=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/58.html,v retrieving revision 1.88 retrieving revision 1.89 diff -c -r1.88 -r1.89 *** www/58.html 2019/04/24 15:54:54 1.88 --- www/58.html 2019/05/27 22:55:18 1.89 *************** *** 1,28 **** ! ! !
! ! |
Released Oct 18, 2015 Copyright 1997-2015, Theo de Raadt. ! ISBN 978-0-9881561-6-6 5.8 Songs: "20 years ago today", "Fanza", *************** *** 33,61 ****
|
+ NOTE: The src.tar.gz file on the CD is incorrect; see + 5.8 errata 006.
This is a partial list of new features and systems included in OpenBSD 5.8. For a comprehensive list, see the changelog leading to 5.8.
*************** *** 124,139 ****
hostname-mode.conf
response file names.
!
-P
option now strips up through any "..
" path components.
-rw
option now preserve timestamps with full nanosecond precision.
! -D
option for displaying the dynamic symbol table.
! /etc/dumpdates
when present and the -U
option has thus been removed.
! iovec
, msghdr
, and cmsghdr
structures are now dumped.
! -i
option added.
! :t
internal command
to search for definitions of keywords similar to what
! ctags(1) provides.
O_RDONLY
FIFO fds.
! !
application/octet-stream
.
ForwardX11Trusted=no
,
! connections made after ForwardX11Timeout
expired could be
permitted and no longer subject to XSECURITY restrictions because of
an ineffective timeout check in
! ssh(1)
coupled with "fail open" behaviour in the X11 server when clients
attempted connections with expired credentials.
This problem was reported by Jann Horn.
! ssh-add -x
) to
password guessing by implementing an increasing failure delay,
storing a salted hash of the password rather than the password
itself and using a timing-safe comparison function for verifying
unlock attempts. This problem was reported by Ryan Castellucci.
! MaxAuthTries
using keyboard-interactive
authentication. By specifying a long, repeating keyboard-interactive
"devices" string, an attacker could request the same authentication
method be tried thousands of times in a single pass. The
! LoginGraceTime
timeout in
! sshd(8)
and any authentication failure delays implemented by the authentication
mechanism itself were still applied.
https://www.openssh.com/legacy.html
.
! ssh-dss
, ssh-dss-cert-*
host
and user keys is disabled by default at run-time. These may
be re-enabled using the instructions at
! https://www.openssh.com/legacy.html
.
PermitRootLogin
option has changed from "yes" to
"prohibit-password" (but the OpenBSD installer defaults to "no").
--- 297,438 ----
chacha20-poly1305@openssh.com
to be the default
cipher.
! AuthorizedKeysCommand
.
(bz#2081)
! AuthorizedPrincipalsCommand
that allows retrieving
authorized principals information from a subprocess rather than a
file.
! GSSAPIStrictAcceptorCheck
option. (bz#928)
! ssh-keygen -lF hostname
to search known_hosts
and print key hashes rather than full keys.
! -D
flag to leave
! ssh-agent(1)
in foreground without enabling debug mode. (bz#2381)
! PubkeyAcceptedKeyTypes
option to control which public
key types are available for user authentication.
! HostKeyAlgorithms
option to control which public key
types are offered for host authentications.
! Ciphers
, MACs
, KexAlgorithms
,
! HostKeyAlgorithms
, PubkeyAcceptedKeyTypes
and
! HostbasedKeyTypes
options to allow appending to the default
set of algorithms instead of replacing it. Options may now be
! prefixed with a +
to append to the default, e.g.
! "HostKeyAlgorithms=+ssh-dss
".
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
message and
do not try to use it against some 3rd-party SSH implementations that
use it (older PuTTY, WinSCP).
EscapeChar
configuration option
parsing. (bz#2396)
! PermitTunnel
, LoginGraceTime
,
! AuthenticationMethods
and StreamLocalBindMask
! options in Match
blocks.
! authorized_keys
"environment=
"
! options independent of PermitUserEnv
being enabled. (bz#2329)
! permitopen=none
. (bz#2355)
! ListenAddress
, Port
and AddressFamily
configuration options to appear in any order. (bz#86)
! VersionAddendum
! and ForceCommand
. (bz#2281)
! stdout
and stderr
output consistent. (bz#2325)
! DISPLAY
environment in debug log when X11
forwarding requested. (bz#1682)
! UseLogin
is set. (bz#378)
! sshd -T
output and fix output
! of VersionAddendum
and HostCertificate
. (bz#2346)
none
" argument: TrustedUserCAKeys
,
! RevokedKeys
(bz#2382), AuthorizedPrincipalsFile
(bz#2288).
! hostkeys-00@openssh.com
).
! ssh-keygen -E
as useful when comparing legacy
MD5 host key fingerprints. (bz#2332)
! TERM
environment variable is not subject
! to SendEnv
and AcceptEnv
. (bz#2386)
! PROTOCOL
and
! PROTCOL.mux
documentation relating to Unix domain
socket forwarding. (bz#2421, bz#2422)
! CKA_ID
.
