Annotation of www/55.html, Revision 1.40
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
1.14 deraadt 4: <title>OpenBSD 5.5</title>
1.1 deraadt 5: <meta name="resource-type" content="document">
6: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
7: <meta name="description" content="OpenBSD 5.5">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 2013 by OpenBSD.">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <a href="index.html">
16: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
1.33 deraadt 17: <p>
1.1 deraadt 18:
1.22 deraadt 19: <a href="images/McFishy.jpg">
20: <img align="left" width="227" height="343" hspace="24" src="images/McFishy.jpg"></a>
1.14 deraadt 21: <h2><font color="#0000e0">OpenBSD 5.5</font></h2>
1.1 deraadt 22: <p>
1.14 deraadt 23: To be released May 1, 2014<br>
1.1 deraadt 24: Copyright 1997-2014, Theo de Raadt.<br>
25: <font color="#e00000">ISBN 978-0-9881561-3-5</font>
26: <br>
27: <a href="lyrics.html#55">5.5 Song: "Wrap in Time"</a>
28: <p>
29:
30: <ul>
31: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
32: <li>See the information on <a href="ftp.html">The FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <font color="#e00000">pub/OpenBSD/5.5/</font> directory on
35: one of the mirror sites.
36: <li>Briefly read the rest of this document.
37: <li>Have a look at <a href="errata55.html">The 5.5 Errata page</a> for a list
38: of bugs and workarounds.
39: <li>See a <a href="plus55.html">detailed log of changes</a> between the
40: 5.4 and 5.5 releases.
41: </ul>
42: <br clear=all>
1.14 deraadt 43: <p>
44: All applicable copyrights and credits can be found in the applicable
45: file sources found in the files src.tar.gz, sys.tar.gz,
46: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
47: distribution files used to build packages from the ports.tar.gz file
48: are not included on the CDROM because of lack of space.
1.1 deraadt 49: <p>
50:
51: <a name="new"></a>
52: <hr>
53: <p>
54: <h3><font color="#0000e0">What's New</font></h3>
55: <p>
56: This is a partial list of new features and systems included in OpenBSD 5.5.
57: For a comprehensive list, see the <a href="plus55.html">changelog</a> leading
58: to 5.5.
59: <p>
60:
61: <ul>
1.24 guenther 62: <li>time_t is now 64 bits on all platforms.
63: While many filesystems are limited to 32 bits and thus cannot be
64: used to store times after Tue Jan 19 03:14:07 2038 UTC,
65: most system operations can now support times after that.
1.15 tedu 66: <li>Releases and packages are now cryptographically signed with the
1.10 tedu 67: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1">signify(1)</a> utility.
68: <ul>
69: <li>The installer will verify all sets before installing.
1.23 deraadt 70: <li>Installing without verification works, but is discouraged.
71: <li>Users are advised to verify the installer (bsd.rd, install55.iso, etc.)
72: ahead of time using the
1.25 deraadt 73: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1#end">signify(1)</a> tool if available.
1.23 deraadt 74: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> now trusts signed packages only by default.
1.10 tedu 75: </ul>
1.27 benno 76: <li>The installer now supports a scriptable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=autoinstall&sektion=8">auto-installation</a> method.
1.10 tedu 77: <p>
78:
1.8 tedu 79: <li>New/extended platforms:
1.1 deraadt 80: <ul>
1.32 miod 81: <li><a href="alpha.html">OpenBSD/alpha</a>:
82: <ul>
83: <li>Multiprocessor support.
84: </ul>
85: <li><a href="aviion.html">OpenBSD/aviion</a>:
86: <ul>
87: <li>First self-hosting release for 88100-based AViiON systems.
88: </ul>
1.39 lteo 89: <li><a href="armv7.html">OpenBSD/armv7</a> replaces OpenBSD/beagle.
1.1 deraadt 90: </ul>
91: <p>
92:
93: <li>Improved hardware support, including:
94: <ul>
1.5 jsg 95: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmx&sektion=4">vmx(4)</a>
96: driver for VMware VMXNET3 Virtual Interface Controller devices.
97: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmwpvs&sektion=4">vmwpvs(4)</a>
98: driver for VMware Paravirtual SCSI.
99: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vioscsi&sektion=4">vioscsi(4)</a>
100: driver for VirtIO SCSI adapters.
101: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=viornd&sektion=4">viornd(4)</a>
102: driver for VirtIO random number devices.
103: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubcmtp&sektion=4">ubcmtp(4)</a>
104: driver for Broadcom multi-touch trackpads.
105: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ugold&sektion=4">ugold(4)</a>
106: driver for TEMPer gold HID thermometers.
107: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ugl&sektion=4">ugl(4)</a>
108: driver for Genesys Logic based USB host-to-host adapters.
109: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radeondrm&sektion=4">radeondrm(4)</a>
110: has been overhauled, including:
111: <ul>
112: <li>New port of the Radeon code in Linux 3.8.13.19.
113: <li>Support for Kernel Mode Setting (KMS) including support for
114: additional output types such as DisplayPort.
115: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a>
116: now attaches to
117: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radeondrm&sektion=4">radeondrm(4)</a>
118: and provides a framebuffer console.
119: </ul>
120: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inteldrm&sektion=4">inteldrm(4)</a>
1.20 sthen 121: has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes.
