Annotation of www/55.html, Revision 1.8
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.5 Release</title>
5: <meta name="resource-type" content="document">
6: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
7: <meta name="description" content="OpenBSD 5.5">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 2013 by OpenBSD.">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <a href="index.html">
16: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
17: <hr>
18:
19: <p>
20: <a href="images/Puffia.jpg">
21: <img align="left" width="227" height="343" hspace="24" vspace="30"
22: src="images/McFish.jpg" alt="OpenBSD 5.5 logo"></a>
23: <h2><font color="#0000e0">The OpenBSD 5.5 Release:</font></h2>
24: <p>
25: Released May 1, 2014<br>
26: Copyright 1997-2014, Theo de Raadt.<br>
27: <font color="#e00000">ISBN 978-0-9881561-3-5</font>
28: <br>
29: <a href="lyrics.html#55">5.5 Song: "Wrap in Time"</a>
30: <p>
31:
32: <a href="#new">What's New</a><br>
33: <a href="#install">How to install</a><br>
34: <a href="#upgrade">How to upgrade</a><br>
35: <a href="#ports">How to use the ports tree</a><br>
36: <a href="orders.html">Ordering a CD set</a><br>
37:
38: <p>
39: <h3><font color="#0000e0">To get the files for this release:</font></h3>
40: <p>
41: <ul>
42: <li>Order a CDROM from our <a href="orders.html">ordering system</a>.
43: <li>See the information on <a href="ftp.html">The FTP page</a> for
44: a list of mirror machines.
45: <li>Go to the <font color="#e00000">pub/OpenBSD/5.5/</font> directory on
46: one of the mirror sites.
47: <li>Briefly read the rest of this document.
48: <li>Have a look at <a href="errata55.html">The 5.5 Errata page</a> for a list
49: of bugs and workarounds.
50: <li>See a <a href="plus55.html">detailed log of changes</a> between the
51: 5.4 and 5.5 releases.
52: </ul>
53: <br clear=all>
54:
55: <strong>Note:</strong> All applicable copyrights and credits can be found
56: in the applicable file sources found in the files src.tar.gz, sys.tar.gz,
57: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution
58: files used to build packages from the ports.tar.gz file are not included on
59: the CDROM because of lack of space.
60: <p>
61:
62: <a name="new"></a>
63: <hr>
64: <p>
65: <h3><font color="#0000e0">What's New</font></h3>
66: <p>
67: This is a partial list of new features and systems included in OpenBSD 5.5.
68: For a comprehensive list, see the <a href="plus55.html">changelog</a> leading
69: to 5.5.
70: <p>
71:
72: <ul>
1.8 ! tedu 73: <li>New/extended platforms:
1.1 deraadt 74: <ul>
75: <li>...
76: </ul>
77: <p>
78:
79: <li>Improved hardware support, including:
80: <ul>
1.5 jsg 81: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmx&sektion=4">vmx(4)</a>
82: driver for VMware VMXNET3 Virtual Interface Controller devices.
83: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmwpvs&sektion=4">vmwpvs(4)</a>
84: driver for VMware Paravirtual SCSI.
85: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vioscsi&sektion=4">vioscsi(4)</a>
86: driver for VirtIO SCSI adapters.
87: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=viornd&sektion=4">viornd(4)</a>
88: driver for VirtIO random number devices.
89: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubcmtp&sektion=4">ubcmtp(4)</a>
90: driver for Broadcom multi-touch trackpads.
91: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ugold&sektion=4">ugold(4)</a>
92: driver for TEMPer gold HID thermometers.
93: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ugl&sektion=4">ugl(4)</a>
94: driver for Genesys Logic based USB host-to-host adapters.
95: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radeondrm&sektion=4">radeondrm(4)</a>
96: has been overhauled, including:
97: <ul>
98: <li>New port of the Radeon code in Linux 3.8.13.19.
99: <li>Support for Kernel Mode Setting (KMS) including support for
100: additional output types such as DisplayPort.
101: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a>
102: now attaches to
103: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radeondrm&sektion=4">radeondrm(4)</a>
104: and provides a framebuffer console.
