Annotation of www/57.html, Revision 1.107
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.7</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 5.7">
7: <meta name="copyright" content="This document copyright 2015 by OpenBSD.">
1.98 deraadt 8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.100 tb 10: <link rel="canonical" href="https://www.openbsd.org/57.html">
1.1 deraadt 11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
1.98 deraadt 15: <h2>
1.1 deraadt 16: <a href="index.html">
1.98 deraadt 17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
18: <font color="#e00000">5.7</font>
19: </h2>
1.1 deraadt 20:
1.57 deraadt 21: <a href="images/bluefish.jpg">
22: <img align="left" width="227" height="343" hspace="24" vspace="10" src="images/bluefish.jpg"></a>
1.88 deraadt 23: Released May 1, 2015<br>
1.1 deraadt 24: Copyright 1997-2015, Theo de Raadt.<br>
25: <font color="#e00000">ISBN 978-0-9881561-5-9</font>
26: <br>
1.92 deraadt 27: 5.7 Song: <a href="lyrics.html#57">"Source Fish"</a>
1.1 deraadt 28: <p>
29:
30: <ul>
1.105 tj 31: <!--
1.1 deraadt 32: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
1.105 tj 33: -->
1.1 deraadt 34: <li>See the information on <a href="ftp.html">the FTP page</a> for
35: a list of mirror machines.
36: <li>Go to the <font color="#e00000">pub/OpenBSD/5.7/</font> directory on
37: one of the mirror sites.
38: <li>Have a look at <a href="errata57.html">the 5.7 errata page</a> for a list
39: of bugs and workarounds.
40: <li>See a <a href="plus57.html">detailed log of changes</a> between the
41: 5.6 and 5.7 releases.
42: <p>
1.107 ! deraadt 43: <li><a href="https://man.openbsd.org/?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<p>
! 44:
! 45: <table cellspacing=0 style='font-family:monospace'><tr>
! 46: <td>
! 47: openbsd-57-base.pub:
! 48: </td><td>
! 49: RWSvUZXnw9gUb70PdeSNnpSmodCyIPJEGN1wWr+6Time1eP7KiWJ5eAM
! 50: </td></tr><tr><td>
! 51: openbsd-57-fw.pub:
! 52: </td><td>
! 53: RWSuRBL44FVkb2QuvtlwOJmzS9UJtbKZd7GEYcol8HPXu4On/Ct1LoZr
! 54: </td></tr><tr><td>
! 55: openbsd-57-pkg.pub:
! 56: </td><td>
! 57: RWTJ1iHLn/zcvJJSbxJIEU9ChlfAlU16XoLLxmxciliOFWfTLyOv0vQs
! 58: </td></tr>
! 59: </table>
! 60:
1.98 deraadt 61: <p>
62: All applicable copyrights and credits are in the src.tar.gz,
63: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
64: files fetched via ports.tar.gz.
1.1 deraadt 65: </ul>
66: <br clear=all>
1.98 deraadt 67:
68: <hr>
1.1 deraadt 69:
70: <a name="new"></a>
71: <h3><font color="#0000e0">What's New</font></h3>
72: <p>
73: This is a partial list of new features and systems included in OpenBSD 5.7.
74: For a comprehensive list, see the <a href="plus57.html">changelog</a> leading
75: to 5.7.
76: <p>
77:
78: <ul>
79: <li>Improved hardware support, including:
80: <ul>
1.103 tb 81: <li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/xhci.4?query=xhci&sec=4">xhci(4)</a> driver for USB 3.0 host controllers.
82: <li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/umcs.4?query=umcs&sec=4">umcs(4)</a> driver for MosChip Semiconductor 78x0 USB multiport serial adapters.
83: <li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/i386/skgpio.4?query=skgpio&sec=4">skgpio(4)</a> driver for Soekris net6501 GPIO and LEDs.
84: <li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/uslhcom.4?query=uslhcom&sec=4">uslhcom(4)</a> driver for Silicon Labs CP2110 USB HID based UART.
85: <li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/nep.4?query=nep&sec=4">nep(4)</a> driver for Sun Neptune 10Gb Ethernet devices.
86: <li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/iwm.4?query=iwm&sec=4">iwm(4)</a> driver for Intel 7260, 7265, and 3160 wifi cards.
87: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/rtsx.4?query=rtsx&sec=4">rtsx(4)</a> driver now supports RTS5227 and RTL8411B card readers.
88: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/bge.4?query=bge&sec=4">bge(4)</a> driver now supports jumbo frames on various additional BCM57xx chipsets.
89: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ciss.4?query=ciss&sec=4">ciss(4)</a> driver now supports HP Gen9 Smart Array/Smart HBA devices.
90: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/mpi.4?query=mpi&sec=4">mpi(4)</a> and <a href="https://man.openbsd.org/OpenBSD-current/man4/mfi.4">mfi(4)</a> drivers now have mpsafe interrupt handlers running without the big lock.
91: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ppb.4?query=ppb&sec=4">ppb(4)</a> driver now supports PCI bridges that support subtractive decoding (fixes PCMCIA behind the ATI SB400 PCI bridge), and devices with 64-bit BARs behind PCI-PCI bridges as seen on SPARC T5-2 systems.
92: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/puc.4?query=puc&sec=4">puc(4)</a> driver now supports Winchiphead CH382 devices.
93: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sdmmc.4?query=sdmmc&sec=4">sdmmc(4)</a> driver now supports eMMC storage devices larger than 2GB.
94: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sdhc.4?query=sdhc&sec=4">sdhc(4)</a> driver can properly resume on Ricoh controllers.
95: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sdhc.4?query=sdhc&sec=4">sdhc(4)</a> driver now supports Ricoh R5U822 and R5U823 card readers.
96: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/mfii.4?query=mfii&sec=4">mfii(4)</a> driver now supports the Megaraid 3008 (Fury) and 3108 (Invader) cards.
97: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/myx.4?query=myx&sec=4">myx(4)</a> driver runs less code under the big lock.
98: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/msk.4?query=msk&sec=4">msk(4)</a> driver now supports Yukon Prime, Yukon Optima 2, Yukon 88E8079, and various EC U and Supreme chipsets.
99: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/umass.4?query=umass&sec=4">umass(4)</a> driver now supports Archos 24y Vision devices.
100: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/athn.4?query=athn&sec=4">athn(4)</a> driver now supports Atheros UB94 devices.
101: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/azalia.4?query=azalia&sec=4">azalia(4)</a> driver now supports Realtek ALC885 codecs and Bay Trail HD Audio devices.
102: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ix.4?query=ix&sec=4">ix(4)</a> driver now supports onboard Ethernet devices in SPARC T5 machines.
103: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/upd.4?query=upd&sec=4">upd(4)</a> driver now handles UPSes with broken report descriptors.
104: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ums.4?query=ums&sec=4">ums(4)</a> driver now supports the USB Tablet device emulated by Qemu.
105: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/umsm.4?query=umsm&sec=4">umsm(4)</a> driver now supports MEDION S4222 devices.
106: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/pciide.4?query=pciide&sec=4">pciide(4)</a> driver now supports Intel C610 chipsets.
107: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ukbd.4?query=ukbd&sec=4">ukbd(4)</a> driver now supports "wellspring" Apple keyboards.
108: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/pms.4?query=pms&sec=4">pms(4)</a> driver now supports click-and-drag with Elantech v4 touchpads.
109: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/umodem.4?query=umodem&sec=4">umodem(4)</a> driver now supports Arduino Leonardo devices.
110: <li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sk.4?query=sk&sec=4">sk(4)</a> driver now supports receive ring scaling.
1.71 dlg 111: <li>Replaced custom jumbo allocators in
1.103 tb 112: <a href="https://man.openbsd.org/OpenBSD-current/man4/sk.4?query=sk&sec=4">sk(4)</a>,
113: <a href="https://man.openbsd.org/OpenBSD-current/man4/nge.4?query=nge&sec=4">nge(4)</a>,
114: <a href="https://man.openbsd.org/OpenBSD-current/man4/lge.4?query=lge&sec=4">lge(4)</a>, and
115: <a href="https://man.openbsd.org/OpenBSD-current/man4/ti.4?query=ti&sec=4">ti(4)</a> with
116: <a href="https://man.openbsd.org/OpenBSD-current/man9/MCLGETI.9?query=MCLGETI&sec=9">MCLGETI(9)</a>.
