Annotation of www/58.html, Revision 1.28
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.8</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 5.8">
7: <meta name="copyright" content="This document copyright 2015 by OpenBSD.">
8: <link rel="canonical" href="http://www.openbsd.org/58.html">
9: </head>
10:
11: <body bgcolor="#ffffff" text="#000000" link="#24248E">
12:
13: <a href="index.html">
14: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
15: <p>
16:
17: <a href="images/XXX.jpg">
18: <img align="left" width="227" height="343" hspace="24" vspace="10" src="images/XXX.jpg"></a>
19: <h2><font color="#0000e0">OpenBSD 5.8</font></h2>
20: <p>
1.7 deraadt 21: To be released Oct 18, 2015<br>
1.1 deraadt 22: Copyright 1997-2015, Theo de Raadt.<br>
23: <font color="#e00000">ISBN 978-0-9881561-6-6</font>
24: <br>
1.17 deraadt 25: <a href="lyrics.html#58">5.8 Songs: "XXX", "XXX", "XXX", "XXX", "XXX"</a>
1.1 deraadt 26: <p>
27:
28: <ul>
29: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <font color="#e00000">pub/OpenBSD/5.8/</font> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata58.html">the 5.8 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus58.html">detailed log of changes</a> between the
37: 5.7 and 5.8 releases.
38: <p>
39: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br>
40: <pre>
1.3 deraadt 41: base: RWQNNZXtC/MqP3Eiu+6FBz/qrxiWQwDhd+9Yljzp62UP4KzFmmvzVk60
42: fw: RWTpkvg4fhJCDx9yL4bUCou/vtAecPVTfcaaGESQeBruwX/qHToMvWh6
43: pkg: RWRlkI2aFHvL/XGqD+lFerD/xUi/jnAXKwdFQwZDekYwDrEPSpSWgpI9
1.1 deraadt 44: </pre>
45: </ul>
46: <br clear=all>
47: All applicable copyrights and credits can be found in the applicable
48: file sources found in the files src.tar.gz, sys.tar.gz,
49: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
50: distribution files used to build packages from the ports.tar.gz file
51: are not included on the CDROM because of lack of space.
52: <p>
53:
54: <a name="new"></a>
55: <hr>
56: <p>
57: <h3><font color="#0000e0">What's New</font></h3>
58: <p>
59: This is a partial list of new features and systems included in OpenBSD 5.8.
60: For a comprehensive list, see the <a href="plus58.html">changelog</a> leading
61: to 5.8.
62: <p>
63:
64: <ul>
65: <li>Improved hardware support, including:
66: <ul>
1.23 guenther 67: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ugold&sec=4">ugold(4)</a> driver now supports TEMPerHUMV1.x temperature and humidity sensors.
68: <li>Improved sensor support for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upd&sec=4">upd(4)</a> driver for USB Power Devices (UPS).
69: <li>Support for jumbo frames on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=re&sec=4">re(4)</a> devices using RTL8168C/D/E/F/G and RTL8411, including PC Engines APU.
70: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=re&sec=4">re(4)</a> now works with newer devices e.g. RTL8111GU.
71: <li>Partial support has been added for full-speed isochronous devices in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ehci&sec=4">ehci(4)</a>, allowing USB 1.1 audio devices to be used on EHCI-only systems in some cases.
72: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hpb&sec=4&arch=macppc">hpb(4)</a> driver for HyperTransport bridges as found in the IBM CPC945
1.20 mpi 73: <li>Improved macppc stability and G5 performances with MP kernels
1.23 guenther 74: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=acpicpu&sec=4">acpicpu(4)</a> uses ACPI C-state information to reduce power consumption of idle CPUs.
75: <li>Kernel supports x86 AVX instructions on CPUs that have them.
1.1 deraadt 76: <li>...
77: </ul>
78: <p>
79:
80: <li>Removed hardware support:
81: <ul>
82: <li>...
83: </ul>
84: <p>
85:
86: <li>Generic network stack improvements:
87: <ul>
1.13 sthen 88: <li>MTU of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> devices can now be set independently from the parent interface's MTU.
89: <li>The same network range can now be assigned to multiple interfaces, using interface priorities to choose between them.
1.23 guenther 90: <li>New <!-- experimental? --> MPLS pseudowire driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpw&sektion=4">mpw(4)</a>.
1.1 deraadt 91: <li>...
92: </ul>
93: <p>
94:
95: <li>Installer improvements:
96: <ul>
1.19 benno 97: <li>in <a
1.23 guenther 98: href="http://www.openbsd.org/cgi-bin/man.cgi?query=autoinstall&sec=8">autoinstalls</a>,
1.19 benno 99: a template can be passed to <a
1.23 guenther 100: href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sec=8">disklabel(8)</a>
1.19 benno 101: to automatically partition the disk.
1.21 guenther 102: <li>DUID support has improved enough that new installs now use them unconditionally.
