File: [local] / www / 57.html (download) (as text)
Revision 1.115, Sun Apr 9 07:14:45 2023 UTC (13 months ago) by jsg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.114: +1 -1 lines
fix double words
|
<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 5.7</title>
<meta name="description" content="OpenBSD 5.7">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/57.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
5.7
</h2>
<table>
<tr>
<td>
<a href="images/bluefish.jpg">
<img width="227" height="343" src="images/bluefish.jpg" alt="Bluefish"></a>
<td>
Released May 1, 2015<br>
Copyright 1997-2015, Theo de Raadt.<br>
<cite class=isbn>ISBN 978-0-9881561-5-9</cite>
<br>
5.7 Song: <a href="lyrics.html#57">"Source Fish"</a>
<br>
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/5.7/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata57.html">the 5.7 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus57.html">detailed log of changes</a> between the
5.6 and 5.7 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-57-base.pub:
<td>
RWSvUZXnw9gUb70PdeSNnpSmodCyIPJEGN1wWr+6Time1eP7KiWJ5eAM
<tr><td>
openbsd-57-fw.pub:
<td>
RWSuRBL44FVkb2QuvtlwOJmzS9UJtbKZd7GEYcol8HPXu4On/Ct1LoZr
<tr><td>
openbsd-57-pkg.pub:
<td>
RWTJ1iHLn/zcvJJSbxJIEU9ChlfAlU16XoLLxmxciliOFWfTLyOv0vQs
</td></tr>
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 5.7.
For a comprehensive list, see the <a href="plus57.html">changelog</a> leading
to 5.7.
<ul>
<li>Improved hardware support, including:
<ul>
<li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/xhci.4">xhci(4)</a> driver for USB 3.0 host controllers.
<li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/umcs.4">umcs(4)</a> driver for MosChip Semiconductor 78x0 USB multiport serial adapters.
<li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/i386/skgpio.4">skgpio(4)</a> driver for Soekris net6501 GPIO and LEDs.
<li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/uslhcom.4">uslhcom(4)</a> driver for Silicon Labs CP2110 USB HID based UART.
<li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/nep.4">nep(4)</a> driver for Sun Neptune 10Gb Ethernet devices.
<li>New <a href="https://man.openbsd.org/OpenBSD-current/man4/iwm.4">iwm(4)</a> driver for Intel 7260, 7265, and 3160 wifi cards.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/rtsx.4">rtsx(4)</a> driver now supports RTS5227 and RTL8411B card readers.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/bge.4">bge(4)</a> driver now supports jumbo frames on various additional BCM57xx chipsets.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ciss.4">ciss(4)</a> driver now supports HP Gen9 Smart Array/Smart HBA devices.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/mpi.4">mpi(4)</a> and <a href="https://man.openbsd.org/OpenBSD-current/man4/mfi.4">mfi(4)</a> drivers now have mpsafe interrupt handlers running without the big lock.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ppb.4">ppb(4)</a> driver now supports PCI bridges that support subtractive decoding (fixes PCMCIA behind the ATI SB400 PCI bridge), and devices with 64-bit BARs behind PCI-PCI bridges as seen on SPARC T5-2 systems.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/puc.4">puc(4)</a> driver now supports Winchiphead CH382 devices.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sdmmc.4">sdmmc(4)</a> driver now supports eMMC storage devices larger than 2GB.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sdhc.4">sdhc(4)</a> driver can properly resume on Ricoh controllers.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sdhc.4">sdhc(4)</a> driver now supports Ricoh R5U822 and R5U823 card readers.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/mfii.4">mfii(4)</a> driver now supports the Megaraid 3008 (Fury) and 3108 (Invader) cards.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/myx.4">myx(4)</a> driver runs less code under the big lock.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/msk.4">msk(4)</a> driver now supports Yukon Prime, Yukon Optima 2, Yukon 88E8079, and various EC U and Supreme chipsets.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/umass.4">umass(4)</a> driver now supports Archos 24y Vision devices.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/athn.4">athn(4)</a> driver now supports Atheros UB94 devices.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/azalia.4">azalia(4)</a> driver now supports Realtek ALC885 codecs and Bay Trail HD Audio devices.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ix.4">ix(4)</a> driver now supports onboard Ethernet devices in SPARC T5 machines.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/upd.4">upd(4)</a> driver now handles UPSes with broken report descriptors.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ums.4">ums(4)</a> driver now supports the USB Tablet device emulated by Qemu.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/umsm.4">umsm(4)</a> driver now supports MEDION S4222 devices.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/pciide.4">pciide(4)</a> driver now supports Intel C610 chipsets.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/ukbd.4">ukbd(4)</a> driver now supports "wellspring" Apple keyboards.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/pms.4">pms(4)</a> driver now supports click-and-drag with Elantech v4 touchpads.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/umodem.4">umodem(4)</a> driver now supports Arduino Leonardo devices.
<li>The <a href="https://man.openbsd.org/OpenBSD-current/man4/sk.4">sk(4)</a> driver now supports receive ring scaling.