105: </ul>
106: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inteldrm&sektion=4">inteldrm(4)</a>
107: has been updated to Linux 3.8.13.19 noteably bringing Haswell stability fixes.
108: <li>Support for Intel 8 Series Ethernet with i217/i218 PHYs, and
109: i210/i211/i354 has been added to
110: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>.
111: <li>Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to
112: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iwn&sektion=4">iwn(4)</a>.
1.1 deraadt 113: </ul>
114: <p>
115:
116: <li>Generic network stack improvements:
117: <ul>
118: <li>...
119: </ul>
120: <p>
121:
122: <li>Routing daemons and other userland network improvements:
123: <ul>
124: <li>...
125: </ul>
126: <p>
127:
1.7 deraadt 128: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> improvements:
1.1 deraadt 129: <ul>
130: <li>...
131: </ul>
132: <p>
133:
134: <li>OpenSMTPD 5.3.3:
135: <ul>
136: <li>...
137: </ul>
138: <p>
139:
140: <li>Performance improvements:
141: <ul>
142: <li>...
143: </ul>
144: <p>
145:
146: <li>Threading improvements:
147: <ul>
148: <li>...
149: </ul>
150: <p>
151:
152: <li>Assorted improvements:
153: <ul>
1.2 espie 154: <li>New in-memory file system, tmpfs
1.1 deraadt 155: </ul>
156: <p>
157:
1.3 sobrado 158: <li>OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
1.1 deraadt 159: <ul>
1.3 sobrado 160: <li>Security:
1.1 deraadt 161: <ul>
1.3 sobrado 162: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
163: when using environment passing with a
164: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
165: <tt>AcceptEnv</tt> pattern with a wildcard. OpenSSH prior to 6.6 could
166: be tricked into accepting any enviornment variable that contains the
167: characters before the wildcard character.
168: </ul>
169: <li>New/changed features:
170: <ul>
171: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
172: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
173: Add support for key exchange using <i>elliptic-curve Diffie Hellman</i>
174: in Daniel Bernstein's <i>Curve25519</i>. This key exchange method is
175: the default when both the client and server support it.
176: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
177: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
178: Add support for <i>ED25519</i> as a public key type. ED25519 is
179: a elliptic curve signature scheme that offers better security than
180: <i>ECDSA</i> and <i>DSA</i> and good performance. It may be used for
181: both <i>user</i> and <i>host</i> keys.
182: <li>Add a new private key format that uses a <i>bcrypt KDF</i> to better
183: protect keys at rest. This format is used unconditionally for
184: ED25519 keys, but may be requested when generating or saving
185: existing keys of other types via the <tt>-o</tt>
186: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>
187: option. We intend to make the new format the default in the near
188: future. Details of the new format are in the <tt>PROTOCOL.key</tt>
189: file.
190: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
191: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
192: Add a new transport cipher "chacha20-poly1305@openssh.com" that
193: combines Daniel Bernstein's <i>ChaCha20</i> stream cipher and
194: <i>Poly1305 MAC</i> to build an authenticated encryption mode. Details
195: are in the <tt>PROTOCOL.chacha20poly1305</tt> file.
196: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
197: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
198: Refuse <i>RSA</i> keys from old proprietary clients and servers that
199: use the obsolete <i>RSA+MD5</i> signature scheme. It will still be
200: possible to connect with these clients/servers but <b>only DSA keys
201: will be accepted, and OpenSSH will refuse connection entirely in a
202: future release</b>.
203: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
204: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
205: Refuse old proprietary clients and servers that use a weaker key
206: exchange hash calculation.
207: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
208: Increase the size of the <i>Diffie-Hellman groups</i> requested for
209: each symmetric key size. New values from <i>NIST Special Publication
210: 800-57</i> with the upper limit specified by <i>RFC 4419</i>.
211: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
212: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
213: Support <i>PKCS#11</i> tokens that only provide <i>X.509</i> certs
214: instead of raw public keys. (requested as bz#1908)
215: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
216: Add a
217: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
218: <tt>Match</tt> keyword that allows conditional configuration to be
219: applied by matching on <i>hostname</i>, <i>user</i> and <i>result of
220: arbitrary commands</i>.
