[FAQ Index]

Following -current

Table of Contents


This document is for people who wish to follow -current. It contains information about changes from 5.5-release to -current, and should NOT be used by anyone upgrading from 5.4 or earlier, or people wishing to follow -stable.

If you wish to upgrade to 5.5-release or 5.5-stable from previous versions, see the upgrade guide.

Make sure you have read and understood FAQ 5 - Building the System from Source before using -current and the instructions below.

You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported.

Most of these changes will have to be performed as root.

2014/03/12 - smtpd becomes default MTA

The default system MTA is now smtpd. If you are running sendmail with anything other than the default configuration, please exercise caution and care when upgrading. The sendmail cronjob should be disabled, /etc/mailer.conf and /etc/rc.conf{,local} should be checked to verify one and only one MTA is enabled, and newaliases run.
    crontab -e
    vi /etc/mailer.conf
    vi /etc/rc.conf
    vi /etc/rc.conf.local

2014/03/12 - spray removed

/usr/sbin/spray and the associated rpc daemon have been removed.
    rm -f /usr/sbin/spray
    rm -f /usr/libexec/rpc.sprayd
    rm -f /usr/share/man/man8/{,rpc.}spray{,d}.8
    vi /etc/inetd.conf

2014/03/13 - _smtpq user added

A new _smtpq user and group have been added to support privilege separation in smtpd. Add the following passwd line using vipw.
    _smtpq:*:103:103::0:0:SMTP Daemon:/var/empty:/sbin/nologin
Add the following line to /etc/group.
If you have previously started smtpd, you will need to change the owner of the queue subdirectories.
    cd /var/spool/smtpd
    chown -R _smtpq corrupt incoming purge queue temporary

2014/03/13 - httpd(8) removed

/usr/sbin/httpd and the associated tools and files have been removed. Consider using nginx(8) for your http serving needs, but note that nginx is not a drop-in replacement. If you need the old httpd(8) or tools (e.g. logresolve, htdigest, etc) and cannot switch at this time, see the port www/apache-httpd-openbsd. If using modules, change the path in LoadModule configuration lines from "/usr/lib/apache/modules" to "/usr/local/lib/apache/modules" otherwise you will most likely have library conflicts and "size mismatch, relink your program" errors logged. All users need to remove the following files and directories:
    rm -rf /usr/lib/apache
    rm -rf /usr/share/doc/html/httpd
    rm -f /usr/bin/{dbmmanage,htdigest}
    rm -f /usr/sbin/{apachectl,apxs,logresolve,rotatelogs,suexec}
    rm -f /usr/share/man/man1/{dbmmanage.1,htdigest.1}
    rm -f /usr/share/man/man8/{apachectl.8,apxs.8,logresolve.8}
    rm -f /usr/share/man/man8/{rotatelogs.8,suexec.8}
This is revised from the list in previous versions of this page due to the inclusion of httpd(8).

The following files are associated with httpd(8) and can be deleted in some cases, but may have been replaced with user content or configuration. Warning: On systems which currently or have previously used any http daemon, care must be taken and files analyzed case by case to avoid accidental deletion of user content or important configuration files. In particular, users moving to apache-httpd-openbsd will want to keep many of these files.

    rm -rf /var/www/icons
    rmdir /var/www/conf/{modules,modules.sample}
    rmdir /var/www/users
    rm -f /var/www/cgi-bin/{printenv,test-cgi}
    rm -f /var/www/conf/{httpd.conf,magic,mime.types}
    rm -f /var/www/htdocs/{apache_pb.gif,blowfish.jpg,bsd_small.gif,index.html}
    rm -f /var/www/htdocs/{lock.gif,logo23.jpg,logo24.jpg,mod_ssl_sb.gif}
    rm -f /var/www/htdocs/{openbsd_pb.gif,openbsdpower.gif,openssl_ics.gif}
    rm -f /var/www/htdocs/smalltitle.gif
Many PHP applications will work under nginx with few or minimal changes; in most cases php-fpm is the preferred method of running PHP under nginx.

2014/03/16 - [ports] unbound(8) moved to base

Unbound has moved to the base OS.