117: <li>Wireless network scanning problems with the <a href="https://man.openbsd.org/OpenBSD-current/man4/iwn.4?query=iwn&sec=4">iwn(4)</a> driver have been fixed.
118: <li>Support for RS* IGP Radeon devices in the <a href="https://man.openbsd.org/OpenBSD-current/man4/radeondrm.4?query=radeondrm&sec=4">radeondrm(4)</a> driver has been fixed.
1.66 deraadt 119: <li>PowerMac7,2 and PowerMac7,3 can now boot with a multiprocessor kernel.
1.4 stsp 120: </ul>
121: <p>
122:
123: <li>Removed hardware support:
124: <ul>
1.103 tb 125: <li>The <a href="https://man.openbsd.org/OpenBSD-5.6/man4/lofn.4?query=lofn&sec=4">lofn(4)</a> and <a href="https://man.openbsd.org/OpenBSD-5.6/man4/nofn.4?query=nofn&sec=4">nofn(4)</a> drivers for Hifn crypto accelerator devices have been removed.
126: <li>The <a href="https://man.openbsd.org/OpenBSD-5.6/man4/art.4?query=art&sec=4">art(4)</a> driver for Accoom Networks Artery T1/E1 devices has been removed.
127: <li>The <a href="https://man.openbsd.org/OpenBSD-5.6/man4/urio.4?query=urio&sec=4">urio(4)</a> driver for Diamond Multimedia Rio MP3 players has been removed.
1.1 deraadt 128: </ul>
129: <p>
130:
131: <li>Generic network stack improvements:
132: <ul>
1.66 deraadt 133: <li>The routing table is now used for most of the address lookup operations superseding the RB-tree and IPv4 address list.
1.52 lteo 134: <li>The SipHash algorithm is now used for PCB hashing,
1.103 tb 135: <a href="https://man.openbsd.org/OpenBSD-current/man4/trunk.4?query=trunk&sec=4">trunk(4)</a> loadbalancing,
136: <a href="https://man.openbsd.org/OpenBSD-current/man4/pf.4?query=pf&sec=4">pf(4)</a> and
137: <a href="https://man.openbsd.org/OpenBSD-current/man4/bridge.4?query=bridge&sec=4">bridge(4)</a>.
1.52 lteo 138: <li>Traffic destinated to link-local IPv6 addresses can now be seen with
1.103 tb 139: <a href="https://man.openbsd.org/OpenBSD-current/man8/tcpdump.8?query=tcpdump&sec=8">tcpdump(8)</a>.
140: <li>A <a href="https://man.openbsd.org/?query=carp&sektion=4">carp(4)</a> now needs to be configured with an explicit <em>carpdev</em> parent interface.
1.69 dlg 141: <li>The
1.103 tb 142: <a href="https://man.openbsd.org/OpenBSD-current/man9/mbuf.9?query=mbuf&sec=9">mbuf(9)</a>
1.69 dlg 143: layer has been made mpsafe.
144: <li>Introduce mbuf_list and mbuf_queue structures and APIs.
1.71 dlg 145: <li>Support changing the IPv6 input queue length via
1.103 tb 146: <a href="https://man.openbsd.org/?query=sysctl&sektion=1">sysctl(1)</a> and net.inet6.ip6.ifq.
1.1 deraadt 147: </ul>
1.44 deraadt 148: <p>
1.1 deraadt 149:
1.10 rpe 150: <li>Installer improvements:
151: <ul>
152: <li>The <tt>etc</tt> and <tt>xetc</tt> sets are now part of <tt>base</tt> and
1.66 deraadt 153: <tt>xbase</tt> and are not distributed separately anymore. They are extracted
154: from <tt>base</tt> and <tt>xbase</tt> during installation and upgrades.<br>
1.25 tedu 155: <b>Note that this includes the <tt>rc</tt> and <tt>rc.conf</tt> files!</b>
1.10 rpe 156: <li>The installer now supports
1.103 tb 157: <a href="https://man.openbsd.org/OpenBSD-current/man4/trunk.4?query=trunk&sec=4">trunk(4)</a>
1.10 rpe 158: interfaces during upgrades.
159: <li>The discovery of the responsefile location for unattended installation and
1.66 deraadt 160: upgrades has been extended to be more flexible.
1.10 rpe 161: <ul>
1.66 deraadt 162: <li>Ask for the location if DHCP discovery fails for location or mode.
163: <li>Provide a default URL if the 'next-server' DHCP option is found.
1.10 rpe 164: <li>Use <tt>/auto_install.conf</tt> or <tt>/auto_upgrade.conf</tt> if present.
1.66 deraadt 165: <li>Automatically start the installer in unattended mode if either one of these
1.10 rpe 166: files is present when the system boots.
167: </ul>
1.29 krw 168: <li>Ignore hostname.if.* files when upgrading.
169: <li>Configure all physical interfaces before any dynamic interface types (e.g. trunks, vlans) when upgrading.
1.35 krw 170: <li>
1.103 tb 171: <a href="https://man.openbsd.org/?query=fdisk&sektion=8">fdisk(8)</a> now zeros out GPT signatures found when writing out an MBR that has been re-initialized and has no EFI or EFISYS partition.
1.36 krw 172: <li>Fixed manipulation of 'ro' and 'rw' fstab options to avoid damage to other options that happen to contain 'ro' or 'rw'.
1.66 deraadt 173: <li>The ramdisk binary (one binary contains all the commands) is now compiled without optimization and security features. The benefit is a substantial saving in space, allowing more features in the future.
1.10 rpe 174: </ul>
175: <p>
176:
1.1 deraadt 177: <li>Routing daemons and other userland network improvements:
178: <ul>
1.68 deraadt 179: <li>nginx has been removed from base -- use the package if you need it.
180: <li>sliplogin has been removed.
1.80 nick 181: <li>Sendmail has been removed from base -- use the package if you need it.
1.37 sthen 182: <li>IPv6 router solicitations are now sent by the kernel ("inet6 autoconf"); rtsol(8) and rtsold(8) are no longer necessary and have been removed.
1.103 tb 183: <li>Enhancements and bugfixes in <a href="https://man.openbsd.org/?query=arp&sektion=8">arp(8)</a> and <a href="https://man.openbsd.org/?query=ndp&sektion=8">ndp(8)</a>
184: <li>The effects of the AI_ADDRCONFIG flag on <a href="https://man.openbsd.org/?query=getaddrinfo&sektion=3">getaddrinfo(3)</a> results are limited to DNS queries. This avoids erratic behavior with transient network problems, "raw" addresses and localhost entries in <a href="https://man.openbsd.org/?query=hosts&sektion=5">/etc/hosts</a>.
185: <li><a href="https://man.openbsd.org/?query=gethostbyname&sektion=3">gethostbyname(3)</a> now no longer fails when more than 16 addresses/aliases are returned. The original pre-asr limit of 35 has been restored, with additional results being truncated.
186: <li><a href="https://man.openbsd.org/?query=tftp&sektion=1">tftp(1)</a> now supports sending or receiving files larger than 65536 blocks in size.
187: <li><a href="https://man.openbsd.org/?query=tpd&sec=8">ntpd(8)</a> now supports authenticated TLS constraints.
1.1 deraadt 188: </ul>
189: <p>
190:
191: <li>Security improvements:
192: <ul>
1.66 deraadt 193: <li>Stricter enforcement of W^X in the kernel address space, especially on architectures with the right featureset (amd64, in particular, has seen substantial improvements).
1.27 tedu 194: <li>Support for loadable kernel modules has been removed.
1.32 lteo 195: <li>procfs has been removed.
1.103 tb 196: <li>Comprehensive audit of the tree to use the <a href="https://man.openbsd.org/?query=reallocarray&sektion=3">reallocarray(3)</a> idiom throughout.
197: <li>Many conversions from <a href="https://man.openbsd.org/?query=select&sektion=2">select(2)</a> to <a href="https://man.openbsd.org/?query=poll&sektion=2">poll(2)</a>.
