OpenBSD 4.3

Released May 1, 2008
Copyright 1997-2008, Theo de Raadt.
ISBN 978-0-9784475-1-9
4.3 Song: "Home to Hypocrisy"

• Order a CDROM from our ordering system.
• See the information on The FTP page for a list of mirror machines.
• Go to the pub/OpenBSD/4.3/ directory on one of the mirror sites.
• Briefly read the rest of this document.
• Have a look at The 4.3 Errata page for a list of bugs and workarounds.
• See a detailed log of changes between the 4.2 and 4.3 releases.

All applicable copyrights and credits can be found in the applicable file sources found in the files src.tar.gz, sys.tar.gz, xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution files used to build packages from the ports.tar.gz file are not included on the CDROM because of lack of space.

What's New

This is a partial list of new features and systems included in OpenBSD 4.3. For a comprehensive list, see the changelog leading to 4.3.

• New/extended platforms:
  • OpenBSD/sparc64
    SMP support. This should work on all supported systems, with the exception of the Sun Enterprise 10000.
  • OpenBSD/hppa
    K-class servers like the K200 and K410 are supported now.
  • OpenBSD/mvme88k
    SMP support on MVME188 and MVME188A systems.
    88110 processor, and thus MVME197LE/SP/DP boards, are supported now.
  • OpenBSD/sgi
    Contains many new drivers, however the kernel requires an important errata fix.

• Improved hardware support, including:
  • The bge(4) driver now supports BCM5906/BCM5906M 10/100 and BCM5755 10/100/Gigabit Ethernet devices.
  • The cas(4) driver now supports Cassini+ 10/100/Gigabit Ethernet devices.
  • The em(4) driver now supports ICH9 10/100 and 10/100/Gigabit Ethernet devices.
  • The gem(4) driver now supports the onboard 1000base-SX interface on the Sun Fire V880 server.
  • The ixgb(4) driver now supports the Sun 10Gb PCI-X Ethernet devices.
  • The msk(4) driver now supports Yukon FE+ 10/100 and Yukon Supreme 10/100/Gigabit Ethernet devices.
  • The nfe(4) driver now supports MCP73, MCP77 and MCP79 10/100/Gigabit Ethernet devices.
  • The ral(4) driver now supports RT2800 based wireless network devices.
  • The cmpci(4) driver now supports CMI8768 based audio adapters.
  • The it(4) driver now supports ITE IT8705F/8712F/8716F/8718F/8726F and SiS SiS950 ICs. Watchdog timer functionality added.
  • The mfi(4) driver now supports Dell CERC6/PERC6 and LSI SAS1078 RAID controllers.
  • The viapm(4) driver now supports the VIA VT8237S south bridges SMBus controller.
  • Support for hotplugging ExpressCard devices has been added.
  • New amdpcib(4) driver for the AMD-8111 series LPC bridge and timecounter on amd64.
  • New pctr(4) driver for the CPU performance counters on amd64.
  • New bwi(4) driver for the Broadcom AirForce IEEE 802.11b/g wireless network device.
  • New envy(4) driver for the VIA Envy24 audio device.
  • New et(4) driver for the Agere/LSI ET1310 10/100/Gigabit Ethernet device.
  • New etphy(4) driver for the Agere/LSI ET1011 TruePHY Gigabit Ethernet PHY.
  • New amdpcib(4) driver for the AMD-8111 series LPC bridge and timecounter on i386.
  • New glxpcib(4) driver for the AMD CS5536 PCI-ISA bridge with timecounter, watchdog timer, and GPIO on i386.
  • New iwn(4) driver for the Intel Wireless WiFi Link 4965AGN IEEE 802.11a/b/g/Draft-N wireless network device.
  • New msts(4) line discipline to interface the Meinberg Standard Time String devices to provide a timedelta sensor.
  • New gbe(4) driver for the SGI Graphics Back End (GBE) Frame Buffer on sgi.
  • New mkbc(4) driver for the Moosehead PS/2 Controller on sgi.
  • New power(4) driver for the power button on sgi.
  • New ecadc(4) driver for the Environmental Monitoring Subsystem temperature sensor on sparc64.
  • New tda(4) driver for the fan controller on the Sun Blade 1000/2000, making these machines much less noisy.
  • New spdmem(4) driver retrieves information about memory modules.
  • New thmc(4) driver for the TI THMC50, Analog ADM1022/1028 temperature sensor.
  • New uchcom(4) driver for the WinChipHead CH341/340 based USB serial adapter.
  • New umbg(4) driver for the Meinberg Funkuhren USB5131 radio clock to provide a timedelta sensor.
  • New upgt(4) driver for the Conexant/Intersil PrismGT SoftMAC USB IEEE 802.11b/g wireless network device.
  • New wbng(4) driver for the Winbond W83793G temperature, voltage, and fan sensor.
  • New wbsio(4) driver for the Winbond LPC Super I/O ICs.
  • New adl(4) driver for the Andigilog aSC7621 temperature, voltage, and fan sensor.
  • The siop(4) driver now supports the (non-PCI) NCR 53c720/770 in big-endian mode.
  • New lmn(4) driver for the National Semiconductor LM93 sensor.