If the package is installed, remove it before upgrading to avoid a conflict in /etc/rc.d/unbound, and edit rc.conf.local to remove "unbound" from "pkg_scripts=..." lines, and add "unbound_flags=" instead.

    pkg_delete unbound
    vi /etc/rc.conf.local
The following applies only to those updating from source, or updating from a snapshot without using sysmerge: The _unbound user should be added using vipw (or the UID should be modified if you were previously using Unbound from ports).
    _unbound:*:53:53::0:0:Unbound Daemon:/var/unbound:/sbin/nologin
And _unbound group.
On or before March 19, sysmerge(8) was unable to do the /etc/group crossing automatically if updating from source. Manual intervention will be required in those situations.

2014/03/17 - ftpd(8) disallows uid < 1000 by default

ftpd(8) now defaults to denying access to user accounts with uid below 1000. See the -m option if you need to change this.

2014/03/17 - userland agp(4) interfaces removed

With the introduction of KMS, userland access to agp(4) is no longer needed. Since these interfaces provided low-level access to the hardware, they have been removed. You should remove the associated header file:
    rm -f /usr/include/sys/agpio.h

2014/03/17 - userland ppp(8) and pppoe(8) implementations removed

The userland ppp(8) daemon and its associated PPPoE helper, pppoe(8), have been removed. As a result, the old binaries and manual pages should be removed:
    rm -f /etc/ppp/ppp.{conf,linkdown,linkup,secret}.sample
    rm -f /usr/sbin/ppp /usr/share/man/man8/ppp.8
    rm -f /usr/sbin/pppctl /usr/share/man/man8/pppctl.8
    rm -f /usr/sbin/pppoe /usr/share/man/man8/pppoe.8
Many users will be able to migrate to the kernel implementations: pppoe(4) (for PPPoE), ppp(4) and its associated control program pppd(8) (for modems, mobile data, and some use with userland programs via a pipe).

Another option for some users is npppd(8) which supports L2TP, PPTP and PPPoE (currently server-side, IPv4 only).

2014/03/19 - rcp(1) removed

rcp(1) has been removed. As a result, the binary and manual page should be removed:
    rm -f /bin/rcp /usr/share/man/man1/rcp.1

2014/03/23 - powerpc is now PIE

The powerpc platform has been switched to PIE (position-independent executables) by default. Everyone is encouraged to update via snapshots (dated after 2014/03/23); if you want to upgrade via sources, follow these instructions:

First, make sure you are running an up-to-date kernel. Second, install the new system Makefiles with the change to PIE_ARCH in bsd.own.mk:

    cd /usr/src/share/mk && make install
Then, recompile and install gcc and binutils.
    cd /usr/src/gnu/usr.bin/binutils
    make -f Makefile.bsd-wrapper clean && make -f Makefile.bsd-wrapper obj && \
        make -f Makefile.bsd-wrapper depend && make -f Makefile.bsd-wrapper
    cd /usr/src/gnu/usr.bin/cc
    make clean && make obj && make depend && make && make install
    cd /usr/src/gnu/usr.bin/binutils && make -f Makefile.bsd-wrapper install
Finally, recompile your system by following the procedure outlined in release(8).

2014/03/23 - librt removed

The librt static stub library has been removed. The leftover files must be deleted.
    rm -f /usr/lib/librt{,_p}.a

2014/03/23 - Miscellaneous functions removed

Miscellaneous functions have been removed from libc. The corresponding header files must be deleted.
    rm -f /usr/include/bm.h
    rm -f /usr/include/md4.h

2014/03/23 - mount(2) changes for NFS, mfs, msdosfs, and ntfs

Changes to the mount(2) API/ABI means that NFS servers must rebuild mountd(8) against the updated headers and restart it after rebooting to the new kernel.
Similarly, the mount_mfs(8), mount_msdos(8), and mount_ntfs(8) must be recompiled and reinstalled. Installing a new snapshot is—as always—recommended.

2014/03/24 - tcpwrappers removed

libwrap and tcpd have been removed. The leftover remnants must be purged. The entries in /etc/host.{allow,deny} can be converted into filtering rules in /etc/pf.conf.
    rm -f /usr/lib/libwrap{,_p}.*
    rm -f /usr/libexec/tcpd
    rm -f /usr/include/tcpd.h
    rm -f /usr/sbin/tcpd{chk,match}
    rm -f /usr/share/man/man3/hosts_access.3
    rm -f /usr/share/man/man5/hosts.{allow,deny}.5
    rm -f /usr/share/man/man5/hosts_{access,options}.5
    rm -f /usr/share/man/man8/tcpd{,chk,match}.8
    rm -f /etc/hosts.{allow,deny}

2014/03/26 - rmail(8) and uucpd(8) moved to ports

/bin/rmail and uucpd(8) have been removed from the base system and added to the ports tree. As a result, the old binaries and manual pages should be removed:
    rm -f /bin/rmail
    rm -f /usr/share/man/man8/rmail.8
    rm -f /usr/libexec/uucpd
    rm -f /usr/share/man/man8/uucpd.8
Users of these programs should install the rmail and uucpd packages instead.