1.44 deraadt 198: <li>/var/tmp is now a symbolic link to /tmp, as a first step towards reducing the "fill it up" attack surface against the /var partition.
1.103 tb 199: <li><a href="https://man.openbsd.org/?query=memcpy&sektion=3">memcpy(3)</a> with overlapping arguments now aborts a program (with a syslog report), allowing these problems to be found. Overlapping copies should use <a href="https://man.openbsd.org/?query=memmove&sektion=3">memmove(3)</a>. Sometime after 5.7 release, having learned more about the situation and repairing instances that are discovered by users during release use, we will go back to the optimized version.
1.44 deraadt 200: <li>Change
1.103 tb 201: <a href="https://man.openbsd.org/?query=rand&sektion=3">rand(3)</a>,
202: <a href="https://man.openbsd.org/?query=random&sektion=3">random(3)</a>,
203: <a href="https://man.openbsd.org/?query=drand48&sektion=3">drand48(3)</a>,
204: <a href="https://man.openbsd.org/?query=lrand48&sektion=3">lrand48(3)</a>,
205: <a href="https://man.openbsd.org/?query=mrand48&sektion=3">mrand48(3)</a>,
206: <a href="https://man.openbsd.org/?query=srand48&sektion=3">srand48(3)</a>
1.44 deraadt 207: to return non-deterministic strong random values by default, sourced from
1.103 tb 208: <a href="https://man.openbsd.org/?query=arc4random&sektion=3">arc4random(3)</a>.
1.44 deraadt 209: New functions
1.103 tb 210: <a href="https://man.openbsd.org/?query=srand_deterministic&sektion=3">srand_deterministic(3)</a>,
211: <a href="https://man.openbsd.org/?query=srandom_deterministic&sektion=3">srandom_deterministic(3)</a>,
212: <a href="https://man.openbsd.org/?query=seed48_deterministic&sektion=3">seed48_deterministic(3)</a> and
213: <a href="https://man.openbsd.org/?query=lcong48_deterministic&sektion=3">lcong48_deterministic(3)</a>
1.79 deraadt 214: are added for cases where determinism needs to be requested.
1.66 deraadt 215: <li>At resume (or unhibernate) time, use a variety of methods to reseed the random number generator. This also works on VMs which wake up (if a wakeup event is seen).
1.57 deraadt 216: <li>All architectures have been transitioned to static PIE, meaning the statically linked binaries in /bin and /sbin now have randomly located text segments.
1.44 deraadt 217: <li>Allow larger .openbsd.randomdata ELF segments.
1.103 tb 218: <li>Sync kernel AES code and <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> AES code to the one shipped with OpenSSL/LibreSSL.
219: <li>Removed <a href="https://man.openbsd.org/?query=passwd&sektion=1">passwd(1)</a> support for all password ciphers except <a href="https://man.openbsd.org/?query=blowfish&sektion=3">blowfish(3)</a>.
220: <li>Use sha512 instead of md5 for <a href="https://man.openbsd.org/?query=tcp&sektion=4">tcp(4)</a> initial sequence number.
1.56 benno 221: <li>Use sha512 instead of md5 in the random number generator.
1.103 tb 222: <li>Delete secret or secret-derived data in many base utilities with <a href="https://man.openbsd.org/?query=explicit_bzero&sektion=3">explicit_bzero(3)</a>.
1.1 deraadt 223: </ul>
224: <p>
225:
226: <li>Assorted improvements:
227: <ul>
1.103 tb 228: <li>New <a href="https://man.openbsd.org/?query=rcctl&sektion=8"">rcctl(8)</a> utility to control daemons.
229: <li><a href="https://man.openbsd.org/?query=fw_update&sektion=1">fw_update(1)</a> has been rewritten to be faster and smarter.
230: <li>Cleanup <a href="https://man.openbsd.org/?query=event&sektion=3">libevent(3)</a>,
1.19 bluhm 231: the compatibility layer for other operating systems has been removed.
232: The API is still compatible with upstream libevent 1.4.15-stable.
1.103 tb 233: <li><a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a>
1.66 deraadt 234: s_client now supports a -proxy parameter for connecting over an HTTP proxy.
1.27 tedu 235: <li>gzsig has been removed.
1.72 tedu 236: <li>Switch to fast assembly versions of some libc functions on amd64.
1.103 tb 237: <li>Frequency scaling has been moved from <a href="https://man.openbsd.org/?query=apmd&sektion=1">apmd(8)</a> to the kernel with an improved algorithm.
1.66 deraadt 238: <li>Switch last workq API uses to
1.103 tb 239: <a href="https://man.openbsd.org/?query=taskq_create&sektion=9">taskq</a> API and remove all traces of workq.
1.31 krw 240: <li>Use
1.103 tb 241: <a href="https://man.openbsd.org/?query=services&sektion=5">services(5)</a> names in the default pf rules in force during startup.
1.35 krw 242: <li>
1.103 tb 243: <a href="https://man.openbsd.org/?query=what&sektion=1">what(1)</a> now correctly displays $OpenBSD$ expansions.
1.35 krw 244: <li>
1.103 tb 245: <a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> now removes addresses from its pf table a single time when they expire, rather than at every timeout after the expiry.
1.31 krw 246: <li>
1.103 tb 247: <a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> now ensures that the pf table process exits when the main process does.
1.31 krw 248: <li>
1.103 tb 249: <a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a> has more informative log entries for DHCPACKs issued in response to DHCPINFORM messages.
1.36 krw 250: <li>Added POSIX types blkcnt_t (int64) and blksize_t (int32), and used them for st_blocks (formerly int64_t) and st_blksize (formerly u_int32_t) in struct stat.
1.38 tedu 251: <li>Improved typography for
1.103 tb 252: <a href="https://man.openbsd.org/?query=banner&sektion=6">banner(6)</a>.
253: <li>Allow <a href="https://man.openbsd.org/?query=hangman&sektion=6">hangman</a>
1.91 tedu 254: to play against any ELF file.
1.40 krw 255: <li>
1.103 tb 256: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> adjusts MTU when the interface-mtu DHCP option is provided.
1.40 krw 257: <li>Various memory leaks in
1.103 tb 258: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> plugged, providing more stability for long running (in terms of time or renewals) instances.
1.40 krw 259: <li>The
1.103 tb 260: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a>
1.40 krw 261: command line options -q (quiet) and -d (don't daemonize) are now mutually exclusive.
1.66 deraadt 262: <li>The communication between the privileged and unprivileged
1.103 tb 263: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> processes was reworked to further minimize information sharing.
1.40 krw 264: <li>
1.103 tb 265: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> ensures lease timeouts (renew, rebind, expire) are sane and uses default values closer to RFC suggestions.
1.40 krw 266: <li>
1.103 tb 267: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> no longer crashes when a lease expires and cannot be renewed or replaced.
1.40 krw 268: <li>
1.103 tb 269: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> improved tracking network interface link states.
1.40 krw 270: <li>Improved network error tracking and accounting in
1.103 tb 271: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a>.
1.40 krw 272: <li>Private number conversion functions in
1.103 tb 273: <a href="https://man.openbsd.org/?query=dhclient&sektion=8">dhclient(8)</a> eliminated in favour of standard library functions.
1.66 deraadt 274: <li>Further signal race cleanups in
1.103 tb 275: <a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a>.
1.44 deraadt 276: <li>BIND has been retired, encouraging use of
1.103 tb 277: <a href="https://man.openbsd.org/?query=nsd&sektion=8">nsd(8)</a> and
278: <a href="https://man.openbsd.org/?query=unbound&sektion=8">unbound(8)</a>.
1.44 deraadt 279: <li>Significant namespace cleanup in the /usr/include files, especially related to <sys/param.h> and <limits.h>.
1.103 tb 280: <li><a href="https://man.openbsd.org/?query=softraid&sektion=4">softraid(4)</a> RAID1 and CRYPTO volumes are now bootable on the sparc64 platform.
281: <li><a href="https://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> now uses "TLS" rather than "SSL" terminology to reflect the deprecation of the latter.
