OpenBSD 5.5

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/55.html,v retrieving revision 1.66 retrieving revision 1.67 diff -u -r1.66 -r1.67 --- www/55.html 2014/05/01 14:52:34 1.66 +++ www/55.html 2014/05/02 18:58:56 1.67 @@ -1,1141 +1 @@ - - - -OpenBSD 5.5 - - - - - - - - - - - -

- - - -

OpenBSD 5.5

-Released May 1, 2014
-Copyright 1997-2014, Theo de Raadt.
-ISBN 978-0-9881561-3-5 -
-5.5 Song: "Wrap in Time" -

- -

Order a CDROM from our ordering system. -
See the information on the FTP page for - a list of mirror machines. -
Go to the pub/OpenBSD/5.5/ directory on - one of the mirror sites. -
Briefly read the rest of this document. -
Have a look at the 5.5 errata page for a list - of bugs and workarounds. -
See a detailed log of changes between the - 5.4 and 5.5 releases. -
-
5.5 base signify pubkey: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h -
5.5 fw signify pubkey: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO -
5.5 pkg signify pubkey: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 -

-
-All applicable copyrights and credits can be found in the applicable -file sources found in the files src.tar.gz, sys.tar.gz, -xenocara.tar.gz, or in the files fetched via ports.tar.gz. The -distribution files used to build packages from the ports.tar.gz file -are not included on the CDROM because of lack of space. -

- - -

What's New

-This is a partial list of new features and systems included in OpenBSD 5.5. -For a comprehensive list, see the changelog leading -to 5.5. -