<li>Replaced custom jumbo allocators in
<a href="https://man.openbsd.org/OpenBSD-current/man4/sk.4">sk(4)</a>,
<a href="https://man.openbsd.org/OpenBSD-current/man4/nge.4">nge(4)</a>,
<a href="https://man.openbsd.org/OpenBSD-current/man4/lge.4">lge(4)</a>, and
<a href="https://man.openbsd.org/OpenBSD-current/man4/ti.4">ti(4)</a> with
<a href="https://man.openbsd.org/OpenBSD-current/man9/MCLGETI.9">MCLGETI(9)</a>.
<li>Wireless network scanning problems with the <a href="https://man.openbsd.org/OpenBSD-current/man4/iwn.4">iwn(4)</a> driver have been fixed.
<li>Support for RS* IGP Radeon devices in the <a href="https://man.openbsd.org/OpenBSD-current/man4/radeondrm.4">radeondrm(4)</a> driver has been fixed.
<li>PowerMac7,2 and PowerMac7,3 can now boot with a multiprocessor kernel.
</ul>
<p>
<li>Removed hardware support:
<ul>
<li>The <a href="https://man.openbsd.org/OpenBSD-5.6/man4/lofn.4">lofn(4)</a> and <a href="https://man.openbsd.org/OpenBSD-5.6/man4/nofn.4">nofn(4)</a> drivers for Hifn crypto accelerator devices have been removed.
<li>The <a href="https://man.openbsd.org/OpenBSD-5.6/man4/art.4">art(4)</a> driver for Accoom Networks Artery T1/E1 devices has been removed.
<li>The <a href="https://man.openbsd.org/OpenBSD-5.6/man4/urio.4">urio(4)</a> driver for Diamond Multimedia Rio MP3 players has been removed.
</ul>
<p>
<li>Generic network stack improvements:
<ul>
<li>The routing table is now used for most of the address lookup operations superseding the RB-tree and IPv4 address list.
<li>The SipHash algorithm is now used for PCB hashing,
<a href="https://man.openbsd.org/OpenBSD-current/man4/trunk.4">trunk(4)</a> loadbalancing,
<a href="https://man.openbsd.org/OpenBSD-current/man4/pf.4">pf(4)</a> and
<a href="https://man.openbsd.org/OpenBSD-current/man4/bridge.4">bridge(4)</a>.
<li>Traffic destinated to link-local IPv6 addresses can now be seen with
<a href="https://man.openbsd.org/OpenBSD-current/man8/tcpdump.8">tcpdump(8)</a>.
<li>A <a href="https://man.openbsd.org/carp.4">carp(4)</a> now needs to be configured with an explicit <em>carpdev</em> parent interface.
<li>The
<a href="https://man.openbsd.org/OpenBSD-current/man9/mbuf.9">mbuf(9)</a>
layer has been made mpsafe.
<li>Introduce mbuf_list and mbuf_queue structures and APIs.
<li>Support changing the IPv6 input queue length via
<a href="https://man.openbsd.org/sysctl.1">sysctl(1)</a> and net.inet6.ip6.ifq.
</ul>
<p>
<li>Installer improvements:
<ul>
<li>The <code>etc</code> and <code>xetc</code> sets are now part of <code>base</code> and
<code>xbase</code> and are not distributed separately anymore. They are extracted
from <code>base</code> and <code>xbase</code> during installation and upgrades.<br>
<b>Note that this includes the <code>rc</code> and <code>rc.conf</code> files!</b>
<li>The installer now supports
<a href="https://man.openbsd.org/OpenBSD-current/man4/trunk.4">trunk(4)</a>
interfaces during upgrades.
<li>The discovery of the responsefile location for unattended installation and
upgrades has been extended to be more flexible.
<ul>
<li>Ask for the location if DHCP discovery fails for location or mode.
<li>Provide a default URL if the 'next-server' DHCP option is found.
<li>Use <code>/auto_install.conf</code> or <code>/auto_upgrade.conf</code> if present.
<li>Automatically start the installer in unattended mode if either one of these
files is present when the system boots.
</ul>
<li>Ignore hostname.if.* files when upgrading.
<li>Configure all physical interfaces before any dynamic interface types (e.g. trunks, vlans) when upgrading.
<li>
<a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> now zeros out GPT signatures found when writing out an MBR that has been re-initialized and has no EFI or EFISYS partition.
<li>Fixed manipulation of 'ro' and 'rw' fstab options to avoid damage to other options that happen to contain 'ro' or 'rw'.
<li>The ramdisk binary (one binary contains all the commands) is now compiled without optimization and security features. The benefit is a substantial saving in space, allowing more features in the future.
</ul>
<p>
<li>Routing daemons and other userland network improvements:
<ul>
<li>nginx has been removed from base – use the package if you need it.
<li>sliplogin has been removed.
<li>Sendmail has been removed from base – use the package if you need it.
<li>IPv6 router solicitations are now sent by the kernel ("inet6 autoconf"); rtsol(8) and rtsold(8) are no longer necessary and have been removed.