1.1 deraadt 103: </ul>
104: <p>
105:
106: <li>Routing daemons and other userland network improvements:
107: <ul>
1.13 sthen 108: <li>Many improvements and simplifications in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldpd&sektion=8">ldpd(8)</a>, including configuration reload and support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpw&sektion=4">mpw(4)</a> pseudowire interfaces.
109: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> now allows rules to match on the peer AS number.
110: <li>For terminated BGP sessions, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8">bgpctl(8)</a> now displays the number of prefixes received on the last session.
111: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospfd&sektion=8">ospfd(8)</a> now correctly handles <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> interfaces in "backup" mode at startup.
112: <li>Log messages in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ospfd&sektion=8">ospfd(8)</a> have been made more specific.
113: <li>The default Diffie-Hellman group for VPNs configured by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf&sektion=5">ipsec.conf(5)</a> has been changed to modp3072.
1.1 deraadt 114: <li>...
1.6 deraadt 115: </ul>
1.1 deraadt 116: <p>
117:
118: <li>Security improvements:
119: <ul>
1.13 sthen 120: <li>sudo has been replaced with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=doas&sektion=1">doas(1)</a>.
121: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=1">file(1)</a> has been replaced with a new modern implementation, including sandbox and privilege separation.
1.23 guenther 122: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> (and tar(1) and cpio(1)) now prevent archive extraction from escaping the current directory via symlinks; <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tar&sektion=1">tar(1)</a> without <tt>-P</tt> option now strips up through any "<tt>..</tt>" path components.
123: <li>Improved kernel checks of ELF headers.
1.13 sthen 124: <li>... <!-- talk about improved W^X / i386 PAE -->
1.1 deraadt 125: </ul>
126: <p>
127:
128: <li>Assorted improvements:
129: <ul>
1.11 tedu 130: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=worm&sektion=6">worm(6)</a>
131: now grows at a rate proportional to terminal size.
1.21 guenther 132: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlfcn&sektion=3">dlclose(3)</a> now unregisters handlers registered by a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_atfork&sektion=3">pthread_atfork(3)</a> call from the unloaded libraries.
133: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cp&sektion=1">cp(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mv&sektion=1">mv(1)</a>, and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> with the <tt>-rw</tt> option now preserve timestamps with full nanosecond precision.
134: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> now detects failure to decompress an archive when reading it and errors out immediately.
135: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nm&sektion=1">nm(1)</a> now supports the <tt>-D</tt> option for displaying the dynamic symbol table.
136: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dump&sektion=8">dump(8)</a> now uses DUIDs in <tt>/etc/dumpdates</tt> when present and the <tt>-U</tt> option has thus been removed.
137: <li>Corrected <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a> reporting of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lseek&sektion=2">lseek(2)</a> return value on ILP32 archs and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getsockopt&sektion=2">getsockopt/setsockopt(2)</a> level and optname arguments. <tt>iovec</tt>, <tt>msghdr</tt>, and <tt>cmsghdr</tt> structures are now dumped.
138: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a> <tt>-i</tt> option added.
139: <li>Improvements in checking of numeric option values in <b>many</b> utilities.
1.22 guenther 140: <li>Upgraded to binutils version 2.17 with additional fixes.
141: <li>Static PIE support for sparc.
142: <li>Alpha switched to secure PLT.
1.23 guenther 143: <li>Improved correctness of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> of <tt>O_RDONLY</tt> FIFO fds.
144: <li>Restored reporting of closed sockets by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>.
145: <li>... <!-- talk about reaper -->
1.1 deraadt 146: </ul>
147: <p>
148:
149: <li>OpenBSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>:
150: <ul>
151: <li>...
152: </ul>
153: <p>
154:
155: <li>OpenSMTPD X.X.X
156: <ul>
157: <li>...
158: </ul>
159: <p>
160:
1.15 sobrado 161: <li>OpenSSH 7.0
1.1 deraadt 162: <ul>
1.15 sobrado 163: <li>Security:
164: <ul>
1.27 sobrado 165: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
166: when forwarding X11 connections with <tt>ForwardX11Trusted=no</tt>,
167: connections made after <tt>ForwardX11Timeout</tt> expired could be
168: permitted and no longer subject to XSECURITY restrictions because of
169: an ineffective timeout check in
170: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
171: coupled with "fail open" behaviour in the X11 server when clients
172: attempted connections with expired credentials.
173: This problem was reported by Jann Horn.
174: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
175: fix weakness of agent locking (<tt>ssh-add -x</tt>) to
176: password guessing by implementing an increasing failure delay,
177: storing a salted hash of the password rather than the password
178: itself and using a timing-safe comparison function for verifying
179: unlock attempts. This problem was reported by Ryan Castellucci.
1.15 sobrado 180: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
181: OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable.
182: Local attackers may be able to write arbitrary messages to logged-in
183: users, including terminal escape sequences.
