[FAQ Index]

Following -current

Table of Contents


This document is for people who wish to follow -current. It contains information about changes from 5.7-release to -current, and should NOT be used by anyone upgrading from 5.6 or earlier, or people wishing to follow -stable.

If you wish to upgrade to 5.7-release or 5.7-stable from previous versions, see the upgrade guide instead, as what is here does not apply to 5.7.

Make sure you have read and understood FAQ 5 - Building the System from Source before using -current and the instructions below.

You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported.

Most of these changes will have to be performed as root.

2015/04/04 - [ports] rc script name changes

The rc scripts for some ports have changed their name to better match the original upstream names and/or binary name: Modify /etc/rc.conf.local accordingly:
	perl -pi -e 's/dbus_daemon/messagebus/;' -e 's/puppetmasterd/puppetmaster/;' -e 's/puppetd/puppet/;' /etc/rc.conf.local

2015/04/24 - tip(1) removed

tip(1) has been removed in favour of cu(1):
	rm /usr/bin/tip /usr/share/man/man1/tip.1

2015/04/27 - _file user added

A new _file user and group have been added to support privilege separation in file(1). sysmerge(8) should be run to ensure it is added.

2015/04/28 - sshd default changed to PermitRootLogin no

sshd no longer allows root logins by default. If you rely on this, you can reinstate it by adding "PermitRootLogin without-password" or "PermitRootLogin yes" to /etc/ssh/sshd_config, and reloading sshd configuration ("rcctl reload sshd"). Beware that root is a common target of password-guessing attacks, so consider your options carefully before deviating from the default.

2015/05/02 - pf_rules and ipsec_rules removed from rc.conf(5)

The pf_rules and ipsec_rules variables have been removed from rc.conf(5): rc(8) will now always use the default paths: /etc/pf.conf and /etc/ipsec.conf).
If you were relying on those to set a custom configuration path for pfctl(8) or ipsecctl(8). you must move your configuration to the standard path or create a default configuration that will include your custom one. For example:
    echo 'include "/path/to/custom/pf.conf"' >/etc/pf.conf

2015/05/15 - [ports] www/apache-httpd updated to 2.4.12

Apache HTTPD is now at 2.4.12. When upgrading from 2.2.x releases manual configuration changes may be required. See the Apache HTTPD 2.4 upgrade guide for details.
The ap2-mod_fastcgi and ap2-mod_fcgid ports have been superseded by mod_proxy_fcgi which ships with Apache HTTPD 2.4 out of the box.

2015/05/17 - isatty(3) depends on new feature in fcntl(2)

An F_ISATTY feature was added to fcntl(2), and isatty(3) requires it. Build a new kernel before updating libc.

2015/05/18 - spamd(8) PF rule change: rdr-to to divert-to

pf(4) rules for spamd(8) must be changed from rdr-to to divert-to rules; a simple replacement should work. Additionally, spamd(8) now listens on by default instead of

2015/05/23 - ipsec.conf(5) default Diffie-Hellman group change

Automatic keying rules in ipsec.conf(5) now default to the modp3072 Diffie-Hellman group in both main mode and quick mode. isakmpd(8) will fail to negotiate flows and security associations unless both sides use the same cryptographic parameters. To make old setups that still use the previous defaults communicate with the new parameters, add "main group modp3072" and "quick group modp3072" to the rules. For example:
    ike from to \
        main group modp3072 quick group modp3072

2015/05/28 - CUPS GTK+2 plugin is now in a separate package

The plugin to allow printer selection from GTK+2 applications, previously in the main GTK+2 package, has now been separated. To be able to use CUPS printers from these applications (including GIMP, Firefox, etc), install the gtk+2-cups package.

2015/06/01 - alpha switches to secureplt

The toolchain of the alpha port has been updated to produce binaries with a faster and smaller plt format. In order to support this format, ld.so and libc.so need to be updated before any of the new binaries can run. While upgrading from a snapshot remains the preferred way to update, it is possible to update by source by following this order: You can then proceed to rebuild your system as usual.

2015/06/02 - sparc switches to PIE

The sparc port is now using PIE binaries. To upgrade by source, follow these steps: You can then proceed to rebuild your system as usual.

2015/06/05 - [ports] default PHP version switched to 5.6

The default version of PHP has been switched to 5.6. After updating to new packages, you will need to move the configuration across from 5.5. Check for local changes in /etc/php-5.5.ini and apply them to php-5.6.ini, and create new symbolic links for any required extensions in /etc/php-5.6. For the common case where you would like to keep existing extensions you can do this:
# cd /etc/php-5.5
# for i in *; do ln -s ../php-5.6.sample/$i ../php-5.6/; done
Note that pkg_add -u will not move to the newer php-fpm release version; most users will need to manually pkg_delete php-fpm and then pkg_add the new version.

Additionally note that there have been changes to PHP 5.6's SSL/TLS support. When a PHP script makes an SSL/TLS client connection, peer certificates re now verified by default, which was not the case previously. Since the standard CA certificate bundle is outside the chroot jail frequently used with PHP on OpenBSD, you may need to copy this across to allow client connections to function.

# mkdir -p /var/www/etc/ssl
# cp /etc/ssl/cert.pem /var/www/etc/ssl/

2015/07/03 - sudo has moved to ports

sudo(8) has been removed from the base OS. The old binaries and manual pages should be removed:
       rm -f /usr/bin/sudo /usr/bin/sudoedit /usr/sbin/visudo
       rm -f /usr/share/man/man8/sudo.8 /usr/share/man/man8/sudoedit.8
       rm -f /usr/share/man/man8/visudo.8 /usr/share/man/man5/sudoers.5
If you would like to continue using sudo(8), install it from packages:
       pkg_add sudo
Otherwise, remove its configuration as well:
       rm -f /etc/sudoers
Caution: If you rely on sudo as your primary means of gaining root privileges, you should install and test it from packages (taking care to test using /usr/local/bin/sudo) before removing the old binary.

$OpenBSD: current.html,v 1.615 2015/07/04 15:11:47 millert Exp $