221: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
222: Add support for <i>client-side hostname canonicalisation</i> using a
223: set of <i>DNS suffixes</i> and rules in
224: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>.
225: This allows unqualified names to be canonicalised to fully-qualified
226: domain names to eliminate ambiguity when looking up keys in
227: <tt>known_hosts</tt> or checking host certificate names.
228: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
229: Add the ability to whitelist and/or blacklist sftp protocol requests by
230: name.
231: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
232: Add a sftp "fsync@openssh.com" to support calling
233: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsync&sektion=2">fsync(2)</a>
234: on an open file handle.
235: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
236: Add a
237: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
238: <tt>PermitTTY</tt> to disallow <i>TTY</i> allocation, mirroring the
239: longstanding <tt>no-pty</tt> <tt>authorized_keys</tt> option.
240: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
241: Add a
242: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
243: <tt>ProxyUseFDPass</tt> option that supports the use of
244: <tt>ProxyCommands</tt> that establish a connection and then pass a
245: connected file descriptor back to
246: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
247: This allows the <tt>ProxyCommand</tt> to exit rather than staying
248: around to transfer data.
249: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
250: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
251: this release removes the <i>J-PAKE</i> authentication code. This code
252: was experimental, never enabled and had been unmaintained for some
253: time.
254: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
255: when processing <tt>Match</tt> blocks, skip '<tt>exec</tt>' clauses
256: other clauses predicates failed to match.
257: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
258: if hostname canonicalisation is enabled and results in the destination
259: hostname being changed, then re-parse
260: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
261: files using the new destination hostname. This gives '<tt>Host</tt>'
262: and '<tt>Match</tt>' directives that use the expanded hostname a chance
263: to be applied.
1.1 deraadt 264: </ul>
265: <li>The following significant bugs have been fixed in this release:
266: <ul>
1.3 sobrado 267: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
268: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
269: Fix potential stack exhaustion caused by nested certificates.
270: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
271: make <tt>BindAddress</tt> work with <tt>UsePrivilegedPort</tt>.
272: (bz#1211)
273: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
274: fix the progress meter for resumed transfer. (bz#2137)
275: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>:
276: do not request smartcard PIN when removing keys from
277: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
278: (bz#2187)
279: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
280: fix re-exec fallback when original
281: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
282: binary cannot be executed. (bz#2139)
283: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
284: Make relative-specified certificate expiry times relative to current
285: time and not the validity start time.
286: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
287: fix <tt>AuthorizedKeysCommand</tt> inside a <tt>Match</tt> block.
288: (bz#2161)
289: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
290: symlinking a file would incorrectly canonicalise the target path.
291: (bz#2129)
292: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
293: fix a use-after-free in the PKCS#11 agent helper executable.
294: (bz#2175)
295: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
296: Improve logging of sessions to include the <i>user name</i>, <i>remote
297: host</i> and <i>port</i>, the <i>session type</i> (shell, command,
298: etc.) and <i>allocated TTY</i> (if any).
299: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
300: tell the client (via a debug message) when their preferred listen
301: address has been overridden by the server's <tt>GatewayPorts</tt>
302: setting. (bz#1297)
303: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
304: include report port in bad protocol banner message. (bz#2162)
305: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
306: fix memory leak in error path in <i>do_readdir()</i>. (bz#2163)
307: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
308: don't leak file descriptor on error. (bz#2171)
309: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
310: include the <i>local address</i> and <i>port</i> in "<tt>Connection
311: from ...</tt>" message. (only shown at <i>loglevel>=verbose</i>)
312: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
313: avoid spurious "<tt>getsockname failed: Bad file descriptor</tt>" in
314: <tt>ssh -W</tt>. (bz#2200, debian#738692)
315: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
316: allow the
317: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shutdown&sektion=2">shutdown(2)</a>
318: syscall in seccomp-bpf and systrace sandbox modes, as it is reachable
319: if the connection is terminated during the pre-auth phase.
320: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
321: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
322: fix unsigned overflow that in <i>SSH protocol 1 bignum parsing</i>.