184: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
185: fix circumvention of <tt>MaxAuthTries</tt> using keyboard-interactive
186: authentication. By specifying a long, repeating keyboard-interactive
187: "devices" string, an attacker could request the same authentication
188: method be tried thousands of times in a single pass. The
189: <tt>LoginGraceTime</tt> timeout in
190: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
191: and any authentication failure delays implemented by the authentication
192: mechanism itself were still applied.
193: </ul>
1.1 deraadt 194: <li>Potentially-incompatible changes:
195: <ul>
1.15 sobrado 196: <li>Support for the legacy <i>SSH version 1 protocol</i> is disabled by
197: default at compile time.
198: <li>Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
199: is disabled by default at run-time. It may be re-enabled using
200: the instructions at <tt>http://www.openssh.com/legacy.html</tt>.
201: <li>Support for <tt>ssh-dss</tt>, <tt>ssh-dss-cert-*</tt> <i>host</i>
202: and <i>user</i> keys is disabled by default at run-time. These may
203: be re-enabled using the instructions at
204: <tt>http://www.openssh.com/legacy.html</tt>.
205: <li>Support for the legacy <i>v00 cert format</i> has been removed.
206: <li>The default for the
207: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
208: <tt>PermitRootLogin</tt> option has changed from "yes" to
1.26 deraadt 209: "prohibit-password" (but the OpenBSD installer defaults to "no")
1.1 deraadt 210: </ul>
211: <li>New/changed features:
212: <ul>
1.27 sobrado 213: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
214: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
215: promote <tt>chacha20-poly1305@openssh.com</tt> to be the default
216: cipher.
217: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
218: support admin-specified arguments to <tt>AuthorizedKeysCommand</tt>.
219: (bz#2081)
220: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
221: add <tt>AuthorizedPrincipalsCommand</tt> that allows retrieving
222: authorized principals information from a subprocess rather than a
223: file.
224: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
225: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>:
226: support PKCS#11 devices with external PIN entry devices. (bz#2240)
227: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
228: allow GSSAPI host credential check to be relaxed for multihomed
229: hosts via <tt>GSSAPIStrictAcceptorCheck</tt> option. (bz#928)
230: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
231: support <tt>ssh-keygen -lF hostname</tt> to search <tt>known_hosts</tt>
232: and print key hashes rather than full keys.
233: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
234: add <tt>-D</tt> flag to leave
235: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>
236: in foreground without enabling debug mode. (bz#2381)
1.16 sobrado 237: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>:
1.15 sobrado 238: add <tt>PubkeyAcceptedKeyTypes</tt> option to control which public
239: key types are available for user authentication.
240: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>:
241: add <tt>HostKeyAlgorithms</tt> option to control which public key
242: types are offered for host authentications.
243: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
244: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
245: extend <tt>Ciphers</tt>, <tt>MACs</tt>, <tt>KexAlgorithms</tt>,
246: <tt>HostKeyAlgorithms</tt>, <tt>PubkeyAcceptedKeyTypes</tt> and
247: <tt>HostbasedKeyTypes</tt> options to allow appending to the default
248: set of algorithms instead of replacing it. Options may now be
249: prefixed with a <tt>+</tt> to append to the default, e.g.
250: "<tt>HostKeyAlgorithms=+ssh-dss</tt>".
1.1 deraadt 251: </ul>
252: <li>The following significant bugs have been fixed in this release:
253: <ul>
1.15 sobrado 254: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
255: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
1.27 sobrado 256: deprecate legacy <tt>SSH2_MSG_KEX_DH_GEX_REQUEST_OLD</tt> message and
257: do not try to use it against some 3rd-party SSH implementations that
258: use it (older PuTTY, WinSCP).
259: <li>Many fixes for problems caused by compile-time deactivation of
260: SSH1 support. (including bz#2369)
261: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
262: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
263: cap DH-GEX group size at 4Kbits for Cisco implementations as some
264: would fail when attempting to use group sizes greater than 4K.
265: (bz#2209)
266: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
267: fix out-of-bound read in <tt>EscapeChar</tt> configuration option
268: parsing. (bz#2396)
269: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
270: fix application of <tt>PermitTunnel</tt>, <tt>LoginGraceTime</tt>,
271: <tt>AuthenticationMethods</tt> and <tt>StreamLocalBindMask</tt>
272: options in <tt>Match</tt> blocks.
273: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
274: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
275: improve disconnection message on TCP reset. (bz#2257)
276: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
277: remove failed remote forwards established by multiplexing from the
278: list of active forwards. (bz#2363)
279: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
280: make parsing of <tt>authorized_keys</tt> "<tt>environment=</tt>"
281: options independent of <tt>PermitUserEnv</tt> being enabled. (bz#2329)
282: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
283: fix post-auth crash with <tt>permitopen=none</tt>. (bz#2355)
284: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
285: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>,
286: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
287: allow new-format private keys to be encrypted with AEAD ciphers.
