===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/55.html,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- www/55.html 2014/05/02 18:58:56 1.67
+++ www/55.html 2014/05/02 18:59:49 1.68
@@ -1 +1,1141 @@
-RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h
+
+
+
+OpenBSD 5.5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
OpenBSD 5.5
+
+Released May 1, 2014
+Copyright 1997-2014, Theo de Raadt.
+ISBN 978-0-9881561-3-5
+
+5.5 Song: "Wrap in Time"
+
+
+
+- Order a CDROM from our ordering system.
+
- See the information on the FTP page for
+ a list of mirror machines.
+
- Go to the pub/OpenBSD/5.5/ directory on
+ one of the mirror sites.
+
- Briefly read the rest of this document.
+
- Have a look at the 5.5 errata page for a list
+ of bugs and workarounds.
+
- See a detailed log of changes between the
+ 5.4 and 5.5 releases.
+
+
- 5.5 base signify pubkey: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h
+
- 5.5 fw signify pubkey: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO
+
- 5.5 pkg signify pubkey: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5
+
+
+All applicable copyrights and credits can be found in the applicable
+file sources found in the files src.tar.gz, sys.tar.gz,
+xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
+distribution files used to build packages from the ports.tar.gz file
+are not included on the CDROM because of lack of space.
+
+
+
+
+
+
What's New
+
+This is a partial list of new features and systems included in OpenBSD 5.5.
+For a comprehensive list, see the changelog leading
+to 5.5.
+
+
+
+- time_t is now 64 bits on all platforms.
+
+ - From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC.
+
- The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t.
+
- Userland programs that were changed include
+ arp(8),
+ bgpd(8),
+ calendar(8),
+ cron(8),
+ find(1),
+ fsck_ffs(8),
+ ifconfig(8),
+ ksh(1),
+ ld(1),
+ ld.so(1),
+ netstat(1),
+ pfctl(8),
+ ping(8),
+ rtadvd(8),
+ ssh(1),
+ tar(1),
+ tmux(1),
+ top(1),
+ and many others, including games!
+
- Removed time_t from network, on-disk, and database formats.
+
- Removed as many (time_t) casts as possible.
+
- Format strings were converted to use %lld and (long long) casts.
+
- Uses of timeval were converted to timespec where possible.
+
- Parts of the system that could not use 64-bit time_t were converted to use unsigned 32-bit instead, so they are good till the year 2106.
+
- Numerous ports throughout the ports tree received time_t fixes.
+
+
+
+
- Releases and packages are now cryptographically signed with the
+signify(1) utility.
+
+ - The installer will verify all sets before installing.
+
- Installing without verification works, but is discouraged.
+
- Users are advised to verify the installer (bsd.rd, install55.iso, etc.)
+ ahead of time using the
+ signify(1) tool if available.
+
- pkg_add(1) now only trusts signed packages by default.
+
+
+
+
- Installer improvements:
+
+ - The installer now supports a scriptable
+ auto-installation
+ method that enables unattended installation and upgrades using a response file.
+
- Disk images which can be written to a USB flash drive
+ (miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets])
+ are now provided for amd64 and i386.
+
- Rewritten
+ installboot(8)
+ utility aiming for a unified implementation across platforms (currently
+ used by amd64 and i386 only).
+
- The installer now parses nwids with embedded blanks correctly.
+
+
+
+
- New/extended platforms:
+
+
+
+
- Improved hardware support, including:
+
+ - New vmx(4)
+ driver for VMware VMXNET3 Virtual Interface Controller devices.
+
- New vmwpvs(4)
+ driver for VMware Paravirtual SCSI.
+
- New vioscsi(4)
+ driver for VirtIO SCSI adapters.
+
- New viornd(4)
+ driver for VirtIO random number devices.
+
- New ubcmtp(4)
+ driver for Broadcom multi-touch trackpads found on newer Apple MacBook,
+ MacBook Pro, and MacBook Air laptops.
+
- New ugold(4)
+ driver for TEMPer gold HID thermometers.
+
- New ugl(4)
+ driver for Genesys Logic based USB host-to-host adapters.
+
- New qla(4) driver for Qlogic fibre channel HBAs.
+
- radeondrm(4)
+ has been overhauled, including:
+
+ - New port of the Radeon code in Linux 3.8.13.19.
