OpenBSD 5.5

- -

+ +

openbsd-55-base.pub: -	+	RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h -
+
openbsd-55-fw.pub: -	+	RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO -
+
openbsd-55-pkg.pub: -	+	RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 -

@@ -60,17 +72,17 @@ sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the files fetched via ports.tar.gz. -
+

What's New

This is a partial list of new features and systems included in OpenBSD 5.5. For a comprehensive list, see the changelog leading to 5.5. -

time_t is now 64 bits on all platforms. @@ -78,24 +90,24 @@
From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC.
The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t.
Userland programs that were changed include - arp(8), - bgpd(8), - calendar(8), - cron(8), - find(1), - fsck_ffs(8), - ifconfig(8), - ksh(1), - ld(1), - ld.so(1), - netstat(1), - pfctl(8), - ping(8), - rtadvd(8), - ssh(1), - tar(1), - tmux(1), - top(1), + arp(8), + bgpd(8), + calendar(8), + cron(8), + find(1), + fsck_ffs(8), + ifconfig(8), + ksh(1), + ld(1), + ld.so(1), + netstat(1), + pfctl(8), + ping(8), + rtadvd(8), + ssh(1), + tar(1), + tmux(1), + top(1), and many others, including games!
Removed time_t from network, on-disk, and database formats.
Removed as many (time_t) casts as possible. @@ -107,27 +119,27 @@
Releases and packages are now cryptographically signed with the -signify(1) utility. +signify(1) utility.
- The installer will verify all sets before installing.
- Installing without verification works, but is discouraged.
- Users are advised to verify the installer (bsd.rd, install55.iso, etc.) ahead of time using the - signify(1) tool if available. -
- pkg_add(1) now only trusts signed packages by default. + signify(1) tool if available. +
- pkg_add(1) now only trusts signed packages by default.

Installer improvements:

The installer now supports a scriptable - auto-installation + auto-installation method that enables unattended installation and upgrades using a response file.
Disk images which can be written to a USB flash drive (miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets]) are now provided for amd64 and i386.
Rewritten - installboot(8) + installboot(8) utility aiming for a unified implementation across platforms (currently used by amd64 and i386 only).
The installer now parses nwids with embedded blanks correctly. @@ -150,66 +162,66 @@
Improved hardware support, including:
- New vmx(4) +
- New vmx(4) driver for VMware VMXNET3 Virtual Interface Controller devices. -
- New vmwpvs(4) +
- New vmwpvs(4) driver for VMware Paravirtual SCSI. -
- New vioscsi(4) +
- New vioscsi(4) driver for VirtIO SCSI adapters. -
- New viornd(4) +
- New viornd(4) driver for VirtIO random number devices. -
- New ubcmtp(4) +
- New ubcmtp(4) driver for Broadcom multi-touch trackpads found on newer Apple MacBook, MacBook Pro, and MacBook Air laptops. -
- New ugold(4) +
- New ugold(4) driver for TEMPer gold HID thermometers. -
- New ugl(4) +
- New ugl(4) driver for Genesys Logic based USB host-to-host adapters. -
- New qle(4) driver for QLogic Fibre Channel HBAs. -
- radeondrm(4) +
- New qle(4) driver for QLogic Fibre Channel HBAs. +
- radeondrm(4) has been overhauled, including:
  - New port of the Radeon code in Linux 3.8.13.19.
  - Support for Kernel Mode Setting (KMS) including support for additional output types such as DisplayPort. -
  - wsdisplay(4) +
  - wsdisplay(4) now attaches to - radeondrm(4) + radeondrm(4) and provides a framebuffer console.
  -
- inteldrm(4) +
- inteldrm(4) has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes.
- Support for Intel 8 Series Ethernet with i217/i218 PHYs, and i210/i211/i354 has been added to - em(4). + em(4).
- Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to - iwn(4). + iwn(4).
- Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, and ARC-1284 has been added to - arc(4). -
- Support for Elantech v2 touchpads in pms(4) has been fixed. -
- Support for 802.11a (5Ghz) has been added to wpi(4). + arc(4). +
- Support for Elantech v2 touchpads in pms(4) has been fixed. +
- Support for 802.11a (5Ghz) has been added to wpi(4).
- Workarounds for firmware stability issues have been added to - wpi(4), - iwi(4), and - iwn(4). + wpi(4), + iwi(4), and + iwn(4).
- Support for RT3572 chips has been added to the - ral(4) driver. + ral(4) driver.
- Support for RTL8106E chips has been added to the - re(4) driver. -
- Support for RTS5229 card readers has been added to rtsx(4). -
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver. -
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver. + re(4) driver. +
- Support for RTS5229 card readers has been added to rtsx(4). +
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver. +
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver.
- Further reliability improvements regarding suspend/resume and hibernation.
- Enabled IPv6 transmit TCP/UDP checksum offload in - jme(4). + jme(4).