2014/03/29 - pflow(4) pflowproto 9 removed

pflow(4)'s pflowproto 9 has been removed. Consider using pflowproto 10.

2014/04/14 - snmpd(8), snmpctl(8), and relayd(8) now communicate via AgentX protocol

The communications channel over which snmpd(8) accepts trap requests has been converted to the AgentX protocol. Users who have configured relayd(8) to send traps on host status changes will have to modify their configurations for both snmpd(8) and relayd(8):
    # listen for AgentX connections
    socket "/var/run/agentx.sock" agentx
relayd.conf(5) syntax has changed, from "send trap" to "snmp trap":
    # used to be "send trap"
    snmp trap "/var/run/agentx.sock"

2014/04/19 - altq removed

The old queueing subsystem, altq, has been removed. If any pf.conf(5) rules mentioning "altq" or "oldqueue" are still present, loading the ruleset will now fail, so must be removed or migrated to the new queue configuration. Old headers should also be removed:
    rm -rf /usr/include/altq

2014/04/20 - [ports] roundcubemail update needs config changes

Roundcube configuration files have been rearranged, if upgrading an existing system you will need to migrate your settings from old config files (db.inc.php and main.inc.php) to the new file (config.inc.php).

2014/04/21 - lpd(8): hosts.equiv removed

hosts.equiv usage has been deprecated and lpd(8) does not use it anymore for access control. Users of this file should migrate to use /etc/hosts.lpd.