+
- Support for Kernel Mode Setting (KMS) including support for
+ additional output types such as DisplayPort.
+
- wsdisplay(4)
+ now attaches to
+ radeondrm(4)
+ and provides a framebuffer console.
+
+ - inteldrm(4)
+ has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes.
+
- Support for Intel 8 Series Ethernet with i217/i218 PHYs, and
+ i210/i211/i354 has been added to
+ em(4).
+
- Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to
+ iwn(4).
+
- Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, and ARC-1284 has been added to
+ arc(4).
+
- Support for Elantech v2 touchpads in pms(4) has been fixed.
+
- Support for 802.11a (5Ghz) has been added to wpi(4).
+
- Workarounds for firmware stability issues have been added to
+ wpi(4),
+ iwi(4), and
+ iwn(4).
+
- Support for RT3572 chips has been added to the
+ ral(4) driver.
+
- Support for RTL8106E chips has been added to the
+ re(4) driver.
+
- Support for RTS5229 card readers has been added to rtsx(4).
+
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver.
+
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver.
+
- Further reliability improvements regarding suspend/resume and hibernation.
+
- Enabled IPv6 transmit TCP/UDP checksum offload in
+ jme(4).
+
+
+
+
- Generic network stack improvements:
+
+ - Added vxlan(4),
+ a virtual extensible local area network tunnel interface.
+
- pflow(4)
+ now sends 64 bit time values for pflowproto 10. The changed templates /
+ flows for pflowproto 10 are now parsable by existing receivers.
+
- Continued improvement of the checksum offload framework to streamline
+ the calculation of TCP, UDP, ICMP, and ICMPv6 checksums.
+
- Enabled IPv6 routing domain support.
+
+
+
+
- Routing daemons and other userland network improvements:
+
+ - The popa3d POP3 server has been removed.
+
- Added ntpctl(8),
+ a program to control the Network Time Protocol daemon.
+
- slowcgi(8)
+ now works with a high number of concurrent connections.
+
- The inetd-based identd has been replaced by a new libevent-based
+ identd(8).
+
- tcpdump(8)
+ can now detect bad ICMP and ICMPv6 checksums when used with the -v flag.
+
- Added rdomain support to IPv6 configuration tools
+ ndp(8),
+ rtsold(8),
+ ping6(8), and
+ traceroute6(8).
+
- Added SNMPv2 client support to
+ snmpctl(8)
+ ("get", "walk", and "bulkwalk").
+
- relayd(8)
+ now supports TLS Perfect Forward Secrecy (PFS) with ECDHE (Elliptic curve Diffie-Hellman) that is enabled by default.
+
+
+
+
- pf(4) improvements:
+
+ - New queueing system with new syntax.
+
- The "received-on" parameter can now be used with the "any" keyword to
+ match any existing interface except loopback ones.
+
- The block policy in the default pf.conf(5) is now "block return".
+
+
+
+
- dhcpd(8) and dhclient(8) improvements:
+
+ - No longer create a route to the bound address via 127.0.0.1.
+
- The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5).
+
- 'next-server' (a.k.a. siaddr) info now saved in lease files.
+
- Fall back to broadcasting when unicast renewal fails, as specified in
+RFC 2131 and friends.
+
- Fix various problems in communications between privileged and non-privileged processes.
+
- Fix many abuses of memcpy.
+
- Stop pretending we still support FDDI or token ring hardware types.
+
- Fix classless static routes option handling and add syntax to parse human-readable forms.
+
- Fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields.
+
- Fix handling of non-printable characters in lease file strings.
+
- Fix many edge cases in config file and lease parsing and ensure that error messages refer to the correct position in erroneous line.
+
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'.
+
- Fix parsing of dhclient.conf(5) statements 'fixed-address' and
+'next-server'.
+
- Log failures to fchmod() or fchown() files being written.
+
- Create lease files with permissions 0640.
+
- Fix possible failure to write resolv.conf(5) when -L is used.
+
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent.
+
+
+
+
- iked(8) improvements:
+
+ - Support for OCSP ("Online Certificate Status Protocol"); enable with "set ocsp URL".
+
- Support for RSA public key authentication as an alternative to X.509 certificates or pre-shared keys.
