Annotation of www/56.html, Revision 1.60
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.6</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 5.6">
7: <meta name="copyright" content="This document copyright 2014 by OpenBSD.">
1.59 sthen 8: <link rel="canonical" href="http://www.openbsd.org/56.html">
1.1 deraadt 9: </head>
10:
11: <body bgcolor="#ffffff" text="#000000" link="#24248E">
12:
13: <a href="index.html">
14: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
15: <p>
16:
1.20 deraadt 17: <a href="images/CaptainTedu.jpg">
18: <img align="left" width="227" height="343" hspace="24" src="images/CaptainTedu.jpg"></a>
1.1 deraadt 19: <h2><font color="#0000e0">OpenBSD 5.6</font></h2>
20: <p>
1.54 deraadt 21: Released Nov 1, 2014<br>
1.1 deraadt 22: Copyright 1997-2014, Theo de Raadt.<br>
23: <font color="#e00000">ISBN 978-0-9881561-4-2</font>
24: <br>
1.20 deraadt 25: <a href="lyrics.html#56">5.6 Song: "Ride of the Valkyries"</a>
1.1 deraadt 26: <p>
27:
28: <ul>
1.22 deraadt 29: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
1.1 deraadt 30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <font color="#e00000">pub/OpenBSD/5.6/</font> directory on
33: one of the mirror sites.
34: <li>Have a look at <a href="errata56.html">the 5.6 errata page</a> for a list
35: of bugs and workarounds.
36: <li>See a <a href="plus56.html">detailed log of changes</a> between the
37: 5.5 and 5.6 releases.
38: <p>
1.10 deraadt 39: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br>
1.57 tedu 40: <pre>
41: base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV
42: fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw
43: pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb
44: </pre>
1.1 deraadt 45: </ul>
46: <br clear=all>
47: All applicable copyrights and credits can be found in the applicable
48: file sources found in the files src.tar.gz, sys.tar.gz,
49: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
50: distribution files used to build packages from the ports.tar.gz file
51: are not included on the CDROM because of lack of space.
52: <p>
53:
54: <a name="new"></a>
55: <hr>
56: <p>
57: <h3><font color="#0000e0">What's New</font></h3>
58: <p>
59: This is a partial list of new features and systems included in OpenBSD 5.6.
60: For a comprehensive list, see the <a href="plus56.html">changelog</a> leading
61: to 5.6.
62: <p>
63:
1.46 lteo 64: <ul>
1.49 lteo 65: <li>LibreSSL
66: <ul>
1.54 deraadt 67: <li>This release forks OpenSSL into
68: <a href="http://www.libressl.org">LibreSSL</a>, a version of the TLS/crypto
1.49 lteo 69: stack with goals of modernizing the codebase, improving security, and
70: applying best practice development processes.
71: <li>No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms,
72: as well as antique compilers.
73: <li>Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP,
74: CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is
75: irrelevant, or because they require external non-free libraries to work.
76: <li>No support for FIPS-140 compliance.
77: <li>No EBCDIC support.
1.50 sthen 78: <li>No support for big-endian i386 and amd64 platforms.
1.49 lteo 79: <li>Use standard routines from the C library (malloc, strdup, snprintf...)
80: instead of rolling our own, sometimes badly.
81: <li>Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for
82: all the entropy needs.
83: <li>Remove the MD2 and SEED algorithms.
84: <li>Remove J-PAKE, PSK and SRP (mis)features.
85: <li>Aggressive cleaning of BN memory when no longer used.
86: <li>No support for Kerberos.
87: <li>No support for SSLv2.
88: <li>No support for the questionable DTLS heartbeat extension.
89: <li>No support for TLS compression.
90: <li>No support for US-Export SSL ciphers.
91: <li>Do not use the current time as a random seed in libssl.
92: <li>Support for ChaCha and Poly1305 algorithm.
93: <li>Support for Brainpool and ANSSI elliptic curves.
94: <li>Support for AES-GCM and ChaCha20-Poly1305 AEAD modes.
95: </ul>
96: <p>
97:
1.1 deraadt 98: <li>Improved hardware support, including:
99: <ul>
1.13 dlg 100: <li>SCSI Multipathing support via <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/mpath.4">mpath(4)</a> and associated path drivers on several architectures.
1.24 stsp 101: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/qlw.4">qlw(4)</a> driver for QLogic ISP SCSI HBAs.
1.38 brad 102: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/qla.4">qla(4)</a> driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs.
1.24 stsp 103: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/upd.4">upd(4)</a> sensor driver for USB Power Devices (UPS).
1.26 jsg 104: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/brswphy.4">brswphy(4)</a> driver for Broadcom BCM53xx 10/100/1000TX Ethernet PHYs.
105: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/uscom.4">uscom(4)</a> driver for simple USB serial adapters.
1.24 stsp 106: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/axen.4">axen(4)</a> driver for ASIX Electronics AX88179 10/100/Gigabit USB Ethernet devices.
107: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/inteldrm.4">inteldrm(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/radeondrm.4">radeondrm(4)</a> drivers have improved suspend/resume support.
108: <li>The userland interface for the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/agp.4">agp(4)</a> driver has been removed.
109: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/rtsx.4">rtsx(4)</a> driver now supports card readers based on the RTS5227 and RTL8402 chipsets.