(bz#2429)
! UseDNS
option. (bz#2045)
*************** *** 447,480 **** CVE-2015-1788, CVE-2015-1789, CVE-2015-1792.
EC_curve_nid2nist
and EC_curve_nist2nid
from OpenSSL.
openssl dhparam
default from 512 to 2048 bits.
! openssl pkeyutl -verify
to exit with a 0 on success.
tls_write
in libtls
to allow partial
writes, clarified with examples in the documentation.
TLS_method
, TLS_client_method
and
! TLS_server_method
as a replacement for the
! SSLv23_*method
calls.
! cert.pem
, openssl.cnf
, and
! x509v3.cnf
files are now installed under
! $sysconfdir/ssl
or the directory specified by
! --with-openssldir
. Previous versions of LibreSSL left
these empty.
+host
process messages created by
certain hosts specifically.
!
!
|
|
|
|
!
! Ports and packages: ! ! Many pre-built packages for each architecture: !
Some highlights: !
|
| ! |
-
Following this are the instructions which you would have on a piece of paper if you had purchased a CDROM set instead of doing an alternate form of install. The instructions for doing an HTTP (or other style --- 593,607 ----
Following this are the instructions which you would have on a piece of paper if you had purchased a CDROM set instead of doing an alternate form of install. The instructions for doing an HTTP (or other style *************** *** 674,687 ****
Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above! -
!
Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above! !
The OpenBSD/i386 release is on CD1. Boot from the CD to begin the install - you may need to adjust your BIOS options first. *************** *** 699,709 **** If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386. !
-
The OpenBSD/amd64 release is on CD2. Boot from the CD to begin the install - you may need to adjust your BIOS options first. *************** *** 720,730 ****
If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64. -
-
If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64. +
Burn the image from a mirror site to a CDROM, and power on your machine while holding down the C key until the display turns on and shows OpenBSD/macppc boot. *************** *** 732,742 ****
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /5.8/macppc/bsd.rd -
-
--- 717,726 ----
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /5.8/macppc/bsd.rd +
Put CD3 in your CDROM drive and type boot cdrom.
*************** *** 755,766 ****
If nothing works, you can boot over the network as described in INSTALL.sparc64. -
!
Write FTP:5.8/alpha/floppy58.fs or FTP:5.8/alpha/floppyB58.fs (depending on your machine) to a diskette and enter boot dva0. Refer to INSTALL.alpha for more details. --- 739,749 ----
If nothing works, you can boot over the network as described in INSTALL.sparc64. +
! Write FTP:5.8/alpha/floppy58.fs or FTP:5.8/alpha/floppyB58.fs (depending on your machine) to a diskette and enter boot dva0. Refer to INSTALL.alpha for more details. *************** *** 768,779 **** Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail. !
-
After connecting a serial port, Thecus can boot directly from the network either tftp or http. Configure the network using fconfig, reset, then load bsd.rd, see INSTALL.armish for specific details. --- 751,759 ---- Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail. !
After connecting a serial port, Thecus can boot directly from the network either tftp or http. Configure the network using fconfig, reset, then load bsd.rd, see INSTALL.armish for specific details. *************** *** 781,835 **** and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. More details are available in INSTALL.armish. -
-
Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page. -
-
Write miniroot58.fs to the start of the CF or disk, and boot normally. -
-
Write miniroot58.fs to a USB stick and boot bsd.rd from it or boot bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for more details. -
!
! Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader from the PROM, and then bsd.rd from the bootloader. Refer to the instructions in INSTALL.luna88k for more details. -
-
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. Refer to the instructions in INSTALL.octeon for more details. -
-
To install, burn cd58.iso on a CD-R, put it in the CD drive of your machine and select Install System Software from the System Maintenance menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from --- 761,802 ---- and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. More details are available in INSTALL.armish. +
Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page. +
Write miniroot58.fs to the start of the CF or disk, and boot normally. +
Write miniroot58.fs to a USB stick and boot bsd.rd from it or boot bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for more details. +
! Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader from the PROM, and then bsd.rd from the bootloader. Refer to the instructions in INSTALL.luna88k for more details. +
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. Refer to the instructions in INSTALL.octeon for more details. +
To install, burn cd58.iso on a CD-R, put it in the CD drive of your machine and select Install System Software from the System Maintenance menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from *************** *** 840,866 **** If your machine doesn't have a CD drive, you can setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your system type. Refer to the instructions in INSTALL.sgi for more details. -
-
After connecting a serial port, boot over the network via DHCP/tftp. Refer to the instructions in INSTALL.socppc for more details. -
-
! ok boot cdrom 5.8/sparc/bsd.rd or ! > b sd(0,6,0)5.8/sparc/bsd.rd !