323: Minimum key length checks render this bug unexploitable to compromise
324: SSH 1 sessions.
325: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
326: clarify behaviour of a keyword that appears in multiple matching
327: <tt>Match</tt> blocks. (bz#2184)
328: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
329: avoid unnecessary hostname lookups when canonicalisation is disabled.
330: (bz#2205)
331: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
332: avoid sandbox violation crashes in GSSAPI code by caching the supported
333: list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
334: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
335: fix possible crashes in SOCKS4 parsing caused by assumption that the
336: SOCKS username is nul-terminated.
337: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
338: fix regression for <tt>UsePrivilegedPort=yes</tt> when
339: <tt>BindAddress</tt> is not specified.
340: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
341: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
342: fix memory leak in ECDSA signature verification.
343: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
344: fix matching of '<tt>Host</tt>' directives in
345: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
346: files to be case-insensitive again. (regression in 6.5)
1.1 deraadt 347: </ul>
348: </ul>
349: <p>
350:
1.2 espie 351: <li>Major overhaul of the package tools:
1.1 deraadt 352: <ul>
1.2 espie 353: <li>Much better memory usage
354: <li>pkg_add now trusts signed packages only by default
1.1 deraadt 355: </ul>
1.2 espie 356: <li>Over 8,700 ports
1.1 deraadt 357: <p>
1.2 espie 358: <li>The build process now allows some limited capability for
359: building conflicting packages, yielding kde4 packages as a result,
360: along with kde3.
1.1 deraadt 361: <li>Many pre-built packages for each architecture:
362: <table border=0 cellspacing=0 cellpadding=2 width="95%">
363: <tr>
364: <td valign="top" width="25%">
365: <ul>
366: <li>i386: 8468
1.6 deraadt 367: <li>sparc64: 7969
1.1 deraadt 368: <li>alpha: XXXX
369: <li>m68k: XXXX
370: </ul></td><td valign=top width="25%"><ul>
371: <li>sh: XXXX
372: <li>amd64: 8534
373: <li>powerpc: 8057
374: <li>m88k: XXXX
375: </ul></td><td valign=top width="25%"><ul>
376: <li>sparc: XXXX
377: <li>arm: XXXX
378: <li>hppa: 6549
379: </ul></td><td valign=top width="25%"><ul>
380: <li>vax: XXXX
381: <li>mips64: XXXX
382: <li>mips64el: XXXX
383: </ul></td></tr></table>
384: <p>
385:
386: <li>Some highlights:
387: <ul>
1.4 jsg 388: <li>GNOME 3.10.2 <li>KDE 3.5.10
1.2 espie 389: <li>KDE 4.11.5
1.4 jsg 390: <li>Xfce 4.10 <li>MySQL 5.1.73
391: <li>PostgreSQL 9.3.2 <li>Postfix 2.11.0
392: <li>OpenLDAP 2.3.43 and 2.4.38 <li>Mozilla Firefox 24.3 and 26.0
393: <li>Mozilla Thunderbird 24.3.0 <li>GHC 7.6.3
394: <li>LibreOffice 4.1.4.2 <li>Emacs 21.4 and 24.3
395: <li>Vim 7.4.135 <li>PHP 5.3.28 and 5.4.24
396: <li>Python 2.7.6 and 3.3.2 <li>Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0
397: <li>Tcl/Tk 8.5.15 and 8.6.1 <li>JDK 1.6.0.32 and 1.7.0.21
1.2 espie 398: <li>Mono 2.10.9 <li>Chromium 32.0.1700.102
1.4 jsg 399: <li>Groff 1.22.2 <li>Go 1.2
400: <li>GCC 4.6.4 and 4.8.2 <li>LLVM/Clang 3.3
401: <li>Node.js 0.10.24
1.1 deraadt 402: </ul>
403: <p>
404:
405: <li>As usual, steady improvements in manual pages and other documentation.