110: <li>The firmware for the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/run.4">run(4)</a> driver has been updated to version 0.33.
111: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/run.4">run(4)</a> driver now supports devices based on the RT3900E chipset.
112: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/zyd.4">zyd(4)</a> driver, which was broken for some time, has been fixed.
113: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bwi.4">bwi(4)</a> driver now works in systems with more than 1GB of RAM.
1.31 brad 114: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/re.4">re(4)</a> driver now supports devices based on the RTL8168EP/8111EP, RTL8168G/8111G, and RTL8168GU/8111GU chipsets.
1.1 deraadt 115: </ul>
116: <p>
117:
118: <li>Generic network stack improvements:
119: <ul>
1.19 lteo 120: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/divert.4">divert(4)</a> now supports checksum offload.
1.25 stsp 121: <li>IPv6 is now turned off on new interfaces by default. Assigning an IPv6 address will enable IPv6 on an interface.
122: <li>Support for RFC4620 IPv6 Node Information Queries has been removed.
123: <li>The kernel no longer supports the SO_DONTROUTE socket option.
124: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/getaddrinfo.3">getaddrinfo(3)</a> function now supports the AI_ADDRCONFIG flag defined in RFC 3493.
125: <li>Include router alert option (RAO) in IGMP packets, as required by RFC2236.
1.36 lteo 126: <li>ALTQ has been removed.
1.42 yasuoka 127: <li>The hash table for Protocol Control Block (PCB) of TCP and UDP now resize automatically on load.
1.1 deraadt 128: </ul>
129: <p>
130:
1.45 deraadt 131: <li>Installer improvements:
132: <ul>
133: <li>Remove ftp and tape as install methods.
134: <li>Preserve the disklabel (and next 6 blocks) when installing boot block on
135: 4k-sector disk drives.
136: <li>Change the "Server?" question to "HTTP Server?" to allow unambiguous <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/autoinstall.8">autoinstall(8)</a> handling.
137: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/autoinstall.8">autoinstall(8)</a> to fetch and install sets from multiple locations.
1.46 lteo 138: <li>Many sample configuration files have moved from /etc to /etc/examples.
1.45 deraadt 139: </ul>
140: <p>
141:
1.1 deraadt 142: <li>Routing daemons and other userland network improvements:
143: <ul>
1.19 lteo 144: <li>When used with the -v flag, <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a> now shows the actual bad checksum within the IP/protocol header itself and what the good checksum should be.
145: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ftp.1">ftp(1)</a> now allows its User-Agent to be changed via the -U command-line option.
1.25 stsp 146: <li>The -r option of <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ping.8">ping(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/traceroute.8">traceroute(8)</a> has been removed.
147: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ifconfig.8">ifconfig(8)</a> can now explicitly assign an IPv6 link-local address and turn IPv6 autoconf on or off.
148: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ifconfig.8">ifconfig(8)</a> has been made smarter about parsing WEP keys on the command line.
149: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ifconfig.8">ifconfig(8)</a> scan now shows the encryption type of wireless networks (WEP, WPA, WPA2, 802.1x).
150: <li>MS-CHAPv1 (RFC2433) support has been removed from <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/pppd.8">pppd(8)</a>.
1.43 lteo 151: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/traceroute6.8">traceroute6(8)</a>
152: has been merged into
153: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/traceroute.8">traceroute(8)</a>.
154: <li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/asr_run.3">asr API</a>
155: for asynchronous address resolution and nameserver querying is now public.
1.44 lteo 156: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/pflow.4">pflow(4)</a>'s
157: pflowproto 9 has been removed.
158: <li>The userland ppp(8) daemon and its associated PPPoE helper, pppoe(8), have been removed.
1.46 lteo 159: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/snmpd.8">snmpd(8)</a>,
160: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/snmpctl.8">snmpctl(8)</a>, and
161: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>
162: now communicate via the AgentX protocol.
163: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>
164: has a new filtering subsystem, where the new configuration language uses last-matching pf-like rules.
165: <li>The new
166: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>
167: filter rules now support URL-based relaying.
168: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>
169: now uses privilege separation for private keys. This acts as an additional mitigation to
170: prevent leakage of the private keys from the processes doing SSL/TLS.
171: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8">httpd(8)</a>
172: HTTP server with FastCGI and SSL support.
1.1 deraadt 173: </ul>
174: <p>
175:
1.27 gilles 176: <li>OpenSMTPD 5.4.3 (includes changes to 5.4.2):
1.1 deraadt 177: <ul>
1.27 gilles 178: <li>New/changed features:
179: <ul>
180: <li>OpenSMTPD replaces Sendmail as the default MTA.
181: <li>Queue process now runs under a different user for better isolation.
182: <li>Merged MDA, MTA and SMTP processes into a single unprivileged process.
183: <li>Killed the MFA process, it is no longer needed.
184: <li>Added support for email addresses lookups in the
185: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/table.5?query=table">table_db</a> backend.
1.35 pascal 186: <li>Added RSA privilege separation support to prevent possible private key leakage.
1.27 gilles 187: </ul>
188: <li>The following significant bugs have been fixed in this release:
189: <ul>
190: <li>Minor bug fixes in some corner cases of the routing logic.
191: <li>The enqueuer no longer adds its own User-Agent.