- -

time_t is now 64 bits on all platforms. -
- From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC. -
- The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t. -
- Userland programs that were changed include - arp(8), - bgpd(8), - calendar(8), - cron(8), - find(1), - fsck_ffs(8), - ifconfig(8), - ksh(1), - ld(1), - ld.so(1), - netstat(1), - pfctl(8), - ping(8), - rtadvd(8), - ssh(1), - tar(1), - tmux(1), - top(1), - and many others, including games! -
- Removed time_t from network, on-disk, and database formats. -
- Removed as many (time_t) casts as possible. -
- Format strings were converted to use %lld and (long long) casts. -
- Uses of timeval were converted to timespec where possible. -
- Parts of the system that could not use 64-bit time_t were converted to use unsigned 32-bit instead, so they are good till the year 2106. -
- Numerous ports throughout the ports tree received time_t fixes. -
-
- -
Releases and packages are now cryptographically signed with the -signify(1) utility. -
- The installer will verify all sets before installing. -
- Installing without verification works, but is discouraged. -
- Users are advised to verify the installer (bsd.rd, install55.iso, etc.) - ahead of time using the - signify(1) tool if available. -
- pkg_add(1) now only trusts signed packages by default. -
-
- -
Installer improvements: -
- The installer now supports a scriptable - auto-installation - method that enables unattended installation and upgrades using a response file. -
- Disk images which can be written to a USB flash drive - (miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets]) - are now provided for amd64 and i386. -
- Rewritten - installboot(8) - utility aiming for a unified implementation across platforms (currently - used by amd64 and i386 only). -
- The installer now parses nwids with embedded blanks correctly. -
-
- -
New/extended platforms: -
- OpenBSD/alpha: -
  - Multiprocessor support. -
  -
- OpenBSD/aviion: -
  - First self-hosting release for 88100-based AViiON systems. -
  -
- OpenBSD/armv7 replaces OpenBSD/beagle. -
-
- -
Improved hardware support, including: -
- New vmx(4) - driver for VMware VMXNET3 Virtual Interface Controller devices. -
- New vmwpvs(4) - driver for VMware Paravirtual SCSI. -
- New vioscsi(4) - driver for VirtIO SCSI adapters. -
- New viornd(4) - driver for VirtIO random number devices. -
- New ubcmtp(4) - driver for Broadcom multi-touch trackpads found on newer Apple MacBook, - MacBook Pro, and MacBook Air laptops. -
- New ugold(4) - driver for TEMPer gold HID thermometers. -
- New ugl(4) - driver for Genesys Logic based USB host-to-host adapters. -
- New qla(4) driver for Qlogic fibre channel HBAs. -
- radeondrm(4) - has been overhauled, including: -
  - New port of the Radeon code in Linux 3.8.13.19. -
  - Support for Kernel Mode Setting (KMS) including support for - additional output types such as DisplayPort. -
  - wsdisplay(4) - now attaches to - radeondrm(4) - and provides a framebuffer console. -
  -
- inteldrm(4) - has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes. -
- Support for Intel 8 Series Ethernet with i217/i218 PHYs, and - i210/i211/i354 has been added to - em(4). -
- Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to - iwn(4). -
- Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, and ARC-1284 has been added to - arc(4). -
- Support for Elantech v2 touchpads in pms(4) has been fixed. -
- Support for 802.11a (5Ghz) has been added to wpi(4). -
- Workarounds for firmware stability issues have been added to - wpi(4), - iwi(4), and - iwn(4). -
- Support for RT3572 chips has been added to the - ral(4) driver. -
- Support for RTL8106E chips has been added to the - re(4) driver. -
- Support for RTS5229 card readers has been added to rtsx(4). -
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver. -
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver. -
- Further reliability improvements regarding suspend/resume and hibernation. -
- Enabled IPv6 transmit TCP/UDP checksum offload in - jme(4). -
-
- -
Generic network stack improvements: -
- Added vxlan(4), - a virtual extensible local area network tunnel interface. -
- pflow(4) - now sends 64 bit time values for pflowproto 10. The changed templates / - flows for pflowproto 10 are now parsable by existing receivers. -
- Continued improvement of the checksum offload framework to streamline - the calculation of TCP, UDP, ICMP, and ICMPv6 checksums. -
- Enabled IPv6 routing domain support. -
-
- -
Routing daemons and other userland network improvements: -
- The popa3d POP3 server has been removed. -
- Added ntpctl(8), - a program to control the Network Time Protocol daemon. -
- slowcgi(8) - now works with a high number of concurrent connections. -
- The inetd-based identd has been replaced by a new libevent-based - identd(8). -
- tcpdump(8) - can now detect bad ICMP and ICMPv6 checksums when used with the -v flag. -
- Added rdomain support to IPv6 configuration tools - ndp(8), - rtsold(8), - ping6(8), and - traceroute6(8). -
- Added SNMPv2 client support to - snmpctl(8) - ("get", "walk", and "bulkwalk"). -
