OpenBSD 4.5

Released May 1, 2009
Copyright 1997-2009, Theo de Raadt.
ISBN 978-0-9784475-3-3
4.5 Song: "Games"

• Order a CDROM from our ordering system.
• See the information on The FTP page for a list of mirror machines.
• Go to the pub/OpenBSD/4.5/ directory on one of the mirror sites.
• Briefly read the rest of this document.
• Have a look at The 4.5 Errata page for a list of bugs and workarounds.
• See a detailed log of changes between the 4.4 and 4.5 releases.

All applicable copyrights and credits can be found in the applicable file sources found in the files src.tar.gz, sys.tar.gz, xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution files used to build packages from the ports.tar.gz file are not included on the CDROM because of lack of space.

What's New

This is a partial list of new features and systems included in OpenBSD 4.5. For a comprehensive list, see the changelog leading to 4.5.

• New/extended platforms:
  • Initial ports to the xscale based gumstix platform and the ARM based OpenMoko
  • OpenBSD/sparc64
    
    • New vdsk(4) and vnet(4) drivers provide support for virtual I/O between logical domains on Sun's CoolThreads servers, including UltraSPARC T2+ machines.
    • Workstations and laptops with UltraSPARC IIe CPUs can now scale down the CPU frequency to save power.

• Improved hardware support, including:
  • Several new/improved drivers for sensors, including:
    • The cac(4) driver now has bio and sensor support.
    • The mpi(4) driver now has bio and sensor support.
    • New gpiodcf(4) driver for DCF77/HBG timedelta sensors through GPIO pins.
    • New schsio(4) driver for SMSC SCH311x LPC Super I/O devices.
    • The it(4) driver now supports IT8720F chips.
    • The it(4) driver now supports FAN4 and FAN5 sensors for IT8716F/IT8718F/IT8720F/IT8726F chips.
    • The owtemp(4) driver now supports Maxim/Dallas DS18B20 and DS1822 temperature sensors.
    • The km(4) driver now supports AMD Family 11h processors (Turion X2 Ultra et al).
    • The lm(4) driver now supports W83627DHG attachment on the I²C bus.
    • The lmenv(4) driver now has better support for the fan sensors on lm81, adm9240 and ds1780 chips.
    • The sdtemp(4) driver now supports ST STTS424 chips.
  • The em(4) driver now supports ICH9 IGP M and IGP M AMT chips, and link status detection has improved.
  • The sdmmc(4) driver now supports SDHC cards.
  • The msk(4) driver now supports Yukon-2 FE+ (88E8040, 88E8042) based devices.
  • The iwn(4) driver now supports Intel WiFi Link 5100/5300 devices.
  • The wpi(4) and iwn(4) drivers now support hardware CCMP cryptography.
  • The ath(4) driver now has WPA-PSK support.
  • age(4), a driver for Attansic L1 gigabit Ethernet devices was added.
  • ale(4), a driver for Atheros AR81xx (aka Attansic L1E) Ethernet devices was added.
  • mos(4), a driver for Moschip MCS7730/7830 10/100 USB Ethernet devices was added.
  • jme(4), a driver for JMicron JMC250/JMC260 10/100 and Gigabit Ethernet devices was added.
  • run(4), a driver for Ralink USB IEEE 802.11a/b/g/Draft-N devices was added.
  • auacer(4), a driver for Acer Labs M5455 audio devices was added.
  • ifb(4), a driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (accelerated).
  • wildcatfb(4), an X driver for Sun Expert3D, Expert3D-Lite, XVR-500, XVR-600 and XVR-1200 framebuffers (unaccelerated).
  • sunffb(4), an accelerated X driver for Sun Creator, Creator 3D and Elite 3D framebuffers.
  • vdsk(4), a driver for virtual disks of sun4v logical domains.
  • vnet(4), a driver for virtual network adapters of sun4v logical domains.
  • vrng(4), a driver for the random number generator on Sun UltraSPARC T2/T2+ CPUs.
  • The vcons(4) driver is now interrupt driven.
  • ips(4), a driver for IBM SATA/SCSI ServeRAID controllers was added.
  • udfu(4), a driver for device firmware upgrade (DFU) was added.
  • Many improvements were made to the acpi(4) subsystem.
  • The umsm(4) driver supports several new EVDO/UMTS devices.
  • The mfi(4) driver now supports the next generation of MegaRAID SAS controllers.
  • New vsbic(4) driver for the MVME327A SCSI and floppy controller on mvme68k and mvme88k machines.
  • The re(4) driver now supports 8168D/8111D-based devices, and multicast reception on 8110SB/SC-based devices.
  • The ehci(4) driver now supports isochronous transfers.
  • S/PDIF output support has been added to the ac97(4), auich(4), auvia(4) and azalia(4) drivers.
  • azalia(4) mixer has been clarified and simplified, support for 20-bit and 24-bit encodings has been added.
  • The gbe(4) frame buffer driver now supports acceleration.