406: <p>
407:
408: <li>The system includes the following major components from outside suppliers:
409: <ul>
1.4 jsg 410: <li>Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches,
411: freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301,
412: xkeyboard-config 2.10.1 and more)
1.1 deraadt 413: <li>Gcc 4.2.1 (+patches), 3.3.6 (+ patches) and 2.95.3 (+ patches)
414: <li>Perl 5.16.3 (+ patches)
415: <li>Our improved and secured version of Apache 1.3, with
416: SSL/TLS and DSO support
1.4 jsg 417: <li>Nginx 1.4.4 (+ patches)
1.1 deraadt 418: <li>OpenSSL 1.0.1c (+ patches)
1.4 jsg 419: <li>SQLite 3.8.0.2 (+ patches)
420: <li>Sendmail 8.14.8, with libmilter
1.1 deraadt 421: <li>Bind 9.4.2-P2 (+ patches)
1.4 jsg 422: <li>NSD 4.0.1
1.1 deraadt 423: <li>Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
424: <li>Sudo 1.7.2p8
425: <li>Ncurses 5.7
426: <li>Heimdal 1.5.2 (+ patches)
427: <li>Binutils 2.15 (+ patches)
428: <li>Gdb 6.3 (+ patches)
429: <li>Less 444 (+ patches)
430: <li>Awk Aug 10, 2011 version
431: </ul>
432:
433: </ul>
434:
435: <a name="install"></a>
436: <hr>
437: <p>
438: <h3><font color="#0000e0">How to install</font></h3>
439: <p>
440: Following this are the instructions which you would have on a piece of
441: paper if you had purchased a CDROM set instead of doing an alternate
442: form of install. The instructions for doing an FTP (or other style
443: of) install are very similar; the CDROM instructions are left intact
444: so that you can see how much easier it would have been if you had
445: purchased a CDROM instead.
446: <p>
447:
448: <hr>
449: Please refer to the following files on the three CDROMs or FTP mirror for
450: extensive details on how to install OpenBSD 5.5 on your machine:
451: <p>
452: <ul>
1.7 deraadt 453: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/i386/INSTALL.i386">
454: .../OpenBSD/5.5/i386/INSTALL.i386 (on CD1)</a>
455: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/vax/INSTALL.vax">
456: .../OpenBSD/vax/INSTALL.vax (on CD1)</a>
457: <p>
458: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/amd64/INSTALL.amd64">
459: .../OpenBSD/amd64/INSTALL.amd64 (on CD2)</a>
460: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/hppa/INSTALL.hppa">
461: .../OpenBSD/hppa/INSTALL.hppa (on CD2)</a>
462: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/macppc/INSTALL.macppc">
463: .../OpenBSD/macppc/INSTALL.macppc (on CD2)</a>
464: <p>
465: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/sparc64/INSTALL.sparc64">
466: .../OpenBSD/sparc64/INSTALL.sparc64 (on CD3)</a>
467: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/sparc/INSTALL.sparc">
468: .../OpenBSD/sparc/INSTALL.sparc (on CD3)</a>
469: <p>
470: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/alpha/INSTALL.alpha">
471: .../OpenBSD/5.5/alpha/INSTALL.alpha</a>
472: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/armish/INSTALL.armish">
473: .../OpenBSD/5.5/armish/INSTALL.armish</a>
474: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/armv7/INSTALL.armv7">
475: .../OpenBSD/5.5/armv7/INSTALL.armv7</a>
476: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/beagle/INSTALL.beagle">
477: .../OpenBSD/5.5/beagle/INSTALL.beagle</a>
478: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/hp300/INSTALL.hp300">
479: .../OpenBSD/5.5/hp300/INSTALL.hp300</a>
480: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/hppa/INSTALL.hppa">
481: .../OpenBSD/5.5/hppa/INSTALL.hppa</a>
482: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/landisk/INSTALL.landisk">
483: .../OpenBSD/5.5/landisk/INSTALL.landisk</a>
484: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/loongson/INSTALL.loongson">
485: .../OpenBSD/5.5/loongson/INSTALL.loongson</a>
486: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/luna88k/INSTALL.luna88k">
487: .../OpenBSD/5.5/luna88k/INSTALL.luna88k</a>
488: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/macppc/INSTALL.macppc">
489: .../OpenBSD/5.5/macppc/INSTALL.macppc</a>
490: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/mvme68k/INSTALL.mvme68k">
491: .../OpenBSD/5.5/mvme68k/INSTALL.mvme68k</a>
492: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/mvme88k/INSTALL.mvme88k">