- relayd(8) - now supports TLS Perfect Forward Secrecy (PFS) with ECDHE (Elliptic curve Diffie-Hellman) that is enabled by default. -
-
- -
pf(4) improvements: -
- New queueing system with new syntax. -
- The "received-on" parameter can now be used with the "any" keyword to - match any existing interface except loopback ones. -
- The block policy in the default pf.conf(5) is now "block return". -
-
- -
dhcpd(8) and dhclient(8) improvements: -
- No longer create a route to the bound address via 127.0.0.1. -
- The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5). -
- 'next-server' (a.k.a. siaddr) info now saved in lease files. -
- Fall back to broadcasting when unicast renewal fails, as specified in -RFC 2131 and friends. -
- Fix various problems in communications between privileged and non-privileged processes. -
- Fix many abuses of memcpy. -
- Stop pretending we still support FDDI or token ring hardware types. -
- Fix classless static routes option handling and add syntax to parse human-readable forms. -
- Fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields. -
- Fix handling of non-printable characters in lease file strings. -
- Fix many edge cases in config file and lease parsing and ensure that error messages refer to the correct position in erroneous line. -
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'. -
- Fix parsing of dhclient.conf(5) statements 'fixed-address' and -'next-server'. -
- Log failures to fchmod() or fchown() files being written. -
- Create lease files with permissions 0640. -
- Fix possible failure to write resolv.conf(5) when -L is used. -
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent. -
-
- -
iked(8) improvements: -
- Support for OCSP ("Online Certificate Status Protocol"); enable with "set ocsp URL". -
- Support for RSA public key authentication as an alternative to X.509 certificates or pre-shared keys. -
- Support for DPD ("Dead Peer Detection") similar to the implementation in - isakmpd(8). -
- Support for dynamic IP address assignment from a pool in configuration mode; enabled with "config address net/pool-prefix". -
- Initial support for IPComp. -
- Various improvements and a thorough audit of the network input path. -
-
- -
OpenSMTPD 5.4.2 (includes changes to 5.4.1): -
- Introduce initial support for DSN extension: -
  - NOTIFY=SUCCESS, NOTIFY=FAILURE, NOTIFY=DELAY, NOTIFY=NEVER -
  - RET=HDRS, RET=FULL -
  -
- Introduce initial support for ENHANCEDSTATUSCODES extension: -
  - smtp process returns Enhanced Status Codes for most commands. -
  - other processes now have an API to return more precise codes ... -
  - ... which will be improved further with each version. -
  -
- Improved smtpctl(8): -
  - sendmail mode now supports DSN parameters -
  - Can now pause/resume a source address -> destination domain route. -
  - Can now display status of processes with smtpctl show status. -
  - show relays: displays list of currently active relays. -
  - show routes: displays status of routes currently known by smtpd. -
  - show hosts: displays list of known remote MX. -
  - show hoststats: display status of last delivery for active domains. -
  - resume route: resumes route temporarily disable by the MTA. -
  - pause/resume envelope: allows pausing individual envelopes. -
  - pause/resume message: allows pausing individual messages. -
  - encrypt: allows generating credentials suitable for authentication. -
  - show message/envelope is now compression/encryption aware. -
  -
- Introduced SNI support. -
- Improved configuration file: -
  - Removed last known ambiguity in grammar. -
  - Much simpler configuration for TLS-enabled hosts. -
  - Most parameters are now swappable in listen and accept rules. -
  - Conditions may be negated (ie: accept from ! <trusted> ...) -
  - Forward-only rules can be declared to impose ~/.forward files. -
  - New "recipient" keyword allows accept rule to provide a whitelist. -
  - Sender and recipient tables accept wildcard in their domains. -
  -
- TLS generic improvements: -
  - Support for TLS Perfect Forward Secrecy. -
  - Support for providing custom CA certificates. -
  -
- MTA improvements: -
  - mta may now require remote hosts to present valid certificates. -
  - Always attempt TLS before falling back to plaintext. -
  - Always present certificate if one is available. -
  - AUTH LOGIN now supported. -
  - MTA can now specify a EHLO-hostname when relaying. -
  -
- SMTP server improvements: -
  - IPv4-only and IPv6-only listeners are now possible. -
  - Listeners may now hide the From part in a Received-line. -
  - Listeners may require clients to provide a valid certificate. -
  - Banner hostname can now be dynamically fetched from a table. -
  -
- Queue improvements: -
  - Introduce an envelope cache in the queue to improve disk-IO pattern. -
  -
- Documentation: -
  - table(5) describes format for static, file and db backends. -
  - sendmail(8) describes our "sendmail" interface. -
  -
- Reduced memory usage in both general and stressed cases. -
- OpenSMTPD now automagically upgrades queue if the format changes! -
- Support Qmail-like "sticky home". -
- Support for authenticating users from a credentials table. -