288: (bz#2366)
289: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
290: allow <tt>ListenAddress</tt>, <tt>Port</tt> and <tt>AddressFamily</tt>
291: configuration options to appear in any order. (bz#86)
292: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
293: check for and reject missing arguments for <tt>VersionAddendum</tt>
294: and <tt>ForceCommand</tt>. (bz#2281)
295: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
296: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
297: don't treat unknown certificate extensions as fatal. (bz#2387)
298: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
299: make <tt>stdout</tt> and <tt>stderr</tt> output consistent. (bz#2325)
300: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
301: mention missing <tt>DISPLAY</tt> environment in debug log when X11
302: forwarding requested. (bz#1682)
303: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
304: correctly record login when <tt>UseLogin</tt> is set. (bz#378)
305: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
306: add some missing options to <tt>sshd -T</tt> output and fix output
307: of <tt>VersionAddendum</tt> and <tt>HostCertificate</tt>. (bz#2346)
308: <li>Document and improve consistency of options that accept a
309: "<tt>none</tt>" argument: <tt>TrustedUserCAKeys</tt>,
310: <tt>RevokedKeys</tt> (bz#2382), <tt>AuthorizedPrincipalsFile</tt>
311: (bz#2288).
312: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
313: include remote username in debug output. (bz#2368)
314: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
315: avoid compatibility problem with some versions of Tera Term, which
316: would crash when they received the hostkeys notification message
317: (<tt>hostkeys-00@openssh.com</tt>).
318: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
319: mention <tt>ssh-keygen -E</tt> as useful when comparing legacy
320: <i>MD5 host key fingerprints</i>. (bz#2332)
321: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
322: clarify pseudo-terminal request behaviour and use make manual language
323: consistent. (bz#1716)
324: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
325: document that the <tt>TERM</tt> environment variable is not subject
326: to <tt>SendEnv</tt> and <tt>AcceptEnv</tt>. (bz#2386)
327: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
328: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
1.15 sobrado 329: add compatability workarounds for Cisco and more PuTTY versions.
330: (bz#2424)
331: <li>Fix some omissions and errors in the <tt>PROTOCOL</tt> and
332: <tt>PROTCOL.mux</tt> documentation relating to <i>Unix domain
333: socket</i> forwarding. (bz#2421, bz#2422)
334: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
335: Improve the
336: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
337: manual page to include a better desciption of Unix domain socket
338: forwarding. (bz#2423)
339: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
340: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
341: skip uninitialised PKCS#11 slots, fixing failures to load keys when
342: they are present. (bz#2427)
343: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
344: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
345: do not ignore PKCS#11 hosted keys that wth empty <tt>CKA_ID</tt>.
346: (bz#2429)
347: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
348: clarify documentation for <tt>UseDNS</tt> option. (bz#2045)
1.1 deraadt 349: </ul>
350: </ul>
351: <p>
352:
353: <li>LibreSSL
354: <ul>
355: <li>User-visible features:
356: <ul>
1.27 sobrado 357: <li>Reject all <i>server DH keys</i> smaller than 1024 bits.
358: <li>Multiple CVEs fixed including CVE-2015-0207, CVE-2015-0209,
359: CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,
360: CVE-2015-1788, CVE-2015-1789, CVE-2015-1792.
361: <li>Protocol parsing conversions to BoringSSL's <i>CRYPTO ByteString</i>
362: (CBS) API.
363: <li>Added <tt>EC_curve_nid2nist</tt> and <tt>EC_curve_nist2nid</tt>
364: from OpenSSL.
365: <li>Removed Dynamic Engine support.
366: <li>Removed MDC-2DES support.
1.14 sobrado 367: <li>Switched <tt>openssl dhparam</tt> default from 512 to 2048 bits.
368: <li>Fixed <tt>openssl pkeyutl -verify</tt> to exit with a 0 on success.
369: <li>Fixed dozens of Coverity issues including dead code, memory leaks,
370: logic errors and more.
371: <li>Ensure that
372: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>
373: restores terminal echo state after reading a password.
1.28 ! sobrado 374: <li>Incorporated fix for OpenSSL issue #3683.
1.14 sobrado 375: <li>Removed SSLv3 support from
376: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>.
377: <li>Modified <tt>tls_write</tt> in <tt>libtls</tt> to allow partial
378: writes, clarified with examples in the documentation.
379: <li>Removed RSAX engine.
1.16 sobrado 380: <li>Tested SSLv3 removal with the OpenBSD ports tree and found several
381: applications that were not ready to build without SSLv3 yet.
382: For now, building a program that intentionally uses SSLv3 will
383: result in a linker warning.
1.14 sobrado 384: <li>Added <tt>TLS_method</tt>, <tt>TLS_client_method</tt> and
385: <tt>TLS_server_method</tt> as a replacement for the
386: <tt>SSLv23_*method</tt> calls.
387: <li>Default <tt>cert.pem</tt>, <tt>openssl.cnf</tt>, and
388: <tt>x509v3.cnf</tt> files are now installed under
389: <tt>$sysconfdir/ssl</tt> or the directory specified by
390: <tt>--with-openssldir</tt>. Previous versions of LibreSSL left
391: these empty.
