Movatterモバイル変換
[0]ホーム
COLLECTED BY
Organization:
John Gilmore John Gilmore
Archive-It Partner Since: Apr, 2007
Organization Type: Other Institutions
Organization URL:
http://www.toad.comJohn Gilmore is a private individual who cares about archiving the Internet for future generations. He is the first individual to join the Archive-It program, as a partner with the Internet Archive, to collect and index documents of interest. Mr. Gilmore also co-founded the Electronic Frontier Foundation.
A collection of free software and open source software. This includes the source code (instructions written by computer programmers) of thousands of computer programs that are part of various free software projects. These projects include the GNU Project to reimplement the Bell Labs UNIX system, the Linux kernel that reimplements the core operating program of a UNIX-like system, the Debian project which seeks to produce a fully free and consistent "distribution" (collection) of free software programs that work together well, the Ubuntu project which builds a commercially viable operating system based on the Debian project; the Fedore project which also builds a commercially viable computer operating system based on free software; and other projects.
The Wayback Machine - https://web.archive.org/web/20181222011621/http://www.openbsd.org/33.html
Released May 1, 2003
Copyright 1997-2003, Theo de Raadt.
3.3 Song:"Puff the Barbarian"
All applicable copyrights and credits are in the src.tar.gz,sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in thefiles fetched via ports.tar.gz.
This is a partial list of new features and systems included in OpenBSD 3.3.For a comprehensive list, see thechangelog leadingto 3.3.
- Integration of theProPolicestack protection technology, by Hiroaki Etoh, into the systemcompiler. This protection is enabled by default. With this change,function prologues are modified to rearrange the stack: a randomcanary is placed before the return address, and buffer variables aremoved closer to the canary so that regular variables are below, andharder to smash. The function epilogue then checks if the canary isstill intact. If it is not, the process is terminated. This changemakes it very hard for an attacker to modify the return address usedwhen returning from a function.
- W^X (pronounced: "W xor X") on architectures capable ofpure execute-bit support in the MMU (sparc, sparc64, alpha,hppa). This is a fine-grained memory permissions layout, ensuring thatmemory which can be written to by application programs can not beexecutable at the same time and vice versa. This raises the bar onpotential buffer overflows and other attacks: as a result, an attackeris unable to write code anywhere in memory where it can be executed.(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-currentalready supports it on i386, and both these processors are expected tosupport this change in 3.4).
- Still more reduction in setuid and setgid binaries, and more chrootuse throughout the system. While some programs are still setuid orsetgid, almost all of them grab a resource and then quickly revokeprivilege.
- The X window server and xconsole now use privilege separation,for better security. Also, xterm has been modified to do privilegerevocation. xdm runs as a special user and group, to further constrainwhat might go wrong.
- As usual, improvements to the documentation, notably the man pages andthe Web FAQ. An increasingly large part of the website is available in severallanguages.
- More complete collection and better tested set of "ports".setuid/setgid ports have been significantly reduced as well. Many of theones that remain setuid have been modified to revoke privileges as earlyas possible.
- Over 2000 pre-built and tested packages.
- Significant improvements to the pthread library.
- An incredible amount of enhancements and stability improvements toour packet filter,pf,including:
- Queue, a bandwidth management system (uses altq underneath)
- Anchors, allowing subrulesets which can be loaded and modified independently
- Tables, a very efficient way for large address lists in rules
- Address pools, redirect/NAT to multiple addresses and thus load balancing
- Configuration language has been made much more flexible
- TCP window scaling support
- Full CIDR support
- Early checksum verification return on invalid packets
- Performance boost: large rulesets load much faster now
- spamd, a spam deferral daemon, which SMTP connections can be redirected to. This daemon handles connections based on black lists and white lists, tar-pits the connections, and ensures that the spammer knows why their mail has not been accepted.
- Much improvedsparc64 support: support formore models and several major bugs eradicated.
- The system includes the following major components from outside suppliers:
- XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
- Gcc 2.95.3 (+ patches)
- Perl 5.8.0 (+ patches)
- Apache 1.3.27, mod_ssl 2.8.12, DSO support (+ patches)
- OpenSSL 0.9.7beta3 (+ patches)
- Groff 1.15
- Sendmail 8.12.9
- Bind 9.2.2 (+ patches)
- Lynx 2.8.2rel.1 with HTTPS support added (+ patches)
- Sudo 1.6.7
- Ncurses 5.2
- Latest KAME IPv6
- KTH Kerberos 1.1.1
- Heimdal 0.4e (+ patches)
- OpenSSH 3.6
- Many improvements for security and reliability (look for the redprint in thecomplete changelog).
- and much more.
Following this are the instructions which you would have on a piece ofpaper if you had purchased a CDROM set instead of doing an alternateform of install. The instructions for doing an ftp (or other styleof) install are very similar; the CDROM instructions are left intactso that you can see how much easier it would have been if you hadpurchased a CDROM instead.