• New tools:
  • snmpd(8), implementing the Simple Network Management Protocol.
  • The snmpctl(8) program controls the SNMP daemon.
  • The pcidump(8) utility displays the device address, vendor, and product name of PCI devices.
  • ldattach(8) is used to attach a line discipline to a serial line to allow for in-kernel processing of the received and/or sent data.

• New functionality:
  • eeprom(8) is now able to display the OpenPROM device tree on systems that have it.
  • Support for X11 on sgi has been added.
  • The periodic security(8) reports now include package changes.
  • The cmpci(4) driver now supports multichannel audio playback if the hardware supports it.
  • The auvia(4) driver now supports multichannel audio playback if the hardware supports it.
  • The auich(4) driver now supports recording from the microphone as well as full-duplex mode.
  • The eso(4) driver now supports recording as well as full-duplex mode.
  • The ffs layer is now 64-bit disk block address clean. This means that disks, partitions and filesystems larger than 2TB are now supported, with the exception of statfs(2) and quotas.
  • DMA is now enabled for 1-sector devices such as flash drives, providing significant speed improvement.
  • Sparc and Sparc64 disklabels now provide automatic recognition of ext2fs partitions.
  • Filesystems on USB devices are automatically dismounted if the device is disconnected.
  • The configuration of carp(4) load balancing has been vastly simplified.
  • fstab(5) entries referring to non-existent mount points are now ignored, allowing subsequent entries to be processed.
  • Additional configuration files can now be included in pf.conf(5).
  • sppp(4) now has IPv6 support.
  • ipsec.conf(5) now supports defining 192 and 256 bit keysizes for AES.

• Assorted improvements and code cleanup:
  • Improved support for an lkm(4) subsystem on amd64.
  • ossaudio(3) received several bug fixes and enhancements including but not limited to improved recording and full-duplex support.
  • audio(4) received several bug fixes and enhancements including but not limited to improved recording and full-duplex support.
  • make(1) was heavily modified, mostly to improve support for parallel build. Parallel builds now run commands in the same way the sequential builds do, and the output from commands is more readable. A large part of the source tree, xenocara, and quite a few ports now build correctly with make -j.
  • rcs tools improvements and bug fixes.
  • RTM_VERSION was increased so that all routing messages could be modified to include additional fields for upcoming networking features.
  • sendbug(1) has stricter comment parsing, to avoid mangling diffs.
  • umass(4) devices no longer detect bogus LUNs.
  • USB st(4) devices can now successfully disconnect.
  • More deviant umass devices accommodated.
  • svnd(4) devices now work on block devices.
  • disklabel(8) is now aware of NTFS partitions.
  • raidctl(8) now correctly handles trailing whitespace in configuration files.
  • mt(1) no longer triggers panics when processing the 'rewoffl' command.
  • raid(4) devices no longer hang when searching for components during boot.
  • sd(4) devices no longer receive spurious SYNCHRONIZE CACHE commands that confuse some hardware.
  • sd(4) no longer claim that SYNCHRONIZE CACHE commands are 16 bytes long when they are actually 10 bytes. Some devices took this too literally.
  • dhcpd(8) now always issues packets equal or larger than the minimum IP MTU.
  • The disklabel(8) -E mode does not allow manual editing of the 'c' partition, which is always set to cover the entire disk.
  • The disklabel(8) -E mode does not allow changing the cpg value of a partition.
  • The disklabel(8) -E mode command 'r' now displays the list of free chunks on the disk.
  • The disklabel(8) -E mode no longer permits assigning arbitrary sizes to FS_BOOT and FS_UNUSED partitions.
  • The bge(4) driver problems receiving jumbo frames have been resolved.
  • Many dangerous unsigned comparisons with -1 when checking the results of read and write calls have been eliminated.
  • The new M_ZERO flag for malloc(9) replaces many malloc+bzero/memset combinations, fixing a number of bugs in memory initialization and shrinking the kernel.
  • dhcpd(8) now correctly constructs response packets that use the overflow buffers to store options.
  • SCSI drivers are more reliable in MP machines due to better locking around command completion.
  • TCP responses to highly fragmented packets are now constructed without risking corruption of kernel memory.
  • Sockets now allow 4095 multicast group memberships.