Generic network stack improvements:

Added vxlan(4), +
Added vxlan(4), a virtual extensible local area network tunnel interface. -
pflow(4) +
pflow(4) now sends 64 bit time values for pflowproto 10. The changed templates / flows for pflowproto 10 are now parsable by existing receivers.
Continued improvement of the checksum offload framework to streamline @@ -221,40 +233,40 @@
Routing daemons and other userland network improvements:
- The popa3d POP3 server has been removed. -
- Added ntpctl(8), +
- Added ntpctl(8), a program to control the Network Time Protocol daemon. -
- slowcgi(8) +
- slowcgi(8) now works with a high number of concurrent connections.
- The inetd-based identd has been replaced by a new libevent-based - identd(8). -
- tcpdump(8) + identd(8). +
- tcpdump(8) can now detect bad ICMP and ICMPv6 checksums when used with the -v flag.
- Added rdomain support to IPv6 configuration tools - ndp(8), - rtsold(8), - ping6(8), and - traceroute6(8). + ndp(8), + rtsold(8), + ping6(8), and + traceroute6(8).
- Added SNMPv2 client support to - snmpctl(8) + snmpctl(8) ("get", "walk", and "bulkwalk"). -
- relayd(8) +
- relayd(8) now supports TLS Perfect Forward Secrecy (PFS) with ECDHE (Elliptic curve Diffie-Hellman) that is enabled by default.
-
pf(4) improvements: +
pf(4) improvements:
- New queueing system with new syntax.
- The "received-on" parameter can now be used with the "any" keyword to match any existing interface except loopback ones. -
- The block policy in the default pf.conf(5) is now "block return". +
- The block policy in the default pf.conf(5) is now "block return".
-
dhcpd(8) and dhclient(8) improvements: +
dhcpd(8) and dhclient(8) improvements:
- No longer create a route to the bound address via 127.0.0.1. -
- The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5). +
- The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5).
- 'next-server' (a.k.a. siaddr) info now saved in lease files.
- Fall back to broadcasting when unicast renewal fails, as specified in RFC 2131 and friends. @@ -265,22 +277,22 @@
- Fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields.
- Fix handling of non-printable characters in lease file strings.
- Fix many edge cases in config file and lease parsing and ensure that error messages refer to the correct position in erroneous line. -
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'. -
- Fix parsing of dhclient.conf(5) statements 'fixed-address' and +
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'. +
- Fix parsing of dhclient.conf(5) statements 'fixed-address' and 'next-server'.
- Log failures to fchmod() or fchown() files being written.
- Create lease files with permissions 0640. -
- Fix possible failure to write resolv.conf(5) when -L is used. -
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent. +
- Fix possible failure to write resolv.conf(5) when -L is used. +
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent.
-
iked(8) improvements: +
iked(8) improvements:
- Support for OCSP ("Online Certificate Status Protocol"); enable with "set ocsp URL".
- Support for RSA public key authentication as an alternative to X.509 certificates or pre-shared keys.
- Support for DPD ("Dead Peer Detection") similar to the implementation in - isakmpd(8). + isakmpd(8).
- Support for dynamic IP address assignment from a pool in configuration mode; enabled with "config address net/pool-prefix".
- Initial support for IPComp.
- Various improvements and a thorough audit of the network input path. @@ -300,7 +312,7 @@
- other processes now have an API to return more precise codes ...
- ... which will be improved further with each version.
-
Improved smtpctl(8): +
Improved smtpctl(8):
- sendmail mode now supports DSN parameters
- Can now pause/resume a source address -> destination domain route. @@ -352,14 +364,14 @@
Documentation:
- table(5) describes format for static, file and db backends. +
- table(5) describes format for static, file and db backends.
- sendmail(8) describes our "sendmail" interface.
Reduced memory usage in both general and stressed cases.
OpenSMTPD now automagically upgrades queue if the format changes!
Support Qmail-like "sticky home".
Support for authenticating users from a credentials table. -
Introduce passwd(5) table backend for user and credentials lookup. +
Introduce passwd(5) table backend for user and credentials lookup.
Expansion variables in ~/.forward now support modifiers.
Much more efficient scheduler!
Many documentation fixes and improvements. @@ -370,14 +382,14 @@
Security improvements:
- Position-independent executables (PIE) are now used by default on i386. -
- The arc4random(3) +
- The arc4random(3) functions now use the ChaCha20 cipher.
- The kernel random number system is initially seeded by the bootloader, providing better random very early.
- Kernel stack protector is also seeded via the same mechanism, providing protection earlier.
- -Wbounded is now enabled in GCC by default. -
- Added explicit_bzero(3). +
- Added explicit_bzero(3).
@@ -389,53 +401,53 @@
Threading improvements:
- Interprocess semaphores via sem_open(3). +
- Interprocess semaphores via sem_open(3).
- Running threaded processes under a debugger no longer causes panics.
- SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered.
- Thread stacks now have a random bias. -
- fork(2) no longer changes the pthread_t of the forking thread in the child. -
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3). +
- fork(2) no longer changes the pthread_t of the forking thread in the child. +
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3).
Assorted improvements:
- New in-memory file system, tmpfs. -
