[OpenBSD]

[FAQ Index]

Following -current


Table of Contents


Introduction

This document is for people who wish to follow -current. It contains information about changes from 5.7-release to -current, and should NOT be used by anyone upgrading from 5.6 or earlier, or people wishing to follow -stable.

If you wish to upgrade to 5.7-release or 5.7-stable from previous versions, see the upgrade guide instead, as what is here does not apply to 5.7.

Make sure you have read and understood FAQ 5 - Building the System from Source before using -current and the instructions below.

You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported.

Most of these changes will have to be performed as root.

2015/04/04 - [ports] rc script name changes

The rc scripts for some ports have changed their name to better match the original upstream names and/or binary name: Modify /etc/rc.conf.local accordingly:
	perl -pi -e 's/dbus_daemon/messagebus/;' -e 's/puppetmasterd/puppetmaster/;' -e 's/puppetd/puppet/;' /etc/rc.conf.local

2015/04/24 - tip(1) removed

tip(1) has been removed in favour of cu(1):
	rm /usr/bin/tip /usr/share/man/man1/tip.1

2015/04/27 - _file user added

A new _file user and group have been added to support privilege separation in file(1). sysmerge(8) should be run to ensure it is added.

2015/04/28 - sshd default changed to PermitRootLogin no

sshd no longer allows root logins by default. If you rely on this, you can reinstate it by adding "PermitRootLogin without-password" or "PermitRootLogin yes" to /etc/ssh/sshd_config, and reloading sshd configuration ("rcctl reload sshd"). Beware that root is a common target of password-guessing attacks, so consider your options carefully before deviating from the default.

2015/05/02 - pf_rules and ipsec_rules removed from rc.conf(5)

The pf_rules and ipsec_rules variables have been removed from rc.conf(5): rc(8) will now always use the default paths: /etc/pf.conf and /etc/ipsec.conf).
If you were relying on those to set a custom configuration path for pfctl(8) or ipsecctl(8). you must move your configuration to the standard path or create a default configuration that will include your custom one. For example:
    echo 'include "/path/to/custom/pf.conf"' >/etc/pf.conf

2015/05/15 - [ports] www/apache-httpd updated to 2.4.12

Apache HTTPD is now at 2.4.12. When upgrading from 2.2.x releases manual configuration changes may be required. See the Apache HTTPD 2.4 upgrade guide for details.
The ap2-mod_fastcgi and ap2-mod_fcgid ports have been superseded by mod_proxy_fcgi which ships with Apache HTTPD 2.4 out of the box.

2015/05/17 - isatty(3) depends on new feature in fcntl(2)

An F_ISATTY feature was added to fcntl(2), and isatty(3) requires it. Build a new kernel before updating libc.

2015/05/18 - spamd(8) PF rule change: rdr-to to divert-to

pf(4) rules for spamd(8) must be changed from rdr-to to divert-to rules; a simple replacement should work. Additionally, spamd(8) now listens on 127.0.0.1 by default instead of 0.0.0.0.

2015/05/23 - ipsec.conf(5) default Diffie-Hellman group change

Automatic keying rules in ipsec.conf(5) now default to the modp3072 Diffie-Hellman group in both main mode and quick mode. isakmpd(8) will fail to negotiate flows and security associations unless both sides use the same cryptographic parameters. To make old setups that still use the previous defaults communicate with the new parameters, add "main group modp3072" and "quick group modp3072" to the rules. For example:
    ike from 192.168.1.1 to 192.168.1.2 \
        main group modp3072 quick group modp3072

2015/05/28 - CUPS GTK+2 plugin is now in a separate package

The plugin to allow printer selection from GTK+2 applications, previously in the main GTK+2 package, has now been separated. To be able to use CUPS printers from these applications (including GIMP, Firefox, etc), install the gtk+2-cups package.

2015/06/01 - alpha switches to secureplt

The toolchain of the alpha port has been updated to produce binaries with a faster and smaller plt format. In order to support this format, ld.so and libc.so need to be updated before any of the new binaries can run. While upgrading from a snapshot remains the preferred way to update, it is possible to update by source by following this order: You can then proceed to rebuild your system as usual.

2015/06/02 - sparc switches to PIE

The sparc port is now using PIE binaries. To upgrade by source, follow these steps: You can then proceed to rebuild your system as usual.


$OpenBSD: current.html,v 1.610 2015/06/02 20:36:10 miod Exp $