Please refer to the following files on the three CDROMs or ftp mirror forextensive details on how to install OpenBSD 3.3 on your machine:- CD1:3.3/i386/INSTALL.i386
- CD2:3.3/macppc/INSTALL.macppc
- CD2:3.3/vax/INSTALL.vax
- CD3:3.3/sparc/INSTALL.sparc
- CD3:3.3/sparc64/INSTALL.sparc64
- FTP:.../OpenBSD/3.3/alpha/INSTALL.alpha
- FTP:.../OpenBSD/3.3/hp300/INSTALL.hp300
- FTP:.../OpenBSD/3.3/hppa/INSTALL.hppa
- FTP:.../OpenBSD/3.3/mac68k/INSTALL.mac68k
- FTP:.../OpenBSD/3.3/mvme68k/INSTALL.mvme68k
Quick installer information for people familiar with OpenBSD, and theuse of the "disklabel -E" command. If you are at all confused wheninstalling OpenBSD, read the relevant INSTALL.* file as listed above!
Play with your BIOS options to enable booting from a CD. The OpenBSD/i386release is on CD1. If your BIOS does not support booting from CD, you will needto create a boot floppy to install from. To create a boot floppy writeCD1:3.3/i386/floppy33.fs to a floppy and boot via the floppy drive.UseCD1:3.3/i386/floppyB33.fs instead for greater scsi controllersupport, orCD1:3.3/i386/floppyC33.fs for better laptop support.
If you are planning on dual booting OpenBSD with another OS, you will need to read the included INSTALL.i386 document.
To make a boot floppy under MS-DOS, use the "rawrite" utility locatedatCD:/3.3/tools/rawrite.exe. To make the boot floppy under a Unix OS, use thedd(1) utility. The following is an example usage ofdd(1), where the device could be "floppy", "rfd0c", or "rfd0a".
#dd if=<file> of=/dev/<device> bs=32k
Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer tothis page.
Put the CD2 in your CDROM drive and poweron your machine while holding down theC key until the display turns on and showsOpenBSD/macppc boot.Alternatively, at the Open Firmware prompt, enterboot cd:,ofwboot/3.3/macppc/bsd.rd
Boot over the network via mopbooting as described in INSTALL.vax.
The 3.3 release of OpenBSD/sparc is located on CD3. To boot off of this CD you can use one of the two commands listed below, depending on the version of your ROM.
>boot cdrom 3.3/sparc/bsd.rdor>b sd(0,6,0)3.3/sparc/bsd.rd
If your sparc does not have a CD drive, you can alternatively boot from floppy.To do so you need to write "CD3:3.3/sparc/floppy33.fs" to a floppy. For more information seethis page. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.
>boot floppyor>boot fd()
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
If your sparc doesn't have a floppy drive nor a CD drive, you can eithersetup a bootable tape, or install via network, as told in theINSTALL.sparc file.
Put the CD3 in your CDROM drive and typeboot cdrom.If this doesn't work, or if you don't have a CDROM drive, you can writeCD3:3.3/sparc64/floppy33.fs to a floppy and boot it withbootfloppy.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
You can also writeCD3:3.3/sparc64/miniroot33.fs to the swap partition onthe disk and boot withboot disk:b.
If nothing works, you can boot over the network as described in INSTALL.sparc64
WriteFTP:3.3/alpha/floppy33.fs orFTP:3.3/alpha/floppyB33.fs (depending on your machine) to a diskette andenterboot dva0. Refer to INSTALL.alpha for more details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
Boot MacOS as normal and partition your disk with the appropriate A/UXconfigurations. Then, extract the Macside utilities fromFTP:3.3/mac68k/utils onto your hard disk. Run Mkfs to create yourfilesystems on the A/UX partitions you just made. Then, use the"BSD/Mac68k Installer" to copy all the sets inFTP:3.3/mac68k/ onto yourpartitions. Finally, you will be ready to configure the "BSD/Mac68kBooter" with the location of your kernel and boot the system.
You can create a bootable installation tape or boot over the network.
The network boot requires a MVME68K BUG version that supports theNIOTandNBO debugger commands. Follow the instructions in INSTALL.mvme68kfor more details.
src.tar.gz contains a source archive starting at /usr/src. This filecontains everything you need except for the kernel sources, which arein a separate archive. To extract:
#mkdir -p /usr/src#cd /usr/src#tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys.This file contains all the kernel sources you need to rebuild kernels.To extract:
#mkdir -p /usr/src/sys#cd /usr/src#tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees itis possible to get a head-start on using the anoncvs servers asdescribedhere.Using these filesresults in a much faster initial CVS update than you could expect froma fresh checkout of the full OpenBSD source tree.
A ports tree archive is also provided. To extract:
#cd /usr#tar xvfz /tmp/ports.tar.gz#cd ports
Theports/ subdirectory is a checkout of the OpenBSD ports tree. Goread theports pageif you know nothing about portsat this point. This text is not a manual of how to use ports.Rather, it is a set of notes meant to kickstart the user on theOpenBSD ports system.
Certainly, the OpenBSD ports system is not complete. It is doubtful itwill ever be. However, it is growing very fast and getting more stable.Almost all ports provided with this release should build without problemson most architectures (over 2000 packages build on i386, for instance).
Theports/ directory represents a CVS (see the manpage forcvs(1) ifyou aren't familiar with CVS) checkout of our ports. As with our completesource tree, our ports tree is available via anoncvs. So, inorder to keep current with it, you must make theports/ treeavailable on a read-write medium and update the tree with a commandlike:
#cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_3_3
[Of course, you must replace the local directory and server name herewith the location of your ports collection and a nearby anoncvsserver.]
Note that most ports are available as packages through ftp. Updatedpackages for the 3.3 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or justwould like to know more, the mailing list ports@openbsd.org is a goodplace to know.
[8]ページ先頭