282: <li><a href="https://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> now supports the random and source-hash modes with redirections.
1.106 bentley 283: <li><a href="https://man.openbsd.org/?query=relayd&sektion=8">relayd(8)</a> now supports the <a href="https://cvsweb.openbsd.org/src/share/snmp/OPENBSD-RELAYD-MIB.txt?rev=1.1">OPENBSD-RELAYD-MIB</a> via agentx with <a href="https://man.openbsd.org/?query=snmpd&sektion=8">snmpd(8)</a>.
1.103 tb 284: <li>Added interfaces for setting the close-on-exec flag and/or non-blocking mode on new file descriptors: <a href="https://man.openbsd.org/?query=pipe2&sektion=2">pipe2(2)</a>, <a href="https://man.openbsd.org/?query=dup3&sektion=2">dup3(2)</a>, <a href="https://man.openbsd.org/?query=accept4&sektion=2">accept4(2)</a>, <a href="https://man.openbsd.org/?query=mkostemp&sektion=3">mkostemp(3)</a>, <a href="https://man.openbsd.org/?query=mkostemps&sektion=3">mkostemps(3)</a>, the <tt>SOCK_CLOEXEC</tt> and <tt>SOCK_NONBLOCK</tt> flags for <a href="https://man.openbsd.org/?query=socket&sektion=2">socket(2)</a> and <a href="https://man.openbsd.org/?query=socketpair&sektion=2">socketpair(2)</a>, and the <tt>MSG_CMSG_CLOEXEC</tt> flag for <a href="https://man.openbsd.org/?query=recvmsg&sektion=2">recvmsg(2)</a>. In addition, <a href="https://man.openbsd.org/?query=posix_spawn_file_actions_adddup2&sektion=3">posix_spawn_file_actions_adddup2(3)</a> now always clears the close-on-exec flag.
285: <li>Added interfaces for setting the close-on-exec flag on new FILE handles and for requesting exclusive creation via the the 'e' and 'x' mode letters for <a href="https://man.openbsd.org/?query=fopen&sektion=3">fopen(3)</a>, <a href="https://man.openbsd.org/?query=fdopen&sektion=3">fdopen(3)</a>, <a href="https://man.openbsd.org/?query=freopen&sektion=3">freopen(3)</a>, and <a href="https://man.openbsd.org/?query=popen&sektion=3">popen(3)</a>.
1.50 guenther 286: <li>Many library functions and programs changed to use the above for safety or simplicity.
1.103 tb 287: <li>Added <a href="https://man.openbsd.org/?query=chflagsat&sektion=2">chflagsat(2)</a>, <a href="https://man.openbsd.org/?query=sockatmark&sektion=3">sockatmark(3)</a>, and <a href="https://man.openbsd.org/?query=stravis&sektion=3">stravis(3)</a>.
288: <li>Merged performance and safety fixes for <a href="https://man.openbsd.org/?query=fts&sektion=3">fts(3)</a> from FreeBSD.
289: <li>Merged fixes for file descriptor leaks in various <a href="https://man.openbsd.org/?query=rpc&sektion=3">rpc(3)</a> functions from NetBSD.
290: <li>Added a <tt>kern.global_ptrace</tt> <a href="https://man.openbsd.org/?query=sysctl&sektion=1">sysctl(1)</a> to disable, by default, the ability to <a href="https://man.openbsd.org/?query=ptrace&sektion=2">ptrace(2)</a> processes that aren't your descendent.
291: <li><a href="https://man.openbsd.org/?query=kdump&sektion=1">kdump(1)</a> now always displays both the numeric and the textual forms for users, groups, timestamps, and sysctl ids, eliminating the <tt>-r</tt> option. It also auto-selects between decimal and hex format for arguments, renders more types of flags, and is more robust when parsing corrupt ktrace files.
292: <li><a href="https://man.openbsd.org/?query=chmod&sektion=1">chmod(1)</a>/<a href="https://man.openbsd.org/?query=chgrp&sektion=1">chgrp(1)</a>/<a href="https://man.openbsd.org/?query=chown&sektion=8">chown(8)</a> now comply with POSIX's requirements when they encounter symlinks when the <tt>-R</tt> option is used, and are safe from race conditions when doing so.
293: <li>The <a href="https://man.openbsd.org/?query=dmesg&sektion=8">dmesg(8)</a> utility can now display the console message buffer in addition to the system message buffer.
294: <li><a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a> now uses libevent instead of
295: <a href="https://man.openbsd.org/?query=select&sektion=3">select(3)</a>.
1.70 dlg 296: <li>Reworking of the kernel
1.103 tb 297: <a href="https://man.openbsd.org/OpenBSD-current/man9/pool.9?query=pool&sec=9">pool(9)</a>
1.70 dlg 298: implementation to provide mpsafety and pave the way for performance improvements.
1.71 dlg 299: <li>Removed the
1.103 tb 300: <a href="https://man.openbsd.org/OpenBSD-5.6/man9/workq_add_task.9?query=workq_add_task&sec=9">workq API</a>
1.71 dlg 301: after replacing it with the
1.103 tb 302: <a href="https://man.openbsd.org/OpenBSD-current/man9/task_add.9?query=task_add&sec=9">task API</a>.
1.71 dlg 303: <li>Add support for creating kernel threads that cannot sleep to
1.103 tb 304: <a href="https://man.openbsd.org/OpenBSD-5.6/man9/taskq_create.9?query=taskq_create&sec=9">taskq_create(9)</a>.
1.71 dlg 305: <li>Completed the implementation of the atomic (eg,
1.103 tb 306: <a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_cas_uint.9?query=atomic_cas_uint&sec=9">atomic_cas_uint(9)</a>,
307: <a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_swap_uint.9?query=atomic_swap_uint&sec=9">atomic_swap_uint(9)</a>,
308: <a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_add_int.9?query=atomic_add_int&sec=9">atomic_add_int(9)</a>,
309: <a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_sub_int.9?query=atomic_sub_int&sec=9">atomic_sub_int(9)</a>,
310: <a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_inc_int.9?query=atomic_inc_int&sec=9">atomic_inc_int(9)</a>, and
311: <a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_dec_int.9?query=atomic_inc_int&sec=9">atomic_dec_int(9)</a>)
1.71 dlg 312: and membar
1.103 tb 313: (<a href="https://man.openbsd.org/OpenBSD-current/man9/membar_sync.9?query=membar_sync&sec=9">membar_sync(9)</a>)
1.71 dlg 314: APIs across all supported architectures.
1.46 reyk 315: </ul>
316: <p>
317:
1.103 tb 318: <li>OpenBSD <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a>:
1.46 reyk 319: <ul>
1.66 deraadt 320: <li>SSLv2/3 is not supported anymore; renamed all occurrences of "SSL" to "TLS".
1.46 reyk 321: <li>Various TLS improvements with better support for ECDHE/DHE forward secrecy.
322: <li>Improved support for virtual hosts by supporting name- and IP- based aliases.
1.103 tb 323: <li>Added support for basic authentication by checking against files created with <a href="https://man.openbsd.org/?query=htpasswd&sektion=1">htpasswd(1)</a>.
1.46 reyk 324: <li>Added support for custom error codes, blocking and dropping of connections.
325: <li>Added support for redirections and macros in specified target URLs.
326: <li>Added the "root strip" option to sanitize PATH_INFO for some CGI scripts.
327: <li>Added an option to specify an alternative log directory instead of /var/www/logs.
1.103 tb 328: <li>Various FastCGI improvements; <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a> is now compatible with many well-known web applications.
1.46 reyk 329: <li>Various other fixes and improvements.
330: </ul>
331: <p>
332:
333: <li>OpenSMTPD 5.4.4:
334: <ul>
1.66 deraadt 335: <li>SSLv3 is not supported anymore.
1.59 gilles 336: <li>Added support for a new message and headers parser.
337: <li>Added support for append-domain.
338: <li>Restricted address lookups to configured address families.
339: <li>Domain is no longer required when mailing a local user.
340: <li>Various other fixes and improvements.
