===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/55.html,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- www/55.html 2014/05/01 14:52:34 1.66
+++ www/55.html 2014/05/02 18:58:56 1.67
@@ -1,1141 +1 @@
-
-
-
-OpenBSD 5.5
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
OpenBSD 5.5
-
-Released May 1, 2014
-Copyright 1997-2014, Theo de Raadt.
-ISBN 978-0-9881561-3-5
-
-5.5 Song: "Wrap in Time"
-
-
-
-- Order a CDROM from our ordering system.
-
- See the information on the FTP page for
- a list of mirror machines.
-
- Go to the pub/OpenBSD/5.5/ directory on
- one of the mirror sites.
-
- Briefly read the rest of this document.
-
- Have a look at the 5.5 errata page for a list
- of bugs and workarounds.
-
- See a detailed log of changes between the
- 5.4 and 5.5 releases.
-
-
- 5.5 base signify pubkey: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h
-
- 5.5 fw signify pubkey: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO
-
- 5.5 pkg signify pubkey: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5
-
-
-All applicable copyrights and credits can be found in the applicable
-file sources found in the files src.tar.gz, sys.tar.gz,
-xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
-distribution files used to build packages from the ports.tar.gz file
-are not included on the CDROM because of lack of space.
-
-
-
-
-
-
What's New
-
-This is a partial list of new features and systems included in OpenBSD 5.5.
-For a comprehensive list, see the changelog leading
-to 5.5.
-
-
-
-- time_t is now 64 bits on all platforms.
-
- - From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC.
-
- The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t.
-
- Userland programs that were changed include
- arp(8),
- bgpd(8),
- calendar(8),
- cron(8),
- find(1),
- fsck_ffs(8),
- ifconfig(8),
- ksh(1),
- ld(1),
- ld.so(1),
- netstat(1),
- pfctl(8),
- ping(8),
- rtadvd(8),
- ssh(1),
- tar(1),
- tmux(1),
- top(1),
- and many others, including games!
-
- Removed time_t from network, on-disk, and database formats.
-
- Removed as many (time_t) casts as possible.
-
- Format strings were converted to use %lld and (long long) casts.
-
- Uses of timeval were converted to timespec where possible.
-
- Parts of the system that could not use 64-bit time_t were converted to use unsigned 32-bit instead, so they are good till the year 2106.
-
- Numerous ports throughout the ports tree received time_t fixes.
-
-
-
-
- Releases and packages are now cryptographically signed with the
-signify(1) utility.
-
- - The installer will verify all sets before installing.
-
- Installing without verification works, but is discouraged.
-
- Users are advised to verify the installer (bsd.rd, install55.iso, etc.)
- ahead of time using the
- signify(1) tool if available.
-
- pkg_add(1) now only trusts signed packages by default.
-
-
-
-
- Installer improvements:
-
- - The installer now supports a scriptable
- auto-installation
- method that enables unattended installation and upgrades using a response file.
-
- Disk images which can be written to a USB flash drive
- (miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets])
- are now provided for amd64 and i386.
-
- Rewritten
- installboot(8)
- utility aiming for a unified implementation across platforms (currently
- used by amd64 and i386 only).
-
- The installer now parses nwids with embedded blanks correctly.
-
-
-
-
- New/extended platforms:
-
-
-
-
- Improved hardware support, including:
-
- - New vmx(4)
- driver for VMware VMXNET3 Virtual Interface Controller devices.
-
- New vmwpvs(4)
- driver for VMware Paravirtual SCSI.
-
- New vioscsi(4)
- driver for VirtIO SCSI adapters.
-
- New viornd(4)
- driver for VirtIO random number devices.
-
- New ubcmtp(4)
- driver for Broadcom multi-touch trackpads found on newer Apple MacBook,
- MacBook Pro, and MacBook Air laptops.
-
- New ugold(4)
- driver for TEMPer gold HID thermometers.
-
- New ugl(4)
- driver for Genesys Logic based USB host-to-host adapters.
-
- New qla(4) driver for Qlogic fibre channel HBAs.
-
- radeondrm(4)
- has been overhauled, including:
-
- - New port of the Radeon code in Linux 3.8.13.19.