<li>Enhancements and bugfixes in <a href="https://man.openbsd.org/arp.8">arp(8)</a> and <a href="https://man.openbsd.org/ndp.8">ndp(8)</a>
<li>The effects of the AI_ADDRCONFIG flag on <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> results are limited to DNS queries. This avoids erratic behavior with transient network problems, "raw" addresses and localhost entries in <a href="https://man.openbsd.org/hosts.5">/etc/hosts</a>.
<li><a href="https://man.openbsd.org/gethostbyname.3">gethostbyname(3)</a> now no longer fails when more than 16 addresses/aliases are returned. The original pre-asr limit of 35 has been restored, with additional results being truncated.
<li><a href="https://man.openbsd.org/tftp.1">tftp(1)</a> now supports sending or receiving files larger than 65536 blocks in size.
<li><a href="https://man.openbsd.org/tpd&sec=8">ntpd(8)</a> now supports authenticated TLS constraints.
</ul>
<p>
<li>Security improvements:
<ul>
<li>Stricter enforcement of W^X in the kernel address space, especially on architectures with the right featureset (amd64, in particular, has seen substantial improvements).
<li>Support for loadable kernel modules has been removed.
<li>procfs has been removed.
<li>Comprehensive audit of the tree to use the <a href="https://man.openbsd.org/reallocarray.3">reallocarray(3)</a> idiom throughout.
<li>Many conversions from <a href="https://man.openbsd.org/select.2">select(2)</a> to <a href="https://man.openbsd.org/poll.2">poll(2)</a>.
<li>/var/tmp is now a symbolic link to /tmp, as a first step towards reducing the "fill it up" attack surface against the /var partition.
<li><a href="https://man.openbsd.org/memcpy.3">memcpy(3)</a> with overlapping arguments now aborts a program (with a syslog report), allowing these problems to be found. Overlapping copies should use <a href="https://man.openbsd.org/memmove.3">memmove(3)</a>. Sometime after 5.7 release, having learned more about the situation and repairing instances that are discovered by users during release use, we will go back to the optimized version.
<li>Change
<a href="https://man.openbsd.org/rand.3">rand(3)</a>,
<a href="https://man.openbsd.org/random.3">random(3)</a>,
<a href="https://man.openbsd.org/drand48.3">drand48(3)</a>,
<a href="https://man.openbsd.org/lrand48.3">lrand48(3)</a>,
<a href="https://man.openbsd.org/mrand48.3">mrand48(3)</a>,
<a href="https://man.openbsd.org/srand48.3">srand48(3)</a>
to return non-deterministic strong random values by default, sourced from
<a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>.
New functions
<a href="https://man.openbsd.org/srand_deterministic.3">srand_deterministic(3)</a>,
<a href="https://man.openbsd.org/srandom_deterministic.3">srandom_deterministic(3)</a>,
<a href="https://man.openbsd.org/seed48_deterministic.3">seed48_deterministic(3)</a> and
<a href="https://man.openbsd.org/lcong48_deterministic.3">lcong48_deterministic(3)</a>
are added for cases where determinism needs to be requested.
<li>At resume (or unhibernate) time, use a variety of methods to reseed the random number generator. This also works on VMs which wake up (if a wakeup event is seen).
<li>All architectures have been transitioned to static PIE, meaning the statically linked binaries in /bin and /sbin now have randomly located text segments.
<li>Allow larger .openbsd.randomdata ELF segments.
<li>Sync kernel AES code and <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> AES code to the one shipped with OpenSSL/LibreSSL.
<li>Removed <a href="https://man.openbsd.org/passwd.1">passwd(1)</a> support for all password ciphers except <a href="https://man.openbsd.org/blowfish.3">blowfish(3)</a>.
<li>Use sha512 instead of md5 for <a href="https://man.openbsd.org/tcp.4">tcp(4)</a> initial sequence number.
<li>Use sha512 instead of md5 in the random number generator.
<li>Delete secret or secret-derived data in many base utilities with <a href="https://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a>.
</ul>
<p>
<li>Assorted improvements:
<ul>
<li>New <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a> utility to control daemons.
<li><a href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> has been rewritten to be faster and smarter.
<li>Cleanup <a href="https://man.openbsd.org/event.3">libevent(3)</a>,
the compatibility layer for other operating systems has been removed.
The API is still compatible with upstream libevent 1.4.15-stable.
<li><a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
s_client now supports a -proxy parameter for connecting over an HTTP proxy.
<li>gzsig has been removed.
<li>Switch to fast assembly versions of some libc functions on amd64.
<li>Frequency scaling has been moved from <a href="https://man.openbsd.org/apmd.1">apmd(8)</a> to the kernel with an improved algorithm.
<li>Switch last workq API uses to
<a href="https://man.openbsd.org/taskq_create.9">taskq</a> API and remove all traces of workq.
<li>Use
<a href="https://man.openbsd.org/services.5">services(5)</a> names in the default pf rules in force during startup.
