Movatterモバイル変換
[0]ホーム
COLLECTED BY
Organization:
John Gilmore John Gilmore
Archive-It Partner Since: Apr, 2007
Organization Type: Other Institutions
Organization URL:
http://www.toad.comJohn Gilmore is a private individual who cares about archiving the Internet for future generations. He is the first individual to join the Archive-It program, as a partner with the Internet Archive, to collect and index documents of interest. Mr. Gilmore also co-founded the Electronic Frontier Foundation.
A collection of free software and open source software. This includes the source code (instructions written by computer programmers) of thousands of computer programs that are part of various free software projects. These projects include the GNU Project to reimplement the Bell Labs UNIX system, the Linux kernel that reimplements the core operating program of a UNIX-like system, the Debian project which seeks to produce a fully free and consistent "distribution" (collection) of free software programs that work together well, the Ubuntu project which builds a commercially viable operating system based on the Debian project; the Fedore project which also builds a commercially viable computer operating system based on free software; and other projects.
The Wayback Machine - https://web.archive.org/web/20181222011617/http://www.openbsd.org/35.html
Released May 1, 2004
Copyright 1997-2004, Theo de Raadt.
3.5 Song:"CARP License" and "Redundancy must be free"
All applicable copyrights and credits are in the src.tar.gz,sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in thefiles fetched via ports.tar.gz.
This is a partial list of new features and systems included in OpenBSD 3.5.For a comprehensive list, see thechangelog leadingto 3.5.
- New platforms:
- OpenBSD/amd64
Supporting the AMD64 architecture natively,with full 64-bit support, 8 extra registers in the architectureto significantly increase performance, and a memory managementNon-Executable bit that permits full W^X support.
(Note: The upcoming Intel "ia32e" AMD64-compatible CPUs have alsobeen tested, and work, even though they lack the NX bit). - OpenBSD/cats
Our first entry in the ARM-CPU landscape. We intend to use this as adevelopment platform for something else we plan for the future... - OpenBSD/mvme88k
Supporting an older, but very cool CPU architecture, perhaps themost pure RISC CPU ever.
- Replacement of the GNUbc(1),dc(1),nm(1) andsize(1)commands with BSD licensed equivalents.
- A large number of bug fixes, changes, and optimizations to our packet filterpf(4) including:
- Atomic commits of ruleset changes (reduce the chance of ending up in an inconsistent state).
- A 30% reduction in the size of state table entries.
- Source-tracking (limit number of clients and states per client).
- Sticky-address (the flexibility of round-robin with the benefits of source-hash).
- Invert the socket match order when redirecting to localhost (prevents the potential security problem of remote connections being identified as local).
- Significant improvements to interface handling.
- New tools for filtering gateway failover:
- CARP (the Common Address Redundancy Protocol)carp(4) allows multiple machines to share responsibility for a given IP address or addresses. If the owner of the address fails, another member of the group will take over for it. A discussion of the history of CARP can be foundhere.
- Additions to thepfsync(4) interface allow it to synchronise state table entries between two or more firewalls which are operating in parallel, allowing stateful connections to cross any of the firewalls regardless of where the state was initially created.
- New functionality:
- pty(4) devices are now allocated on demand, up to a configurable limit.
- New ptm device (seepty(4))that allows non-privileged processes to allocate a properly-permissioned pty.
As a result any process can now open a pty easily, meaningxterm(1)andxconsole(1)are no longer setuid root. (In 3.4 they were setuid root, but privilege revoking). - Theclosefrom(2)system call has been added.
- TCP MD5 signatures (used bync(1)andbgpd(8)).
- Network boot support for i386 and amd64, usingpxeboot(8).
- The i386 8GB boot loader limitation has been removed.
- spamd(8)gainsgreylisting support. This allows greylisting (a very powerful spam reduction technique) to bedone on a firewall for many mail hosts, no matter what MTA is being used.
- Interface 'cloning', accessed byifconfig(8)commandscreate anddestroy. E.g. `ifconfig vlan100 create'.
- ifconfig(8)can now be used with a genericinterface name, for listing all such configured interfaces. E.g. `ifconfig carp'.
- The MAKEDEV(8) manual pages are now generated, and hence, accurate.
- Complete rewrite ofpackage tools in perl.