1.5 jsg 122: <li>Support for Intel 8 Series Ethernet with i217/i218 PHYs, and
123: i210/i211/i354 has been added to
124: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>.
125: <li>Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to
126: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iwn&sektion=4">iwn(4)</a>.
1.28 chris 127: <li>Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, ARC-1284 has been added to
128: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc&sektion=4">arc(4)</a>.
1.38 deraadt 129: <li>Further reliability improvements regarding suspend/resume and hibernation.
1.1 deraadt 130: </ul>
131: <p>
132:
133: <li>Generic network stack improvements:
134: <ul>
1.17 jsg 135: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vxlan&sektion=4">vxlan(4)</a>
136: a virtual extensible local area network tunnel interface.
1.19 florian 137: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflow&sektion=4">pflow(4)</a>
138: sends 64 bit time values for pflowproto 10. The changed templates /
139: flows for pflowproto 10 are now parseable by existing receivers.
1.34 lteo 140: <li>Continued improvement of the checksum offload framework to streamline
141: the calculation of TCP, UDP, ICMP, and ICMPv6 checksums.
1.1 deraadt 142: <li>...
143: </ul>
144: <p>
145:
146: <li>Routing daemons and other userland network improvements:
147: <ul>
1.13 tedu 148: <li>The popa3d POP3 server has been removed.
1.17 jsg 149: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntpctl&sektion=8">ntpctl(8)</a>
150: a program to control the Network Time Protocol daemon.
1.19 florian 151: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=slowcgi&sektion=8">slowcgi(8)</a>
152: now works with a high number of concurrent connections.
1.39 lteo 153: <li>The inetd-based identd has been replaced by a new libevent-based
154: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a>.
155: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>
156: can now detect bad ICMP and ICMPv6 checksums when used with the -v flag.
1.1 deraadt 157: </ul>
158: <p>
159:
1.34 lteo 160: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> improvements:
161: <ul>
162: <li>New queueing system with new syntax.
163: <li>The "received-on" parameter can now be used with the "any" keyword to
164: match any existing interface except loopback ones.
1.36 lteo 165: <li>The block policy in the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> is now "block return".
1.34 lteo 166: </ul>
167: <p>
168:
1.7 deraadt 169: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> improvements:
1.1 deraadt 170: <ul>
1.30 krw 171: <li>no longer create a route to the bound address via 127.0.0.1.
172: <li>the options dhcp-lease-time, dhcp-rebinding-time, and dhcp-renewal-time can now be configured in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient.conf&sektion=5">dhclient.conf(5)</a>.
173: <li>'next-server' (a.k.a. siaddr) info now saved in lease files.
174: <li>fall back to broadcasting when unicast renewal fails, as specified in
175: RFC 2131 and friends.
176: <li>fix various problems in communications between privileged and non-privileged processes.
177: <li>fix many abuses of memcpy.
178: <li>stop pretending we still support FDDI or token ring hardware types.
179: <li>fix classless static routes option handling and add syntax to parse human readable forms.
180: <li>fix 'effective' lease created by '-L' to have correct address, next_server, timestamp, and resolv_conf fields.
181: <li>fix handling of non-printable characters in lease file strings.
182: <li>fix many edge cases in config file and lease parsing and ensure error messages refer to correct position in erroneous line.
183: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> can now override anything in an offer or saved lease when creating the effective lease, in particular 'fixed-address', 'next-server', 'filename' and 'server-name'.
184: <li>fix parsing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> statements 'fixed-address' and
185: 'next-server'.
186: <li>log failures to fchmod() or fchown() files being written.
187: <li>create lease files with permissions 0640.
188: <li>fix possible failure to write <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5">resolv.conf(5)</a> when -L is used.
189: <li>'send dhcp-client-identifier "";' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient.conf&sektion=5">dhclient.conf(5)</a> will result in no dhcp-client-identifier (option 61) being sent.
1.1 deraadt 190: </ul>
191: <p>
192:
1.17 jsg 193: <li>OpenSMTPD 5.4.2:
1.1 deraadt 194: <ul>
195: <li>...
196: </ul>
197: <p>
198:
1.16 jsg 199: <li>Security improvements:
200: <ul>
1.23 deraadt 201: <li>Position-independent executables (PIE) are now used by default on i386.
1.17 jsg 202: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a>
203: functions now use the ChaCha20 cipher.
1.18 tedu 204: <li>The kernel random number system is initially seeded by the bootloader,
205: providing better random very early.
1.38 deraadt 206: <li>Kernel stack protector is also seeded via the same mechanism, providing
207: protection earlier.
1.17 jsg 208: <li>-Wbounded is now enabled in GCC by default.
209: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=explicit_bzero&sektion=3">explicit_bzero(3)</a>.
1.16 jsg 210: </ul>
211: <p>
212:
1.1 deraadt 213: <li>Performance improvements:
214: <ul>
1.11 tedu 215: <li>Relations between the buffer cache and swap daemon have been improved.
1.1 deraadt 216: </ul>
217: <p>
218:
219: <li>Threading improvements:
220: <ul>
1.12 tedu 221: <li>Interprocess semaphores via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sem_open&sektion=3">sem_open(3)</a>.
1.26 guenther 222: <li>Running threaded processes under a debugger no longer causes panics.
223: <li>SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered.
224: <li>Thread stacks now have a random bias.
225: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fork&sektion=2">fork(2)</a> no longer changes the pthread_t of the forking thread in the child.