192: <li>Disabled profiling code, allowing all processes to rest rather than waking up every second.
193: <li>Reworked the purge task to avoid disk-hits unless necessary... only once at startup.
194: <li>Fix various header parsing bugs in the local enqueuer.
195: <li>Assorted minor fixes and code cleanups.
196: </ul>
1.1 deraadt 197: </ul>
198: <p>
199:
200: <li>Security improvements:
201: <ul>
1.2 pascal 202: <li>Changed the heuristics of the stack protector to also protect functions with local array definitions and references to local frame addresses. This matches the -fstack-protector-strong option of upstream GCC.
203: <li>Position-independent executables (PIE) are now used by default on powerpc.
204: <li>Removed Kerberos.
1.28 tedu 205: <li>Default bcrypt hash type is now $2b$.
206: <li>Remove md5crypt support.
207: <li>Improved easier to use bcrypt API is now available.
208: <li>Increase randomness of random mmap mappings.
1.26 jsg 209: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2">getentropy(2)</a>.
210: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/timingsafe_memcmp.3">timingsafe_memcmp(3)</a>.
1.44 lteo 211: <li>Removed the MD4 hash algorithm and functions from
212: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cksum.1">cksum(1)</a>,
213: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/skey.1">S/Key</a>,
214: and libc.
1.46 lteo 215: <li>gets(3) has been removed.
1.47 lteo 216: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/reallocarray.3">reallocarray(3)</a>,
217: which allows multiple sized objects to be allocated without the cost of
218: clearing memory while avoiding possible integer overflows.
219: <li>Extended <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/fread.3">fread(3)</a> and
220: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/fwrite.3">fwrite(3)</a>
221: to check for integer overflows.
1.2 pascal 222: </ul>
223: <p>
224:
225: <li>Assorted improvements:
226: <ul>
1.3 espie 227: <li>locate databases for both base and xenocara, as
228: <code>/usr/lib/locate/src.db</code> and
229: <code>/usr/X11R6/lib/locate/xorg.db</code>.
230: <li>Much faster package updates, due to package contents reordering that
231: precludes re-downloading unchanged files.
1.16 krw 232: <li>Fix many programs that failed when accessing disks having sector sizes other than 512 bytes, including
233: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/badsect.8">badsect(8)</a>,
234: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/df.1">df(1)</a>,
235: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dump.8">dump(8)</a>,
236: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dumpfs.8">dumpfs(8)</a>,
237: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fsck_ext2fs.8">fsck_ext2fs(8)</a>,
238: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fsck_ffs.8">fsck_ffs(8)</a>,
239: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fsdb.8">fsdb(8)</a>,
240: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/growfs.8">growfs(8)</a>,
241: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ncheck_ffs.8">ncheck_ffs(8)</a>,
242: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/quotacheck.8">quotacheck(8)</a>,
243: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tunefs.8">tunefs(8)</a>.
1.17 krw 244: <li>Constrain MSDOS timestamps to 1/1/1980 through 12/31/2107. 64-bit
245: time_t values outside that range are stored as 1/1/1980.
1.37 lteo 246: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man6/bs.6">bs(6)</a> now prints a battleship splash screen.
1.44 lteo 247: <li>rcp, rsh, rshd, rwho, rwhod, ruptime, asa, bdes, fpr, mkstr, page, spray, xstr, oldrdist, fsplit, uyap, and bluetooth have been removed.
248: <li>rmail(8) and uucpd(8) have been removed from the base system and added to the ports tree.
249: <li>Lynx has been removed from the base system and added to the ports tree.
250: <li>TCP Wrappers have been removed.
1.37 lteo 251: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/atexit.3">atexit(3)</a> recursive handlers.
1.17 krw 252: <li>Enhance
253: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/disklabel.8">disklabel(8)</a> to recover filesystem mountpoint information when reading saved ascii labels.
1.18 krw 254: <li>Properly handle
255: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/msgbuf_write.3">msgbuf_write(3)</a> EOF conditions, including uses in
256: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1">tmux(1)</a>,
257: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dvmrpd.8">dvmrpd(8)</a>,
258: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldapd.8">ldapd(8)</a>,
259: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8">ldpd(8)</a>,
260: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ospf6d.8">ospf6d(8)</a>,
261: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ospfd.8">ospfd(8)</a>,
262: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/relayd.8">relayd(8)</a>,
263: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ripd.8">ripd(8)</a>,
264: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/smtpd.8">smtpd(8)</a>,
265: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ypldap.8">ypldap(8)</a>.
1.21 krw 266: <li>Constrain <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fdisk.8">fdisk(8)</a> '-l' to disk sizes of 64 blocks or more.
267: <li>Sync <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/fdisk.8">fdisk(8)</a> built-in MBR with current /usr/mdec/mbr.
268: <li>Quiet <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dhclient.8">dhclient(8)</a> '-q' even more.
269: <li>Log less redundant <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dhclient.8">dhclient(8)</a> info.
270: <li>New leases, lease renewals, cable state changes more obvious to applications monitoring <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dhclient.8">dhclient(8)</a> files.
271: <li>Preserve chronological order of leases in the <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/dhclient.leases.5">dhclient.leases(5)</a> leases files.
272: <li>Use 'lease {}' statements in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/dhclient.conf.5">dhclient.conf(5)</a>, allowing interfaces to get an address when no dynamic lease is available.