If your SPARC system does not have a CD drive, you can alternatively boot from floppy. --- 807,830 ---- If your machine doesn't have a CD drive, you can setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your system type. Refer to the instructions in INSTALL.sgi for more details. +
After connecting a serial port, boot over the network via DHCP/tftp. Refer to the instructions in INSTALL.socppc for more details. +
Boot from one of the provided install ISO images, using one of the two commands listed below, depending on the version of your ROM. !
! ok boot cdrom 5.8/sparc/bsd.rd or ! > b sd(0,6,0)5.8/sparc/bsd.rd !
If your SPARC system does not have a CD drive, you can alternatively boot from floppy. *************** *** 869,879 **** To boot from the floppy use one of the two commands listed below, depending on the version of your ROM. !
! ok boot floppy or ! > b fd() !
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install --- 833,842 ---- To boot from the floppy use one of the two commands listed below, depending on the version of your ROM. !
! ok boot floppy or ! > b fd()
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install *************** *** 883,938 **** If your SPARC system doesn't have a floppy drive nor a CD drive, you can either setup a bootable tape, or install via network, as told in the INSTALL.sparc file. -
-
-
Using the Linux built-in graphical ipkg installer, install the openbsd58_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus for a few important details. -
-
If you already have an OpenBSD 5.7 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide. -
-
src.tar.gz contains a source archive starting at /usr/src. This file contains everything you need except for the kernel sources, which are in a separate archive. To extract:
-
- # mkdir -p /usr/src - # cd /usr/src - # tar xvfz /tmp/src.tar.gz --
sys.tar.gz contains a source archive starting at /usr/src/sys. This file contains all the kernel sources you need to rebuild kernels. To extract: !
!
! # mkdir -p /usr/src/sys ! # cd /usr/src # tar xvfz /tmp/sys.tar.gz !
Both of these trees are a regular CVS checkout. Using these trees it is possible to get a head-start on using the anoncvs servers as --- 846,898 ---- If your SPARC system doesn't have a floppy drive nor a CD drive, you can either setup a bootable tape, or install via network, as told in the INSTALL.sparc file. +
Boot over the network via mopbooting as described in INSTALL.vax. +
Using the Linux built-in graphical ipkg installer, install the openbsd58_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus for a few important details. !
If you already have an OpenBSD 5.7 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide. +
src.tar.gz contains a source archive starting at /usr/src. This file contains everything you need except for the kernel sources, which are in a separate archive. To extract: +
+ # mkdir -p /usr/src + # cd /usr/src + # tar xvfz /tmp/src.tar.gz +
sys.tar.gz contains a source archive starting at /usr/src/sys. This file contains all the kernel sources you need to rebuild kernels. To extract: !
! # mkdir -p /usr/src/sys ! # cd /usr/src # tar xvfz /tmp/sys.tar.gz !
Both of these trees are a regular CVS checkout. Using these trees it is possible to get a head-start on using the anoncvs servers as *************** *** 940,959 **** Using these files results in a much faster initial CVS update than you could expect from a fresh checkout of the full OpenBSD source tree. !
-
A ports tree archive is also provided. To extract:
-
- # cd /usr - # tar xvfz /tmp/ports.tar.gz --
Go read the ports page if you know nothing about ports at this point. This text is not a manual of how to use ports. --- 900,919 ---- Using these files results in a much faster initial CVS update than you could expect from a fresh checkout of the full OpenBSD source tree. !
A ports tree archive is also provided. To extract: +
+ # cd /usr + # tar xvfz /tmp/ports.tar.gz +
Go read the ports page if you know nothing about ports at this point. This text is not a manual of how to use ports. *************** *** 961,967 **** OpenBSD ports system.
The ports/ directory represents a CVS (see the manpage for ! cvs(1) if you aren't familiar with CVS) checkout of our ports. As with our complete source tree, our ports tree is available via --- 921,927 ---- OpenBSD ports system.
The ports/ directory represents a CVS (see the manpage for ! cvs(1) if you aren't familiar with CVS) checkout of our ports. As with our complete source tree, our ports tree is available via *************** *** 969,979 **** So, in order to keep up to date with the -stable branch, you must make the ports/ tree available on a read-write medium and update the tree with a command like: !
!
# cd /usr/ports # cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_8 !
[Of course, you must replace the server name here with a nearby anoncvs server.] --- 929,938 ---- So, in order to keep up to date with the -stable branch, you must make the ports/ tree available on a read-write medium and update the tree with a command like: !
# cd /usr/ports # cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_8 !
[Of course, you must replace the server name here with a nearby anoncvs server.] *************** *** 984,989 **** If you're interested in seeing a port added, would like to help out, or just would like to know more, the mailing list ports@openbsd.org is a good place to know. !
! ! --- 943,946 ---- If you're interested in seeing a port added, would like to help out, or just would like to know more, the mailing list ports@openbsd.org is a good place to know. !