226: <li>Signaling races eliminated from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_kill&sektion=3">pthread_kill(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_cancel&sektion=3">pthread_cancel(3)</a>.
1.1 deraadt 227: </ul>
228: <p>
229:
230: <li>Assorted improvements:
231: <ul>
1.29 deraadt 232: <li>New in-memory file system, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_tmpfs&sektion=8">tmpfs</a>.
1.37 sobrado 233: <li>Many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fuse&sektion=4">fuse(4)</a> improvements and stability fixes.
1.29 deraadt 234: <li>Added POSIX required <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nl&sektion=1">nl(1)</a> utility.
1.16 jsg 235: <li>OpenBSD/vax has switched to GCC 3.
1.26 guenther 236: <li>Replaced <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getdirentries&sektion=2&manpath=OpenBSD+5.4">getdirentries(2)</a> with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getdents&sektion=2">getdents(2)</a>, vastly improving the performance and memory usage of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telldir&sektion=3">telldir(3)</a>.
237: <li>amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency.
1.29 deraadt 238: <li>Added support for CLOCK_UPTIME.
1.26 guenther 239: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcgetsid&sektion=3">tcgetsid(3)</a>.
240: <li>clock_t is now a 64 bit type, so it no longer wraps around in only 248 days.
241: <li>ino_t is now a 64 bit type, mostly to support large NFS filesystems.
242: <li>Corrected handling of UTIME_OMIT.
1.37 sobrado 243: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested.
1.26 guenther 244: <li>Corrected handling of shared-library destructors when libc is staticly linked.
1.29 deraadt 245: <li>Disk images which can be written to a USB flash (miniroot55.fs and install55.fs) are now provided for i386 and amd64.
1.31 krw 246: <li>Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits.
247: <li>Corrected <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=growfs&sektion=8">growfs(8)</a> to handle non-512-byte sectors and disk sizes greater than 32-bits.
248: <li>All CIRCLEQ uses replaced with TAILQ.
249: <li>Preserve and honour changes to the OpenBSD bounds in a disklabel.
250: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8">fdisk(8)</a> now always writes a good signature when MBR is written to disk.
251: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> now writes the disklabel to the correct location on non-512-byte sector devices.
252: <li>Correctly parse nwid's with embedded blanks during install.
253: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=athn&sektion=4">athn(4)</a> tick calculations to eliminate excessive timeouts.
254: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> to set any partition, including 'C', to type UNUSED.
1.34 lteo 255: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha512&sektion=1">sha512(1)</a> tool to calculate and verify the SHA-512 checksums of files.
256: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha256&sektion=1">sha256(1)</a> and related tools
257: (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cksum&sektion=1">cksum(1)</a>,
258: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md5&sektion=1">md5(1)</a>,
259: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha1&sektion=1">sha1(1)</a>, and
260: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha512&sektion=1">sha512(1)</a>)
261: now support a new -h flag to place the checksum into a specified hash file instead of stdout.
262: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha256&sektion=1">sha256(1)</a> and related tools now support a new -C flag that allows the verification of selected files in a checklist.
263: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha256&sektion=1">sha256(1)</a> and related tools will now print MISSING if they encounter non-existent files in a checklist.
1.40 ! stsp 264: <li>Rewritten
! 265: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=installboot&sektion=8">installboot(8)</a>
! 266: utility aiming for a unified implementation across platforms. Currently used by i386 and amd64 platforms only.
! 267: <li>i386 and amd64 platforms can now boot from keydisk-based <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4">softraid(4)</a> crypto volumes.
! 268: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4">softraid(4)</a> to work with partitions larger than 2TB.
! 269: <li>Removed experimental RAID 4 support from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4">softraid(4)</a>.
! 270: <li>Added experimental support for rebuilding RAID 5 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4">softraid(4)</a> volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bioctl&sektion=8">bioctl(8)</a> refuses to create RAID 5 volumes unless recompiled with -DRAID5.
1.1 deraadt 271: </ul>
272: <p>
273:
1.3 sobrado 274: <li>OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
1.1 deraadt 275: <ul>
1.3 sobrado 276: <li>Security:
1.1 deraadt 277: <ul>
1.3 sobrado 278: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
279: when using environment passing with a
280: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
281: <tt>AcceptEnv</tt> pattern with a wildcard. OpenSSH prior to 6.6 could
282: be tricked into accepting any enviornment variable that contains the
283: characters before the wildcard character.
284: </ul>
285: <li>New/changed features:
286: <ul>
287: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
288: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
289: Add support for key exchange using <i>elliptic-curve Diffie Hellman</i>
290: in Daniel Bernstein's <i>Curve25519</i>. This key exchange method is
291: the default when both the client and server support it.
292: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
293: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
294: Add support for <i>ED25519</i> as a public key type. ED25519 is
295: a elliptic curve signature scheme that offers better security than
296: <i>ECDSA</i> and <i>DSA</i> and good performance. It may be used for
297: both <i>user</i> and <i>host</i> keys.
298: <li>Add a new private key format that uses a <i>bcrypt KDF</i> to better
299: protect keys at rest. This format is used unconditionally for
300: ED25519 keys, but may be requested when generating or saving
301: existing keys of other types via the <tt>-o</tt>
302: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>
303: option. We intend to make the new format the default in the near
304: future. Details of the new format are in the <tt>PROTOCOL.key</tt>
305: file.