2014/04/22 - kerberosV removed

kerberosV has been removed. The login methods "krb5" and "krb5-or-pwd" are not supported anymore and should be removed from login.conf(5). Many dependencies and packages have to be updated. The libraries, headers and other related files should be removed from the system.
	rm -rf /etc/kerberosV/
	rm -f /etc/rc.d/{kadmind,kdc,kpasswdd,ipropd_master,ipropd_slave}
	rm -f /usr/bin/asn1_compile
	rm -f /usr/bin/compile_et
	rm -f /usr/bin/kcc
	rm -f /usr/bin/kdestroy
	rm -f /usr/bin/kf
	rm -f /usr/bin/kgetcred
	rm -f /usr/bin/kinit
	rm -f /usr/bin/klist
	rm -f /usr/bin/krb5-config
	rm -f /usr/bin/slc
	rm -f /usr/bin/string2key
	rm -f /usr/bin/verify_krb5_conf
	rm -rf /usr/include/kerberosV/
	rm -f /usr/lib/libasn1{,_p}.*
	rm -f /usr/lib/libcom_err{,_p}.*
	rm -f /usr/lib/libgssapi{,_p}.*
	rm -f /usr/lib/libhdb{,_p}.*
	rm -f /usr/lib/libheimbase{,_p}.*
	rm -f /usr/lib/libkadm5clnt{,_p}.*
	rm -f /usr/lib/libkadm5srv{,_p}.*
	rm -f /usr/lib/libkafs{,_p}.*
	rm -f /usr/lib/libkdc{,_p}.*
	rm -f /usr/lib/libkrb5{,_p}.*
	rm -f /usr/lib/libroken{,_p}.*
	rm -f /usr/lib/libwind{,_p}.*
	rm -rf /usr/libdata/perl5/site_perl/*-openbsd/kerberosV/
	rm -f /usr/libexec/auth/login_krb5{,-or-pwd}
	rm -f /usr/libexec/hprop{,d}
	rm -f /usr/libexec/ipropd-{master,slave}
	rm -f /usr/libexec/kadmind
	rm -f /usr/libexec/kdc
	rm -f /usr/libexec/kfd
	rm -f /usr/libexec/kpasswdd
	rm -f /usr/sbin/iprop-log
	rm -f /usr/sbin/kadmin
	rm -f /usr/sbin/kimpersonate
	rm -f /usr/sbin/kstash
	rm -f /usr/sbin/ktutil
	rm -f /usr/share/info/heimdal.info
	rm -f /usr/share/man/man1/kdestroy.1
	rm -f /usr/share/man/man1/kf.1
	rm -f /usr/share/man/man1/kgetcred.1
	rm -f /usr/share/man/man1/kinit.1
	rm -f /usr/share/man/man1/klist.1
	rm -f /usr/share/man/man1/krb5-config.1
	rm -f /usr/share/man/man1/kswitch.1
	rm -f /usr/share/man/man3/ecalloc.3
	rm -f /usr/share/man/man3/getarg.3
	rm -f /usr/share/man/man3/{gss,krb5,krb}_*.3
	rm -f /usr/share/man/man3/gssapi.3
	rm -f /usr/share/man/man3/gsskrb5_extract_authz_data_from_sec_context.3
	rm -f /usr/share/man/man3/gsskrb5_register_acceptor_identity.3
	rm -f /usr/share/man/man3/k_afs_cell_of_file.3
	rm -f /usr/share/man/man3/k_hasafs.3
	rm -f /usr/share/man/man3/k_hasafs_recheck.3
	rm -f /usr/share/man/man3/k_pioctl.3
	rm -f /usr/share/man/man3/k_setpag.3
	rm -f /usr/share/man/man3/k_unlog.3
	rm -f /usr/share/man/man3/kadm5_pwcheck.3
	rm -f /usr/share/man/man3/kafs*.3
	rm -f /usr/share/man/man3/krb524_*.3
	rm -f /usr/share/man/man3/parse_time.3
	rm -f /usr/share/man/man3/rtbl.3
	rm -f /usr/share/man/man5/krb5.conf.5
	rm -f /usr/share/man/man5/mech.5
	rm -f /usr/share/man/man8/hprop{,d}.8
	rm -f /usr/share/man/man8/iprop{,-log}.8
	rm -f /usr/share/man/man8/ipropd-{master,slave}.8
	rm -f /usr/share/man/man8/kadmin{,d}.8
	rm -f /usr/share/man/man8/kdc.8
	rm -f /usr/share/man/man8/kerberos.8
	rm -f /usr/share/man/man8/kfd.8
	rm -f /usr/share/man/man8/kimpersonate.8
	rm -f /usr/share/man/man8/kpasswdd.8
	rm -f /usr/share/man/man8/kstash.8
	rm -f /usr/share/man/man8/ktutil.8
	rm -f /usr/share/man/man8/login_krb5{,-or-pwd}.8
	rm -f /usr/share/man/man8/string2key.8
	rm -f /usr/share/man/man8/verify_krb5_conf.8
Remaining users of kerberosV should download and install the software manually or use the kerberos packages when they become available.

2014/05/03 - bcrypt hash advanced to $2b$ mode

The bcrypt(3) hash has been advanced to the new $2b$ mode. Newly created hashes will follow this form. Older systems may not understand this format.

2014/05/27 - route(8) -priority 1 reserved for the kernel

The route(8) priority 1 has been reserved for the kernel and it is no longer possible to set it from userland.

2014/06/03 - sshd(8) change of default MACs, modes, ciphers

This refers to a change made on 2014/03/25. Weak or broken hashes, ciphers and modes were removed from the default sshd(8) configuration. Some clients do not support any of the methods which are now available by default, so will not be able to connect without changes. In those cases, the client should be updated or replaced. If this is impossible, the weak methods can be enabled via sshd_config(5). See /var/log/authlog after a failed connection for information that will help track down these issues.

2014/06/12 - nginx(8) syslog logging config change

The configuration options for logging to syslog in nginx(8) have changed (external patch now replaced by a backported patch from newer nginx). If you have enabled these options in /etc/nginx/nginx.conf (not used by default), you will need to update them; e.g.
	error_log  syslog:server=unix:/dev/log,severity=notice;
	access_log syslog:server=unix:/dev/log,severity=notice main;

2014/06/13 - changes to minherit(2) and new getentropy(2)

Some upcoming changes are being pushed into the kernel over a few days. Update a new kernel and userland now, to avoid failure.

2014/06/23 - [ports] Bacula packaging changes

Bacula has been split into subpackages for different database backends. Users of the recommended PostgreSQL backend won't need to make any changes; users of other backends should run uninstall Bacula and then add it again with pkg_add, selecting the preferred database backend from the list offered.

