openbsd
/
www
mirror of https://github.com/openbsd/www.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
www/33.html

427 lines
15 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 3.3</title>
<meta name="description" content="OpenBSD 3.3">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/33.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
3.3
</h2>
<table>
<tr>
<td>
<a href="images/Barbarian.gif">
<img width="255" height="343" src="images/Barbarian.gif" alt="Barbarian"></a>
<td>
Released May 1, 2003<br>
Copyright 1997-2003, Theo de Raadt.<br>
<cite class=isbn>ISBN 0-9731791-1-2</cite>
<br>
3.3 Song: <a href="lyrics.html#33">"Puff the Barbarian"</a>
<br>
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/3.3/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata33.html">The 3.3 Errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus33.html">detailed log of changes</a> between the
3.2 and 3.3 releases.
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 3.3.
For a comprehensive list, see the <a href="plus33.html">changelog</a> leading
to 3.3.
<p>
<ul>
<li>Integration of the
<a href="http://www.research.ibm.com/trl/projects/security/ssp/">ProPolice</a>
stack protection technology, by Hiroaki Etoh, into the system
compiler. This protection is enabled by default. With this change,
function prologues are modified to rearrange the stack: a random
canary is placed before the return address, and buffer variables are
moved closer to the canary so that regular variables are below, and
harder to smash. The function epilogue then checks if the canary is
still intact. If it is not, the process is terminated. This change
makes it very hard for an attacker to modify the return address used
when returning from a function.
<p>
<li>W^X (pronounced: "W xor X") on architectures capable of
pure execute-bit support in the MMU (sparc, sparc64, alpha,
hppa). This is a fine-grained memory permissions layout, ensuring that
memory which can be written to by application programs can not be
executable at the same time and vice versa. This raises the bar on
potential buffer overflows and other attacks: as a result, an attacker
is unable to write code anywhere in memory where it can be executed.
(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current
already supports it on i386, and both these processors are expected to
support this change in 3.4).
<p>
<li>Still more reduction in setuid and setgid binaries, and more chroot
use throughout the system. While some programs are still setuid or
setgid, almost all of them grab a resource and then quickly revoke
privilege.
<p>
<li>The X window server and xconsole now use privilege separation,
for better security. Also, xterm has been modified to do privilege
revocation. xdm runs as a special user and group, to further constrain
what might go wrong.
<p>
<li>As usual, improvements to the documentation, notably the man pages and
the Web FAQ. An increasingly large part of the website is available in several
languages.
<p>
<li>More complete collection and better tested set of "ports".
setuid/setgid ports have been significantly reduced as well. Many of the
ones that remain setuid have been modified to revoke privileges as early
as possible.
<p>
<li>Over 2000 pre-built and tested packages.
<p>
<li>Significant improvements to the pthread library.
<p>
<li>An incredible amount of enhancements and stability improvements to
our packet filter, <a
href="https://man.openbsd.org/pf.4">pf</a>,
including:
<ul>
<li>Queue, a bandwidth management system (uses altq underneath)
<li>Anchors, allowing subrulesets which can be loaded and modified independently
<li>Tables, a very efficient way for large address lists in rules
<li>Address pools, redirect/NAT to multiple addresses and thus load balancing
<li>Configuration language has been made much more flexible
<li>TCP window scaling support
<li>Full CIDR support
<li>Early checksum verification return on invalid packets
<li>Performance boost: large rulesets load much faster now
<li><a href="https://man.openbsd.org/spamd">spamd</a>,
a spam deferral daemon, which SMTP connections can be redirected to.
This daemon handles connections based on black lists and white lists,
tar-pits the connections, and ensures that the spammer knows why their
mail has not been accepted.
</ul>
<p>
<li>Much improved <a href="sparc64.html">sparc64</a> support: support for
more models and several major bugs eradicated.
<p>
<li>The system includes the following major components from outside suppliers:
<ul>
<li>XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
<li>Gcc 2.95.3 (+ patches)
<li>Perl 5.8.0 (+ patches)
<li>Apache 1.3.27, mod_ssl 2.8.12, DSO support (+ patches)
<li>OpenSSL 0.9.7beta3 (+ patches)
<li>Groff 1.15
<li>Sendmail 8.12.9
<li>Bind 9.2.2 (+ patches)
<li>Lynx 2.8.2rel.1 with HTTPS support added (+ patches)
<li>Sudo 1.6.7
<li>Ncurses 5.2
<li>Latest KAME IPv6
<li>KTH Kerberos 1.1.1
<li>Heimdal 0.4e (+ patches)
<li>OpenSSH 3.6
</ul>
<p>
<li>Many improvements for security and reliability (look for the red
print in the <a href="plus33.html">complete changelog</a>).
<p>
<li> and much more.
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an ftp (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.
<p>
<hr>
Please refer to the following files on the three CDROMs or ftp mirror for
extensive details on how to install OpenBSD 3.3 on your machine:
<p>
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/i386/INSTALL.i386">
.../OpenBSD/3.3/i386/INSTALL.i386 (on CD1)</a>
<p>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/macppc/INSTALL.macppc">
.../OpenBSD/3.3/macppc/INSTALL.macppc (on CD2)</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/vax/INSTALL.vax">
.../OpenBSD/3.3/vax/INSTALL.vax (on CD2)</a>
<p>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/sparc/INSTALL.sparc">
.../OpenBSD/3.3/sparc/INSTALL.sparc (on CD3)</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/sparc64/INSTALL.sparc64">
.../OpenBSD/3.3/sparc64/INSTALL.sparc64 (on CD3)</a>
<p>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/alpha/INSTALL.alpha">
.../OpenBSD/3.3/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/hp300/INSTALL.hp300">
.../OpenBSD/3.3/hp300/INSTALL.hp300</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/hppa/INSTALL.hppa">
.../OpenBSD/3.3/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/mac68k/INSTALL.mac68k">
.../OpenBSD/3.3/mac68k/INSTALL.mac68k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/3.3/mvme68k/INSTALL.mvme68k">
.../OpenBSD/3.3/mvme68k/INSTALL.mvme68k</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the
use of the "disklabel -E" command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!