306: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
307: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
308: Add a new transport cipher "chacha20-poly1305@openssh.com" that
309: combines Daniel Bernstein's <i>ChaCha20</i> stream cipher and
310: <i>Poly1305 MAC</i> to build an authenticated encryption mode. Details
311: are in the <tt>PROTOCOL.chacha20poly1305</tt> file.
312: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
313: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
314: Refuse <i>RSA</i> keys from old proprietary clients and servers that
315: use the obsolete <i>RSA+MD5</i> signature scheme. It will still be
316: possible to connect with these clients/servers but <b>only DSA keys
317: will be accepted, and OpenSSH will refuse connection entirely in a
318: future release</b>.
319: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
320: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
321: Refuse old proprietary clients and servers that use a weaker key
322: exchange hash calculation.
323: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
324: Increase the size of the <i>Diffie-Hellman groups</i> requested for
325: each symmetric key size. New values from <i>NIST Special Publication
326: 800-57</i> with the upper limit specified by <i>RFC 4419</i>.
327: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
328: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
329: Support <i>PKCS#11</i> tokens that only provide <i>X.509</i> certs
330: instead of raw public keys. (requested as bz#1908)
331: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
332: Add a
333: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
334: <tt>Match</tt> keyword that allows conditional configuration to be
335: applied by matching on <i>hostname</i>, <i>user</i> and <i>result of
336: arbitrary commands</i>.
337: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
338: Add support for <i>client-side hostname canonicalisation</i> using a
339: set of <i>DNS suffixes</i> and rules in
340: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>.
341: This allows unqualified names to be canonicalised to fully-qualified
342: domain names to eliminate ambiguity when looking up keys in
343: <tt>known_hosts</tt> or checking host certificate names.
344: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
345: Add the ability to whitelist and/or blacklist sftp protocol requests by
346: name.
347: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
348: Add a sftp "fsync@openssh.com" to support calling
349: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsync&sektion=2">fsync(2)</a>
350: on an open file handle.
351: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
352: Add a
353: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
354: <tt>PermitTTY</tt> to disallow <i>TTY</i> allocation, mirroring the
355: longstanding <tt>no-pty</tt> <tt>authorized_keys</tt> option.
356: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
357: Add a
358: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
359: <tt>ProxyUseFDPass</tt> option that supports the use of
360: <tt>ProxyCommands</tt> that establish a connection and then pass a
361: connected file descriptor back to
362: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
363: This allows the <tt>ProxyCommand</tt> to exit rather than staying
364: around to transfer data.
365: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
366: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
367: this release removes the <i>J-PAKE</i> authentication code. This code
368: was experimental, never enabled and had been unmaintained for some
369: time.
370: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
371: when processing <tt>Match</tt> blocks, skip '<tt>exec</tt>' clauses
372: other clauses predicates failed to match.
373: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
374: if hostname canonicalisation is enabled and results in the destination
375: hostname being changed, then re-parse
376: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
377: files using the new destination hostname. This gives '<tt>Host</tt>'
378: and '<tt>Match</tt>' directives that use the expanded hostname a chance
379: to be applied.
1.1 deraadt 380: </ul>
381: <li>The following significant bugs have been fixed in this release:
382: <ul>
1.3 sobrado 383: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
384: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
385: Fix potential stack exhaustion caused by nested certificates.
386: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
387: make <tt>BindAddress</tt> work with <tt>UsePrivilegedPort</tt>.
388: (bz#1211)
389: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
390: fix the progress meter for resumed transfer. (bz#2137)
391: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>:
392: do not request smartcard PIN when removing keys from
393: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
394: (bz#2187)
395: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
396: fix re-exec fallback when original
397: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
398: binary cannot be executed. (bz#2139)
399: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
400: Make relative-specified certificate expiry times relative to current
401: time and not the validity start time.
402: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
403: fix <tt>AuthorizedKeysCommand</tt> inside a <tt>Match</tt> block.
404: (bz#2161)
405: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
406: symlinking a file would incorrectly canonicalise the target path.
407: (bz#2129)
408: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
409: fix a use-after-free in the PKCS#11 agent helper executable.
410: (bz#2175)
411: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
412: Improve logging of sessions to include the <i>user name</i>, <i>remote
413: host</i> and <i>port</i>, the <i>session type</i> (shell, command,
414: etc.) and <i>allocated TTY</i> (if any).
415: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
416: tell the client (via a debug message) when their preferred listen
417: address has been overridden by the server's <tt>GatewayPorts</tt>
418: setting. (bz#1297)
419: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
420: include report port in bad protocol banner message. (bz#2162)
421: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
422: fix memory leak in error path in <i>do_readdir()</i>. (bz#2163)
423: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
424: don't leak file descriptor on error. (bz#2171)
425: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
426: include the <i>local address</i> and <i>port</i> in "<tt>Connection
427: from ...</tt>" message. (only shown at <i>loglevel>=verbose</i>)
428: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
429: avoid spurious "<tt>getsockname failed: Bad file descriptor</tt>" in
430: <tt>ssh -W</tt>. (bz#2200, debian#738692)
431: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
432: allow the
433: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shutdown&sektion=2">shutdown(2)</a>
434: syscall in seccomp-bpf and systrace sandbox modes, as it is reachable
435: if the connection is terminated during the pre-auth phase.