2014/06/30 - strict nat-to/rdr-to translation pool checks

pfctl(8) will now raise an error for a range of ambiguous nat-to and rdr-to specifications. In particular, when a translation pool contains entries with different address families such as { ::1 } or entries that when expanded result in similar specifications: for example nat-to em0 may expand to an IPv4 and an IPv6 addresses.

2014/07/09 - relayd(8) filter grammar changed

The ability to filter HTTP connections in relayd(8) has been reimplemented. relayd.conf(5) syntax has changed; the "tag" keyword in the redirect section has been renamed to "pftag" and various HTTP-specific configuration directives in the protocol section have been replaced with new generic filter rules.

The port sysutils/relayd-updateconf is provided to convert the old configuration directives to the new filter grammar. It is provided as a convenience, but the resulting file must be inspected for correctness.

2014/07/10 - ifconfig(8) ABI break

ifconfig(8) now shows whether an encrypted wifi network is using WEP or WPA. Old ifconfig binaries running on a new kernel will not be able to scan for wireless networks:
	ifconfig: SIOCG80211ALLNODES: Inappropriate ioctl for device
Upgrading from snapshots is recommended. When upgrading from source, ifconfig should be recompiled with new net80211 headers after upgrading the kernel:
	cd /usr/src
	make includes
	cd /usr/src/sbin/ifconfig
	make clean
	make obj
	make depend
	make install

2014/07/11 - IPv6 autoconf changes

The sysctl to globally accept IPv6 router advertisements has been replaced with a per-interface "AUTOCONF6" flag, set by "ifconfig <if> inet6 autoconf".

This is set automatically on a given interface where rtsol/rtsold is used, so for typical use cases no changes will be needed, however rare configurations which do not use rtsol but just rely on the periodic announcements will need to manually set this flag.

If you upgrade from source and depend on rtsol for network access to work after rebooting the new kernel, then install new headers, rebuild rtsol/rtsold/ifconfig and apply revision 1.141 to /etc/netstart before the reboot.

For pppoe(4) interfaces, IPV6CP negotiation will only occur if an interface has an IPv6 address. This can be done with "ifconfig pppoe0 inet6 eui64" or a hostname.pppoe0 entry like "inet6 eui64".

2014/07/13 - Addition of sendsyslog(2) system call

The syslog_r(3) function has been switched over to rely on the sendsyslog(2) system call introduced around 2014/07/10.

A kernel containing the system call is required perhaps even for getting single user; so use of upgrades is recommended.

2014/07/16 - lynx(1) moved to ports

Lynx has been removed from the base system and has been moved to ports. The following files and directories should be deleted (the latter is optional; if you plan to install Lynx from packages you may prefer to keep it).
	rm -f /usr/bin/lynx
	rm -f /usr/share/man/man1/lynx.1
	rm -rf /usr/share/doc/html/lynx_help
	rm -f /etc/lynx.cfg
To install Lynx from packages:
	pkg_add lynx

2014/07/22 - [ports] Increased file descriptor use in KDE4

Some KDE4 components (kded4, Akonadi, Digikam database and others) now monitor directories for changes via kqueue(2). This saves CPU time, but kqueue requires one file descriptor per monitored file. Thus limits for system (kern.maxfiles sysctl) and/or process (openfiles in login.conf(5)) need to be adjusted:

2014/07/23 - Changes to /etc infrastructure

Many sample configuration files have moved from /etc to /etc/examples; if wishing to configure the relevant software on a new system, you could copy the file (use -p to preserve permissions), or create a new file from scratch with correct ownership and permissions. sysmerge will warn when an example file has changed and a matching file under /etc exists, so that the admin can check if the modifications apply to his setup.

Some files which may have local modifications, notably /etc/rc and /etc/netstart, have been moved from the etc*.tgz file set to the base*.tgz file set. If you are reliant on services started from modified versions of these files to login, you will need to take action before upgrading.

The installation instructions with many ports have suggested using the following method to add to the "pkg_scripts" or "syslogd_flags" variables:

	pkg_scripts="${pkg_scripts} somescript"
This is no longer supported. You must replace these with one long pkg_scripts line - continuation lines are not possible. Recent changes to the syslog(3) function calls have removed the need for additional log sockets in most cases, so in general lines like this can be removed:
	syslogd_flags="${syslogd_flags} -a /path/to/dev/log"
After upgrading, be sure to run sysmerge(8) to update files from the etc56.tgz set, notably rc.conf. Changes to /etc/rc depend on having up-to-date versions of these files. Seeing the message "no closing quote" during system startup is an indication that these files have not been updated.