273: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dhclient.8">dhclient(8)</a> parsing and printing of classess static routes.
274: <li>Eliminate unnecessary rewrites of <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/resolv.conf.5">resolv.conf(5)</a> by <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dhclient.8">dhclient(8)</a>.
1.40 guenther 275: <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/sendsyslog.2">sendsyslog(2)</a>: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/syslog.3">syslog(3)</a> now works even when out of file descriptors or in a chroot.
1.26 jsg 276: <li>Added
277: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/errc.3">errc(3)</a>,
278: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/verrc.3">verrc(3)</a>,
279: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/warnc.3">warnc(3)</a> and
280: <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/vwarnc.3">vwarnc(3)</a>.
1.30 mlarkin 281: <li>Faster hibernate/unhibernate performance on amd64 and i386 platforms.
282: <li>Support hibernating to <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4">softraid(4)</a> crypto volumes.
1.40 guenther 283: <li>Improved performance of <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/seekdir.3">seekdir(3)</a> to start of current buffer.
284: <li>Added <endian.h> per the revision of the POSIX spec in progress.
1.43 lteo 285: <li>Apache has been removed.
286: <li>Read support for ext4 filesystems.
1.47 lteo 287: <li>Reworked mplocks as ticket locks instead of spinlocks on amd64, i386, and sparc64. This provides fairer access to the kernel lock between logical CPUs, especially in multi socket systems.
1.1 deraadt 288: </ul>
289: <p>
290:
1.2 pascal 291: <li>OpenSSH 6.7
1.1 deraadt 292: <ul>
1.14 sobrado 293: <li>Potentially-incompatible changes:
1.1 deraadt 294: <ul>
1.14 sobrado 295: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
296: The default set of ciphers and <i>MAC</i>s has been altered to remove
297: unsafe algorithms. In particular, <i>CBC ciphers</i> and
298: <i>arcfour*</i> are disabled by default.
299: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
300: Support for <i>tcpwrappers</i>/<i>libwrap</i> has been removed.
301: <li>OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
302: using the "curve25519-sha256@libssh.org" <i>KEX exchange method</i>
303: to fail when connecting with something that implements the
304: specification correctly. OpenSSH 6.7 disables this KEX method when
305: speaking to one of the affected versions.
1.1 deraadt 306: </ul>
307: <li>New/changed features:
308: <ul>
1.14 sobrado 309: <li>Major internal refactoring to begin to make part of OpenSSH usable
310: as a library. So far the wire parsing, key handling and KRL code
311: has been refactored. Please note that we do not consider the API
312: stable yet, nor do we offer the library in separable form.
313: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
314: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
315: Add support for <i>Unix domain socket</i> forwarding. A remote TCP
316: port may be forwarded to a local Unix domain socket and vice versa or
317: both ends may be a Unix domain socket.
318: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
319: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
320: Add support for <i>SSHFP DNS records</i> for <i>Ed2551</i>9 key types.
321: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
322: Allow resumption of interrupted uploads.
323: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
324: When rekeying, skip file/DNS lookups of the hostkey if it is the same
325: as the one sent during initial key exchange. (bz#2154)
326: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
327: Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
328: <tt>GatewayPorts=no</tt>; allows client to choose address family.
329: (bz#2222)
330: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
331: Add a
332: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
333: <tt>PermitUserRC</tt> option to control whether <tt>~/.ssh/rc</tt> is
334: executed, mirroring the <tt>no-user-rc</tt> authorized_keys option.
335: (bz#2160)
336: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
337: Add a %C escape sequence for <tt>LocalCommand</tt> and
338: <tt>ControlPath</tt> that expands to a unique identifer based on a
339: hash of the tuple of (local host, remote user, hostname, port). Helps
340: avoid exceeding miserly pathname limits for Unix domain sockets in
341: multiplexing control paths. (bz#2220)
342: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
343: Make the "Too many authentication failures" message include the user,
344: source address, port and protocol in a format similar to the
345: authentication success/failure messages. (bz#2199)
346: <li>Added <i>unit</i> and <i>fuzz</i> tests for refactored code.
1.1 deraadt 347: </ul>
348: <li>The following significant bugs have been fixed in this release:
349: <ul>
1.14 sobrado 350: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
351: Fix remote forwarding with same listen port but different listen
352: address.
353: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
354: Fix inverted test that caused <i>PKCS#11</i> keys that were explicitly
355: listed in
356: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>
357: or on the commandline not to be preferred.
358: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
359: Fix bug in KRL generation: multiple consecutive revoked certificate
360: serial number ranges could be serialised to an invalid format.
361: Readers of a broken KRL caused by this bug will fail closed, so no
362: should-have-been-revoked key will be accepted.
363: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
364: Reflect stdio-forward ("<tt>ssh -W host:port ...</tt>") failures in
365: exit status. Previously we were always returning 0. (bz#2255)
366: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
367: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
368: Make Ed25519 keys' title fit properly in the randomart border.