-
- Support for Kernel Mode Setting (KMS) including support for
- additional output types such as DisplayPort.
-
- wsdisplay(4)
- now attaches to
- radeondrm(4)
- and provides a framebuffer console.
-
- - inteldrm(4)
- has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes.
-
- Support for Intel 8 Series Ethernet with i217/i218 PHYs, and
- i210/i211/i354 has been added to
- em(4).
-
- Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to
- iwn(4).
-
- Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, and ARC-1284 has been added to
- arc(4).
-
- Support for Elantech v2 touchpads in pms(4) has been fixed.
-
- Support for 802.11a (5Ghz) has been added to wpi(4).
-
- Workarounds for firmware stability issues have been added to
- wpi(4),
- iwi(4), and
- iwn(4).
-
- Support for RT3572 chips has been added to the
- ral(4) driver.
-
- Support for RTL8106E chips has been added to the
- re(4) driver.
-
- Support for RTS5229 card readers has been added to rtsx(4).
-
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver.
-
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver.
-
- Further reliability improvements regarding suspend/resume and hibernation.
-
- Enabled IPv6 transmit TCP/UDP checksum offload in
- jme(4).
-
-
-
-
- Generic network stack improvements:
-
- - Added vxlan(4),
- a virtual extensible local area network tunnel interface.
-
- pflow(4)
- now sends 64 bit time values for pflowproto 10. The changed templates /
- flows for pflowproto 10 are now parsable by existing receivers.
-
- Continued improvement of the checksum offload framework to streamline
- the calculation of TCP, UDP, ICMP, and ICMPv6 checksums.
-
- Enabled IPv6 routing domain support.
-
-
-
-
- Routing daemons and other userland network improvements:
-
- - The popa3d POP3 server has been removed.
-
- Added ntpctl(8),
- a program to control the Network Time Protocol daemon.
-
- slowcgi(8)
- now works with a high number of concurrent connections.
-
- The inetd-based identd has been replaced by a new libevent-based
- identd(8).
-
- tcpdump(8)
- can now detect bad ICMP and ICMPv6 checksums when used with the -v flag.
-
- Added rdomain support to IPv6 configuration tools
- ndp(8),
- rtsold(8),
- ping6(8), and
- traceroute6(8).
-
- Added SNMPv2 client support to
- snmpctl(8)
- ("get", "walk", and "bulkwalk").
-
- relayd(8)
- now supports TLS Perfect Forward Secrecy (PFS) with ECDHE (Elliptic curve Diffie-Hellman) that is enabled by default.
-
-
-
-
- pf(4) improvements:
-
- - New queueing system with new syntax.
-
- The "received-on" parameter can now be used with the "any" keyword to
- match any existing interface except loopback ones.
-
- The block policy in the default pf.conf(5) is now "block return".
-
-
-
-
- dhcpd(8) and dhclient(8) improvements:
-
- - No longer create a route to the bound address via 127.0.0.1.
-
- The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5).
-
- 'next-server' (a.k.a. siaddr) info now saved in lease files.
-
- Fall back to broadcasting when unicast renewal fails, as specified in
-RFC 2131 and friends.
-
- Fix various problems in communications between privileged and non-privileged processes.
-
- Fix many abuses of memcpy.
-
- Stop pretending we still support FDDI or token ring hardware types.
-
- Fix classless static routes option handling and add syntax to parse human-readable forms.
-
- Fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields.
-
- Fix handling of non-printable characters in lease file strings.
-
- Fix many edge cases in config file and lease parsing and ensure that error messages refer to the correct position in erroneous line.
-
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'.
-
- Fix parsing of dhclient.conf(5) statements 'fixed-address' and
-'next-server'.
-
- Log failures to fchmod() or fchown() files being written.
-
- Create lease files with permissions 0640.
-
- Fix possible failure to write resolv.conf(5) when -L is used.
-
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent.
-
-
-
-
- iked(8) improvements:
-
- - Support for OCSP ("Online Certificate Status Protocol"); enable with "set ocsp URL".
-
- Support for RSA public key authentication as an alternative to X.509 certificates or pre-shared keys.
-
- Support for DPD ("Dead Peer Detection") similar to the implementation in
- isakmpd(8).