2014/07/27 - [ports] rc scripts of both apache webservers renamed

The rc scripts of the apache-httpd-openbsd and apache-httpd packages had been renamed from httpd to apache resp. httpd2 to apache2, to avoid conflicts with the base httpd. If you're running one or both of them, you have to replace "httpd" by "apache" in your pkg_scripts and httpd?_flags entries in rc.conf.local, and use the new names in any cronjobs or scripts which restart Apache (e.g. for log rotation).

After upgrading the apache-httpd-openbsd package, you'll also have to reinstate the rc script of the base http, which pkg_add(1) has moved out of the way, and you should remove partial package probably left around:

	mv -i /etc/rc.d/httpd.* /etc/rc.d/httpd
	pkg_delete partial-apache-httpd-openbsd

2014/08/13 - X resources files moved to /usr/X11R6/share/X11/

The X resource files have moved their installation directory from /etc/X11/app-defaults/ to /usr/X11R6/share/X11/app-defaults/ /etc/X11/app-defaults stays 1st in the libXt search path so, people and ports can put customized versions there if needed. If you didn't customize the versions in /etc/X11/app-defaults, they should be removed to avoid future issues when one file changes:
	cd /etc/X11/app-defaults
	rm Beforelight Bitmap Bitmap-color Bitmap-nocase Chooser Clock-color 
	rm Editres Editres-color KOI8RXTerm SshAskpass UXTerm Viewres
	rm Viewres-color XCalc XCalc-color XClipboard XClock
	rm XClock-color XConsole XFontSel XLoad XLock XLogo
	rm XLogo-color XMore XSm XTerm XTerm-color Xedit
	rm Xedit-color Xfd Xgc Xgc-color Xmag Xman Xmessage
	rm Xmessage-color Xsystrace Xvidtune

2014/08/22 - BIND has moved to ports

named(8) a.k.a. BIND has been removed from the base OS. In many cases, unbound(8) and nsd(8) will make good replacements, however users with some configurations (for example split horizon DNS) may find it simpler to continue with BIND (which is available in packages). The old binaries and manual pages should be removed:
	rm -f /etc/rc.d/named
	rm -f /usr/sbin/dnssec-keygen
	rm -f /usr/sbin/dnssec-signzone
	rm -f /usr/sbin/named
	rm -f /usr/sbin/named-checkconf
	rm -f /usr/sbin/named-checkzone
	rm -f /usr/sbin/nsupdate
	rm -f /usr/sbin/rndc
	rm -f /usr/sbin/rndc-confgen
	rm -f /usr/share/man/man5/named.conf.5
	rm -f /usr/share/man/man5/rndc.conf.5
	rm -f /usr/share/man/man8/dnssec-keygen.8
	rm -f /usr/share/man/man8/dnssec-signzone.8
	rm -f /usr/share/man/man8/named.8
	rm -f /usr/share/man/man8/named-checkconf.8
	rm -f /usr/share/man/man8/named-checkzone.8
	rm -f /usr/share/man/man8/nsupdate.8
	rm -f /usr/share/man/man8/rndc-confgen.8
	rm -f /usr/share/man/man8/rndc.8
If you would like to move to BIND from packages, install it:
	pkg_add isc-bind
This will run as a different user id ("_bind" instead of "named"), so check that file and directory permissions permit access - in many cases, this should work:
	find /var/named -group named -print0 | xargs -r0 chgrp _bind
To enable startup at boot time:
	rcctl enable isc_named
Caution: as this is from a package, it will start relatively late in the boot process, so if you normally have 'nameserver' or similar in resolv.conf and require working name resolution during system startup, you may need to make alternative arrangements. Options include running unbound on localhost only, or adding a fallback server to /etc/resolv.conf.

2014/08/26 - openssl(1) has moved to /usr/bin

The openssl(1) binary has moved from /usr/sbin to /usr/bin. As such, the old binary should be removed:
	rm -f /usr/sbin/openssl

2014/08/26 - nginx has moved to ports

nginx(8) has been removed from the base OS. The old binaries and manual pages should be removed:
	rm -f /etc/rc.d/nginx
	rm -f /usr/sbin/nginx
	rm -f /usr/share/man/man8/nginx.8
	rm -f /usr/share/man/man5/nginx.conf.5
If you would like to move to nginx from packages, install it:
	pkg_add nginx
To enable startup at boot time:
	rcctl enable nginx
Caution: as the nginx package is using the same rc.d script that was used by the base system it is mandatory to remove the old nginx rc.d script to avoid installation issues of the nginx packages.