- Introduce passwd(5) table backend for user and credentials lookup. -
- Expansion variables in ~/.forward now support modifiers. -
- Much more efficient scheduler! -
- Many documentation fixes and improvements. -
- And a lot of minor bug fixes and internal cleanup! -
-
- -
Security improvements: -
- Position-independent executables (PIE) are now used by default on i386. -
- The arc4random(3) - functions now use the ChaCha20 cipher. -
- The kernel random number system is initially seeded by the bootloader, - providing better random very early. -
- Kernel stack protector is also seeded via the same mechanism, providing - protection earlier. -
- -Wbounded is now enabled in GCC by default. -
- Added explicit_bzero(3). -
-
- -
Performance improvements: -
- Relations between the buffer cache and swap daemon have been improved. -
-
- -
Threading improvements: -
- Interprocess semaphores via sem_open(3). -
- Running threaded processes under a debugger no longer causes panics. -
- SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered. -
- Thread stacks now have a random bias. -
- fork(2) no longer changes the pthread_t of the forking thread in the child. -
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3). -
-
- -
Assorted improvements: -
- New in-memory file system, tmpfs. -
- Many fuse(4) improvements and stability fixes. -
- Added POSIX-required nl(1) utility. -
- OpenBSD/vax has switched to GCC 3. -
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3). -
- amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency. -
- Added support for CLOCK_UPTIME. -
- Added tcgetsid(3). -
- clock_t is now a 64 bit type, so it no longer wraps around in only 248 days. -
- ino_t is now a 64 bit type, mostly to support large NFS filesystems. -
- Corrected handling of UTIME_OMIT. -
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested. -
- Corrected handling of shared library destructors when libc is statically linked. -
- Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits. -
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits. -
- All CIRCLEQ uses replaced with TAILQ. -
- Preserve and honour changes to the OpenBSD bounds in a disklabel. -
- fdisk(8) now always writes a good signature when the MBR is written to disk. -
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices. -
- Fix athn(4) tick calculations to eliminate excessive timeouts. -
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED. -
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files. -
- sha256(1) and related tools - (cksum(1), - md5(1), - sha1(1), and - sha512(1)) - now support a new -h flag to place the checksum into a specified hash file instead of stdout. -
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist. -
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist. -
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes. -
- Allow softraid(4) to work with partitions larger than 2TB. -
- Removed experimental RAID 4 support from softraid(4). -
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5. -
- The uhts(4) driver has been merged into - ums(4). -
- Many new checks were added to portcheck(1) utility; now it catches almost every popular mistake that observed in ports in last years. -
-
- -
OpenSSH 6.6 (including changes to 6.5, a feature-focused release): -
- Security: -
  - sshd(8): - when using environment passing with a - sshd_config(5) - AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could - be tricked into accepting any enviornment variable that contains the - characters before the wildcard character. -
  -
- New/changed features: -
  - ssh(1), - sshd(8): - Add support for key exchange using elliptic-curve Diffie Hellman - in Daniel Bernstein's Curve25519. This key exchange method is - the default when both the client and server support it. -
  - ssh(1), - sshd(8): - Add support for ED25519 as a public key type. ED25519 is - a elliptic curve signature scheme that offers better security than - ECDSA and DSA and good performance. It may be used for - both user and host keys. -
  - Add a new private key format that uses a bcrypt KDF to better - protect keys at rest. This format is used unconditionally for - ED25519 keys, but may be requested when generating or saving - existing keys of other types via the -o - ssh-keygen(1) - option. We intend to make the new format the default in the near - future. Details of the new format are in the PROTOCOL.key - file. -
  - ssh(1), - sshd(8): - Add a new transport cipher "chacha20-poly1305@openssh.com" that - combines Daniel Bernstein's ChaCha20 stream cipher and - Poly1305 MAC to build an authenticated encryption mode. Details - are in the PROTOCOL.chacha20poly1305 file. -
  - ssh(1), - sshd(8): - Refuse RSA keys from old proprietary clients and servers that - use the obsolete RSA+MD5 signature scheme. It will still be - possible to connect with these clients/servers but only DSA keys - will be accepted, and OpenSSH will refuse connection entirely in a - future release. -
  - ssh(1), - sshd(8): - Refuse old proprietary clients and servers that use a weaker key - exchange hash calculation. -
