===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.66
retrieving revision 1.67
diff -c -r1.66 -r1.67
*** www/59.html 2016/03/09 10:01:23 1.66
--- www/59.html 2016/03/09 16:57:19 1.67
***************
*** 15,21 ****
!
OpenBSD 5.9
To be released May 1, 2016
--- 15,21 ----
!
OpenBSD 5.9
To be released May 1, 2016
***************
*** 51,65 ****
are not included on the CDROM because of lack of space.
-
!
!
What's New
!
This is a partial list of new features and systems included in OpenBSD 5.9.
For a comprehensive list, see the changelog leading
to 5.9.
-
- Processor support, including:
--- 51,63 ----
are not included on the CDROM because of lack of space.
!
! What's New
!
This is a partial list of new features and systems included in OpenBSD 5.9.
For a comprehensive list, see the changelog leading
to 5.9.
- Processor support, including:
***************
*** 143,218 ****
- 14 ports now use pledge(2): some decompression tools, mutt,
some pdf tools, chromium/iridium, and the i3 window manager.
- Various bugs exposed by pledge(2) were corrected.
! For example in
!
! bgpd(8),
!
! iked(8),
!
! ldapd(8),
!
! ntpd(8),
! and
! syslogd(8).
- Several misfeatures were removed, such as:
- Userland programs were audited so that they could be properly annotated
with pledge(2).
This resulted in design changes such as
- pledge(2) is also used to constrain programs that handle untrusted data
to a very limited subset of POSIX.
For example,
! strings(1)
! or
! objdump(1)
! from the
!
! binutils
! or the
!
! RSA-privsep process in
! smtpd(8).
--- 141,204 ----
- 14 ports now use pledge(2): some decompression tools, mutt,
some pdf tools, chromium/iridium, and the i3 window manager.
- Various bugs exposed by pledge(2) were corrected.
! For example in
! bgpd(8),
! iked(8),
! ldapd(8),
! ntpd(8), and
! syslogd(8).
- Several misfeatures were removed, such as:
- Userland programs were audited so that they could be properly annotated
with pledge(2).
This resulted in design changes such as
- pledge(2) is also used to constrain programs that handle untrusted data
to a very limited subset of POSIX.
For example,
! strings(1) or
! objdump(1) from the
! binutils or the
! RSA-privsep process in
! smtpd(8).
***************
*** 242,249 ****
802.11n mode is used by default if supported by the OpenBSD wireless
driver and the access point.
Operation in 802.11a, 802.11b, and 802.11g modes can be forced with
! the new ifconfig(8)
! mode subcommand.
--- 228,235 ----
802.11n mode is used by default if supported by the OpenBSD wireless
driver and the access point.
Operation in 802.11a, 802.11b, and 802.11g modes can be forced with
! the new ifconfig(8)
! mode subcommand.
***************
*** 275,281 ****
When initializing a GPT the required EFI System partition is automatically created.
When installing to a GPT disk
! installboot(8)
now formats the EFI System partition, creates the appropriate directory
structure and copies the required UEFI boot files into place.
...
--- 261,267 ----
When initializing a GPT the required EFI System partition is automatically created.
When installing to a GPT disk
! installboot(8)
now formats the EFI System partition, creates the appropriate directory
structure and copies the required UEFI boot files into place.
...
***************
*** 328,334 ****
Support for looking up hosts via YP has been removed from libc.
The 'yp' lookup method in
! resolv.conf
is no longer available.
Support for the HOSTALIASES environment variable has been removed from libc.
--- 314,320 ----
Support for looking up hosts via YP has been removed from libc.
The 'yp' lookup method in
! resolv.conf
is no longer available.
Support for the HOSTALIASES environment variable has been removed from libc.
***************
*** 378,384 ****
The associated fields in the disklabel were also removed.
These functions are now all performed by
! installboot(8).
PowerPC converted to secure-PLT ABI variant.
Perform lazy binding updates in
ld.so(1)
--- 364,370 ----
The associated fields in the disklabel were also removed.
These functions are now all performed by
! installboot(8).
PowerPC converted to secure-PLT ABI variant.
Perform lazy binding updates in
ld.so(1)
***************
*** 396,404 ****
system call to tighten pledge(2) restrictions and improve pthread_kill(3)
and pthread_cancel(3) compliance.