<li>
<a href="https://man.openbsd.org/what.1">what(1)</a> now correctly displays $OpenBSD$ expansions.
<li>
<a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> now removes addresses from its pf table a single time when they expire, rather than at every timeout after the expiry.
<li>
<a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> now ensures that the pf table process exits when the main process does.
<li>
<a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> has more informative log entries for DHCPACKs issued in response to DHCPINFORM messages.
<li>Added POSIX types blkcnt_t (int64) and blksize_t (int32), and used them for st_blocks (formerly int64_t) and st_blksize (formerly u_int32_t) in struct stat.
<li>Improved typography for
<a href="https://man.openbsd.org/banner.6">banner(6)</a>.
<li>Allow <a href="https://man.openbsd.org/hangman.6">hangman</a>
to play against any ELF file.
<li>
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> adjusts MTU when the interface-mtu DHCP option is provided.
<li>Various memory leaks in
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> plugged, providing more stability for long running (in terms of time or renewals) instances.
<li>The
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
command line options -q (quiet) and -d (don't daemonize) are now mutually exclusive.
<li>The communication between the privileged and unprivileged
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> processes was reworked to further minimize information sharing.
<li>
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> ensures lease timeouts (renew, rebind, expire) are sane and uses default values closer to RFC suggestions.
<li>
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> no longer crashes when a lease expires and cannot be renewed or replaced.
<li>
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> improved tracking network interface link states.
<li>Improved network error tracking and accounting in
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li>Private number conversion functions in
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> eliminated in favour of standard library functions.
<li>Further signal race cleanups in
<a href="https://man.openbsd.org/ftp.1">ftp(1)</a>.
<li>BIND has been retired, encouraging use of
<a href="https://man.openbsd.org/nsd.8">nsd(8)</a> and
<a href="https://man.openbsd.org/unbound.8">unbound(8)</a>.
<li>Significant namespace cleanup in the /usr/include files, especially related to <sys/param.h> and <limits.h>.
<li><a href="https://man.openbsd.org/softraid.4">softraid(4)</a> RAID1 and CRYPTO volumes are now bootable on the sparc64 platform.
<li><a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now uses "TLS" rather than "SSL" terminology to reflect the deprecation of the latter.
<li><a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now supports the random and source-hash modes with redirections.
<li><a href="https://man.openbsd.org/relayd.8">relayd(8)</a> now supports the <a href="https://cvsweb.openbsd.org/src/share/snmp/OPENBSD-RELAYD-MIB.txt?rev=1.1">OPENBSD-RELAYD-MIB</a> via agentx with <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
<li>Added interfaces for setting the close-on-exec flag and/or non-blocking mode on new file descriptors: <a href="https://man.openbsd.org/pipe2.2">pipe2(2)</a>, <a href="https://man.openbsd.org/dup3.2">dup3(2)</a>, <a href="https://man.openbsd.org/accept4.2">accept4(2)</a>, <a href="https://man.openbsd.org/mkostemp.3">mkostemp(3)</a>, <a href="https://man.openbsd.org/mkostemps.3">mkostemps(3)</a>, the <code>SOCK_CLOEXEC</code> and <code>SOCK_NONBLOCK</code> flags for <a href="https://man.openbsd.org/socket.2">socket(2)</a> and <a href="https://man.openbsd.org/socketpair.2">socketpair(2)</a>, and the <code>MSG_CMSG_CLOEXEC</code> flag for <a href="https://man.openbsd.org/recvmsg.2">recvmsg(2)</a>. In addition, <a href="https://man.openbsd.org/posix_spawn_file_actions_adddup2.3">posix_spawn_file_actions_adddup2(3)</a> now always clears the close-on-exec flag.
<li>Added interfaces for setting the close-on-exec flag on new FILE handles and for requesting exclusive creation via the 'e' and 'x' mode letters for <a href="https://man.openbsd.org/fopen.3">fopen(3)</a>, <a href="https://man.openbsd.org/fdopen.3">fdopen(3)</a>, <a href="https://man.openbsd.org/freopen.3">freopen(3)</a>, and <a href="https://man.openbsd.org/popen.3">popen(3)</a>.
<li>Many library functions and programs changed to use the above for safety or simplicity.
<li>Added <a href="https://man.openbsd.org/chflagsat.2">chflagsat(2)</a>, <a href="https://man.openbsd.org/sockatmark.3">sockatmark(3)</a>, and <a href="https://man.openbsd.org/stravis.3">stravis(3)</a>.
<li>Merged performance and safety fixes for <a href="https://man.openbsd.org/fts.3">fts(3)</a> from FreeBSD.
<li>Merged fixes for file descriptor leaks in various <a href="https://man.openbsd.org/rpc.3">rpc(3)</a> functions from NetBSD.
<li>Added a <code>kern.global_ptrace</code> <a href="https://man.openbsd.org/sysctl.1">sysctl(1)</a> to disable, by default, the ability to <a href="https://man.openbsd.org/ptrace.2">ptrace(2)</a> processes that aren't your descendent.