+
- Support for DPD ("Dead Peer Detection") similar to the implementation in
+ isakmpd(8).
+
- Support for dynamic IP address assignment from a pool in configuration mode; enabled with "config address net/pool-prefix".
+
- Initial support for IPComp.
+
- Various improvements and a thorough audit of the network input path.
+
+
+
+
- OpenSMTPD 5.4.2 (includes changes to 5.4.1):
+
+ - Introduce initial support for DSN extension:
+
+ - NOTIFY=SUCCESS, NOTIFY=FAILURE, NOTIFY=DELAY, NOTIFY=NEVER
+
- RET=HDRS, RET=FULL
+
+ - Introduce initial support for ENHANCEDSTATUSCODES extension:
+
+ - smtp process returns Enhanced Status Codes for most commands.
+
- other processes now have an API to return more precise codes ...
+
- ... which will be improved further with each version.
+
+ - Improved smtpctl(8):
+
+ - sendmail mode now supports DSN parameters
+
- Can now pause/resume a source address -> destination domain route.
+
- Can now display status of processes with smtpctl show status.
+
- show relays: displays list of currently active relays.
+
- show routes: displays status of routes currently known by smtpd.
+
- show hosts: displays list of known remote MX.
+
- show hoststats: display status of last delivery for active domains.
+
- resume route: resumes route temporarily disable by the MTA.
+
- pause/resume envelope: allows pausing individual envelopes.
+
- pause/resume message: allows pausing individual messages.
+
- encrypt: allows generating credentials suitable for authentication.
+
- show message/envelope is now compression/encryption aware.
+
+ - Introduced SNI support.
+
- Improved configuration file:
+
+ - Removed last known ambiguity in grammar.
+
- Much simpler configuration for TLS-enabled hosts.
+
- Most parameters are now swappable in listen and accept rules.
+
- Conditions may be negated (ie: accept from ! <trusted> ...)
+
- Forward-only rules can be declared to impose ~/.forward files.
+
- New "recipient" keyword allows accept rule to provide a whitelist.
+
- Sender and recipient tables accept wildcard in their domains.
+
+ - TLS generic improvements:
+
+ - Support for TLS Perfect Forward Secrecy.
+
- Support for providing custom CA certificates.
+
+ - MTA improvements:
+
+ - mta may now require remote hosts to present valid certificates.
+
- Always attempt TLS before falling back to plaintext.
+
- Always present certificate if one is available.
+
- AUTH LOGIN now supported.
+
- MTA can now specify a EHLO-hostname when relaying.
+
+ - SMTP server improvements:
+
+ - IPv4-only and IPv6-only listeners are now possible.
+
- Listeners may now hide the From part in a Received-line.
+
- Listeners may require clients to provide a valid certificate.
+
- Banner hostname can now be dynamically fetched from a table.
+
+ - Queue improvements:
+
+ - Introduce an envelope cache in the queue to improve disk-IO pattern.
+
+ - Documentation:
+
+ - table(5) describes format for static, file and db backends.
+
- sendmail(8) describes our "sendmail" interface.
+
+ - Reduced memory usage in both general and stressed cases.
+
- OpenSMTPD now automagically upgrades queue if the format changes!
+
- Support Qmail-like "sticky home".
+
- Support for authenticating users from a credentials table.
+
- Introduce passwd(5) table backend for user and credentials lookup.
+
- Expansion variables in ~/.forward now support modifiers.
+
- Much more efficient scheduler!
+
- Many documentation fixes and improvements.
+
- And a lot of minor bug fixes and internal cleanup!
+
+
+
+
- Security improvements:
+
+ - Position-independent executables (PIE) are now used by default on i386.
+
- The arc4random(3)
+ functions now use the ChaCha20 cipher.
+
- The kernel random number system is initially seeded by the bootloader,
+ providing better random very early.
+
- Kernel stack protector is also seeded via the same mechanism, providing
+ protection earlier.
+
- -Wbounded is now enabled in GCC by default.
+
- Added explicit_bzero(3).
+
+
+
+
- Performance improvements:
+
+ - Relations between the buffer cache and swap daemon have been improved.
+
+
+
+
- Threading improvements:
+
+ - Interprocess semaphores via sem_open(3).
+
- Running threaded processes under a debugger no longer causes panics.
