: <li>Xfce 4.10 <li>MySQL 5.1.63
320: <li>PostgreSQL 9.1.4 <li>Postfix 2.9.3
321: <li>OpenLDAP 2.3.43 and 2.4.31 <li>Mozilla Firefox 3.5.19, 3.6.28 and 13.0.1
322: <li>Mozilla Thunderbird 13.0.1 <li>GHC 7.0.4
323: <li>LibreOffice 3.5.5.3 <li>Emacs 21.4, 22.3 and 23.4
324: <li>Vim 7.3.154 <li>PHP 5.2.17 and 5.3.14
325: <li>Python 2.5.4, 2.7.3 and 3.2.3 <li>Ruby 1.8.7.370 and 1.9.3.194
326: <li>Tcl/Tk 8.5.11 <li>Jdk 1.7
327: <li>Mono 2.10.9 <li>Chromium 20.0.1132.57
328: <li>Groff 1.21 <li>Go 1.0.2
329: <li>GCC 4.6.3 and 4.7.1 <li>LLVM/Clang 3.1
1.20 lteo 330: <li>Lua 5.1.5 and 5.2.1
1.1 deraadt 331: </ul>
332: <p>
333:
334: <li>As usual, steady improvements in manual pages and other documentation.
335: <p>
336:
337: <li>The system includes the following major components from outside suppliers:
338: <ul>
1.3 matthieu 339: <li>Xenocara (based on X.Org 7.7 with xserver 1.12.2 + patches,
340: freetype 2.4.10, fontconfig 2.8.0, Mesa 7.10.3, xterm 279,
341: xkeyboard-config 2.6 and more)
1.1 deraadt 342: <li>Gcc 4.2.1 (+patches), 3.3.5 (+ patches) and 2.95.3 (+ patches)
343: <li>Perl 5.12.2 (+ patches)
344: <li>Our improved and secured version of Apache 1.3, with
345: SSL/TLS and DSO support
346: <li>Nginx 1.2.2 (+ patches)
347: <li>OpenSSL 1.0.0f (+ patches)
348: <li>SQLite 3.7.13 (+ patches)
349: <li>Sendmail 8.14.5, with libmilter
350: <li>Bind 9.4.2-P2 (+ patches)
351: <li>NSD 3.2.11
352: <li>Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
353: <li>Sudo 1.7.2p8
354: <li>Ncurses 5.7
355: <li>Heimdal 0.7.2 (+ patches)
356: <li>Arla 0.35.7
357: <li>Binutils 2.15 (+ patches)
358: <li>Gdb 6.3 (+ patches)
359: <li>Less 444 (+ patches)
360: <li>Awk Aug 10, 2011 version
361: </ul>
362:
363: </ul>
364:
365: <a name="install"></a>
366: <hr>
367: <p>
368: <h3><font color="#0000e0">How to install</font></h3>
369: <p>
370: Following this are the instructions which you would have on a piece of
371: paper if you had purchased a CDROM set instead of doing an alternate
372: form of install. The instructions for doing an FTP (or other style
373: of) install are very similar; the CDROM instructions are left intact
374: so that you can see how much easier it would have been if you had
375: purchased a CDROM instead.