<li><a href="https://man.openbsd.org/kdump.1">kdump(1)</a> now always displays both the numeric and the textual forms for users, groups, timestamps, and sysctl ids, eliminating the <code>-r</code> option. It also auto-selects between decimal and hex format for arguments, renders more types of flags, and is more robust when parsing corrupt ktrace files.
<li><a href="https://man.openbsd.org/chmod.1">chmod(1)</a>/<a href="https://man.openbsd.org/chgrp.1">chgrp(1)</a>/<a href="https://man.openbsd.org/chown.8">chown(8)</a> now comply with POSIX's requirements when they encounter symlinks when the <code>-R</code> option is used, and are safe from race conditions when doing so.
<li>The <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> utility can now display the console message buffer in addition to the system message buffer.
<li><a href="https://man.openbsd.org/inetd.8">inetd(8)</a> now uses libevent instead of
<a href="https://man.openbsd.org/select.3">select(3)</a>.
<li>Reworking of the kernel
<a href="https://man.openbsd.org/OpenBSD-current/man9/pool.9">pool(9)</a>
implementation to provide mpsafety and pave the way for performance improvements.
<li>Removed the
<a href="https://man.openbsd.org/OpenBSD-5.6/man9/workq_add_task.9">workq API</a>
after replacing it with the
<a href="https://man.openbsd.org/OpenBSD-current/man9/task_add.9">task API</a>.
<li>Add support for creating kernel threads that cannot sleep to
<a href="https://man.openbsd.org/OpenBSD-5.6/man9/taskq_create.9">taskq_create(9)</a>.
<li>Completed the implementation of the atomic (eg,
<a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_cas_uint.9">atomic_cas_uint(9)</a>,
<a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_swap_uint.9">atomic_swap_uint(9)</a>,
<a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_add_int.9">atomic_add_int(9)</a>,
<a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_sub_int.9">atomic_sub_int(9)</a>,
<a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_inc_int.9">atomic_inc_int(9)</a>, and
<a href="https://man.openbsd.org/OpenBSD-current/man9/atomic_dec_int.9">atomic_dec_int(9)</a>)
and membar
(<a href="https://man.openbsd.org/OpenBSD-current/man9/membar_sync.9">membar_sync(9)</a>)
APIs across all supported architectures.
</ul>
<p>
<li>OpenBSD <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>:
<ul>
<li>SSLv2/3 is not supported anymore; renamed all occurrences of "SSL" to "TLS".
<li>Various TLS improvements with better support for ECDHE/DHE forward secrecy.
<li>Improved support for virtual hosts by supporting name- and IP- based aliases.
<li>Added support for basic authentication by checking against files created with <a href="https://man.openbsd.org/htpasswd.1">htpasswd(1)</a>.
<li>Added support for custom error codes, blocking and dropping of connections.
<li>Added support for redirections and macros in specified target URLs.
<li>Added the "root strip" option to sanitize PATH_INFO for some CGI scripts.
<li>Added an option to specify an alternative log directory instead of /var/www/logs.
<li>Various FastCGI improvements; <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> is now compatible with many well-known web applications.
<li>Various other fixes and improvements.
</ul>
<p>
<li>OpenSMTPD 5.4.4:
<ul>
<li>SSLv3 is not supported anymore.
<li>Added support for a new message and headers parser.
<li>Added support for append-domain.
<li>Restricted address lookups to configured address families.
<li>Domain is no longer required when mailing a local user.
<li>Various other fixes and improvements.
</ul>
<p>
<li>OpenSSH 6.8
<ul>
<li>Potentially-incompatible changes:
<ul>
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
<code>UseDNS</code> now defaults to 'no'. Configurations that match
against the client host name (via
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>
or <code>authorized_keys</code>) may need to re-enable it or convert to
matching against addresses.
</ul>
<li>New/changed features:
<ul>
<li>Much of OpenSSH's internal code has been re-factored to be more
library-like. These changes are mostly not user-visible, but
have greatly improved OpenSSH's testability and internal layout.
<li>Add <code>FingerprintHash</code> option to
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
and
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>,
and equivalent command-line flags to the other tools to control
algorithm used for key fingerprints. The default changes from MD5
to SHA256 and format from hex to base64. Fingerprints now have the
hash algorithm prepended. Please note that visual host keys will also
be different.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
Experimental host key rotation support. Add a protocol extension
for a server to inform a client of all its available host keys after
authentication has completed. The client may record the keys in
<code>known_hosts</code>, allowing it to upgrade to better host key
algorithms and a server to gracefully rotate its keys. The client
side of this is controlled by a <code>UpdateHostkeys</code> config option
(default off).
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Add a
<a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
<code>HostbasedKeyType</code> option to control which host public key types
are tried during host-based authentication.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
fix connection-killing host key mismatch errors when
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>
offers multiple ECDSA keys of different lengths.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
when host name canonicalisation is enabled, try to parse host names
as addresses before looking them up for canonicalisation. Fixes
bz#2074 and avoiding needless DNS lookups in some cases.