+
- SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered.
+
- Thread stacks now have a random bias.
+
- fork(2) no longer changes the pthread_t of the forking thread in the child.
+
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3).
+
+
+
+
- Assorted improvements:
+
+ - New in-memory file system, tmpfs.
+
- Many fuse(4) improvements and stability fixes.
+
- Added POSIX-required nl(1) utility.
+
- OpenBSD/vax has switched to GCC 3.
+
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3).
+
- amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency.
+
- Added support for CLOCK_UPTIME.
+
- Added tcgetsid(3).
+
- clock_t is now a 64 bit type, so it no longer wraps around in only 248 days.
+
- ino_t is now a 64 bit type, mostly to support large NFS filesystems.
+
- Corrected handling of UTIME_OMIT.
+
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested.
+
- Corrected handling of shared library destructors when libc is statically linked.
+
- Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits.
+
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits.
+
- All CIRCLEQ uses replaced with TAILQ.
+
- Preserve and honour changes to the OpenBSD bounds in a disklabel.
+
- fdisk(8) now always writes a good signature when the MBR is written to disk.
+
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices.
+
- Fix athn(4) tick calculations to eliminate excessive timeouts.
+
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED.
+
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files.
+
- sha256(1) and related tools
+ (cksum(1),
+ md5(1),
+ sha1(1), and
+ sha512(1))
+ now support a new -h flag to place the checksum into a specified hash file instead of stdout.
+
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist.
+
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist.
+
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes.
+
- Allow softraid(4) to work with partitions larger than 2TB.
+
- Removed experimental RAID 4 support from softraid(4).
+
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5.
+
- The uhts(4) driver has been merged into
+ ums(4).
+
- Many new checks were added to portcheck(1) utility; now it catches almost every popular mistake that observed in ports in last years.
+
+
+
+
- OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
+
+ - Security:
+
+ - sshd(8):
+ when using environment passing with a
+ sshd_config(5)
+ AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
+ be tricked into accepting any enviornment variable that contains the
+ characters before the wildcard character.
+
+ - New/changed features:
+
+ - ssh(1),
+ sshd(8):
+ Add support for key exchange using elliptic-curve Diffie Hellman
+ in Daniel Bernstein's Curve25519. This key exchange method is
+ the default when both the client and server support it.
+
- ssh(1),
+ sshd(8):
+ Add support for ED25519 as a public key type. ED25519 is
+ a elliptic curve signature scheme that offers better security than
+ ECDSA and DSA and good performance. It may be used for
+ both user and host keys.
+
- Add a new private key format that uses a bcrypt KDF to better
+ protect keys at rest. This format is used unconditionally for
+ ED25519 keys, but may be requested when generating or saving
+ existing keys of other types via the -o
+ ssh-keygen(1)
+ option. We intend to make the new format the default in the near
+ future. Details of the new format are in the PROTOCOL.key
+ file.
+
- ssh(1),
+ sshd(8):
+ Add a new transport cipher "chacha20-poly1305@openssh.com" that
+ combines Daniel Bernstein's ChaCha20 stream cipher and
+ Poly1305 MAC to build an authenticated encryption mode. Details
+ are in the PROTOCOL.chacha20poly1305 file.
+
- ssh(1),
+ sshd(8):
+ Refuse RSA keys from old proprietary clients and servers that
+ use the obsolete RSA+MD5 signature scheme. It will still be
+ possible to connect with these clients/servers but only DSA keys
+ will be accepted, and OpenSSH will refuse connection entirely in a
+ future release.
+
- ssh(1),
+ sshd(8):
+ Refuse old proprietary clients and servers that use a weaker key
+ exchange hash calculation.
+
- ssh(1):
+ Increase the size of the Diffie-Hellman groups requested for
+ each symmetric key size. New values from NIST Special Publication
+ 800-57 with the upper limit specified by RFC 4419.
+
- ssh(1),
+ ssh-agent(1):
+ Support PKCS#11 tokens that only provide X.509 certs
+ instead of raw public keys. (requested as bz#1908)
+
- ssh(1):
+ Add a
+ ssh_config(5)
+ Match keyword that allows conditional configuration to be
+ applied by matching on hostname, user and result of
+ arbitrary commands.