• New tools:
  • ypldap(8), an YP server using LDAP as a backend.
  • xcompmgr(1) was added to xenocara.

• New functionality:
  • The libc resolver(3) may now be forced to perform lookups by TCP only using a new resolv.conf(5) option. The nameserver declaration in resolv.conf(5) has also been extended to allow specification of non-default nameserver ports.
  • apropos(1) has two new options (-S and -s) to allow searching by machine architecture and manual section.
  • aucat(1) now has audio server capability. Audio devices can be shared between multiple applications. Applications can run natively on fixed sample rate devices or on devices with unusual encodings. Multi-channel audio devices can be split into smaller independent subdevices.
  • aucat(1) now has a deviceless mode, in which it can be used as a general purpose audio file format conversion utility (to mix, demultiplex, resample or reencode files).
  • ifconfig(8) can now list channels supported by an IEEE 802.11 device.
  • New views were added to systat(8): malloc, bucket and pool. Improvements were made to existing views.
  • vnconfig(8) can now create devices with arbitrary geometry with the new -t option.
  • FFS filesystems are now supported on most devices, e.g. CD's, that have sector sizes other than 512 bytes.
  • Disklabels are now correctly placed and found on most devices, e.g. CD's, that have sector sizes other than 512 bytes.

• Assorted improvements and code cleanup:
  • malloc(3) has gained new attack mitigation measures; critical bookkeeping structures are protected at runtime using mprotect(2) and allocated at random addresses where possible.
  • A new version of the gdtoa code has been integrated, bringing better C99 support to printf(3) and friends.
  • Vastly improved C99 support in libm, including complex math support.
  • The sppp(4) layer and thus kernel pppoe(4) now support usernames and passwords of up to 255 characters.
  • Recognize and spoof disklabel entries for more FAT and FAT32 variants.
  • Automatically recognize tapes with 64K records.
  • Improve option handling in dhcpd(8).
  • When booting from a cd the root file system is now assumed to be on the cd, rather than always asking for the location.
  • Disklabels constructed from native disklabels are now subject to the same consistancy checks as all other disklabels.
  • No longer display geometry information for sd(4) disk drives, since it was mostly fictitious these days.
  • Fix handling of tftp ERROR frames so OpenBSD pxeboot can be loaded from picky tftp servers.
  • Many scsi(4) drivers now retry operations that can't be immediately started rather than giving up.
  • MBR and DPME disklabels are no longer written out with invalid checksum information in some circumstances.

• Install/Upgrade process changes:
  • crunchgen(1) and crunchide(1) have been merged into crunchgen(8), which is now built and installed by default.
  • mksuncd(1) now lives in base and is installed by default.
  • CD-ROM installs are now supported on SGI.
  • Accept initial root passwords containing backslash characters.
  • Install now allows multiple interfaces to be configured with dhcp(8).
  • Upgrades now use the minimal protocols(5) and services(5) files provided on the install media.
  • The install media no longer contain a disktab(5) file.
  • Serial console speed is correctly determined on macppc.

• OpenSSH 5.2:
  • New features:
    • Added an option to ssh(1) to force logging to syslog rather than stderr.
    • The sshd_config(5) ForceCommand directive now accepts commandline arguments for the internal-sftp server.
    • The ssh(1) ~C escape commandline now support runtime creation of dynamic port forwards.
    • Support the SOCKS4A protocol in ssh(1) dynamic forwards.
    • Support remote port forwarding with a listen port of '0'.
    • sshd(8) now supports setting PermitEmptyPasswords and AllowAgentForwarding in Match blocks.
  • The following significant bugs have been fixed in this release:
    • Repair a ssh(1) crash introduced in openssh-5.1 when the client is sent a zero-length banner.
    • The eow@openssh.com and no-more-sessions@openssh.com protocol extensions are now only sent to peers that identify themselves as OpenSSH.
    • Avoid printing "Non-public channel" warnings in sshd(8), since ssh(1) has sent incorrect channel numbers since ~2004; make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE.
    • Avoid double-free in ssh(1) ~C escape -L handler.
    • Correct fail-on-error behaviour in sftp(1) batchmode for remote stat operations.
    • Avoid hang in ssh(1) when attempting to connect to a server that has MaxSessions set to zero.