1.1 deraadt 341: </ul>
342: <p>
343:
1.3 sobrado 344: <li>OpenSSH 6.8
1.1 deraadt 345: <ul>
346: <li>Potentially-incompatible changes:
347: <ul>
1.103 tb 348: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 349: <tt>UseDNS</tt> now defaults to 'no'. Configurations that match
350: against the client host name (via
1.103 tb 351: <a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>
1.3 sobrado 352: or <tt>authorized_keys</tt>) may need to re-enable it or convert to
353: matching against addresses.
1.1 deraadt 354: </ul>
355: <li>New/changed features:
356: <ul>
1.3 sobrado 357: <li>Much of OpenSSH's internal code has been re-factored to be more
358: library-like. These changes are mostly not user-visible, but
359: have greatly improved OpenSSH's testability and internal layout.
360: <li>Add <tt>FingerprintHash</tt> option to
1.103 tb 361: <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>
1.3 sobrado 362: and
1.103 tb 363: <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>,
1.3 sobrado 364: and equivalent command-line flags to the other tools to control
365: algorithm used for key fingerprints. The default changes from MD5
366: to SHA256 and format from hex to base64. Fingerprints now have the
367: hash algorithm prepended. Please note that visual host keys will also
368: be different.
1.103 tb 369: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>,
370: <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.34 sobrado 371: Experimental host key rotation support. Add a protocol extension
1.28 sobrado 372: for a server to inform a client of all its available host keys after
373: authentication has completed. The client may record the keys in
374: <tt>known_hosts</tt>, allowing it to upgrade to better host key
375: algorithms and a server to gracefully rotate its keys. The client
376: side of this is controlled by a <tt>UpdateHostkeys</tt> config option
377: (default off).
1.103 tb 378: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 379: Add a
1.103 tb 380: <a href="https://man.openbsd.org/?query=ssh_config&sektion=5">ssh_config(5)</a>
1.3 sobrado 381: <tt>HostbasedKeyType</tt> option to control which host public key types
382: are tried during host-based authentication.
1.103 tb 383: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>,
384: <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 385: fix connection-killing host key mismatch errors when
1.103 tb 386: <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>
1.3 sobrado 387: offers multiple ECDSA keys of different lengths.
1.103 tb 388: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 389: when host name canonicalisation is enabled, try to parse host names
390: as addresses before looking them up for canonicalisation. Fixes
391: bz#2074 and avoiding needless DNS lookups in some cases.
1.103 tb 392: <li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>,
393: <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 394: <i>Key Revocation Lists</i> (KRLs) no longer require OpenSSH to be
395: compiled with OpenSSL support.
1.103 tb 396: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>,
397: <a href="https://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>:
1.3 sobrado 398: Make ed25519 keys work for host based authentication.
1.103 tb 399: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 400: SSH protocol v.1 workaround for the Meyer, et al., <i>Bleichenbacher
401: Side Channel Attack</i>. Fake up a bignum key before RSA decryption.
1.103 tb 402: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 403: Remember which public keys have been used for authentication and
404: refuse to accept previously-used keys. This allows
405: <tt>AuthenticationMethods=publickey,publickey</tt> to require that
406: users authenticate using two <i>different</i> public keys.
1.103 tb 407: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 408: add
1.103 tb 409: <a href="https://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a>
1.3 sobrado 410: <tt>HostbasedAcceptedKeyTypes</tt> and <tt>PubkeyAcceptedKeyTypes</tt>
411: options to allow
1.103 tb 412: <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>
1.3 sobrado 413: to control what public key types will be accepted. Currently defaults
414: to all.
1.103 tb 415: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 416: Don't count partial authentication success as a failure against
417: <tt>MaxAuthTries</tt>.
1.103 tb 418: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 419: Add <tt>RevokedHostKeys</tt> option for the client to allow text-file
420: or KRL-based revocation of host keys.
1.103 tb 421: <li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>,
422: <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>:
1.3 sobrado 423: Permit KRLs that revoke certificates by serial number or key ID without
424: scoping to a particular CA.
1.103 tb 425: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 426: Add a "Match canonical" criteria that allows
1.103 tb 427: <a href="https://man.openbsd.org/?query=ssh_config&sektion=5">ssh_config(5)</a>
1.3 sobrado 428: <tt>Match</tt> blocks to trigger only in the second config pass.
1.103 tb 429: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 430: Add a <tt>-G</tt> option to
1.103 tb 431: <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>
1.3 sobrado 432: that causes it to parse its configuration and dump the result to
433: stdout, similar to "<tt>sshd -T</tt>".
1.103 tb 434: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 435: Allow <tt>Match</tt> criteria to be negated
436: (e.g. "<tt>Match !host</tt>").
437: <li>The regression test suite has been extended to cover more OpenSSH
438: features. The unit tests have been expanded and now cover key
439: exchange.
1.1 deraadt 440: </ul>
441: <li>The following significant bugs have been fixed in this release:
442: <ul>
1.103 tb 443: <li><a href="https://man.openbsd.org/?query=ssh-keyscan&sektion=1">ssh-keyscan(1)</a>:
444: <a href="https://man.openbsd.org/?query=ssh-keyscan&sektion=1">ssh-keyscan(1)</a>
1.3 sobrado 445: has been made much more robust again servers that hang or violate
446: the SSH protocol.
1.103 tb 447: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>,
448: <a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
1.3 sobrado 449: Fix regression bz#2306: Key path names were being lost as comment
450: fields.
1.103 tb 451: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 452: Allow
1.103 tb 453: <a href="https://man.openbsd.org/?query=ssh_config&sektion=5">ssh_config(5)</a>
1.3 sobrado 454: <tt>Port</tt> options set in the second config parse phase to be
455: applied (they were being ignored). (bz#2286)
1.103 tb 456: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 457: Tweak config re-parsing with host canonicalisation—make the
458: second pass through the config files always run when host name
459: canonicalisation is enabled (and not whenever the host name changes).
460: (bz#2267)
1.103 tb 461: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>:
1.3 sobrado 462: Fix passing of wildcard forward bind addresses when connection
463: multiplexing is in use. (bz#2324)
1.103 tb 464: <li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
1.3 sobrado 465: Fix broken private key conversion from non-OpenSSH formats. (bz#2345)
1.103 tb 466: <li><a href="https://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
1.3 sobrado 467: Fix KRL generation bug when multiple CAs are in use.
468: <li>Various fixes to manual pages. (bz#2273, bz#2288 and bz#2316)
1.1 deraadt 469: </ul>
470: </ul>
471: <p>
472:
473: <li>LibreSSL
474: <ul>
1.73 sobrado 475: <li>User-visible features:
476: <ul>
477: <li>Reluctantly add server-side support for <tt>TLS_FALLBACK_SCSV</tt>.
478: <li>Import <i>BoringSSL</i>'s crypto bytestring and crypto bytebuilder
479: APIs.
480: <li>Jettison DTLS over SCTP.
481: <li>Move
1.103 tb 482: <a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a>
1.73 sobrado 483: from <tt>/usr/sbin/openssl</tt> to <tt>/usr/bin/openssl</tt>.
484: <li>Two important cipher suites, GOST and Camellia, have been reworked
485: or reenabled, providing better interoperability with systems around
486: the world.
487: <li>libtls: New API for loading CA chains directly from memory instead
488: of a file, allowing verification with privilege separation in a
1.103 tb 489: <a href="https://man.openbsd.org/?query=chroot&sektion=8">chroot(8)</a>
1.73 sobrado 490: without direct access to CA certificate files.
491: <li>libtls: Ciphers default to TLSv1.2 with AEAD and PFS.
492: <li>libtls: Improved error handling and message generation.
493: <li>Added <tt>X509_STORE_load_mem</tt> API for loading certificates from
494: memory. This facilitates accessing certificates from a chrooted
495: environment.
496: <li>New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
497: using 'TLSv1.2+AEAD' as the cipher selection string.
498: <li>New
1.103 tb 499: <a href="https://man.openbsd.org/?query=openssl&sektion=1">openssl(1)</a>
1.73 sobrado 500: command '<tt>certhash</tt>' replaces the <tt>c_rehash</tt> script.
501: <li><i>Application-Layer Protocol Negotiation</i> (ALPN) support.