+
- ssh(1):
+ Add support for client-side hostname canonicalisation using a
+ set of DNS suffixes and rules in
+ ssh_config(5).
+ This allows unqualified names to be canonicalised to fully-qualified
+ domain names to eliminate ambiguity when looking up keys in
+ known_hosts or checking host certificate names.
+
- sftp-server(8):
+ Add the ability to whitelist and/or blacklist sftp protocol requests by
+ name.
+
- sftp-server(8):
+ Add a sftp "fsync@openssh.com" to support calling
+ fsync(2)
+ on an open file handle.
+
- sshd(8):
+ Add a
+ ssh_config(5)
+ PermitTTY to disallow TTY allocation, mirroring the
+ longstanding no-pty authorized_keys option.
+
- ssh(1):
+ Add a
+ ssh_config(5)
+ ProxyUseFDPass option that supports the use of
+ ProxyCommands that establish a connection and then pass a
+ connected file descriptor back to
+ ssh(1).
+ This allows the ProxyCommand to exit rather than staying
+ around to transfer data.
+
- ssh(1),
+ sshd(8):
+ this release removes the J-PAKE authentication code. This code
+ was experimental, never enabled and had been unmaintained for some
+ time.
+
- ssh(1):
+ when processing Match blocks, skip 'exec' clauses
+ other clauses predicates failed to match.
+
- ssh(1):
+ if hostname canonicalisation is enabled and results in the destination
+ hostname being changed, then re-parse
+ ssh_config(5)
+ files using the new destination hostname. This gives 'Host'
+ and 'Match' directives that use the expanded hostname a chance
+ to be applied.
+
+ - The following significant bugs have been fixed in this release:
+
+ - ssh(1),
+ sshd(8):
+ Fix potential stack exhaustion caused by nested certificates.
+
- ssh(1):
+ make BindAddress work with UsePrivilegedPort.
+ (bz#1211)
+
- sftp(1):
+ fix the progress meter for resumed transfer. (bz#2137)
+
- ssh-add(1):
+ do not request smartcard PIN when removing keys from
+ ssh-agent(1).
+ (bz#2187)
+
- sshd(8):
+ fix re-exec fallback when original
+ sshd(8)
+ binary cannot be executed. (bz#2139)
+
- ssh-keygen(1):
+ Make relative-specified certificate expiry times relative to current
+ time and not the validity start time.
+
- sshd(8):
+ fix AuthorizedKeysCommand inside a Match block.
+ (bz#2161)
+
- sftp(1):
+ symlinking a file would incorrectly canonicalise the target path.
+ (bz#2129)
+
- ssh-agent(1):
+ fix a use-after-free in the PKCS#11 agent helper executable.
+ (bz#2175)
+
- sshd(8):
+ Improve logging of sessions to include the user name, remote
+ host and port, the session type (shell, command,
+ etc.) and allocated TTY (if any).
+
- sshd(8):
+ tell the client (via a debug message) when their preferred listen
+ address has been overridden by the server's GatewayPorts
+ setting. (bz#1297)
+
- sshd(8):
+ include report port in bad protocol banner message. (bz#2162)
+
- sftp(1):
+ fix memory leak in error path in do_readdir(). (bz#2163)
+
- sftp(1):
+ don't leak file descriptor on error. (bz#2171)
+
- sshd(8):
+ include the local address and port in "Connection
+ from ..." message. (only shown at loglevel>=verbose)
+
- ssh(1):
+ avoid spurious "getsockname failed: Bad file descriptor" in
+ ssh -W. (bz#2200, debian#738692)
+
- sshd(8):
+ allow the
+ shutdown(2)
+ syscall in seccomp-bpf and systrace sandbox modes, as it is reachable
+ if the connection is terminated during the pre-auth phase.
+
- ssh(1),
+ sshd(8):
+ fix unsigned overflow that in SSH protocol 1 bignum parsing.
+ Minimum key length checks render this bug unexploitable to compromise
+ SSH 1 sessions.
+
- sshd_config(5)
+ clarify behaviour of a keyword that appears in multiple matching
+ Match blocks. (bz#2184)
+
- ssh(1):
+ avoid unnecessary hostname lookups when canonicalisation is disabled.