  - ssh(1): - Increase the size of the Diffie-Hellman groups requested for - each symmetric key size. New values from NIST Special Publication - 800-57 with the upper limit specified by RFC 4419. -
  - ssh(1), - ssh-agent(1): - Support PKCS#11 tokens that only provide X.509 certs - instead of raw public keys. (requested as bz#1908) -
  - ssh(1): - Add a - ssh_config(5) - Match keyword that allows conditional configuration to be - applied by matching on hostname, user and result of - arbitrary commands. -
  - ssh(1): - Add support for client-side hostname canonicalisation using a - set of DNS suffixes and rules in - ssh_config(5). - This allows unqualified names to be canonicalised to fully-qualified - domain names to eliminate ambiguity when looking up keys in - known_hosts or checking host certificate names. -
  - sftp-server(8): - Add the ability to whitelist and/or blacklist sftp protocol requests by - name. -
  - sftp-server(8): - Add a sftp "fsync@openssh.com" to support calling - fsync(2) - on an open file handle. -
  - sshd(8): - Add a - ssh_config(5) - PermitTTY to disallow TTY allocation, mirroring the - longstanding no-pty authorized_keys option. -
  - ssh(1): - Add a - ssh_config(5) - ProxyUseFDPass option that supports the use of - ProxyCommands that establish a connection and then pass a - connected file descriptor back to - ssh(1). - This allows the ProxyCommand to exit rather than staying - around to transfer data. -
  - ssh(1), - sshd(8): - this release removes the J-PAKE authentication code. This code - was experimental, never enabled and had been unmaintained for some - time. -
  - ssh(1): - when processing Match blocks, skip 'exec' clauses - other clauses predicates failed to match. -
  - ssh(1): - if hostname canonicalisation is enabled and results in the destination - hostname being changed, then re-parse - ssh_config(5) - files using the new destination hostname. This gives 'Host' - and 'Match' directives that use the expanded hostname a chance - to be applied. -
  -
- The following significant bugs have been fixed in this release: -
  - ssh(1), - sshd(8): - Fix potential stack exhaustion caused by nested certificates. -
  - ssh(1): - make BindAddress work with UsePrivilegedPort. - (bz#1211) -
  - sftp(1): - fix the progress meter for resumed transfer. (bz#2137) -
  - ssh-add(1): - do not request smartcard PIN when removing keys from - ssh-agent(1). - (bz#2187) -
  - sshd(8): - fix re-exec fallback when original - sshd(8) - binary cannot be executed. (bz#2139) -
  - ssh-keygen(1): - Make relative-specified certificate expiry times relative to current - time and not the validity start time. -
  - sshd(8): - fix AuthorizedKeysCommand inside a Match block. - (bz#2161) -
  - sftp(1): - symlinking a file would incorrectly canonicalise the target path. - (bz#2129) -
  - ssh-agent(1): - fix a use-after-free in the PKCS#11 agent helper executable. - (bz#2175) -
  - sshd(8): - Improve logging of sessions to include the user name, remote - host and port, the session type (shell, command, - etc.) and allocated TTY (if any). -
  - sshd(8): - tell the client (via a debug message) when their preferred listen - address has been overridden by the server's GatewayPorts - setting. (bz#1297) -
  - sshd(8): - include report port in bad protocol banner message. (bz#2162) -
  - sftp(1): - fix memory leak in error path in do_readdir(). (bz#2163) -
  - sftp(1): - don't leak file descriptor on error. (bz#2171) -
  - sshd(8): - include the local address and port in "Connection - from ..." message. (only shown at loglevel>=verbose) -
  - ssh(1): - avoid spurious "getsockname failed: Bad file descriptor" in - ssh -W. (bz#2200, debian#738692) -
  - sshd(8): - allow the - shutdown(2) - syscall in seccomp-bpf and systrace sandbox modes, as it is reachable - if the connection is terminated during the pre-auth phase. -
  - ssh(1), - sshd(8): - fix unsigned overflow that in SSH protocol 1 bignum parsing. - Minimum key length checks render this bug unexploitable to compromise - SSH 1 sessions. -
  - sshd_config(5) - clarify behaviour of a keyword that appears in multiple matching - Match blocks. (bz#2184) -
  - ssh(1): - avoid unnecessary hostname lookups when canonicalisation is disabled. - (bz#2205) -
  - sshd(8): - avoid sandbox violation crashes in GSSAPI code by caching the supported - list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107) -
  - ssh(1): - fix possible crashes in SOCKS4 parsing caused by assumption that the - SOCKS username is nul-terminated. -
  - ssh(1): - fix regression for UsePrivilegedPort=yes when - BindAddress is not specified. -
  - ssh(1), - sshd(8): - fix memory leak in ECDSA signature verification. -
  - ssh(1): - fix matching of 'Host' directives in - ssh_config(5) - files to be case-insensitive again. (regression in 6.5) -
  -
-
- -
Ports and packages: -
- Over 8,700 ports. -
- Major overhaul of the package tools, resulting in much better memory usage. -
- pkg_add(1) now only trusts signed packages by default. -
- The build process now allows some limited capability for building - conflicting packages, yielding KDE 4 packages as a result, along - with KDE 3 ones. -
-
-

