OpenBSD 5.0发布

On 2011年11月2日, in soft, by netoearth


OpenBSD 5.0 logo

The OpenBSD 5.0 Release:

Released Nov 1, 2011
Copyright 1997-2011, Theo de Raadt.
ISBN 978-0-9784475-8-8
5.0 Song: “What Me Worry?”

What’s New
How to install
How to upgrade
How to use the ports tree
Ordering a CD set


To get the files for this release:

  • Order a CDROM from our ordering system.
  • See the information on The FTP page for a list of mirror machines.
  • Go to the pub/OpenBSD/5.0/ directory on one of the mirror sites.
  • Briefly read the rest of this document.
  • Have a look at The 5.0 Errata page for a list of bugs and workarounds.
  • See a detailed log of changes between the 4.9 and 5.0 releases.

Note: All applicable copyrights and credits can be found in the applicable file sources found in the files src.tar.gz, sys.tar.gz, xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution files used to build packages from the ports.tar.gz file are not included on the CDROM because of lack of space.


What’s New

This is a partial list of new features and systems included in OpenBSD 5.0. For a comprehensive list, see the changelog leading to 5.0.


  • Improved hardware support, including:
    • MSI interrupts for many devices, on those architectures which can support them (amd64, i386, sparc64 only so far).
    • A new dma_alloc(9) API makes it easier for kernel code to allocate dma-safe memory. Many drivers (especially network drivers) and subsystems (in particular scsi and the buffer cache) were adapted to use this.
    • As a result, big-memory support has been enabled on all possible architectures.
    • The rather rare bce(4) driver now copies mbufs all the time, to cope with the hardware having a 1GB limit.
    • Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
    • Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
    • Added dfs(4), a driver for Dynamic Frequency Switching on some macppc systems.
    • cardbus(4) and pcmcia(4) support on sgi.
    • Suspend/resume support on Loongson Yeelong laptops.


  • Generic network stack improvements:
    • Added support for sending Wake on Lan packets using arp(8).
    • Permit turning Wake on Lan support on/off using ifconfig(8).
    • Added Wake on Lan support to xl(4)re(4), and vr(4).
    • Allow ftp-proxy(8) to proxy across rdomains.
    • The IPv4 stack will no longer accept ICMP redirects when acting as a router.
    • By default the IPv6 stack will not process ICMP6 redirects. rtsol(8) will turn it back if -F is used.
    • Reworked large parts of the dhclient(8) options processing for better interoperability.
    • Fixed carp(4) to work in IPv6 only setups.
    • Make it possible to bind(2) to the local network broadcast address on datagram and raw sockets.
    • The default multicast reject route is now ignored if the UDP socket uses the IP_MULTICAST_IF socket option.
    • Make gre(4) work between systems in the same LAN.
    • Removed the link1 mode special addressing mode on lo(4).
    • Kernel randomization speed and quality improved substantially.


  • Routing daemons and other userland network improvements:
    • bgpd(8) no longer bumps the rlimits: the rc.d framework respects login classes which is a much better solution.
    • Correctly set the network filtersets on reload in bgpd(8).
    • The routing socket is now sending RTM_DESYNC messages if the socketbuffer overflows.
    • Allow ospfd(8) to send out LS updates and other messages larger than the MTU.
    • Fixed nexthop calculation in ospfd(8) for directly connected P2P links.
    • First bits to support opaque LSA in ospfd(8). Only basic redistribute logic and LSDB handling for now.
    • Creating new interfaces will no longer cause a fatal error in ospf6d(8).
    • ospf6d(8) handles link-state changes better.
    • Better loopback handling in ospf6d(8).
    • No longer install extra multicast routes in ripd(8) and ldpd(8).
    • Make kqueue(2) work with sosplice(9).
    • Enabled sosplice(9) in relayd(8) for TCP.
    • Added support for divert-to which provides some benefits over rdr-to in relayd(8).
    • Fixed trap sending in snmpd(8).
    • Make ping6(8) compare minimum amount of bytes between what was received and what was sent out.
    • Make traceroute(8) with type-of-service setted (-t) display a message if the returned packet has a different tos type.
    • Added the socket splicing fields of struct socket to netstat -vP output.