436: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
437: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
438: fix unsigned overflow that in <i>SSH protocol 1 bignum parsing</i>.
439: Minimum key length checks render this bug unexploitable to compromise
440: SSH 1 sessions.
441: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
442: clarify behaviour of a keyword that appears in multiple matching
443: <tt>Match</tt> blocks. (bz#2184)
444: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
445: avoid unnecessary hostname lookups when canonicalisation is disabled.
446: (bz#2205)
447: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
448: avoid sandbox violation crashes in GSSAPI code by caching the supported
449: list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
450: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
451: fix possible crashes in SOCKS4 parsing caused by assumption that the
452: SOCKS username is nul-terminated.
453: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
454: fix regression for <tt>UsePrivilegedPort=yes</tt> when
455: <tt>BindAddress</tt> is not specified.
456: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
457: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
458: fix memory leak in ECDSA signature verification.
459: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
460: fix matching of '<tt>Host</tt>' directives in
461: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
462: files to be case-insensitive again. (regression in 6.5)
1.1 deraadt 463: </ul>
464: </ul>
465: <p>
466:
1.2 espie 467: <li>Major overhaul of the package tools:
1.1 deraadt 468: <ul>
1.23 deraadt 469: <li>Much better memory usage.
470: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> now trusts signed packages only by default.
1.1 deraadt 471: </ul>
1.2 espie 472: <li>Over 8,700 ports
1.1 deraadt 473: <p>
1.2 espie 474: <li>The build process now allows some limited capability for
475: building conflicting packages, yielding kde4 packages as a result,
476: along with kde3.
1.1 deraadt 477: <li>Many pre-built packages for each architecture:
478: <table border=0 cellspacing=0 cellpadding=2 width="95%">
479: <tr>
480: <td valign="top" width="25%">
481: <ul>
482: <li>i386: 8468
1.6 deraadt 483: <li>sparc64: 7969
1.21 sthen 484: <li>alpha: 6199
1.1 deraadt 485: <li>m68k: XXXX
486: </ul></td><td valign=top width="25%"><ul>
487: <li>sh: XXXX
488: <li>amd64: 8534
489: <li>powerpc: 8057
490: <li>m88k: XXXX
491: </ul></td><td valign=top width="25%"><ul>
1.21 sthen 492: <li>sparc: 3992
1.1 deraadt 493: <li>arm: XXXX
494: <li>hppa: 6549
495: </ul></td><td valign=top width="25%"><ul>
496: <li>vax: XXXX
1.21 sthen 497: <li>mips64: 4726
498: <li>mips64el: 6730
1.1 deraadt 499: </ul></td></tr></table>
500: <p>
501:
502: <li>Some highlights:
503: <ul>
1.4 jsg 504: <li>GNOME 3.10.2 <li>KDE 3.5.10
1.2 espie 505: <li>KDE 4.11.5
1.4 jsg 506: <li>Xfce 4.10 <li>MySQL 5.1.73
507: <li>PostgreSQL 9.3.2 <li>Postfix 2.11.0
508: <li>OpenLDAP 2.3.43 and 2.4.38 <li>Mozilla Firefox 24.3 and 26.0
509: <li>Mozilla Thunderbird 24.3.0 <li>GHC 7.6.3
510: <li>LibreOffice 4.1.4.2 <li>Emacs 21.4 and 24.3
511: <li>Vim 7.4.135 <li>PHP 5.3.28 and 5.4.24
512: <li>Python 2.7.6 and 3.3.2 <li>Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0
513: <li>Tcl/Tk 8.5.15 and 8.6.1 <li>JDK 1.6.0.32 and 1.7.0.21
1.2 espie 514: <li>Mono 2.10.9 <li>Chromium 32.0.1700.102
1.4 jsg 515: <li>Groff 1.22.2 <li>Go 1.2
516: <li>GCC 4.6.4 and 4.8.2 <li>LLVM/Clang 3.3
517: <li>Node.js 0.10.24
1.1 deraadt 518: </ul>
519: <p>
520:
521: <li>As usual, steady improvements in manual pages and other documentation.
522: <p>
523:
524: <li>The system includes the following major components from outside suppliers:
525: <ul>
1.4 jsg 526: <li>Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches,
527: freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301,
528: xkeyboard-config 2.10.1 and more)
1.32 miod 529: <li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.1 deraadt 530: <li>Perl 5.16.3 (+ patches)
531: <li>Our improved and secured version of Apache 1.3, with
532: SSL/TLS and DSO support
1.4 jsg 533: <li>Nginx 1.4.4 (+ patches)
1.1 deraadt 534: <li>OpenSSL 1.0.1c (+ patches)
1.4 jsg 535: <li>SQLite 3.8.0.2 (+ patches)
536: <li>Sendmail 8.14.8, with libmilter
1.1 deraadt 537: <li>Bind 9.4.2-P2 (+ patches)
1.4 jsg 538: <li>NSD 4.0.1
1.1 deraadt 539: <li>Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
540: <li>Sudo 1.7.2p8
541: <li>Ncurses 5.7
542: <li>Heimdal 1.5.2 (+ patches)
543: <li>Binutils 2.15 (+ patches)
544: <li>Gdb 6.3 (+ patches)
545: <li>Less 444 (+ patches)
546: <li>Awk Aug 10, 2011 version
547: </ul>
548:
549: </ul>
550:
551: <a name="install"></a>
552: <hr>
553: <p>
554: <h3><font color="#0000e0">How to install</font></h3>
555: <p>
556: Following this are the instructions which you would have on a piece of
557: paper if you had purchased a CDROM set instead of doing an alternate
558: form of install. The instructions for doing an FTP (or other style
559: of) install are very similar; the CDROM instructions are left intact
560: so that you can see how much easier it would have been if you had
561: purchased a CDROM instead.
