OpenBSD 5.0 released Nov 1, 2011

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenBSD 5.0 released Nov 1, 2011

Theo de Raadt
------------------------------------------------------------------------
Nov 1, 2011.

We are pleased to announce the official release of OpenBSD 5.0.
This is our 30th release on CD-ROM (and 31th via FTP).  We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.

As in our previous releases, 5.0 provides significant improvements,
including new features, in nearly all areas of the system:

 - Improved hardware support, including:
    o MSI interrupts for many devices, on those architectures which can
      support them (amd64, i386, sparc64 only so far).
    o A new dma_alloc(9) API makes it easier for kernel code to allocate
      dma-safe memory.  Many drivers (especially network drivers) and
      subsystems (in particular scsi and the buffer cache) were adapted
      to use this.
    o As a result, big-memory support has been enabled on all possible
      architectures.
    o The rather rare bce(4) driver now copies mbufs all the time, to cope
      with the hardware having a 1GB limit.
    o Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
    o Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
    o Added dfs(4), a driver for Dynamic Frequency Switching on some macppc
      systems.
    o cardbus(4) and pcmcia(4) support on sgi.
    o Suspend/resume support on Loongson Yeelong laptops.
    o Interrupt handlers for bnx(4), em(4), ix(4) and sis(4) have been
      improved reducing overhead and increasing performance.
    o New acpitoshiba(4) driver providing ACPI support for Toshiba laptops.
    o Added nvt(4), a driver for the W83795G and W83795ADG hardware monitor.
    o Added support to sdhc(4) for the Ricoh 5U823 SD/MMC controller.
    o A new fw_update(1) tool to install and update non-free firmware packages.

 - Generic network stack improvements:
    o Added support for sending Wake on LAN packets using arp(8).
    o Permit turning Wake on LAN support on/off using ifconfig(8).
    o Added Wake on LAN support to xl(4), re(4), and vr(4).
    o Allow ftp-proxy to proxy across rdomains.
    o The IPv4 stack will no longer accept ICMP redirects when
      acting as a router.
    o By default the IPv6 stack will not process ICMP6 redirects.
      rtsol(8) will turn it back if -F is used.
    o Reworked large parts of the dhclient(8) options processing for better
      interoperability.
    o Fixed carp(4) to work in IPv6 only setups.
    o Make it possible to bind(2) to the local network broadcast address
      on datagram and raw sockets.
    o The default multicast reject route is now ignored if the UDP socket
      uses the IP_MULTICAST_IF socket option.
    o Make gre(4) work between systems in the same LAN.
    o Removed the link1 mode special addressing mode on lo(4).
    o New net.inet.tcp.always_keepalive sysctl, effectively enabling
      SO_KEEPALIVE on all TCP sockets.

 - Routing daemons and other userland network improvements:
    o bgpd(8) no longer bumps the rlimits: the rc.d framework respects
      login classes which is a much better solution.
    o Correctly set the network filtersets on reload in bgpd(8).
    o The routing socket is now sending RTM_DESYNC messages if the
       socketbuffer overflows.
    o Allow ospfd(8) to send out LS updates and other messages
      larger than the MTU.
    o Fixed nexthop calculation in ospfd(8) for directly connected P2P links.
    o First bits to support opaque LSA in ospfd(8).  Only basic redistribute
      logic and LSDB handling for now.
    o Creating new interfaces will no longer cause a fatal error in ospf6d(8).
    o ospf6d(8) handles link-state changes better.
    o Better loopback handling in ospf6d(8).
    o No longer install extra multicast routes in ripd(8) and ldpd(8).
    o Make kqueue(2) work with sosplice(9).
    o Enabled sosplice(9) in relayd(8) for TCP.
    o Added support for divert-to which provides some benefits over
      rdr-to in relayd(8).
    o Reload support in relayd(8) has been fixed.
    o Fixed trap sending in snmpd(8).
    o Make ping6(8) compare minimum amount of bytes between what
      was received and what was sent out.
    o Make traceroute(8) with type-of-service setted (-t) display
      a message if the returned packet has a different tos type.
    o Added the socket splicing fields of struct socket to netstat -vP output.
    o tcpbench(1) now uses libevent and supports both TCP and UDP modes.
    o TCP socket buffer sizes can now be displayed using the netstat(1) -B flag.
    o tcpdump(8) can now filter on icmptype and tcpflags.
    o bgplg(8) now supports "show ip bgp peer-as".

 - pf(4) improvements:
    o Make pf(4) reassemble IPv6 fragments.  In the forward case, pf
      refragments the packets with the same maximum size.
    o Allow pf(4) to filter on the rdomain a packet belongs to.
    o Make pf(4) allow userland proxies to establish cross rdomain
      proxy sessions.
    o Added IPv6 ACK prioritization in pf(4).
    o Change 'set skip on <...>' to work with interface groups.
    o pfsync(4) supports IPv6 as network protocol.
    o Switched ftp-proxy(8) over to divert-to instead of rdr-to.
    o Switched tftp-proxy(8) over to divert-to instead of rdr-to.
    o New very low overhead priority queueing implementation for pf(4) used via
      the "prio" keyword.
    o Support for least-states in load balancing pools and tables.
    o Support for weighted round-robin in load balancing pools and tables.

 - SCSI improvements:
    o Most SCSI hardware drivers now use the new iopools infrastructure.
    o scsi(4) devices are now all provided with a unique devid, which
      is displayed during the probe process.
    o ASC/ASCQ error codes and verbiage now in sync with
      http://www.t10.org/lists/asc-num.txt.
    o Progress on iSCSI includes better login, better logout, preliminary
      FSM support in iscsid(8), and improved logging and debug information.
    o uk(4) can now safely and reliably detach an unknown SCSI device.
    o SCSI multipath device and kernel support has been improved.
    o vscsi(4) now ensures output always goes to the correct connection.
    o vscsi(4) connections can now be reset gracefully.
    o scsi(4) devices on fibre channel fabrics no longer inherit the adapter's
      address.

 - Assorted improvements:
    o Kernel randomization speed and quality improved substantially.
    o For additional security, security(8) was rewritten in Perl.
    o Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet)
      and supports -Tutf8 output (but no utf8 input yet).
    o Removed a variety of OS-compat emulation code, leaving just the Linux
      support.
    o Small improvements to Linux compat (only available on i386).
    o Improved our own pkg-config(1) implementation with extended comparison
      scheme and implementing various new options.
    o The math library, libm, was fully fleshed out to support all C99 required
      parts.  Many bugs for various architectures were fixed along the way.
    o malloc(3) is a lot faster and has a few further security features (more
      randomization, as well as the 'S' flag to enable all paranoia checks).
    o 'make depend' is no longer neccessary in kernel compilation directories
      since the dependencies are calculated automatically.
    o Increased the default size of the buffer cache.
    o kqueue(2) now works on /dev/random and spliced sockets
    o On MBR-based disks, scan through up to 256 extended partition tables
      when looking for an OpenBSD partition table.
    o Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the
      O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
    o Improved lint format string checks and added a few other checks.
    o kdump(8) now dumps stat and sockaddr structures, sysctl mib
      strings, and decodes syscall flags and operation bits.
    o Improved kernel pool debug checking.
    o Improved correctness of signals and various syscalls when rthreads
      are in use.
    o Kernel malloc(9) space and stacks moved to non-dma memory.
    o Fixed some shutdown/reboot hangs on NFS clients.
    o UNIX-domain socket paths are now guaranteed to be NUL-terminated.
    o Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3).
    o NULL is now a (void *).
    o grep(1) now supports a -H option to always print filename headers.
    o Whitelist expiry for spamlogd(8) can now be configured via a -W flag.
    o ls(1) now supports the POSIX -H option to follow symbolic links specified
      on the command line.
    o disklabel(8) now tries the next auto-allocation scheme if the current one
      fails due to insufficient available partitions.
    o bc(1) gained editline(3) support.
    o Many enhancements and new functionality has been added to tmux(1).
    o disklabel(8) supports absolute resizing of partitions in auto-allocated
      labels.
    o newfs(8) accepts k/m/g suffixes for the -S and -s options.

 - Install/Upgrade process changes:
    o Completed support for DUID disk installs, and enabled it fully.
    o Install non-free firmwares from the internet upon first boot, based on a
      question in the installer.
    o svnd(4)-like behaviour became the default for vnd(4) devices.  This is
      what is used to build the media.

 - rc.d(8) framework improvements:
    o rc.d(8) is now also used for the base system daemons.
    o Backward compatible with the historic way of starting daemons.
    o Notify the user by appending (ok) or (failed) in interactive mode.
    o Better diagnostics with the introduction of RC_DEBUG.

 - OpenSSH 5.9:
    o New features:
      - Introduce sandboxing of the pre-auth privsep child using an
        optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode
        that enables mandatory restrictions on the syscalls the privsep
        child can perform.
      - Add new SHA256-based HMAC transport integrity modes from
        http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
        These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
        and hmac-sha2-512-96, and are available by default in ssh(1)
        and sshd(8).
      - The pre-authentication sshd(8) privilege separation slave process
        now logs via a socket shared with the master process, avoiding
        the need to maintain /dev/log inside the chroot.
      - ssh(1) now warns when a server refuses X11 forwarding.
      - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
        separated by whitespace. The undocumented AuthorizedKeysFile2
        option is deprecated (though the default for AuthorizedKeysFile
        includes .ssh/authorized_keys2).
      - sshd_config(5): similarly deprecate UserKnownHostsFile2 and
        GlobalKnownHostsFile2 by making UserKnownHostsFile and
        GlobalKnownHostsFile accept multiple options and default to
        include known_hosts2.
      - sshd_config(5)'s ControlPath option now expands %L to the host
        portion of the destination host name.
      - sshd_config(5) "Host" options now support negated Host matching.
      - sshd_config(5): a new RequestTTY option provides control over
        when a TTY is requested for a connection, similar to the existing
        -t/-tt/-T ssh(1) commandline options.
      - ssh-keygen(1): Add -A option. For each of the key types (rsa1,
        rsa, dsa and ecdsa) for which host keys do not exist, generate
        the host keys with the default key file path, an empty passphrase,
        default bits for the key type, and default comment. This is useful
        for system initialisation scripts.
      - ssh(1): Allow graceful shutdown of multiplexing: request that
        mux server removes its listener socket and refuse future
        multiplexing requests but don't kill existing connections. This
        may be requested using "ssh -O stop ...".
      - ssh-add(1): now accepts keys piped from standard input.
      - Retain key comments when loading v.2 keys. These will be visible
        in "ssh-add -l" and other places. (bz#439)
      - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
        IPv4 ToS/DSCP). (bz#1855)
    o The following significant bugs have been fixed in this
      release:
      - sshd(8): allow GSSAPI authentication to detect when a server-side
        failure causes authentication failure and don't count such failures
        against MaxAuthTries. (bz#1244)
      - ssh-keysign(8): now signs hostbased authentication challenges
        correctly using ECDSA keys. (bz#1858)

 - Over 7,200 ports, major robustness and speed improvements in package tools.
 - Many pre-built packages for each architecture:
    o i386: 7008                      o sparc64: 6456
    o alpha: 6046                     o sh: 3721
    o amd64: 6960                     o powerpc: 6691
    o sparc: 3277                     o arm: 2963
    o hppa: 6125                      o vax: 1409
    o mips64: 5689                    o mips64el: 5709

 - Some highlights:
    o Gnome 2.32.2                    o KDE 3.5.10
    o Xfce 4.8.0                      o MySQL 5.1.54
    o PostgreSQL 9.0.5                o Postfix 2.8.4
    o OpenLDAP 2.3.43 and 2.4.25      o Mozilla Firefox 3.5.19, 3.6.18 and 5.0
    o Mozilla Thunderbird 5.0         o GHC 7.0.4
    o LibreOffice 3.4.1.3             o Emacs 21.4, 22.3 and 23.3
    o Vim 7.3.154                     o PHP 5.2.17 and 5.3.6
    o Python 2.4.6, 2.5.4 and 2.7.1   o Ruby 1.8.7.352 and 1.9.2.200
    o Mono 2.10.2                     o Chromium 12.0.742.122
    o Groff 1.21

 - As usual, steady improvements in manual pages and other documentation.
    o Base system and Xenocara manuals are now installed as source code,
      making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
    o If both formatted and source versions of manuals are installed,
      man(1) automatically displays the newer version of each page.