<h3>OpenBSD/i386:</h3>
<p>
Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
release is on CD1. If your BIOS does not support booting from CD, you will need
to create a boot floppy to install from. To create a boot floppy write
<i>CD1:3.3/i386/floppy33.fs</i> to a floppy and boot via the floppy drive.
<p>
Use <i>CD1:3.3/i386/floppyB33.fs</i> instead for greater scsi controller
support, or <i>CD1:3.3/i386/floppyC33.fs</i> for better laptop support.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to read the included INSTALL.i386 document.
<p>
To make a boot floppy under MS-DOS, use the &quot;rawrite&quot; utility located
at <i>CD:/3.3/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, use the <a href="https://man.openbsd.org/dd.1">dd(1)</a> utility. The following is an example usage of <a href="https://man.openbsd.org/dd.1">dd(1)</a>, where the device could be &quot;floppy&quot;, &quot;rfd0c&quot;, or &quot;rfd0a&quot;.
<blockquote><pre>
# <kbd>dd if=&lt;file&gt; of=/dev/&lt;device&gt; bs=32k</kbd>
</pre></blockquote>
<p>
Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to <a href="faq/faq4.html#MkFlop">this page</a>.
<h3>OpenBSD/macppc:</h3>
<p>
Put the CD2 in your CDROM drive and poweron your machine while holding down the
<i>C</i> key until the display turns on and shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/3.3/macppc/bsd.rd</i>
<h3>OpenBSD/vax:</h3>
<p>
Boot over the network via mopbooting as described in INSTALL.vax.
<h3>OpenBSD/sparc:</h3>
<p>
The 3.3 release of OpenBSD/sparc is located on CD3. To boot off of this CD you can use one of the two commands listed below, depending on the version of your ROM.
<blockquote><pre>
> <kbd>boot cdrom 3.3/sparc/bsd.rd</kbd>
or
> <kbd>b sd(0,6,0)3.3/sparc/bsd.rd</kbd>
</pre></blockquote>
<p>
If your sparc does not have a CD drive, you can alternatively boot from floppy.
To do so you need to write &quot;CD3:3.3/sparc/floppy33.fs&quot; to a floppy. For more information see <a href="faq/faq4.html#MkFlop">this page</a>. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.
<blockquote><pre>
> <kbd>boot floppy</kbd>
or
> <kbd>boot fd()</kbd>
</pre></blockquote>
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
<p>
If your sparc doesn't have a floppy drive nor a CD drive, you can either
setup a bootable tape, or install via network, as told in the
INSTALL.sparc file.
<h3>OpenBSD/sparc64:</h3>
<p>
Put the CD3 in your CDROM drive and type <i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>CD3:3.3/sparc64/floppy33.fs</i> to a floppy and boot it with <i>boot
floppy</i>.<br>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
<p>
You can also write <i>CD3:3.3/sparc64/miniroot33.fs</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64
<h3>OpenBSD/alpha:</h3>
<p>
Write <i>3.3/alpha/floppy33.fs</i> or
<i>3.3/alpha/floppyB33.fs</i> (depending on your machine) to a diskette and
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.
<h3>OpenBSD/hp300:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hp300.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#netboot">hppa platform page</a>.
<h3>OpenBSD/mac68k:</h3>
<p>
Boot MacOS as normal and partition your disk with the appropriate A/UX
configurations. Then, extract the Macside utilities from
<i>3.3/mac68k/utils</i> onto your hard disk. Run Mkfs to create your
filesystems on the A/UX partitions you just made. Then, use the
"BSD/Mac68k Installer" to copy all the sets in <i>3.3/mac68k/</i> onto your
partitions. Finally, you will be ready to configure the "BSD/Mac68k
Booter" with the location of your kernel and boot the system.
<h3>OpenBSD/mvme68k:</h3>
<p>
You can create a bootable installation tape or boot over the network.<br>
The network boot requires a MVME68K BUG version that supports the <i>NIOT</i>
and <i>NBO</i> debugger commands. Follow the instructions in INSTALL.mvme68k
for more details.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
read the <a href="faq/faq15.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
Certainly, the OpenBSD ports system is not complete. It is doubtful it
will ever be. However, it is growing very fast and getting more stable.
Almost all ports provided with this release should build without problems
on most architectures (over 2000 packages build on i386, for instance).
<p>
The <i>ports/</i> directory represents a CVS (see the manpage for
<a href="https://man.openbsd.org/cvs.1">cvs(1)</a> if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via anoncvs. So, in
order to keep current with it, you must make the <i>ports/</i> tree
available on a read-write medium and update the tree with a command
like:
<blockquote><pre>
# <kbd>cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_3_3</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the local directory and server name here
with the location of your ports collection and a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
packages for the 3.3 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
Reference in New Issue View Git Blame Copy Permalink