1.1 deraadt 392: </ul>
393: <li>Code improvements:
394: <ul>
1.27 sobrado 395: <li>Fix incorrect comparison function in openssl(1) certhash command.
396: Thanks to Christian Neukirchen / Void Linux.
397: <li>Removal of <tt>OPENSSL_issetugid</tt> and all library getenv calls.
398: Applications can and should no longer rely on environment variables
399: for changing library behavior.
400: <tt>OPENSSL_CONF</tt>/<tt>SSLEAY_CONF</tt> is still supported with the
401: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>
402: command.
403: <li><tt>libtls</tt> API and documentation additions.
1.28 ! sobrado 404: <li>Various bug fixes and simplifications to <tt>libssl</tt> and
1.27 sobrado 405: <tt>libcrypto</tt>.
1.14 sobrado 406: <li>Reworked
407: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>
408: option handling.
409: <li>LibreSSL version define <tt>LIBRESSL_VERSION_NUMBER</tt> will now
410: be bumped for each portable release.
411: <li>Removed workarounds for TLS client padding bugs.
412: <li>Removed IE 6 SSLv3 workarounds.
413: <li><tt>--with-enginesdir</tt> is removed as a configuration parameter.
1.1 deraadt 414: </ul>
415: </ul>
416: <p>
417: <li>mandoc X.X.X
418: <ul>
1.21 guenther 419: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=man&sektion=1">man(1)</a> functionality is now built-in.
1.1 deraadt 420: <li>...
421: </ul>
422:
423: <p>
424: <li>Syslogd:
425: <ul>
1.4 bluhm 426: <li>OpenBSD
427: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>
428: can bind to explicitly given UDP or TCP sockets to receive messages.
429: TCP streams are accepted with the octet counting or the non
430: transparent framing method.
431: <li>Blocks in
432: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog.conf&se
433: ktion=5">syslog.conf(5)</a>
434: started with <code>+host</code> process messages created by
435: certain hosts specifically.
436: <li>Handle situations when the file descriptor limit is exhausted
437: gracefully.
438: <li>Since libtls handles short writes smarter, syslogd can use the
1.12 tedu 439: complete output buffer to save messages, coping with
440: longer TLS server down times without losing messages.
1.1 deraadt 441: </ul>
442: <p>
443: <li>Ports and packages:
444: <ul>
445: <li>Over X,XXX ports.
446: </ul>
447: <p>
448: <li>Many pre-built packages for each architecture:
449: <table border=0 cellspacing=0 cellpadding=2 width="95%">
450: <tr>
451: <td valign="top" width="25%">
452: <ul>
1.25 deraadt 453: <li>alpha: XXXX
454: <li>amd64: XXXX
455: <li>arm: XXXX
456: </ul></td><td valign=top width="25%"><ul>
457: <li>hppa: XXXX
1.13 sthen 458: <li>i386: 8839
1.25 deraadt 459: <li>mips64: XXXX
460: </ul></td><td valign=top width="25%"><ul>
461: <li>mips64el: XXXX
462: <li>powerpc: XXXX
1.1 deraadt 463: <li>sh: XXXX
464: </ul></td><td valign=top width="25%"><ul>
1.25 deraadt 465: <li>sparc64: XXXX
1.1 deraadt 466: <li>sparc: XXXX
467: <li>vax: XXXX
468: </ul></td><td valign=top width="25%"><ul>
469: </ul></td></tr></table>
470: <p>
471:
472: <li>Some highlights:
473: <table border=0 cellspacing=0 cellpadding=2 width="95%">
474: <tr>
475: <td valign="top" width="33%"><ul>
1.10 lteo 476: <li>Chromium 44.0.2403.125
477: <li>Emacs 21.4 and 24.5
478: <li>GCC 4.8.4 and 4.9.3
1.1 deraadt 479: <li>GHC 7.8.4
1.10 lteo 480: <li>GNOME 3.16.2
481: <li>Go 1.4.2
1.1 deraadt 482: <li>Groff 1.22.3
1.10 lteo 483: <li>JDK 1.7.0.80 and 1.8.0.45
1.1 deraadt 484: <li>KDE 3.5.10 and 4.14.3
485: <li>LLVM/Clang 3.5 (20140228)
1.10 lteo 486: <li>LibreOffice 4.4.4.3
487: <li>MariaDB 10.0.20
488: <li>Mono 3.12.1
1.18 landry 489: <li>Mozilla Firefox 38.1.1esr and 39.0.3
1.10 lteo 490: <li>Mozilla Thunderbird 38.1.0
1.1 deraadt 491: </ul></td><td valign=top width="33%"><ul>
492: <li>Node.js 0.10.35
1.10 lteo 493: <li>OpenLDAP 2.3.43 and 2.4.41
494: <li>PHP 5.4.43, 5.5.27 and 5.6.11
495: <li>Postfix 3.0.2
496: <li>PostgreSQL 9.4.4
497: <li>Python 2.7.10 and 3.4.3
498: <li>R 3.2.1
499: <li>Ruby 1.8.7.374, 1.9.3.551, 2.0.0.645, 2.1.6, and 2.2.2
500: <li>Sendmail 8.15.2
501: <li>Sudo 1.8.14.3
1.9 stu 502: <li>Tcl/Tk 8.5.18 and 8.6.4
1.10 lteo 503: <li>TeX Live 2014
504: <li>Vim 7.4.769
505: <li>Xfce 4.12
1.1 deraadt 506: </ul></td><td valign=top width="34%">
507: </td></tr></table>
508: <p>
509:
510: <li>As usual, steady improvements in manual pages and other documentation.