369: (bz#2247)
370: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
371: Only cleanup agent socket in the main agent process and not in any
372: subprocesses it may have started (e.g. forked askpass). Fixes agent
373: sockets being zapped when askpass processes <i>fatal()</i>. (bz#2236)
374: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>:
375: Make stdout line-buffered; saves partial output getting lost when
376: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>
377: <i>fatal()</i>s part-way through (e.g. when listing keys from an
378: agent that supports key types that
379: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>
380: doesn't). (bz#2234)
381: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
382: When hashing or removing hosts, don't choke on "@revoked" markers and
383: don't remove "@cert-authority" markers. (bz#2241)
384: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
385: Don't fatal when hostname canonicalisation fails and a
386: <tt>ProxyCommand</tt> is in use; continue and allow the
387: <tt>ProxyCommand</tt> to connect anyway (e.g. to a host with a name
388: outside the DNS behind a bastion).
389: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>:
390: When copying local->remote fails during read, don't send uninitialised
391: heap to the remote end.
392: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
393: Fix fatal "el_insertstr failed" errors when tab-completing filenames
394: with a single quote char somewhere in the string. (bz#2238)
395: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keyscan&sektion=1">ssh-keyscan(1)</a>:
396: Scan for Ed25519 keys by default.
397: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
398: When using <tt>VerifyHostKeyDNS</tt> with a DNSSEC resolver,
399: down-convert any certificate keys to plain keys and attempt SSHFP
400: resolution. Prevents a server from skipping SSHFP lookup and forcing
401: a new-hostkey dialog by offering only certificate keys.
402: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
403: Avoid crash at exit via NULL pointer reference. (bz#2225)
404: <li>Fix some strict-alignment errors.
1.1 deraadt 405: </ul>
406: </ul>
407: <p>
1.41 schwarze 408: <li>mandoc 1.13.0:
409: <ul>
410: <li>New implementation of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apropos&sektion=1">apropos(1)</a>,
411: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whatis&sektion=1">whatis(1)</a>,
412: and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=makewhatis&sektion=8">makewhatis(8)</a> based on SQLite3 databases.
413: <li>Substantial improvements of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mandoc&sektion=1">mandoc(1)</a> error and warning messages.
414: <li>Almost complete implementation of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=roff&sektion=7">roff(7)</a> numerical expressions.
415: <li>About a dozen minor new features and numerous bug fixes.
416: </ul>
1.1 deraadt 417:
1.41 schwarze 418: <p>
1.1 deraadt 419: <li>Ports and packages:
420: <ul>
1.2 pascal 421: <li>Over 8,800 ports.
1.1 deraadt 422: </ul>
423: <p>
424: <li>Many pre-built packages for each architecture:
425: <table border=0 cellspacing=0 cellpadding=2 width="95%">
426: <tr>
427: <td valign="top" width="25%">
428: <ul>
1.32 deraadt 429: <li>i386: 8588
430: <li>sparc64: 7965
431: <li>alpha: 6278
1.53 pirofti 432: <li>sh: 2626
1.1 deraadt 433: </ul></td><td valign=top width="25%"><ul>
1.32 deraadt 434: <li>amd64: 8588
435: <li>powerpc: 8049
1.52 miod 436: <li>m88k: 2475
1.34 deraadt 437: <li>sparc: 3394
1.1 deraadt 438: </ul></td><td valign=top width="25%"><ul>
1.48 deraadt 439: <li>arm: 5633
1.32 deraadt 440: <li>hppa: 6143
1.34 deraadt 441: <li>vax: 1995
1.1 deraadt 442: </ul></td><td valign=top width="25%"><ul>
1.33 deraadt 443: <li>mips64: 4686
1.32 deraadt 444: <li>mips64el: 6697
1.1 deraadt 445: </ul></td></tr></table>
446: <p>
447:
448: <li>Some highlights:
449: <ul>
1.2 pascal 450: <li>GNOME 3.12.2 <li>KDE 3.5.10
1.11 zhuk 451: <li>KDE 4.13.3
1.1 deraadt 452: <li>Xfce 4.10 <li>MySQL 5.1.73
1.2 pascal 453: <li>PostgreSQL 9.3.4 <li>Postfix 2.11.1
454: <li>OpenLDAP 2.3.43 and 2.4.39 <li>Mozilla Firefox 31.0
455: <li>Mozilla Thunderbird 31.0 <li>GHC 7.6.3
456: <li>LibreOffice 4.1.6.2 <li>Emacs 21.4 and 24.3
457: <li>Vim 7.4.135 <li>PHP 5.3.28, 5.4.30 and 5.5.14
458: <li>Python 2.7.8, 3.3.5 and 3.4.1 <li>Ruby 1.8.7.374, 1.9.3.545, 2.0.0.481 and 2.1.2
1.55 kurt 459: <li>Tcl/Tk 8.5.15 and 8.6.1 <li>JDK 1.7.0.55
1.2 pascal 460: <li>Mono 3.4.0 <li>Chromium 36.0.1985.125
461: <li>Groff 1.22.2 <li>Go 1.3
462: <li>GCC 4.6.4, 4.8.3 and 4.9.0 <li>LLVM/Clang 3.5 (20140228)
463: <li>Node.js 0.10.28
1.1 deraadt 464: </ul>
465: <p>
466:
467: <li>As usual, steady improvements in manual pages and other documentation.