  • pf(4) improvements:
    • Make pf(4) reassemble IPv6 fragments. In the forward case, pf refragments the packets with the same maximum size.
    • Allow pf(4) to filter on the rdomain a packet belongs to.
    • Make pf(4) allow userland proxies to establish cross rdomain proxy sessions.
    • Added IPv6 ACK prioritization in pf(4).
    • Change ‘set skip on <…>’ to work with interface groups.
    • pfsync(4) supports IPv6 as network protocol.
    • Switched ftp-proxy(8) over to divert-to instead of rdr-to.
    • tftp-proxy(8) uses ‘divert-to’ as well.


  • SCSI improvements:
    • most SCSI hardware drivers now use the new iopools infrastructure.
    • scsi(4) devices are now all provided with a unique devid, which is displayed during the probe process.
    • ASC/ASCQ error codes and verbiage now in sync with
    • progress on iSCSI includes better login, better logout, preliminary FSM support in iscsid(8), and improved logging and debug information.
    • uk(4) can now safely and reliably detach an unknown SCSI device.
    • mpath(4) device and kernel support is improved.
    • vscsi(4) now ensures output always goes to the correct connection.
    • vscsi(4) connections can now be reset gracefully.
    • scsi(4) devices on fibre channel fabrics no longer inherit the adapter’s address.


  • Assorted improvements:
    • For additional security, security(8) was rewritten in Perl.
    • Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet) and supports -Tutf8 output (but no utf8 input yet).
    • Removed a variety of OS-compat emulation code, leaving just the Linux support.
    • Small improvements to Linux compat (only available on i386).
    • Improved our own pkg-config(1) implementation with extended comparison scheme and implementing various new options.
    • The math library, libm, was fully fleshed out to support all C99 required parts. Many bugs for various architectures were fixed along the way.
    • malloc(3) is a lot faster and has a few further security features (more randomization, as well as the ‘S’ flag to enable all paranoia checks).
    • ‘make depend’ is no longer neccessary in kernel compilation directories since the dependencies are calculated automatically.
    • Increased the default size of the buffer cache.
    • kqueue(2) now works on /dev/random and spliced sockets
    • On MBR-based disks, scan through up to 256 extended partition tables when looking for an OpenBSD partition table.
    • Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
    • Improved lint format string checks and added a few other checks.
    • kdump(1) now dumps stat and sockaddr structures, sysctl mib strings, and decodes syscall flags and operation bits.
    • Improved kernel pool debug checking.
    • Improved correctness of signals and various syscalls when rthreads are in use.
    • Kernel malloc(9) space and stacks moved to non-dma memory.
    • Fixed some shutdown/reboot hangs on NFS clients.
    • UNIX-domain socket paths are now guaranteed to be NUL-terminated.
    • Added support for *wprintf(3)wcs{,n}casecmp(3), and wcsdup(3).
    • NULL is now a (void *).


  • Install/Upgrade process changes:
    • Completed support for DUID disk installs, and enabled it fully.
    • Tried to make sysmerge(8) work in the installer, but ran into small problems and decided to disable it.
    • Install non-free firmwares from the internet upon first boot, based on a question in the installer.
    • svnd(4)-like behaviour became the default for vnd(4) devices. This is what is used to build the media.


  • rc.d(8) framework improvements:
    • rc.d(8) is now also used for the base system daemons.
    • Backward compatible with the historic way of starting daemons.
    • Notify the user by appending (ok) or (failed) in interactive mode.
    • Better diagnostics with the introduction of RC_DEBUG.