Many pre-built packages for each architecture: - - -

i386: 8468 -
sparc64: 7969 -
alpha: 6199 -
m68k: 3270 -

sh: 345 -
amd64: 8534 -
powerpc: 8057 -
m88k: 1258 -

sparc: 4681 -
arm: 6181 -
hppa: 6549 -

vax: 1007 -
mips64: 4726 -
mips64el: 6730 -

- -

Some highlights: -
- GNOME 3.10.2
- KDE 3.5.10 -
- KDE 4.11.5 -
- Xfce 4.10
- MySQL 5.1.73 -
- PostgreSQL 9.3.2
- Postfix 2.11.0 -
- OpenLDAP 2.3.43 and 2.4.38
- Mozilla Firefox 24.3 and 26.0 -
- Mozilla Thunderbird 24.3.0
- GHC 7.6.3 -
- LibreOffice 4.1.4.2
- Emacs 21.4 and 24.3 -
- Vim 7.4.135
- PHP 5.3.28 and 5.4.24 -
- Python 2.7.6 and 3.3.2
- Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0 -
- Tcl/Tk 8.5.15 and 8.6.1
- JDK 1.6.0.32 and 1.7.0.21 -
- Mono 2.10.9
- Chromium 32.0.1700.102 -
- Groff 1.22.2
- Go 1.2 -
- GCC 4.6.4 and 4.8.2
- LLVM/Clang 3.3 -
- Node.js 0.10.24 -
-
- -
As usual, steady improvements in manual pages and other documentation. -
- -
The system includes the following major components from outside suppliers: -
- Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches, - freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301, - xkeyboard-config 2.10.1 and more) -
- Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches) -
- Perl 5.16.3 (+ patches) -
- Our improved and secured version of Apache 1.3, with - SSL/TLS and DSO support -
- Nginx 1.4.4 (+ patches) -
- OpenSSL 1.0.1c (+ patches) -
- SQLite 3.8.0.2 (+ patches) -
- Sendmail 8.14.8, with libmilter -
- Bind 9.4.2-P2 (+ patches) -
- NSD 4.0.1 -
- Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches) -
- Sudo 1.7.2p8 -
- Ncurses 5.7 -
- Heimdal 1.5.2 (+ patches) -
- Binutils 2.15 (+ patches) -
- Gdb 6.3 (+ patches) -
- Less 444 (+ patches) -
- Awk Aug 10, 2011 version -
- -

- - -

How to install

-Following this are the instructions which you would have on a piece of -paper if you had purchased a CDROM set instead of doing an alternate -form of install. The instructions for doing an FTP (or other style -of) install are very similar; the CDROM instructions are left intact -so that you can see how much easier it would have been if you had -purchased a CDROM instead. -