 - The system includes the following major components from outside suppliers:
    o Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
      freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270,
      xkeyboard-config 2.3 and more)
    o Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
    o Perl 5.12.2 (+ patches)
    o Our improved and secured version of Apache 1.3, with
      SSL/TLS and DSO support
    o OpenSSL 1.0.0a (+ patches)
    o Sendmail 8.14.5, with libmilter
    o Bind 9.4.2-P2 (+ patches)
    o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
    o Sudo 1.7.2p8
    o Ncurses 5.7
    o Heimdal 0.7.2 (+ patches)
    o Arla 0.35.7
    o Binutils 2.15 (+ patches)
    o Gdb 6.3 (+ patches)

If you'd like to see a list of what has changed between OpenBSD 4.9
and 5.0, look at

        http://www.OpenBSD.org/plus50.html

Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
We provide patches for known security threats and other important
issues discovered after each CD release.  As usual, between the
creation of the OpenBSD 5.0 FTP/CD-ROM binaries and the actual 4.9
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default).  Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible.  Therefore, we advise regular visits to

        http://www.OpenBSD.org/security.html
and
        http://www.OpenBSD.org/errata.html

Security patch announcements are sent to the [hidden email]
mailing list.  For information on OpenBSD mailing lists, please see:

        http://www.OpenBSD.org/mail.html
OpenBSD 5.0 is also available on CD-ROM.  The 3-CD set costs $50 CDN and
is available via mail order and from a number of contacts around the
world.  The set includes a colourful booklet which carefully explains the
installation of OpenBSD.  A new set of cute little stickers is also
included (sorry, but our FTP mirror sites do not support STP, the Sticker
Transfer Protocol).  As an added bonus, the second CD contains an audio
track, a song entitled "What Me Worry?".  MP3 and OGG versions of
the audio track can be found on the first CD.

Lyrics (and an explanation) for the songs may be found at:

    http://www.OpenBSD.org/lyrics.html#50

Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

The OpenBSD 5.0 CD-ROMs are bootable on the following four platforms:

  o i386
  o amd64
  o macppc
  o sparc64

(Other platforms must boot from floppy, network, or other method).

For more information on ordering CD-ROMs, see:

        http://www.OpenBSD.org/orders.html

The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from.  For our default mail order, go directly to:

        https://https.OpenBSD.org/cgi-bin/order

All of our developers strongly urge you to buy a CD-ROM and support
our future efforts.  Additionally, donations to the project are
highly appreciated, as described in more detail at:

        http://www.OpenBSD.org/goals.html#funding
For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts.  In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses.  There may also be exposure benefits
since the Foundation may be interested in participating in press releases.
In turn, the Foundation then uses these contributions to assist OpenBSD's
infrastructure needs.  Contact the foundation directors at
[hidden email] for more information.
The OpenBSD distribution companies also sell tshirts and polo shirts.
And our users like them, too.  We have a variety of shirts available,
with the new and old designs, from our web ordering system at, as
described above.
If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP or HTTP downloads.  Typically you need a single
small piece of boot media (e.g., a boot floppy) and then the rest
of the files can be installed from a number of locations, including
directly off the Internet.  Follow this simple set of instructions
to ensure that you find all of the documentation you will need
while performing an install via FTP or HTTP.  With the CD-ROMs,
the necessary documentation is easier to find.

1) Read either of the following two files for a list of ftp/http
   mirrors which provide OpenBSD, then choose one near you:

        http://www.OpenBSD.org/ftp.html
        ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/ftplist

   As of Nov 1, 2011, the following ftp mirror sites have the 5.0 release:

        ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.0/       Stockholm, Sweden
        ftp://ftp.bytemine.net/pub/OpenBSD/5.0/         Oldenburg, Germany
        ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.0/       Zurich, Switzerland
        ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.0/       Paris, France
        ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.0/      Vienna, Austria
        ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.0/     Brisbane, Australia
        ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.0/      CO, USA
        ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.0/     CA, USA
        ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.0/         Michigan, USA

        The release is also available at the master site:

        ftp://ftp.openbsd.org/pub/OpenBSD/5.0/          Alberta, Canada

        However it is strongly suggested you use a mirror.

   Other mirror sites may take a day or two to update.

2) Connect to that ftp mirror site and go into the directory
   pub/OpenBSD/5.0/ which contains these files and directories.
   This is a list of what you will see:

        ANNOUNCEMENT     armish/          mvme68k/         sparc64/
        Changelogs/      ftplist          mvme88k/         src.tar.gz
        HARDWARE         hp300/           packages/        sys.tar.gz
        PACKAGES         hppa/            ports.tar.gz     tools/
        PORTS            i386/            root.mail        vax/
        README           landisk/         sgi/             xenocara.tar.gz
        alpha/           mac68k/          socppc/          zaurus/
        amd64/           macppc/          sparc/

   It is quite likely that you will want at LEAST the following
   files which apply to all the architectures OpenBSD supports.

        README          - generic README
        HARDWARE        - list of hardware we support
        PORTS           - description of our "ports" tree
        PACKAGES        - description of pre-compiled packages
        root.mail       - a copy of root's mail at initial login.
                          (This is really worthwhile reading).

3) Read the README file.  It is short, and a quick read will make
   sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
   for example, i386.  This is a list of what you will see:

        INSTALL.i386    cd50.iso        floppyB50.fs    pxeboot*
        INSTALL.linux   cdboot*         floppyC50.fs    xbase50.tgz
        MD5             cdbr*           game50.tgz      xetc50.tgz
        base50.tgz      cdemu50.iso     index.txt       xfont50.tgz
        bsd*            comp50.tgz      install50.iso   xserv50.tgz
        bsd.mp*         etc50.tgz       man50.tgz       xshare50.tgz
        bsd.rd*         floppy50.fs     misc50.tgz

   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
   and the appropriate floppy*.fs or install50.iso files.  Consult the
   INSTALL.i386 file if you don't know which of the floppy images
   you need (or simply fetch all of them).

   If you use the install50.iso file (roughly 250MB in size), then you
   do not need the various *.tgz files since they are contained on that
   one-step ISO-format install CD.

5) If you are an expert, follow the instructions in the file called
   README; otherwise, use the more complete instructions in the
   file called INSTALL.i386.  INSTALL.i386 may tell you that you
   need to fetch other files.

6) Just in case, take a peek at:

        http://www.OpenBSD.org/errata.html

   This is the page where we talk about the mistakes we made while
   creating the 5.0 release, or the significant bugs we fixed
   post-release which we think our users should have fixes for.
   Patches and workarounds are clearly described there.

Note: If you end up needing to write a raw floppy using Windows,
      you can use "fdimage.exe" located in the pub/OpenBSD/5.0/tools
      directory to do so.
X.Org has been integrated more closely into the system.  This release
contains X.Org 7.6.  Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc.  During installation, you can install
X.Org quite easily.  Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.
The OpenBSD ports tree contains automated instructions for building
third party software.  The software has been verified to build and
run on the various OpenBSD architectures.  The 5.0 ports collection,
including many of the distribution files, is included on the 3-CD
set.  Please see the PORTS file for more information.

Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD.  Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).
A large number of binary packages are provided.  Please see the PACKAGES
file (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/PACKAGES) for more details.
The CD-ROMs contain source code for all the subsystems explained
above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/README)
file explains how to deal with these source files.  For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/5.0/ directory:

        xenocara.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz
Ports tree and package building by Jasper Lievisse Adriaanse,
Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler,
Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber.
System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat.
X11 builds by Todd Fries and Miod Vallat.  ISO-9660 filesystem
layout by Theo de Raadt.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use.  We would also like
to thank those who pre-ordered the 5.0 CD-ROM or bought our previous
CD-ROMs.  Those who did not support us financially have still helped
us with our goal of improving the quality of the software.

Our developers are:

    Alexander Bluhm, Alexander Hall, Alexander Schrijver,
    Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov,
    Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
    Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers,
    Bob Beck, Bret Lambert, Charles Longeau, Chris Kuethe,
    Christian Weisgerber, Christiano F. Haesbaert, Claudio Jeker,
    Dale Rahn, Damien Bergamini, Damien Miller, Darren Tucker,
    David Coppa, David Gwynne, David Hill, David Krause, Edd Barrett,
    Eric Faurot, Federico G. Schwindt, Felix Kronlage, Gilles Chehade,
    Giovanni Bechis, Gleydson Soares, Henning Brauer, Ian Darwin,
    Igor Sobrado, Ingo Schwarze, Jacek Masiulaniec, Jakob Schlyter,
    Janne Johansson, Jason George, Jason McIntyre, Jason Meltzer,
    Jasper Lievisse Adriaanse, Jeremy Evans, Jim Razmus II, Joel Sing,
    Joerg Zinke, Jolan Luff, Jonathan Armani, Jonathan Gray,
    Jonathan Matthew, Jordan Hargrave, Joshua Stein,
    Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller,
    Landry Breuil, Laurent Fanis, Marc Espie, Marco Peereboom,
    Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden,
    Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus,
    Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb,
    Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat,
    Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
    Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth,
    Paul de Weerd, Paul Irofti, Peter Hessler, Peter Valchev,
    Philip Guenther, Pierre-Emmanuel Andre, Pierre-Yves Ritschard,
    Remi Pointel, Reyk Floeter, Robert Nagy, Ryan Freeman,
    Ryan Thomas McBride, Sasano, Sebastian Reitenbach, Simon Bertrang,
    Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh,
    Stuart Henderson, Takuya Asada, Ted Unangst, Theo de Raadt,
    Thordur I Bjornsson, Tobias Weingartner, Todd C. Miller, Todd Fries,
    Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD 5.0 released Nov 1, 2011

zantgo@gmail.com
Yeah!!

El 01-11-2011, a las 11:38, Theo de Raadt <[hidden email]>
escribiC3:

> ------------------------------------------------------------------------
> Nov 1, 2011.
>
> We are pleased to announce the official release of OpenBSD 5.0.
> This is our 30th release on CD-ROM (and 31th via FTP).  We remain
> proud of OpenBSD's record of more than ten years with only two remote
> holes in the default install.
>
> As in our previous releases, 5.0 provides significant improvements,
> including new features, in nearly all areas of the system:
>
> - Improved hardware support, including:
>    o MSI interrupts for many devices, on those architectures which can
>      support them (amd64, i386, sparc64 only so far).
>    o A new dma_alloc(9) API makes it easier for kernel code to allocate
>      dma-safe memory.  Many drivers (especially network drivers) and
>      subsystems (in particular scsi and the buffer cache) were adapted
>      to use this.
>    o As a result, big-memory support has been enabled on all possible
>      architectures.
>    o The rather rare bce(4) driver now copies mbufs all the time, to cope
>      with the hardware having a 1GB limit.
>    o Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
>    o Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
>    o Added dfs(4), a driver for Dynamic Frequency Switching on some macppc
>      systems.
>    o cardbus(4) and pcmcia(4) support on sgi.
>    o Suspend/resume support on Loongson Yeelong laptops.
>    o Interrupt handlers for bnx(4), em(4), ix(4) and sis(4) have been
>      improved reducing overhead and increasing performance.
>    o New acpitoshiba(4) driver providing ACPI support for Toshiba laptops.
>    o Added nvt(4), a driver for the W83795G and W83795ADG hardware monitor.
>    o Added support to sdhc(4) for the Ricoh 5U823 SD/MMC controller.
>    o A new fw_update(1) tool to install and update non-free firmware
packages.

>
> - Generic network stack improvements:
>    o Added support for sending Wake on LAN packets using arp(8).
>    o Permit turning Wake on LAN support on/off using ifconfig(8).
>    o Added Wake on LAN support to xl(4), re(4), and vr(4).
>    o Allow ftp-proxy to proxy across rdomains.
>    o The IPv4 stack will no longer accept ICMP redirects when
>      acting as a router.
>    o By default the IPv6 stack will not process ICMP6 redirects.
>      rtsol(8) will turn it back if -F is used.
>    o Reworked large parts of the dhclient(8) options processing for better
>      interoperability.
>    o Fixed carp(4) to work in IPv6 only setups.
>    o Make it possible to bind(2) to the local network broadcast address
>      on datagram and raw sockets.
>    o The default multicast reject route is now ignored if the UDP socket
>      uses the IP_MULTICAST_IF socket option.
>    o Make gre(4) work between systems in the same LAN.
>    o Removed the link1 mode special addressing mode on lo(4).
>    o New net.inet.tcp.always_keepalive sysctl, effectively enabling
>      SO_KEEPALIVE on all TCP sockets.
>
> - Routing daemons and other userland network improvements:
>    o bgpd(8) no longer bumps the rlimits: the rc.d framework respects
>      login classes which is a much better solution.
>    o Correctly set the network filtersets on reload in bgpd(8).
>    o The routing socket is now sending RTM_DESYNC messages if the
>       socketbuffer overflows.
>    o Allow ospfd(8) to send out LS updates and other messages
>      larger than the MTU.
>    o Fixed nexthop calculation in ospfd(8) for directly connected P2P
links.
>    o First bits to support opaque LSA in ospfd(8).  Only basic redistribute
>      logic and LSDB handling for now.
>    o Creating new interfaces will no longer cause a fatal error in
ospf6d(8).