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>,
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
<i>Key Revocation Lists</i> (KRLs) no longer require OpenSSH to be
compiled with OpenSSL support.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
<a href="https://man.openbsd.org/ssh-keysign.8">ssh-keysign(8)</a>:
Make ed25519 keys work for host based authentication.
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
SSH protocol v.1 workaround for the Meyer, et al., <i>Bleichenbacher
Side Channel Attack</i>. Fake up a bignum key before RSA decryption.
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
Remember which public keys have been used for authentication and
refuse to accept previously-used keys. This allows
<code>AuthenticationMethods=publickey,publickey</code> to require that
users authenticate using two <i>different</i> public keys.
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
add
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>
<code>HostbasedAcceptedKeyTypes</code> and <code>PubkeyAcceptedKeyTypes</code>
options to allow
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>
to control what public key types will be accepted. Currently defaults
to all.
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
Don't count partial authentication success as a failure against
<code>MaxAuthTries</code>.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Add <code>RevokedHostKeys</code> option for the client to allow text-file
or KRL-based revocation of host keys.
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>,
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>:
Permit KRLs that revoke certificates by serial number or key ID without
scoping to a particular CA.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Add a "Match canonical" criteria that allows
<a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
<code>Match</code> blocks to trigger only in the second config pass.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Add a <code>-G</code> option to
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
that causes it to parse its configuration and dump the result to
stdout, similar to "<code>sshd -T</code>".
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Allow <code>Match</code> criteria to be negated
(e.g. "<code>Match !host</code>").
<li>The regression test suite has been extended to cover more OpenSSH
features. The unit tests have been expanded and now cover key
exchange.
</ul>
<li>The following significant bugs have been fixed in this release:
<ul>
<li><a href="https://man.openbsd.org/ssh-keyscan.1">ssh-keyscan(1)</a>:
<a href="https://man.openbsd.org/ssh-keyscan.1">ssh-keyscan(1)</a>
has been made much more robust again servers that hang or violate
the SSH protocol.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
<a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
Fix regression bz#2306: Key path names were being lost as comment
fields.
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Allow
<a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
<code>Port</code> options set in the second config parse phase to be
applied (they were being ignored). (bz#2286)
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Tweak config re-parsing with host canonicalisation—make the
second pass through the config files always run when host name
canonicalisation is enabled (and not whenever the host name changes).
(bz#2267)
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>:
Fix passing of wildcard forward bind addresses when connection
multiplexing is in use. (bz#2324)
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
Fix broken private key conversion from non-OpenSSH formats. (bz#2345)
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
Fix KRL generation bug when multiple CAs are in use.
<li>Various fixes to manual pages. (bz#2273, bz#2288 and bz#2316)
</ul>
</ul>
<p>
<li>LibreSSL
<ul>
<li>User-visible features:
<ul>
<li>Reluctantly add server-side support for <code>TLS_FALLBACK_SCSV</code>.
<li>Import <i>BoringSSL</i>'s crypto bytestring and crypto bytebuilder
APIs.
<li>Jettison DTLS over SCTP.
<li>Move
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
from <code>/usr/sbin/openssl</code> to <code>/usr/bin/openssl</code>.
<li>Two important cipher suites, GOST and Camellia, have been reworked
or reenabled, providing better interoperability with systems around
the world.
<li>libtls: New API for loading CA chains directly from memory instead
of a file, allowing verification with privilege separation in a
<a href="https://man.openbsd.org/chroot.8">chroot(8)</a>
without direct access to CA certificate files.
<li>libtls: Ciphers default to TLSv1.2 with AEAD and PFS.
<li>libtls: Improved error handling and message generation.
<li>Added <code>X509_STORE_load_mem</code> API for loading certificates from
memory. This facilitates accessing certificates from a chrooted
environment.
<li>New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
using 'TLSv1.2+AEAD' as the cipher selection string.
<li>New
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
command '<code>certhash</code>' replaces the <code>c_rehash</code> script.
<li><i>Application-Layer Protocol Negotiation</i> (ALPN) support.
</ul>
<li>Code improvements:
<ul>
<li>Dead and disabled code removal including MD5, Netscape workarounds,
non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more.
<li>The ASN1 macros are expanded to aid readability and maintainability.
<li>Various NULL pointer asserts removed in favor of letting the
OS/signal handler catch them.
<li>Dozens of issues found with the <i>Coverity scanner</i> fixed.
</ul>
<li>Security updates:
<ul>
<li>Fix a Bleichenbacher style timing oracle with bad PKCS padding.
<li>Fix memory leaks.
<li>Address POODLE attack by disabling SSLv3 by default.
<li>SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
<li>Earlier libtls support for non-blocking sockets and randomized
session ID contexts.
<li>Ensure the stack is marked non-executable for assembly sections.
<li>Multiple CVEs fixed including CVE-2014-3506, CVE-2014-3507,
CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511,
CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205
and CVE-2015-0206.