562: <p>
563:
564: <hr>
565: Please refer to the following files on the three CDROMs or FTP mirror for
566: extensive details on how to install OpenBSD 5.5 on your machine:
567: <p>
568: <ul>
1.9 deraadt 569: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/i386/INSTALL.i386">
1.7 deraadt 570: .../OpenBSD/5.5/i386/INSTALL.i386 (on CD1)</a>
1.9 deraadt 571: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/vax/INSTALL.vax">
1.7 deraadt 572: .../OpenBSD/vax/INSTALL.vax (on CD1)</a>
573: <p>
1.9 deraadt 574: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/amd64/INSTALL.amd64">
1.7 deraadt 575: .../OpenBSD/amd64/INSTALL.amd64 (on CD2)</a>
1.9 deraadt 576: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/hppa/INSTALL.hppa">
1.7 deraadt 577: .../OpenBSD/hppa/INSTALL.hppa (on CD2)</a>
1.9 deraadt 578: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/macppc/INSTALL.macppc">
1.7 deraadt 579: .../OpenBSD/macppc/INSTALL.macppc (on CD2)</a>
580: <p>
1.9 deraadt 581: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/sparc64/INSTALL.sparc64">
1.7 deraadt 582: .../OpenBSD/sparc64/INSTALL.sparc64 (on CD3)</a>
1.9 deraadt 583: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/sparc/INSTALL.sparc">
1.7 deraadt 584: .../OpenBSD/sparc/INSTALL.sparc (on CD3)</a>
585: <p>
1.9 deraadt 586: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/alpha/INSTALL.alpha">
1.7 deraadt 587: .../OpenBSD/5.5/alpha/INSTALL.alpha</a>
1.9 deraadt 588: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/armish/INSTALL.armish">
1.7 deraadt 589: .../OpenBSD/5.5/armish/INSTALL.armish</a>
1.9 deraadt 590: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/armv7/INSTALL.armv7">
1.7 deraadt 591: .../OpenBSD/5.5/armv7/INSTALL.armv7</a>
1.32 miod 592: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/aviion/INSTALL.aviion">
593: .../OpenBSD/5.5/aviion/INSTALL.aviion</a>
1.9 deraadt 594: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/hp300/INSTALL.hp300">
1.7 deraadt 595: .../OpenBSD/5.5/hp300/INSTALL.hp300</a>
1.9 deraadt 596: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/hppa/INSTALL.hppa">
1.7 deraadt 597: .../OpenBSD/5.5/hppa/INSTALL.hppa</a>
1.9 deraadt 598: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/landisk/INSTALL.landisk">
1.7 deraadt 599: .../OpenBSD/5.5/landisk/INSTALL.landisk</a>
1.9 deraadt 600: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/loongson/INSTALL.loongson">
1.7 deraadt 601: .../OpenBSD/5.5/loongson/INSTALL.loongson</a>
1.9 deraadt 602: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/luna88k/INSTALL.luna88k">
1.7 deraadt 603: .../OpenBSD/5.5/luna88k/INSTALL.luna88k</a>
1.9 deraadt 604: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/macppc/INSTALL.macppc">
1.7 deraadt 605: .../OpenBSD/5.5/macppc/INSTALL.macppc</a>
1.9 deraadt 606: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/mvme68k/INSTALL.mvme68k">
1.7 deraadt 607: .../OpenBSD/5.5/mvme68k/INSTALL.mvme68k</a>
1.9 deraadt 608: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/mvme88k/INSTALL.mvme88k">
1.7 deraadt 609: .../OpenBSD/5.5/mvme88k/INSTALL.mvme88k</a>
1.9 deraadt 610: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/octeon/INSTALL.octeon">
1.7 deraadt 611: .../OpenBSD/5.5/octeon/INSTALL.octeon</a>
1.9 deraadt 612: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/sgi/INSTALL.sgi">
1.7 deraadt 613: .../OpenBSD/5.5/sgi/INSTALL.sgi</a>
1.9 deraadt 614: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/socppc/INSTALL.socppc">
1.7 deraadt 615: .../OpenBSD/5.5/socppc/INSTALL.socppc</a>
1.9 deraadt 616: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/sparc/INSTALL.sparc">
1.7 deraadt 617: .../OpenBSD/5.5/sparc/INSTALL.sparc</a>
1.9 deraadt 618: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/vax/INSTALL.vax">
1.7 deraadt 619: .../OpenBSD/5.5/vax/INSTALL.vax</a>
1.9 deraadt 620: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.5/zaurus/INSTALL.zaurus">
1.7 deraadt 621: .../OpenBSD/5.5/zaurus/INSTALL.zaurus</a>
1.1 deraadt 622: </ul>
623: <hr>
624:
625: <p>
626: Quick installer information for people familiar with OpenBSD, and the
627: use of the "disklabel -E" command. If you are at all confused when
628: installing OpenBSD, read the relevant INSTALL.* file as listed above!