2014/08/29 - puppetdb split single config file into multiple files

With puppetdb-2.1.0p1 the single puppetdb.ini file was split into multiple .ini files. The configuration needs to be adapted after upgrade. More information in the puppetdb package README.

2014/09/08 - procfs removed

procfs has been removed, thus the binary and manual page should be deleted:
	rm -f /sbin/mount_procfs
	rm -f /usr/share/man/man8/mount_procfs.8

2014/09/15 - sendmail removed

sendmail has been removed, thus several binaries, libraries, headers, manual pages and configuration files should be deleted:
	rm -rf /usr/include/libmilter
	rm -rf /usr/libdata/perl5/site_perl/`uname -p`-openbsd/libmilter
	rm -rf /usr/libexec/sendmail
	rm -rf /usr/share/sendmail
	rm -f /etc/mail/{README,access,access.db,genericstable,genericstable.db}
	rm -f /etc/mail/{helpfile,local-host-names,localhost.cf,mailertable}
	rm -f /etc/mail/{mailertable.db,relay-domains,sendmail.cf,submit.cf}
	rm -f /etc/mail/{trusted-users,virtusertable,virtusertable.db}
	rm -f /etc/rc.d/sendmail
	rm -f /usr/lib/{libmilter.a,libmilter.so.3.0,libmilter_p.a}
	rm -f /usr/libexec/smrsh
	rm -f /usr/sbin/{editmap,mailstats,praliases}
	rm -f /usr/share/man/man1/{hoststat.1,praliases.1,purgestat.1}
	rm -f /usr/share/man/man8/{editmap.8,mailq.8,mailstats.8,smrsh.8}
	rm -f /var/log/sendmail.st

	rmdir /usr/libexec/sm.bin
        rm -rf /var/spool/clientmqueue
        rm -rf /var/spool/mqueue

        userdel smmsp
	groupdel smmsp

2014/09/19 - rc.conf(8) moved to the base set

/etc/rc.conf has moved away from the etc to the base set.

Effectively this means that:
any manual changes made to /etc/rc.conf will be lost at next upgrade. If such changes were made, they must be merged into /etc/rc.conf.local.

Note that a backup version of rc.conf(8) can be found under /var/backups/.

2014/09/25 - [ports] collectd updated to 5.4.1

sysutils/collectd has been updated to version 5.4.1, users of previous 4.10.1 version should review this upgrade guide to migrate their existing setups.

2014/10/13 - lkm removed

The lkm interface has been removed, thus several binaries and manual pages and the lkm directory should be deleted:
	rm -rf /usr/lkm /usr/share/lkm /dev/lkm
	rm -f /usr/bin/modstat
	rm -f /sbin/mod{,un}load
	rm -f /usr/share/man/man8/mod{stat,load,unload}.8
	rm -f /usr/share/man/man4/lkm.4
	rm -f /usr/share/mk/bsd.lkm.mk /usr/include/sys/lkm.h

2014/10/30 - [ports] symon package split

The split between subpackages for symon has been adjusted. Depending on which subpackage you installed previously, you may lose the "symux" monitor after a pkg_add -u, if so, just run "pkg_add symux".

2014/10/31 - libressl renamed to libtls

The libressl library has been renamed to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). There are several files that should be removed post update:
	rm -f /usr/include/ressl.h
	rm -f /usr/lib/libressl.*
	rm -f /usr/share/man/man3/ressl_*

2014/10/31 - [ports] sendmail port uid/gid change

The uid and gid used by the enqueuer have changed.
	/etc/rc.d/sendmail stop
	groupmod -g 745 _smmsp
	usermod -u 745 -g 745 _smmsp
	chown -R _smmsp:_smmsp /var/spool/clientmqueue
	chgrp _smmsp /usr/local/libexec/sendmail/sendmail
	chmod g+s /usr/local/libexec/sendmail/sendmail
	/etc/rc.d/sendmail start

$OpenBSD: current.html,v 1.565 2014/10/31 15:56:57 jca Exp $