511: <p>
512:
513: <li>The system includes the following major components from outside suppliers:
514: <ul>
515: <li>Xenocara (based on X.Org 7.7 with xserver 1.16.4 + patches,
1.8 matthieu 516: freetype 2.6, fontconfig 2.11.1, Mesa 10.2.9, xterm 314,
517: xkeyboard-config 2.14 and more)
1.1 deraadt 518: <li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.8 matthieu 519: <li>Perl 5.20.2 (+ patches)
520: <li>SQLite 3.8.9 (+ patches)
521: <li>NSD 4.1.3
522: <li>Unbound 1.5.4
1.1 deraadt 523: <li>Ncurses 5.7
1.8 matthieu 524: <li>Binutils 2.17 (+ patches)
1.1 deraadt 525: <li>Gdb 6.3 (+ patches)
526: <li>Less 458 (+ patches)
527: <li>Awk Aug 10, 2011 version
528: </ul>
529:
530: </ul>
531:
532: <a name="install"></a>
533: <hr>
534: <p>
535: <h3><font color="#0000e0">How to install</font></h3>
536: <p>
537: Following this are the instructions which you would have on a piece of
538: paper if you had purchased a CDROM set instead of doing an alternate
539: form of install. The instructions for doing an HTTP (or other style
540: of) install are very similar; the CDROM instructions are left intact
541: so that you can see how much easier it would have been if you had
542: purchased a CDROM instead.
543: <p>
544:
545: <hr>
546: Please refer to the following files on the three CDROMs or mirror site for
547: extensive details on how to install OpenBSD 5.8 on your machine:
548: <p>
549: <ul>
550: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/hppa/INSTALL.alpha">
551: .../OpenBSD/5.8/alpha/INSTALL.alpha (on CD1)</a>
552: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/i386/INSTALL.i386">
553: .../OpenBSD/5.8/i386/INSTALL.i386 (on CD1)</a>
554: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/hppa/INSTALL.hppa">
555: .../OpenBSD/5.8/hppa/INSTALL.hppa (on CD1)</a>
556: <p>
557: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/amd64/INSTALL.amd64">
558: .../OpenBSD/5.8/amd64/INSTALL.amd64 (on CD2)</a>
559: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/macppc/INSTALL.macppc">
560: .../OpenBSD/5.8/macppc/INSTALL.macppc (on CD2)</a>
561: <p>
562: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/sparc64/INSTALL.sparc64">
563: .../OpenBSD/5.8/sparc64/INSTALL.sparc64 (on CD3)</a>
564: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/sparc/INSTALL.sparc">
565: .../OpenBSD/5.8/sparc/INSTALL.sparc (on CD3)</a>
566: <p>
567: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/alpha/INSTALL.alpha">
568: .../OpenBSD/5.8/alpha/INSTALL.alpha</a>
569: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/armish/INSTALL.armish">
570: .../OpenBSD/5.8/armish/INSTALL.armish</a>
571: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/hppa/INSTALL.hppa">
572: .../OpenBSD/5.8/hppa/INSTALL.hppa</a>
573: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/landisk/INSTALL.landisk">
574: .../OpenBSD/5.8/landisk/INSTALL.landisk</a>
575: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/loongson/INSTALL.loongson">
576: .../OpenBSD/5.8/loongson/INSTALL.loongson</a>
577: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/luna88k/INSTALL.luna88k">
578: .../OpenBSD/5.8/luna88k/INSTALL.luna88k</a>
579: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/macppc/INSTALL.macppc">
580: .../OpenBSD/5.8/macppc/INSTALL.macppc</a>
581: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/octeon/INSTALL.octeon">
582: .../OpenBSD/5.8/octeon/INSTALL.octeon</a>
583: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/sgi/INSTALL.sgi">
584: .../OpenBSD/5.8/sgi/INSTALL.sgi</a>
585: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/socppc/INSTALL.socppc">
586: .../OpenBSD/5.8/socppc/INSTALL.socppc</a>
587: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/sparc/INSTALL.sparc">
588: .../OpenBSD/5.8/sparc/INSTALL.sparc</a>
589: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/vax/INSTALL.vax">
590: .../OpenBSD/5.8/vax/INSTALL.vax</a>
591: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.8/zaurus/INSTALL.zaurus">
592: .../OpenBSD/5.8/zaurus/INSTALL.zaurus</a>
593: </ul>
594: <hr>
595:
596: <p>
597: Quick installer information for people familiar with OpenBSD, and the
598: use of the "disklabel -E" command. If you are at all confused when
599: installing OpenBSD, read the relevant INSTALL.* file as listed above!