>    o ospf6d(8) handles link-state changes better.
>    o Better loopback handling in ospf6d(8).
>    o No longer install extra multicast routes in ripd(8) and ldpd(8).
>    o Make kqueue(2) work with sosplice(9).
>    o Enabled sosplice(9) in relayd(8) for TCP.
>    o Added support for divert-to which provides some benefits over
>      rdr-to in relayd(8).
>    o Reload support in relayd(8) has been fixed.
>    o Fixed trap sending in snmpd(8).
>    o Make ping6(8) compare minimum amount of bytes between what
>      was received and what was sent out.
>    o Make traceroute(8) with type-of-service setted (-t) display
>      a message if the returned packet has a different tos type.
>    o Added the socket splicing fields of struct socket to netstat -vP
output.
>    o tcpbench(1) now uses libevent and supports both TCP and UDP modes.
>    o TCP socket buffer sizes can now be displayed using the netstat(1) -B
flag.

>    o tcpdump(8) can now filter on icmptype and tcpflags.
>    o bgplg(8) now supports "show ip bgp peer-as".
>
> - pf(4) improvements:
>    o Make pf(4) reassemble IPv6 fragments.  In the forward case, pf
>      refragments the packets with the same maximum size.
>    o Allow pf(4) to filter on the rdomain a packet belongs to.
>    o Make pf(4) allow userland proxies to establish cross rdomain
>      proxy sessions.
>    o Added IPv6 ACK prioritization in pf(4).
>    o Change 'set skip on <...>' to work with interface groups.
>    o pfsync(4) supports IPv6 as network protocol.
>    o Switched ftp-proxy(8) over to divert-to instead of rdr-to.
>    o Switched tftp-proxy(8) over to divert-to instead of rdr-to.
>    o New very low overhead priority queueing implementation for pf(4) used
via

>      the "prio" keyword.
>    o Support for least-states in load balancing pools and tables.
>    o Support for weighted round-robin in load balancing pools and tables.
>
> - SCSI improvements:
>    o Most SCSI hardware drivers now use the new iopools infrastructure.
>    o scsi(4) devices are now all provided with a unique devid, which
>      is displayed during the probe process.
>    o ASC/ASCQ error codes and verbiage now in sync with
>      http://www.t10.org/lists/asc-num.txt.
>    o Progress on iSCSI includes better login, better logout, preliminary
>      FSM support in iscsid(8), and improved logging and debug information.
>    o uk(4) can now safely and reliably detach an unknown SCSI device.
>    o SCSI multipath device and kernel support has been improved.
>    o vscsi(4) now ensures output always goes to the correct connection.
>    o vscsi(4) connections can now be reset gracefully.
>    o scsi(4) devices on fibre channel fabrics no longer inherit the
adapter's

>      address.
>
> - Assorted improvements:
>    o Kernel randomization speed and quality improved substantially.
>    o For additional security, security(8) was rewritten in Perl.
>    o Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet)
>      and supports -Tutf8 output (but no utf8 input yet).
>    o Removed a variety of OS-compat emulation code, leaving just the Linux
>      support.
>    o Small improvements to Linux compat (only available on i386).
>    o Improved our own pkg-config(1) implementation with extended comparison
>      scheme and implementing various new options.
>    o The math library, libm, was fully fleshed out to support all C99
required
>      parts.  Many bugs for various architectures were fixed along the way.
>    o malloc(3) is a lot faster and has a few further security features
(more
>      randomization, as well as the 'S' flag to enable all paranoia checks).
>    o 'make depend' is no longer neccessary in kernel compilation
directories

>      since the dependencies are calculated automatically.
>    o Increased the default size of the buffer cache.
>    o kqueue(2) now works on /dev/random and spliced sockets
>    o On MBR-based disks, scan through up to 256 extended partition tables
>      when looking for an OpenBSD partition table.
>    o Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the
>      O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
>    o Improved lint format string checks and added a few other checks.
>    o kdump(8) now dumps stat and sockaddr structures, sysctl mib
>      strings, and decodes syscall flags and operation bits.
>    o Improved kernel pool debug checking.
>    o Improved correctness of signals and various syscalls when rthreads
>      are in use.
>    o Kernel malloc(9) space and stacks moved to non-dma memory.
>    o Fixed some shutdown/reboot hangs on NFS clients.
>    o UNIX-domain socket paths are now guaranteed to be NUL-terminated.
>    o Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3).
>    o NULL is now a (void *).
>    o grep(1) now supports a -H option to always print filename headers.
>    o Whitelist expiry for spamlogd(8) can now be configured via a -W flag.
>    o ls(1) now supports the POSIX -H option to follow symbolic links
specified
>      on the command line.
>    o disklabel(8) now tries the next auto-allocation scheme if the current
one
>      fails due to insufficient available partitions.
>    o bc(1) gained editline(3) support.
>    o Many enhancements and new functionality has been added to tmux(1).
>    o disklabel(8) supports absolute resizing of partitions in
auto-allocated
>      labels.
>    o newfs(8) accepts k/m/g suffixes for the -S and -s options.
>
> - Install/Upgrade process changes:
>    o Completed support for DUID disk installs, and enabled it fully.
>    o Install non-free firmwares from the internet upon first boot, based on
a

>      question in the installer.
>    o svnd(4)-like behaviour became the default for vnd(4) devices.  This is
>      what is used to build the media.
>
> - rc.d(8) framework improvements:
>    o rc.d(8) is now also used for the base system daemons.
>    o Backward compatible with the historic way of starting daemons.
>    o Notify the user by appending (ok) or (failed) in interactive mode.
>    o Better diagnostics with the introduction of RC_DEBUG.
>
> - OpenSSH 5.9:
>    o New features:
>      - Introduce sandboxing of the pre-auth privsep child using an
>        optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode
>        that enables mandatory restrictions on the syscalls the privsep
>        child can perform.
>      - Add new SHA256-based HMAC transport integrity modes from
>        http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
>        These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
>        and hmac-sha2-512-96, and are available by default in ssh(1)
>        and sshd(8).
>      - The pre-authentication sshd(8) privilege separation slave process
>        now logs via a socket shared with the master process, avoiding
>        the need to maintain /dev/log inside the chroot.
>      - ssh(1) now warns when a server refuses X11 forwarding.
>      - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
>        separated by whitespace. The undocumented AuthorizedKeysFile2
>        option is deprecated (though the default for AuthorizedKeysFile
>        includes .ssh/authorized_keys2).
>      - sshd_config(5): similarly deprecate UserKnownHostsFile2 and
>        GlobalKnownHostsFile2 by making UserKnownHostsFile and
>        GlobalKnownHostsFile accept multiple options and default to
>        include known_hosts2.
>      - sshd_config(5)'s ControlPath option now expands %L to the host
>        portion of the destination host name.
>      - sshd_config(5) "Host" options now support negated Host matching.
>      - sshd_config(5): a new RequestTTY option provides control over
>        when a TTY is requested for a connection, similar to the existing
>        -t/-tt/-T ssh(1) commandline options.
>      - ssh-keygen(1): Add -A option. For each of the key types (rsa1,
>        rsa, dsa and ecdsa) for which host keys do not exist, generate
>        the host keys with the default key file path, an empty passphrase,
>        default bits for the key type, and default comment. This is useful
>        for system initialisation scripts.
>      - ssh(1): Allow graceful shutdown of multiplexing: request that
>        mux server removes its listener socket and refuse future
>        multiplexing requests but don't kill existing connections. This
>        may be requested using "ssh -O stop ...".
>      - ssh-add(1): now accepts keys piped from standard input.
>      - Retain key comments when loading v.2 keys. These will be visible
>        in "ssh-add -l" and other places. (bz#439)
>      - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
>        IPv4 ToS/DSCP). (bz#1855)
>    o The following significant bugs have been fixed in this
>      release:
>      - sshd(8): allow GSSAPI authentication to detect when a server-side
>        failure causes authentication failure and don't count such failures
>        against MaxAuthTries. (bz#1244)
>      - ssh-keysign(8): now signs hostbased authentication challenges
>        correctly using ECDSA keys. (bz#1858)
>
> - Over 7,200 ports, major robustness and speed improvements in package
tools.

> - Many pre-built packages for each architecture:
>    o i386: 7008                      o sparc64: 6456
>    o alpha: 6046                     o sh: 3721
>    o amd64: 6960                     o powerpc: 6691
>    o sparc: 3277                     o arm: 2963
>    o hppa: 6125                      o vax: 1409
>    o mips64: 5689                    o mips64el: 5709
>
> - Some highlights:
>    o Gnome 2.32.2                    o KDE 3.5.10
>    o Xfce 4.8.0                      o MySQL 5.1.54
>    o PostgreSQL 9.0.5                o Postfix 2.8.4
>    o OpenLDAP 2.3.43 and 2.4.25      o Mozilla Firefox 3.5.19, 3.6.18 and
5.0

>    o Mozilla Thunderbird 5.0         o GHC 7.0.4
>    o LibreOffice 3.4.1.3             o Emacs 21.4, 22.3 and 23.3
>    o Vim 7.3.154                     o PHP 5.2.17 and 5.3.6
>    o Python 2.4.6, 2.5.4 and 2.7.1   o Ruby 1.8.7.352 and 1.9.2.200
>    o Mono 2.10.2                     o Chromium 12.0.742.122
>    o Groff 1.21
>
> - As usual, steady improvements in manual pages and other documentation.
>    o Base system and Xenocara manuals are now installed as source code,
>      making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
>    o If both formatted and source versions of manuals are installed,
>      man(1) automatically displays the newer version of each page.
>
> - The system includes the following major components from outside
suppliers:

>    o Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
>      freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270,
>      xkeyboard-config 2.3 and more)
>    o Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
>    o Perl 5.12.2 (+ patches)
>    o Our improved and secured version of Apache 1.3, with
>      SSL/TLS and DSO support
>    o OpenSSL 1.0.0a (+ patches)
>    o Sendmail 8.14.5, with libmilter
>    o Bind 9.4.2-P2 (+ patches)
>    o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
>    o Sudo 1.7.2p8
>    o Ncurses 5.7
>    o Heimdal 0.7.2 (+ patches)
>    o Arla 0.35.7
>    o Binutils 2.15 (+ patches)
>    o Gdb 6.3 (+ patches)
>
> If you'd like to see a list of what has changed between OpenBSD 4.9
> and 5.0, look at
>
>        http://www.OpenBSD.org/plus50.html
>
> Even though the list is a summary of the most important changes
> made to OpenBSD, it still is a very very long list.
> We provide patches for known security threats and other important
> issues discovered after each CD release.  As usual, between the
> creation of the OpenBSD 5.0 FTP/CD-ROM binaries and the actual 4.9
> release date, our team found and fixed some new reliability problems
> (note: most are minor and in subsystems that are not enabled by
> default).  Our continued research into security means we will find
> new security problems -- and we always provide patches as soon as
> possible.  Therefore, we advise regular visits to
>
>        http://www.OpenBSD.org/security.html
> and
>        http://www.OpenBSD.org/errata.html
>
> Security patch announcements are sent to the [hidden email]
> mailing list.  For information on OpenBSD mailing lists, please see:
>
>        http://www.OpenBSD.org/mail.html
> OpenBSD 5.0 is also available on CD-ROM.  The 3-CD set costs $50 CDN and
> is available via mail order and from a number of contacts around the
> world.  The set includes a colourful booklet which carefully explains the
> installation of OpenBSD.  A new set of cute little stickers is also
> included (sorry, but our FTP mirror sites do not support STP, the Sticker
> Transfer Protocol).  As an added bonus, the second CD contains an audio
> track, a song entitled "What Me Worry?".  MP3 and OGG versions of
> the audio track can be found on the first CD.
>
> Lyrics (and an explanation) for the songs may be found at:
>
>    http://www.OpenBSD.org/lyrics.html#50
>
> Profits from CD sales are the primary income source for the OpenBSD
> project -- in essence selling these CD-ROM units ensures that OpenBSD
> will continue to make another release six months from now.
>
> The OpenBSD 5.0 CD-ROMs are bootable on the following four platforms:
>
>  o i386
>  o amd64
>  o macppc
>  o sparc64
>
> (Other platforms must boot from floppy, network, or other method).
>
> For more information on ordering CD-ROMs, see:
>
>        http://www.OpenBSD.org/orders.html
>
> The above web page lists a number of places where OpenBSD CD-ROMs
> can be purchased from.  For our default mail order, go directly to:
>
>        https://https.OpenBSD.org/cgi-bin/order
>
> All of our developers strongly urge you to buy a CD-ROM and support
> our future efforts.  Additionally, donations to the project are
> highly appreciated, as described in more detail at:
>
>        http://www.OpenBSD.org/goals.html#funding
> For those unable to make their contributions as straightforward gifts,
> the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
> not-for-profit corporation that can accept larger contributions and
> issue receipts.  In some situations, their receipt may qualify as a
> business expense write-off, so this is certainly a consideration for
> some organizations or businesses.  There may also be exposure benefits
> since the Foundation may be interested in participating in press releases.
> In turn, the Foundation then uses these contributions to assist OpenBSD's
> infrastructure needs.  Contact the foundation directors at
> [hidden email] for more information.
> The OpenBSD distribution companies also sell tshirts and polo shirts.
> And our users like them, too.  We have a variety of shirts available,
> with the new and old designs, from our web ordering system at, as
> described above.
> If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
> installed via FTP or HTTP downloads.  Typically you need a single
> small piece of boot media (e.g., a boot floppy) and then the rest
> of the files can be installed from a number of locations, including
> directly off the Internet.  Follow this simple set of instructions
> to ensure that you find all of the documentation you will need
> while performing an install via FTP or HTTP.  With the CD-ROMs,
> the necessary documentation is easier to find.
>
> 1) Read either of the following two files for a list of ftp/http
>   mirrors which provide OpenBSD, then choose one near you:
>
>        http://www.OpenBSD.org/ftp.html
>        ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/ftplist
>
>   As of Nov 1, 2011, the following ftp mirror sites have the 5.0 release:
>
>        ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.0/       Stockholm, Sweden
>        ftp://ftp.bytemine.net/pub/OpenBSD/5.0/         Oldenburg, Germany
>        ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.0/       Zurich, Switzerland
>        ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.0/       Paris, France
>        ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.0/      Vienna, Austria
>        ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.0/     Brisbane, Australia
>        ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.0/      CO, USA
>        ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.0/     CA, USA
>        ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.0/         Michigan, USA
>
>        The release is also available at the master site:
>
>        ftp://ftp.openbsd.org/pub/OpenBSD/5.0/          Alberta, Canada
>
>        However it is strongly suggested you use a mirror.
>
>   Other mirror sites may take a day or two to update.
>
> 2) Connect to that ftp mirror site and go into the directory
>   pub/OpenBSD/5.0/ which contains these files and directories.
>   This is a list of what you will see:
>
>        ANNOUNCEMENT     armish/          mvme68k/         sparc64/
>        Changelogs/      ftplist          mvme88k/         src.tar.gz
>        HARDWARE         hp300/           packages/        sys.tar.gz
>        PACKAGES         hppa/            ports.tar.gz     tools/
>        PORTS            i386/            root.mail        vax/
>        README           landisk/         sgi/             xenocara.tar.gz
>        alpha/           mac68k/          socppc/          zaurus/
>        amd64/           macppc/          sparc/
>
>   It is quite likely that you will want at LEAST the following
>   files which apply to all the architectures OpenBSD supports.
>
>        README          - generic README
>        HARDWARE        - list of hardware we support
>        PORTS           - description of our "ports" tree
>        PACKAGES        - description of pre-compiled packages
>        root.mail       - a copy of root's mail at initial login.
>                          (This is really worthwhile reading).
>
> 3) Read the README file.  It is short, and a quick read will make
>   sure you understand what else you need to fetch.
>
> 4) Next, go into the directory that applies to your architecture,
>   for example, i386.  This is a list of what you will see:
>
>        INSTALL.i386    cd50.iso        floppyB50.fs    pxeboot*
>        INSTALL.linux   cdboot*         floppyC50.fs    xbase50.tgz
>        MD5             cdbr*           game50.tgz      xetc50.tgz
>        base50.tgz      cdemu50.iso     index.txt       xfont50.tgz
>        bsd*            comp50.tgz      install50.iso   xserv50.tgz
>        bsd.mp*         etc50.tgz       man50.tgz       xshare50.tgz
>        bsd.rd*         floppy50.fs     misc50.tgz
>
>   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
>   and the appropriate floppy*.fs or install50.iso files.  Consult the
>   INSTALL.i386 file if you don't know which of the floppy images
>   you need (or simply fetch all of them).
>
>   If you use the install50.iso file (roughly 250MB in size), then you
>   do not need the various *.tgz files since they are contained on that
>   one-step ISO-format install CD.
>
> 5) If you are an expert, follow the instructions in the file called
>   README; otherwise, use the more complete instructions in the
>   file called INSTALL.i386.  INSTALL.i386 may tell you that you
>   need to fetch other files.
>
> 6) Just in case, take a peek at:
>
>        http://www.OpenBSD.org/errata.html
>
>   This is the page where we talk about the mistakes we made while
>   creating the 5.0 release, or the significant bugs we fixed
>   post-release which we think our users should have fixes for.
>   Patches and workarounds are clearly described there.
>
> Note: If you end up needing to write a raw floppy using Windows,
>      you can use "fdimage.exe" located in the pub/OpenBSD/5.0/tools
>      directory to do so.
> X.Org has been integrated more closely into the system.  This release
> contains X.Org 7.6.  Most of our architectures ship with X.Org, including
> amd64, sparc, sparc64 and macppc.  During installation, you can install
> X.Org quite easily.  Be sure to try out xdm(1) and see how we have
> customized it for OpenBSD.
> The OpenBSD ports tree contains automated instructions for building
> third party software.  The software has been verified to build and
> run on the various OpenBSD architectures.  The 5.0 ports collection,
> including many of the distribution files, is included on the 3-CD
> set.  Please see the PORTS file for more information.
>
> Note: some of the most popular ports, e.g., the Apache web server
> and several X applications, come standard with OpenBSD.  Also, many
> popular ports have been pre-compiled for those who do not desire
> to build their own binaries (see BINARY PACKAGES, below).
> A large number of binary packages are provided.  Please see the PACKAGES
> file (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/PACKAGES) for more details.
> The CD-ROMs contain source code for all the subsystems explained
> above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/README)
> file explains how to deal with these source files.  For those who
> are doing an FTP install, the source code for all four subsystems
> can be found in the pub/OpenBSD/5.0/ directory:
>
>        xenocara.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz
> Ports tree and package building by Jasper Lievisse Adriaanse,
> Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler,
> Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber.
> System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat.
> X11 builds by Todd Fries and Miod Vallat.  ISO-9660 filesystem
> layout by Theo de Raadt.
>
> We would like to thank all of the people who sent in bug reports, bug
> fixes, donation cheques, and hardware that we use.  We would also like
> to thank those who pre-ordered the 5.0 CD-ROM or bought our previous
> CD-ROMs.  Those who did not support us financially have still helped
> us with our goal of improving the quality of the software.
>
> Our developers are:
>
>    Alexander Bluhm, Alexander Hall, Alexander Schrijver,
>    Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov,
>    Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
>    Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers,
>    Bob Beck, Bret Lambert, Charles Longeau, Chris Kuethe,
>    Christian Weisgerber, Christiano F. Haesbaert, Claudio Jeker,
>    Dale Rahn, Damien Bergamini, Damien Miller, Darren Tucker,
>    David Coppa, David Gwynne, David Hill, David Krause, Edd Barrett,
>    Eric Faurot, Federico G. Schwindt, Felix Kronlage, Gilles Chehade,
>    Giovanni Bechis, Gleydson Soares, Henning Brauer, Ian Darwin,
>    Igor Sobrado, Ingo Schwarze, Jacek Masiulaniec, Jakob Schlyter,
>    Janne Johansson, Jason George, Jason McIntyre, Jason Meltzer,
>    Jasper Lievisse Adriaanse, Jeremy Evans, Jim Razmus II, Joel Sing,
>    Joerg Zinke, Jolan Luff, Jonathan Armani, Jonathan Gray,
>    Jonathan Matthew, Jordan Hargrave, Joshua Stein,
>    Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller,
>    Landry Breuil, Laurent Fanis, Marc Espie, Marco Peereboom,
>    Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden,
>    Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus,
>    Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb,
>    Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat,
>    Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
>    Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth,
>    Paul de Weerd, Paul Irofti, Peter Hessler, Peter Valchev,
>    Philip Guenther, Pierre-Emmanuel Andre, Pierre-Yves Ritschard,
>    Remi Pointel, Reyk Floeter, Robert Nagy, Ryan Freeman,
>    Ryan Thomas McBride, Sasano, Sebastian Reitenbach, Simon Bertrang,
>    Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh,
>    Stuart Henderson, Takuya Asada, Ted Unangst, Theo de Raadt,
>    Thordur I Bjornsson, Tobias Weingartner, Todd C. Miller, Todd Fries,
>    Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD 5.0 released Nov 1, 2011

Alan Cheng-2
In reply to this post by Theo de Raadt
Thanks!  and Yeah!

On Tue, Nov 1, 2011 at 10:38 PM, Theo de Raadt <[hidden email]>wrote:

> ------------------------------------------------------------------------
> Nov 1, 2011.
>
> We are pleased to announce the official release of OpenBSD 5.0.
> This is our 30th release on CD-ROM (and 31th via FTP).  We remain
> proud of OpenBSD's record of more than ten years with only two remote
> holes in the default install.
>
> As in our previous releases, 5.0 provides significant improvements,
> including new features, in nearly all areas of the system:
>
>  - Improved hardware support, including:
>    o MSI interrupts for many devices, on those architectures which can
>      support them (amd64, i386, sparc64 only so far).
>    o A new dma_alloc(9) API makes it easier for kernel code to allocate
>      dma-safe memory.  Many drivers (especially network drivers) and
>      subsystems (in particular scsi and the buffer cache) were adapted
>      to use this.
>    o As a result, big-memory support has been enabled on all possible
>      architectures.
>    o The rather rare bce(4) driver now copies mbufs all the time, to cope
>      with the hardware having a 1GB limit.
>    o Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
>    o Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
>    o Added dfs(4), a driver for Dynamic Frequency Switching on some macppc
>      systems.
>    o cardbus(4) and pcmcia(4) support on sgi.
>    o Suspend/resume support on Loongson Yeelong laptops.
>    o Interrupt handlers for bnx(4), em(4), ix(4) and sis(4) have been
>      improved reducing overhead and increasing performance.
>    o New acpitoshiba(4) driver providing ACPI support for Toshiba laptops.
>    o Added nvt(4), a driver for the W83795G and W83795ADG hardware monitor.
>    o Added support to sdhc(4) for the Ricoh 5U823 SD/MMC controller.
>    o A new fw_update(1) tool to install and update non-free firmware
> packages.
>
>  - Generic network stack improvements:
>    o Added support for sending Wake on LAN packets using arp(8).
>    o Permit turning Wake on LAN support on/off using ifconfig(8).
>    o Added Wake on LAN support to xl(4), re(4), and vr(4).
>    o Allow ftp-proxy to proxy across rdomains.
>    o The IPv4 stack will no longer accept ICMP redirects when
>      acting as a router.
>    o By default the IPv6 stack will not process ICMP6 redirects.
>      rtsol(8) will turn it back if -F is used.
>    o Reworked large parts of the dhclient(8) options processing for better
>      interoperability.
>    o Fixed carp(4) to work in IPv6 only setups.
>    o Make it possible to bind(2) to the local network broadcast address
>      on datagram and raw sockets.
>    o The default multicast reject route is now ignored if the UDP socket
>      uses the IP_MULTICAST_IF socket option.
>    o Make gre(4) work between systems in the same LAN.
>    o Removed the link1 mode special addressing mode on lo(4).
>    o New net.inet.tcp.always_keepalive sysctl, effectively enabling
>      SO_KEEPALIVE on all TCP sockets.
>
>  - Routing daemons and other userland network improvements:
>    o bgpd(8) no longer bumps the rlimits: the rc.d framework respects
>      login classes which is a much better solution.
>    o Correctly set the network filtersets on reload in bgpd(8).
>    o The routing socket is now sending RTM_DESYNC messages if the
>       socketbuffer overflows.
>    o Allow ospfd(8) to send out LS updates and other messages
>      larger than the MTU.
>    o Fixed nexthop calculation in ospfd(8) for directly connected P2P
> links.
>    o First bits to support opaque LSA in ospfd(8).  Only basic redistribute
>      logic and LSDB handling for now.
>    o Creating new interfaces will no longer cause a fatal error in
> ospf6d(8).
>    o ospf6d(8) handles link-state changes better.
>    o Better loopback handling in ospf6d(8).
>    o No longer install extra multicast routes in ripd(8) and ldpd(8).
>    o Make kqueue(2) work with sosplice(9).
>    o Enabled sosplice(9) in relayd(8) for TCP.
>    o Added support for divert-to which provides some benefits over
>      rdr-to in relayd(8).
>    o Reload support in relayd(8) has been fixed.
>    o Fixed trap sending in snmpd(8).
>    o Make ping6(8) compare minimum amount of bytes between what
>      was received and what was sent out.
>    o Make traceroute(8) with type-of-service setted (-t) display
>      a message if the returned packet has a different tos type.
>    o Added the socket splicing fields of struct socket to netstat -vP
> output.
>    o tcpbench(1) now uses libevent and supports both TCP and UDP modes.
>    o TCP socket buffer sizes can now be displayed using the netstat(1) -B
> flag.
>    o tcpdump(8) can now filter on icmptype and tcpflags.
>    o bgplg(8) now supports "show ip bgp peer-as".
>
>  - pf(4) improvements:
>    o Make pf(4) reassemble IPv6 fragments.  In the forward case, pf
>      refragments the packets with the same maximum size.
>    o Allow pf(4) to filter on the rdomain a packet belongs to.
>    o Make pf(4) allow userland proxies to establish cross rdomain
>      proxy sessions.
>    o Added IPv6 ACK prioritization in pf(4).
>    o Change 'set skip on <...>' to work with interface groups.
>    o pfsync(4) supports IPv6 as network protocol.
>    o Switched ftp-proxy(8) over to divert-to instead of rdr-to.
>    o Switched tftp-proxy(8) over to divert-to instead of rdr-to.
>    o New very low overhead priority queueing implementation for pf(4) used
> via
>      the "prio" keyword.
>    o Support for least-states in load balancing pools and tables.
>    o Support for weighted round-robin in load balancing pools and tables.
>
>  - SCSI improvements:
>    o Most SCSI hardware drivers now use the new iopools infrastructure.
>    o scsi(4) devices are now all provided with a unique devid, which
>      is displayed during the probe process.
>    o ASC/ASCQ error codes and verbiage now in sync with
>      http://www.t10.org/lists/asc-num.txt.
>    o Progress on iSCSI includes better login, better logout, preliminary
>      FSM support in iscsid(8), and improved logging and debug information.
>    o uk(4) can now safely and reliably detach an unknown SCSI device.
>    o SCSI multipath device and kernel support has been improved.
>    o vscsi(4) now ensures output always goes to the correct connection.
>    o vscsi(4) connections can now be reset gracefully.
>    o scsi(4) devices on fibre channel fabrics no longer inherit the
> adapter's
>      address.
>
>  - Assorted improvements:
>    o Kernel randomization speed and quality improved substantially.
>    o For additional security, security(8) was rewritten in Perl.
>    o Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet)
>      and supports -Tutf8 output (but no utf8 input yet).
>    o Removed a variety of OS-compat emulation code, leaving just the Linux
>      support.
>    o Small improvements to Linux compat (only available on i386).
>    o Improved our own pkg-config(1) implementation with extended comparison
>      scheme and implementing various new options.
>    o The math library, libm, was fully fleshed out to support all C99
> required
>      parts.  Many bugs for various architectures were fixed along the way.
>    o malloc(3) is a lot faster and has a few further security features
> (more
>      randomization, as well as the 'S' flag to enable all paranoia checks).
>    o 'make depend' is no longer neccessary in kernel compilation
> directories
>      since the dependencies are calculated automatically.
>    o Increased the default size of the buffer cache.
>    o kqueue(2) now works on /dev/random and spliced sockets
>    o On MBR-based disks, scan through up to 256 extended partition tables
>      when looking for an OpenBSD partition table.
>    o Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the
>      O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
>    o Improved lint format string checks and added a few other checks.
>    o kdump(8) now dumps stat and sockaddr structures, sysctl mib
>      strings, and decodes syscall flags and operation bits.
>    o Improved kernel pool debug checking.
>    o Improved correctness of signals and various syscalls when rthreads
>      are in use.
>    o Kernel malloc(9) space and stacks moved to non-dma memory.
>    o Fixed some shutdown/reboot hangs on NFS clients.
>    o UNIX-domain socket paths are now guaranteed to be NUL-terminated.
>    o Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3).
>    o NULL is now a (void *).
>    o grep(1) now supports a -H option to always print filename headers.
>    o Whitelist expiry for spamlogd(8) can now be configured via a -W flag.
>    o ls(1) now supports the POSIX -H option to follow symbolic links
> specified
>      on the command line.
>    o disklabel(8) now tries the next auto-allocation scheme if the current
> one
>      fails due to insufficient available partitions.
>    o bc(1) gained editline(3) support.
>    o Many enhancements and new functionality has been added to tmux(1).
>    o disklabel(8) supports absolute resizing of partitions in
> auto-allocated
>      labels.
>    o newfs(8) accepts k/m/g suffixes for the -S and -s options.
>
>  - Install/Upgrade process changes:
>    o Completed support for DUID disk installs, and enabled it fully.
>    o Install non-free firmwares from the internet upon first boot, based
> on a
>      question in the installer.
>    o svnd(4)-like behaviour became the default for vnd(4) devices.  This is
>      what is used to build the media.
>
>  - rc.d(8) framework improvements:
>    o rc.d(8) is now also used for the base system daemons.
>    o Backward compatible with the historic way of starting daemons.
>    o Notify the user by appending (ok) or (failed) in interactive mode.
>    o Better diagnostics with the introduction of RC_DEBUG.
>
>  - OpenSSH 5.9:
>    o New features:
>      - Introduce sandboxing of the pre-auth privsep child using an
>        optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode
>        that enables mandatory restrictions on the syscalls the privsep
>        child can perform.
>      - Add new SHA256-based HMAC transport integrity modes from
>        http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
>        These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
>        and hmac-sha2-512-96, and are available by default in ssh(1)
>        and sshd(8).
>      - The pre-authentication sshd(8) privilege separation slave process
>        now logs via a socket shared with the master process, avoiding
>        the need to maintain /dev/log inside the chroot.
>      - ssh(1) now warns when a server refuses X11 forwarding.
>      - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
>        separated by whitespace. The undocumented AuthorizedKeysFile2
>        option is deprecated (though the default for AuthorizedKeysFile
>        includes .ssh/authorized_keys2).
>      - sshd_config(5): similarly deprecate UserKnownHostsFile2 and
>        GlobalKnownHostsFile2 by making UserKnownHostsFile and
>        GlobalKnownHostsFile accept multiple options and default to
>        include known_hosts2.
>      - sshd_config(5)'s ControlPath option now expands %L to the host
>        portion of the destination host name.
>      - sshd_config(5) "Host" options now support negated Host matching.
>      - sshd_config(5): a new RequestTTY option provides control over
>        when a TTY is requested for a connection, similar to the existing
>        -t/-tt/-T ssh(1) commandline options.
>      - ssh-keygen(1): Add -A option. For each of the key types (rsa1,
>        rsa, dsa and ecdsa) for which host keys do not exist, generate
>        the host keys with the default key file path, an empty passphrase,
>        default bits for the key type, and default comment. This is useful
>        for system initialisation scripts.
>      - ssh(1): Allow graceful shutdown of multiplexing: request that
>        mux server removes its listener socket and refuse future
>        multiplexing requests but don't kill existing connections. This
>        may be requested using "ssh -O stop ...".
>      - ssh-add(1): now accepts keys piped from standard input.
>      - Retain key comments when loading v.2 keys. These will be visible
>        in "ssh-add -l" and other places. (bz#439)
>      - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
>        IPv4 ToS/DSCP). (bz#1855)
>    o The following significant bugs have been fixed in this
>      release:
>      - sshd(8): allow GSSAPI authentication to detect when a server-side
>        failure causes authentication failure and don't count such failures
>        against MaxAuthTries. (bz#1244)
>      - ssh-keysign(8): now signs hostbased authentication challenges
>        correctly using ECDSA keys. (bz#1858)
>
>  - Over 7,200 ports, major robustness and speed improvements in package
> tools.
>  - Many pre-built packages for each architecture:
>    o i386: 7008                      o sparc64: 6456
>    o alpha: 6046                     o sh: 3721
>    o amd64: 6960                     o powerpc: 6691
>    o sparc: 3277                     o arm: 2963
>    o hppa: 6125                      o vax: 1409
>    o mips64: 5689                    o mips64el: 5709
>
>  - Some highlights:
>    o Gnome 2.32.2                    o KDE 3.5.10
>    o Xfce 4.8.0                      o MySQL 5.1.54
>    o PostgreSQL 9.0.5                o Postfix 2.8.4
>    o OpenLDAP 2.3.43 and 2.4.25      o Mozilla Firefox 3.5.19, 3.6.18 and
> 5.0
>    o Mozilla Thunderbird 5.0         o GHC 7.0.4
>    o LibreOffice 3.4.1.3             o Emacs 21.4, 22.3 and 23.3
>    o Vim 7.3.154                     o PHP 5.2.17 and 5.3.6
>    o Python 2.4.6, 2.5.4 and 2.7.1   o Ruby 1.8.7.352 and 1.9.2.200
>    o Mono 2.10.2                     o Chromium 12.0.742.122