629: <p>
630:
631: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
632: <ul>
633: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
634: release is on CD1. If your BIOS does not support booting from CD, you will need
635: to create a boot floppy to install from. To create a boot floppy write
636: <i>CD1:5.5/i386/floppy55.fs</i> to a floppy and boot via the floppy drive.
637:
638: <p>
639: Use <i>CD1:5.5/i386/floppyB55.fs</i> instead for greater SCSI controller
640: support, or <i>CD1:5.5/i386/floppyC55.fs</i> for better laptop support.
641:
642: <p>
643: If you can't boot from a CD or a floppy disk,
644: you can install across the network using PXE as described in
645: the included INSTALL.i386 document.
646:
647: <p>
648: If you are planning on dual booting OpenBSD with another OS, you will need to
649: read INSTALL.i386.
650:
651: <p>
652: To make a boot floppy under MS-DOS, use the "rawrite" utility located
653: at <i>CD1:5.5/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
654: use the
655: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
656: utility. The following is an example usage of
657: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
658: where the device could be "floppy", "rfd0c", or
659: "rfd0a".
660:
661: <ul><pre>
662: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
663: </pre></ul>
664:
665: <p>
666: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
667: your install will most likely fail. For more information on creating a boot
668: floppy and installing OpenBSD/i386 please refer to
669: <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
670: </ul>
671:
672: <p>
673: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
674: <ul>
675: The 5.5 release of OpenBSD/amd64 is located on CD2.
676: Boot from the CD to begin the install - you may need to adjust
677: your BIOS options first.
678: If you can't boot from the CD, you can create a boot floppy to install from.
679: To do this, write <i>CD2:5.5/amd64/floppy55.fs</i> to a floppy, then
680: boot from the floppy drive.
681:
682: <p>
683: If you can't boot from a CD or a floppy disk,
684: you can install across the network using PXE as described in the included
685: INSTALL.amd64 document.
686:
687: <p>
688: If you are planning to dual boot OpenBSD with another OS, you will need to
689: read INSTALL.amd64.
690: </ul>
691:
692: <p>
693: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
694: <ul>
695: Burn the image from the FTP site to a CDROM, and power on your machine
696: while holding down the <i>C</i> key until the display turns on and
697: shows <i>OpenBSD/macppc boot</i>.
698:
699: <p>
700: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
701: /5.5/macppc/bsd.rd</i>
702: </ul>
703:
704: <p>
705: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
706: <ul>
707: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
708:
709: <p>
710: If this doesn't work, or if you don't have a CDROM drive, you can write
711: <i>CD3:5.5/sparc64/floppy55.fs</i> or <i>CD3:5.5/sparc64/floppyB55.fs</i>
712: (depending on your machine) to a floppy and boot it with <i>boot
713: floppy</i>. Refer to INSTALL.sparc64 for details.
714:
715: <p>
716: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
717: will most likely fail.
718:
719: <p>
720: You can also write <i>CD3:5.5/sparc64/miniroot55.fs</i> to the swap partition on
721: the disk and boot with <i>boot disk:b</i>.
722:
723: <p>
724: If nothing works, you can boot over the network as described in INSTALL.sparc64.
725: </ul>
726:
727: <p>
728: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
729: <ul>
730: <p>Write <i>FTP:5.5/alpha/floppy55.fs</i> or
731: <i>FTP:5.5/alpha/floppyB55.fs</i> (depending on your machine) to a diskette and
732: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
733:
734: <p>
735: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
736: will most likely fail.
737:
738: </ul>
739:
740: <p>
741: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
742: <ul>
743: <p>
744: After connecting a serial port, Thecus can boot directly from the network
745: either tftp or http. Configure the network using fconfig, reset,
746: then load bsd.rd, see INSTALL.armish for specific details.
747: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
748: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
749: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
750: More details are available in INSTALL.armish.
751: </ul>
752:
753: <p>
754: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
755: <ul>
756: <p>
757: Boot over the network by following the instructions in INSTALL.hp300.
758: </ul>
759:
760: <p>
761: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
762: <ul>
763: <p>
764: Boot over the network by following the instructions in INSTALL.hppa or the
765: <a href="hppa.html#install">hppa platform page</a>.
766: </ul>
767:
768: <p>
769: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
770: <ul>
771: <p>
772: Write <i>miniroot55.fs</i> to the start of the CF
773: or disk, and boot normally.
774: </ul>
775:
776: <p>
777: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
778: <ul>
779: <p>
780: Write <i>miniroot55.fs</i> to a USB stick and boot bsd.rd from it
781: or boot bsd.rd via tftp.
782: Refer to the instructions in INSTALL.loongson for more details.
783: </ul>
784: <p>
785:
786: <p>
787: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
788: <ul>
789: <p>
1.32 miod 790: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
791: from the PROM, and the bsd.rd from the bootloader.
792: Refer to the instructions in INSTALL.luna88k for more details.
1.1 deraadt 793: </ul>
794:
795: <p>
796: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
797: <ul>
798: <p>
799: You can create a bootable installation tape or boot over the network.<br>
800: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
801: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
802: for more details.
803: </ul>
804:
805: <p>
806: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
807: <ul>
808: <p>
809: You can create a bootable installation tape or boot over the network.<br>
810: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
811: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
812: for more details.
