Annotation of www/55.html, Revision 1.3
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.5 Release</title>
5: <meta name="resource-type" content="document">
6: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
7: <meta name="description" content="OpenBSD 5.5">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 2013 by OpenBSD.">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <a href="index.html">
16: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
17: <hr>
18:
19: <p>
20: <a href="images/Puffia.jpg">
21: <img align="left" width="227" height="343" hspace="24" vspace="30"
22: src="images/McFish.jpg" alt="OpenBSD 5.5 logo"></a>
23: <h2><font color="#0000e0">The OpenBSD 5.5 Release:</font></h2>
24: <p>
25: Released May 1, 2014<br>
26: Copyright 1997-2014, Theo de Raadt.<br>
27: <font color="#e00000">ISBN 978-0-9881561-3-5</font>
28: <br>
29: <a href="lyrics.html#55">5.5 Song: "Wrap in Time"</a>
30: <p>
31:
32: <a href="#new">What's New</a><br>
33: <a href="#install">How to install</a><br>
34: <a href="#upgrade">How to upgrade</a><br>
35: <a href="#ports">How to use the ports tree</a><br>
36: <a href="orders.html">Ordering a CD set</a><br>
37:
38: <p>
39: <h3><font color="#0000e0">To get the files for this release:</font></h3>
40: <p>
41: <ul>
42: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
43: <li>See the information on <a href="ftp.html">The FTP page</a> for
44: a list of mirror machines.
45: <li>Go to the <font color="#e00000">pub/OpenBSD/5.5/</font> directory on
46: one of the mirror sites.
47: <li>Briefly read the rest of this document.
48: <li>Have a look at <a href="errata55.html">The 5.5 Errata page</a> for a list
49: of bugs and workarounds.
50: <li>See a <a href="plus55.html">detailed log of changes</a> between the
51: 5.4 and 5.5 releases.
52: </ul>
53: <br clear=all>
54:
55: <strong>Note:</strong> All applicable copyrights and credits can be found
56: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
57: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution
58: files used to build packages from the ports.tar.gz file are not included on
59: the CDROM because of lack of space.
60: <p>
61:
62: <a name="new"></a>
63: <hr>
64: <p>
65: <h3><font color="#0000e0">What's New</font></h3>
66: <p>
67: This is a partial list of new features and systems included in OpenBSD 5.5.
68: For a comprehensive list, see the <a href="plus55.html">changelog</a> leading
69: to 5.5.
70: <p>
71:
72: <ul>
73: <li>New/extended platforms:</li>
74: <ul>
75: <li>...
76: </ul>
77: <p>
78:
79: <li>Improved hardware support, including:
80: <ul>
81: <li>...
82: </ul>
83: <p>
84:
85: <li>Generic network stack improvements:
86: <ul>
87: <li>...
88: </ul>
89: <p>
90:
91: <li>Routing daemons and other userland network improvements:
92: <ul>
93: <li>...
94: </ul>
95: <p>
96:
97: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> improvements:
98: <ul>
99: <li>...
100: </ul>
101: <p>
102:
103: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> improvements:
104: <ul>
105: <li>...
106: </ul>
107: <p>
108:
109: <li>OpenSMTPD 5.3.3:
110: <ul>
111: <li>...
112: </ul>
113: <p>
114:
115: <li>Performance improvements:
116: <ul>
117: <li>...
118: </ul>
119: <p>
120:
121: <li>Threading improvements:
122: <ul>
123: <li>...
124: </ul>
125: <p>
126:
127: <li>Assorted improvements:
128: <ul>
1.2 espie 129: <li>New in-memory file system, tmpfs
1.1 deraadt 130: </ul>
131: <p>
132:
1.3 ! sobrado 133: <li>OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
1.1 deraadt 134: <ul>
1.3 ! sobrado 135: <li>Security:
1.1 deraadt 136: <ul>
1.3 ! sobrado 137: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 138: when using environment passing with a
! 139: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
! 140: <tt>AcceptEnv</tt> pattern with a wildcard. OpenSSH prior to 6.6 could
! 141: be tricked into accepting any enviornment variable that contains the
! 142: characters before the wildcard character.
! 143: </ul>
! 144: <li>New/changed features:
! 145: <ul>
! 146: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 147: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 148: Add support for key exchange using <i>elliptic-curve Diffie Hellman</i>
! 149: in Daniel Bernstein's <i>Curve25519</i>. This key exchange method is
! 150: the default when both the client and server support it.