- Many fuse(4) improvements and stability fixes. -
- Added POSIX-required nl(1) utility. +
- New in-memory file system, tmpfs. +
- Many fuse(4) improvements and stability fixes. +
- Added POSIX-required nl(1) utility.
- OpenBSD/vax has switched to GCC 3. -
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3). +
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3).
- amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency.
- Added support for CLOCK_UPTIME. -
- Added tcgetsid(3). +
- Added tcgetsid(3).
- clock_t is now a 64 bit type, so it no longer wraps around in only 248 days.
- ino_t is now a 64 bit type, mostly to support large NFS filesystems.
- Corrected handling of UTIME_OMIT. -
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested. +
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested.
- Corrected handling of shared library destructors when libc is statically linked.
- Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits. -
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits. +
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits.
- All CIRCLEQ uses replaced with TAILQ.
- Preserve and honour changes to the OpenBSD bounds in a disklabel. -
- fdisk(8) now always writes a good signature when the MBR is written to disk. -
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices. -
- Fix athn(4) tick calculations to eliminate excessive timeouts. -
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED. -
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files. -
- sha256(1) and related tools - (cksum(1), - md5(1), - sha1(1), and - sha512(1)) +
- fdisk(8) now always writes a good signature when the MBR is written to disk. +
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices. +
- Fix athn(4) tick calculations to eliminate excessive timeouts. +
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED. +
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files. +
- sha256(1) and related tools + (cksum(1), + md5(1), + sha1(1), and + sha512(1)) now support a new -h flag to place the checksum into a specified hash file instead of stdout. -
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist. -
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist. -
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes. -
- Allow softraid(4) to work with partitions larger than 2TB. -
- Removed experimental RAID 4 support from softraid(4). -
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5. +
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist. +
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist. +
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes. +
- Allow softraid(4) to work with partitions larger than 2TB. +
- Removed experimental RAID 4 support from softraid(4). +
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5.
- The uhts(4) driver has been merged into - ums(4). + ums(4).
- Many new checks were added to portcheck(1) utility; now it catches almost every popular mistake that observed in ports in last years.
@@ -444,22 +456,22 @@
- Security:
  - sshd(8): +
  - sshd(8): when using environment passing with a - sshd_config(5) - AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could + sshd_config(5) + AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could be tricked into accepting any enviornment variable that contains the characters before the wildcard character.
- New/changed features:
  - ssh(1), - sshd(8): +
  - ssh(1), + sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it. -
  - ssh(1), - sshd(8): +
  - ssh(1), + sshd(8): Add support for ED25519 as a public key type. ED25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for @@ -467,168 +479,168 @@
  - Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for ED25519 keys, but may be requested when generating or saving - existing keys of other types via the -o - ssh-keygen(1) + existing keys of other types via the -o + ssh-keygen(1) option. We intend to make the new format the default in the near - future. Details of the new format are in the PROTOCOL.key + future. Details of the new format are in the PROTOCOL.key file. -
  - ssh(1), - sshd(8): +
  - ssh(1), + sshd(8): Add a new transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Details - are in the PROTOCOL.chacha20poly1305 file. -
  - ssh(1), - sshd(8): + are in the PROTOCOL.chacha20poly1305 file. +
  - ssh(1), + sshd(8): Refuse RSA keys from old proprietary clients and servers that use the obsolete RSA+MD5 signature scheme. It will still be possible to connect with these clients/servers but only DSA keys will be accepted, and OpenSSH will refuse connection entirely in a future release. -
  - ssh(1), - sshd(8): +
  - ssh(1), + sshd(8): Refuse old proprietary clients and servers that use a weaker key exchange hash calculation. -
  - ssh(1): +
  - ssh(1): Increase the size of the Diffie-Hellman groups requested for each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC 4419. -
  - ssh(1), - ssh-agent(1): +
  - ssh(1), + ssh-agent(1): Support PKCS#11 tokens that only provide X.509 certs instead of raw public keys. (requested as bz#1908) -
  - ssh(1): +
  - ssh(1): Add a - ssh_config(5) - Match keyword that allows conditional configuration to be + ssh_config(5) + Match keyword that allows conditional configuration to be applied by matching on hostname, user and result of arbitrary commands. -
  - ssh(1): +
  - ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in - ssh_config(5). + ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in - known_hosts or checking host certificate names. -
  - sftp-server(8): + known_hosts or checking host certificate names. +