- -

-Please refer to the following files on the three CDROMs or FTP mirror for -extensive details on how to install OpenBSD 5.5 on your machine: -

- -

-Quick installer information for people familiar with OpenBSD, and the -use of the "disklabel -E" command. If you are at all confused when -installing OpenBSD, read the relevant INSTALL.* file as listed above! -

- -

OpenBSD/i386:

CD1:5.5/i386/floppy55.fs

-Use CD1:5.5/i386/floppyB55.fs instead for greater SCSI controller -support, or CD1:5.5/i386/floppyC55.fs for better laptop support. - -

-If you can't boot from a CD or a floppy disk, -you can install across the network using PXE as described in -the included INSTALL.i386 document. - -

-If you are planning on dual booting OpenBSD with another OS, you will need to -read INSTALL.i386. - -

-To make a boot floppy under MS-DOS, use the "rawrite" utility located -at CD1:5.5/tools/rawrite.exe. To make the boot floppy under a Unix OS, -use the -dd(1) -utility. The following is an example usage of -dd(1), -where the device could be "floppy", "rfd0c", or -"rfd0a". - -

-# dd if=<file> of=/dev/<device> bs=32k
-

-Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or -your install will most likely fail. For more information on creating a boot -floppy and installing OpenBSD/i386 please refer to -FAQ 4.3.2. -

- -

OpenBSD/amd64:

CD2:5.5/amd64/floppy55.fs

-If you can't boot from a CD or a floppy disk, -you can install across the network using PXE as described in the included -INSTALL.amd64 document. - -

-If you are planning to dual boot OpenBSD with another OS, you will need to -read INSTALL.amd64. -

- -

OpenBSD/macppc:

OpenBSD/macppc boot

-Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot -/5.5/macppc/bsd.rd -

- -

OpenBSD/sparc64:

boot cdrom

-If this doesn't work, or if you don't have a CDROM drive, you can write -CD3:5.5/sparc64/floppy55.fs or CD3:5.5/sparc64/floppyB55.fs -(depending on your machine) to a floppy and boot it with boot -floppy. Refer to INSTALL.sparc64 for details. - -

-Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install -will most likely fail. - -

-You can also write CD3:5.5/sparc64/miniroot55.fs to the swap partition on -the disk and boot with boot disk:b. - -

-If nothing works, you can boot over the network as described in INSTALL.sparc64. -

- -

OpenBSD/alpha:

Write FTP:5.5/alpha/floppy55.fs or -FTP:5.5/alpha/floppyB55.fs (depending on your machine) to a diskette and -enter boot dva0. Refer to INSTALL.alpha for more details. - -

-Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install -will most likely fail. - -

- -

OpenBSD/armish:

-After connecting a serial port, Thecus can boot directly from the network -either tftp or http. Configure the network using fconfig, reset, -then load bsd.rd, see INSTALL.armish for specific details. -IOData HDL-G can only boot from an EXT-2 partition. Boot into linux -and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) -then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. -More details are available in INSTALL.armish. -

- -

OpenBSD/hp300:

-Boot over the network by following the instructions in INSTALL.hp300. -

- -

OpenBSD/hppa:

-Boot over the network by following the instructions in INSTALL.hppa or the -hppa platform page. -

- -

OpenBSD/landisk:

-Write miniroot55.fs to the start of the CF -or disk, and boot normally. -

- -

OpenBSD/loongson:

-Write miniroot55.fs to a USB stick and boot bsd.rd from it -or boot bsd.rd via tftp. -Refer to the instructions in INSTALL.loongson for more details. -

- -

OpenBSD/luna88k:

-Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader -from the PROM, and the bsd.rd from the bootloader. -Refer to the instructions in INSTALL.luna88k for more details. -

- -

OpenBSD/mvme68k:

-You can create a bootable installation tape or boot over the network.
-The network boot requires a MVME68K BUG version that supports the NIOT -and NBO debugger commands. Follow the instructions in INSTALL.mvme68k -for more details. -

- -

OpenBSD/mvme88k:

-You can create a bootable installation tape or boot over the network.
-The network boot requires a MVME88K BUG version that supports the NIOT -and NBO debugger commands. Follow the instructions in INSTALL.mvme88k -for more details. -

- -

OpenBSD/octeon:

-After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. -Refer to the instructions in INSTALL.octeon for more details. -

- -

OpenBSD/sgi:

-To install, burn cd55.iso on a CD-R, put it in the CD drive of your -machine and select Install System Software from the System Maintenance -menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from -CD-ROM, and need a proper invocation from the PROM prompt. -Refer to the instructions in INSTALL.sgi for more details. - -

-If your machine doesn't have a CD drive, you can setup a DHCP/tftp network -server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your -system type. Refer to the instructions in INSTALL.sgi for more details. -

- -

OpenBSD/socppc:

-After connecting a serial port, boot over the network via DHCP/tftp. -Refer to the instructions in INSTALL.socppc for more details. -

- -

OpenBSD/sparc:

-ok boot cdrom 5.5/sparc/bsd.rd
-or
-> b sd(0,6,0)5.5/sparc/bsd.rd
-

-If your SPARC system does not have a CD drive, you can alternatively boot from floppy. -To do so you need to write floppy55.fs to a floppy. -For more information see FAQ 4.3.2. -To boot from the floppy use one of the two commands listed below, -depending on the version of your ROM. - -

-ok boot floppy
-or
-> b fd()
-

-Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install -will most likely fail. - -

-If your SPARC system doesn't have a floppy drive nor a CD drive, you can either -setup a bootable tape, or install via network, as told in the -INSTALL.sparc file. -

- -

OpenBSD/vax:

-Boot over the network via mopbooting as described in INSTALL.vax. - - -

OpenBSD/zaurus:

-Using the Linux built-in graphical ipkg installer, install the -openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus -for a few important details. -

- -

Notes about the source code:

-# mkdir -p /usr/src
-# cd /usr/src
-# tar xvfz /tmp/src.tar.gz
-

-sys.tar.gz contains a source archive starting at /usr/src/sys. -This file contains all the kernel sources you need to rebuild kernels. -To extract: -

-# mkdir -p /usr/src/sys
-# cd /usr/src
-# tar xvfz /tmp/sys.tar.gz
-

-Both of these trees are a regular CVS checkout. Using these trees it -is possible to get a head-start on using the anoncvs servers as -described here. -Using these files -results in a much faster initial CVS update than you could expect from -a fresh checkout of the full OpenBSD source tree. -

- - -

How to upgrade

-If you already have an OpenBSD 5.4 system, and do not want to reinstall, -upgrade instructions and advice can be found in the -Upgrade Guide. - - -

Ports Tree

-A ports tree archive is also provided. To extract: -

-# cd /usr
-# tar xvfz /tmp/ports.tar.gz
-

-The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go -read the ports page -if you know nothing about ports -at this point. This text is not a manual of how to use ports. -Rather, it is a set of notes meant to kickstart the user on the -OpenBSD ports system. -

-The ports/ directory represents a CVS (see the manpage for - -cvs(1) if -you aren't familiar with CVS) checkout of our ports. As with our complete -source tree, our ports tree is available via -AnonCVS. -So, in order to keep current with it, you must make the ports/ tree -available on a read-write medium and update the tree with a command -like: -

-# cd /usr/ports
-# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5
-

-[Of course, you must replace the server name here with a nearby anoncvs -server.] -

-Note that most ports are available as packages through FTP. Updated -packages for the 5.5 release will be made available if problems arise. -

-If you're interested in seeing a port added, would like to help out, or just -would like to know more, the mailing list -ports@openbsd.org is a good place to know. -

- - +RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h