version 1.88, 2019/04/24 15:54:54 |
version 1.89, 2019/05/27 22:55:18 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=release> |
<head> |
<meta charset=utf-8> |
|
|
<title>OpenBSD 5.8</title> |
<title>OpenBSD 5.8</title> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> |
|
<meta name="description" content="OpenBSD 5.8"> |
<meta name="description" content="OpenBSD 5.8"> |
<meta name="copyright" content="This document copyright 2015 by OpenBSD."> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/58.html"> |
<link rel="canonical" href="https://www.openbsd.org/58.html"> |
</head> |
|
|
|
<body bgcolor="#ffffff" text="#000000" link="#24248E"> |
|
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">5.8</font> |
5.8 |
</h2> |
</h2> |
|
|
|
<table> |
|
<tr> |
|
<td> |
<a href="images/fishhearts.jpg"> |
<a href="images/fishhearts.jpg"> |
<img align="left" width="227" height="343" hspace="24" src="images/fishhearts.jpg"></a> |
<img width="227" height="343" src="images/fishhearts.jpg" alt="Fish Hearts"></a> |
|
<td> |
Released Oct 18, 2015<br> |
Released Oct 18, 2015<br> |
Copyright 1997-2015, Theo de Raadt.<br> |
Copyright 1997-2015, Theo de Raadt.<br> |
<font color="#e00000">ISBN 978-0-9881561-6-6</font> |
<cite class=isbn>ISBN 978-0-9881561-6-6</cite> |
<br> |
<br> |
5.8 Songs: <a href="lyrics.html#58a">"20 years ago today"</a>, |
5.8 Songs: <a href="lyrics.html#58a">"20 years ago today"</a>, |
<a href="lyrics.html#58b">"Fanza"</a>, |
<a href="lyrics.html#58b">"Fanza"</a>, |
|
|
<ul> |
<ul> |
<li>See the information on <a href="ftp.html">the FTP page</a> for |
<li>See the information on <a href="ftp.html">the FTP page</a> for |
a list of mirror machines. |
a list of mirror machines. |
<li>Go to the <font color="#e00000">pub/OpenBSD/5.8/</font> directory on |
<li>Go to the <code class=reldir>pub/OpenBSD/5.8/</code> directory on |
one of the mirror sites. |
one of the mirror sites. |
<li>Have a look at <a href="errata58.html">the 5.8 errata page</a> for a list |
<li>Have a look at <a href="errata58.html">the 5.8 errata page</a> for a list |
of bugs and workarounds. |
of bugs and workarounds. |
<li>See a <a href="plus58.html">detailed log of changes</a> between the |
<li>See a <a href="plus58.html">detailed log of changes</a> between the |
5.7 and 5.8 releases. |
5.7 and 5.8 releases. |
<p> |
<p> |
<li><a href="https://man.openbsd.org/?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<p> |
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a> pubkeys for this release:<p> |
|
|
<table cellspacing=0 style='font-family:monospace'><tr> |
<table class=signify> |
<td> |
<tr><td> |
openbsd-58-base.pub: |
openbsd-58-base.pub: |
</td><td> |
<td> |
RWQNNZXtC/MqP3Eiu+6FBz/qrxiWQwDhd+9Yljzp62UP4KzFmmvzVk60 |
RWQNNZXtC/MqP3Eiu+6FBz/qrxiWQwDhd+9Yljzp62UP4KzFmmvzVk60 |
</td></tr><tr><td> |
<tr><td> |
openbsd-58-fw.pub: |
openbsd-58-fw.pub: |
</td><td> |
<td> |
RWTpkvg4fhJCDx9yL4bUCou/vtAecPVTfcaaGESQeBruwX/qHToMvWh6 |
RWTpkvg4fhJCDx9yL4bUCou/vtAecPVTfcaaGESQeBruwX/qHToMvWh6 |
</td></tr><tr><td> |
<tr><td> |
openbsd-58-pkg.pub: |
openbsd-58-pkg.pub: |
</td><td> |
<td> |
RWRlkI2aFHvL/XGqD+lFerD/xUi/jnAXKwdFQwZDekYwDrEPSpSWgpI9 |
RWRlkI2aFHvL/XGqD+lFerD/xUi/jnAXKwdFQwZDekYwDrEPSpSWgpI9 |
</td></tr> |
|
</table> |
</table> |
|
|
<p> |
<p> |
|
|
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the |
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the |
files fetched via ports.tar.gz. |
files fetched via ports.tar.gz. |
</ul> |
</ul> |
<br clear=all> |
</table> |
<br> |
|
NOTE: The src.tar.gz file on the CD is incorrect; see |
|
<a href="errata58.html#006_src">5.8 errata 006</a>.</b> |
|
<p> |
<p> |
|
NOTE: The src.tar.gz file on the CD is incorrect; see |
|
<a href="errata58.html#006_src">5.8 errata 006</a>. |
|
|
<a name="new"></a> |
|
<hr> |
<hr> |
|
|
|
<section id=new> |
|
<h3>What's New</h3> |
|
|
<p> |
<p> |
<h3><font color="#0000e0">What's New</font></h3> |
|
<p> |
|
This is a partial list of new features and systems included in OpenBSD 5.8. |
This is a partial list of new features and systems included in OpenBSD 5.8. |
For a comprehensive list, see the <a href="plus58.html">changelog</a> leading |
For a comprehensive list, see the <a href="plus58.html">changelog</a> leading |
to 5.8. |
to 5.8. |
<p> |
|
|
|
<ul> |
<ul> |
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
<li>New <a href="https://man.openbsd.org/?query=rtwn&sec=4">rtwn(4)</a> driver for Realtek RTL8188CE wifi cards. |
<li>New <a href="https://man.openbsd.org/rtwn&sec=4">rtwn(4)</a> driver for Realtek RTL8188CE wifi cards. |
<li>New <a href="https://man.openbsd.org/?query=hpb&sec=4&arch=macppc">hpb(4)</a> driver for HyperTransport bridges as found in the IBM CPC945. |
<li>New <a href="https://man.openbsd.org/hpb&sec=4&arch=macppc">hpb(4)</a> driver for HyperTransport bridges as found in the IBM CPC945. |
<li>The <a href="https://man.openbsd.org/?query=ugold&sec=4">ugold(4)</a> driver now supports TEMPerHUMV1.x temperature and humidity sensors. |
<li>The <a href="https://man.openbsd.org/ugold&sec=4">ugold(4)</a> driver now supports TEMPerHUMV1.x temperature and humidity sensors. |
<li>Improved sensor support for the <a href="https://man.openbsd.org/?query=upd&sec=4">upd(4)</a> driver for USB Power Devices (UPS). |
<li>Improved sensor support for the <a href="https://man.openbsd.org/upd&sec=4">upd(4)</a> driver for USB Power Devices (UPS). |
<li>Support for jumbo frames on <a href="https://man.openbsd.org/?query=re&sec=4">re(4)</a> devices using RTL8168C/D/E/F/G and RTL8411, including PC Engines APU. |
<li>Support for jumbo frames on <a href="https://man.openbsd.org/re&sec=4">re(4)</a> devices using RTL8168C/D/E/F/G and RTL8411, including PC Engines APU. |
<li><a href="https://man.openbsd.org/?query=re&sec=4">re(4)</a> now works with newer devices e.g. RTL8111GU. |
<li><a href="https://man.openbsd.org/re&sec=4">re(4)</a> now works with newer devices e.g. RTL8111GU. |
<li>Partial support has been added for full-speed isochronous devices in <a href="https://man.openbsd.org/?query=ehci&sec=4">ehci(4)</a>, allowing USB 1.1 audio devices to be used on EHCI-only systems in some cases. |
<li>Partial support has been added for full-speed isochronous devices in <a href="https://man.openbsd.org/ehci&sec=4">ehci(4)</a>, allowing USB 1.1 audio devices to be used on EHCI-only systems in some cases. |
<li>Improved macppc stability and G5 performances with MP kernels. |
<li>Improved macppc stability and G5 performances with MP kernels. |
<li><a href="https://man.openbsd.org/?query=acpicpu&sec=4">acpicpu(4)</a> uses ACPI C-state information to reduce power consumption of idle CPUs. |
<li><a href="https://man.openbsd.org/acpicpu&sec=4">acpicpu(4)</a> uses ACPI C-state information to reduce power consumption of idle CPUs. |
<li>Kernel supports x86 AVX instructions on CPUs that have them. |
<li>Kernel supports x86 AVX instructions on CPUs that have them. |
<li>Avoid assigning low address to PCI BARs, fixing various issues on machines whose BIOSes neglect to claim low memory. |
<li>Avoid assigning low address to PCI BARs, fixing various issues on machines whose BIOSes neglect to claim low memory. |
<li><a href="https://man.openbsd.org/?query=wscons&sec=4">wscons(4)</a> works with even more odd trackpads. |
<li><a href="https://man.openbsd.org/wscons&sec=4">wscons(4)</a> works with even more odd trackpads. |
<li>Added <a href="https://man.openbsd.org/?query=pvbus&sec=4">pvbus(4)</a> paravirtual device tree root on virtual machines that are running on hypervisors. |
<li>Added <a href="https://man.openbsd.org/pvbus&sec=4">pvbus(4)</a> paravirtual device tree root on virtual machines that are running on hypervisors. |
<li>New octdwctwo(4) driver for USB support on OpenBSD/octeon. |
<li>New octdwctwo(4) driver for USB support on OpenBSD/octeon. |
<li>New <a href="https://man.openbsd.org/?query=amdcf&sec=4">amdcf(4)</a> driver for embedded flash on OpenBSD/octeon. |
<li>New <a href="https://man.openbsd.org/amdcf&sec=4">amdcf(4)</a> driver for embedded flash on OpenBSD/octeon. |
<li>Support for RTL8188EU devices was added to the <a href="https://man.openbsd.org/?query=urtwn&sec=4">urtwn(4)</a> driver. |
<li>Support for RTL8188EU devices was added to the <a href="https://man.openbsd.org/urtwn&sec=4">urtwn(4)</a> driver. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Removed hardware support: |
<li>Removed hardware support: |
<ul> |
<ul> |
<li>The <a href="https://man.openbsd.org/OpenBSD-5.7/man4/lmc.4?query=lmc&sec=4">lmc(4)</a> driver for Lan Media Corporation SSI/T1/DS1/HSSI/DS3 devices has been removed. |