-
- Support for dynamic IP address assignment from a pool in configuration mode; enabled with "config address net/pool-prefix".
-
- Initial support for IPComp.
-
- Various improvements and a thorough audit of the network input path.
-
-
-
-
- OpenSMTPD 5.4.2 (includes changes to 5.4.1):
-
- - Introduce initial support for DSN extension:
-
- - NOTIFY=SUCCESS, NOTIFY=FAILURE, NOTIFY=DELAY, NOTIFY=NEVER
-
- RET=HDRS, RET=FULL
-
- - Introduce initial support for ENHANCEDSTATUSCODES extension:
-
- - smtp process returns Enhanced Status Codes for most commands.
-
- other processes now have an API to return more precise codes ...
-
- ... which will be improved further with each version.
-
- - Improved smtpctl(8):
-
- - sendmail mode now supports DSN parameters
-
- Can now pause/resume a source address -> destination domain route.
-
- Can now display status of processes with smtpctl show status.
-
- show relays: displays list of currently active relays.
-
- show routes: displays status of routes currently known by smtpd.
-
- show hosts: displays list of known remote MX.
-
- show hoststats: display status of last delivery for active domains.
-
- resume route: resumes route temporarily disable by the MTA.
-
- pause/resume envelope: allows pausing individual envelopes.
-
- pause/resume message: allows pausing individual messages.
-
- encrypt: allows generating credentials suitable for authentication.
-
- show message/envelope is now compression/encryption aware.
-
- - Introduced SNI support.
-
- Improved configuration file:
-
- - Removed last known ambiguity in grammar.
-
- Much simpler configuration for TLS-enabled hosts.
-
- Most parameters are now swappable in listen and accept rules.
-
- Conditions may be negated (ie: accept from ! <trusted> ...)
-
- Forward-only rules can be declared to impose ~/.forward files.
-
- New "recipient" keyword allows accept rule to provide a whitelist.
-
- Sender and recipient tables accept wildcard in their domains.
-
- - TLS generic improvements:
-
- - Support for TLS Perfect Forward Secrecy.
-
- Support for providing custom CA certificates.
-
- - MTA improvements:
-
- - mta may now require remote hosts to present valid certificates.
-
- Always attempt TLS before falling back to plaintext.
-
- Always present certificate if one is available.
-
- AUTH LOGIN now supported.
-
- MTA can now specify a EHLO-hostname when relaying.
-
- - SMTP server improvements:
-
- - IPv4-only and IPv6-only listeners are now possible.
-
- Listeners may now hide the From part in a Received-line.
-
- Listeners may require clients to provide a valid certificate.
-
- Banner hostname can now be dynamically fetched from a table.
-
- - Queue improvements:
-
- - Introduce an envelope cache in the queue to improve disk-IO pattern.
-
- - Documentation:
-
- - table(5) describes format for static, file and db backends.
-
- sendmail(8) describes our "sendmail" interface.
-
- - Reduced memory usage in both general and stressed cases.
-
- OpenSMTPD now automagically upgrades queue if the format changes!
-
- Support Qmail-like "sticky home".
-
- Support for authenticating users from a credentials table.
-
- Introduce passwd(5) table backend for user and credentials lookup.
-
- Expansion variables in ~/.forward now support modifiers.
-
- Much more efficient scheduler!
-
- Many documentation fixes and improvements.
-
- And a lot of minor bug fixes and internal cleanup!
-
-
-
-
- Security improvements:
-
- - Position-independent executables (PIE) are now used by default on i386.
-
- The arc4random(3)
- functions now use the ChaCha20 cipher.
-
- The kernel random number system is initially seeded by the bootloader,
- providing better random very early.
-
- Kernel stack protector is also seeded via the same mechanism, providing
- protection earlier.
-
- -Wbounded is now enabled in GCC by default.
-
- Added explicit_bzero(3).
-
-
-
-
- Performance improvements:
-
- - Relations between the buffer cache and swap daemon have been improved.
-
-
-
-
- Threading improvements:
-
- - Interprocess semaphores via sem_open(3).
-
- Running threaded processes under a debugger no longer causes panics.
-
- SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered.