  • OpenSSH 5.9:
    • New features:
      • Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) “UsePrivilegeSeparation=sandbox” mode that enables mandatory restrictions on the syscalls the privsep child can perform.
      • Add new SHA256-based HMAC transport integrity modes from These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96, and are available by default in ssh(1) and sshd(8).
      • The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot.
      • ssh(1) now warns when a server refuses X11 forwarding.
      • sshd_config(5)‘s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2).
      • sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2.
      • sshd_config(5)‘s ControlPath option now expands %L to the host portion of the destination host name.
      • sshd_config(5) “Host” options now support negated Host matching.
      • sshd_config(5): a new RequestTTY option provides control over when a TTY is requested for a connection, similar to the existing -t/-tt/-T ssh(1) commandline options.
      • ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is useful for system initialisation scripts.
      • ssh(1): Allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests but don’t kill existing connections. This may be requested using “ssh -O stop …”.
      • ssh-add(1): now accepts keys piped from standard input.
    • The following significant bugs have been fixed in this release:
      • Retain key comments when loading v.2 keys. These will be visible in “ssh-add -l” and other places. (bz#439)
      • ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855)
      • sshd(8): allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don’t count such failures against MaxAuthTries. (bz#1244)
      • ssh-keysign(8): now signs hostbased authentication challenges correctly using ECDSA keys. (bz#1858)
      • sftp(1): document that sftp accepts square brackets to delimit addresses (useful for IPv6). (bz#1847a)
      • ssh(1): when using session multiplexing, the master process will change its process title to reflect the control path in use and when a ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911)
      • Other minor bugs fixed: (bz#1849, bz#1861, bz#1862, bz#1869, bz#1875, bz#1878, bz#1879, bz#1892, bz#1900, bz#1905, and bz#1913)


  • Over 7,200 ports, major robustness and speed improvements in package tools.
  • Many pre-built packages for each architecture:
    • i386: 7008
    • sparc64: 6456
    • alpha: 6046
    • sh: 3721
    • amd64: 6960
    • powerpc: 6691
    • sparc: 3277
    • arm: 2963
    • hppa: 6125
    • vax: 1409
    • mips64: 5689
    • mips64el: 5709


  • Some highlights:
    • Gnome 2.32.2
    • KDE 3.5.10
    • Xfce 4.8.0
    • MySQL 5.1.54
    • PostgreSQL 9.0.5
    • Postfix 2.8.4
    • OpenLDAP 2.3.43 and 2.4.25
    • Mozilla Firefox 3.5.19, 3.6.18 and 5.0
    • Mozilla Thunderbird 5.0
    • GHC 7.0.4
    • LibreOffice
    • Emacs 21.4, 22.3 and 23.3
    • Vim 7.3.154
    • PHP 5.2.17 and 5.3.6
    • Python 2.4.6, 2.5.4 and 2.7.1
    • Ruby and
    • Mono 2.10.2
    • Chromium 12.0.742.122
    • Groff 1.21


  • As usual, steady improvements in manual pages and other documentation.
  • Base system and Xenocara manuals are now installed as source code, making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
  • If both formatted and source versions of manuals are installed, man(1) automatically displays the newer version of each page. – The system includes the following major components from outside suppliers:
  • Xenocara (based on X.Org 7.6 with xserver 1.9 + patches, freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270, xkeyboard-config 2.3 and more)
  • Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches)
  • Perl 5.12.2 (+ patches)
  • Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support
  • OpenSSL 1.0.0a (+ patches)
  • Sendmail 8.14.5, with libmilter
  • Bind 9.4.2-P2 (+ patches)
  • Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
  • Sudo 1.7.2p8
  • Ncurses 5.7
  • Heimdal 0.7.2 (+ patches)
  • Arla 0.35.7
  • Binutils 2.15 (+ patches)
  • Gdb 6.3 (+ patches)


How to install

Following this are the instructions which you would have on a piece of paper if you had purchased a CDROM set instead of doing an alternate form of install. The instructions for doing an FTP (or other style of) install are very similar; the CDROM instructions are left intact so that you can see how much easier it would have been if you had purchased a CDROM instead.