468: <p>
469:
470: <li>The system includes the following major components from outside suppliers:
471: <ul>
1.2 pascal 472: <li>Xenocara (based on X.Org 7.7 with xserver 1.15.2 + patches,
473: freetype 2.5.3, fontconfig 2.11.1, Mesa 10.2.3, xterm 309,
474: xkeyboard-config 2.11 and more)
1.1 deraadt 475: <li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.12 lteo 476: <li>Perl 5.18.2 (+ patches)
1.2 pascal 477: <li>Nginx 1.6.0 (+ patches)
478: <li>SQLite 3.8.4.3 (+ patches)
1.1 deraadt 479: <li>Sendmail 8.14.8, with libmilter
480: <li>Bind 9.4.2-P2 (+ patches)
1.12 lteo 481: <li>NSD 4.0.3
1.2 pascal 482: <li>Unbound 1.4.22
1.1 deraadt 483: <li>Sudo 1.7.2p8
484: <li>Ncurses 5.7
485: <li>Binutils 2.15 (+ patches)
486: <li>Gdb 6.3 (+ patches)
1.12 lteo 487: <li>Less 458 (+ patches)
1.1 deraadt 488: <li>Awk Aug 10, 2011 version
489: </ul>
490:
491: </ul>
492:
493: <a name="install"></a>
494: <hr>
495: <p>
496: <h3><font color="#0000e0">How to install</font></h3>
497: <p>
498: Following this are the instructions which you would have on a piece of
499: paper if you had purchased a CDROM set instead of doing an alternate
500: form of install. The instructions for doing an FTP (or other style
501: of) install are very similar; the CDROM instructions are left intact
502: so that you can see how much easier it would have been if you had
503: purchased a CDROM instead.
504: <p>
505:
506: <hr>
507: Please refer to the following files on the three CDROMs or FTP mirror for
508: extensive details on how to install OpenBSD 5.6 on your machine:
509: <p>
510: <ul>
1.8 deraadt 511: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/hppa/INSTALL.alpha">
512: .../OpenBSD/5.6/alpha/INSTALL.alpha (on CD1)</a>
1.1 deraadt 513: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/i386/INSTALL.i386">
514: .../OpenBSD/5.6/i386/INSTALL.i386 (on CD1)</a>
1.8 deraadt 515: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/hppa/INSTALL.hppa">
516: .../OpenBSD/5.6/hppa/INSTALL.hppa (on CD1)</a>
1.1 deraadt 517: <p>
518: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/amd64/INSTALL.amd64">
1.8 deraadt 519: .../OpenBSD/5.6/amd64/INSTALL.amd64 (on CD2)</a>
1.1 deraadt 520: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/macppc/INSTALL.macppc">
1.8 deraadt 521: .../OpenBSD/5.6/macppc/INSTALL.macppc (on CD2)</a>
1.1 deraadt 522: <p>
523: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/sparc64/INSTALL.sparc64">
1.8 deraadt 524: .../OpenBSD/5.6/sparc64/INSTALL.sparc64 (on CD3)</a>
1.1 deraadt 525: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/sparc/INSTALL.sparc">
1.8 deraadt 526: .../OpenBSD/5.6/sparc/INSTALL.sparc (on CD3)</a>
1.1 deraadt 527: <p>
528: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/alpha/INSTALL.alpha">
529: .../OpenBSD/5.6/alpha/INSTALL.alpha</a>
530: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/armish/INSTALL.armish">
531: .../OpenBSD/5.6/armish/INSTALL.armish</a>
532: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/aviion/INSTALL.aviion">
533: .../OpenBSD/5.6/aviion/INSTALL.aviion</a>
534: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/hppa/INSTALL.hppa">
535: .../OpenBSD/5.6/hppa/INSTALL.hppa</a>
536: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/landisk/INSTALL.landisk">
537: .../OpenBSD/5.6/landisk/INSTALL.landisk</a>
538: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/loongson/INSTALL.loongson">
539: .../OpenBSD/5.6/loongson/INSTALL.loongson</a>
540: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/luna88k/INSTALL.luna88k">
541: .../OpenBSD/5.6/luna88k/INSTALL.luna88k</a>
542: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/macppc/INSTALL.macppc">
543: .../OpenBSD/5.6/macppc/INSTALL.macppc</a>
544: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/octeon/INSTALL.octeon">
545: .../OpenBSD/5.6/octeon/INSTALL.octeon</a>
546: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/sgi/INSTALL.sgi">
547: .../OpenBSD/5.6/sgi/INSTALL.sgi</a>
548: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/socppc/INSTALL.socppc">
549: .../OpenBSD/5.6/socppc/INSTALL.socppc</a>
550: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/sparc/INSTALL.sparc">
551: .../OpenBSD/5.6/sparc/INSTALL.sparc</a>
552: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/vax/INSTALL.vax">
553: .../OpenBSD/5.6/vax/INSTALL.vax</a>
554: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.6/zaurus/INSTALL.zaurus">
555: .../OpenBSD/5.6/zaurus/INSTALL.zaurus</a>
556: </ul>
557: <hr>
558:
559: <p>
560: Quick installer information for people familiar with OpenBSD, and the
561: use of the "disklabel -E" command. If you are at all confused when
562: installing OpenBSD, read the relevant INSTALL.* file as listed above!
563: <p>
564:
565: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
566: <ul>
567: Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
568: release is on CD1. If your BIOS does not support booting from CD, you will need
569: to create a boot floppy to install from. To create a boot floppy write
570: <i>CD1:5.6/i386/floppy56.fs</i> to a floppy and boot via the floppy drive.