+ (bz#2205)
+
- sshd(8):
+ avoid sandbox violation crashes in GSSAPI code by caching the supported
+ list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
+
- ssh(1):
+ fix possible crashes in SOCKS4 parsing caused by assumption that the
+ SOCKS username is nul-terminated.
+
- ssh(1):
+ fix regression for UsePrivilegedPort=yes when
+ BindAddress is not specified.
+
- ssh(1),
+ sshd(8):
+ fix memory leak in ECDSA signature verification.
+
- ssh(1):
+ fix matching of 'Host' directives in
+ ssh_config(5)
+ files to be case-insensitive again. (regression in 6.5)
+
+
+
+
+
- Ports and packages:
+
+ - Over 8,700 ports.
+
- Major overhaul of the package tools, resulting in much better memory usage.
+
- pkg_add(1) now only trusts signed packages by default.
+
- The build process now allows some limited capability for building
+ conflicting packages, yielding KDE 4 packages as a result, along
+ with KDE 3 ones.
+
+
+
- Many pre-built packages for each architecture:
+
+
+
+
+ - i386: 8468
+
- sparc64: 7969
+
- alpha: 6199
+
- m68k: 3270
+
|
+ - sh: 345
+
- amd64: 8534
+
- powerpc: 8057
+
- m88k: 1258
+
|
+ - sparc: 4681
+
- arm: 6181
+
- hppa: 6549
+
|
+ - vax: 1007
+
- mips64: 4726
+
- mips64el: 6730
+
|
+
+
+
- Some highlights:
+
+ - GNOME 3.10.2
- KDE 3.5.10
+
- KDE 4.11.5
+
- Xfce 4.10
- MySQL 5.1.73
+
- PostgreSQL 9.3.2
- Postfix 2.11.0
+
- OpenLDAP 2.3.43 and 2.4.38
- Mozilla Firefox 24.3 and 26.0
+
- Mozilla Thunderbird 24.3.0
- GHC 7.6.3
+
- LibreOffice 4.1.4.2
- Emacs 21.4 and 24.3
+
- Vim 7.4.135
- PHP 5.3.28 and 5.4.24
+
- Python 2.7.6 and 3.3.2
- Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0
+
- Tcl/Tk 8.5.15 and 8.6.1
- JDK 1.6.0.32 and 1.7.0.21
+
- Mono 2.10.9
- Chromium 32.0.1700.102
+
- Groff 1.22.2
- Go 1.2
+
- GCC 4.6.4 and 4.8.2
- LLVM/Clang 3.3
+
- Node.js 0.10.24
+
+
+
+
- As usual, steady improvements in manual pages and other documentation.
+
+
+
- The system includes the following major components from outside suppliers:
+
+ - Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches,
+ freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301,
+ xkeyboard-config 2.10.1 and more)
+
- Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
+
- Perl 5.16.3 (+ patches)
+
- Our improved and secured version of Apache 1.3, with
+ SSL/TLS and DSO support
+
- Nginx 1.4.4 (+ patches)
+
- OpenSSL 1.0.1c (+ patches)
+
- SQLite 3.8.0.2 (+ patches)
+
- Sendmail 8.14.8, with libmilter
+
- Bind 9.4.2-P2 (+ patches)
+
- NSD 4.0.1
+
- Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
+
- Sudo 1.7.2p8
+
- Ncurses 5.7
+
- Heimdal 1.5.2 (+ patches)
+
- Binutils 2.15 (+ patches)
+
- Gdb 6.3 (+ patches)
+
- Less 444 (+ patches)
+
- Awk Aug 10, 2011 version
+
+
+
+
+
+
+
+
How to install
+
+Following this are the instructions which you would have on a piece of
+paper if you had purchased a CDROM set instead of doing an alternate
+form of install. The instructions for doing an FTP (or other style
+of) install are very similar; the CDROM instructions are left intact
+so that you can see how much easier it would have been if you had
+purchased a CDROM instead.
+
+
+
+Please refer to the following files on the three CDROMs or FTP mirror for
+extensive details on how to install OpenBSD 5.5 on your machine:
+
+
+
+
+
+Quick installer information for people familiar with OpenBSD, and the
+use of the "disklabel -E" command. If you are at all confused when
+installing OpenBSD, read the relevant INSTALL.* file as listed above!