376: <p>
377:
378: <hr>
379: Please refer to the following files on the three CDROMs or FTP mirror for
380: extensive details on how to install OpenBSD 5.2 on your machine:
381: <p>
382: <ul>
383: <li>CD1:5.2/i386/INSTALL.i386
384: <p>
385: <li>CD2:5.2/amd64/INSTALL.amd64
386: <p>
387: <li>CD3:5.2/sparc64/INSTALL.sparc64
388: <p>
389: <li>FTP:.../OpenBSD/5.2/alpha/INSTALL.alpha
390: <li>FTP:.../OpenBSD/5.2/armish/INSTALL.armish
391: <li>FTP:.../OpenBSD/5.2/hp300/INSTALL.hp300
392: <li>FTP:.../OpenBSD/5.2/hppa/INSTALL.hppa
393: <li>FTP:.../OpenBSD/5.2/landisk/INSTALL.landisk
394: <li>FTP:.../OpenBSD/5.2/loongson/INSTALL.loongson
395: <li>FTP:.../OpenBSD/5.2/luna88k/INSTALL.luna88k
396: <li>FTP:.../OpenBSD/5.2/macppc/INSTALL.macppc
397: <li>FTP:.../OpenBSD/5.2/mvme68k/INSTALL.mvme68k
398: <li>FTP:.../OpenBSD/5.2/mvme88k/INSTALL.mvme88k
399: <li>FTP:.../OpenBSD/5.2/sgi/INSTALL.sgi
400: <li>FTP:.../OpenBSD/5.2/socppc/INSTALL.socppc
401: <li>FTP:.../OpenBSD/5.2/sparc/INSTALL.sparc
402: <li>FTP:.../OpenBSD/5.2/vax/INSTALL.vax
403: <li>FTP:.../OpenBSD/5.2/zaurus/INSTALL.zaurus
404: </ul>
405: <hr>
406:
407: <p>
408: Quick installer information for people familiar with OpenBSD, and the
409: use of the "disklabel -E" command. If you are at all confused when
410: installing OpenBSD, read the relevant INSTALL.* file as listed above!
411: <p>
412:
413: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
414: <ul>
415: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
416: release is on CD1. If your BIOS does not support booting from CD, you will need
417: to create a boot floppy to install from. To create a boot floppy write
418: <i>CD1:5.2/i386/floppy52.fs</i> to a floppy and boot via the floppy drive.
419:
420: <p>
421: Use <i>CD1:5.2/i386/floppyB52.fs</i> instead for greater SCSI controller
422: support, or <i>CD1:5.2/i386/floppyC52.fs</i> for better laptop support.
423:
424: <p>
425: If you can't boot from a CD or a floppy disk,
426: you can install across the network using PXE as described in
427: the included INSTALL.i386 document.
428:
429: <p>
430: If you are planning on dual booting OpenBSD with another OS, you will need to
431: read INSTALL.i386.
432:
433: <p>
434: To make a boot floppy under MS-DOS, use the "rawrite" utility located
435: at <i>CD1:5.2/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
436: use the
437: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
438: utility. The following is an example usage of
439: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
440: where the device could be "floppy", "rfd0c", or
441: "rfd0a".
442:
443: <ul><pre>
444: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
445: </pre></ul>
446:
447: <p>
448: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
449: your install will most likely fail. For more information on creating a boot
450: floppy and installing OpenBSD/i386 please refer to
451: <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
452: </ul>
453:
454: <p>
455: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
456: <ul>
457: The 5.2 release of OpenBSD/amd64 is located on CD2.
458: Boot from the CD to begin the install - you may need to adjust
459: your BIOS options first.
460: If you can't boot from the CD, you can create a boot floppy to install from.
461: To do this, write <i>CD2:5.2/amd64/floppy52.fs</i> to a floppy, then
462: boot from the floppy drive.
463:
464: <p>
465: If you can't boot from a CD or a floppy disk,
466: you can install across the network using PXE as described in the included
467: INSTALL.amd64 document.
468:
469: <p>
470: If you are planning to dual boot OpenBSD with another OS, you will need to
471: read INSTALL.amd64.
472: </ul>
473:
474: <p>
475: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
476: <ul>
477: Burn the image from the FTP site to a CDROM, and poweron your machine
478: while holding down the <i>C</i> key until the display turns on and
479: shows <i>OpenBSD/macppc boot</i>.
480:
481: <p>
482: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
483: /5.2/macppc/bsd.rd</i>
484: </ul>
485:
486: <p>
487: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
488: <ul>
489: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
490:
491: <p>
492: If this doesn't work, or if you don't have a CDROM drive, you can write
493: <i>CD3:5.2/sparc64/floppy52.fs</i> or <i>CD3:5.2/sparc64/floppyB52.fs</i>
494: (depending on your machine) to a floppy and boot it with <i>boot
495: floppy</i>. Refer to INSTALL.sparc64 for details.