600: <p>
601:
602: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
603: <ul>
604: The OpenBSD/i386 release is on CD1.
605: Boot from the CD to begin the install - you may need to adjust
606: your BIOS options first.
607:
608: <p>
609: If your machine can boot from USB, you can write <i>install58.fs</i> or
610: <i>miniroot58.fs</i> to a USB stick and boot from it.
611:
612: <p>
613: If you can't boot from a CD, floppy disk, or USB,
614: you can install across the network using PXE as described in
615: the included INSTALL.i386 document.
616:
617: <p>
618: If you are planning on dual booting OpenBSD with another OS, you will need to
619: read INSTALL.i386.
620:
621: </ul>
622:
623: <p>
624: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
625: <ul>
626: The OpenBSD/amd64 release is on CD2.
627: Boot from the CD to begin the install - you may need to adjust
628: your BIOS options first.
629:
630: <p>
631: If your machine can boot from USB, you can write <i>install58.fs</i> or
632: <i>miniroot58.fs</i> to a USB stick and boot from it.
633:
634: <p>
635: If you can't boot from a CD, floppy disk, or USB,
636: you can install across the network using PXE as described in the included
637: INSTALL.amd64 document.
638:
639: <p>
640: If you are planning to dual boot OpenBSD with another OS, you will need to
641: read INSTALL.amd64.
642: </ul>
643:
644: <p>
645: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
646: <ul>
647: Burn the image from a mirror site to a CDROM, and power on your machine
648: while holding down the <i>C</i> key until the display turns on and
649: shows <i>OpenBSD/macppc boot</i>.
650:
651: <p>
652: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
653: /5.8/macppc/bsd.rd</i>
654: </ul>
655:
656: <p>
657: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
658: <ul>
659: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
660:
661: <p>
662: If this doesn't work, or if you don't have a CDROM drive, you can write
663: <i>CD3:5.8/sparc64/floppy58.fs</i> or <i>CD3:5.8/sparc64/floppyB58.fs</i>
664: (depending on your machine) to a floppy and boot it with <i>boot
665: floppy</i>. Refer to INSTALL.sparc64 for details.
666:
667: <p>
668: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
669: will most likely fail.
670:
671: <p>
672: You can also write <i>CD3:5.8/sparc64/miniroot58.fs</i> to the swap partition on
673: the disk and boot with <i>boot disk:b</i>.
674:
675: <p>
676: If nothing works, you can boot over the network as described in INSTALL.sparc64.
677: </ul>
678:
679: <p>
680: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
681: <ul>
682: <p>Write <i>FTP:5.8/alpha/floppy58.fs</i> or
683: <i>FTP:5.8/alpha/floppyB58.fs</i> (depending on your machine) to a diskette and
684: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
685:
686: <p>
687: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
688: will most likely fail.
689:
690: </ul>
691:
692: <p>
693: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
694: <ul>
695: <p>
696: After connecting a serial port, Thecus can boot directly from the network
697: either tftp or http. Configure the network using fconfig, reset,
698: then load bsd.rd, see INSTALL.armish for specific details.
699: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
700: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
701: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
702: More details are available in INSTALL.armish.
703: </ul>
704:
705: <p>
706: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
707: <ul>
708: <p>
709: Boot over the network by following the instructions in INSTALL.hppa or the
710: <a href="hppa.html#install">hppa platform page</a>.
711: </ul>
712:
713: <p>
714: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
715: <ul>
716: <p>
717: Write <i>miniroot58.fs</i> to the start of the CF
718: or disk, and boot normally.
719: </ul>
720:
721: <p>
722: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
723: <ul>
724: <p>
725: Write <i>miniroot58.fs</i> to a USB stick and boot bsd.rd from it
726: or boot bsd.rd via tftp.
727: Refer to the instructions in INSTALL.loongson for more details.
728: </ul>
729: <p>
730:
731: <p>
732: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
733: <ul>
734: <p>
735: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
1.24 miod 736: from the PROM, and then bsd.rd from the bootloader.
1.1 deraadt 737: Refer to the instructions in INSTALL.luna88k for more details.
738: </ul>
739:
740: <p>
741: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
742: <ul>
743: <p>
744: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
745: Refer to the instructions in INSTALL.octeon for more details.
746: </ul>
747:
748: <p>
749: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
750: <ul>
751: <p>
752: To install, burn cd58.iso on a CD-R, put it in the CD drive of your
753: machine and select <i>Install System Software</i> from the System Maintenance
754: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
755: CD-ROM, and need a proper invocation from the PROM prompt.
756: Refer to the instructions in INSTALL.sgi for more details.