+
+
+
OpenBSD/i386:
+
+Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
+release is on CD1. If your BIOS does not support booting from CD, you will need
+to create a boot floppy to install from. To create a boot floppy write
+CD1:5.5/i386/floppy55.fs to a floppy and boot via the floppy drive.
+
+
+Use CD1:5.5/i386/floppyB55.fs instead for greater SCSI controller
+support, or CD1:5.5/i386/floppyC55.fs for better laptop support.
+
+
+If you can't boot from a CD or a floppy disk,
+you can install across the network using PXE as described in
+the included INSTALL.i386 document.
+
+
+If you are planning on dual booting OpenBSD with another OS, you will need to
+read INSTALL.i386.
+
+
+To make a boot floppy under MS-DOS, use the "rawrite" utility located
+at CD1:5.5/tools/rawrite.exe. To make the boot floppy under a Unix OS,
+use the
+dd(1)
+utility. The following is an example usage of
+dd(1),
+where the device could be "floppy", "rfd0c", or
+"rfd0a".
+
+
+# dd if=<file> of=/dev/<device> bs=32k
+
+
+
+Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
+your install will most likely fail. For more information on creating a boot
+floppy and installing OpenBSD/i386 please refer to
+FAQ 4.3.2.
+
+
+
+
OpenBSD/amd64:
+
+The 5.5 release of OpenBSD/amd64 is located on CD2.
+Boot from the CD to begin the install - you may need to adjust
+your BIOS options first.
+If you can't boot from the CD, you can create a boot floppy to install from.
+To do this, write CD2:5.5/amd64/floppy55.fs to a floppy, then
+boot from the floppy drive.
+
+
+If you can't boot from a CD or a floppy disk,
+you can install across the network using PXE as described in the included
+INSTALL.amd64 document.
+
+
+If you are planning to dual boot OpenBSD with another OS, you will need to
+read INSTALL.amd64.
+
+
+
+
OpenBSD/macppc:
+
+Burn the image from the FTP site to a CDROM, and power on your machine
+while holding down the C key until the display turns on and
+shows OpenBSD/macppc boot.
+
+
+Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
+/5.5/macppc/bsd.rd
+
+
+
+
OpenBSD/sparc64:
+
+Put CD3 in your CDROM drive and type boot cdrom.
+
+
+If this doesn't work, or if you don't have a CDROM drive, you can write
+CD3:5.5/sparc64/floppy55.fs or CD3:5.5/sparc64/floppyB55.fs
+(depending on your machine) to a floppy and boot it with boot
+floppy. Refer to INSTALL.sparc64 for details.
+
+
+Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
+will most likely fail.
+
+
+You can also write CD3:5.5/sparc64/miniroot55.fs to the swap partition on
+the disk and boot with boot disk:b.
+
+
+If nothing works, you can boot over the network as described in INSTALL.sparc64.
+
+
+
+
OpenBSD/alpha:
+
+Write FTP:5.5/alpha/floppy55.fs or
+FTP:5.5/alpha/floppyB55.fs (depending on your machine) to a diskette and
+enter boot dva0. Refer to INSTALL.alpha for more details.
+
+
+Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
+will most likely fail.
+
+
+
+
+
OpenBSD/armish:
+
+
+After connecting a serial port, Thecus can boot directly from the network
+either tftp or http. Configure the network using fconfig, reset,
+then load bsd.rd, see INSTALL.armish for specific details.
+IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
+and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
+then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
+More details are available in INSTALL.armish.
+
+
+
+
OpenBSD/hp300:
+
+
+
+
OpenBSD/hppa:
+
+
+
+
OpenBSD/landisk:
+
+
+Write miniroot55.fs to the start of the CF
+or disk, and boot normally.
+
+
+
+
OpenBSD/loongson:
+
+
+Write miniroot55.fs to a USB stick and boot bsd.rd from it
+or boot bsd.rd via tftp.
+Refer to the instructions in INSTALL.loongson for more details.
+
+
+
+
+
OpenBSD/luna88k:
+
+
+Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
+from the PROM, and the bsd.rd from the bootloader.
+Refer to the instructions in INSTALL.luna88k for more details.
+
+
+
+
OpenBSD/mvme68k:
+
+
+You can create a bootable installation tape or boot over the network.
+The network boot requires a MVME68K BUG version that supports the NIOT
+and NBO debugger commands. Follow the instructions in INSTALL.mvme68k
+for more details.
