=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v retrieving revision 1.78 retrieving revision 1.79 diff -c -r1.78 -r1.79 *** www/60.html 2019/04/24 15:54:54 1.78 --- www/60.html 2019/05/27 22:55:18 1.79 *************** *** 1,28 **** ! ! !
! ! |
Released Sep 1, 2016 Copyright 1997-2016, Theo de Raadt. ! ISBN 978-0-9881561-8-0 6.0 Songs: "Another Smash of the Stack", *************** *** 38,44 ****
|
This is a partial list of new features and systems included in OpenBSD 6.0. For a comprehensive list, see the changelog leading to 6.0. *************** *** 97,133 ****
/usr/local
is set to wxallowed
during install
-M
and -m
TTL flags to
nc(1).
! AF_UNIX
support to
tcpbench(1).
llprio
option in
ifconfig(8).
/dev/bpf0
instead of looping
! through /dev/bpf*
devices. These programs include
arp(8),
dhclient(8),
dhcpd(8),
***************
*** 258,276 ****
The libpcap library
has also been modified accordingly.
W^X
is now strictly enforced by default;
a program can only violate it if the executable is marked with
! PT_OPENBSD_WXNEEDED
and is located on a filesystem
! mounted with the wxallowed
mount(8) option.
Because there are still too many ports which violate W^X, the
! installer mounts the /usr/local
filesystem with
! wxallowed
. This allows the base system to be more
! secure as long as /usr/local
is a separate filesystem.
If you use no W^X violating programs, consider manually
revoking that option.
-r
to be started without root privileges.
-s -p tcp
shows the relevant information to tune
the SYN cache with
sysctl(8)
! net.inet.tcp
.
net.inet.tcp.rootonly
and
sysctl(8)
! net.inet.udp.rootonly
.
open()
function will no longer
interfere with the operation of
fopen(3).
! PT_TLS
sections are now supported in initially loaded object.
pcap_free_datalinks()
! and pcap_offline_filter()
.
setenv
keyword for more powerful environment handling in
doas.conf(5).
! -g
and -p
options to
aucat.1
for time positioning.
-F
option to
install(1)
to fsync(2)
the file before closing it.
pollfd
structures.
get all
and getdef all
.
-I
(interactive) flag.
-c
and -k
allow to provide
TLS client certificates for
syslogd(8)
on the sending side.
***************
*** 382,423 ****
pkg_info(1) now
understand a notion of branch to ease selection of some popular
packages such as python or php, e.g., say
! pkg_add python%3.4 to select the 3.4 branch,
! and use pkg_info -zm to get a fuzzy listing with branch
! selection suitable for pkg_add -l.
! pkg_add python%3.4
to select the 3.4
branch,
! and use pkg_info -zm
to get a fuzzy listing with branch
! selection suitable for pkg_add -l
.
! chown
promise that allows pledged programs to set
setugid attributes,
! a stricter enforcement of the recvfd
promise and
chroot(2) is no longer
allowed for pledged programs.
-r
option to the
smtpd(8)
enqueuer for compatibility with mailx.
ProxyJump
option and corresponding -J
command-line flag to allow simplified indirection through a one or
more SSH bastions or "jump hosts".
IdentityAgent
option to allow specifying specific
agent sockets instead of accepting one from the environment.
ExitOnForwardFailure
and ClearAllForwardings
! to be optionally overridden when using ssh -W
. (bz#2577)
Include
directive for
ssh_config(5)
files.
LOG_CRIT
. (bz#2585)
AuthenticationMethods=""
in configurations and accept
! AuthenticationMethods=any
for the default behaviour of not
requiring multiple authentication. (bz#2398)
"POSSIBLE BREAK-IN ATTEMPT!"
message when forward and reverse DNS don't match. (bz#2585)
ControlPersist
background process stderr except in
debug mode or when logging to syslog. (bz#1988)
LocalForward
and RemoteForward
entries
! to fix failures when both ExitOnForwardFailure
and
! hostname
canonicalisation are enabled. (bz#2562)
UseDNS
: it affects ssh hostname
! processing for authorized_keys
, not known_hosts
.