! 151: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 152: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 153: Add support for <i>ED25519</i> as a public key type. ED25519 is
! 154: a elliptic curve signature scheme that offers better security than
! 155: <i>ECDSA</i> and <i>DSA</i> and good performance. It may be used for
! 156: both <i>user</i> and <i>host</i> keys.
! 157: <li>Add a new private key format that uses a <i>bcrypt KDF</i> to better
! 158: protect keys at rest. This format is used unconditionally for
! 159: ED25519 keys, but may be requested when generating or saving
! 160: existing keys of other types via the <tt>-o</tt>
! 161: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>
! 162: option. We intend to make the new format the default in the near
! 163: future. Details of the new format are in the <tt>PROTOCOL.key</tt>
! 164: file.
! 165: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 166: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 167: Add a new transport cipher "chacha20-poly1305@openssh.com" that
! 168: combines Daniel Bernstein's <i>ChaCha20</i> stream cipher and
! 169: <i>Poly1305 MAC</i> to build an authenticated encryption mode. Details
! 170: are in the <tt>PROTOCOL.chacha20poly1305</tt> file.
! 171: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 172: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 173: Refuse <i>RSA</i> keys from old proprietary clients and servers that
! 174: use the obsolete <i>RSA+MD5</i> signature scheme. It will still be
! 175: possible to connect with these clients/servers but <b>only DSA keys
! 176: will be accepted, and OpenSSH will refuse connection entirely in a
! 177: future release</b>.
! 178: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 179: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 180: Refuse old proprietary clients and servers that use a weaker key
! 181: exchange hash calculation.
! 182: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 183: Increase the size of the <i>Diffie-Hellman groups</i> requested for
! 184: each symmetric key size. New values from <i>NIST Special Publication
! 185: 800-57</i> with the upper limit specified by <i>RFC 4419</i>.
! 186: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 187: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
! 188: Support <i>PKCS#11</i> tokens that only provide <i>X.509</i> certs
! 189: instead of raw public keys. (requested as bz#1908)
! 190: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 191: Add a
! 192: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
! 193: <tt>Match</tt> keyword that allows conditional configuration to be
! 194: applied by matching on <i>hostname</i>, <i>user</i> and <i>result of
! 195: arbitrary commands</i>.
! 196: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 197: Add support for <i>client-side hostname canonicalisation</i> using a
! 198: set of <i>DNS suffixes</i> and rules in
! 199: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>.
! 200: This allows unqualified names to be canonicalised to fully-qualified
! 201: domain names to eliminate ambiguity when looking up keys in
! 202: <tt>known_hosts</tt> or checking host certificate names.
! 203: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
! 204: Add the ability to whitelist and/or blacklist sftp protocol requests by
! 205: name.
! 206: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
! 207: Add a sftp "fsync@openssh.com" to support calling
! 208: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsync&sektion=2">fsync(2)</a>
! 209: on an open file handle.
! 210: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 211: Add a
! 212: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
! 213: <tt>PermitTTY</tt> to disallow <i>TTY</i> allocation, mirroring the
! 214: longstanding <tt>no-pty</tt> <tt>authorized_keys</tt> option.
! 215: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 216: Add a
! 217: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
! 218: <tt>ProxyUseFDPass</tt> option that supports the use of
! 219: <tt>ProxyCommands</tt> that establish a connection and then pass a
! 220: connected file descriptor back to
! 221: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 222: This allows the <tt>ProxyCommand</tt> to exit rather than staying
! 223: around to transfer data.
! 224: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 225: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 226: this release removes the <i>J-PAKE</i> authentication code. This code
! 227: was experimental, never enabled and had been unmaintained for some
! 228: time.
! 229: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 230: when processing <tt>Match</tt> blocks, skip '<tt>exec</tt>' clauses
! 231: other clauses predicates failed to match.
! 232: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 233: if hostname canonicalisation is enabled and results in the destination
! 234: hostname being changed, then re-parse
! 235: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
! 236: files using the new destination hostname. This gives '<tt>Host</tt>'
! 237: and '<tt>Match</tt>' directives that use the expanded hostname a chance
! 238: to be applied.