-
- Thread stacks now have a random bias.
-
- fork(2) no longer changes the pthread_t of the forking thread in the child.
-
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3).
-
-
-
-
- Assorted improvements:
-
- - New in-memory file system, tmpfs.
-
- Many fuse(4) improvements and stability fixes.
-
- Added POSIX-required nl(1) utility.
-
- OpenBSD/vax has switched to GCC 3.
-
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3).
-
- amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency.
-
- Added support for CLOCK_UPTIME.
-
- Added tcgetsid(3).
-
- clock_t is now a 64 bit type, so it no longer wraps around in only 248 days.
-
- ino_t is now a 64 bit type, mostly to support large NFS filesystems.
-
- Corrected handling of UTIME_OMIT.
-
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested.
-
- Corrected handling of shared library destructors when libc is statically linked.
-
- Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits.
-
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits.
-
- All CIRCLEQ uses replaced with TAILQ.
-
- Preserve and honour changes to the OpenBSD bounds in a disklabel.
-
- fdisk(8) now always writes a good signature when the MBR is written to disk.
-
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices.
-
- Fix athn(4) tick calculations to eliminate excessive timeouts.
-
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED.
-
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files.
-
- sha256(1) and related tools
- (cksum(1),
- md5(1),
- sha1(1), and
- sha512(1))
- now support a new -h flag to place the checksum into a specified hash file instead of stdout.
-
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist.
-
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist.
-
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes.
-
- Allow softraid(4) to work with partitions larger than 2TB.
-
- Removed experimental RAID 4 support from softraid(4).
-
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5.
-
- The uhts(4) driver has been merged into
- ums(4).
-
- Many new checks were added to portcheck(1) utility; now it catches almost every popular mistake that observed in ports in last years.
-
-
-
-
- OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
-
- - Security:
-
- - sshd(8):
- when using environment passing with a
- sshd_config(5)
- AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
- be tricked into accepting any enviornment variable that contains the
- characters before the wildcard character.
-
- - New/changed features:
-
- - ssh(1),
- sshd(8):
- Add support for key exchange using elliptic-curve Diffie Hellman
- in Daniel Bernstein's Curve25519. This key exchange method is
- the default when both the client and server support it.
-
- ssh(1),
- sshd(8):
- Add support for ED25519 as a public key type. ED25519 is
- a elliptic curve signature scheme that offers better security than
- ECDSA and DSA and good performance. It may be used for
- both user and host keys.
-
- Add a new private key format that uses a bcrypt KDF to better
- protect keys at rest. This format is used unconditionally for
- ED25519 keys, but may be requested when generating or saving
- existing keys of other types via the -o
- ssh-keygen(1)
- option. We intend to make the new format the default in the near
- future. Details of the new format are in the PROTOCOL.key
- file.
-
- ssh(1),
- sshd(8):
- Add a new transport cipher "chacha20-poly1305@openssh.com" that
- combines Daniel Bernstein's ChaCha20 stream cipher and
- Poly1305 MAC to build an authenticated encryption mode. Details
- are in the PROTOCOL.chacha20poly1305 file.
-
- ssh(1),
- sshd(8):
- Refuse RSA keys from old proprietary clients and servers that
- use the obsolete RSA+MD5 signature scheme. It will still be
- possible to connect with these clients/servers but only DSA keys
- will be accepted, and OpenSSH will refuse connection entirely in a
- future release.
-
- ssh(1),
- sshd(8):
- Refuse old proprietary clients and servers that use a weaker key
- exchange hash calculation.
-
- ssh(1):
- Increase the size of the Diffie-Hellman groups requested for
- each symmetric key size. New values from NIST Special Publication
- 800-57 with the upper limit specified by RFC 4419.
-
- ssh(1),
- ssh-agent(1):
- Support PKCS#11 tokens that only provide X.509 certs
- instead of raw public keys. (requested as bz#1908)
-
- ssh(1):
- Add a
- ssh_config(5)
- Match keyword that allows conditional configuration to be
- applied by matching on hostname, user and result of
- arbitrary commands.
-
- ssh(1):
- Add support for client-side hostname canonicalisation using a
- set of DNS suffixes and rules in
- ssh_config(5).