</ul>
</ul>
<p>
<li>mandoc 1.13.3:
<ul>
<li><a href="https://man.openbsd.org/man.1">man(1)</a>,
<a href="https://man.openbsd.org/apropos.1">apropos(1)</a>, and
<a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
now have a unified user interface, all with the same options,
and are in fact all implemented by the same binary program.
<li>For <a href="https://man.openbsd.org/man.1">man(1)</a>,
this implies new options -l and -IKOTW,
and it now finds manual pages by the names in their NAME sections
even if they lack matching file names.
<li>For <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>,
this implies new options -acfhklw and -IKOTW.
<li>For <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>,
this implies new options -acfhkl.
<li><a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
now automatically detects and transparently accepts input encoded
in utf-8 and iso-8859-1, and provides a new option -K to explicitly
specify the input encoding.
<li>The <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
default output mode now is -Tlocale rather than -Tascii.
<li><a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
now supports in-line equations,
and terminal rendering of equations is considerably improved.
<li><a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> -Thtml
now generates polyglot HTML5 and renders
<a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
using MathML.
<li><a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
can no longer fail with fatal errors, no matter how broken the input
file may be, and the -Wfatal message level no longer has any effect.
A new diagnostic level -Wunsupp is provided. Besides, many
diagnostic messages are now more specific.
<li>Many crashes were fixed that Jonathan Gray found with the
American Fuzzy Lop (afl).
</ul>
<p>
<li>Syslogd:
<ul>
<li>OpenBSD <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
is based on
<a href="https://man.openbsd.org/event.3">libevent</a>
now.
<li>Sending and receiving UDP messages works with both IPv4 and IPv6.
<li>Syslog messages can also be sent over TCP or TLS.
The syntax to specify the loghost is documented in
<a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a>.
<li>Sending over TCP and TLS is reliable.
If a connection terminates, syslogd tries to reconnect.
When the message buffer in memory gets full, the number of dropped
messages is counted and logged.
<li>With TLS, the X.509 certificate of the syslog server is verified.
<li>The maximum message size has been increased according to newer RFC.
</ul>
<p>
<li>Ports and packages:
<ul>
<li>Over 9,000 ports.
</ul>
<p>
<li>Many pre-built packages for each architecture:
<ul style="column-count: 4">
<li>i386: 8722
<li>sparc64: 8184
<li>alpha: 6811
<li>sh: 0
<li>amd64: 8745
<li>powerpc: 8286
<li>m88k: 1148
<li>sparc: 4026
<li>arm: 0
<li>hppa: 6718
<li>vax: 1550
<li>mips64: 1595
<li>mips64el: 6914
</ul>
<p>
<li>Some highlights:
<ul style="column-count: 2">
<li>Chromium 40.0.2214.115
<li>Emacs 21.4 and 24.4
<li>GCC 4.8.4 and 4.9.2
<li>GHC 7.8.4
<li>GNOME 3.14.2
<li>Go 1.4.1
<li>Groff 1.22.3
<li>JDK 1.7.0.71
<li>KDE 3.5.10 and 4.14.3
<li>LLVM/Clang 3.5 (20140228)
<li>LibreOffice 4.3.5.2
<li>MariaDB 10.0.16
<li>Mono 3.12.0
<li>Mozilla Firefox 31.4.0esr and 35.0.1
<li>Mozilla Thunderbird 31.4.0
<li>Node.js 0.10.35
<li>OpenLDAP 2.3.43 and 2.4.40
<li>PHP 5.3.29, 5.4.38, 5.5.22 and 5.6.5
<li>Postfix 2.11.4
<li>PostgreSQL 9.4.1
<li>Python 2.7.9 and 3.4.2
<li>R 3.1.2
<li>Ruby 1.8.7.374, 1.9.3.551, 2.0.0.598, 2.1.5, and 2.2.0
<li>Sendmail 8.15.1
<li>Tcl/Tk 8.5.16 and 8.6.2
<li>TeX Live 2013
<li>Vim 7.4.475
<li>Xfce 4.10
</ul>
<p>
<li>As usual, steady improvements in manual pages and other documentation.
<p>
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 1.16.4 + patches,
freetype 2.5.5, fontconfig 2.11.1, Mesa 10.2.9, xterm 314,
xkeyboard-config 2.13 and more)
<li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.20.1 (+ patches)
<li>SQLite 3.8.6 (+ patches)
<li>NSD 4.1.1
<li>Unbound 1.5.2
<li>Sudo 1.7.2p8
<li>Ncurses 5.7
<li>Binutils 2.15 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Less 458 (+ patches)
<li>Awk Aug 10, 2011 version
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an HTTP (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.