493: .../OpenBSD/5.5/mvme88k/INSTALL.mvme88k</a>
494: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/octeon/INSTALL.octeon">
495: .../OpenBSD/5.5/octeon/INSTALL.octeon</a>
496: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/sgi/INSTALL.sgi">
497: .../OpenBSD/5.5/sgi/INSTALL.sgi</a>
498: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/socppc/INSTALL.socppc">
499: .../OpenBSD/5.5/socppc/INSTALL.socppc</a>
500: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/sparc/INSTALL.sparc">
501: .../OpenBSD/5.5/sparc/INSTALL.sparc</a>
502: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/vax/INSTALL.vax">
503: .../OpenBSD/5.5/vax/INSTALL.vax</a>
504: <li><a href="http://www.openbsd.org/pub/OpenBSD/5.5/zaurus/INSTALL.zaurus">
505: .../OpenBSD/5.5/zaurus/INSTALL.zaurus</a>
1.1 deraadt 506: </ul>
507: <hr>
508:
509: <p>
510: Quick installer information for people familiar with OpenBSD, and the
511: use of the "disklabel -E" command. If you are at all confused when
512: installing OpenBSD, read the relevant INSTALL.* file as listed above!
513: <p>
514:
515: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
516: <ul>
517: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
518: release is on CD1. If your BIOS does not support booting from CD, you will need
519: to create a boot floppy to install from. To create a boot floppy write
520: <i>CD1:5.5/i386/floppy55.fs</i> to a floppy and boot via the floppy drive.
521:
522: <p>
523: Use <i>CD1:5.5/i386/floppyB55.fs</i> instead for greater SCSI controller
524: support, or <i>CD1:5.5/i386/floppyC55.fs</i> for better laptop support.
525:
526: <p>
527: If you can't boot from a CD or a floppy disk,
528: you can install across the network using PXE as described in
529: the included INSTALL.i386 document.
530:
531: <p>
532: If you are planning on dual booting OpenBSD with another OS, you will need to
533: read INSTALL.i386.
534:
535: <p>
536: To make a boot floppy under MS-DOS, use the "rawrite" utility located
537: at <i>CD1:5.5/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
538: use the
539: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
540: utility. The following is an example usage of
541: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
542: where the device could be "floppy", "rfd0c", or
543: "rfd0a".
544:
545: <ul><pre>
546: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
547: </pre></ul>
548:
549: <p>
550: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
551: your install will most likely fail. For more information on creating a boot
552: floppy and installing OpenBSD/i386 please refer to
553: <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
554: </ul>
555:
556: <p>
557: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
558: <ul>
559: The 5.5 release of OpenBSD/amd64 is located on CD2.
560: Boot from the CD to begin the install - you may need to adjust
561: your BIOS options first.
562: If you can't boot from the CD, you can create a boot floppy to install from.
563: To do this, write <i>CD2:5.5/amd64/floppy55.fs</i> to a floppy, then
564: boot from the floppy drive.
565:
566: <p>
567: If you can't boot from a CD or a floppy disk,
568: you can install across the network using PXE as described in the included
569: INSTALL.amd64 document.
570:
571: <p>
572: If you are planning to dual boot OpenBSD with another OS, you will need to
573: read INSTALL.amd64.
574: </ul>
575:
576: <p>
577: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
578: <ul>
579: Burn the image from the FTP site to a CDROM, and power on your machine
580: while holding down the <i>C</i> key until the display turns on and
581: shows <i>OpenBSD/macppc boot</i>.
582:
583: <p>
584: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
585: /5.5/macppc/bsd.rd</i>
586: </ul>
587:
588: <p>
589: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
590: <ul>
591: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
592:
593: <p>
594: If this doesn't work, or if you don't have a CDROM drive, you can write
595: <i>CD3:5.5/sparc64/floppy55.fs</i> or <i>CD3:5.5/sparc64/floppyB55.fs</i>
596: (depending on your machine) to a floppy and boot it with <i>boot
597: floppy</i>. Refer to INSTALL.sparc64 for details.