>    o Groff 1.21
>
>  - As usual, steady improvements in manual pages and other documentation.
>    o Base system and Xenocara manuals are now installed as source code,
>      making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
>    o If both formatted and source versions of manuals are installed,
>      man(1) automatically displays the newer version of each page.
>
>  - The system includes the following major components from outside
> suppliers:
>    o Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
>      freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270,
>      xkeyboard-config 2.3 and more)
>    o Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
>    o Perl 5.12.2 (+ patches)
>    o Our improved and secured version of Apache 1.3, with
>      SSL/TLS and DSO support
>    o OpenSSL 1.0.0a (+ patches)
>    o Sendmail 8.14.5, with libmilter
>    o Bind 9.4.2-P2 (+ patches)
>    o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
>    o Sudo 1.7.2p8
>    o Ncurses 5.7
>    o Heimdal 0.7.2 (+ patches)
>    o Arla 0.35.7
>    o Binutils 2.15 (+ patches)
>    o Gdb 6.3 (+ patches)
>
> If you'd like to see a list of what has changed between OpenBSD 4.9
> and 5.0, look at
>
>        http://www.OpenBSD.org/plus50.html
>
> Even though the list is a summary of the most important changes
> made to OpenBSD, it still is a very very long list.
> We provide patches for known security threats and other important
> issues discovered after each CD release.  As usual, between the
> creation of the OpenBSD 5.0 FTP/CD-ROM binaries and the actual 4.9
> release date, our team found and fixed some new reliability problems
> (note: most are minor and in subsystems that are not enabled by
> default).  Our continued research into security means we will find
> new security problems -- and we always provide patches as soon as
> possible.  Therefore, we advise regular visits to
>
>        http://www.OpenBSD.org/security.html
> and
>        http://www.OpenBSD.org/errata.html
>
> Security patch announcements are sent to the [hidden email]
> mailing list.  For information on OpenBSD mailing lists, please see:
>
>        http://www.OpenBSD.org/mail.html
> OpenBSD 5.0 is also available on CD-ROM.  The 3-CD set costs $50 CDN and
> is available via mail order and from a number of contacts around the
> world.  The set includes a colourful booklet which carefully explains the
> installation of OpenBSD.  A new set of cute little stickers is also
> included (sorry, but our FTP mirror sites do not support STP, the Sticker
> Transfer Protocol).  As an added bonus, the second CD contains an audio
> track, a song entitled "What Me Worry?".  MP3 and OGG versions of
> the audio track can be found on the first CD.
>
> Lyrics (and an explanation) for the songs may be found at:
>
>    http://www.OpenBSD.org/lyrics.html#50
>
> Profits from CD sales are the primary income source for the OpenBSD
> project -- in essence selling these CD-ROM units ensures that OpenBSD
> will continue to make another release six months from now.
>
> The OpenBSD 5.0 CD-ROMs are bootable on the following four platforms:
>
>  o i386
>  o amd64
>  o macppc
>  o sparc64
>
> (Other platforms must boot from floppy, network, or other method).
>
> For more information on ordering CD-ROMs, see:
>
>        http://www.OpenBSD.org/orders.html
>
> The above web page lists a number of places where OpenBSD CD-ROMs
> can be purchased from.  For our default mail order, go directly to:
>
>        https://https.OpenBSD.org/cgi-bin/order
>
> All of our developers strongly urge you to buy a CD-ROM and support
> our future efforts.  Additionally, donations to the project are
> highly appreciated, as described in more detail at:
>
>        http://www.OpenBSD.org/goals.html#funding
> For those unable to make their contributions as straightforward gifts,
> the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
> not-for-profit corporation that can accept larger contributions and
> issue receipts.  In some situations, their receipt may qualify as a
> business expense write-off, so this is certainly a consideration for
> some organizations or businesses.  There may also be exposure benefits
> since the Foundation may be interested in participating in press releases.
> In turn, the Foundation then uses these contributions to assist OpenBSD's
> infrastructure needs.  Contact the foundation directors at
> [hidden email] for more information.
> The OpenBSD distribution companies also sell tshirts and polo shirts.
> And our users like them, too.  We have a variety of shirts available,
> with the new and old designs, from our web ordering system at, as
> described above.
> If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
> installed via FTP or HTTP downloads.  Typically you need a single
> small piece of boot media (e.g., a boot floppy) and then the rest
> of the files can be installed from a number of locations, including
> directly off the Internet.  Follow this simple set of instructions
> to ensure that you find all of the documentation you will need
> while performing an install via FTP or HTTP.  With the CD-ROMs,
> the necessary documentation is easier to find.
>
> 1) Read either of the following two files for a list of ftp/http
>   mirrors which provide OpenBSD, then choose one near you:
>
>        http://www.OpenBSD.org/ftp.html
>        ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/ftplist
>
>   As of Nov 1, 2011, the following ftp mirror sites have the 5.0 release:
>
>        ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.0/       Stockholm, Sweden
>        ftp://ftp.bytemine.net/pub/OpenBSD/5.0/         Oldenburg, Germany
>        ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.0/       Zurich, Switzerland
>        ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.0/       Paris, France
>        ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.0/      Vienna, Austria
>        ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.0/     Brisbane, Australia
>        ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.0/      CO, USA
>        ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.0/     CA, USA
>        ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.0/         Michigan, USA
>
>        The release is also available at the master site:
>
>        ftp://ftp.openbsd.org/pub/OpenBSD/5.0/          Alberta, Canada
>
>        However it is strongly suggested you use a mirror.
>
>   Other mirror sites may take a day or two to update.
>
> 2) Connect to that ftp mirror site and go into the directory
>   pub/OpenBSD/5.0/ which contains these files and directories.
>   This is a list of what you will see:
>
>        ANNOUNCEMENT     armish/          mvme68k/         sparc64/
>        Changelogs/      ftplist          mvme88k/         src.tar.gz
>        HARDWARE         hp300/           packages/        sys.tar.gz
>        PACKAGES         hppa/            ports.tar.gz     tools/
>        PORTS            i386/            root.mail        vax/
>        README           landisk/         sgi/             xenocara.tar.gz
>        alpha/           mac68k/          socppc/          zaurus/
>        amd64/           macppc/          sparc/
>
>   It is quite likely that you will want at LEAST the following
>   files which apply to all the architectures OpenBSD supports.
>
>        README          - generic README
>        HARDWARE        - list of hardware we support
>        PORTS           - description of our "ports" tree
>        PACKAGES        - description of pre-compiled packages
>        root.mail       - a copy of root's mail at initial login.
>                          (This is really worthwhile reading).
>
> 3) Read the README file.  It is short, and a quick read will make
>   sure you understand what else you need to fetch.
>
> 4) Next, go into the directory that applies to your architecture,
>   for example, i386.  This is a list of what you will see:
>
>        INSTALL.i386    cd50.iso        floppyB50.fs    pxeboot*
>        INSTALL.linux   cdboot*         floppyC50.fs    xbase50.tgz
>        MD5             cdbr*           game50.tgz      xetc50.tgz
>        base50.tgz      cdemu50.iso     index.txt       xfont50.tgz
>        bsd*            comp50.tgz      install50.iso   xserv50.tgz
>        bsd.mp*         etc50.tgz       man50.tgz       xshare50.tgz
>        bsd.rd*         floppy50.fs     misc50.tgz
>
>   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
>   and the appropriate floppy*.fs or install50.iso files.  Consult the
>   INSTALL.i386 file if you don't know which of the floppy images
>   you need (or simply fetch all of them).
>
>   If you use the install50.iso file (roughly 250MB in size), then you
>   do not need the various *.tgz files since they are contained on that
>   one-step ISO-format install CD.
>
> 5) If you are an expert, follow the instructions in the file called
>   README; otherwise, use the more complete instructions in the
>   file called INSTALL.i386.  INSTALL.i386 may tell you that you
>   need to fetch other files.
>
> 6) Just in case, take a peek at:
>
>        http://www.OpenBSD.org/errata.html
>
>   This is the page where we talk about the mistakes we made while
>   creating the 5.0 release, or the significant bugs we fixed
>   post-release which we think our users should have fixes for.
>   Patches and workarounds are clearly described there.
>
> Note: If you end up needing to write a raw floppy using Windows,
>      you can use "fdimage.exe" located in the pub/OpenBSD/5.0/tools
>      directory to do so.
> X.Org has been integrated more closely into the system.  This release
> contains X.Org 7.6.  Most of our architectures ship with X.Org, including
> amd64, sparc, sparc64 and macppc.  During installation, you can install
> X.Org quite easily.  Be sure to try out xdm(1) and see how we have
> customized it for OpenBSD.
> The OpenBSD ports tree contains automated instructions for building
> third party software.  The software has been verified to build and
> run on the various OpenBSD architectures.  The 5.0 ports collection,
> including many of the distribution files, is included on the 3-CD
> set.  Please see the PORTS file for more information.
>
> Note: some of the most popular ports, e.g., the Apache web server
> and several X applications, come standard with OpenBSD.  Also, many
> popular ports have been pre-compiled for those who do not desire
> to build their own binaries (see BINARY PACKAGES, below).
> A large number of binary packages are provided.  Please see the PACKAGES
> file (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/PACKAGES) for more details.
> The CD-ROMs contain source code for all the subsystems explained
> above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/README)
> file explains how to deal with these source files.  For those who
> are doing an FTP install, the source code for all four subsystems
> can be found in the pub/OpenBSD/5.0/ directory:
>
>        xenocara.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz
> Ports tree and package building by Jasper Lievisse Adriaanse,
> Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler,
> Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber.
> System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat.
> X11 builds by Todd Fries and Miod Vallat.  ISO-9660 filesystem
> layout by Theo de Raadt.
>
> We would like to thank all of the people who sent in bug reports, bug
> fixes, donation cheques, and hardware that we use.  We would also like
> to thank those who pre-ordered the 5.0 CD-ROM or bought our previous
> CD-ROMs.  Those who did not support us financially have still helped
> us with our goal of improving the quality of the software.
>
> Our developers are:
>
>    Alexander Bluhm, Alexander Hall, Alexander Schrijver,
>    Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov,
>    Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
>    Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers,
>    Bob Beck, Bret Lambert, Charles Longeau, Chris Kuethe,
>    Christian Weisgerber, Christiano F. Haesbaert, Claudio Jeker,
>    Dale Rahn, Damien Bergamini, Damien Miller, Darren Tucker,
>    David Coppa, David Gwynne, David Hill, David Krause, Edd Barrett,
>    Eric Faurot, Federico G. Schwindt, Felix Kronlage, Gilles Chehade,
>    Giovanni Bechis, Gleydson Soares, Henning Brauer, Ian Darwin,
>    Igor Sobrado, Ingo Schwarze, Jacek Masiulaniec, Jakob Schlyter,
>    Janne Johansson, Jason George, Jason McIntyre, Jason Meltzer,
>    Jasper Lievisse Adriaanse, Jeremy Evans, Jim Razmus II, Joel Sing,
>    Joerg Zinke, Jolan Luff, Jonathan Armani, Jonathan Gray,
>    Jonathan Matthew, Jordan Hargrave, Joshua Stein,
>    Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller,
>    Landry Breuil, Laurent Fanis, Marc Espie, Marco Peereboom,
>    Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden,
>    Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus,
>    Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb,
>    Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat,
>    Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
>    Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth,
>    Paul de Weerd, Paul Irofti, Peter Hessler, Peter Valchev,
>    Philip Guenther, Pierre-Emmanuel Andre, Pierre-Yves Ritschard,
>    Remi Pointel, Reyk Floeter, Robert Nagy, Ryan Freeman,
>    Ryan Thomas McBride, Sasano, Sebastian Reitenbach, Simon Bertrang,
>    Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh,
>    Stuart Henderson, Takuya Asada, Ted Unangst, Theo de Raadt,
>    Thordur I Bjornsson, Tobias Weingartner, Todd C. Miller, Todd Fries,
>    Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD 5.0 released Nov 1, 2011