<li>The <a href="https://man.openbsd.org/OpenBSD-5.7/man4/lmc.4">lmc(4)</a> driver for Lan Media Corporation SSI/T1/DS1/HSSI/DS3 devices has been removed. |
<li>The <a href="https://man.openbsd.org/OpenBSD-5.7/man4/san.4?query=san&sec=4">san(4)</a> driver for Sangoma Technologies AFT T1/E1 devices has been removed. |
<li>The <a href="https://man.openbsd.org/OpenBSD-5.7/man4/san.4">san(4)</a> driver for Sangoma Technologies AFT T1/E1 devices has been removed. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Generic network stack improvements: |
<li>Generic network stack improvements: |
<ul> |
<ul> |
<li>MTU of <a href="https://man.openbsd.org/?query=vlan&sektion=4">vlan(4)</a> devices can now be set independently from the parent interface's MTU. |
<li>MTU of <a href="https://man.openbsd.org/vlan.4">vlan(4)</a> devices can now be set independently from the parent interface's MTU. |
<li>The same network range can now be assigned to multiple interfaces, using interface priorities to choose between them. |
<li>The same network range can now be assigned to multiple interfaces, using interface priorities to choose between them. |
<li>New MPLS pseudowire driver <a href="https://man.openbsd.org/?query=mpw&sektion=4">mpw(4)</a>. |
<li>New MPLS pseudowire driver <a href="https://man.openbsd.org/mpw.4">mpw(4)</a>. |
<li>Much preparatory work for MP unlocking of the network stack. |
<li>Much preparatory work for MP unlocking of the network stack. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>The default answer is now 'no'. |
<li>The default answer is now 'no'. |
<li>'prohibit-password' has been added to the list of possible answers. |
<li>'prohibit-password' has been added to the list of possible answers. |
</ul> |
</ul> |
<li><a href="https://man.openbsd.org/?query=autoinstall&sec=8">autoinstall(8)</a> |
<li><a href="https://man.openbsd.org/autoinstall&sec=8">autoinstall(8)</a> |
has been extended to allow |
has been extended to allow |
<ul> |
<ul> |
<li><tt>hostname-mode.conf</tt> response file names. |
<li><code>hostname-mode.conf</code> response file names. |
<li>response files to be placed in a subdir of the webserver's document root. |
<li>response files to be placed in a subdir of the webserver's document root. |
<li>passing a template file to |
<li>passing a template file to |
<a href="https://man.openbsd.org/?query=disklabel&sec=8">disklabel(8)</a> |
<a href="https://man.openbsd.org/disklabel&sec=8">disklabel(8)</a> |
to automatically partition the disk. |
to automatically partition the disk. |
</ul> |
</ul> |
<li><a href="https://man.openbsd.org/?query=ntpd&sec=8">ntpd(8)</a> |
<li><a href="https://man.openbsd.org/ntpd&sec=8">ntpd(8)</a> |
is now enabled by default at install time. |
is now enabled by default at install time. |
<li>DUID support has improved enough that new installs now use them unconditionally. |
<li>DUID support has improved enough that new installs now use them unconditionally. |
<li>Installing sets from CD-ROM has been fixed if more than one CD-ROM drive is present. |
<li>Installing sets from CD-ROM has been fixed if more than one CD-ROM drive is present. |
|
|
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li>Many improvements and simplifications in <a href="https://man.openbsd.org/?query=ldpd&sektion=8">ldpd(8)</a>, including configuration reload and support for <a href="https://man.openbsd.org/?query=mpw&sektion=4">mpw(4)</a> pseudowire interfaces. |
<li>Many improvements and simplifications in <a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>, including configuration reload and support for <a href="https://man.openbsd.org/mpw.4">mpw(4)</a> pseudowire interfaces. |
<li><a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> now allows rules to match on the peer AS number. |
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> now allows rules to match on the peer AS number. |
<li>For terminated BGP sessions, <a href="https://man.openbsd.org/?query=bgpctl&sektion=8">bgpctl(8)</a> now displays the number of prefixes received on the last session. |
<li>For terminated BGP sessions, <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> now displays the number of prefixes received on the last session. |
<li><a href="https://man.openbsd.org/?query=ospfd&sektion=8">ospfd(8)</a> now correctly handles <a href="https://man.openbsd.org/?query=carp&sektion=4">carp(4)</a> interfaces in "backup" mode at startup. |
<li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> now correctly handles <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces in "backup" mode at startup. |
<li>Log messages in <a href="https://man.openbsd.org/?query=bgpd&sektion=8">bgpd(8)</a> and <a href="https://man.openbsd.org/?query=ospfd&sektion=8">ospfd(8)</a> have been made more specific. |
<li>Log messages in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> have been made more specific. |
<li>The default Diffie-Hellman group for VPNs configured by <a href="https://man.openbsd.org/?query=ipsec.conf&sektion=5">ipsec.conf(5)</a> has been changed to modp3072. |
<li>The default Diffie-Hellman group for VPNs configured by <a href="https://man.openbsd.org/ipsec.conf.5">ipsec.conf(5)</a> has been changed to modp3072. |
<li>New <a href="https://man.openbsd.org/?query=radiusd&sektion=8">radiusd(8)</a>, |
<li>New <a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a>, |
Remote Authentication Dial In User Service (RADIUS) daemon. |
Remote Authentication Dial In User Service (RADIUS) daemon. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
<li>sudo in base has been replaced with <a href="https://man.openbsd.org/?query=doas&sektion=1">doas(1)</a>, sudo is available as a package. |
<li>sudo in base has been replaced with <a href="https://man.openbsd.org/doas.1">doas(1)</a>, sudo is available as a package. |
<li><a href="https://man.openbsd.org/?query=file&sektion=1">file(1)</a> has been replaced with a new modern implementation, including sandbox and privilege separation. |
<li><a href="https://man.openbsd.org/file.1">file(1)</a> has been replaced with a new modern implementation, including sandbox and privilege separation. |
<li><a href="https://man.openbsd.org/?query=pax&sektion=1">pax(1)</a> (and <a href="https://man.openbsd.org/?query=tar&sektion=1">tar(1)</a> and <a href="https://man.openbsd.org/?query=cpio&sektion=1">cpio(1)</a>) now prevent archive extraction from escaping the current directory via symlinks; <a href="https://man.openbsd.org/?query=tar&sektion=1">tar(1)</a> without <tt>-P</tt> option now strips up through any "<tt>..</tt>" path components. |
<li><a href="https://man.openbsd.org/pax.1">pax(1)</a> (and <a href="https://man.openbsd.org/tar.1">tar(1)</a> and <a href="https://man.openbsd.org/cpio.1">cpio(1)</a>) now prevent archive extraction from escaping the current directory via symlinks; <a href="https://man.openbsd.org/tar.1">tar(1)</a> without <code>-P</code> option now strips up through any "<code>..</code>" path components. |
<li>Static PIE support for sparc. |
<li>Static PIE support for sparc. |
<li>Alpha switched to secure PLT. |
<li>Alpha switched to secure PLT. |
<li>Improved kernel checks of ELF headers. |
<li>Improved kernel checks of ELF headers. |
<li>Support for the NX (No-eXecute) bit on i386, resulting in much better W^X enforcement in userland for hardware that has this feature. |
<li>Support for the NX (No-eXecute) bit on i386, resulting in much better W^X enforcement in userland for hardware that has this feature. |
<li>Enforcement of W^X in the kernel address space on i386 when using processors with the NX bit. |
<li>Enforcement of W^X in the kernel address space on i386 when using processors with the NX bit. |
<li>Work started on a new process-containment facility called <a href="https://man.openbsd.org/?query=tame&sektion=2&manpath=OpenBSD-5.8">tame(2)</a>. |
<li>Work started on a new process-containment facility called <a href="https://man.openbsd.org/OpenBSD-5.8/tame.2">tame(2)</a>. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Assorted improvements: |
<li>Assorted improvements: |
<ul> |
<ul> |
<li>The <a href="https://man.openbsd.org/?query=worm&sektion=6">worm(6)</a> |
<li>The <a href="https://man.openbsd.org/worm.6">worm(6)</a> |
now grows at a rate proportional to terminal size. |
now grows at a rate proportional to terminal size. |
<li><a href="https://man.openbsd.org/?query=dlfcn&sektion=3">dlclose(3)</a> now unregisters handlers registered by a <a href="https://man.openbsd.org/?query=pthread_atfork&sektion=3">pthread_atfork(3)</a> call from the unloaded libraries. |