502: </ul>
503: <li>Code improvements:
504: <ul>
505: <li>Dead and disabled code removal including MD5, Netscape workarounds,
506: non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more.
507: <li>The ASN1 macros are expanded to aid readability and maintainability.
508: <li>Various NULL pointer asserts removed in favor of letting the
509: OS/signal handler catch them.
510: <li>Dozens of issues found with the <i>Coverity scanner</i> fixed.
511: </ul>
512: <li>Security updates:
513: <ul>
514: <li>Fix a Bleichenbacher style timing oracle with bad PKCS padding.
515: <li>Fix memory leaks.
516: <li>Address POODLE attack by disabling SSLv3 by default.
517: <li>SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
518: <li>Earlier libtls support for non-blocking sockets and randomized
519: session ID contexts.
520: <li>Ensure the stack is marked non-executable for assembly sections.
521: <li>Multiple CVEs fixed including CVE-2014-3506, CVE-2014-3507,
522: CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511,
523: CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205
524: and CVE-2015-0206.
525: </ul>
1.1 deraadt 526: </ul>
527: <p>
1.33 schwarze 528: <li>mandoc 1.13.3:
1.1 deraadt 529: <ul>
1.103 tb 530: <li><a href="https://man.openbsd.org/?query=man&sektion=1">man(1)</a>,
531: <a href="https://man.openbsd.org/?query=apropos&sektion=1">apropos(1)</a>, and
532: <a href="https://man.openbsd.org/?query=mandoc&sektion=1">mandoc(1)</a>
1.33 schwarze 533: now have a unified user interface, all with the same options,
534: and are in fact all implemented by the same binary program.
1.103 tb 535: <li>For <a href="https://man.openbsd.org/?query=man&sektion=1">man(1)</a>,
1.33 schwarze 536: this implies new options -l and -IKOTW,
537: and it now finds manual pages by the names in their NAME sections
538: even if they lack matching file names.
1.103 tb 539: <li>For <a href="https://man.openbsd.org/?query=apropos&sektion=1">apropos(1)</a>,
1.33 schwarze 540: this implies new options -acfhklw and -IKOTW.
1.103 tb 541: <li>For <a href="https://man.openbsd.org/?query=mandoc&sektion=1">mandoc(1)</a>,
1.33 schwarze 542: this implies new options -acfhkl.
1.103 tb 543: <li><a href="https://man.openbsd.org/?query=mandoc&sektion=1">mandoc(1)</a>
1.33 schwarze 544: now automatically detects and transparently accepts input encoded
545: in utf-8 and iso-8859-1, and provides a new option -K to explicitly
546: specify the input encoding.
1.103 tb 547: <li>The <a href="https://man.openbsd.org/?query=mandoc&sektion=1">mandoc(1)</a>
1.33 schwarze 548: default output mode now is -Tlocale rather than -Tascii.
1.103 tb 549: <li><a href="https://man.openbsd.org/?query=eqn&sektion=7">eqn(7)</a>
1.33 schwarze 550: now supports in-line equations,
551: and terminal rendering of equations is considerably improved.
1.103 tb 552: <li><a href="https://man.openbsd.org/?query=mandoc&sektion=1">mandoc(1)</a> -Thtml
1.33 schwarze 553: now generates polyglot HTML5 and renders
1.103 tb 554: <a href="https://man.openbsd.org/?query=eqn&sektion=7">eqn(7)</a>
1.33 schwarze 555: using MathML.
1.103 tb 556: <li><a href="https://man.openbsd.org/?query=mandoc&sektion=1">mandoc(1)</a>
1.33 schwarze 557: can no longer fail with fatal errors, no matter how broken the input
558: file may be, and the -Wfatal message level no longer has any effect.
559: A new diagnostic level -Wunsupp is provided. Besides, many
560: diagnostic messages are now more specific.
561: <li>Many crashes were fixed that Jonathan Gray found with the
562: American Fuzzy Lop (afl).
1.1 deraadt 563: </ul>
564:
565: <p>
1.17 bluhm 566: <li>Syslogd:
567: <ul>
1.103 tb 568: <li>OpenBSD <a href="https://man.openbsd.org/?query=syslogd&sektion=8">syslogd(8)</a>
1.52 lteo 569: is based on
1.103 tb 570: <a href="https://man.openbsd.org/?query=event&sektion=3">libevent</a>
1.52 lteo 571: now.
1.17 bluhm 572: <li>Sending and receiving UDP messages works with both IPv4 and IPv6.
573: <li>Syslog messages can also be sent over TCP or TLS.
1.20 bluhm 574: The syntax to specify the loghost is documented in
1.103 tb 575: <a href="https://man.openbsd.org/?query=syslog.conf&sektion=5">syslog.conf(5)</a>.
1.20 bluhm 576: <li>Sending over TCP and TLS is reliable.
577: If a connection terminates, syslogd tries to reconnect.
578: When the message buffer in memory gets full, the number of dropped
579: messages is counted and logged.
1.66 deraadt 580: <li>With TLS, the x509 certificate of the syslog server is verified.
1.17 bluhm 581: <li>The maximum message size has been increased according to newer RFC.
582: </ul>
583: <p>
1.1 deraadt 584: <li>Ports and packages:
585: <ul>
1.58 sthen 586: <li>Over 9,000 ports.
1.1 deraadt 587: </ul>
588: <p>
589: <li>Many pre-built packages for each architecture:
590: <table border=0 cellspacing=0 cellpadding=2 width="95%">
591: <tr>
592: <td valign="top" width="25%">
593: <ul>
1.58 sthen 594: <li>i386: 8722
1.86 sthen 595: <li>sparc64: 8184
596: <li>alpha: 6811
1.85 sthen 597: <li>sh: 0
1.1 deraadt 598: </ul></td><td valign=top width="25%"><ul>
1.58 sthen 599: <li>amd64: 8745
1.86 sthen 600: <li>powerpc: 8286
601: <li>m88k: 1148
602: <li>sparc: 4026
1.1 deraadt 603: </ul></td><td valign=top width="25%"><ul>
1.85 sthen 604: <li>arm: 0
1.86 sthen 605: <li>hppa: 6718
606: <li>vax: 1550
1.1 deraadt 607: </ul></td><td valign=top width="25%"><ul>
1.82 deraadt 608: <li>mips64: 1595
609: <li>mips64el: 6914
1.1 deraadt 610: </ul></td></tr></table>
611: <p>
612:
613: <li>Some highlights:
1.67 sthen 614: <table border=0 cellspacing=0 cellpadding=2 width="95%">
615: <tr>
616: <td valign="top" width="33%"><ul>
617: <li>Chromium 40.0.2214.115
618: <li>Emacs 21.4 and 24.4
619: <li>GCC 4.8.4 and 4.9.2
620: <li>GHC 7.8.4
621: <li>GNOME 3.14.2
622: <li>Go 1.4.1
623: <li>Groff 1.22.3
624: <li>JDK 1.7.0.71
625: <li>KDE 3.5.10 and 4.14.3
626: <li>LLVM/Clang 3.5 (20140228)
627: <li>LibreOffice 4.3.5.2
628: <li>MariaDB 10.0.16
629: <li>Mono 3.12.0
630: <li>Mozilla Firefox 31.4.0esr and 35.0.1
631: <li>Mozilla Thunderbird 31.4.0
632: </ul></td><td valign=top width="33%"><ul>
633: <li>Node.js 0.10.35
634: <li>OpenLDAP 2.3.43 and 2.4.40
635: <li>PHP 5.3.29, 5.4.38, 5.5.22 and 5.6.5
636: <li>Postfix 2.11.4
637: <li>PostgreSQL 9.4.1
638: <li>Python 2.7.9 and 3.4.2
639: <li>R 3.1.2
640: <li>Ruby 1.8.7.374, 1.9.3.551, 2.0.0.598, 2.1.5, and 2.2.0
1.81 nick 641: <li>Sendmail 8.15.1
1.67 sthen 642: <li>Tcl/Tk 8.5.16 and 8.6.2
643: <li>TeX Live 2013
644: <li>Vim 7.4.475
645: <li>Xfce 4.10
646: </ul></td><td valign=top width="34%">
647: </td></tr></table>
1.1 deraadt 648: <p>
649:
650: <li>As usual, steady improvements in manual pages and other documentation.