• Install/Upgrade process changes:
  • All platforms now have serial console support when installing.
  • Serial console speed is detected and appropriate /etc/ttys entries automatically created.
  • OpenBSD/vax now also has both kinds of install ISO CD images.
  • DNS server addresses are remembered if an install is restarted.
  • OpenBSD/sgi can now be installed using the glass console.

• OpenBGPD 4.3:
  • Correctly handle prefixes which would cause a routing loop.
  • bgpctl's detailed RIB output shows additional attributes like extended communities or the cluster id list.

• OpenNTPD 4.3:
  • Handle IP changes of clients more gracefully.
  • Log peer and sensor status to syslog if the majority of either is bad, or if a SIGINFO signal is received.
  • Allow offsetting of time sensors that have a systematic error.

• OpenOSPFD 4.3:
  • Equal cost multipath support -- don't forget to set the right sysctls.
  • Parser and commandline options are now in sync with bgpd.

• relayd 4.3:
  • hoststated(8)/hoststatectl(8) were renamed to relayd(8)/relayctl(8).
  • Improved configuration grammar for relayd.conf(5).
  • Allow to send SNMP traps via snmpd(8) when host states change.
  • Improved support for URL filtering and protocol actions.
  • Added support for UDP-based DNS relaying with request ID randomisation.
  • Various bug fixes, optimisations, and cleanups.
  • Improved reload support.

• OpenSSH 4.8:
  • New features:
    • Added chroot(2) support for sshd(8), controlled by a new option "ChrootDirectory". Please refer to sshd_config(5) for details, and please use this feature carefully.
    • Linked sftp-server(8) into sshd(8). The internal sftp server is used when the command "internal-sftp" is specified in a Subsystem or ForceCommand declaration. When used with ChrootDirectory, the internal sftp server requires no special configuration of files inside the chroot environment. Please refer to sshd_config(5) for more information.
    • Added a protocol extension method "posix-rename@openssh.com" for sftp-server(8) to perform POSIX atomic rename() operations.
    • Removed the fixed limit of 100 file handles in sftp-server(8). The server will now dynamically allocate handles up to the number of available file descriptors.
    • ssh(1) will now skip generation of SSH protocol 1 ephemeral server keys when in inetd mode and protocol 2 connections are negotiated. This speeds up protocol 2 connections to inetd-mode servers that also allow Protocol 1.
    • Accept the PermitRootLogin directive in a sshd_config(5) Match block. Allows for, e.g. permitting root only from the local network.
    • Reworked sftp(1) argument splitting and escaping to be more internally consistent (i.e. between sftp commands) and more consistent with sh(1). Please note that this will change the interpretation of some quoted strings, especially those with embedded backslash escape sequences.
    • Support "Banner=none" in sshd_config(5) to disable sending of a pre-login banner (e.g. in a Match block).
    • ssh(1) ProxyCommands are now executed with $SHELL rather than /bin/sh.
    • ssh(1)'s ConnectTimeout option is now applied to both the TCP connection and the SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand.
    • Many new regression tests, including interop tests against PuTTY's plink.
  • The following significant bugs have been fixed in this release:
    • SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client keepalive logic, causing disconnections on servers that did not explicitly implement "keepalive@openssh.com".
    • ssh(1) used the obsolete SIG DNS RRtype for host keys in DNS, instead of the current standard RRSIG.
    • Correctly drain ACKs when a sftp(1) upload write fails midway, avoids a fatal() exit from what should be a recoverable condition.
    • Fixed packet size advertisements. Previously TCP and agent forwarding incorrectly advertised the channel window size as the packet size, causing fatal errors under some conditions.
    • Many more bugfixes. Please refer to the Release Notes.