<li><a href="https://man.openbsd.org/dlfcn.3">dlclose(3)</a> now unregisters handlers registered by a <a href="https://man.openbsd.org/pthread_atfork.3">pthread_atfork(3)</a> call from the unloaded libraries. |
<li><a href="https://man.openbsd.org/?query=cp&sektion=1">cp(1)</a>, <a href="https://man.openbsd.org/?query=mv&sektion=1">mv(1)</a>, and <a href="https://man.openbsd.org/?query=pax&sektion=1">pax(1)</a> with the <tt>-rw</tt> option now preserve timestamps with full nanosecond precision. |
<li><a href="https://man.openbsd.org/cp.1">cp(1)</a>, <a href="https://man.openbsd.org/mv.1">mv(1)</a>, and <a href="https://man.openbsd.org/pax.1">pax(1)</a> with the <code>-rw</code> option now preserve timestamps with full nanosecond precision. |
<li><a href="https://man.openbsd.org/?query=pax&sektion=1">pax(1)</a> now detects failure to decompress an archive when reading it and errors out immediately. |
<li><a href="https://man.openbsd.org/pax.1">pax(1)</a> now detects failure to decompress an archive when reading it and errors out immediately. |
<li><a href="https://man.openbsd.org/?query=nm&sektion=1">nm(1)</a> now supports the <tt>-D</tt> option for displaying the dynamic symbol table. |
<li><a href="https://man.openbsd.org/nm.1">nm(1)</a> now supports the <code>-D</code> option for displaying the dynamic symbol table. |
<li><a href="https://man.openbsd.org/?query=dump&sektion=8">dump(8)</a> now uses DUIDs in <tt>/etc/dumpdates</tt> when present and the <tt>-U</tt> option has thus been removed. |
<li><a href="https://man.openbsd.org/dump.8">dump(8)</a> now uses DUIDs in <code>/etc/dumpdates</code> when present and the <code>-U</code> option has thus been removed. |
<li>Corrected <a href="https://man.openbsd.org/?query=kdump&sektion=1">kdump(1)</a> reporting of <a href="https://man.openbsd.org/?query=lseek&sektion=2">lseek(2)</a> return value on ILP32 archs and <a href="https://man.openbsd.org/?query=getsockopt&sektion=2">getsockopt/setsockopt(2)</a> level and optname arguments. <tt>iovec</tt>, <tt>msghdr</tt>, and <tt>cmsghdr</tt> structures are now dumped. |
<li>Corrected <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> reporting of <a href="https://man.openbsd.org/lseek.2">lseek(2)</a> return value on ILP32 archs and <a href="https://man.openbsd.org/getsockopt.2">getsockopt/setsockopt(2)</a> level and optname arguments. <code>iovec</code>, <code>msghdr</code>, and <code>cmsghdr</code> structures are now dumped. |
<li><a href="https://man.openbsd.org/?query=sed&sektion=1">sed(1)</a> <tt>-i</tt> option added. |
<li><a href="https://man.openbsd.org/sed.1">sed(1)</a> <code>-i</code> option added. |
<li>New, much simpler <a href="https://man.openbsd.org/?query=man.conf&sektion=5">man.conf(5)</a> configuration file format |
<li>New, much simpler <a href="https://man.openbsd.org/man.conf.5">man.conf(5)</a> configuration file format |
for <a href="https://man.openbsd.org/?query=man&sektion=1">man(1)</a>, |
for <a href="https://man.openbsd.org/man.1">man(1)</a>, |
<a href="https://man.openbsd.org/?query=apropos&sektion=1">apropos(1)</a>, |
<a href="https://man.openbsd.org/apropos.1">apropos(1)</a>, |
and <a href="https://man.openbsd.org/?query=makewhatis&sektion=8">makewhatis(8)</a>. |
and <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>. |
<li>When using <a href="https://man.openbsd.org/?query=man&sektion=1">man(1)</a> |
<li>When using <a href="https://man.openbsd.org/man.1">man(1)</a> |
with the <a href="https://man.openbsd.org/?query=less&sektion=1">less(1)</a> pager, |
with the <a href="https://man.openbsd.org/less.1">less(1)</a> pager, |
support the <tt>:t</tt> internal command |
support the <code>:t</code> internal command |
to search for definitions of keywords similar to what |
to search for definitions of keywords similar to what |
<a href="https://man.openbsd.org/?query=ctags&sektion=1">ctags(1)</a> provides. |
<a href="https://man.openbsd.org/ctags.1">ctags(1)</a> provides. |
<li>Improvements in checking of numeric option values in <b>many</b> utilities. |
<li>Improvements in checking of numeric option values in <b>many</b> utilities. |
<li>Upgraded to binutils version 2.17 with additional fixes. |
<li>Upgraded to binutils version 2.17 with additional fixes. |
<li>Improved correctness of <a href="https://man.openbsd.org/?query=poll&sektion=2">poll(2)</a> and <a href="https://man.openbsd.org/?query=poll&sektion=2">poll(2)</a> of <tt>O_RDONLY</tt> FIFO fds. |
<li>Improved correctness of <a href="https://man.openbsd.org/poll.2">poll(2)</a> and <a href="https://man.openbsd.org/poll.2">poll(2)</a> of <code>O_RDONLY</code> FIFO fds. |
<li>Restored reporting of closed sockets by <a href="https://man.openbsd.org/?query=netstat&sektion=1">netstat(1)</a> and <a href="https://man.openbsd.org/?query=systat&sektion=1">systat(1)</a>. |
<li>Restored reporting of closed sockets by <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> and <a href="https://man.openbsd.org/systat.1">systat(1)</a>. |
<li><a href="https://man.openbsd.org/?query=fdisk&sektion=8">fdisk(8)</a> now zeros correct GPT sector at end of disk. |
<li><a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> now zeros correct GPT sector at end of disk. |
<li><a href="https://man.openbsd.org/?query=fdisk&sektion=8">fdisk(8)</a> now accepts 'T' sizes for terabytes. |
<li><a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> now accepts 'T' sizes for terabytes. |
<li><a href="https://man.openbsd.org/?query=fdisk&sektion=8">fdisk(8)</a> repaired to work on 4K sector disks again. |
<li><a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> repaired to work on 4K sector disks again. |
<li><a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> now logs correct giaddr and ciaddr information even when DHCP relays are present. |
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> now logs correct giaddr and ciaddr information even when DHCP relays are present. |
<li><a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> now accommodates Linux and MS clients by not sending routers or static routes info when classless static routes are sent. |
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> now accommodates Linux and MS clients by not sending routers or static routes info when classless static routes are sent. |
<li><a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> and <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> now accept hostnames beginning with a digit. |
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> and <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> now accept hostnames beginning with a digit. |
<li><a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> no longer rejects leases with addresses overlapping existing subnets on other interfaces. Kernel routing logic now just works. |
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> no longer rejects leases with addresses overlapping existing subnets on other interfaces. Kernel routing logic now just works. |
<li>Improvements to <a href="https://man.openbsd.org/?query=realloc&sektion=3">realloc(3)</a> decrease system calls and increase efficiency. |
<li>Improvements to <a href="https://man.openbsd.org/realloc.3">realloc(3)</a> decrease system calls and increase efficiency. |
<li>The reaper now tears down dead processes without holding on to |
<li>The reaper now tears down dead processes without holding on to |
the kernel lock. This greatly reduces latency and increases |
the kernel lock. This greatly reduces latency and increases |
performance on multi-processor systems. |
performance on multi-processor systems. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>OpenBSD <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a>: |
<li>OpenBSD <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>: |
<ul> |
<ul> |
<li>New features: |
<li>New features: |
<ul> |
<ul> |
<li>Added support for matching and redirections with Lua <a href="https://man.openbsd.org/OpenBSD-current/man7/patterns.7">patterns(7)</a>. |
<li>Added support for matching and redirections with Lua <a href="https://man.openbsd.org/OpenBSD-current/man7/patterns.7">patterns(7)</a>. |
<li>Implemented If-Modified-Since for conditional GET or HEAD requests (RFC 7232). |
<li>Implemented If-Modified-Since for conditional GET or HEAD requests (RFC 7232). |
<li>Added byte-range support for range requests (RFC 7233). |
<li>Added byte-range support for range requests (RFC 7233). |
<li>Allowing to specify a global or per-location default media type instead of <tt>application/octet-stream</tt>. |
<li>Allowing to specify a global or per-location default media type instead of <code>application/octet-stream</code>. |
<li>Added support for HTTP Strict Transport Security (HSTS; RFC 6797). |