- This allows unqualified names to be canonicalised to fully-qualified
- domain names to eliminate ambiguity when looking up keys in
- known_hosts or checking host certificate names.
-
- sftp-server(8):
- Add the ability to whitelist and/or blacklist sftp protocol requests by
- name.
-
- sftp-server(8):
- Add a sftp "fsync@openssh.com" to support calling
- fsync(2)
- on an open file handle.
-
- sshd(8):
- Add a
- ssh_config(5)
- PermitTTY to disallow TTY allocation, mirroring the
- longstanding no-pty authorized_keys option.
-
- ssh(1):
- Add a
- ssh_config(5)
- ProxyUseFDPass option that supports the use of
- ProxyCommands that establish a connection and then pass a
- connected file descriptor back to
- ssh(1).
- This allows the ProxyCommand to exit rather than staying
- around to transfer data.
-
- ssh(1),
- sshd(8):
- this release removes the J-PAKE authentication code. This code
- was experimental, never enabled and had been unmaintained for some
- time.
-
- ssh(1):
- when processing Match blocks, skip 'exec' clauses
- other clauses predicates failed to match.
-
- ssh(1):
- if hostname canonicalisation is enabled and results in the destination
- hostname being changed, then re-parse
- ssh_config(5)
- files using the new destination hostname. This gives 'Host'
- and 'Match' directives that use the expanded hostname a chance
- to be applied.
-
- - The following significant bugs have been fixed in this release:
-
- - ssh(1),
- sshd(8):
- Fix potential stack exhaustion caused by nested certificates.
-
- ssh(1):
- make BindAddress work with UsePrivilegedPort.
- (bz#1211)
-
- sftp(1):
- fix the progress meter for resumed transfer. (bz#2137)
-
- ssh-add(1):
- do not request smartcard PIN when removing keys from
- ssh-agent(1).
- (bz#2187)
-
- sshd(8):
- fix re-exec fallback when original
- sshd(8)
- binary cannot be executed. (bz#2139)
-
- ssh-keygen(1):
- Make relative-specified certificate expiry times relative to current
- time and not the validity start time.
-
- sshd(8):
- fix AuthorizedKeysCommand inside a Match block.
- (bz#2161)
-
- sftp(1):
- symlinking a file would incorrectly canonicalise the target path.
- (bz#2129)
-
- ssh-agent(1):
- fix a use-after-free in the PKCS#11 agent helper executable.
- (bz#2175)
-
- sshd(8):
- Improve logging of sessions to include the user name, remote
- host and port, the session type (shell, command,
- etc.) and allocated TTY (if any).
-
- sshd(8):
- tell the client (via a debug message) when their preferred listen
- address has been overridden by the server's GatewayPorts
- setting. (bz#1297)
-
- sshd(8):
- include report port in bad protocol banner message. (bz#2162)
-
- sftp(1):
- fix memory leak in error path in do_readdir(). (bz#2163)
-
- sftp(1):
- don't leak file descriptor on error. (bz#2171)
-
- sshd(8):
- include the local address and port in "Connection
- from ..." message. (only shown at loglevel>=verbose)
-
- ssh(1):
- avoid spurious "getsockname failed: Bad file descriptor" in
- ssh -W. (bz#2200, debian#738692)
-
- sshd(8):
- allow the
- shutdown(2)
- syscall in seccomp-bpf and systrace sandbox modes, as it is reachable
- if the connection is terminated during the pre-auth phase.
-
- ssh(1),
- sshd(8):
- fix unsigned overflow that in SSH protocol 1 bignum parsing.
- Minimum key length checks render this bug unexploitable to compromise
- SSH 1 sessions.
-
- sshd_config(5)
- clarify behaviour of a keyword that appears in multiple matching
- Match blocks. (bz#2184)
-
- ssh(1):
- avoid unnecessary hostname lookups when canonicalisation is disabled.
- (bz#2205)
-
- sshd(8):
- avoid sandbox violation crashes in GSSAPI code by caching the supported
- list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
-
- ssh(1):
- fix possible crashes in SOCKS4 parsing caused by assumption that the
- SOCKS username is nul-terminated.