- syslogd(8)now supports logging to memory buffers, to be read usingsyslogc(8).This is useful for diskless or flash-based computers.
- IPsec ESP in UDP encapsulation.
- malloc(3) chunk randomization and guard pages. This helps to detect out-of-boundsreads and writes.
- authpf(8) now tags traffic inpflog(4) so that users may be associated with traffic through a NAT setup.
- hw.setperf sysctl allows controlling the speed of many new i386CPUs,great for prolonged battery life.
- XFS has been added to the GENERIC kernels so thatafsd(8) may be started easily, eliminating the need to recompile the kernelto use AFS.
AFS can now be used anonymously by enabling it inrc.conf(8)with no further configuration. - Theps,top andw utilities no longer break when changes are made in kernel structures.
- Apoll interface has been added to therpc routines in the standard C library. Use ofpoll overselect can result in better performance for programs with a large number of open file descriptors.
- dhclient(8) now detects when the interface it configured is modified andgracefully exits.e.g. repeatedly running it against the same interface leaves only thelast instance active.
- Privilege separation added to allow complex operations to occur in an untrusted, unprivileged process, resulting in much greater security for the following processes:
- New tools:
- Performance improvements:
- Improved connection/socket lookup - about 100 times faster at 10000 sockets than 3.4.
- TCP SYN cache. Greatly reduces the memory cost of half-open TCP connections.
- Implemented TCP adjustments recommended byRFC3390, controllable viasysctl.
- OpenSSL speedup on i386, up to 100% improvement for md5, sha1, blowfish, des, 3des, rsa, dsa and bn.
- OpenSSL now directly uses the new AES instructions some VIA C3 processors provide, increasing AES to 780MBytes/second (so you get to see a fan-less CPU performing AES more than 10x faster than the fastest CPU currently sold).
- Directory hashing makes lookups in large directories much faster.
- Zeroing pages with SSE. Faster operation, and avoids clobbering the cache.
- SCSI(4) improvements:
- Bus probe made faster by skipping non-existent LUNs.
- Bus probe made saner by elimination of spurious commands.
- Bus probe made safer by having INQUIRY commands ask only for available data.
- Eliminated a race that, e.g., caused problems burning CDs at high speeds.
- SCSIDEBUG output can now be restricted to specified buses.
- ASC/ASCQ diagnostic messages updated to SCSI-3 standards.
- Better error handling.
- Improved hardware support, including:
- Thehppa architecture gets support for manyPCI based machines w/ addition ofdino(4) GSC-PCI bridge.
- Newoosiop(4) driver for NCR 53C700 SCSI host adapters.
- Major improvements toahc(4), bringing support for many new models.
- Newbce(4) driver, supporting the Broadcom BCM4401 FastEthernet chipset.
- Newmpt(4) driver for LSI Fusion-MPT SCSI and FibreChannel host adapters.
- Newsnapper(4) audio driver for recent iBook (since May 02) and PowerBook (since Apr 02) models.
- Improved stability of thewi(4) driver as well as support for USB-based adapters and software WEP.
- wi(4) in HostAP mode now supports SSID hiding and newer prism firmware revisions.
- Fixed several firmware incompatibility issues inan(4).
- Improved ATA and SATA support.
- Support for i835 AGP GART invga(4).
- Improved Gigabit Ethernet support forem(4),sk(4) &bge(4).
- Several fixes forapm(4).
- Support for Intel 852/855/865 AGP chipsets.
- Many more USB Flash and otherumass(4) devices work as a result of SCSI improvements.
- This release ships with Firefox for all major architectures.
- Major improvements inpthreads(3).
- Over 2500 ports, 2300 pre-built packages.
- Many improvements for security and reliability (look for the redprint in thecomplete changelog).
- Many improvements in manual pages and other documentation.
- Gcc 3.3.2, including local additions like ProPolice support, for theOpenBSD/amd64,OpenBSD/cats andOpenBSD/sparc64platforms.Other architectures still use gcc 2.95.3 with the same local additions.
- OpenSSH 3.8.1:
- sshd(8)now supports forced changes of expired passwords viapasswd(1).
- ssh(1)now uses untrusted cookies for X11-Forwarding.Some X11 applications might need full access to the X11 server,see ForwardX11Trusted inssh_config(5)andxauth(1).
- ssh(1)now supports sending application layerkeep-alive messages to the server. See ServerAliveInterval inssh_config(5).