<li>Added support for HTTP Strict Transport Security (HSTS; RFC 6797). |
<li>Added initial regression test suite based on <a href="https://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>'s implementation. |
<li>Added initial regression test suite based on <a href="https://man.openbsd.org/OpenBSD-current/man8/relayd.8">relayd(8)</a>'s implementation. |
</ul> |
</ul> |
|
|
|
|
<li>OpenSMTPD 5.4.4 |
<li>OpenSMTPD 5.4.4 |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/?query=smtpd&sektion=8">smtpd(8)</a> reliability and bug fixes. |
<li><a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> reliability and bug fixes. |
<li><b>NOTE: Some security risks were discovered and fixed after the |
<li><b>NOTE: Some security risks were discovered and fixed after the |
OpenBSD 5.8 release. |
OpenBSD 5.8 release. |
See <a href="errata58.html#004_smtpd">5.8 errata 004</a>.</b> |
See <a href="errata58.html#004_smtpd">5.8 errata 004</a>.</b> |
|
|
<ul> |
<ul> |
<li>Security: |
<li>Security: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
when forwarding X11 connections with <tt>ForwardX11Trusted=no</tt>, |
when forwarding X11 connections with <code>ForwardX11Trusted=no</code>, |
connections made after <tt>ForwardX11Timeout</tt> expired could be |
connections made after <code>ForwardX11Timeout</code> expired could be |
permitted and no longer subject to XSECURITY restrictions because of |
permitted and no longer subject to XSECURITY restrictions because of |
an ineffective timeout check in |
an ineffective timeout check in |
<a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
coupled with "fail open" behaviour in the X11 server when clients |
coupled with "fail open" behaviour in the X11 server when clients |
attempted connections with expired credentials. |
attempted connections with expired credentials. |
This problem was reported by Jann Horn. |
This problem was reported by Jann Horn. |
<li><a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
fix weakness of agent locking (<tt>ssh-add -x</tt>) to |
fix weakness of agent locking (<code>ssh-add -x</code>) to |
password guessing by implementing an increasing failure delay, |
password guessing by implementing an increasing failure delay, |
storing a salted hash of the password rather than the password |
storing a salted hash of the password rather than the password |
itself and using a timing-safe comparison function for verifying |
itself and using a timing-safe comparison function for verifying |
unlock attempts. This problem was reported by Ryan Castellucci. |
unlock attempts. This problem was reported by Ryan Castellucci. |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. |
OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. |
Local attackers may be able to write arbitrary messages to logged-in |
Local attackers may be able to write arbitrary messages to logged-in |
users, including terminal escape sequences. |
users, including terminal escape sequences. |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
fix circumvention of <tt>MaxAuthTries</tt> using keyboard-interactive |
fix circumvention of <code>MaxAuthTries</code> using keyboard-interactive |
authentication. By specifying a long, repeating keyboard-interactive |
authentication. By specifying a long, repeating keyboard-interactive |
"devices" string, an attacker could request the same authentication |
"devices" string, an attacker could request the same authentication |
method be tried thousands of times in a single pass. The |
method be tried thousands of times in a single pass. The |
<tt>LoginGraceTime</tt> timeout in |
<code>LoginGraceTime</code> timeout in |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a> |
and any authentication failure delays implemented by the authentication |
and any authentication failure delays implemented by the authentication |
mechanism itself were still applied. |
mechanism itself were still applied. |
</ul> |
</ul> |
|
|
default at compile time. |
default at compile time. |
<li>Support for the 1024-bit diffie-hellman-group1-sha1 key exchange |
<li>Support for the 1024-bit diffie-hellman-group1-sha1 key exchange |
is disabled by default at run-time. It may be re-enabled using |
is disabled by default at run-time. It may be re-enabled using |
the instructions at <tt>https://www.openssh.com/legacy.html</tt>. |
the instructions at <code>https://www.openssh.com/legacy.html</code>. |
<li>Support for <tt>ssh-dss</tt>, <tt>ssh-dss-cert-*</tt> <i>host</i> |
<li>Support for <code>ssh-dss</code>, <code>ssh-dss-cert-*</code> <i>host</i> |
and <i>user</i> keys is disabled by default at run-time. These may |
and <i>user</i> keys is disabled by default at run-time. These may |
be re-enabled using the instructions at |
be re-enabled using the instructions at |
<tt>https://www.openssh.com/legacy.html</tt>. |
<code>https://www.openssh.com/legacy.html</code>. |
<li>Support for the legacy <i>v00 cert format</i> has been removed. |
<li>Support for the legacy <i>v00 cert format</i> has been removed. |
<li>The default for the |
<li>The default for the |
<a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
<tt>PermitRootLogin</tt> option has changed from "yes" to |
<code>PermitRootLogin</code> option has changed from "yes" to |
"prohibit-password" (but the OpenBSD installer defaults to "no"). |
"prohibit-password" (but the OpenBSD installer defaults to "no"). |
<li><b>NOTE: 'PermitRootLogin prohibit-password' is subtly broken |
<li><b>NOTE: 'PermitRootLogin prohibit-password' is subtly broken |
in the OpenBSD 5.8 / OpenSSH 7.0. See |
in the OpenBSD 5.8 / OpenSSH 7.0. See |
|
|
</ul> |
</ul> |
<li>New/changed features: |
<li>New/changed features: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
promote <tt>chacha20-poly1305@openssh.com</tt> to be the default |
promote <code>chacha20-poly1305@openssh.com</code> to be the default |
cipher. |
cipher. |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
support admin-specified arguments to <tt>AuthorizedKeysCommand</tt>. |
support admin-specified arguments to <code>AuthorizedKeysCommand</code>. |
(bz#2081) |
(bz#2081) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
add <tt>AuthorizedPrincipalsCommand</tt> that allows retrieving |
add <code>AuthorizedPrincipalsCommand</code> that allows retrieving |
authorized principals information from a subprocess rather than a |
authorized principals information from a subprocess rather than a |
file. |
file. |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>: |
<a href="https://man.openbsd.org/ssh-add.1">ssh-add(1)</a>: |
support PKCS#11 devices with external PIN entry devices. (bz#2240) |
support PKCS#11 devices with external PIN entry devices. (bz#2240) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
allow GSSAPI host credential check to be relaxed for multihomed |
allow GSSAPI host credential check to be relaxed for multihomed |
hosts via <tt>GSSAPIStrictAcceptorCheck</tt> option. (bz#928) |
hosts via <code>GSSAPIStrictAcceptorCheck</code> option. (bz#928) |
<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
support <tt>ssh-keygen -lF hostname</tt> to search <tt>known_hosts</tt> |
support <code>ssh-keygen -lF hostname</code> to search <code>known_hosts</code> |
and print key hashes rather than full keys. |
and print key hashes rather than full keys. |
<li><a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
add <tt>-D</tt> flag to leave |
add <code>-D</code> flag to leave |
<a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a> |
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a> |
in foreground without enabling debug mode. (bz#2381) |
in foreground without enabling debug mode. (bz#2381) |
<li><a href="https://man.openbsd.org/?query=ssh_config&sektion=5">ssh_config(5)</a>: |
<li><a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>: |
add <tt>PubkeyAcceptedKeyTypes</tt> option to control which public |
add <code>PubkeyAcceptedKeyTypes</code> option to control which public |
key types are available for user authentication. |
key types are available for user authentication. |
<li><a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>: |
<li><a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>: |
add <tt>HostKeyAlgorithms</tt> option to control which public key |
add <code>HostKeyAlgorithms</code> option to control which public key |
types are offered for host authentications. |
types are offered for host authentications. |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
extend <tt>Ciphers</tt>, <tt>MACs</tt>, <tt>KexAlgorithms</tt>, |
extend <code>Ciphers</code>, <code>MACs</code>, <code>KexAlgorithms</code>, |