Please refer to the following files on the three CDROMs or FTP mirror for extensive details on how to install OpenBSD 5.0 on your machine:


  • CD1:5.0/i386/INSTALL.i386 
  • CD2:5.0/amd64/INSTALL.amd64
  • CD2:5.0/macppc/INSTALL.macppc 
  • CD3:5.0/sparc64/INSTALL.sparc64 
  • FTP:…/OpenBSD/5.0/alpha/INSTALL.alpha
  • FTP:…/OpenBSD/5.0/armish/INSTALL.armish
  • FTP:…/OpenBSD/5.0/hp300/INSTALL.hp300
  • FTP:…/OpenBSD/5.0/hppa/INSTALL.hppa
  • FTP:…/OpenBSD/5.0/landisk/INSTALL.landisk
  • FTP:…/OpenBSD/5.0/loongson/INSTALL.loongson
  • FTP:…/OpenBSD/5.0/mvme68k/INSTALL.mvme68k
  • FTP:…/OpenBSD/5.0/mvme88k/INSTALL.mvme88k
  • FTP:…/OpenBSD/5.0/sgi/INSTALL.sgi
  • FTP:…/OpenBSD/5.0/socppc/INSTALL.socppc
  • FTP:…/OpenBSD/5.0/sparc/INSTALL.sparc
  • FTP:…/OpenBSD/5.0/vax/INSTALL.vax
  • FTP:…/OpenBSD/5.0/zaurus/INSTALL.zaurus

Quick installer information for people familiar with OpenBSD, and the use of the “disklabel -E” command. If you are at all confused when installing OpenBSD, read the relevant INSTALL.* file as listed above!



      Play with your BIOS options to enable booting from a CD. The OpenBSD/i386 release is on CD1. If your BIOS does not support booting from CD, you will need to create a boot floppy to install from. To create a boot floppy write


       to a floppy and boot via the floppy drive.

Use CD1:5.0/i386/floppyB50.fs instead for greater SCSI controller support, or CD1:5.0/i386/floppyC50.fs for better laptop support.

If you can’t boot from a CD or a floppy disk, you can install across the network using PXE as described in the included INSTALL.i386 document.

If you are planning on dual booting OpenBSD with another OS, you will need to read INSTALL.i386.

To make a boot floppy under MS-DOS, use the “rawrite” utility located at CD1:5.0/tools/rawrite.exe. To make the boot floppy under a Unix OS, use the dd(1) utility. The following is an example usage of dd(1), where the device could be “floppy”, “rfd0c”, or “rfd0a”.

# dd if=<file> of=/dev/<device> bs=32k

Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or your install will most likely fail. For more information on creating a boot floppy and installing OpenBSD/i386 please refer to FAQ 4.3.2.



      The 5.0 release of OpenBSD/amd64 is located on CD2. Boot from the CD to begin the install – you may need to adjust your BIOS options first. If you can’t boot from the CD, you can create a boot floppy to install from. To do this, write


       to a floppy, then boot from the floppy drive.

If you can’t boot from a CD or a floppy disk, you can install across the network using PXE as described in the included INSTALL.amd64 document.

If you are planning to dual boot OpenBSD with another OS, you will need to read INSTALL.amd64.



      Put CD2 in your CDROM drive and poweron your machine while holding down the


       key until the display turns on and shows

OpenBSD/macppc boot


Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot /5.0/macppc/bsd.rd



      Put CD3 in your CDROM drive and type

boot cdrom


If this doesn’t work, or if you don’t have a CDROM drive, you can write CD3:5.0/sparc64/floppy50.fs or CD3:5.0/sparc64/floppyB50.fs (depending on your machine) to a floppy and boot it with boot floppy. Refer to INSTALL.sparc64 for details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

You can also write CD3:5.0/sparc64/miniroot50.fs to the swap partition on the disk and boot with boot disk:b.

If nothing works, you can boot over the network as described in INSTALL.sparc64.



Write FTP:5.0/alpha/floppy50.fs or FTP:5.0/alpha/floppyB50.fs (depending on your machine) to a diskette and enter boot dva0. Refer to INSTALL.alpha for more details.

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.