-
- ssh(1):
- fix regression for UsePrivilegedPort=yes when
- BindAddress is not specified.
-
- ssh(1),
- sshd(8):
- fix memory leak in ECDSA signature verification.
-
- ssh(1):
- fix matching of 'Host' directives in
- ssh_config(5)
- files to be case-insensitive again. (regression in 6.5)
-
-
-
-
-
- Ports and packages:
-
- - Over 8,700 ports.
-
- Major overhaul of the package tools, resulting in much better memory usage.
-
- pkg_add(1) now only trusts signed packages by default.
-
- The build process now allows some limited capability for building
- conflicting packages, yielding KDE 4 packages as a result, along
- with KDE 3 ones.
-
-
-
- Many pre-built packages for each architecture:
-
-
-
-
- - i386: 8468
-
- sparc64: 7969
-
- alpha: 6199
-
- m68k: 3270
-
|
- - sh: 345
-
- amd64: 8534
-
- powerpc: 8057
-
- m88k: 1258
-
|
- - sparc: 4681
-
- arm: 6181
-
- hppa: 6549
-
|
- - vax: 1007
-
- mips64: 4726
-
- mips64el: 6730
-
|
-
-
-
- Some highlights:
-
- - GNOME 3.10.2
- KDE 3.5.10
-
- KDE 4.11.5
-
- Xfce 4.10
- MySQL 5.1.73
-
- PostgreSQL 9.3.2
- Postfix 2.11.0
-
- OpenLDAP 2.3.43 and 2.4.38
- Mozilla Firefox 24.3 and 26.0
-
- Mozilla Thunderbird 24.3.0
- GHC 7.6.3
-
- LibreOffice 4.1.4.2
- Emacs 21.4 and 24.3
-
- Vim 7.4.135
- PHP 5.3.28 and 5.4.24
-
- Python 2.7.6 and 3.3.2
- Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0
-
- Tcl/Tk 8.5.15 and 8.6.1
- JDK 1.6.0.32 and 1.7.0.21
-
- Mono 2.10.9
- Chromium 32.0.1700.102
-
- Groff 1.22.2
- Go 1.2
-
- GCC 4.6.4 and 4.8.2
- LLVM/Clang 3.3
-
- Node.js 0.10.24
-
-
-
-
- As usual, steady improvements in manual pages and other documentation.
-
-
-
- The system includes the following major components from outside suppliers:
-
- - Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches,
- freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301,
- xkeyboard-config 2.10.1 and more)
-
- Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
-
- Perl 5.16.3 (+ patches)
-
- Our improved and secured version of Apache 1.3, with
- SSL/TLS and DSO support
-
- Nginx 1.4.4 (+ patches)
-
- OpenSSL 1.0.1c (+ patches)
-
- SQLite 3.8.0.2 (+ patches)
-
- Sendmail 8.14.8, with libmilter
-
- Bind 9.4.2-P2 (+ patches)
-
- NSD 4.0.1
-
- Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
-
- Sudo 1.7.2p8
-
- Ncurses 5.7
-
- Heimdal 1.5.2 (+ patches)
-
- Binutils 2.15 (+ patches)
-
- Gdb 6.3 (+ patches)
-
- Less 444 (+ patches)
-
- Awk Aug 10, 2011 version
-
-
-
-
-
-
-
-
How to install
-
-Following this are the instructions which you would have on a piece of
-paper if you had purchased a CDROM set instead of doing an alternate
-form of install. The instructions for doing an FTP (or other style
-of) install are very similar; the CDROM instructions are left intact
-so that you can see how much easier it would have been if you had
-purchased a CDROM instead.
-
-
-
-Please refer to the following files on the three CDROMs or FTP mirror for
-extensive details on how to install OpenBSD 5.5 on your machine:
-
-
-
-
-
-Quick installer information for people familiar with OpenBSD, and the
-use of the "disklabel -E" command. If you are at all confused when
-installing OpenBSD, read the relevant INSTALL.* file as listed above!
-
-
-
OpenBSD/i386:
-
-Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
-release is on CD1. If your BIOS does not support booting from CD, you will need
-to create a boot floppy to install from. To create a boot floppy write
-CD1:5.5/i386/floppy55.fs to a floppy and boot via the floppy drive.