<tt>HostKeyAlgorithms</tt>, <tt>PubkeyAcceptedKeyTypes</tt> and |
<code>HostKeyAlgorithms</code>, <code>PubkeyAcceptedKeyTypes</code> and |
<tt>HostbasedKeyTypes</tt> options to allow appending to the default |
<code>HostbasedKeyTypes</code> options to allow appending to the default |
set of algorithms instead of replacing it. Options may now be |
set of algorithms instead of replacing it. Options may now be |
prefixed with a <tt>+</tt> to append to the default, e.g. |
prefixed with a <code>+</code> to append to the default, e.g. |
"<tt>HostKeyAlgorithms=+ssh-dss</tt>". |
"<code>HostKeyAlgorithms=+ssh-dss</code>". |
</ul> |
</ul> |
<li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
<ul> |
<ul> |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
deprecate legacy <tt>SSH2_MSG_KEX_DH_GEX_REQUEST_OLD</tt> message and |
deprecate legacy <code>SSH2_MSG_KEX_DH_GEX_REQUEST_OLD</code> message and |
do not try to use it against some 3rd-party SSH implementations that |
do not try to use it against some 3rd-party SSH implementations that |
use it (older PuTTY, WinSCP). |
use it (older PuTTY, WinSCP). |
<li>Many fixes for problems caused by compile-time deactivation of |
<li>Many fixes for problems caused by compile-time deactivation of |
SSH1 support. (including bz#2369) |
SSH1 support. (including bz#2369) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
cap DH-GEX group size at 4Kbits for Cisco implementations as some |
cap DH-GEX group size at 4Kbits for Cisco implementations as some |
would fail when attempting to use group sizes greater than 4K. |
would fail when attempting to use group sizes greater than 4K. |
(bz#2209) |
(bz#2209) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
fix out-of-bound read in <tt>EscapeChar</tt> configuration option |
fix out-of-bound read in <code>EscapeChar</code> configuration option |
parsing. (bz#2396) |
parsing. (bz#2396) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
fix application of <tt>PermitTunnel</tt>, <tt>LoginGraceTime</tt>, |
fix application of <code>PermitTunnel</code>, <code>LoginGraceTime</code>, |
<tt>AuthenticationMethods</tt> and <tt>StreamLocalBindMask</tt> |
<code>AuthenticationMethods</code> and <code>StreamLocalBindMask</code> |
options in <tt>Match</tt> blocks. |
options in <code>Match</code> blocks. |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
improve disconnection message on TCP reset. (bz#2257) |
improve disconnection message on TCP reset. (bz#2257) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
remove failed remote forwards established by multiplexing from the |
remove failed remote forwards established by multiplexing from the |
list of active forwards. (bz#2363) |
list of active forwards. (bz#2363) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
make parsing of <tt>authorized_keys</tt> "<tt>environment=</tt>" |
make parsing of <code>authorized_keys</code> "<code>environment=</code>" |
options independent of <tt>PermitUserEnv</tt> being enabled. (bz#2329) |
options independent of <code>PermitUserEnv</code> being enabled. (bz#2329) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
fix post-auth crash with <tt>permitopen=none</tt>. (bz#2355) |
fix post-auth crash with <code>permitopen=none</code>. (bz#2355) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>, |
<a href="https://man.openbsd.org/ssh-add.1">ssh-add(1)</a>, |
<a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
allow new-format private keys to be encrypted with AEAD ciphers. |
allow new-format private keys to be encrypted with AEAD ciphers. |
(bz#2366) |
(bz#2366) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
allow <tt>ListenAddress</tt>, <tt>Port</tt> and <tt>AddressFamily</tt> |
allow <code>ListenAddress</code>, <code>Port</code> and <code>AddressFamily</code> |
configuration options to appear in any order. (bz#86) |
configuration options to appear in any order. (bz#86) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
check for and reject missing arguments for <tt>VersionAddendum</tt> |
check for and reject missing arguments for <code>VersionAddendum</code> |
and <tt>ForceCommand</tt>. (bz#2281) |
and <code>ForceCommand</code>. (bz#2281) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
don't treat unknown certificate extensions as fatal. (bz#2387) |
don't treat unknown certificate extensions as fatal. (bz#2387) |
<li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
make <tt>stdout</tt> and <tt>stderr</tt> output consistent. (bz#2325) |
make <code>stdout</code> and <code>stderr</code> output consistent. (bz#2325) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
mention missing <tt>DISPLAY</tt> environment in debug log when X11 |
mention missing <code>DISPLAY</code> environment in debug log when X11 |
forwarding requested. (bz#1682) |
forwarding requested. (bz#1682) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
correctly record login when <tt>UseLogin</tt> is set. (bz#378) |
correctly record login when <code>UseLogin</code> is set. (bz#378) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
add some missing options to <tt>sshd -T</tt> output and fix output |
add some missing options to <code>sshd -T</code> output and fix output |
of <tt>VersionAddendum</tt> and <tt>HostCertificate</tt>. (bz#2346) |
of <code>VersionAddendum</code> and <code>HostCertificate</code>. (bz#2346) |
<li>Document and improve consistency of options that accept a |
<li>Document and improve consistency of options that accept a |
"<tt>none</tt>" argument: <tt>TrustedUserCAKeys</tt>, |
"<code>none</code>" argument: <code>TrustedUserCAKeys</code>, |
<tt>RevokedKeys</tt> (bz#2382), <tt>AuthorizedPrincipalsFile</tt> |
<code>RevokedKeys</code> (bz#2382), <code>AuthorizedPrincipalsFile</code> |
(bz#2288). |
(bz#2288). |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
include remote username in debug output. (bz#2368) |
include remote username in debug output. (bz#2368) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
avoid compatibility problem with some versions of Tera Term, which |
avoid compatibility problem with some versions of Tera Term, which |
would crash when they received the hostkeys notification message |
would crash when they received the hostkeys notification message |
(<tt>hostkeys-00@openssh.com</tt>). |
(<code>hostkeys-00@openssh.com</code>). |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
mention <tt>ssh-keygen -E</tt> as useful when comparing legacy |
mention <code>ssh-keygen -E</code> as useful when comparing legacy |
<i>MD5 host key fingerprints</i>. (bz#2332) |
<i>MD5 host key fingerprints</i>. (bz#2332) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
clarify pseudo-terminal request behaviour and use make manual language |
clarify pseudo-terminal request behaviour and use make manual language |
consistent. (bz#1716) |
consistent. (bz#1716) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
document that the <tt>TERM</tt> environment variable is not subject |
document that the <code>TERM</code> environment variable is not subject |
to <tt>SendEnv</tt> and <tt>AcceptEnv</tt>. (bz#2386) |
to <code>SendEnv</code> and <code>AcceptEnv</code>. (bz#2386) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
add compatability workarounds for Cisco and more PuTTY versions. |
add compatability workarounds for Cisco and more PuTTY versions. |
(bz#2424) |
(bz#2424) |
<li>Fix some omissions and errors in the <tt>PROTOCOL</tt> and |
<li>Fix some omissions and errors in the <code>PROTOCOL</code> and |
<tt>PROTCOL.mux</tt> documentation relating to <i>Unix domain |
<code>PROTCOL.mux</code> documentation relating to <i>Unix domain |
socket</i> forwarding. (bz#2421, bz#2422) |
socket</i> forwarding. (bz#2421, bz#2422) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
Improve the |
Improve the |
<a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> |
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
manual page to include a better desciption of Unix domain socket |
manual page to include a better desciption of Unix domain socket |
forwarding. (bz#2423) |
forwarding. (bz#2423) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>: |
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
skip uninitialised PKCS#11 slots, fixing failures to load keys when |
skip uninitialised PKCS#11 slots, fixing failures to load keys when |
they are present. (bz#2427) |
they are present. (bz#2427) |
<li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>: |
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
do not ignore PKCS#11 hosted keys that wth empty <tt>CKA_ID</tt>. |