1.1 deraadt 239: </ul>
240: <li>The following significant bugs have been fixed in this release:
241: <ul>
1.3 ! sobrado 242: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 243: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 244: Fix potential stack exhaustion caused by nested certificates.
! 245: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 246: make <tt>BindAddress</tt> work with <tt>UsePrivilegedPort</tt>.
! 247: (bz#1211)
! 248: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
! 249: fix the progress meter for resumed transfer. (bz#2137)
! 250: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>:
! 251: do not request smartcard PIN when removing keys from
! 252: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
! 253: (bz#2187)
! 254: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 255: fix re-exec fallback when original
! 256: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
! 257: binary cannot be executed. (bz#2139)
! 258: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
! 259: Make relative-specified certificate expiry times relative to current
! 260: time and not the validity start time.
! 261: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 262: fix <tt>AuthorizedKeysCommand</tt> inside a <tt>Match</tt> block.
! 263: (bz#2161)
! 264: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
! 265: symlinking a file would incorrectly canonicalise the target path.
! 266: (bz#2129)
! 267: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
! 268: fix a use-after-free in the PKCS#11 agent helper executable.
! 269: (bz#2175)
! 270: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 271: Improve logging of sessions to include the <i>user name</i>, <i>remote
! 272: host</i> and <i>port</i>, the <i>session type</i> (shell, command,
! 273: etc.) and <i>allocated TTY</i> (if any).
! 274: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 275: tell the client (via a debug message) when their preferred listen
! 276: address has been overridden by the server's <tt>GatewayPorts</tt>
! 277: setting. (bz#1297)
! 278: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 279: include report port in bad protocol banner message. (bz#2162)
! 280: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
! 281: fix memory leak in error path in <i>do_readdir()</i>. (bz#2163)
! 282: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
! 283: don't leak file descriptor on error. (bz#2171)
! 284: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 285: include the <i>local address</i> and <i>port</i> in "<tt>Connection
! 286: from ...</tt>" message. (only shown at <i>loglevel>=verbose</i>)
! 287: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 288: avoid spurious "<tt>getsockname failed: Bad file descriptor</tt>" in
! 289: <tt>ssh -W</tt>. (bz#2200, debian#738692)
! 290: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 291: allow the
! 292: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shutdown&sektion=2">shutdown(2)</a>
! 293: syscall in seccomp-bpf and systrace sandbox modes, as it is reachable
! 294: if the connection is terminated during the pre-auth phase.
! 295: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 296: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 297: fix unsigned overflow that in <i>SSH protocol 1 bignum parsing</i>.
! 298: Minimum key length checks render this bug unexploitable to compromise
! 299: SSH 1 sessions.
! 300: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
! 301: clarify behaviour of a keyword that appears in multiple matching
! 302: <tt>Match</tt> blocks. (bz#2184)
! 303: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 304: avoid unnecessary hostname lookups when canonicalisation is disabled.
! 305: (bz#2205)
! 306: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 307: avoid sandbox violation crashes in GSSAPI code by caching the supported
! 308: list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
! 309: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 310: fix possible crashes in SOCKS4 parsing caused by assumption that the
! 311: SOCKS username is nul-terminated.
! 312: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 313: fix regression for <tt>UsePrivilegedPort=yes</tt> when
! 314: <tt>BindAddress</tt> is not specified.
! 315: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
! 316: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
! 317: fix memory leak in ECDSA signature verification.
! 318: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
! 319: fix matching of '<tt>Host</tt>' directives in
! 320: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
! 321: files to be case-insensitive again. (regression in 6.5)
1.1 deraadt 322: </ul>
323: </ul>
324: <p>
325:
1.2 espie 326: <li>Major overhaul of the package tools:
1.1 deraadt 327: <ul>
1.2 espie 328: <li>Much better memory usage
329: <li>pkg_add now trusts signed packages only by default
1.1 deraadt 330: </ul>
1.2 espie 331: <li>Over 8,700 ports
1.1 deraadt 332: <p>
1.2 espie 333: <li>The build process now allows some limited capability for
334: building conflicting packages, yielding kde4 packages as a result,
335: along with kde3.
