===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- www/59.html 2016/03/09 10:01:23 1.66
+++ www/59.html 2016/03/09 16:57:19 1.67
@@ -15,7 +15,7 @@
-
+
OpenBSD 5.9
To be released May 1, 2016
@@ -51,15 +51,13 @@
are not included on the CDROM because of lack of space.
-
-
-
What's New
-
+
+
What's New
+
This is a partial list of new features and systems included in OpenBSD 5.9.
For a comprehensive list, see the changelog leading
to 5.9.
-
- Processor support, including:
@@ -143,76 +141,64 @@
- 14 ports now use pledge(2): some decompression tools, mutt,
some pdf tools, chromium/iridium, and the i3 window manager.
- Various bugs exposed by pledge(2) were corrected.
- For example in
-
- bgpd(8),
-
- iked(8),
-
- ldapd(8),
-
- ntpd(8),
- and
- syslogd(8).
+ For example in
+ bgpd(8),
+ iked(8),
+ ldapd(8),
+ ntpd(8), and
+ syslogd(8).
- Several misfeatures were removed, such as:
- Userland programs were audited so that they could be properly annotated
with pledge(2).
This resulted in design changes such as
- pledge(2) is also used to constrain programs that handle untrusted data
to a very limited subset of POSIX.
For example,
- strings(1)
- or
+ strings(1) or
- objdump(1)
- from the
-
- binutils
- or the
-
- RSA-privsep process in
+ objdump(1) from the
+ binutils or the
+ RSA-privsep process in
- smtpd(8).
+ smtpd(8).
@@ -242,8 +228,8 @@
802.11n mode is used by default if supported by the OpenBSD wireless
driver and the access point.
Operation in 802.11a, 802.11b, and 802.11g modes can be forced with
- the new ifconfig(8)
- mode subcommand.
+ the new ifconfig(8)
+ mode subcommand.
@@ -275,7 +261,7 @@
When initializing a GPT the required EFI System partition is automatically created.
When installing to a GPT disk
- installboot(8)
+ installboot(8)
now formats the EFI System partition, creates the appropriate directory
structure and copies the required UEFI boot files into place.
...
@@ -328,7 +314,7 @@
Support for looking up hosts via YP has been removed from libc.
The 'yp' lookup method in
- resolv.conf
+ resolv.conf
is no longer available.
Support for the HOSTALIASES environment variable has been removed from libc.
@@ -378,7 +364,7 @@
The associated fields in the disklabel were also removed.
These functions are now all performed by
- installboot(8).
+ installboot(8).
PowerPC converted to secure-PLT ABI variant.
Perform lazy binding updates in
ld.so(1)
@@ -396,9 +382,9 @@
system call to tighten pledge(2) restrictions and improve pthread_kill(3)
and pthread_cancel(3) compliance.
Added
- getpwnam_shadow(3)
+ getpwnam_shadow(3)
and
- getpwuid_shadow(3)
+ getpwuid_shadow(3)
to permit tighter pledge(2) restrictions.
Added support to
ktrace(1)
@@ -693,8 +679,8 @@
Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations
are no longer supported.
The engine command and parameters are removed from
-
- openssl(1).
+
+ openssl(1).
Previous releases removed dynamic and built-in engine support already.
SHA-0 is removed, which was withdrawn shortly after publication
twenty years ago.
@@ -702,21 +688,21 @@
cert.pem file.
Fixed a leak in
- SSL_new(3)
+ SSL_new(3)
in the error path.
Fixed a memory leak and out-of-bounds access in
- OBJ_obj2txt(3).
+ OBJ_obj2txt(3).
Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
Added
- EVP_aead_chacha20_poly1305_ietf(3)
+ EVP_aead_chacha20_poly1305_ietf(3)
which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
- EVP_aead_chacha20_poly1305(3).
+ EVP_aead_chacha20_poly1305(3).
More man pages converted from pod to
mdoc(7)
format.
@@ -753,21 +739,20 @@
- The
- tls_read(3)
+ tls_read(3)
and
- tls_write(3)
+ tls_write(3)
functions now work better with external event libraries.
- Client-side verification is now supported, with the client
supplying the certificate to the server.
- Also, when using
- tls_connect_fds(3),
+ tls_connect_fds(3),
- tls_connect_socket(3)
- or
+ tls_connect_socket(3) or
- tls_accept_fds(3),
+ tls_accept_fds(3),
libtls no longer implicitly closes the passed in sockets.
The caller is responsible for closing them in this case.
@@ -793,21 +778,21 @@
Added ability to check certificate validity times with
libtls,
- tls_peer_cert_notbefore(3)
+ tls_peer_cert_notbefore(3)
and
- tls_peer_cert_notafter(3).
+ tls_peer_cert_notafter(3).
Changed
- tls_connect_servername(3)
+ tls_connect_servername(3)
to use the first address that resolves with
- getaddrinfo(3).
+ taddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
Reject too small bits value in
- BN_generate_prime_ex(3),
+ te_prime_ex(3),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of
@@ -909,11 +894,10 @@
-
-
-
How to install
-
+
+
How to install
+
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an HTTP (or other style
@@ -923,9 +907,10 @@
+
Please refer to the following files on the three CDROMs or mirror site for
extensive details on how to install OpenBSD 5.9 on your machine:
-
+
+
+
@@ -995,6 +982,7 @@
OpenBSD/amd64:
+
-
The OpenBSD/amd64 release is on CD2.
@@ -1147,40 +1135,39 @@
for a few important details.
-
-How to upgrade
+How to upgrade
If you already have an OpenBSD 5.8 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
+
-
-
-
Notes about the source code
-
+
+
Notes about the source code
+
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
-
+
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
-
+
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
-
+
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
-
+
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
@@ -1189,18 +1176,17 @@
a fresh checkout of the full OpenBSD source tree.
-
-
-
Ports Tree
-
+
+
Ports Tree
+
A ports tree archive is also provided. To extract:
-
+
# cd /usr
# tar xvfz /tmp/ports.tar.gz
-
+
Go read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
@@ -1216,12 +1202,12 @@
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree
with a command like:
-
+
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9
-
+
[Of course, you must replace the server name here with a nearby anoncvs
server.]