John Cosimano
In reply to this post by Theo de Raadt
Awesome! Thanks for what is sure to be another great release.

Is this officially the first release that didn't have a patch issued?

http://www.openbsd.org/errata49.html

I've only been paying attention since about 2.6, and don't recall a
clean track record like this.

If so, that's an amazing feat!

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD 5.0 released Nov 1, 2011

Johan Ryberg
Great news =)

This is awesome! Good work

// Johan

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD 5.0 released Nov 1, 2011

Dave U. Random
In reply to this post by Theo de Raadt
Congrats and thanks to you and the entire OpenBSD team!

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD 5.0 released Nov 1, 2011

Indunil Jayasooriya
In reply to this post by Theo de Raadt
Hi,

Thanks a lot for you and all the developers.





On Tue, Nov 1, 2011 at 8:08 PM, Theo de Raadt <[hidden email]>wrote:

> ------------------------------------------------------------------------
> Nov 1, 2011.
>
> We are pleased to announce the official release of OpenBSD 5.0.
> This is our 30th release on CD-ROM (and 31th via FTP).  We remain
> proud of OpenBSD's record of more than ten years with only two remote
> holes in the default install.
>
> As in our previous releases, 5.0 provides significant improvements,
> including new features, in nearly all areas of the system:
>
>  - Improved hardware support, including:
>    o MSI interrupts for many devices, on those architectures which can
>      support them (amd64, i386, sparc64 only so far).
>    o A new dma_alloc(9) API makes it easier for kernel code to allocate
>      dma-safe memory.  Many drivers (especially network drivers) and
>      subsystems (in particular scsi and the buffer cache) were adapted
>      to use this.
>    o As a result, big-memory support has been enabled on all possible
>      architectures.
>    o The rather rare bce(4) driver now copies mbufs all the time, to cope
>      with the hardware having a 1GB limit.
>    o Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
>    o Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
>    o Added dfs(4), a driver for Dynamic Frequency Switching on some macppc
>      systems.
>    o cardbus(4) and pcmcia(4) support on sgi.
>    o Suspend/resume support on Loongson Yeelong laptops.
>    o Interrupt handlers for bnx(4), em(4), ix(4) and sis(4) have been
>      improved reducing overhead and increasing performance.
>    o New acpitoshiba(4) driver providing ACPI support for Toshiba laptops.
>    o Added nvt(4), a driver for the W83795G and W83795ADG hardware monitor.
>    o Added support to sdhc(4) for the Ricoh 5U823 SD/MMC controller.
>    o A new fw_update(1) tool to install and update non-free firmware
> packages.
>
>  - Generic network stack improvements:
>    o Added support for sending Wake on LAN packets using arp(8).
>    o Permit turning Wake on LAN support on/off using ifconfig(8).
>    o Added Wake on LAN support to xl(4), re(4), and vr(4).
>    o Allow ftp-proxy to proxy across rdomains.
>    o The IPv4 stack will no longer accept ICMP redirects when
>      acting as a router.
>    o By default the IPv6 stack will not process ICMP6 redirects.
>      rtsol(8) will turn it back if -F is used.
>    o Reworked large parts of the dhclient(8) options processing for better
>      interoperability.
>    o Fixed carp(4) to work in IPv6 only setups.
>    o Make it possible to bind(2) to the local network broadcast address
>      on datagram and raw sockets.
>    o The default multicast reject route is now ignored if the UDP socket
>      uses the IP_MULTICAST_IF socket option.
>    o Make gre(4) work between systems in the same LAN.
>    o Removed the link1 mode special addressing mode on lo(4).
>    o New net.inet.tcp.always_keepalive sysctl, effectively enabling
>      SO_KEEPALIVE on all TCP sockets.
>
>  - Routing daemons and other userland network improvements:
>    o bgpd(8) no longer bumps the rlimits: the rc.d framework respects
>      login classes which is a much better solution.
>    o Correctly set the network filtersets on reload in bgpd(8).
>    o The routing socket is now sending RTM_DESYNC messages if the
>       socketbuffer overflows.
>    o Allow ospfd(8) to send out LS updates and other messages
>      larger than the MTU.
>    o Fixed nexthop calculation in ospfd(8) for directly connected P2P
> links.
>    o First bits to support opaque LSA in ospfd(8).  Only basic redistribute
>      logic and LSDB handling for now.
>    o Creating new interfaces will no longer cause a fatal error in
> ospf6d(8).
>    o ospf6d(8) handles link-state changes better.
>    o Better loopback handling in ospf6d(8).
>    o No longer install extra multicast routes in ripd(8) and ldpd(8).
>    o Make kqueue(2) work with sosplice(9).
>    o Enabled sosplice(9) in relayd(8) for TCP.
>    o Added support for divert-to which provides some benefits over
>      rdr-to in relayd(8).
>    o Reload support in relayd(8) has been fixed.
>    o Fixed trap sending in snmpd(8).
>    o Make ping6(8) compare minimum amount of bytes between what
>      was received and what was sent out.
>    o Make traceroute(8) with type-of-service setted (-t) display
>      a message if the returned packet has a different tos type.
>    o Added the socket splicing fields of struct socket to netstat -vP
> output.
>    o tcpbench(1) now uses libevent and supports both TCP and UDP modes.
>    o TCP socket buffer sizes can now be displayed using the netstat(1) -B
> flag.
>    o tcpdump(8) can now filter on icmptype and tcpflags.
>    o bgplg(8) now supports "show ip bgp peer-as".
>
>  - pf(4) improvements:
>    o Make pf(4) reassemble IPv6 fragments.  In the forward case, pf
>      refragments the packets with the same maximum size.
>    o Allow pf(4) to filter on the rdomain a packet belongs to.
>    o Make pf(4) allow userland proxies to establish cross rdomain
>      proxy sessions.
>    o Added IPv6 ACK prioritization in pf(4).
>    o Change 'set skip on <...>' to work with interface groups.
>    o pfsync(4) supports IPv6 as network protocol.
>    o Switched ftp-proxy(8) over to divert-to instead of rdr-to.
>    o Switched tftp-proxy(8) over to divert-to instead of rdr-to.
>    o New very low overhead priority queueing implementation for pf(4) used
> via
>      the "prio" keyword.
>    o Support for least-states in load balancing pools and tables.
>    o Support for weighted round-robin in load balancing pools and tables.
>
>  - SCSI improvements:
>    o Most SCSI hardware drivers now use the new iopools infrastructure.
>    o scsi(4) devices are now all provided with a unique devid, which
>      is displayed during the probe process.
>    o ASC/ASCQ error codes and verbiage now in sync with
>      http://www.t10.org/lists/asc-num.txt.
>    o Progress on iSCSI includes better login, better logout, preliminary
>      FSM support in iscsid(8), and improved logging and debug information.
>    o uk(4) can now safely and reliably detach an unknown SCSI device.
>    o SCSI multipath device and kernel support has been improved.
>    o vscsi(4) now ensures output always goes to the correct connection.
>    o vscsi(4) connections can now be reset gracefully.
>    o scsi(4) devices on fibre channel fabrics no longer inherit the
> adapter's
>      address.
>
>  - Assorted improvements:
>    o Kernel randomization speed and quality improved substantially.
>    o For additional security, security(8) was rewritten in Perl.
>    o Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet)
>      and supports -Tutf8 output (but no utf8 input yet).
>    o Removed a variety of OS-compat emulation code, leaving just the Linux
>      support.
>    o Small improvements to Linux compat (only available on i386).
>    o Improved our own pkg-config(1) implementation with extended comparison
>      scheme and implementing various new options.
>    o The math library, libm, was fully fleshed out to support all C99
> required
>      parts.  Many bugs for various architectures were fixed along the way.
>    o malloc(3) is a lot faster and has a few further security features
> (more
>      randomization, as well as the 'S' flag to enable all paranoia checks).
>    o 'make depend' is no longer neccessary in kernel compilation
> directories
>      since the dependencies are calculated automatically.
>    o Increased the default size of the buffer cache.
>    o kqueue(2) now works on /dev/random and spliced sockets
>    o On MBR-based disks, scan through up to 256 extended partition tables
>      when looking for an OpenBSD partition table.
>    o Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the
>      O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
>    o Improved lint format string checks and added a few other checks.
>    o kdump(8) now dumps stat and sockaddr structures, sysctl mib
>      strings, and decodes syscall flags and operation bits.
>    o Improved kernel pool debug checking.
>    o Improved correctness of signals and various syscalls when rthreads
>      are in use.
>    o Kernel malloc(9) space and stacks moved to non-dma memory.
>    o Fixed some shutdown/reboot hangs on NFS clients.
>    o UNIX-domain socket paths are now guaranteed to be NUL-terminated.
>    o Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3).
>    o NULL is now a (void *).
>    o grep(1) now supports a -H option to always print filename headers.
>    o Whitelist expiry for spamlogd(8) can now be configured via a -W flag.
>    o ls(1) now supports the POSIX -H option to follow symbolic links
> specified
>      on the command line.
>    o disklabel(8) now tries the next auto-allocation scheme if the current
> one
>      fails due to insufficient available partitions.
>    o bc(1) gained editline(3) support.
>    o Many enhancements and new functionality has been added to tmux(1).
>    o disklabel(8) supports absolute resizing of partitions in
> auto-allocated
>      labels.
>    o newfs(8) accepts k/m/g suffixes for the -S and -s options.
>
>  - Install/Upgrade process changes:
>    o Completed support for DUID disk installs, and enabled it fully.
>    o Install non-free firmwares from the internet upon first boot, based
> on a
>      question in the installer.
>    o svnd(4)-like behaviour became the default for vnd(4) devices.  This is
>      what is used to build the media.
>
>  - rc.d(8) framework improvements:
>    o rc.d(8) is now also used for the base system daemons.
>    o Backward compatible with the historic way of starting daemons.
>    o Notify the user by appending (ok) or (failed) in interactive mode.
>    o Better diagnostics with the introduction of RC_DEBUG.
>
>  - OpenSSH 5.9:
>    o New features:
>      - Introduce sandboxing of the pre-auth privsep child using an
>        optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode
>        that enables mandatory restrictions on the syscalls the privsep
>        child can perform.
>      - Add new SHA256-based HMAC transport integrity modes from
>        http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
>        These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
>        and hmac-sha2-512-96, and are available by default in ssh(1)
>        and sshd(8).
>      - The pre-authentication sshd(8) privilege separation slave process
>        now logs via a socket shared with the master process, avoiding
>        the need to maintain /dev/log inside the chroot.
>      - ssh(1) now warns when a server refuses X11 forwarding.
>      - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
>        separated by whitespace. The undocumented AuthorizedKeysFile2
>        option is deprecated (though the default for AuthorizedKeysFile
>        includes .ssh/authorized_keys2).
>      - sshd_config(5): similarly deprecate UserKnownHostsFile2 and
>        GlobalKnownHostsFile2 by making UserKnownHostsFile and
>        GlobalKnownHostsFile accept multiple options and default to
>        include known_hosts2.
>      - sshd_config(5)'s ControlPath option now expands %L to the host
>        portion of the destination host name.
>      - sshd_config(5) "Host" options now support negated Host matching.
>      - sshd_config(5): a new RequestTTY option provides control over
>        when a TTY is requested for a connection, similar to the existing
>        -t/-tt/-T ssh(1) commandline options.
>      - ssh-keygen(1): Add -A option. For each of the key types (rsa1,
>        rsa, dsa and ecdsa) for which host keys do not exist, generate
>        the host keys with the default key file path, an empty passphrase,
>        default bits for the key type, and default comment. This is useful
>        for system initialisation scripts.
>      - ssh(1): Allow graceful shutdown of multiplexing: request that
>        mux server removes its listener socket and refuse future
>        multiplexing requests but don't kill existing connections. This
>        may be requested using "ssh -O stop ...".
>      - ssh-add(1): now accepts keys piped from standard input.
>      - Retain key comments when loading v.2 keys. These will be visible
>        in "ssh-add -l" and other places. (bz#439)
>      - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
>        IPv4 ToS/DSCP). (bz#1855)
>    o The following significant bugs have been fixed in this
>      release:
>      - sshd(8): allow GSSAPI authentication to detect when a server-side
>        failure causes authentication failure and don't count such failures
>        against MaxAuthTries. (bz#1244)
>      - ssh-keysign(8): now signs hostbased authentication challenges
>        correctly using ECDSA keys. (bz#1858)
>
>  - Over 7,200 ports, major robustness and speed improvements in package
> tools.
>  - Many pre-built packages for each architecture:
>    o i386: 7008                      o sparc64: 6456
>    o alpha: 6046                     o sh: 3721
>    o amd64: 6960                     o powerpc: 6691
>    o sparc: 3277                     o arm: 2963
>    o hppa: 6125                      o vax: 1409
>    o mips64: 5689                    o mips64el: 5709
>
>  - Some highlights:
>    o Gnome 2.32.2                    o KDE 3.5.10
>    o Xfce 4.8.0                      o MySQL 5.1.54