1.1 deraadt 336: <li>Many pre-built packages for each architecture:
337: <table border=0 cellspacing=0 cellpadding=2 width="95%">
338: <tr>
339: <td valign="top" width="25%">
340: <ul>
341: <li>i386: 8468
342: <li>sparc64: XXXX
343: <li>alpha: XXXX
344: <li>m68k: XXXX
345: </ul></td><td valign=top width="25%"><ul>
346: <li>sh: XXXX
347: <li>amd64: 8534
348: <li>powerpc: 8057
349: <li>m88k: XXXX
350: </ul></td><td valign=top width="25%"><ul>
351: <li>sparc: XXXX
352: <li>arm: XXXX
353: <li>hppa: 6549
354: </ul></td><td valign=top width="25%"><ul>
355: <li>vax: XXXX
356: <li>mips64: XXXX
357: <li>mips64el: XXXX
358: </ul></td></tr></table>
359: <p>
360:
361: <li>Some highlights:
362: <ul>
363: <li>GNOME 3.8.3 <li>KDE 3.5.10
1.2 espie 364: <li>KDE 4.11.5
1.1 deraadt 365: <li>Xfce 4.10 <li>MySQL 5.1.70
366: <li>PostgreSQL 9.2.4 <li>Postfix 2.10.1
367: <li>OpenLDAP 2.3.43 and 2.4.35 <li>Mozilla Firefox 3.6.28 and 22.0
368: <li>Mozilla Thunderbird 17.0.7 <li>GHC 7.6.3
369: <li>LibreOffice 4.0.4.2 <li>Emacs 21.4 and 24.3
370: <li>Vim 7.3.850 <li>PHP 5.2.17 and 5.3.27
371: <li>Python 2.7.5 and 3.3.2 <li>Ruby 1.8.7.374, 1.9.3.448 and 2.0.0.247
372: <li>Tcl/Tk 8.4.20, 8.5.14 and 8.6.0 <li>JDK 1.6.0.32 and 1.7.0.21
1.2 espie 373: <li>Mono 2.10.9 <li>Chromium 32.0.1700.102
1.1 deraadt 374: <li>Groff 1.22.2 <li>Go 1.1.1
375: <li>GCC 4.6.4 and 4.8.1 <li>LLVM/Clang 3.3
376: <li>Node.js 0.10.12
377: </ul>
378: <p>
379:
380: <li>As usual, steady improvements in manual pages and other documentation.
381: <p>
382:
383: <li>The system includes the following major components from outside suppliers:
384: <ul>
385: <li>Xenocara (based on X.Org 7.7 with xserver 1.14.1 + patches,
386: freetype 2.4.12, fontconfig 2.10.91, Mesa 7.11.2, xterm 293,
387: xkeyboard-config 2.7 and more)
388: <li>Gcc 4.2.1 (+patches), 3.3.6 (+ patches) and 2.95.3 (+ patches)
389: <li>Perl 5.16.3 (+ patches)
390: <li>Our improved and secured version of Apache 1.3, with
391: SSL/TLS and DSO support
392: <li>Nginx 1.4.1 (+ patches)
393: <li>OpenSSL 1.0.1c (+ patches)
394: <li>SQLite 3.7.17 (+ patches)
395: <li>Sendmail 8.14.7, with libmilter
396: <li>Bind 9.4.2-P2 (+ patches)
397: <li>NSD 3.2.15
398: <li>Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
399: <li>Sudo 1.7.2p8
400: <li>Ncurses 5.7
401: <li>Heimdal 1.5.2 (+ patches)
402: <li>Binutils 2.15 (+ patches)
403: <li>Gdb 6.3 (+ patches)
404: <li>Less 444 (+ patches)
405: <li>Awk Aug 10, 2011 version
406: </ul>
407:
408: </ul>
409:
410: <a name="install"></a>
411: <hr>
412: <p>
413: <h3><font color="#0000e0">How to install</font></h3>
414: <p>
415: Following this are the instructions which you would have on a piece of
416: paper if you had purchased a CDROM set instead of doing an alternate
417: form of install. The instructions for doing an FTP (or other style
418: of) install are very similar; the CDROM instructions are left intact
419: so that you can see how much easier it would have been if you had
420: purchased a CDROM instead.