• Over 4,900 ports, minor robustness improvements in package tools.
• Many pre-built packages for each architecture:

  i386: 4782 sparc64: 4613 alpha: 4233 sh: 2046

  amd64: 4708 powerpc: 4634 sparc: 3159 m68k: 830

  arm: 3377 hppa: 3971 vax: 296 mips64: 1897

  m88k: 27

  Some highlights:
  • Gnome 2.20.3.
  • GNUstep 1.14.2.
  • KDE 3.5.8.
  • Mozilla Firefox 2.0.0.12.
  • Mozilla Thunderbird 2.0.0.12.
  • MySQL 5.0.51a.
  • OpenMotif 2.3.0.
  • OpenOffice.org 2.3.1.
  • PostgreSQL 8.2.6.
  • Xfce 4.4.2.

• As usual, steady improvements in manual pages and other documentation.

• The system includes the following major components from outside suppliers:
  • Xenocara (based on X.Org 7.3 + patches, freetype 2.3.5, fontconfig 2.4.2, Mesa 7.0.2, xterm 232 and more)
  • Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
  • Perl 5.8.8 (+ patches)
  • Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
  • OpenSSL 0.9.7j (+ patches)
  • Groff 1.15
  • Sendmail 8.14.1, with libmilter
  • Bind 9.4.2 (+ patches)
  • Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
  • Sudo 1.6.9p12
  • Ncurses 5.2
  • Latest KAME IPv6
  • Heimdal 0.7.2 (+ patches)
  • Arla 0.35.7
  • Binutils 2.15 (+ patches)
  • Gdb 6.3 (+ patches)

How to install

Following this are the instructions which you would have on a piece of paper if you had purchased a CDROM set instead of doing an alternate form of install. The instructions for doing an FTP (or other style of) install are very similar; the CDROM instructions are left intact so that you can see how much easier it would have been if you had purchased a CDROM instead.

• CD1:4.3/i386/INSTALL.i386

• CD2:4.3/amd64/INSTALL.amd64
• CD2:4.3/macppc/INSTALL.macppc

• CD3:4.3/sparc64/INSTALL.sparc64

• FTP:.../OpenBSD/4.3/alpha/INSTALL.alpha
• FTP:.../OpenBSD/4.3/armish/INSTALL.armish
• FTP:.../OpenBSD/4.3/hp300/INSTALL.hp300
• FTP:.../OpenBSD/4.3/hppa/INSTALL.hppa
• FTP:.../OpenBSD/4.3/landisk/INSTALL.landisk
• FTP:.../OpenBSD/4.3/mac68k/INSTALL.mac68k
• FTP:.../OpenBSD/4.3/mvme68k/INSTALL.mvme68k
• FTP:.../OpenBSD/4.3/mvme88k/INSTALL.mvme88k
• FTP:.../OpenBSD/4.3/sgi/INSTALL.sgi
• FTP:.../OpenBSD/4.3/sparc/INSTALL.sparc
• FTP:.../OpenBSD/4.3/vax/INSTALL.vax
• FTP:.../OpenBSD/4.3/zaurus/INSTALL.zaurus

Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above!

OpenBSD/i386:

Play with your BIOS options to enable booting from a CD. The OpenBSD/i386 release is on CD1. If your BIOS does not support booting from CD, you will need to create a boot floppy to install from. To create a boot floppy write CD1:4.3/i386/floppy43.fs to a floppy and boot via the floppy drive.

Use CD1:4.3/i386/floppyB43.fs instead for greater SCSI controller support, or CD1:4.3/i386/floppyC43.fs for better laptop support.

If you can't boot from a CD or a floppy disk, you can install across the network using PXE as described in the included INSTALL.i386 document.

If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386.

To make a boot floppy under MS-DOS, use the "rawrite" utility located at CD1:4.3/tools/rawrite.exe. To make the boot floppy under a Unix OS, use the dd(1) utility. The following is an example usage of dd(1), where the device could be "floppy", "rfd0c", or "rfd0a".

# dd if=<file> of=/dev/<device> bs=32k

Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to FAQ 4.3.1.

OpenBSD/amd64:

The 4.3 release of OpenBSD/amd64 is located on CD2. Boot from the CD to begin the install - you may need to adjust your BIOS options first. If you can't boot from the CD, you can create a boot floppy to install from. To do this, write CD2:4.3/amd64/floppy43.fs to a floppy, then boot from the floppy drive.

If you can't boot from a CD or a floppy disk, you can install across the network using PXE as described in the included INSTALL.amd64 document.

If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64.

OpenBSD/macppc:

Put CD2 in your CDROM drive and poweron your machine while holding down the C key until the display turns on and shows OpenBSD/macppc boot.

Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /4.3/macppc/bsd.rd

OpenBSD/sparc64:

Put CD3 in your CDROM drive and type boot cdrom.