496:
497: <p>
498: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
499: will most likely fail.
500:
501: <p>
502: You can also write <i>CD3:5.2/sparc64/miniroot52.fs</i> to the swap partition on
503: the disk and boot with <i>boot disk:b</i>.
504:
505: <p>
506: If nothing works, you can boot over the network as described in INSTALL.sparc64.
507: </ul>
508:
509: <p>
510: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
511: <ul>
512: <p>Write <i>FTP:5.2/alpha/floppy52.fs</i> or
513: <i>FTP:5.2/alpha/floppyB52.fs</i> (depending on your machine) to a diskette and
514: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
515:
516: <p>
517: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
518: will most likely fail.
519:
520: </ul>
521:
522: <p>
523: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
524: <ul>
525: <p>
526: After connecting a serial port, Thecus can boot directly from the network
527: either tftp or http. Configure the network using fconfig, reset,
528: then load bsd.rd, see INSTALL.armish for specific details.
529: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
530: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
531: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
532: More details are available in INSTALL.armish.
533: </ul>
534:
535: <p>
536: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
537: <ul>
538: <p>
539: Boot over the network by following the instructions in INSTALL.hp300.
540: </ul>
541:
542: <p>
543: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
544: <ul>
545: <p>
546: Boot over the network by following the instructions in INSTALL.hppa or the
547: <a href="hppa.html#install">hppa platform page</a>.
548: </ul>
549:
550: <p>
551: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
552: <ul>
553: <p>
554: Write <i>miniroot52.fs</i> to the start of the CF
555: or disk, and boot normally.
556: </ul>
557:
558: <p>
559: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
560: <ul>
561: <p>
562: Write <i>miniroot52.fs</i> to a USB stick and boot bsd.rd from it
563: or boot bsd.rd via tftp.
564: Refer to the instructions in INSTALL.loongson for more details.
565: </ul>
566: <p>
567:
568: <p>
569: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
570: <ul>
571: <p>
572: Copy bsd.rd to a Mach or UniOS partition, and boot it from the PROM.
573: Alternatively, you can create a bootable tape and boot from it. Refer to
574: the instructions in INSTALL.luna88k for more details.
575: </ul>
576:
577: <p>
578: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
579: <ul>
580: <p>
581: You can create a bootable installation tape or boot over the network.<br>
582: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
583: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
584: for more details.
585: </ul>
586:
587: <p>
588: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
589: <ul>
590: <p>
591: You can create a bootable installation tape or boot over the network.<br>
592: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
593: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
594: for more details.
595: </ul>
596:
597: <p>
598: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
599: <ul>
600: <p>
601: To install on an O2, burn cd52.iso on a CD-R, put it in the CD drive of your
602: machine and select <i>Install System Software</i> from the System Maintenance
603: menu.
604:
605: <p>
606: On other systems, or if your machine doesn't have a CD drive, you can
607: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
608: the kernel matching your system type.
609: Refer to the instructions in INSTALL.sgi for more details.
610: </ul>
611:
612: <p>
613: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
614: <ul>
615: <p>
616: After connecting a serial port, boot over the network via DHCP/tftp.
617: Refer to the instructions in INSTALL.socppc for more details.
618: </ul>
619:
620: <p>
621: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
622: <ul>
623: Boot from one of the provided install ISO images, using one of the two
624: commands listed below, depending on the version of your ROM.
625:
626: <ul><pre>
627: ok <strong>boot cdrom 5.2/sparc/bsd.rd</strong>
628: or
629: > <strong>b sd(0,6,0)5.2/sparc/bsd.rd</strong>
630: </pre></ul>
631:
632: <p>
633: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
634: To do so you need to write <i>floppy52.fs</i> to a floppy.
635: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
636: To boot from the floppy use one of the two commands listed below,
637: depending on the version of your ROM.
638:
639: <ul><pre>
640: ok <strong>boot floppy</strong>
641: or
642: > <strong>b fd()</strong>
643: </pre></ul>
644:
645: <p>
646: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
647: will most likely fail.