421: <p>
422:
423: <hr>
424: Please refer to the following files on the three CDROMs or FTP mirror for
425: extensive details on how to install OpenBSD 5.5 on your machine:
426: <p>
427: <ul>
428: <li>CD1:5.5/i386/INSTALL.i386
429: <li>CD1:5.5/vax/INSTALL.vax
430: <p>
431: <li>CD2:5.5/amd64/INSTALL.amd64
432: <li>CD2:5.5/macppc/INSTALL.macppc
433: <li>CD2:5.5/hppa/INSTALL.hppa
434: <p>
435: <li>CD3:5.5/sparc64/INSTALL.sparc64
436: <li>CD3:5.5/sparc/INSTALL.sparc
437: <p>
438: <li>FTP:.../OpenBSD/5.5/alpha/INSTALL.alpha
439: <li>FTP:.../OpenBSD/5.5/armish/INSTALL.armish
440: <li>FTP:.../OpenBSD/5.5/armv7/INSTALL.armv7
441: <li>FTP:.../OpenBSD/5.5/beagle/INSTALL.beagle
442: <li>FTP:.../OpenBSD/5.5/hp300/INSTALL.hp300
443: <li>FTP:.../OpenBSD/5.5/hppa/INSTALL.hppa
444: <li>FTP:.../OpenBSD/5.5/landisk/INSTALL.landisk
445: <li>FTP:.../OpenBSD/5.5/loongson/INSTALL.loongson
446: <li>FTP:.../OpenBSD/5.5/luna88k/INSTALL.luna88k
447: <li>FTP:.../OpenBSD/5.5/macppc/INSTALL.macppc
448: <li>FTP:.../OpenBSD/5.5/mvme68k/INSTALL.mvme68k
449: <li>FTP:.../OpenBSD/5.5/mvme88k/INSTALL.mvme88k
450: <li>FTP:.../OpenBSD/5.5/octeon/INSTALL.octeon
451: <li>FTP:.../OpenBSD/5.5/sgi/INSTALL.sgi
452: <li>FTP:.../OpenBSD/5.5/socppc/INSTALL.socppc
453: <li>FTP:.../OpenBSD/5.5/sparc/INSTALL.sparc
454: <li>FTP:.../OpenBSD/5.5/vax/INSTALL.vax
455: <li>FTP:.../OpenBSD/5.5/zaurus/INSTALL.zaurus
456: </ul>
457: <hr>
458:
459: <p>
460: Quick installer information for people familiar with OpenBSD, and the
461: use of the "disklabel -E" command. If you are at all confused when
462: installing OpenBSD, read the relevant INSTALL.* file as listed above!
463: <p>
464:
465: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
466: <ul>
467: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
468: release is on CD1. If your BIOS does not support booting from CD, you will need
469: to create a boot floppy to install from. To create a boot floppy write
470: <i>CD1:5.5/i386/floppy55.fs</i> to a floppy and boot via the floppy drive.
471:
472: <p>
473: Use <i>CD1:5.5/i386/floppyB55.fs</i> instead for greater SCSI controller
474: support, or <i>CD1:5.5/i386/floppyC55.fs</i> for better laptop support.
475:
476: <p>
477: If you can't boot from a CD or a floppy disk,
478: you can install across the network using PXE as described in
479: the included INSTALL.i386 document.
480:
481: <p>
482: If you are planning on dual booting OpenBSD with another OS, you will need to
483: read INSTALL.i386.
484:
485: <p>
486: To make a boot floppy under MS-DOS, use the "rawrite" utility located
487: at <i>CD1:5.5/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
488: use the
489: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
490: utility. The following is an example usage of
491: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
492: where the device could be "floppy", "rfd0c", or
493: "rfd0a".
494:
495: <ul><pre>
496: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
497: </pre></ul>
498:
499: <p>
500: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
501: your install will most likely fail. For more information on creating a boot
502: floppy and installing OpenBSD/i386 please refer to
503: <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
504: </ul>
505:
506: <p>
507: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
508: <ul>
509: The 5.5 release of OpenBSD/amd64 is located on CD2.
510: Boot from the CD to begin the install - you may need to adjust
511: your BIOS options first.
512: If you can't boot from the CD, you can create a boot floppy to install from.
513: To do this, write <i>CD2:5.5/amd64/floppy55.fs</i> to a floppy, then
514: boot from the floppy drive.
515:
516: <p>
517: If you can't boot from a CD or a floppy disk,
518: you can install across the network using PXE as described in the included
519: INSTALL.amd64 document.