After connecting a serial port, Thecus can boot directly from the network either tftp or http. Configure the network using fconfig, reset, then load bsd.rd, see INSTALL.armish for specific details. IOData HDL-G can only boot from an EXT-2 partition. Boot into linux and copy ‘boot’ and bsd.rd into the first partition on wd0 (hda1) then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. More details are available in INSTALL.armish.



Boot over the network by following the instructions in INSTALL.hp300.



Boot over the network by following the instructions in INSTALL.hppa or the hppa platform page.



Write miniroot50.fs to the start of the CF or disk, and boot normally.



Write miniroot50.fs to a USB stick and boot bsd.rd from it or boot bsd.rd via tftp. Refer to the instructions in INSTALL.loongson for more details.




You can create a bootable installation tape or boot over the network.
The network boot requires a MVME68K BUG version that supports the NIOT and NBO debugger commands. Follow the instructions in INSTALL.mvme68k for more details.



You can create a bootable installation tape or boot over the network.
The network boot requires a MVME88K BUG version that supports the NIOT and NBO debugger commands. Follow the instructions in INSTALL.mvme88k for more details.



To install on an O2, burn cd50.iso on a CD-R, put it in the CD drive of your machine and select Install System Software from the System Maintenance menu.

On other systems, or if your machine doesn’t have a CD drive, you can setup a DHCP/tftp network server, and boot using “bootp()/bsd.rd.IP##” using the kernel matching your system type. Refer to the instructions in INSTALL.sgi for more details.



After connecting a serial port, boot over the network via DHCP/tftp. Refer to the instructions in INSTALL.socppc for more details.



      Boot from one of the provided install ISO images, using one of the two commands listed below, depending on the version of your ROM.
ok boot cdrom 5.0/sparc/bsd.rd
> b sd(0,6,0)5.0/sparc/bsd.rd

If your SPARC system does not have a CD drive, you can alternatively boot from floppy. To do so you need to write floppy50.fs to a floppy. For more information see FAQ 4.3.2. To boot from the floppy use one of the two commands listed below, depending on the version of your ROM.

ok boot floppy
> b fd()

Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install will most likely fail.

If your SPARC system doesn’t have a floppy drive nor a CD drive, you can either setup a bootable tape, or install via network, as told in the INSTALL.sparc file.



    Boot over the network via mopbooting as described in INSTALL.vax.



Using the Linux built-in graphical ipkg installer, install the openbsd50_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus for a few important details.


Notes about the source code:

      src.tar.gz contains a source archive starting at /usr/src. This file contains everything you need except for the kernel sources, which are in a separate archive. To extract:


# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz

sys.tar.gz contains a source archive starting at /usr/src/sys. This file contains all the kernel sources you need to rebuild kernels. To extract:


# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz

Both of these trees are a regular CVS checkout. Using these trees it is possible to get a head-start on using the anoncvs servers as described here. Using these files results in a much faster initial CVS update than you could expect from a fresh checkout of the full OpenBSD source tree.


How to upgrade

If you already have an OpenBSD 4.9 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide.


Ports Tree

A ports tree archive is also provided. To extract:


# cd /usr
# tar xvfz /tmp/ports.tar.gz
# cd ports

The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go read the ports page if you know nothing about ports at this point. This text is not a manual of how to use ports. Rather, it is a set of notes meant to kickstart the user on the OpenBSD ports system.

The ports/ directory represents a CVS (see the manpage for cvs(1) if you aren’t familiar with CVS) checkout of our ports. As with our complete source tree, our ports tree is available via anoncvs. So, in order to keep current with it, you must make the ports/ tree available on a read-write medium and update the tree with a command like:


# cd [portsdir]/; cvs -d update -Pd -rOPENBSD_5_0

[Of course, you must replace the local directory and server name here with the location of your ports collection and a nearby anoncvs server.]

Note that most ports are available as packages through FTP. Updated packages for the 5.0 release will be made available if problems arise.

If you’re interested in seeing a port added, would like to help out, or just would like to know more, the mailing list is a good place to know.


$OpenBSD: 50.html,v 1.8 2011/11/01 18:24:06 dcoppa Exp $

Tagged with:  

Comments are closed.