• Over 5500 ports, minor robustness improvements in package tools.
• Many pre-built packages for each architecture:

  i386: 5379 sparc64: 5174 alpha: 5132

  sh: 1543 amd64: 5312 powerpc: 5162

  sparc: 2651 arm: 4120 hppa: 4689

  vax: 1718 mips64: 3278

  Some highlights:
  • Gnome 2.24.3.
  • GNUstep 1.18.0.
  • KDE 3.5.10.
  • Mozilla Firefox 3.0.6.
  • Mozilla Thunderbird 2.0.0.19.
  • MySQL 5.0.77.
  • OpenOffice.org 2.4.2 and 3.0.1.
  • PostgreSQL 8.3.6.
  • Xfce 4.4.3.
  • OpenArena 0.8.1 (only for amd64, i386 and macppc)

• As usual, steady improvements in manual pages and other documentation.

• The system includes the following major components from outside suppliers:
  • Xenocara (based on X.Org 7.4 + patches, freetype 2.3.7, fontconfig 2.4.2, Mesa 7.2, xterm 239 and more)
  • Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
  • Perl 5.10.0 (+ patches)
  • Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
  • OpenSSL 0.9.8j (+ patches)
  • Groff 1.15
  • Sendmail 8.14.3, with libmilter
  • Bind 9.4.2-P2 (+ patches)
  • Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
  • Sudo 1.7
  • Ncurses 5.2
  • Latest KAME IPv6
  • Heimdal 0.7.2 (+ patches)
  • Arla 0.35.7
  • Binutils 2.15 (+ patches)
  • Gdb 6.3 (+ patches)

How to install

Following this are the instructions which you would have on a piece of paper if you had purchased a CDROM set instead of doing an alternate form of install. The instructions for doing an FTP (or other style of) install are very similar; the CDROM instructions are left intact so that you can see how much easier it would have been if you had purchased a CDROM instead.

• CD1:4.5/i386/INSTALL.i386

• CD2:4.5/amd64/INSTALL.amd64
• CD2:4.5/macppc/INSTALL.macppc

• CD3:4.5/sparc64/INSTALL.sparc64

• FTP:.../OpenBSD/4.5/alpha/INSTALL.alpha
• FTP:.../OpenBSD/4.5/armish/INSTALL.armish
• FTP:.../OpenBSD/4.5/hp300/INSTALL.hp300
• FTP:.../OpenBSD/4.5/hppa/INSTALL.hppa
• FTP:.../OpenBSD/4.5/landisk/INSTALL.landisk
• FTP:.../OpenBSD/4.5/mac68k/INSTALL.mac68k
• FTP:.../OpenBSD/4.5/mvme68k/INSTALL.mvme68k
• FTP:.../OpenBSD/4.5/mvme88k/INSTALL.mvme88k
• FTP:.../OpenBSD/4.5/sgi/INSTALL.sgi
• FTP:.../OpenBSD/4.5/socppc/INSTALL.socppc
• FTP:.../OpenBSD/4.5/sparc/INSTALL.sparc
• FTP:.../OpenBSD/4.5/vax/INSTALL.vax
• FTP:.../OpenBSD/4.5/zaurus/INSTALL.zaurus

Quick installer information for people familiar with OpenBSD, and the use of the "disklabel -E" command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above!

OpenBSD/i386:

Play with your BIOS options to enable booting from a CD. The OpenBSD/i386 release is on CD1. If your BIOS does not support booting from CD, you will need to create a boot floppy to install from. To create a boot floppy write CD1:4.5/i386/floppy45.fs to a floppy and boot via the floppy drive.

Use CD1:4.5/i386/floppyB45.fs instead for greater SCSI controller support, or CD1:4.5/i386/floppyC45.fs for better laptop support.

If you can't boot from a CD or a floppy disk, you can install across the network using PXE as described in the included INSTALL.i386 document.

If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386.

To make a boot floppy under MS-DOS, use the "rawrite" utility located at CD1:4.5/tools/rawrite.exe. To make the boot floppy under a Unix OS, use the dd(1) utility. The following is an example usage of dd(1), where the device could be "floppy", "rfd0c", or "rfd0a".

# dd if=<file> of=/dev/<device> bs=32k

Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to FAQ 4.3.1.

OpenBSD/amd64:

The 4.5 release of OpenBSD/amd64 is located on CD2. Boot from the CD to begin the install - you may need to adjust your BIOS options first. If you can't boot from the CD, you can create a boot floppy to install from. To do this, write CD2:4.5/amd64/floppy45.fs to a floppy, then boot from the floppy drive.

If you can't boot from a CD or a floppy disk, you can install across the network using PXE as described in the included INSTALL.amd64 document.

If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64.

OpenBSD/macppc:

Put CD2 in your CDROM drive and poweron your machine while holding down the C key until the display turns on and shows OpenBSD/macppc boot.

Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /4.5/macppc/bsd.rd

OpenBSD/sparc64:

Put CD3 in your CDROM drive and type boot cdrom.