>    o PostgreSQL 9.0.5                o Postfix 2.8.4
>    o OpenLDAP 2.3.43 and 2.4.25      o Mozilla Firefox 3.5.19, 3.6.18 and
> 5.0
>    o Mozilla Thunderbird 5.0         o GHC 7.0.4
>    o LibreOffice 3.4.1.3             o Emacs 21.4, 22.3 and 23.3
>    o Vim 7.3.154                     o PHP 5.2.17 and 5.3.6
>    o Python 2.4.6, 2.5.4 and 2.7.1   o Ruby 1.8.7.352 and 1.9.2.200
>    o Mono 2.10.2                     o Chromium 12.0.742.122
>    o Groff 1.21
>
>  - As usual, steady improvements in manual pages and other documentation.
>    o Base system and Xenocara manuals are now installed as source code,
>      making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
>    o If both formatted and source versions of manuals are installed,
>      man(1) automatically displays the newer version of each page.
>
>  - The system includes the following major components from outside
> suppliers:
>    o Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
>      freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270,
>      xkeyboard-config 2.3 and more)
>    o Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
>    o Perl 5.12.2 (+ patches)
>    o Our improved and secured version of Apache 1.3, with
>      SSL/TLS and DSO support
>    o OpenSSL 1.0.0a (+ patches)
>    o Sendmail 8.14.5, with libmilter
>    o Bind 9.4.2-P2 (+ patches)
>    o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
>    o Sudo 1.7.2p8
>    o Ncurses 5.7
>    o Heimdal 0.7.2 (+ patches)
>    o Arla 0.35.7
>    o Binutils 2.15 (+ patches)
>    o Gdb 6.3 (+ patches)
>
> If you'd like to see a list of what has changed between OpenBSD 4.9
> and 5.0, look at
>
>        http://www.OpenBSD.org/plus50.html
>
> Even though the list is a summary of the most important changes
> made to OpenBSD, it still is a very very long list.
> We provide patches for known security threats and other important
> issues discovered after each CD release.  As usual, between the
> creation of the OpenBSD 5.0 FTP/CD-ROM binaries and the actual 4.9
> release date, our team found and fixed some new reliability problems
> (note: most are minor and in subsystems that are not enabled by
> default).  Our continued research into security means we will find
> new security problems -- and we always provide patches as soon as
> possible.  Therefore, we advise regular visits to
>
>        http://www.OpenBSD.org/security.html
> and
>        http://www.OpenBSD.org/errata.html
>
> Security patch announcements are sent to the [hidden email]
> mailing list.  For information on OpenBSD mailing lists, please see:
>
>        http://www.OpenBSD.org/mail.html
> OpenBSD 5.0 is also available on CD-ROM.  The 3-CD set costs $50 CDN and
> is available via mail order and from a number of contacts around the
> world.  The set includes a colourful booklet which carefully explains the
> installation of OpenBSD.  A new set of cute little stickers is also
> included (sorry, but our FTP mirror sites do not support STP, the Sticker
> Transfer Protocol).  As an added bonus, the second CD contains an audio
> track, a song entitled "What Me Worry?".  MP3 and OGG versions of
> the audio track can be found on the first CD.
>
> Lyrics (and an explanation) for the songs may be found at:
>
>    http://www.OpenBSD.org/lyrics.html#50
>
> Profits from CD sales are the primary income source for the OpenBSD
> project -- in essence selling these CD-ROM units ensures that OpenBSD
> will continue to make another release six months from now.
>
> The OpenBSD 5.0 CD-ROMs are bootable on the following four platforms:
>
>  o i386
>  o amd64
>  o macppc
>  o sparc64
>
> (Other platforms must boot from floppy, network, or other method).
>
> For more information on ordering CD-ROMs, see:
>
>        http://www.OpenBSD.org/orders.html
>
> The above web page lists a number of places where OpenBSD CD-ROMs
> can be purchased from.  For our default mail order, go directly to:
>
>        https://https.OpenBSD.org/cgi-bin/order
>
> All of our developers strongly urge you to buy a CD-ROM and support
> our future efforts.  Additionally, donations to the project are
> highly appreciated, as described in more detail at:
>
>        http://www.OpenBSD.org/goals.html#funding
> For those unable to make their contributions as straightforward gifts,
> the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
> not-for-profit corporation that can accept larger contributions and
> issue receipts.  In some situations, their receipt may qualify as a
> business expense write-off, so this is certainly a consideration for
> some organizations or businesses.  There may also be exposure benefits
> since the Foundation may be interested in participating in press releases.
> In turn, the Foundation then uses these contributions to assist OpenBSD's
> infrastructure needs.  Contact the foundation directors at
> [hidden email] for more information.
> The OpenBSD distribution companies also sell tshirts and polo shirts.
> And our users like them, too.  We have a variety of shirts available,
> with the new and old designs, from our web ordering system at, as
> described above.
> If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
> installed via FTP or HTTP downloads.  Typically you need a single
> small piece of boot media (e.g., a boot floppy) and then the rest
> of the files can be installed from a number of locations, including
> directly off the Internet.  Follow this simple set of instructions
> to ensure that you find all of the documentation you will need
> while performing an install via FTP or HTTP.  With the CD-ROMs,
> the necessary documentation is easier to find.
>
> 1) Read either of the following two files for a list of ftp/http
>   mirrors which provide OpenBSD, then choose one near you:
>
>        http://www.OpenBSD.org/ftp.html
>        ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/ftplist
>
>   As of Nov 1, 2011, the following ftp mirror sites have the 5.0 release:
>
>        ftp://ftp.eu.openbsd.org/pub/OpenBSD/5.0/       Stockholm, Sweden
>        ftp://ftp.bytemine.net/pub/OpenBSD/5.0/         Oldenburg, Germany
>        ftp://ftp.ch.openbsd.org/pub/OpenBSD/5.0/       Zurich, Switzerland
>        ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.0/       Paris, France
>        ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.0/      Vienna, Austria
>        ftp://mirror.aarnet.edu.au/pub/OpenBSD/5.0/     Brisbane, Australia
>        ftp://ftp.usa.openbsd.org/pub/OpenBSD/5.0/      CO, USA
>        ftp://ftp5.usa.openbsd.org/pub/OpenBSD/5.0/     CA, USA
>        ftp://obsd.cec.mtu.edu/pub/OpenBSD/5.0/         Michigan, USA
>
>        The release is also available at the master site:
>
>        ftp://ftp.openbsd.org/pub/OpenBSD/5.0/          Alberta, Canada
>
>        However it is strongly suggested you use a mirror.
>
>   Other mirror sites may take a day or two to update.
>
> 2) Connect to that ftp mirror site and go into the directory
>   pub/OpenBSD/5.0/ which contains these files and directories.
>   This is a list of what you will see:
>
>        ANNOUNCEMENT     armish/          mvme68k/         sparc64/
>        Changelogs/      ftplist          mvme88k/         src.tar.gz
>        HARDWARE         hp300/           packages/        sys.tar.gz
>        PACKAGES         hppa/            ports.tar.gz     tools/
>        PORTS            i386/            root.mail        vax/
>        README           landisk/         sgi/             xenocara.tar.gz
>        alpha/           mac68k/          socppc/          zaurus/
>        amd64/           macppc/          sparc/
>
>   It is quite likely that you will want at LEAST the following
>   files which apply to all the architectures OpenBSD supports.
>
>        README          - generic README
>        HARDWARE        - list of hardware we support
>        PORTS           - description of our "ports" tree
>        PACKAGES        - description of pre-compiled packages
>        root.mail       - a copy of root's mail at initial login.
>                          (This is really worthwhile reading).
>
> 3) Read the README file.  It is short, and a quick read will make
>   sure you understand what else you need to fetch.
>
> 4) Next, go into the directory that applies to your architecture,
>   for example, i386.  This is a list of what you will see:
>
>        INSTALL.i386    cd50.iso        floppyB50.fs    pxeboot*
>        INSTALL.linux   cdboot*         floppyC50.fs    xbase50.tgz
>        MD5             cdbr*           game50.tgz      xetc50.tgz
>        base50.tgz      cdemu50.iso     index.txt       xfont50.tgz
>        bsd*            comp50.tgz      install50.iso   xserv50.tgz
>        bsd.mp*         etc50.tgz       man50.tgz       xshare50.tgz
>        bsd.rd*         floppy50.fs     misc50.tgz
>
>   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
>   and the appropriate floppy*.fs or install50.iso files.  Consult the
>   INSTALL.i386 file if you don't know which of the floppy images
>   you need (or simply fetch all of them).
>
>   If you use the install50.iso file (roughly 250MB in size), then you
>   do not need the various *.tgz files since they are contained on that
>   one-step ISO-format install CD.
>
> 5) If you are an expert, follow the instructions in the file called
>   README; otherwise, use the more complete instructions in the
>   file called INSTALL.i386.  INSTALL.i386 may tell you that you
>   need to fetch other files.
>
> 6) Just in case, take a peek at:
>
>        http://www.OpenBSD.org/errata.html
>
>   This is the page where we talk about the mistakes we made while
>   creating the 5.0 release, or the significant bugs we fixed
>   post-release which we think our users should have fixes for.
>   Patches and workarounds are clearly described there.
>
> Note: If you end up needing to write a raw floppy using Windows,
>      you can use "fdimage.exe" located in the pub/OpenBSD/5.0/tools
>      directory to do so.
> X.Org has been integrated more closely into the system.  This release
> contains X.Org 7.6.  Most of our architectures ship with X.Org, including
> amd64, sparc, sparc64 and macppc.  During installation, you can install
> X.Org quite easily.  Be sure to try out xdm(1) and see how we have
> customized it for OpenBSD.
> The OpenBSD ports tree contains automated instructions for building
> third party software.  The software has been verified to build and
> run on the various OpenBSD architectures.  The 5.0 ports collection,
> including many of the distribution files, is included on the 3-CD
> set.  Please see the PORTS file for more information.
>
> Note: some of the most popular ports, e.g., the Apache web server
> and several X applications, come standard with OpenBSD.  Also, many
> popular ports have been pre-compiled for those who do not desire
> to build their own binaries (see BINARY PACKAGES, below).
> A large number of binary packages are provided.  Please see the PACKAGES
> file (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/PACKAGES) for more details.
> The CD-ROMs contain source code for all the subsystems explained
> above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/5.0/README)
> file explains how to deal with these source files.  For those who
> are doing an FTP install, the source code for all four subsystems
> can be found in the pub/OpenBSD/5.0/ directory:
>
>        xenocara.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz
> Ports tree and package building by Jasper Lievisse Adriaanse,
> Landry Breuil, Michael Erdely, Stuart Henderson, Peter Hessler,
> Paul Irofti, Antoine Jacoutot, Robert Nagy, and Christian Weisgerber.
> System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat.
> X11 builds by Todd Fries and Miod Vallat.  ISO-9660 filesystem
> layout by Theo de Raadt.
>
> We would like to thank all of the people who sent in bug reports, bug
> fixes, donation cheques, and hardware that we use.  We would also like
> to thank those who pre-ordered the 5.0 CD-ROM or bought our previous
> CD-ROMs.  Those who did not support us financially have still helped
> us with our goal of improving the quality of the software.
>
> Our developers are:
>
>    Alexander Bluhm, Alexander Hall, Alexander Schrijver,
>    Alexander Yurchenko, Alexandr Shadchin, Alexandre Ratchov,
>    Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
>    Ariane van der Steldt, Austin Hook, Benoit Lecocq, Bernd Ahlers,
>    Bob Beck, Bret Lambert, Charles Longeau, Chris Kuethe,
>    Christian Weisgerber, Christiano F. Haesbaert, Claudio Jeker,
>    Dale Rahn, Damien Bergamini, Damien Miller, Darren Tucker,
>    David Coppa, David Gwynne, David Hill, David Krause, Edd Barrett,
>    Eric Faurot, Federico G. Schwindt, Felix Kronlage, Gilles Chehade,
>    Giovanni Bechis, Gleydson Soares, Henning Brauer, Ian Darwin,
>    Igor Sobrado, Ingo Schwarze, Jacek Masiulaniec, Jakob Schlyter,
>    Janne Johansson, Jason George, Jason McIntyre, Jason Meltzer,
>    Jasper Lievisse Adriaanse, Jeremy Evans, Jim Razmus II, Joel Sing,
>    Joerg Zinke, Jolan Luff, Jonathan Armani, Jonathan Gray,
>    Jonathan Matthew, Jordan Hargrave, Joshua Stein,
>    Kenneth R Westerback, Kevin Lo, Kevin Steves, Kurt Miller,
>    Landry Breuil, Laurent Fanis, Marc Espie, Marco Peereboom,
>    Marco Pfatschbacher, Marcus Glocker, Mark Kettenis, Mark Lumsden,
>    Mark Uemura, Markus Friedl, Martin Pieuchot, Martynas Venckus,
>    Mats O Jansson, Matthew Dempsky, Matthias Kilian, Matthieu Herrb,
>    Michael Erdely, Mike Belopuhov, Mike Larkin, Miod Vallat,
>    Nayden Markatchev, Nicholas Marriott, Nick Holland, Nigel Taylor,
>    Nikolay Sturm, Okan Demirmen, Otto Moerbeek, Owain Ainsworth,
>    Paul de Weerd, Paul Irofti, Peter Hessler, Peter Valchev,
>    Philip Guenther, Pierre-Emmanuel Andre, Pierre-Yves Ritschard,
>    Remi Pointel, Reyk Floeter, Robert Nagy, Ryan Freeman,
>    Ryan Thomas McBride, Sasano, Sebastian Reitenbach, Simon Bertrang,
>    Stefan Sperling, Stephan A. Rickauer, Steven Mestdagh,
>    Stuart Henderson, Takuya Asada, Ted Unangst, Theo de Raadt,
>    Thordur I Bjornsson, Tobias Weingartner, Todd C. Miller, Todd Fries,
>    Will Maier, William Yodlowsky, Yasuoka Masahiko, Yojiro Uo
>
>


--
Thank you
Indunil Jayasooriya