-
-
-Use CD1:5.5/i386/floppyB55.fs instead for greater SCSI controller
-support, or CD1:5.5/i386/floppyC55.fs for better laptop support.
-
-
-If you can't boot from a CD or a floppy disk,
-you can install across the network using PXE as described in
-the included INSTALL.i386 document.
-
-
-If you are planning on dual booting OpenBSD with another OS, you will need to
-read INSTALL.i386.
-
-
-To make a boot floppy under MS-DOS, use the "rawrite" utility located
-at CD1:5.5/tools/rawrite.exe. To make the boot floppy under a Unix OS,
-use the
-dd(1)
-utility. The following is an example usage of
-dd(1),
-where the device could be "floppy", "rfd0c", or
-"rfd0a".
-
-
-# dd if=<file> of=/dev/<device> bs=32k
-
-
-
-Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
-your install will most likely fail. For more information on creating a boot
-floppy and installing OpenBSD/i386 please refer to
-FAQ 4.3.2.
-
-
-
-
OpenBSD/amd64:
-
-The 5.5 release of OpenBSD/amd64 is located on CD2.
-Boot from the CD to begin the install - you may need to adjust
-your BIOS options first.
-If you can't boot from the CD, you can create a boot floppy to install from.
-To do this, write CD2:5.5/amd64/floppy55.fs to a floppy, then
-boot from the floppy drive.
-
-
-If you can't boot from a CD or a floppy disk,
-you can install across the network using PXE as described in the included
-INSTALL.amd64 document.
-
-
-If you are planning to dual boot OpenBSD with another OS, you will need to
-read INSTALL.amd64.
-
-
-
-
OpenBSD/macppc:
-
-Burn the image from the FTP site to a CDROM, and power on your machine
-while holding down the C key until the display turns on and
-shows OpenBSD/macppc boot.
-
-
-Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
-/5.5/macppc/bsd.rd
-
-
-
-
OpenBSD/sparc64:
-
-Put CD3 in your CDROM drive and type boot cdrom.
-
-
-If this doesn't work, or if you don't have a CDROM drive, you can write
-CD3:5.5/sparc64/floppy55.fs or CD3:5.5/sparc64/floppyB55.fs
-(depending on your machine) to a floppy and boot it with boot
-floppy. Refer to INSTALL.sparc64 for details.
-
-
-Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
-will most likely fail.
-
-
-You can also write CD3:5.5/sparc64/miniroot55.fs to the swap partition on
-the disk and boot with boot disk:b.
-
-
-If nothing works, you can boot over the network as described in INSTALL.sparc64.
-
-
-
-
OpenBSD/alpha:
-
-Write FTP:5.5/alpha/floppy55.fs or
-FTP:5.5/alpha/floppyB55.fs (depending on your machine) to a diskette and
-enter boot dva0. Refer to INSTALL.alpha for more details.
-
-
-Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
-will most likely fail.
-
-
-
-
-
OpenBSD/armish:
-
-
-After connecting a serial port, Thecus can boot directly from the network
-either tftp or http. Configure the network using fconfig, reset,
-then load bsd.rd, see INSTALL.armish for specific details.
-IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
-and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
-then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
-More details are available in INSTALL.armish.
-
-
-
-
OpenBSD/hp300:
-
-
-
-
OpenBSD/hppa:
-
-
-
-
OpenBSD/landisk:
-
-
-Write miniroot55.fs to the start of the CF
-or disk, and boot normally.
-
-
-
-
OpenBSD/loongson:
-
-
-Write miniroot55.fs to a USB stick and boot bsd.rd from it
-or boot bsd.rd via tftp.
-Refer to the instructions in INSTALL.loongson for more details.
-
-
-
-
-
OpenBSD/luna88k:
-
-
-Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
-from the PROM, and the bsd.rd from the bootloader.
-Refer to the instructions in INSTALL.luna88k for more details.
-
-
-
-
OpenBSD/mvme68k:
-
-
-You can create a bootable installation tape or boot over the network.
-The network boot requires a MVME68K BUG version that supports the NIOT
-and NBO debugger commands. Follow the instructions in INSTALL.mvme68k
-for more details.