520:
521: <p>
522: If you are planning to dual boot OpenBSD with another OS, you will need to
523: read INSTALL.amd64.
524: </ul>
525:
526: <p>
527: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
528: <ul>
529: Burn the image from the FTP site to a CDROM, and power on your machine
530: while holding down the <i>C</i> key until the display turns on and
531: shows <i>OpenBSD/macppc boot</i>.
532:
533: <p>
534: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
535: /5.5/macppc/bsd.rd</i>
536: </ul>
537:
538: <p>
539: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
540: <ul>
541: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
542:
543: <p>
544: If this doesn't work, or if you don't have a CDROM drive, you can write
545: <i>CD3:5.5/sparc64/floppy55.fs</i> or <i>CD3:5.5/sparc64/floppyB55.fs</i>
546: (depending on your machine) to a floppy and boot it with <i>boot
547: floppy</i>. Refer to INSTALL.sparc64 for details.
548:
549: <p>
550: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
551: will most likely fail.
552:
553: <p>
554: You can also write <i>CD3:5.5/sparc64/miniroot55.fs</i> to the swap partition on
555: the disk and boot with <i>boot disk:b</i>.
556:
557: <p>
558: If nothing works, you can boot over the network as described in INSTALL.sparc64.
559: </ul>
560:
561: <p>
562: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
563: <ul>
564: <p>Write <i>FTP:5.5/alpha/floppy55.fs</i> or
565: <i>FTP:5.5/alpha/floppyB55.fs</i> (depending on your machine) to a diskette and
566: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
567:
568: <p>
569: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
570: will most likely fail.
571:
572: </ul>
573:
574: <p>
575: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
576: <ul>
577: <p>
578: After connecting a serial port, Thecus can boot directly from the network
579: either tftp or http. Configure the network using fconfig, reset,
580: then load bsd.rd, see INSTALL.armish for specific details.
581: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
582: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
583: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
584: More details are available in INSTALL.armish.
585: </ul>
586:
587: <p>
588: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
589: <ul>
590: <p>
591: Boot over the network by following the instructions in INSTALL.hp300.
592: </ul>
593:
594: <p>
595: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
596: <ul>
597: <p>
598: Boot over the network by following the instructions in INSTALL.hppa or the
599: <a href="hppa.html#install">hppa platform page</a>.
600: </ul>
601:
602: <p>
603: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
604: <ul>
605: <p>
606: Write <i>miniroot55.fs</i> to the start of the CF
607: or disk, and boot normally.
608: </ul>
609:
610: <p>
611: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
612: <ul>
613: <p>
614: Write <i>miniroot55.fs</i> to a USB stick and boot bsd.rd from it
615: or boot bsd.rd via tftp.
616: Refer to the instructions in INSTALL.loongson for more details.
617: </ul>
618: <p>
619:
620: <p>
621: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
622: <ul>
623: <p>
624: Copy bsd.rd to a Mach or UniOS partition, and boot it from the PROM.
625: Alternatively, you can create a bootable tape and boot from it. Refer to
626: the instructions in INSTALL.luna88k for more details.
627: </ul>
628:
629: <p>
630: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
631: <ul>
632: <p>
633: You can create a bootable installation tape or boot over the network.<br>
634: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
635: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
636: for more details.
637: </ul>
638:
639: <p>
640: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
641: <ul>
642: <p>
643: You can create a bootable installation tape or boot over the network.<br>
644: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
645: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
646: for more details.
647: </ul>
648:
649: <p>
650: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
651: <ul>
652: <p>
653: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
654: Refer to the instructions in INSTALL.octeon for more details.
655: </ul>
656:
657: <p>
658: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
659: <ul>
660: <p>
661: To install on an O2, burn cd55.iso on a CD-R, put it in the CD drive of your
662: machine and select <i>Install System Software</i> from the System Maintenance
663: menu.
664:
665: <p>
666: On other systems, or if your machine doesn't have a CD drive, you can
667: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
668: the kernel matching your system type.
669: Refer to the instructions in INSTALL.sgi for more details.
670: </ul>
671:
672: <p>
673: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
674: <ul>
675: <p>
676: After connecting a serial port, boot over the network via DHCP/tftp.
677: Refer to the instructions in INSTALL.socppc for more details.
678: </ul>
679:
680: <p>
681: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
682: <ul>
683: Boot from one of the provided install ISO images, using one of the two
684: commands listed below, depending on the version of your ROM.