+
+
+
+
OpenBSD/mvme88k:
+
+
+You can create a bootable installation tape or boot over the network.
+The network boot requires a MVME88K BUG version that supports the NIOT
+and NBO debugger commands. Follow the instructions in INSTALL.mvme88k
+for more details.
+
+
+
+
OpenBSD/octeon:
+
+
+After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
+Refer to the instructions in INSTALL.octeon for more details.
+
+
+
+
OpenBSD/sgi:
+
+
+To install, burn cd55.iso on a CD-R, put it in the CD drive of your
+machine and select Install System Software from the System Maintenance
+menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
+CD-ROM, and need a proper invocation from the PROM prompt.
+Refer to the instructions in INSTALL.sgi for more details.
+
+
+If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
+server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
+system type. Refer to the instructions in INSTALL.sgi for more details.
+
+
+
+
OpenBSD/socppc:
+
+
+After connecting a serial port, boot over the network via DHCP/tftp.
+Refer to the instructions in INSTALL.socppc for more details.
+
+
+
+
OpenBSD/sparc:
+
+Boot from one of the provided install ISO images, using one of the two
+commands listed below, depending on the version of your ROM.
+
+
+ok boot cdrom 5.5/sparc/bsd.rd
+or
+> b sd(0,6,0)5.5/sparc/bsd.rd
+
+
+
+If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
+To do so you need to write floppy55.fs to a floppy.
+For more information see FAQ 4.3.2.
+To boot from the floppy use one of the two commands listed below,
+depending on the version of your ROM.
+
+
+ok boot floppy
+or
+> b fd()
+
+
+
+Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
+will most likely fail.
+
+
+If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
+setup a bootable tape, or install via network, as told in the
+INSTALL.sparc file.
+
+
+
+
OpenBSD/vax:
+
+Boot over the network via mopbooting as described in INSTALL.vax.
+
+
+
+
OpenBSD/zaurus:
+
+
+Using the Linux built-in graphical ipkg installer, install the
+openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
+for a few important details.
+
+
+
+
Notes about the source code:
+
+src.tar.gz contains a source archive starting at /usr/src. This file
+contains everything you need except for the kernel sources, which are
+in a separate archive. To extract:
+
+
+# mkdir -p /usr/src
+# cd /usr/src
+# tar xvfz /tmp/src.tar.gz
+
+
+sys.tar.gz contains a source archive starting at /usr/src/sys.
+This file contains all the kernel sources you need to rebuild kernels.
+To extract:
+
+
+# mkdir -p /usr/src/sys
+# cd /usr/src
+# tar xvfz /tmp/sys.tar.gz
+
+
+Both of these trees are a regular CVS checkout. Using these trees it
+is possible to get a head-start on using the anoncvs servers as
+described here.
+Using these files
+results in a much faster initial CVS update than you could expect from
+a fresh checkout of the full OpenBSD source tree.
+
+
+
+
+
+
+
How to upgrade
+
+If you already have an OpenBSD 5.4 system, and do not want to reinstall,
+upgrade instructions and advice can be found in the
+Upgrade Guide.
+
+
+
+
+
Ports Tree
+
+A ports tree archive is also provided. To extract:
+
+
+# cd /usr
+# tar xvfz /tmp/ports.tar.gz
+
+
+The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go
+read the ports page
+if you know nothing about ports
+at this point. This text is not a manual of how to use ports.
+Rather, it is a set of notes meant to kickstart the user on the
+OpenBSD ports system.
+
+The ports/ directory represents a CVS (see the manpage for
+
+cvs(1) if
+you aren't familiar with CVS) checkout of our ports. As with our complete
+source tree, our ports tree is available via
+AnonCVS.
+So, in order to keep current with it, you must make the ports/ tree
+available on a read-write medium and update the tree with a command
+like:
+
+
+# cd /usr/ports
+# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5
+
+
+[Of course, you must replace the server name here with a nearby anoncvs
+server.]
+
+Note that most ports are available as packages through FTP. Updated
+packages for the 5.5 release will be made available if problems arise.
+
+If you're interested in seeing a port added, would like to help out, or just
+would like to know more, the mailing list
+ports@openbsd.org is a good place to know.
+
+
+