- Improvedsftp(1)batch file support.
- New KerberosGetAFSToken option forsshd(8).
- Updated /etc/moduli file and improved performance forprotocol version 2.
- Support for host keys in DNS.
- The experimental "gssapi" support has been replaced withthe "gssapi-with-mic" to fix possible MITM attacks.The two versions are not compatible.
- The system includes the following major components from outside suppliers:
- XFree86 4.4.0 unencumbered (+ patches, and i386 contains 3.3.X servers also, thus providing support for all chipsets)
- Gcc 2.95.3 (+ patches) and 3.3.2 (+ patches)
- Perl 5.8.2 (+ patches)
- Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
- OpenSSL 0.9.7c (+ patches)
- Groff 1.15
- Sendmail 8.12.11
- Bind 9.2.3 (+ patches)
- Lynx 2.8.4rel.1 with HTTPS and IPv6 support (+ patches)
- Sudo 1.6.7p5
- Ncurses 5.2
- Latest KAME IPv6
- Heimdal 0.6rc1 (+ patches)
- Arla-current
Following this are the instructions which you would have on a piece ofpaper if you had purchased a CDROM set instead of doing an alternateform of install. The instructions for doing an ftp (or other styleof) install are very similar; the CDROM instructions are left intactso that you can see how much easier it would have been if you hadpurchased a CDROM instead.
Please refer to the following files on the three CDROMs or ftp mirror forextensive details on how to install OpenBSD 3.5 on your machine:- CD1:3.5/i386/INSTALL.i386
- CD1:3.5/vax/INSTALL.vax
- CD2:3.5/amd64/INSTALL.amd64
- CD2:3.5/macppc/INSTALL.macppc
- CD3:3.5/sparc/INSTALL.sparc
- CD3:3.5/sparc64/INSTALL.sparc64
- FTP:.../OpenBSD/3.5/alpha/INSTALL.alpha
- FTP:.../OpenBSD/3.5/cats/INSTALL.cats
- FTP:.../OpenBSD/3.5/hp300/INSTALL.hp300
- FTP:.../OpenBSD/3.5/hppa/INSTALL.hppa
- FTP:.../OpenBSD/3.5/mac68k/INSTALL.mac68k
- FTP:.../OpenBSD/3.5/mvme68k/INSTALL.mvme68k
- FTP:.../OpenBSD/3.5/mvme88k/INSTALL.mvme88k
Quick installer information for people familiar with OpenBSD, and theuse of the "disklabel -E" command. If you are at all confused wheninstalling OpenBSD, read the relevant INSTALL.* file as listed above!
Play with your BIOS options to enable booting from a CD. The OpenBSD/i386release is on CD1. If your BIOS does not support booting from CD, you will needto create a boot floppy to install from. To create a boot floppy writeCD1:3.5/i386/floppy35.fs to a floppy and boot via the floppy drive.UseCD1:3.5/i386/floppyB35.fs instead for greater scsi controllersupport, orCD1:3.5/i386/floppyC35.fs for better laptop support.
If you can't boot from a CD or a floppy disk,you can install across the network using PXE as described inthe included INSTALL.i386 document.
If you are planning on dual booting OpenBSD with another OS, you will need toread INSTALL.i386.
To make a boot floppy under MS-DOS, use the "rawrite" utility locatedatCD1:3.5/tools/rawrite.exe. To make the boot floppy under a Unix OS,use thedd(1) utility. The following is an example usage ofdd(1), where the device could be "floppy", "rfd0c", or"rfd0a".
#dd if=<file> of=/dev/<device> bs=32k
Make sure you use properly formatted perfect floppies with NO BAD BLOCKS oryour install will most likely fail. For more information on creating a bootfloppy and installing OpenBSD/i386 please refer tothis page.
Boot over the network via mopbooting as described in INSTALL.vax.
The 3.5 release of OpenBSD/amd64 is located on CD2.Boot from the CD to begin the install - you may need to adjustyour BIOS options first.If you can't boot from the CD, you can create a boot floppy to install from.To do this, writeCD2:3.5/amd64/floppy35.fs to a floppy, thenboot from the floppy drive.If you can't boot from a CD or a floppy disk,you can install across the network using PXE as described in the includedINSTALL.amd64 document.