  - sftp-server(8): Add the ability to whitelist and/or blacklist sftp protocol requests by name. -
  - sftp-server(8): +
  - sftp-server(8): Add a sftp "fsync@openssh.com" to support calling - fsync(2) + fsync(2) on an open file handle. -
  - sshd(8): +
  - sshd(8): Add a - ssh_config(5) - PermitTTY to disallow TTY allocation, mirroring the - longstanding no-pty authorized_keys option. -
  - ssh(1): + ssh_config(5) + PermitTTY to disallow TTY allocation, mirroring the + longstanding no-pty authorized_keys option. +
  - ssh(1): Add a - ssh_config(5) - ProxyUseFDPass option that supports the use of - ProxyCommands that establish a connection and then pass a + ssh_config(5) + ProxyUseFDPass option that supports the use of + ProxyCommands that establish a connection and then pass a connected file descriptor back to - ssh(1). - This allows the ProxyCommand to exit rather than staying + ssh(1). + This allows the ProxyCommand to exit rather than staying around to transfer data. -
  - ssh(1), - sshd(8): +
  - ssh(1), + sshd(8): this release removes the J-PAKE authentication code. This code was experimental, never enabled and had been unmaintained for some time. -
  - ssh(1): - when processing Match blocks, skip 'exec' clauses +
  - ssh(1): + when processing Match blocks, skip 'exec' clauses other clauses predicates failed to match. -
  - ssh(1): +
  - ssh(1): if hostname canonicalisation is enabled and results in the destination hostname being changed, then re-parse - ssh_config(5) - files using the new destination hostname. This gives 'Host' - and 'Match' directives that use the expanded hostname a chance + ssh_config(5) + files using the new destination hostname. This gives 'Host' + and 'Match' directives that use the expanded hostname a chance to be applied.
- The following significant bugs have been fixed in this release:
  - ssh(1), - sshd(8): +
  - ssh(1), + sshd(8): Fix potential stack exhaustion caused by nested certificates. -
  - ssh(1): - make BindAddress work with UsePrivilegedPort. +
  - ssh(1): + make BindAddress work with UsePrivilegedPort. (bz#1211) -
  - sftp(1): +
  - sftp(1): fix the progress meter for resumed transfer. (bz#2137) -
  - ssh-add(1): +
  - ssh-add(1): do not request smartcard PIN when removing keys from - ssh-agent(1). + ssh-agent(1). (bz#2187) -
  - sshd(8): +
  - sshd(8): fix re-exec fallback when original - sshd(8) + sshd(8) binary cannot be executed. (bz#2139) -
  - ssh-keygen(1): +
  - ssh-keygen(1): Make relative-specified certificate expiry times relative to current time and not the validity start time. -
  - sshd(8): - fix AuthorizedKeysCommand inside a Match block. +
  - sshd(8): + fix AuthorizedKeysCommand inside a Match block. (bz#2161) -
  - sftp(1): +
  - sftp(1): symlinking a file would incorrectly canonicalise the target path. (bz#2129) -
  - ssh-agent(1): +
  - ssh-agent(1): fix a use-after-free in the PKCS#11 agent helper executable. (bz#2175) -
  - sshd(8): +
  - sshd(8): Improve logging of sessions to include the user name, remote host and port, the session type (shell, command, etc.) and allocated TTY (if any). -
  - sshd(8): +
  - sshd(8): tell the client (via a debug message) when their preferred listen - address has been overridden by the server's GatewayPorts + address has been overridden by the server's GatewayPorts setting. (bz#1297) -
  - sshd(8): +
  - sshd(8): include report port in bad protocol banner message. (bz#2162) -
  - sftp(1): +
  - sftp(1): fix memory leak in error path in do_readdir(). (bz#2163) -
  - sftp(1): +
  - sftp(1): don't leak file descriptor on error. (bz#2171) -
  - sshd(8): +
  - sshd(8): include the local address and port in - "Connection from ..." message. + "Connection from ..." message. (only shown at loglevel>=verbose) -
  - ssh(1): - avoid spurious "getsockname failed: Bad file descriptor" in - ssh -W. (bz#2200, debian#738692) -
  - sshd(8): +
  - ssh(1): + avoid spurious "getsockname failed: Bad file descriptor" in + ssh -W. (bz#2200, debian#738692) +
  - sshd(8): allow the - shutdown(2) + shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase. -
  - ssh(1), - sshd(8): +
  - ssh(1), + sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions. -
  - sshd_config(5) +
  - sshd_config(5) clarify behaviour of a keyword that appears in multiple matching - Match blocks. (bz#2184) -
  - ssh(1): + Match blocks. (bz#2184) +
  - ssh(1): avoid unnecessary hostname lookups when canonicalisation is disabled. (bz#2205) -
  - sshd(8): +
  - sshd(8): avoid sandbox violation crashes in GSSAPI code by caching the supported list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107) -
  - ssh(1): +
  - ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption that the SOCKS username is nul-terminated. -
  - ssh(1): - fix regression for UsePrivilegedPort=yes when - BindAddress is not specified. -
  - ssh(1), - sshd(8): +
  - ssh(1): + fix regression for UsePrivilegedPort=yes when + BindAddress is not specified. +
  - ssh(1), + sshd(8): fix memory leak in ECDSA signature verification. -
  - ssh(1): - fix matching of 'Host' directives in - ssh_config(5) +
  - ssh(1): + fix matching of 'Host' directives in + ssh_config(5) files to be case-insensitive again. (regression in 6.5)
@@ -638,35 +650,29 @@
- Over 8,700 ports.
- Major overhaul of the package tools, resulting in much better memory usage. -
- pkg_add(1) now only trusts signed packages by default. +
- pkg_add(1) now only trusts signed packages by default.
- The build process now allows some limited capability for building conflicting packages, yielding KDE 4 packages as a result, along with KDE 3 ones.