do not ignore PKCS#11 hosted keys that wth empty <code>CKA_ID</code>. |
(bz#2429) |
(bz#2429) |
<li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
clarify documentation for <tt>UseDNS</tt> option. (bz#2045) |
clarify documentation for <code>UseDNS</code> option. (bz#2045) |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
<p> |
|
|
CVE-2015-1788, CVE-2015-1789, CVE-2015-1792. |
CVE-2015-1788, CVE-2015-1789, CVE-2015-1792. |
<li>Protocol parsing conversions to BoringSSL's <i>CRYPTO ByteString</i> |
<li>Protocol parsing conversions to BoringSSL's <i>CRYPTO ByteString</i> |
(CBS) API. |
(CBS) API. |
<li>Added <tt>EC_curve_nid2nist</tt> and <tt>EC_curve_nist2nid</tt> |
<li>Added <code>EC_curve_nid2nist</code> and <code>EC_curve_nist2nid</code> |
from OpenSSL. |
from OpenSSL. |
<li>Removed Dynamic Engine support. |
<li>Removed Dynamic Engine support. |
<li>Removed MDC-2DES support. |
<li>Removed MDC-2DES support. |
<li>Switched <tt>openssl dhparam</tt> default from 512 to 2048 bits. |
<li>Switched <code>openssl dhparam</code> default from 512 to 2048 bits. |
<li>Fixed <tt>openssl pkeyutl -verify</tt> to exit with a 0 on success. |
<li>Fixed <code>openssl pkeyutl -verify</code> to exit with a 0 on success. |
<li>Fixed dozens of Coverity issues including dead code, memory leaks, |
<li>Fixed dozens of Coverity issues including dead code, memory leaks, |
logic errors and more. |
logic errors and more. |
<li>Ensure that |
<li>Ensure that |
<a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a> |
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a> |
restores terminal echo state after reading a password. |
restores terminal echo state after reading a password. |
<li>Incorporated fix for OpenSSL issue #3683. |
<li>Incorporated fix for OpenSSL issue #3683. |
<li>Removed SSLv3 support from |
<li>Removed SSLv3 support from |
<a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a>. |
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a>. |
<li>Modified <tt>tls_write</tt> in <tt>libtls</tt> to allow partial |
<li>Modified <code>tls_write</code> in <code>libtls</code> to allow partial |
writes, clarified with examples in the documentation. |
writes, clarified with examples in the documentation. |
<li>Removed RSAX engine. |
<li>Removed RSAX engine. |
<li>Tested SSLv3 removal with the OpenBSD ports tree and found several |
<li>Tested SSLv3 removal with the OpenBSD ports tree and found several |
applications that were not ready to build without SSLv3 yet. |
applications that were not ready to build without SSLv3 yet. |
For now, building a program that intentionally uses SSLv3 will |
For now, building a program that intentionally uses SSLv3 will |
result in a linker warning. |
result in a linker warning. |
<li>Added <tt>TLS_method</tt>, <tt>TLS_client_method</tt> and |
<li>Added <code>TLS_method</code>, <code>TLS_client_method</code> and |
<tt>TLS_server_method</tt> as a replacement for the |
<code>TLS_server_method</code> as a replacement for the |
<tt>SSLv23_*method</tt> calls. |
<code>SSLv23_*method</code> calls. |
<li>Default <tt>cert.pem</tt>, <tt>openssl.cnf</tt>, and |
<li>Default <code>cert.pem</code>, <code>openssl.cnf</code>, and |
<tt>x509v3.cnf</tt> files are now installed under |
<code>x509v3.cnf</code> files are now installed under |
<tt>$sysconfdir/ssl</tt> or the directory specified by |
<code>$sysconfdir/ssl</code> or the directory specified by |
<tt>--with-openssldir</tt>. Previous versions of LibreSSL left |
<code>--with-openssldir</code>. Previous versions of LibreSSL left |
these empty. |
these empty. |
<li><b>NOTE: LibreSSL 2.2.2 in OpenBSD 5.8 incorrectly handles |
<li><b>NOTE: LibreSSL 2.2.2 in OpenBSD 5.8 incorrectly handles |
ClientHello messages that do not include TLS extensions, resulting |
ClientHello messages that do not include TLS extensions, resulting |
|
|
</ul> |
</ul> |
<li>Code improvements: |
<li>Code improvements: |
<ul> |
<ul> |
<li>Fix incorrect comparison function in <a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a> certhash command. |
<li>Fix incorrect comparison function in <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> certhash command. |
Thanks to Christian Neukirchen / Void Linux. |
Thanks to Christian Neukirchen / Void Linux. |
<li>Removal of <tt>OPENSSL_issetugid</tt> and all library getenv calls. |
<li>Removal of <code>OPENSSL_issetugid</code> and all library getenv calls. |
Applications can and should no longer rely on environment variables |
Applications can and should no longer rely on environment variables |
for changing library behavior. |
for changing library behavior. |
<tt>OPENSSL_CONF</tt> and <tt>SSLEAY_CONF</tt> are still supported with the |
<code>OPENSSL_CONF</code> and <code>SSLEAY_CONF</code> are still supported with the |
<a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a> |
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a> |
command, but note that $ENV:: is no longer supported in .cnf files. |
command, but note that $ENV:: is no longer supported in .cnf files. |
<li><tt>libtls</tt> API and documentation additions. |
<li><code>libtls</code> API and documentation additions. |
<li>Various bug fixes and simplifications to <tt>libssl</tt> and |
<li>Various bug fixes and simplifications to <code>libssl</code> and |
<tt>libcrypto</tt>. |
<code>libcrypto</code>. |
<li>Reworked |
<li>Reworked |
<a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a> |
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a> |
option handling. |
option handling. |
<li>LibreSSL version define <tt>LIBRESSL_VERSION_NUMBER</tt> will now |
<li>LibreSSL version define <code>LIBRESSL_VERSION_NUMBER</code> will now |
be bumped for each portable release. |
be bumped for each portable release. |
<li>Removed workarounds for TLS client padding bugs. |
<li>Removed workarounds for TLS client padding bugs. |
<li>Removed IE 6 SSLv3 workarounds. |
<li>Removed IE 6 SSLv3 workarounds. |
<li><tt>--with-enginesdir</tt> is removed as a configuration parameter. |
<li><code>--with-enginesdir</code> is removed as a configuration parameter. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
<p> |
<li>Syslogd: |
<li>Syslogd: |
<ul> |
<ul> |
<li>OpenBSD |
<li>OpenBSD |
<a href="https://man.openbsd.org/?query=syslogd&sektion=8">syslogd(8)</a> |
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> |
can bind to explicitly given UDP or TCP sockets to receive messages. |
can bind to explicitly given UDP or TCP sockets to receive messages. |
TCP streams are accepted with the octet counting or the non |
TCP streams are accepted with the octet counting or the non |
transparent framing method. |
transparent framing method. |
<li>Blocks in |
<li>Blocks in |
<a href="https://man.openbsd.org/?query=syslog.conf&se |
<a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a> |
ktion=5">syslog.conf(5)</a> |
|
started with <code>+host</code> process messages created by |
started with <code>+host</code> process messages created by |
certain hosts specifically. |
certain hosts specifically. |
<li>Handle situations when the file descriptor limit is exhausted |
<li>Handle situations when the file descriptor limit is exhausted |
gracefully. |
gracefully. |
<li>Since libtls handles short writes smarter, <a href="https://man.openbsd.org/?query=syslogd&sektion=8">syslogd(8)</a> can use the |
<li>Since libtls handles short writes smarter, <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> can use the |
complete output buffer to save messages, coping with |
complete output buffer to save messages, coping with |
longer TLS server down times without losing messages. |
longer TLS server down times without losing messages. |
</ul> |
</ul> |
<p> |
<p> |
<li>Ports and packages: |
<li><p>Ports and packages: |
<dl> |
|
<dt>Many pre-built packages for each architecture: |
<p>Many pre-built packages for each architecture: |
<table border=0 cellspacing=0 cellpadding=2 width="95%"> |
<ul style="column-count: 4"> |
<tr> |
|
<td valign="top" width="25%"> |
|
<ul> |
|
<li>alpha: 7093 |
<li>alpha: 7093 |
<li>amd64: 8866 |
<li>amd64: 8866 |
<li>hppa: 5813 |
<li>hppa: 5813 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>i386: 8839 |
<li>i386: 8839 |
<li>mips64: 4267 |
<li>mips64: 4267 |
<li>mips64el: 5922 |
<li>mips64el: 5922 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>powerpc: 8114 |
<li>powerpc: 8114 |
<li>sh: 133 |
<li>sh: 133 |
<li>sparc64: 7851 |
<li>sparc64: 7851 |
</ul></td><td valign=top width="25%"><ul> |
|
<li>sparc: 3655 |
<li>sparc: 3655 |
<li>vax: 1959 |
<li>vax: 1959 |
</ul></td></tr></table> |
</ul> |
<p> |
|
|
|
<dt>Some highlights: |
<p>Some highlights: |
<table border=0 cellspacing=0 cellpadding=2 width="95%"> |