598:
599: <p>
600: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
601: will most likely fail.
602:
603: <p>
604: You can also write <i>CD3:5.5/sparc64/miniroot55.fs</i> to the swap partition on
605: the disk and boot with <i>boot disk:b</i>.
606:
607: <p>
608: If nothing works, you can boot over the network as described in INSTALL.sparc64.
609: </ul>
610:
611: <p>
612: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
613: <ul>
614: <p>Write <i>FTP:5.5/alpha/floppy55.fs</i> or
615: <i>FTP:5.5/alpha/floppyB55.fs</i> (depending on your machine) to a diskette and
616: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
617:
618: <p>
619: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
620: will most likely fail.
621:
622: </ul>
623:
624: <p>
625: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
626: <ul>
627: <p>
628: After connecting a serial port, Thecus can boot directly from the network
629: either tftp or http. Configure the network using fconfig, reset,
630: then load bsd.rd, see INSTALL.armish for specific details.
631: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
632: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
633: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
634: More details are available in INSTALL.armish.
635: </ul>
636:
637: <p>
638: <h3><font color="#e00000">OpenBSD/hp300:</font></h3>
639: <ul>
640: <p>
641: Boot over the network by following the instructions in INSTALL.hp300.
642: </ul>
643:
644: <p>
645: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
646: <ul>
647: <p>
648: Boot over the network by following the instructions in INSTALL.hppa or the
649: <a href="hppa.html#install">hppa platform page</a>.
650: </ul>
651:
652: <p>
653: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
654: <ul>
655: <p>
656: Write <i>miniroot55.fs</i> to the start of the CF
657: or disk, and boot normally.
658: </ul>
659:
660: <p>
661: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
662: <ul>
663: <p>
664: Write <i>miniroot55.fs</i> to a USB stick and boot bsd.rd from it
665: or boot bsd.rd via tftp.
666: Refer to the instructions in INSTALL.loongson for more details.
667: </ul>
668: <p>
669:
670: <p>
671: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
672: <ul>
673: <p>
674: Copy bsd.rd to a Mach or UniOS partition, and boot it from the PROM.
675: Alternatively, you can create a bootable tape and boot from it. Refer to
676: the instructions in INSTALL.luna88k for more details.
677: </ul>
678:
679: <p>
680: <h3><font color="#e00000">OpenBSD/mvme68k:</font></h3>
681: <ul>
682: <p>
683: You can create a bootable installation tape or boot over the network.<br>
684: The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
685: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
686: for more details.
687: </ul>
688:
689: <p>
690: <h3><font color="#e00000">OpenBSD/mvme88k:</font></h3>
691: <ul>
692: <p>
693: You can create a bootable installation tape or boot over the network.<br>
694: The network boot requires a MVME88K BUG version that supports the <i>NIOT</i>
695: and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme88k
696: for more details.
697: </ul>
698:
699: <p>
700: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
701: <ul>
702: <p>
703: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
704: Refer to the instructions in INSTALL.octeon for more details.
705: </ul>
706:
707: <p>
708: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
709: <ul>
710: <p>
711: To install on an O2, burn cd55.iso on a CD-R, put it in the CD drive of your
712: machine and select <i>Install System Software</i> from the System Maintenance
713: menu.
714:
715: <p>
716: On other systems, or if your machine doesn't have a CD drive, you can
717: setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using
718: the kernel matching your system type.
719: Refer to the instructions in INSTALL.sgi for more details.
720: </ul>
721:
722: <p>
723: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
724: <ul>
725: <p>
726: After connecting a serial port, boot over the network via DHCP/tftp.
727: Refer to the instructions in INSTALL.socppc for more details.
728: </ul>
729:
730: <p>
731: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
732: <ul>
733: Boot from one of the provided install ISO images, using one of the two
734: commands listed below, depending on the version of your ROM.
