[FAQ Index]

Following -current

Table of Contents


This document is for people who wish to follow -current. It contains information about changes from 5.7-release to -current, and should NOT be used by anyone upgrading from 5.6 or earlier, or people wishing to follow -stable.

If you wish to upgrade to 5.7-release or 5.7-stable from previous versions, see the upgrade guide instead, as what is here does not apply to 5.7.

Make sure you have read and understood FAQ 5 - Building the System from Source before using -current and the instructions below.

You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported.

Most of these changes will have to be performed as root.

2015/04/04 - [ports] rc script name changes

The rc scripts for some ports have changed their name to better match the original upstream names and/or binary name: Modify /etc/rc.conf.local accordingly:
	perl -pi -e 's/dbus_daemon/messagebus/;' -e 's/puppetmasterd/puppetmaster/;' -e 's/puppetd/puppet/;' /etc/rc.conf.local

2015/04/24 - tip(1) removed

tip(1) has been removed in favour of cu(1):
	rm /usr/bin/tip /usr/share/man/man1/tip.1

2015/04/27 - _file user added

A new _file user and group have been added to support privilege separation in file(1). sysmerge(8) should be run to ensure it is added.

2015/04/28 - sshd default changed to PermitRootLogin no

sshd no longer allows root logins by default. If you rely on this, you can reinstate it by adding "PermitRootLogin without-password" or "PermitRootLogin yes" to /etc/ssh/sshd_config, and reloading sshd configuration ("rcctl reload sshd"). Beware that root is a common target of password-guessing attacks, so consider your options carefully before deviating from the default.

2015/05/02 - pf_rules and ipsec_rules removed from rc.conf(5)

The pf_rules and ipsec_rules variables have been removed from rc.conf(5): rc(8) will now always use the default paths: /etc/pf.conf and /etc/ipsec.conf.
If you were relying on those to set a custom configuration path for pfctl(8) or ipsecctl(8), you must move your configuration to the standard path or create a default configuration that will include your custom one. For example:
    echo 'include "/path/to/custom/pf.conf"' >/etc/pf.conf

2015/05/15 - [ports] www/apache-httpd updated to 2.4.12

Apache HTTPD is now at 2.4.12. When upgrading from 2.2.x releases manual configuration changes may be required. See the Apache HTTPD 2.4 upgrade guide for details.
The ap2-mod_fastcgi and ap2-mod_fcgid ports have been superseded by mod_proxy_fcgi which ships with Apache HTTPD 2.4 out of the box.

2015/05/17 - isatty(3) depends on new feature in fcntl(2)

An F_ISATTY feature was added to fcntl(2), and isatty(3) requires it. Build a new kernel before updating libc.

2015/05/18 - spamd(8) PF rule change: rdr-to to divert-to

pf(4) rules for spamd(8) must be changed from rdr-to to divert-to rules; a simple replacement should work. Additionally, spamd(8) now listens on by default instead of

2015/05/23 - ipsec.conf(5) default Diffie-Hellman group change

Automatic keying rules in ipsec.conf(5) now default to the modp3072 Diffie-Hellman group in both main mode and quick mode. isakmpd(8) will fail to negotiate flows and security associations unless both sides use the same cryptographic parameters. To make old setups that still use the previous defaults communicate with the new parameters, add "main group modp3072" and "quick group modp3072" to the rules. For example:
    ike from to \
        main group modp3072 quick group modp3072

2015/05/28 - CUPS GTK+2 plugin is now in a separate package

The plugin to allow printer selection from GTK+2 applications, previously in the main GTK+2 package, has now been separated. To be able to use CUPS printers from these applications (including GIMP, Firefox, etc), install the gtk+2-cups package.

2015/06/01 - alpha switches to secureplt

The toolchain of the alpha port has been updated to produce binaries with a faster and smaller plt format. In order to support this format, ld.so and libc.so need to be updated before any of the new binaries can run. While upgrading from a snapshot remains the preferred way to update, it is possible to update by source by following this order: You can then proceed to rebuild your system as usual.

2015/06/02 - sparc switches to PIE

The sparc port is now using PIE binaries. To upgrade by source, follow these steps: You can then proceed to rebuild your system as usual.