<ul style="column-count: 2"> |
<tr> |
|
<td valign="top" width="33%"><ul> |
|
<li>Chromium 44.0.2403.125 |
<li>Chromium 44.0.2403.125 |
<li>Emacs 21.4 and 24.5 |
<li>Emacs 21.4 and 24.5 |
<li>GCC 4.8.4 and 4.9.3 |
<li>GCC 4.8.4 and 4.9.3 |
|
|
<li>Mono 3.12.1 |
<li>Mono 3.12.1 |
<li>Mozilla Firefox 38.1.1esr and 39.0.3 |
<li>Mozilla Firefox 38.1.1esr and 39.0.3 |
<li>Mozilla Thunderbird 38.1.0 |
<li>Mozilla Thunderbird 38.1.0 |
</ul></td><td valign=top width="33%"><ul> |
|
<li>Node.js 0.10.35 |
<li>Node.js 0.10.35 |
<li>OpenLDAP 2.3.43 and 2.4.41 |
<li>OpenLDAP 2.3.43 and 2.4.41 |
<li>PHP 5.4.43, 5.5.27 and 5.6.11 |
<li>PHP 5.4.43, 5.5.27 and 5.6.11 |
|
|
<li>TeX Live 2014 |
<li>TeX Live 2014 |
<li>Vim 7.4.769 |
<li>Vim 7.4.769 |
<li>Xfce 4.12 |
<li>Xfce 4.12 |
</ul></td><td valign=top width="34%"> |
</ul> |
</td></tr></table> |
|
<p> |
|
|
|
<li>As usual, steady improvements in manual pages and other documentation. |
<li>As usual, steady improvements in manual pages and other documentation. |
<p> |
|
|
|
<li>The system includes the following major components from outside suppliers: |
<li>The system includes the following major components from outside suppliers: |
<ul> |
<ul> |
|
|
<li>Less 458 (+ patches) |
<li>Less 458 (+ patches) |
<li>Awk Aug 10, 2011 version |
<li>Awk Aug 10, 2011 version |
</ul> |
</ul> |
|
|
</ul> |
</ul> |
|
</section> |
|
|
<a name="install"></a> |
|
<hr> |
<hr> |
|
|
|
<section id=install> |
|
<h3>How to install</h3> |
|
|
<p> |
<p> |
<h3><font color="#0000e0">How to install</font></h3> |
|
<p> |
|
Following this are the instructions which you would have on a piece of |
Following this are the instructions which you would have on a piece of |
paper if you had purchased a CDROM set instead of doing an alternate |
paper if you had purchased a CDROM set instead of doing an alternate |
form of install. The instructions for doing an HTTP (or other style |
form of install. The instructions for doing an HTTP (or other style |
|
|
</ul> |
</ul> |
<hr> |
<hr> |
|
|
|
<section id=quickinstall> |
<p> |
<p> |
Quick installer information for people familiar with OpenBSD, and the |
Quick installer information for people familiar with OpenBSD, and the |
use of the "disklabel -E" command. If you are at all confused when |
use of the "disklabel -E" command. If you are at all confused when |
installing OpenBSD, read the relevant INSTALL.* file as listed above! |
installing OpenBSD, read the relevant INSTALL.* file as listed above! |
<p> |
|
|
|
<h3><font color="#e00000">OpenBSD/i386:</font></h3> |
<h3>OpenBSD/i386:</h3> |
<ul> |
|
|
<p> |
The OpenBSD/i386 release is on CD1. |
The OpenBSD/i386 release is on CD1. |
Boot from the CD to begin the install - you may need to adjust |
Boot from the CD to begin the install - you may need to adjust |
your BIOS options first. |
your BIOS options first. |
|
|
If you are planning on dual booting OpenBSD with another OS, you will need to |
If you are planning on dual booting OpenBSD with another OS, you will need to |
read INSTALL.i386. |
read INSTALL.i386. |
|
|
</ul> |
<h3>OpenBSD/amd64:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/amd64:</font></h3> |
|
<ul> |
|
The OpenBSD/amd64 release is on CD2. |
The OpenBSD/amd64 release is on CD2. |
Boot from the CD to begin the install - you may need to adjust |
Boot from the CD to begin the install - you may need to adjust |
your BIOS options first. |
your BIOS options first. |
|
|
<p> |
<p> |
If you are planning to dual boot OpenBSD with another OS, you will need to |
If you are planning to dual boot OpenBSD with another OS, you will need to |
read INSTALL.amd64. |
read INSTALL.amd64. |
</ul> |
|
|
|
|
<h3>OpenBSD/macppc:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/macppc:</font></h3> |
|
<ul> |
|
Burn the image from a mirror site to a CDROM, and power on your machine |
Burn the image from a mirror site to a CDROM, and power on your machine |
while holding down the <i>C</i> key until the display turns on and |
while holding down the <i>C</i> key until the display turns on and |
shows <i>OpenBSD/macppc boot</i>. |
shows <i>OpenBSD/macppc boot</i>. |
|
|
<p> |
<p> |
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot |
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot |
/5.8/macppc/bsd.rd</i> |
/5.8/macppc/bsd.rd</i> |
</ul> |
|
|
|
|
<h3>OpenBSD/sparc64:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/sparc64:</font></h3> |
|
<ul> |
|
Put CD3 in your CDROM drive and type <i>boot cdrom</i>. |
Put CD3 in your CDROM drive and type <i>boot cdrom</i>. |
|
|
<p> |
<p> |
|
|
|
|
<p> |
<p> |
If nothing works, you can boot over the network as described in INSTALL.sparc64. |
If nothing works, you can boot over the network as described in INSTALL.sparc64. |
</ul> |
|
|
|
|
<h3>OpenBSD/alpha:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/alpha:</font></h3> |
Write <i>FTP:5.8/alpha/floppy58.fs</i> or |
<ul> |
|
<p>Write <i>FTP:5.8/alpha/floppy58.fs</i> or |
|
<i>FTP:5.8/alpha/floppyB58.fs</i> (depending on your machine) to a diskette and |
<i>FTP:5.8/alpha/floppyB58.fs</i> (depending on your machine) to a diskette and |
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details. |
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details. |
|
|
|
|
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
will most likely fail. |
will most likely fail. |
|
|
</ul> |
<h3>OpenBSD/armish:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/armish:</font></h3> |
|
<ul> |
|
<p> |
|
After connecting a serial port, Thecus can boot directly from the network |
After connecting a serial port, Thecus can boot directly from the network |
either tftp or http. Configure the network using fconfig, reset, |
either tftp or http. Configure the network using fconfig, reset, |
then load bsd.rd, see INSTALL.armish for specific details. |
then load bsd.rd, see INSTALL.armish for specific details. |
|
|
and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) |
and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) |
then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. |
then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. |
More details are available in INSTALL.armish. |
More details are available in INSTALL.armish. |
</ul> |
|
|
|
|
<h3>OpenBSD/hppa:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/hppa:</font></h3> |
|
<ul> |
|
<p> |
|
Boot over the network by following the instructions in INSTALL.hppa or the |
Boot over the network by following the instructions in INSTALL.hppa or the |
<a href="hppa.html#install">hppa platform page</a>. |
<a href="hppa.html#install">hppa platform page</a>. |
</ul> |
|
|
|
|
<h3>OpenBSD/landisk:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/landisk:</font></h3> |
|
<ul> |
|
<p> |
|
Write <i>miniroot58.fs</i> to the start of the CF |
Write <i>miniroot58.fs</i> to the start of the CF |
or disk, and boot normally. |
or disk, and boot normally. |
</ul> |
|
|
|
|
<h3>OpenBSD/loongson:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/loongson:</font></h3> |
|
<ul> |
|
<p> |
|
Write <i>miniroot58.fs</i> to a USB stick and boot bsd.rd from it |
Write <i>miniroot58.fs</i> to a USB stick and boot bsd.rd from it |
or boot bsd.rd via tftp. |
or boot bsd.rd via tftp. |
Refer to the instructions in INSTALL.loongson for more details. |
Refer to the instructions in INSTALL.loongson for more details. |
</ul> |
|
<p> |
|
|
|
|
<h3>OpenBSD/luna88k:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/luna88k:</font></h3> |
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader |
<ul> |
|
<p> |
|
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader |
|
from the PROM, and then bsd.rd from the bootloader. |
from the PROM, and then bsd.rd from the bootloader. |
Refer to the instructions in INSTALL.luna88k for more details. |
Refer to the instructions in INSTALL.luna88k for more details. |
</ul> |
|
|
|
|
<h3>OpenBSD/octeon:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/octeon:</font></h3> |
|
<ul> |
|
<p> |
|
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. |
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. |
Refer to the instructions in INSTALL.octeon for more details. |
Refer to the instructions in INSTALL.octeon for more details. |
</ul> |
|
|
|
|
<h3>OpenBSD/sgi:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/sgi:</font></h3> |
|
<ul> |
|
<p> |
|
To install, burn cd58.iso on a CD-R, put it in the CD drive of your |
To install, burn cd58.iso on a CD-R, put it in the CD drive of your |
machine and select <i>Install System Software</i> from the System Maintenance |