Many pre-built packages for each architecture: - - -

i386: 8468
sparc64: 7969
alpha: 6199
m68k: 3270 -

sh: 345
amd64: 8534
powerpc: 8057
m88k: 1258 -

sparc: 4681
arm: 6181
hppa: 6549 -

vax: 1007
mips64: 4726
mips64el: 6730 -

Some highlights: @@ -715,14 +721,15 @@
Less 444 (+ patches)
Awk Aug 10, 2011 version

-OpenBSD -5.5 +OpenBSD +5.5

What's New

What's New

How to install

How to install

OpenBSD/i386:

OpenBSD/i386:

OpenBSD/amd64:

OpenBSD/amd64:

OpenBSD/macppc:

OpenBSD/macppc:

OpenBSD/sparc64:

OpenBSD/sparc64:

OpenBSD/alpha:

OpenBSD/alpha:

OpenBSD/armish:

OpenBSD/armish:

OpenBSD/hp300:

OpenBSD/hp300:

OpenBSD/hppa:

OpenBSD/hppa:

OpenBSD/landisk:

OpenBSD/landisk:

OpenBSD/loongson:

OpenBSD/loongson:

OpenBSD/luna88k:

OpenBSD/luna88k:

OpenBSD/mvme68k:

OpenBSD/mvme68k:

OpenBSD/mvme88k:

OpenBSD/mvme88k:

OpenBSD/octeon:

OpenBSD/octeon:

OpenBSD/sgi:

OpenBSD/sgi:

OpenBSD/socppc:

OpenBSD/socppc:

OpenBSD/sparc:

OpenBSD/sparc:

OpenBSD/vax:

OpenBSD/vax:

OpenBSD/zaurus:

OpenBSD/zaurus:

Notes about the source code:

Notes about the source code:

How to upgrade

How to upgrade

Ports Tree

Ports Tree