571:
572: <p>
573: Use <i>CD1:5.6/i386/floppyB56.fs</i> instead for greater SCSI controller
574: support, or <i>CD1:5.6/i386/floppyC56.fs</i> for better laptop support.
575:
576: <p>
1.58 bcallah 577: If your machine can boot from USB, you can write <i>install56.fs</i> or
578: <i>miniroot56.fs</i> to a USB stick and boot from it.
579:
580: <p>
581: If you can't boot from a CD, floppy disk, or USB,
1.1 deraadt 582: you can install across the network using PXE as described in
583: the included INSTALL.i386 document.
584:
585: <p>
586: If you are planning on dual booting OpenBSD with another OS, you will need to
587: read INSTALL.i386.
588:
589: <p>
590: To make a boot floppy under MS-DOS, use the "rawrite" utility located
591: at <i>CD1:5.6/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS,
592: use the
593: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>
594: utility. The following is an example usage of
595: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>,
596: where the device could be "floppy", "rfd0c", or
597: "rfd0a".
598:
599: <ul><pre>
600: # <strong>dd if=<file> of=/dev/<device> bs=32k</strong>
601: </pre></ul>
602:
603: <p>
604: Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
605: your install will most likely fail. For more information on creating a boot
606: floppy and installing OpenBSD/i386 please refer to
607: <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
608: </ul>
609:
610: <p>
611: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
612: <ul>
613: The 5.6 release of OpenBSD/amd64 is located on CD2.
614: Boot from the CD to begin the install - you may need to adjust
615: your BIOS options first.
616: If you can't boot from the CD, you can create a boot floppy to install from.
617: To do this, write <i>CD2:5.6/amd64/floppy56.fs</i> to a floppy, then
618: boot from the floppy drive.
619:
620: <p>
1.58 bcallah 621: If your machine can boot from USB, you can write <i>install56.fs</i> or
622: <i>miniroot56.fs</i> to a USB stick and boot from it.
623:
624: <p>
625: If you can't boot from a CD, floppy disk, or USB,
1.1 deraadt 626: you can install across the network using PXE as described in the included
627: INSTALL.amd64 document.
628:
629: <p>
630: If you are planning to dual boot OpenBSD with another OS, you will need to
631: read INSTALL.amd64.
632: </ul>
633:
634: <p>
635: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
636: <ul>
637: Burn the image from the FTP site to a CDROM, and power on your machine
638: while holding down the <i>C</i> key until the display turns on and
639: shows <i>OpenBSD/macppc boot</i>.
640:
641: <p>
642: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
643: /5.6/macppc/bsd.rd</i>
644: </ul>
645:
646: <p>
647: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
648: <ul>
649: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
650:
651: <p>
652: If this doesn't work, or if you don't have a CDROM drive, you can write
653: <i>CD3:5.6/sparc64/floppy56.fs</i> or <i>CD3:5.6/sparc64/floppyB56.fs</i>
654: (depending on your machine) to a floppy and boot it with <i>boot
655: floppy</i>. Refer to INSTALL.sparc64 for details.
656:
657: <p>
658: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
659: will most likely fail.
660:
661: <p>
662: You can also write <i>CD3:5.6/sparc64/miniroot56.fs</i> to the swap partition on
663: the disk and boot with <i>boot disk:b</i>.
664:
665: <p>
666: If nothing works, you can boot over the network as described in INSTALL.sparc64.
667: </ul>
668:
669: <p>
670: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
671: <ul>
672: <p>Write <i>FTP:5.6/alpha/floppy56.fs</i> or
673: <i>FTP:5.6/alpha/floppyB56.fs</i> (depending on your machine) to a diskette and
674: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
675:
676: <p>
677: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
678: will most likely fail.
679:
680: </ul>
681:
682: <p>
683: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
684: <ul>
685: <p>
686: After connecting a serial port, Thecus can boot directly from the network
687: either tftp or http. Configure the network using fconfig, reset,
688: then load bsd.rd, see INSTALL.armish for specific details.
689: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
690: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
691: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
692: More details are available in INSTALL.armish.
693: </ul>
694:
695: <p>
696: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
697: <ul>
698: <p>
699: Boot over the network by following the instructions in INSTALL.hppa or the
700: <a href="hppa.html#install">hppa platform page</a>.
701: </ul>
702:
703: <p>
704: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
705: <ul>
706: <p>
707: Write <i>miniroot56.fs</i> to the start of the CF
708: or disk, and boot normally.
709: </ul>
710:
711: <p>
712: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
713: <ul>
714: <p>
715: Write <i>miniroot56.fs</i> to a USB stick and boot bsd.rd from it
716: or boot bsd.rd via tftp.
717: Refer to the instructions in INSTALL.loongson for more details.
718: </ul>
719: <p>
720:
721: <p>
722: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
723: <ul>
724: <p>
725: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
726: from the PROM, and the bsd.rd from the bootloader.
727: Refer to the instructions in INSTALL.luna88k for more details.
728: </ul>
729:
730: <p>
731: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
732: <ul>
733: <p>
734: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
735: Refer to the instructions in INSTALL.octeon for more details.