If you are planning to dual boot OpenBSD with another OS, you will need toread INSTALL.amd64.
Put the CD2 in your CDROM drive and poweron your machine while holding down theC key until the display turns on and showsOpenBSD/macppc boot.Alternatively, at the Open Firmware prompt, enterboot cd:,ofwboot/3.5/macppc/bsd.rd
The 3.5 release of OpenBSD/sparc is located on CD3. To boot off of this CD youcan use one of the two commands listed below, depending on the version of yourROM.
okboot cdrom 3.5/sparc/bsd.rdor>b sd(0,6,0)3.5/sparc/bsd.rd
If your sparc does not have a CD drive, you can alternatively boot from floppy.To do so you need to writeCD3:3.5/sparc/floppy35.fs to a floppy.For more information seethis page. To boot fromthe floppy use one of the two commands listed below, depending on the version ofyour ROM.
okboot floppyor>boot fd()
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your installwill most likely fail.
If your sparc doesn't have a floppy drive nor a CD drive, you can eithersetup a bootable tape, or install via network, as told in theINSTALL.sparc file.
Put the CD3 in your CDROM drive and typeboot cdrom.If this doesn't work, or if you don't have a CDROM drive, you can writeCD3:3.5/sparc64/floppy35.fs to a floppy and boot it withbootfloppy.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your installwill most likely fail.
You can also writeCD3:3.5/sparc64/miniroot35.fs to the swap partition onthe disk and boot withboot disk:b.
If nothing works, you can boot over the network as described in INSTALL.sparc64
WriteFTP:3.5/alpha/floppy35.fs orFTP:3.5/alpha/floppyB35.fs (depending on your machine) to a diskette andenterboot dva0. Refer to INSTALL.alpha for more details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your installwill most likely fail.
After updating the firmware to at least ABLE 1.95 if necessary, bootFTP:3.5/cats/bsd.rd from an ABLE-supported device (such as a CD-ROMor an existing FFS or EXT2FS partition).
Boot MacOS as normal and partition your disk with the appropriate A/UXconfigurations. Then, extract the Macside utilities fromFTP:3.5/mac68k/utils onto your hard disk. Run Mkfs to create yourfilesystems on the A/UX partitions you just made. Then, use the"BSD/Mac68k Installer" to copy all the sets inFTP:3.5/mac68k/ onto yourpartitions. Finally, you will be ready to configure the "BSD/Mac68kBooter" with the location of your kernel and boot the system.
You can create a bootable installation tape or boot over the network.
The network boot requires a MVME68K BUG version that supports theNIOTandNBO debugger commands. Follow the instructions in INSTALL.mvme68kfor more details.
You can create a bootable installation tape or boot over the network.
The network boot requires a MVME88K BUG version that supports theNIOTandNBO debugger commands. Follow the instructions in INSTALL.mvme88kfor more details.
src.tar.gz contains a source archive starting at /usr/src. This filecontains everything you need except for the kernel sources, which arein a separate archive. To extract:
#mkdir -p /usr/src#cd /usr/src#tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys.This file contains all the kernel sources you need to rebuild kernels.To extract:
#mkdir -p /usr/src/sys#cd /usr/src#tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees itis possible to get a head-start on using the anoncvs servers asdescribedhere.Using these filesresults in a much faster initial CVS update than you could expect froma fresh checkout of the full OpenBSD source tree.
A ports tree archive is also provided. To extract:
#cd /usr#tar xvfz /tmp/ports.tar.gz#cd ports
Theports/ subdirectory is a checkout of the OpenBSD ports tree. Goread theports pageif you know nothing about portsat this point. This text is not a manual of how to use ports.Rather, it is a set of notes meant to kickstart the user on theOpenBSD ports system.
Theports/ directory represents a CVS (see the manpage forcvs(1) ifyou aren't familiar with CVS) checkout of our ports. As with our completesource tree, our ports tree is available via anoncvs. So, inorder to keep current with it, you must make theports/ treeavailable on a read-write medium and update the tree with a commandlike:
#cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_3_5
[Of course, you must replace the local directory and server name herewith the location of your ports collection and a nearby anoncvsserver.]
Note that most ports are available as packages through ftp. Updatedpackages for the 3.5 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or justwould like to know more, the mailing list ports@openbsd.org is a goodplace to know.
[8]ページ先頭