-
-
-
-
OpenBSD/mvme88k:
-
-
-You can create a bootable installation tape or boot over the network.
-The network boot requires a MVME88K BUG version that supports the NIOT
-and NBO debugger commands. Follow the instructions in INSTALL.mvme88k
-for more details.
-
-
-
-
OpenBSD/octeon:
-
-
-After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
-Refer to the instructions in INSTALL.octeon for more details.
-
-
-
-
OpenBSD/sgi:
-
-
-To install, burn cd55.iso on a CD-R, put it in the CD drive of your
-machine and select Install System Software from the System Maintenance
-menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
-CD-ROM, and need a proper invocation from the PROM prompt.
-Refer to the instructions in INSTALL.sgi for more details.
-
-
-If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
-server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
-system type. Refer to the instructions in INSTALL.sgi for more details.
-
-
-
-
OpenBSD/socppc:
-
-
-After connecting a serial port, boot over the network via DHCP/tftp.
-Refer to the instructions in INSTALL.socppc for more details.
-
-
-
-
OpenBSD/sparc:
-
-Boot from one of the provided install ISO images, using one of the two
-commands listed below, depending on the version of your ROM.
-
-
-ok boot cdrom 5.5/sparc/bsd.rd
-or
-> b sd(0,6,0)5.5/sparc/bsd.rd
-
-
-
-If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
-To do so you need to write floppy55.fs to a floppy.
-For more information see FAQ 4.3.2.
-To boot from the floppy use one of the two commands listed below,
-depending on the version of your ROM.
-
-
-ok boot floppy
-or
-> b fd()
-
-
-
-Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
-will most likely fail.
-
-
-If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
-setup a bootable tape, or install via network, as told in the
-INSTALL.sparc file.
-
-
-
-
OpenBSD/vax:
-
-Boot over the network via mopbooting as described in INSTALL.vax.
-
-
-
-
OpenBSD/zaurus:
-
-
-Using the Linux built-in graphical ipkg installer, install the
-openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
-for a few important details.
-
-
-
-
Notes about the source code:
-
-src.tar.gz contains a source archive starting at /usr/src. This file
-contains everything you need except for the kernel sources, which are
-in a separate archive. To extract:
-
-
-# mkdir -p /usr/src
-# cd /usr/src
-# tar xvfz /tmp/src.tar.gz
-
-
-sys.tar.gz contains a source archive starting at /usr/src/sys.
-This file contains all the kernel sources you need to rebuild kernels.
-To extract:
-
-
-# mkdir -p /usr/src/sys
-# cd /usr/src
-# tar xvfz /tmp/sys.tar.gz
-
-
-Both of these trees are a regular CVS checkout. Using these trees it
-is possible to get a head-start on using the anoncvs servers as
-described here.
-Using these files
-results in a much faster initial CVS update than you could expect from
-a fresh checkout of the full OpenBSD source tree.
-
-
-
-
-
-
-
How to upgrade
-
-If you already have an OpenBSD 5.4 system, and do not want to reinstall,
-upgrade instructions and advice can be found in the
-Upgrade Guide.
-
-
-
-
-
Ports Tree
-
-A ports tree archive is also provided. To extract:
-
-
-# cd /usr
-# tar xvfz /tmp/ports.tar.gz
-
-
-The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go
-read the ports page
-if you know nothing about ports
-at this point. This text is not a manual of how to use ports.
-Rather, it is a set of notes meant to kickstart the user on the
-OpenBSD ports system.
-
-The ports/ directory represents a CVS (see the manpage for
-
-cvs(1) if
-you aren't familiar with CVS) checkout of our ports. As with our complete
-source tree, our ports tree is available via
-AnonCVS.
-So, in order to keep current with it, you must make the ports/ tree
-available on a read-write medium and update the tree with a command
-like:
-
-
-# cd /usr/ports
-# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5
-
-
-[Of course, you must replace the server name here with a nearby anoncvs
-server.]
-
-Note that most ports are available as packages through FTP. Updated
-packages for the 5.5 release will be made available if problems arise.
-
-If you're interested in seeing a port added, would like to help out, or just
-would like to know more, the mailing list
-ports@openbsd.org is a good place to know.
-
-
-
+RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h