736: </ul>
737:
738: <p>
739: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
740: <ul>
741: <p>
742: To install, burn cd56.iso on a CD-R, put it in the CD drive of your
743: machine and select <i>Install System Software</i> from the System Maintenance
744: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
745: CD-ROM, and need a proper invocation from the PROM prompt.
746: Refer to the instructions in INSTALL.sgi for more details.
747:
748: <p>
749: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
750: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
751: system type. Refer to the instructions in INSTALL.sgi for more details.
752: </ul>
753:
754: <p>
755: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
756: <ul>
757: <p>
758: After connecting a serial port, boot over the network via DHCP/tftp.
759: Refer to the instructions in INSTALL.socppc for more details.
760: </ul>
761:
762: <p>
763: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
764: <ul>
765: Boot from one of the provided install ISO images, using one of the two
766: commands listed below, depending on the version of your ROM.
767:
768: <ul><pre>
769: ok <strong>boot cdrom 5.6/sparc/bsd.rd</strong>
770: or
771: > <strong>b sd(0,6,0)5.6/sparc/bsd.rd</strong>
772: </pre></ul>
773:
774: <p>
775: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
776: To do so you need to write <i>floppy56.fs</i> to a floppy.
777: For more information see <a href="faq/faq4.html#MkFlop">FAQ 4.3.2</a>.
778: To boot from the floppy use one of the two commands listed below,
779: depending on the version of your ROM.
780:
781: <ul><pre>
782: ok <strong>boot floppy</strong>
783: or
784: > <strong>b fd()</strong>
785: </pre></ul>
786:
787: <p>
788: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
789: will most likely fail.
790:
791: <p>
792: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
793: setup a bootable tape, or install via network, as told in the
794: INSTALL.sparc file.
795: </ul>
796:
797: <p>
798: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
799: <ul>
800: Boot over the network via mopbooting as described in INSTALL.vax.
801: </ul>
802:
803: <p>
804: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
805: <ul>
806: <p>
807: Using the Linux built-in graphical ipkg installer, install the
808: openbsd56_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
809: for a few important details.
810: </ul>
811:
812: <p>
813: <h3><font color="#e00000">Notes about the source code:</font></h3>
814: <ul>
815: src.tar.gz contains a source archive starting at /usr/src. This file
816: contains everything you need except for the kernel sources, which are
817: in a separate archive. To extract:
818: <p>
819: <ul><pre>
820: # <strong>mkdir -p /usr/src</strong>
821: # <strong>cd /usr/src</strong>
822: # <strong>tar xvfz /tmp/src.tar.gz</strong>
823: </pre></ul>
824: <p>
825: sys.tar.gz contains a source archive starting at /usr/src/sys.
826: This file contains all the kernel sources you need to rebuild kernels.
827: To extract:
828: <p>
829: <ul><pre>
830: # <strong>mkdir -p /usr/src/sys</strong>
831: # <strong>cd /usr/src</strong>
832: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
833: </pre></ul>
834: <p>
835: Both of these trees are a regular CVS checkout. Using these trees it
836: is possible to get a head-start on using the anoncvs servers as
837: described <a href="anoncvs.html">here</a>.
838: Using these files
839: results in a much faster initial CVS update than you could expect from
840: a fresh checkout of the full OpenBSD source tree.
841: <p>
842: </ul>
843:
844: <a name="upgrade"></a>
845: <hr>
846: <p>
847: <h3><font color="#0000e0">How to upgrade</font></h3>
848: <p>
1.6 deraadt 849: If you already have an OpenBSD 5.5 system, and do not want to reinstall,
1.1 deraadt 850: upgrade instructions and advice can be found in the
851: <a href="faq/upgrade56.html">Upgrade Guide</a>.
852:
853: <a name="ports"></a>
854: <hr>
855: <p>
856: <h3><font color="#0000e0">Ports Tree</font></h3>
857: <p>
858: A ports tree archive is also provided. To extract:
859: <p>
860: <ul><pre>
861: # <strong>cd /usr</strong>
862: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
863: </pre></ul>
864: <p>
865: The <i>ports/</i> subdirectory is a checkout of the OpenBSD ports tree. Go
866: read the <a href="faq/ports/index.html">ports</a> page
867: if you know nothing about ports
868: at this point. This text is not a manual of how to use ports.
869: Rather, it is a set of notes meant to kickstart the user on the
870: OpenBSD ports system.
871: <p>
872: The <i>ports/</i> directory represents a CVS (see the manpage for
873: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
874: cvs(1)</a> if
875: you aren't familiar with CVS) checkout of our ports. As with our complete
876: source tree, our ports tree is available via
877: <a href="anoncvs.html">AnonCVS</a>.
878: So, in order to keep current with it, you must make the <i>ports/</i> tree
879: available on a read-write medium and update the tree with a command
880: like:
881: <p>
882: <ul><pre>
883: # <strong>cd /usr/ports</strong>
1.6 deraadt 884: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_6</strong>
1.1 deraadt 885: </pre></ul>
886: <p>
887: [Of course, you must replace the server name here with a nearby anoncvs
888: server.]
889: <p>
890: Note that most ports are available as packages through FTP. Updated
891: packages for the 5.6 release will be made available if problems arise.
892: <p>
893: If you're interested in seeing a port added, would like to help out, or just
894: would like to know more, the mailing list
895: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
896: <p>
897: </body>
898: </html>