757:
758: <p>
759: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
760: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
761: system type. Refer to the instructions in INSTALL.sgi for more details.
762: </ul>
763:
764: <p>
765: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
766: <ul>
767: <p>
768: After connecting a serial port, boot over the network via DHCP/tftp.
769: Refer to the instructions in INSTALL.socppc for more details.
770: </ul>
771:
772: <p>
773: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
774: <ul>
775: Boot from one of the provided install ISO images, using one of the two
776: commands listed below, depending on the version of your ROM.
777:
778: <ul><pre>
779: ok <strong>boot cdrom 5.8/sparc/bsd.rd</strong>
780: or
781: > <strong>b sd(0,6,0)5.8/sparc/bsd.rd</strong>
782: </pre></ul>
783:
784: <p>
785: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
786: To do so you need to write <i>floppy58.fs</i> to a floppy.
787: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
788: To boot from the floppy use one of the two commands listed below,
789: depending on the version of your ROM.
790:
791: <ul><pre>
792: ok <strong>boot floppy</strong>
793: or
794: > <strong>b fd()</strong>
795: </pre></ul>
796:
797: <p>
798: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
799: will most likely fail.
800:
801: <p>
802: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
803: setup a bootable tape, or install via network, as told in the
804: INSTALL.sparc file.
805: </ul>
806:
807: <p>
808: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
809: <ul>
810: Boot over the network via mopbooting as described in INSTALL.vax.
811: </ul>
812:
813: <p>
814: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
815: <ul>
816: <p>
817: Using the Linux built-in graphical ipkg installer, install the
818: openbsd58_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
819: for a few important details.
820: </ul>
821:
822: <a name="upgrade"></a>
823: <hr>
824: <p>
825: <h3><font color="#0000e0">How to upgrade</font></h3>
826: <p>
1.2 deraadt 827: If you already have an OpenBSD 5.7 system, and do not want to reinstall,
1.1 deraadt 828: upgrade instructions and advice can be found in the
829: <a href="faq/upgrade58.html">Upgrade Guide</a>.
830:
831: <a name="sourcecode"></a>
832: <hr>
833: <p>
834: <h3><font color="#0000e0">Notes about the source code</font></h3>
835: <p>
836: src.tar.gz contains a source archive starting at /usr/src. This file
837: contains everything you need except for the kernel sources, which are
838: in a separate archive. To extract:
839: <p>
840: <ul><pre>
841: # <strong>mkdir -p /usr/src</strong>
842: # <strong>cd /usr/src</strong>
843: # <strong>tar xvfz /tmp/src.tar.gz</strong>
844: </pre></ul>
845: <p>
846: sys.tar.gz contains a source archive starting at /usr/src/sys.
847: This file contains all the kernel sources you need to rebuild kernels.
848: To extract:
849: <p>
850: <ul><pre>
851: # <strong>mkdir -p /usr/src/sys</strong>
852: # <strong>cd /usr/src</strong>
853: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
854: </pre></ul>
855: <p>
856: Both of these trees are a regular CVS checkout. Using these trees it
857: is possible to get a head-start on using the anoncvs servers as
858: described <a href="anoncvs.html">here</a>.
859: Using these files
860: results in a much faster initial CVS update than you could expect from
861: a fresh checkout of the full OpenBSD source tree.
862: <p>
863:
864: <a name="ports"></a>
865: <hr>
866: <p>
867: <h3><font color="#0000e0">Ports Tree</font></h3>
868: <p>
869: A ports tree archive is also provided. To extract:
870: <p>
871: <ul><pre>
872: # <strong>cd /usr</strong>
873: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
874: </pre></ul>
875: <p>
876: Go read the <a href="faq/ports/index.html">ports</a> page
877: if you know nothing about ports
878: at this point. This text is not a manual of how to use ports.
879: Rather, it is a set of notes meant to kickstart the user on the
880: OpenBSD ports system.
881: <p>
882: The <i>ports/</i> directory represents a CVS (see the manpage for
883: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
884: cvs(1)</a> if
885: you aren't familiar with CVS) checkout of our ports. As with our complete
886: source tree, our ports tree is available via
887: <a href="anoncvs.html">AnonCVS</a>.
888: So, in order to keep up to date with the <i>-stable</i> branch, you must make
889: the <i>ports/</i> tree available on a read-write medium and update the tree
890: with a command like:
891: <p>
892: <ul><pre>
893: # <strong>cd /usr/ports</strong>
1.2 deraadt 894: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_8</strong>
1.1 deraadt 895: </pre></ul>
896: <p>
897: [Of course, you must replace the server name here with a nearby anoncvs
898: server.]
899: <p>
900: Note that most ports are available as packages on our mirrors. Updated
901: ports for the 5.8 release will be made available if problems arise.
902: <p>
903: If you're interested in seeing a port added, would like to help out, or just
904: would like to know more, the mailing list
905: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
906: <p>
907: </body>
908: </html>