651: <p>
652:
653: <li>The system includes the following major components from outside suppliers:
654: <ul>
1.2 lteo 655: <li>Xenocara (based on X.Org 7.7 with xserver 1.16.4 + patches,
656: freetype 2.5.5, fontconfig 2.11.1, Mesa 10.2.9, xterm 314,
657: xkeyboard-config 2.13 and more)
1.1 deraadt 658: <li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.2 lteo 659: <li>Perl 5.20.1 (+ patches)
660: <li>SQLite 3.8.6 (+ patches)
661: <li>NSD 4.1.1
1.22 brad 662: <li>Unbound 1.5.2
1.1 deraadt 663: <li>Sudo 1.7.2p8
664: <li>Ncurses 5.7
665: <li>Binutils 2.15 (+ patches)
666: <li>Gdb 6.3 (+ patches)
667: <li>Less 458 (+ patches)
668: <li>Awk Aug 10, 2011 version
669: </ul>
670:
671: </ul>
672:
673: <a name="install"></a>
674: <hr>
675: <p>
676: <h3><font color="#0000e0">How to install</font></h3>
677: <p>
678: Following this are the instructions which you would have on a piece of
679: paper if you had purchased a CDROM set instead of doing an alternate
1.16 rpe 680: form of install. The instructions for doing an HTTP (or other style
1.1 deraadt 681: of) install are very similar; the CDROM instructions are left intact
682: so that you can see how much easier it would have been if you had
683: purchased a CDROM instead.
684: <p>
685:
686: <hr>
1.16 rpe 687: Please refer to the following files on the three CDROMs or mirror site for
1.1 deraadt 688: extensive details on how to install OpenBSD 5.7 on your machine:
689: <p>
690: <ul>
1.101 tb 691: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/alpha/INSTALL.alpha">
1.1 deraadt 692: .../OpenBSD/5.7/alpha/INSTALL.alpha (on CD1)</a>
1.101 tb 693: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/i386/INSTALL.i386">
1.1 deraadt 694: .../OpenBSD/5.7/i386/INSTALL.i386 (on CD1)</a>
1.101 tb 695: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/hppa/INSTALL.hppa">
1.1 deraadt 696: .../OpenBSD/5.7/hppa/INSTALL.hppa (on CD1)</a>
697: <p>
1.101 tb 698: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/amd64/INSTALL.amd64">
1.1 deraadt 699: .../OpenBSD/5.7/amd64/INSTALL.amd64 (on CD2)</a>
1.101 tb 700: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/macppc/INSTALL.macppc">
1.1 deraadt 701: .../OpenBSD/5.7/macppc/INSTALL.macppc (on CD2)</a>
702: <p>
1.101 tb 703: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sparc64/INSTALL.sparc64">
1.1 deraadt 704: .../OpenBSD/5.7/sparc64/INSTALL.sparc64 (on CD3)</a>
1.101 tb 705: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sparc/INSTALL.sparc">
1.1 deraadt 706: .../OpenBSD/5.7/sparc/INSTALL.sparc (on CD3)</a>
707: <p>
1.101 tb 708: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/alpha/INSTALL.alpha">
1.95 deraadt 709: .../OpenBSD/5.7/alpha/INSTALL.alpha</a>
1.101 tb 710: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/armish/INSTALL.armish">
1.1 deraadt 711: .../OpenBSD/5.7/armish/INSTALL.armish</a>
1.101 tb 712: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/aviion/INSTALL.aviion">
1.1 deraadt 713: .../OpenBSD/5.7/aviion/INSTALL.aviion</a>
1.101 tb 714: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/hppa/INSTALL.hppa">
1.95 deraadt 715: .../OpenBSD/5.7/hppa/INSTALL.hppa</a>
1.101 tb 716: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/landisk/INSTALL.landisk">
1.1 deraadt 717: .../OpenBSD/5.7/landisk/INSTALL.landisk</a>
1.101 tb 718: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/loongson/INSTALL.loongson">
1.1 deraadt 719: .../OpenBSD/5.7/loongson/INSTALL.loongson</a>
1.101 tb 720: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/luna88k/INSTALL.luna88k">
1.1 deraadt 721: .../OpenBSD/5.7/luna88k/INSTALL.luna88k</a>
1.101 tb 722: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/macppc/INSTALL.macppc">
1.95 deraadt 723: .../OpenBSD/5.7/macppc/INSTALL.macppc</a>
1.101 tb 724: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/octeon/INSTALL.octeon">
1.1 deraadt 725: .../OpenBSD/5.7/octeon/INSTALL.octeon</a>
1.101 tb 726: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sgi/INSTALL.sgi">
1.1 deraadt 727: .../OpenBSD/5.7/sgi/INSTALL.sgi</a>
1.101 tb 728: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/socppc/INSTALL.socppc">
1.1 deraadt 729: .../OpenBSD/5.7/socppc/INSTALL.socppc</a>
1.101 tb 730: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sparc/INSTALL.sparc">
1.95 deraadt 731: .../OpenBSD/5.7/sparc/INSTALL.sparc</a>
1.101 tb 732: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/vax/INSTALL.vax">
1.1 deraadt 733: .../OpenBSD/5.7/vax/INSTALL.vax</a>
1.101 tb 734: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/zaurus/INSTALL.zaurus">
1.1 deraadt 735: .../OpenBSD/5.7/zaurus/INSTALL.zaurus</a>
736: </ul>
737: <hr>
738:
739: <p>
740: Quick installer information for people familiar with OpenBSD, and the
741: use of the "disklabel -E" command. If you are at all confused when
742: installing OpenBSD, read the relevant INSTALL.* file as listed above!
743: <p>
744:
745: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
746: <ul>
1.26 tedu 747: The OpenBSD/i386 release is on CD1.
748: Boot from the CD to begin the install - you may need to adjust
749: your BIOS options first.
1.1 deraadt 750:
751: <p>
1.49 bcallah 752: If your machine can boot from USB, you can write <i>install57.fs</i> or
753: <i>miniroot57.fs</i> to a USB stick and boot from it.
754:
755: <p>
756: If you can't boot from a CD, floppy disk, or USB,
1.1 deraadt 757: you can install across the network using PXE as described in
758: the included INSTALL.i386 document.
759:
760: <p>
761: If you are planning on dual booting OpenBSD with another OS, you will need to
762: read INSTALL.i386.
763:
764: </ul>
765:
766: <p>
767: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
768: <ul>
1.26 tedu 769: The OpenBSD/amd64 release is on CD2.
1.1 deraadt 770: Boot from the CD to begin the install - you may need to adjust
771: your BIOS options first.
772:
773: <p>
1.49 bcallah 774: If your machine can boot from USB, you can write <i>install57.fs</i> or
775: <i>miniroot57.fs</i> to a USB stick and boot from it.
776:
777: <p>
778: If you can't boot from a CD, floppy disk, or USB,
1.1 deraadt 779: you can install across the network using PXE as described in the included
780: INSTALL.amd64 document.
781:
782: <p>
783: If you are planning to dual boot OpenBSD with another OS, you will need to
784: read INSTALL.amd64.
785: </ul>
786:
787: <p>
788: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
789: <ul>
1.16 rpe 790: Burn the image from a mirror site to a CDROM, and power on your machine
1.1 deraadt 791: while holding down the <i>C</i> key until the display turns on and
792: shows <i>OpenBSD/macppc boot</i>.
793:
794: <p>
795: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
796: /5.7/macppc/bsd.rd</i>
797: </ul>
798:
799: <p>
800: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
801: <ul>
1.87 deraadt 802: <b>
803: <a href="errata57.html#001_sparc64_miniroot">5.7 Errata 001</a>:
804: Unfortunately, 5.7 cannot boot from CDROM on some machines due
805: a bootloader bug.