2015/06/05 - [ports] default PHP version switched to 5.6

The default version of PHP has been switched to 5.6. After updating to new packages, you will need to move the configuration across from 5.5. Check for local changes in /etc/php-5.5.ini and apply them to php-5.6.ini, and create new symbolic links for any required extensions in /etc/php-5.6. For the common case where you would like to keep existing extensions you can do this:
# cd /etc/php-5.5
# for i in *; do ln -s ../php-5.6.sample/$i ../php-5.6/; done
Note that pkg_add -u will not move to the newer php-fpm release version; most users will need to manually pkg_delete php-fpm and then pkg_add the new version.

Additionally note that there have been changes to PHP 5.6's SSL/TLS support. When a PHP script makes an SSL/TLS client connection, peer certificates are now verified by default, which was not the case previously. Since the standard CA certificate bundle is outside the chroot jail frequently used with PHP on OpenBSD, you may need to copy this across to allow client connections to function.

# mkdir -p /var/www/etc/ssl
# cp /etc/ssl/cert.pem /var/www/etc/ssl/

2015/07/03 - sudo has moved to ports

sudo(8) has been removed from the base OS. The old binaries and manual pages should be removed:
       rm -f /usr/bin/sudo /usr/bin/sudoedit /usr/sbin/visudo
       rm -f /usr/share/man/man8/sudo.8 /usr/share/man/man8/sudoedit.8
       rm -f /usr/share/man/man8/visudo.8 /usr/share/man/man5/sudoers.5
       rm -f /usr/libexec/sudo_noexec.so
If you would like to continue using sudo(8), install it from packages:
       pkg_add sudo
Otherwise, remove its configuration as well:
       rm -f /etc/sudoers
Caution: If you rely on sudo as your primary means of gaining root privileges, you should install and test it from packages (taking care to test using /usr/local/bin/sudo) before removing the old binary.

2015/07/20 - [ports] freeradius rc script renamed

The rc script for freeradius has been renamed from radiusd to freeradius. Adjust rc.conf.local if necessary.

2015/08/22 - [xenocara] libdrm updated

libdrm has been updated to a new version, moving a few files around. As a consequence, old files should be removed:
         rm -f /usr/X11R6/include/intel_*.h
	 rm -f /usr/X11R6/include/r600_pci_ids.h
	 rm -f /usr/X11R6/include/radeon_*.h

2015/08/25 - [ports] security/cfs removed

The security/cfs ports has been removed, users are encouraged to use another data encryption method. Possible alternatives are softraid(4) CRYPTO, encrypted vnd(4) devices or the security/encfs port. To remove an existing cfs package, use:
	pkg_delete cfs

2015/09/11 - config(8) update

An up to date config(8) is needed to build kernels. After updating the source tree, a new config(8) can be built and installed:
	cd /usr/src/usr.sbin/config
	make obj && make cleandir && make depend && make && make install
Afterwards, any existing kernel compilation directories must be rebuilt after running config again. Refer to release(8) for details.

2015/09/12 - ifmedia extended to 64 bits

The ifmedia options word has been extended to 64 bits. This changes numbers of the SIOCSIFMEDIA and SIOCGIFMEDIA ioctls and grows struct ifmediareq. Upgrading from snapshots is recommended. Old ifconfig and dhclient binaries are able to configure addresses on interfaces but are unable to display or change media settings. When upgrading from source, ifconfig and dhclient must be recompiled with new headers to run properly on top of a new kernel. This will happen automatically during a normal 'make build'. In case neither snapshots nor 'make build' can be used, the manual steps are:
	install -m 444 -o root -g bin /usr/src/sys/net/if.h /usr/include/net/if.h
	install -m 444 -o root -g bin /usr/src/sys/net/if_media.h /usr/include/net/if_media.h
	install -m 444 -o root -g bin /usr/src/sys/sys/sockio.h /usr/include/sys/sockio.h
	cd /usr/src/sbin/ifconfig
	make obj
	make depend
	make install
	cd /usr/src/sbin/dhclient
	make obj
	make depend
	make install
Some additional libraries and applications must also be recompiled. Run a full 'make build' to ensure everything is in order.

2015/09/18 - [ports] php-fpm rc script renamed

To allow installing multiple versions of php-fpm on the same system, the rc script has been renamed to include the version number. If you are using this, modify references to php_fpm in /etc/rc.conf.local to e.g. php56_fpm.

$OpenBSD: current.html,v 1.625 2015/09/18 09:18:32 sthen Exp $