685:
686: <ul><pre>
687: ok <strong>boot cdrom 5.5/sparc/bsd.rd</strong>
688: or
689: > <strong>b sd(0,6,0)5.5/sparc/bsd.rd</strong>
690: </pre></ul>
691:
692: <p>
693: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
694: To do so you need to write <i>floppy55.fs</i> to a floppy.
695: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
696: To boot from the floppy use one of the two commands listed below,
697: depending on the version of your ROM.
698:
699: <ul><pre>
700: ok <strong>boot floppy</strong>
701: or
702: > <strong>b fd()</strong>
703: </pre></ul>
704:
705: <p>
706: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
707: will most likely fail.
708:
709: <p>
710: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
711: setup a bootable tape, or install via network, as told in the
712: INSTALL.sparc file.
713: </ul>
714:
715: <p>
716: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
717: <ul>
718: Boot over the network via mopbooting as described in INSTALL.vax.
719: </ul>
720:
721: <p>
722: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
723: <ul>
724: <p>
725: Using the Linux built-in graphical ipkg installer, install the
726: openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
727: for a few important details.
728: </ul>
729:
730: <p>
731: <h3><font color="#e00000">Notes about the source code:</font></h3>
732: <ul>
733: src.tar.gz contains a source archive starting at /usr/src. This file
734: contains everything you need except for the kernel sources, which are
735: in a separate archive. To extract:
736: <p>
737: <ul><pre>
738: # <strong>mkdir -p /usr/src</strong>
739: # <strong>cd /usr/src</strong>
740: # <strong>tar xvfz /tmp/src.tar.gz</strong>
741: </pre></ul>
742: <p>
743: sys.tar.gz contains a source archive starting at /usr/src/sys.
744: This file contains all the kernel sources you need to rebuild kernels.
745: To extract:
746: <p>
747: <ul><pre>
748: # <strong>mkdir -p /usr/src/sys</strong>
749: # <strong>cd /usr/src</strong>
750: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
751: </pre></ul>
752: <p>
753: Both of these trees are a regular CVS checkout. Using these trees it
754: is possible to get a head-start on using the anoncvs servers as
755: described <a href="anoncvs.html">here</a>.
756: Using these files
757: results in a much faster initial CVS update than you could expect from
758: a fresh checkout of the full OpenBSD source tree.
759: <p>
760: </ul>
761:
762: <a name="upgrade"></a>
763: <hr>
764: <p>
765: <h3><font color="#0000e0">How to upgrade</font></h3>
766: <p>
767: If you already have an OpenBSD 5.4 system, and do not want to reinstall,
768: upgrade instructions and advice can be found in the
769: <a href="faq/upgrade55.html">Upgrade Guide</a>.
770:
771: <a name="ports"></a>
772: <hr>
773: <p>
774: <h3><font color="#0000e0">Ports Tree</font></h3>
775: <p>
776: A ports tree archive is also provided. To extract:
777: <p>
778: <ul><pre>
779: # <strong>cd /usr</strong>
780: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
781: </pre></ul>
782: <p>
783: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
784: read the <a href="faq/ports/index.html">ports</a> page
785: if you know nothing about ports
786: at this point. This text is not a manual of how to use ports.
787: Rather, it is a set of notes meant to kickstart the user on the
788: OpenBSD ports system.
789: <p>
790: The <i>ports/</i> directory represents a CVS (see the manpage for
791: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
792: cvs(1)</a> if
793: you aren't familiar with CVS) checkout of our ports. As with our complete
794: source tree, our ports tree is available via
795: <a href="anoncvs.html">AnonCVS</a>.
796: So, in order to keep current with it, you must make the <i>ports/</i> tree
797: available on a read-write medium and update the tree with a command
798: like:
799: <p>
800: <ul><pre>
801: # <strong>cd /usr/ports</strong>
802: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5</strong>
803: </pre></ul>
804: <p>
805: [Of course, you must replace the server name here with a nearby anoncvs
806: server.]
807: <p>
808: Note that most ports are available as packages through FTP. Updated
809: packages for the 5.5 release will be made available if problems arise.
810: <p>
811: If you're interested in seeing a port added, would like to help out, or just
812: would like to know more, the mailing list
813: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
814: <p>
815: </body>
816: </html>