813: </ul>
814:
815: <p>
816: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
817: <ul>
818: <p>
819: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
820: Refer to the instructions in INSTALL.octeon for more details.
821: </ul>
822:
823: <p>
824: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
825: <ul>
826: <p>
1.32 miod 827: To install, burn cd55.iso on a CD-R, put it in the CD drive of your
1.1 deraadt 828: machine and select <i>Install System Software</i> from the System Maintenance
1.32 miod 829: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
830: CD-ROM, and need a proper invocation from the PROM prompt.
831: Refer to the instructions in INSTALL.sgi for more details.
1.1 deraadt 832:
833: <p>
1.32 miod 834: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
835: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
836: system type. Refer to the instructions in INSTALL.sgi for more details.
1.1 deraadt 837: </ul>
838:
839: <p>
840: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
841: <ul>
842: <p>
843: After connecting a serial port, boot over the network via DHCP/tftp.
844: Refer to the instructions in INSTALL.socppc for more details.
845: </ul>
846:
847: <p>
848: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
849: <ul>
850: Boot from one of the provided install ISO images, using one of the two
851: commands listed below, depending on the version of your ROM.
852:
853: <ul><pre>
854: ok <strong>boot cdrom 5.5/sparc/bsd.rd</strong>
855: or
856: > <strong>b sd(0,6,0)5.5/sparc/bsd.rd</strong>
857: </pre></ul>
858:
859: <p>
860: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
861: To do so you need to write <i>floppy55.fs</i> to a floppy.
862: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
863: To boot from the floppy use one of the two commands listed below,
864: depending on the version of your ROM.
865:
866: <ul><pre>
867: ok <strong>boot floppy</strong>
868: or
869: > <strong>b fd()</strong>
870: </pre></ul>
871:
872: <p>
873: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
874: will most likely fail.
875:
876: <p>
877: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
878: setup a bootable tape, or install via network, as told in the
879: INSTALL.sparc file.
880: </ul>
881:
882: <p>
883: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
884: <ul>
885: Boot over the network via mopbooting as described in INSTALL.vax.
886: </ul>
887:
888: <p>
889: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
890: <ul>
891: <p>
892: Using the Linux built-in graphical ipkg installer, install the
893: openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
894: for a few important details.
895: </ul>
896:
897: <p>
898: <h3><font color="#e00000">Notes about the source code:</font></h3>
899: <ul>
900: src.tar.gz contains a source archive starting at /usr/src. This file
901: contains everything you need except for the kernel sources, which are
902: in a separate archive. To extract:
903: <p>
904: <ul><pre>
905: # <strong>mkdir -p /usr/src</strong>
906: # <strong>cd /usr/src</strong>
907: # <strong>tar xvfz /tmp/src.tar.gz</strong>
908: </pre></ul>
909: <p>
910: sys.tar.gz contains a source archive starting at /usr/src/sys.
911: This file contains all the kernel sources you need to rebuild kernels.
912: To extract:
913: <p>
914: <ul><pre>
915: # <strong>mkdir -p /usr/src/sys</strong>
916: # <strong>cd /usr/src</strong>
917: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
918: </pre></ul>
919: <p>
920: Both of these trees are a regular CVS checkout. Using these trees it
921: is possible to get a head-start on using the anoncvs servers as
922: described <a href="anoncvs.html">here</a>.
923: Using these files
924: results in a much faster initial CVS update than you could expect from
925: a fresh checkout of the full OpenBSD source tree.
926: <p>
927: </ul>
928:
929: <a name="upgrade"></a>
930: <hr>
931: <p>
932: <h3><font color="#0000e0">How to upgrade</font></h3>
933: <p>
934: If you already have an OpenBSD 5.4 system, and do not want to reinstall,
935: upgrade instructions and advice can be found in the
936: <a href="faq/upgrade55.html">Upgrade Guide</a>.
937:
938: <a name="ports"></a>
939: <hr>
940: <p>
941: <h3><font color="#0000e0">Ports Tree</font></h3>
942: <p>
943: A ports tree archive is also provided. To extract:
944: <p>
945: <ul><pre>
946: # <strong>cd /usr</strong>
947: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
948: </pre></ul>
949: <p>
950: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
951: read the <a href="faq/ports/index.html">ports</a> page
952: if you know nothing about ports
953: at this point. This text is not a manual of how to use ports.
954: Rather, it is a set of notes meant to kickstart the user on the
955: OpenBSD ports system.
956: <p>
957: The <i>ports/</i> directory represents a CVS (see the manpage for
958: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
959: cvs(1)</a> if
960: you aren't familiar with CVS) checkout of our ports. As with our complete
961: source tree, our ports tree is available via
962: <a href="anoncvs.html">AnonCVS</a>.
963: So, in order to keep current with it, you must make the <i>ports/</i> tree
964: available on a read-write medium and update the tree with a command
965: like:
966: <p>
967: <ul><pre>
968: # <strong>cd /usr/ports</strong>
969: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5</strong>
970: </pre></ul>
971: <p>
972: [Of course, you must replace the server name here with a nearby anoncvs
973: server.]
974: <p>
975: Note that most ports are available as packages through FTP. Updated
976: packages for the 5.5 release will be made available if problems arise.
977: <p>
978: If you're interested in seeing a port added, would like to help out, or just
979: would like to know more, the mailing list
980: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
981: <p>
982: </body>
983: </html>