735:
736: <ul><pre>
737: ok <strong>boot cdrom 5.5/sparc/bsd.rd</strong>
738: or
739: > <strong>b sd(0,6,0)5.5/sparc/bsd.rd</strong>
740: </pre></ul>
741:
742: <p>
743: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
744: To do so you need to write <i>floppy55.fs</i> to a floppy.
745: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
746: To boot from the floppy use one of the two commands listed below,
747: depending on the version of your ROM.
748:
749: <ul><pre>
750: ok <strong>boot floppy</strong>
751: or
752: > <strong>b fd()</strong>
753: </pre></ul>
754:
755: <p>
756: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
757: will most likely fail.
758:
759: <p>
760: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
761: setup a bootable tape, or install via network, as told in the
762: INSTALL.sparc file.
763: </ul>
764:
765: <p>
766: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
767: <ul>
768: Boot over the network via mopbooting as described in INSTALL.vax.
769: </ul>
770:
771: <p>
772: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
773: <ul>
774: <p>
775: Using the Linux built-in graphical ipkg installer, install the
776: openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
777: for a few important details.
778: </ul>
779:
780: <p>
781: <h3><font color="#e00000">Notes about the source code:</font></h3>
782: <ul>
783: src.tar.gz contains a source archive starting at /usr/src. This file
784: contains everything you need except for the kernel sources, which are
785: in a separate archive. To extract:
786: <p>
787: <ul><pre>
788: # <strong>mkdir -p /usr/src</strong>
789: # <strong>cd /usr/src</strong>
790: # <strong>tar xvfz /tmp/src.tar.gz</strong>
791: </pre></ul>
792: <p>
793: sys.tar.gz contains a source archive starting at /usr/src/sys.
794: This file contains all the kernel sources you need to rebuild kernels.
795: To extract:
796: <p>
797: <ul><pre>
798: # <strong>mkdir -p /usr/src/sys</strong>
799: # <strong>cd /usr/src</strong>
800: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
801: </pre></ul>
802: <p>
803: Both of these trees are a regular CVS checkout. Using these trees it
804: is possible to get a head-start on using the anoncvs servers as
805: described <a href="anoncvs.html">here</a>.
806: Using these files
807: results in a much faster initial CVS update than you could expect from
808: a fresh checkout of the full OpenBSD source tree.
809: <p>
810: </ul>
811:
812: <a name="upgrade"></a>
813: <hr>
814: <p>
815: <h3><font color="#0000e0">How to upgrade</font></h3>
816: <p>
817: If you already have an OpenBSD 5.4 system, and do not want to reinstall,
818: upgrade instructions and advice can be found in the
819: <a href="faq/upgrade55.html">Upgrade Guide</a>.
820:
821: <a name="ports"></a>
822: <hr>
823: <p>
824: <h3><font color="#0000e0">Ports Tree</font></h3>
825: <p>
826: A ports tree archive is also provided. To extract:
827: <p>
828: <ul><pre>
829: # <strong>cd /usr</strong>
830: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
831: </pre></ul>
832: <p>
833: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
834: read the <a href="faq/ports/index.html">ports</a> page
835: if you know nothing about ports
836: at this point. This text is not a manual of how to use ports.
837: Rather, it is a set of notes meant to kickstart the user on the
838: OpenBSD ports system.
839: <p>
840: The <i>ports/</i> directory represents a CVS (see the manpage for
841: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
842: cvs(1)</a> if
843: you aren't familiar with CVS) checkout of our ports. As with our complete
844: source tree, our ports tree is available via
845: <a href="anoncvs.html">AnonCVS</a>.
846: So, in order to keep current with it, you must make the <i>ports/</i> tree
847: available on a read-write medium and update the tree with a command
848: like:
849: <p>
850: <ul><pre>
851: # <strong>cd /usr/ports</strong>
852: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5</strong>
853: </pre></ul>
854: <p>
855: [Of course, you must replace the server name here with a nearby anoncvs
856: server.]
857: <p>
858: Note that most ports are available as packages through FTP. Updated
859: packages for the 5.5 release will be made available if problems arise.
860: <p>
861: If you're interested in seeing a port added, would like to help out, or just
862: would like to know more, the mailing list
863: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
864: <p>
865: </body>
866: </html>