If this doesn't work, or if you don't have a CDROM drive, you can write CD3:4.5/sparc64/floppy45.fs or CD3:4.5/sparc64/floppyB45.fs (depending on your machine) to a floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

You can also write CD3:4.5/sparc64/miniroot45.fs to the swap partition on the disk and boot with boot disk:b.

If nothing works, you can boot over the network as described in INSTALL.sparc64.

OpenBSD/alpha:

Write FTP:4.5/alpha/floppy45.fs or FTP:4.5/alpha/floppyB45.fs (depending on your machine) to a diskette and enter boot dva0. Refer to INSTALL.alpha for more details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

OpenBSD/armish:

After connecting a serial port, Thecus can boot directly from the network either tftp or http. Configure the network using fconfig, reset, then load bsd.rd, see INSTALL.armish for specific details. IOData HDL-G can only boot from an EXT-2 partition. Boot into linux and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. More details are available in INSTALL.armish.

OpenBSD/hp300:

Boot over the network by following the instructions in INSTALL.hp300.

OpenBSD/hppa:

Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page.

OpenBSD/landisk:

Write miniroot45.fs to the start of the CF or disk, and boot normally.

OpenBSD/mac68k:

Boot MacOS as normal and extract the Macside "BSD/Mac68k Booter" utility from FTP:4.5/mac68k/utils onto your hard disk. Configure the "BSD/Mac68k Booter" with the location of your bsd.rd kernel and boot into the installer. Refer to the instructions in INSTALL.mac68k for more details.

OpenBSD/mvme68k:

You can create a bootable installation tape or boot over the network.
The network boot requires a MVME68K BUG version that supports the NIOT and NBO debugger commands. Follow the instructions in INSTALL.mvme68k for more details.

OpenBSD/mvme88k:

You can create a bootable installation tape or boot over the network.
The network boot requires a MVME88K BUG version that supports the NIOT and NBO debugger commands. Follow the instructions in INSTALL.mvme88k for more details.

OpenBSD/sparc:

Boot from one of the provided install ISO images, using one of the two commands listed below, depending on the version of your ROM.

ok boot cdrom 4.5/sparc/bsd.rd
or
> b sd(0,6,0)4.5/sparc/bsd.rd

If your SPARC system does not have a CD drive, you can alternatively boot from floppy. To do so you need to write floppy45.fs to a floppy. For more information see FAQ 4.3.1. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.

ok boot floppy
or
> b fd()

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

If your SPARC system doesn't have a floppy drive nor a CD drive, you can either setup a bootable tape, or install via network, as told in the INSTALL.sparc file.

OpenBSD/sgi:

Burn cd45.iso on a CD-R, put it in the CD drive of your machine and select Install System Software from the System Maintenance menu.

If your machine doesn't have a CD drive, you can setup a DHCP/tftp network server, and boot using "bootp()/bsd.rd". Refer to the instructions in INSTALL.sgi for more details.

OpenBSD/socppc:

After connecting a serial port, boot over the network via DHCP/tftp. Refer to the instructions in INSTALL.socppc for more details.

OpenBSD/vax:

Boot over the network via mopbooting as described in INSTALL.vax.

OpenBSD/zaurus:

Using the Linux built-in graphical ipkg installer, install the openbsd45_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus for a few important details.

Notes about the source code:

src.tar.gz contains a source archive starting at /usr/src. This file contains everything you need except for the kernel sources, which are in a separate archive. To extract:

# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz

sys.tar.gz contains a source archive starting at /usr/src/sys. This file contains all the kernel sources you need to rebuild kernels. To extract:

# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz

Both of these trees are a regular CVS checkout. Using these trees it is possible to get a head-start on using the anoncvs servers as described here. Using these files results in a much faster initial CVS update than you could expect from a fresh checkout of the full OpenBSD source tree.

How to upgrade

If you already have an OpenBSD 4.4 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide.

Ports Tree

A ports tree archive is also provided. To extract:

# cd /usr
# tar xvfz /tmp/ports.tar.gz
# cd ports

The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go read the ports page if you know nothing about ports at this point. This text is not a manual of how to use ports. Rather, it is a set of notes meant to kickstart the user on the OpenBSD ports system.

The ports/ directory represents a CVS (see the manpage for cvs(1) if you aren't familiar with CVS) checkout of our ports. As with our complete source tree, our ports tree is available via anoncvs. So, in order to keep current with it, you must make the ports/ tree available on a read-write medium and update the tree with a command like:

# cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_5

[Of course, you must replace the local directory and server name here with the location of your ports collection and a nearby anoncvs server.]

Note that most ports are available as packages through FTP. Updated packages for the 4.5 release will be made available if problems arise.

If you're interested in seeing a port added, would like to help out, or just would like to know more, the mailing list ports@openbsd.org is a good place to know.