machine and select <i>Install System Software</i> from the System Maintenance |
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from |
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from |
|
|
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network |
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network |
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your |
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your |
system type. Refer to the instructions in INSTALL.sgi for more details. |
system type. Refer to the instructions in INSTALL.sgi for more details. |
</ul> |
|
|
|
|
<h3>OpenBSD/socppc:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/socppc:</font></h3> |
|
<ul> |
|
<p> |
|
After connecting a serial port, boot over the network via DHCP/tftp. |
After connecting a serial port, boot over the network via DHCP/tftp. |
Refer to the instructions in INSTALL.socppc for more details. |
Refer to the instructions in INSTALL.socppc for more details. |
</ul> |
|
|
|
|
<h3>OpenBSD/sparc:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/sparc:</font></h3> |
|
<ul> |
|
Boot from one of the provided install ISO images, using one of the two |
Boot from one of the provided install ISO images, using one of the two |
commands listed below, depending on the version of your ROM. |
commands listed below, depending on the version of your ROM. |
|
|
<ul><pre> |
<p><pre> |
ok <strong>boot cdrom 5.8/sparc/bsd.rd</strong> |
ok <kbd>boot cdrom 5.8/sparc/bsd.rd</kbd> |
or |
or |
> <strong>b sd(0,6,0)5.8/sparc/bsd.rd</strong> |
> <kbd>b sd(0,6,0)5.8/sparc/bsd.rd</kbd> |
</pre></ul> |
</pre> |
|
|
<p> |
<p> |
If your SPARC system does not have a CD drive, you can alternatively boot from floppy. |
If your SPARC system does not have a CD drive, you can alternatively boot from floppy. |
|
|
To boot from the floppy use one of the two commands listed below, |
To boot from the floppy use one of the two commands listed below, |
depending on the version of your ROM. |
depending on the version of your ROM. |
|
|
<ul><pre> |
<p><pre> |
ok <strong>boot floppy</strong> |
ok <kbd>boot floppy</kbd> |
or |
or |
> <strong>b fd()</strong> |
> <kbd>b fd()</kbd></pre> |
</pre></ul> |
|
|
|
<p> |
<p> |
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install |
|
|
If your SPARC system doesn't have a floppy drive nor a CD drive, you can either |
If your SPARC system doesn't have a floppy drive nor a CD drive, you can either |
setup a bootable tape, or install via network, as told in the |
setup a bootable tape, or install via network, as told in the |
INSTALL.sparc file. |
INSTALL.sparc file. |
</ul> |
|
|
|
|
<h3>OpenBSD/vax:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/vax:</font></h3> |
|
<ul> |
|
Boot over the network via mopbooting as described in INSTALL.vax. |
Boot over the network via mopbooting as described in INSTALL.vax. |
</ul> |
|
|
|
|
<h3>OpenBSD/zaurus:</h3> |
|
|
<p> |
<p> |
<h3><font color="#e00000">OpenBSD/zaurus:</font></h3> |
|
<ul> |
|
<p> |
|
Using the Linux built-in graphical ipkg installer, install the |
Using the Linux built-in graphical ipkg installer, install the |
openbsd58_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus |
openbsd58_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus |
for a few important details. |
for a few important details. |
</ul> |
|
|
|
<a name="upgrade"></a> |
</section> |
|
|
<hr> |
<hr> |
|
|
|
<section id=upgrade> |
|
<h3>How to upgrade</h3> |
<p> |
<p> |
<h3><font color="#0000e0">How to upgrade</font></h3> |
|
<p> |
|
If you already have an OpenBSD 5.7 system, and do not want to reinstall, |
If you already have an OpenBSD 5.7 system, and do not want to reinstall, |
upgrade instructions and advice can be found in the |
upgrade instructions and advice can be found in the |
<a href="faq/upgrade58.html">Upgrade Guide</a>. |
<a href="faq/upgrade58.html">Upgrade Guide</a>. |
|
</section> |
|
|
<a name="sourcecode"></a> |
|
<hr> |
<hr> |
|
|
|
<section id=sourcecode> |
|
<h3>Notes about the source code</h3> |
<p> |
<p> |
<h3><font color="#0000e0">Notes about the source code</font></h3> |
|
<p> |
|
src.tar.gz contains a source archive starting at /usr/src. This file |
src.tar.gz contains a source archive starting at /usr/src. This file |
contains everything you need except for the kernel sources, which are |
contains everything you need except for the kernel sources, which are |
in a separate archive. To extract: |
in a separate archive. To extract: |
|
<blockquote><pre> |
|
# <kbd>mkdir -p /usr/src</kbd> |
|
# <kbd>cd /usr/src</kbd> |
|
# <kbd>tar xvfz /tmp/src.tar.gz</kbd> |
|
</pre></blockquote> |
<p> |
<p> |
<ul><pre> |
|
# <strong>mkdir -p /usr/src</strong> |
|
# <strong>cd /usr/src</strong> |
|
# <strong>tar xvfz /tmp/src.tar.gz</strong> |
|
</pre></ul> |
|
<p> |
|
sys.tar.gz contains a source archive starting at /usr/src/sys. |
sys.tar.gz contains a source archive starting at /usr/src/sys. |
This file contains all the kernel sources you need to rebuild kernels. |
This file contains all the kernel sources you need to rebuild kernels. |
To extract: |
To extract: |
<p> |
<blockquote><pre> |
<ul><pre> |
# <kbd>mkdir -p /usr/src/sys</kbd> |
# <strong>mkdir -p /usr/src/sys</strong> |
# <kbd>cd /usr/src</kbd> |
# <strong>cd /usr/src</strong> |
|
# <strong>tar xvfz /tmp/sys.tar.gz</strong> |
# <strong>tar xvfz /tmp/sys.tar.gz</strong> |
</pre></ul> |
</pre></blockquote> |
<p> |
<p> |
Both of these trees are a regular CVS checkout. Using these trees it |
Both of these trees are a regular CVS checkout. Using these trees it |
is possible to get a head-start on using the anoncvs servers as |
is possible to get a head-start on using the anoncvs servers as |
|
|
Using these files |
Using these files |
results in a much faster initial CVS update than you could expect from |
results in a much faster initial CVS update than you could expect from |
a fresh checkout of the full OpenBSD source tree. |
a fresh checkout of the full OpenBSD source tree. |
<p> |
</section> |
|
</section> |
|
|
<a name="ports"></a> |
|
<hr> |
<hr> |
|
|
|
<section id=ports> |
|
<h3>Ports Tree</h3> |
<p> |
<p> |
<h3><font color="#0000e0">Ports Tree</font></h3> |
|
<p> |
|
A ports tree archive is also provided. To extract: |
A ports tree archive is also provided. To extract: |
|
<blockquote><pre> |
|
# <kbd>cd /usr</kbd> |
|
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd> |
|
</pre></blockquote> |
<p> |
<p> |
<ul><pre> |
|
# <strong>cd /usr</strong> |
|
# <strong>tar xvfz /tmp/ports.tar.gz</strong> |
|
</pre></ul> |
|
<p> |
|
Go read the <a href="faq/ports/index.html">ports</a> page |
Go read the <a href="faq/ports/index.html">ports</a> page |
if you know nothing about ports |
if you know nothing about ports |
at this point. This text is not a manual of how to use ports. |
at this point. This text is not a manual of how to use ports. |
|
|
OpenBSD ports system. |
OpenBSD ports system. |
<p> |
<p> |
The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS (see the manpage for |
<a href="https://man.openbsd.org/?query=cvs&sektion=1&arch=i386"> |
<a href="https://man.openbsd.org/i386/cvs.1"> |
cvs(1)</a> if |
cvs(1)</a> if |
you aren't familiar with CVS) checkout of our ports. As with our complete |
you aren't familiar with CVS) checkout of our ports. As with our complete |
source tree, our ports tree is available via |
source tree, our ports tree is available via |
|
|
So, in order to keep up to date with the -stable branch, you must make |
So, in order to keep up to date with the -stable branch, you must make |
the <i>ports/</i> tree available on a read-write medium and update the tree |
the <i>ports/</i> tree available on a read-write medium and update the tree |
with a command like: |
with a command like: |
<p> |
<blockquote><pre> |
<ul><pre> |
|
# <strong>cd /usr/ports</strong> |
# <strong>cd /usr/ports</strong> |
# <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_8</strong> |
# <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_8</strong> |
</pre></ul> |
</pre></blockquote> |
<p> |
<p> |
[Of course, you must replace the server name here with a nearby anoncvs |
[Of course, you must replace the server name here with a nearby anoncvs |
server.] |
server.] |
|
|
If you're interested in seeing a port added, would like to help out, or just |
If you're interested in seeing a port added, would like to help out, or just |
would like to know more, the mailing list |
would like to know more, the mailing list |
<a href="mail.html">ports@openbsd.org</a> is a good place to know. |
<a href="mail.html">ports@openbsd.org</a> is a good place to know. |
<p> |
</section> |
</body> |
|
</html> |
|