(bz#2554)
ClientAliveInterval
pings when a time-based
! RekeyLimit
is set; previously keepalive packets were not
being sent. (bz#2252)
MOD_MAXERROR
to avoid unsynced time status when using
ntp_adjtime.
cert.pem
has been reorganized and synced with Mozilla's
certificate store.
install_sw
' build target.
libtls
so that configuration
errors are more visible.
!
!
|
|
|
!
Ports and packages: ! New proot(1) tool in the ports tree for building packages in a chroot. ! Many pre-built packages for each architecture: !
Some highlights: !
|
|
Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above! !
-
-
-
-
-
-
-
-
-
-
-
-
-
Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above! !
The OpenBSD/i386 release is on CD1. Boot from the CD to begin the install - you may need to adjust your BIOS options first. +
If your machine can boot from USB, you can write install60.fs or miniroot60.fs to a USB stick and boot from it. +
If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.i386 document. +
If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386. !
The OpenBSD/amd64 release is on CD2. Boot from the CD to begin the install - you may need to adjust your BIOS options first. +
If your machine can boot from USB, you can write install60.fs or miniroot60.fs to a USB stick and boot from it. +
If you can't boot from a CD, floppy disk, or USB, you can install across the network using PXE as described in the included INSTALL.amd64 document. +
If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64. !
Burn the image from a mirror site to a CDROM, and power on your machine while holding down the C key until the display turns on and shows OpenBSD/macppc boot. +
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /6.0/macppc/bsd.rd !
Put CD3 in your CDROM drive and type boot cdrom. +
If this doesn't work, or if you don't have a CDROM drive, you can write CD3:6.0/sparc64/floppy60.fs or CD3:6.0/sparc64/floppyB60.fs (depending on your machine) to a floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for details. +
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail. +
You can also write CD3:6.0/sparc64/miniroot60.fs to the swap partition on the disk and boot with boot disk:b. +
If nothing works, you can boot over the network as described in INSTALL.sparc64. !
Write FTP:6.0/alpha/floppy60.fs or FTP:6.0/alpha/floppyB60.fs (depending on your machine) to a diskette and enter boot dva0. Refer to INSTALL.alpha for more details. +
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail. !
Write a system specific miniroot to an SD card and boot from it after connecting to the serial console. Refer to INSTALL.armv7 for more details. !
Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page. !
Write miniroot60.fs to the start of the CF or disk, and boot normally. !
Write miniroot60.fs to a USB stick and boot bsd.rd from it or boot bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for more details. !
! Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader from the PROM, and then bsd.rd from the bootloader. Refer to the instructions in INSTALL.luna88k for more details. !
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. Refer to the instructions in INSTALL.octeon for more details. !
To install, burn cd60.iso on a CD-R, put it in the CD drive of your machine and select Install System Software from the System Maintenance menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from *************** *** 982,1024 **** Refer to the instructions in INSTALL.sgi for more details.
-
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your system type. Refer to the instructions in INSTALL.sgi for more details. !
After connecting a serial port, boot over the network via DHCP/tftp. Refer to the instructions in INSTALL.socppc for more details. !
Using the Linux built-in graphical ipkg installer, install the openbsd60_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus for a few important details. +
src.tar.gz
contains a source archive starting at /usr/src
.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
***************
*** 1029,1035 ****
# tar xvfz /tmp/src.tar.gz
! sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
--- 979,985 ----
# tar xvfz /tmp/src.tar.gz
! sys.tar.gz
contains a source archive starting at /usr/src/sys
.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
***************
*** 1045,1055 ****
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
!
! ! --- 1037,1040 ---- If you're interested in seeing a port added, would like to help out, or just would like to know more, the mailing list ports@openbsd.org is a good place to know. !