806: </b>
807: <p>
1.1 deraadt 808: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
809:
810: <p>
811: If this doesn't work, or if you don't have a CDROM drive, you can write
812: <i>CD3:5.7/sparc64/floppy57.fs</i> or <i>CD3:5.7/sparc64/floppyB57.fs</i>
813: (depending on your machine) to a floppy and boot it with <i>boot
814: floppy</i>. Refer to INSTALL.sparc64 for details.
815:
816: <p>
817: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
818: will most likely fail.
819:
820: <p>
821: You can also write <i>CD3:5.7/sparc64/miniroot57.fs</i> to the swap partition on
822: the disk and boot with <i>boot disk:b</i>.
823:
824: <p>
825: If nothing works, you can boot over the network as described in INSTALL.sparc64.
826: </ul>
827:
828: <p>
829: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
830: <ul>
831: <p>Write <i>FTP:5.7/alpha/floppy57.fs</i> or
832: <i>FTP:5.7/alpha/floppyB57.fs</i> (depending on your machine) to a diskette and
833: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
834:
835: <p>
836: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
837: will most likely fail.
838:
839: </ul>
840:
841: <p>
842: <h3><font color="#e00000">OpenBSD/armish:</font></h3>
843: <ul>
844: <p>
845: After connecting a serial port, Thecus can boot directly from the network
846: either tftp or http. Configure the network using fconfig, reset,
847: then load bsd.rd, see INSTALL.armish for specific details.
848: IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
849: and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
850: then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
851: More details are available in INSTALL.armish.
852: </ul>
853:
854: <p>
855: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
856: <ul>
857: <p>
858: Boot over the network by following the instructions in INSTALL.hppa or the
859: <a href="hppa.html#install">hppa platform page</a>.
860: </ul>
861:
862: <p>
863: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
864: <ul>
865: <p>
866: Write <i>miniroot57.fs</i> to the start of the CF
867: or disk, and boot normally.
868: </ul>
869:
870: <p>
871: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
872: <ul>
873: <p>
874: Write <i>miniroot57.fs</i> to a USB stick and boot bsd.rd from it
875: or boot bsd.rd via tftp.
876: Refer to the instructions in INSTALL.loongson for more details.
877: </ul>
878: <p>
879:
880: <p>
881: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
882: <ul>
883: <p>
884: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
885: from the PROM, and the bsd.rd from the bootloader.
886: Refer to the instructions in INSTALL.luna88k for more details.
887: </ul>
888:
889: <p>
890: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
891: <ul>
892: <p>
893: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
894: Refer to the instructions in INSTALL.octeon for more details.
895: </ul>
896:
897: <p>
898: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
899: <ul>
900: <p>
901: To install, burn cd57.iso on a CD-R, put it in the CD drive of your
902: machine and select <i>Install System Software</i> from the System Maintenance
903: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
904: CD-ROM, and need a proper invocation from the PROM prompt.
905: Refer to the instructions in INSTALL.sgi for more details.
906:
907: <p>
908: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
909: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
910: system type. Refer to the instructions in INSTALL.sgi for more details.
911: </ul>
912:
913: <p>
914: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
915: <ul>
916: <p>
917: After connecting a serial port, boot over the network via DHCP/tftp.
918: Refer to the instructions in INSTALL.socppc for more details.
919: </ul>
920:
921: <p>
922: <h3><font color="#e00000">OpenBSD/sparc:</font></h3>
923: <ul>
924: Boot from one of the provided install ISO images, using one of the two
925: commands listed below, depending on the version of your ROM.
926:
927: <ul><pre>
928: ok <strong>boot cdrom 5.7/sparc/bsd.rd</strong>
929: or
930: > <strong>b sd(0,6,0)5.7/sparc/bsd.rd</strong>
931: </pre></ul>
932:
933: <p>
934: If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
935: To do so you need to write <i>floppy57.fs</i> to a floppy.
1.99 tj 936: For more information see <a href="faq/faq4.html#MkFlop">this page</a>.
1.1 deraadt 937: To boot from the floppy use one of the two commands listed below,
938: depending on the version of your ROM.
939:
940: <ul><pre>
941: ok <strong>boot floppy</strong>
942: or
943: > <strong>b fd()</strong>
944: </pre></ul>
945:
946: <p>
947: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
948: will most likely fail.
949:
950: <p>
951: If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
952: setup a bootable tape, or install via network, as told in the
953: INSTALL.sparc file.
954: </ul>
955:
956: <p>
957: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
958: <ul>
959: Boot over the network via mopbooting as described in INSTALL.vax.
960: </ul>
961:
962: <p>
963: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
964: <ul>
965: <p>
966: Using the Linux built-in graphical ipkg installer, install the
967: openbsd57_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
968: for a few important details.
969: </ul>
970:
1.15 rpe 971: <a name="upgrade"></a>
972: <hr>
973: <p>
974: <h3><font color="#0000e0">How to upgrade</font></h3>
975: <p>
976: If you already have an OpenBSD 5.6 system, and do not want to reinstall,
977: upgrade instructions and advice can be found in the
978: <a href="faq/upgrade57.html">Upgrade Guide</a>.
979:
980: <a name="sourcecode"></a>
981: <hr>
982: <p>
983: <h3><font color="#0000e0">Notes about the source code</font></h3>
1.1 deraadt 984: <p>
985: src.tar.gz contains a source archive starting at /usr/src. This file
986: contains everything you need except for the kernel sources, which are
987: in a separate archive. To extract:
988: <p>
989: <ul><pre>
990: # <strong>mkdir -p /usr/src</strong>
991: # <strong>cd /usr/src</strong>
992: # <strong>tar xvfz /tmp/src.tar.gz</strong>
993: </pre></ul>
994: <p>
995: sys.tar.gz contains a source archive starting at /usr/src/sys.
996: This file contains all the kernel sources you need to rebuild kernels.
997: To extract:
998: <p>
999: <ul><pre>
1000: # <strong>mkdir -p /usr/src/sys</strong>
1001: # <strong>cd /usr/src</strong>
1002: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
1003: </pre></ul>
1004: <p>
1005: Both of these trees are a regular CVS checkout. Using these trees it
1006: is possible to get a head-start on using the anoncvs servers as
1007: described <a href="anoncvs.html">here</a>.
1008: Using these files
1009: results in a much faster initial CVS update than you could expect from
1010: a fresh checkout of the full OpenBSD source tree.
1011: <p>
1012:
1013: <a name="ports"></a>
1014: <hr>
1015: <p>
1016: <h3><font color="#0000e0">Ports Tree</font></h3>
1017: <p>
1018: A ports tree archive is also provided. To extract:
1019: <p>
1020: <ul><pre>
1021: # <strong>cd /usr</strong>
1022: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
1023: </pre></ul>
1024: <p>
1.18 rpe 1025: Go read the <a href="faq/ports/index.html">ports</a> page
1.1 deraadt 1026: if you know nothing about ports
1027: at this point. This text is not a manual of how to use ports.
1028: Rather, it is a set of notes meant to kickstart the user on the
1029: OpenBSD ports system.
1030: <p>
1031: The <i>ports/</i> directory represents a CVS (see the manpage for
1.103 tb 1032: <a href="https://man.openbsd.org/?query=cvs&sektion=1&arch=i386">
1.1 deraadt 1033: cvs(1)</a> if
1034: you aren't familiar with CVS) checkout of our ports. As with our complete
1035: source tree, our ports tree is available via
1036: <a href="anoncvs.html">AnonCVS</a>.
1.104 tj 1037: So, in order to keep up to date with the -stable branch, you must make
1.12 rpe 1038: the <i>ports/</i> tree available on a read-write medium and update the tree
1039: with a command like:
1.1 deraadt 1040: <p>
1041: <ul><pre>
1042: # <strong>cd /usr/ports</strong>
1043: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_7</strong>
1044: </pre></ul>
1045: <p>
1046: [Of course, you must replace the server name here with a nearby anoncvs
1047: server.]
1048: <p>
1.16 rpe 1049: Note that most ports are available as packages on our mirrors. Updated
1.9 jca 1050: ports for the 5.7 release will be made available if problems arise.
1.1 deraadt 1051: <p>
1052: If you're interested in seeing a port added, would like to help out, or just
1053: would like to know more, the mailing list
1054: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1055: <p>
1056: </body>
1057: </html>