Added
! getpwnam_shadow(3)
and
! getpwuid_shadow(3)
to permit tighter pledge(2) restrictions.
Added support to
ktrace(1)
--- 382,390 ----
system call to tighten pledge(2) restrictions and improve pthread_kill(3)
and pthread_cancel(3) compliance.
Added
! getpwnam_shadow(3)
and
! getpwuid_shadow(3)
to permit tighter pledge(2) restrictions.
Added support to
ktrace(1)
***************
*** 693,700 ****
Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations
are no longer supported.
The engine command and parameters are removed from
!
! openssl(1).
Previous releases removed dynamic and built-in engine support already.
SHA-0 is removed, which was withdrawn shortly after publication
twenty years ago.
--- 679,686 ----
Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations
are no longer supported.
The engine command and parameters are removed from
!
! openssl(1).
Previous releases removed dynamic and built-in engine support already.
SHA-0 is removed, which was withdrawn shortly after publication
twenty years ago.
***************
*** 702,722 ****
cert.pem file.
Fixed a leak in
! SSL_new(3)
in the error path.
Fixed a memory leak and out-of-bounds access in
! OBJ_obj2txt(3).
Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
Added
! EVP_aead_chacha20_poly1305_ietf(3)
which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
! EVP_aead_chacha20_poly1305(3).
More man pages converted from pod to
mdoc(7)
format.
--- 688,708 ----
cert.pem file.
Fixed a leak in
! SSL_new(3)
in the error path.
Fixed a memory leak and out-of-bounds access in
! OBJ_obj2txt(3).
Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
Added
! EVP_aead_chacha20_poly1305_ietf(3)
which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
! EVP_aead_chacha20_poly1305(3).
More man pages converted from pod to
mdoc(7)
format.
***************
*** 753,773 ****
--- 739,758 ----
***************
*** 793,813 ****
Added ability to check certificate validity times with
libtls,
! tls_peer_cert_notbefore(3)
and
! tls_peer_cert_notafter(3).
Changed
! tls_connect_servername(3)
to use the first address that resolves with
! getaddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
Reject too small bits value in
! BN_generate_prime_ex(3),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of
--- 778,798 ----
Added ability to check certificate validity times with
libtls,
! tls_peer_cert_notbefore(3)
and
! tls_peer_cert_notafter(3).
Changed
! tls_connect_servername(3)
to use the first address that resolves with
! taddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
Reject too small bits value in
! te_prime_ex(3),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of
***************
*** 909,919 ****
-
!
!
How to install
!
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an HTTP (or other style
--- 894,903 ----
!
! How to install
!
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an HTTP (or other style
***************
*** 923,931 ****
Please refer to the following files on the three CDROMs or mirror site for
extensive details on how to install OpenBSD 5.9 on your machine:
!
-
.../OpenBSD/5.9/alpha/INSTALL.alpha (on CD1)
--- 907,916 ----
+
Please refer to the following files on the three CDROMs or mirror site for
extensive details on how to install OpenBSD 5.9 on your machine:
!
+
+
***************
*** 995,1000 ****
--- 982,988 ----
OpenBSD/amd64:
+
-
The OpenBSD/amd64 release is on CD2.
***************
*** 1147,1186 ****
for a few important details.
-
! How to upgrade
If you already have an OpenBSD 5.8 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
-
!
!
Notes about the source code
!
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
!
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
!
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
!
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
!
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
--- 1135,1173 ----
for a few important details.
! How to upgrade
If you already have an OpenBSD 5.8 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
+
!
! Notes about the source code
!
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
!
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
!
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
!
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
!
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
***************
*** 1189,1206 ****
a fresh checkout of the full OpenBSD source tree.
-
!
!
Ports Tree
!
A ports tree archive is also provided. To extract:
!
# cd /usr
# tar xvfz /tmp/ports.tar.gz
!
Go read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
--- 1176,1192 ----
a fresh checkout of the full OpenBSD source tree.
!
! Ports Tree
!
A ports tree archive is also provided. To extract:
!
# cd /usr
# tar xvfz /tmp/ports.tar.gz
!
Go read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
***************
*** 1216,1227 ****
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree
with a command like:
!
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9
!
[Of course, you must replace the server name here with a nearby anoncvs
server.]
--- 1202,1213 ----
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree
with a command like:
!
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9
!
[Of course, you must replace the server name here with a nearby anoncvs
server.]