If this doesn't work, or if you don't have a CDROM drive, you can write CD3:4.3/sparc64/floppy43.fs or CD3:4.3/sparc64/floppyB43.fs (depending on your machine) to a floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

You can also write CD3:4.3/sparc64/miniroot43.fs to the swap partition on the disk and boot with boot disk:b.

If nothing works, you can boot over the network as described in INSTALL.sparc64.

OpenBSD/alpha:

Write FTP:4.3/alpha/floppy43.fs or FTP:4.3/alpha/floppyB43.fs (depending on your machine) to a diskette and enter boot dva0. Refer to INSTALL.alpha for more details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

OpenBSD/armish:

After connecting a serial port, Thecus can boot directly from the network either tftp or http. Configure the network using fconfig, reset, then load bsd.rd, see INSTALL.armish for specific details. IOData HDL-G can only boot from an EXT-2 partition. Boot into linux and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. More details are available in INSTALL.armish.

OpenBSD/hp300:

Boot over the network by following the instructions in INSTALL.hp300.

OpenBSD/hppa:

Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page.

OpenBSD/landisk:

Write miniroot43.fs to the start of the CF or disk, and boot normally.

OpenBSD/mac68k:

Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from FTP:4.3/mac68k/utils onto your hard disk. Configure the "BSD/Mac68k Booter" with the location of your bsd.rd kernel and boot into the installer. Refer to the instructions in INSTALL.mac68k for more details.

OpenBSD/mvme68k:

You can create a bootable installation tape or boot over the network.
The network boot requires a MVME68K BUG version that supports the NIOT and NBO debugger commands. Follow the instructions in INSTALL.mvme68k for more details.

OpenBSD/mvme88k:

You can create a bootable installation tape or boot over the network.
The network boot requires a MVME88K BUG version that supports the NIOT and NBO debugger commands. Follow the instructions in INSTALL.mvme88k for more details.

OpenBSD/sparc:

Boot from one of the provided install ISO images, using one of the two commands listed below, depending on the version of your ROM.

ok boot cdrom 4.3/sparc/bsd.rd
or
> b sd(0,6,0)4.3/sparc/bsd.rd

If your SPARC system does not have a CD drive, you can alternatively boot from floppy. To do so you need to write floppy43.fs to a floppy. For more information see FAQ 4.3.1. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.

ok boot floppy
or
> b fd()

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

If your SPARC system doesn't have a floppy drive nor a CD drive, you can either setup a bootable tape, or install via network, as told in the INSTALL.sparc file.

OpenBSD/sgi:

Burn cd43.iso on a CD-R, put it in the CD drive of your machine and select Install System Software from the System Maintenance menu.

If your machine doesn't have a CD drive, you can setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd". Refer to the instructions in INSTALL.sgi for more details.

OpenBSD/vax:

Boot over the network via mopbooting as described in INSTALL.vax.

OpenBSD/zaurus:

Using the Linux built-in graphical ipkg installer, install the openbsd43_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus for a few important details.

Notes about the source code:

src.tar.gz contains a source archive starting at /usr/src. This file contains everything you need except for the kernel sources, which are in a separate archive. To extract:

# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz

sys.tar.gz contains a source archive starting at /usr/src/sys. This file contains all the kernel sources you need to rebuild kernels. To extract:

# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz

Both of these trees are a regular CVS checkout. Using these trees it is possible to get a head-start on using the anoncvs servers as described here. Using these files results in a much faster initial CVS update than you could expect from a fresh checkout of the full OpenBSD source tree.

How to upgrade

If you already have an OpenBSD 4.2 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide.

Ports Tree

A ports tree archive is also provided. To extract:

# cd /usr
# tar xvfz /tmp/ports.tar.gz
# cd ports

The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go read the ports page if you know nothing about ports at this point. This text is not a manual of how to use ports. Rather, it is a set of notes meant to kickstart the user on the OpenBSD ports system.

The ports/ directory represents a CVS (see the manpage for cvs(1) if you aren't familiar with CVS) checkout of our ports. As with our complete source tree, our ports tree is available via anoncvs. So, in order to keep current with it, you must make the ports/ tree available on a read-write medium and update the tree with a command like:

# cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_3

[Of course, you must replace the local directory and server name here with the location of your ports collection and a nearby anoncvs server.]

Note that most ports are available as packages through FTP. Updated packages for the 4.3 release will be made available if problems arise.

If you're interested in seeing a port added, would like to help out, or just would like to know more, the mailing list ports@openbsd.org is a good place to know.