648:
649: <p>
650: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
651: setup a bootable tape, or install via network, as told in the
652: INSTALL.sparc file.
653: </ul>
654:
655: <p>
656: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
657: <ul>
658: Boot over the network via mopbooting as described in INSTALL.vax.
659: </ul>
660:
661: <p>
662: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
663: <ul>
664: <p>
665: Using the Linux built-in graphical ipkg installer, install the
666: openbsd52_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
667: for a few important details.
668: </ul>
669:
670: <p>
671: <h3><font color="#e00000">Notes about the source code:</font></h3>
672: <ul>
673: src.tar.gz contains a source archive starting at /usr/src. This file
674: contains everything you need except for the kernel sources, which are
675: in a separate archive. To extract:
676: <p>
677: <ul><pre>
678: # <strong>mkdir -p /usr/src</strong>
679: # <strong>cd /usr/src</strong>
680: # <strong>tar xvfz /tmp/src.tar.gz</strong>
681: </pre></ul>
682: <p>
683: sys.tar.gz contains a source archive starting at /usr/src/sys.
684: This file contains all the kernel sources you need to rebuild kernels.
685: To extract:
686: <p>
687: <ul><pre>
688: # <strong>mkdir -p /usr/src/sys</strong>
689: # <strong>cd /usr/src</strong>
690: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
691: </pre></ul>
692: <p>
693: Both of these trees are a regular CVS checkout. Using these trees it
694: is possible to get a head-start on using the anoncvs servers as
695: described <a href="anoncvs.html">here</a>.
696: Using these files
697: results in a much faster initial CVS update than you could expect from
698: a fresh checkout of the full OpenBSD source tree.
699: <p>
700: </ul>
701:
702: <a name="upgrade"></a>
703: <hr>
704: <p>
705: <h3><font color="#0000e0">How to upgrade</font></h3>
706: <p>
707: If you already have an OpenBSD 5.1 system, and do not want to reinstall,
708: upgrade instructions and advice can be found in the
709: <a href="faq/upgrade52.html">Upgrade Guide</a>.
710:
711: <a name="ports"></a>
712: <hr>
713: <p>
714: <h3><font color="#0000e0">Ports Tree</font></h3>
715: <p>
716: A ports tree archive is also provided. To extract:
717: <p>
718: <ul><pre>
719: # <strong>cd /usr</strong>
720: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
721: # <strong>cd ports</strong>
722: </pre></ul>
723: <p>
724: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
725: read the <a href="faq/ports/index.html">ports</a> page
726: if you know nothing about ports
727: at this point. This text is not a manual of how to use ports.
728: Rather, it is a set of notes meant to kickstart the user on the
729: OpenBSD ports system.
730: <p>
731: The <i>ports/</i> directory represents a CVS (see the manpage for
732: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386">
733: cvs(1)</a> if
734: you aren't familiar with CVS) checkout of our ports. As with our complete
735: source tree, our ports tree is available via anoncvs. So, in
736: order to keep current with it, you must make the <i>ports/</i> tree
737: available on a read-write medium and update the tree with a command
738: like:
739: <p>
740: <ul><pre>
741: # <strong>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_2</strong>
742: </pre></ul>
743: <p>
744: [Of course, you must replace the local directory and server name here
745: with the location of your ports collection and a nearby anoncvs
746: server.]
747: <p>
748: Note that most ports are available as packages through FTP. Updated
749: packages for the 5.2 release will be made available if problems arise.
750: <p>
751: If you're interested in seeing a port added, would like to help out, or just
752: would like to know more, the mailing list
753: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
754: <p>
755:
756: <hr>
757: <a href="index.html"><img height="24" width="24" src="back.gif" border="0"
758: alt="OpenBSD"></a>
759: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
760: <br><small>
1.29 ! matthew 761: $OpenBSD: 52.html,v 1.28 2012/09/06 16:50:51 matthew Exp $
1.1 deraadt 762: </small>
763:
764: </body>
765: </html>
![[BACK]](/icons/back.gif){kind=icon}
Return to 52.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www