<p>
<hr>
Please refer to the following files on the three CDROMs or mirror site for
extensive details on how to install OpenBSD 5.7 on your machine:
<p>
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/alpha/INSTALL.alpha">
.../OpenBSD/5.7/alpha/INSTALL.alpha (on CD1)</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/i386/INSTALL.i386">
.../OpenBSD/5.7/i386/INSTALL.i386 (on CD1)</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/hppa/INSTALL.hppa">
.../OpenBSD/5.7/hppa/INSTALL.hppa (on CD1)</a>
<p>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/amd64/INSTALL.amd64">
.../OpenBSD/5.7/amd64/INSTALL.amd64 (on CD2)</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/macppc/INSTALL.macppc">
.../OpenBSD/5.7/macppc/INSTALL.macppc (on CD2)</a>
<p>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sparc64/INSTALL.sparc64">
.../OpenBSD/5.7/sparc64/INSTALL.sparc64 (on CD3)</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sparc/INSTALL.sparc">
.../OpenBSD/5.7/sparc/INSTALL.sparc (on CD3)</a>
<p>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/alpha/INSTALL.alpha">
.../OpenBSD/5.7/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/armish/INSTALL.armish">
.../OpenBSD/5.7/armish/INSTALL.armish</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/aviion/INSTALL.aviion">
.../OpenBSD/5.7/aviion/INSTALL.aviion</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/hppa/INSTALL.hppa">
.../OpenBSD/5.7/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/landisk/INSTALL.landisk">
.../OpenBSD/5.7/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/loongson/INSTALL.loongson">
.../OpenBSD/5.7/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/luna88k/INSTALL.luna88k">
.../OpenBSD/5.7/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/macppc/INSTALL.macppc">
.../OpenBSD/5.7/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/octeon/INSTALL.octeon">
.../OpenBSD/5.7/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sgi/INSTALL.sgi">
.../OpenBSD/5.7/sgi/INSTALL.sgi</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/socppc/INSTALL.socppc">
.../OpenBSD/5.7/socppc/INSTALL.socppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/sparc/INSTALL.sparc">
.../OpenBSD/5.7/sparc/INSTALL.sparc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/vax/INSTALL.vax">
.../OpenBSD/5.7/vax/INSTALL.vax</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/5.7/zaurus/INSTALL.zaurus">
.../OpenBSD/5.7/zaurus/INSTALL.zaurus</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the
use of the "disklabel -E" command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!
<h3>OpenBSD/i386:</h3>
<p>
The OpenBSD/i386 release is on CD1.
Boot from the CD to begin the install - you may need to adjust
your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install57.fs</i> or
<i>miniroot57.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/amd64:</h3>
<p>
The OpenBSD/amd64 release is on CD2.
Boot from the CD to begin the install - you may need to adjust
your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install57.fs</i> or
<i>miniroot57.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/5.7/macppc/bsd.rd</i>
<h3>OpenBSD/sparc64:</h3>
<p>
<b>
<a href="errata57.html#001_sparc64_miniroot">5.7 Errata 001</a>:
Unfortunately, 5.7 cannot boot from CDROM on some machines due
a bootloader bug.
</b>
<p>
Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>CD3:5.7/sparc64/floppy57.fs</i> or <i>CD3:5.7/sparc64/floppyB57.fs</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>CD3:5.7/sparc64/miniroot57.fs</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
<h3>OpenBSD/alpha:</h3>
<p>
Write <i>5.7/alpha/floppy57.fs</i> or
<i>5.7/alpha/floppyB57.fs</i> (depending on your machine) to a diskette and
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<h3>OpenBSD/armish:</h3>
<p>
After connecting a serial port, Thecus can boot directly from the network
either tftp or http. Configure the network using fconfig, reset,
then load bsd.rd, see INSTALL.armish for specific details.
IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
More details are available in INSTALL.armish.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot57.fs</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot57.fs</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and the bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/sgi:</h3>
<p>
To install, burn cd57.iso on a CD-R, put it in the CD drive of your
machine and select <i>Install System Software</i> from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
<p>
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
<h3>OpenBSD/socppc:</h3>
<p>
After connecting a serial port, boot over the network via DHCP/tftp.
Refer to the instructions in INSTALL.socppc for more details.
<h3>OpenBSD/sparc:</h3>
<p>
Boot from one of the provided install ISO images, using one of the two
commands listed below, depending on the version of your ROM.
<blockquote><pre>
ok <kbd>boot cdrom 5.7/sparc/bsd.rd</kbd>
or
> <kbd>b sd(0,6,0)5.7/sparc/bsd.rd</kbd>
</pre></blockquote>
<p>
If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
To do so you need to write <i>floppy57.fs</i> to a floppy.
For more information see <a href="faq/faq4.html#MkFlop">this page</a>.
To boot from the floppy use one of the two commands listed below,
depending on the version of your ROM.
<blockquote><pre>
ok <kbd>boot floppy</kbd>
or
> <kbd>b fd()</kbd>
</pre></blockquote>
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
setup a bootable tape, or install via network, as told in the
INSTALL.sparc file.
<h3>OpenBSD/vax:</h3>
<p>
Boot over the network via mopbooting as described in INSTALL.vax.
<h3>OpenBSD/zaurus:</h3>
<p>
Using the Linux built-in graphical ipkg installer, install the
openbsd57_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
for a few important details.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 5.6 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade57.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS (see the manpage for
<a href="https://man.openbsd.org/cvs.1">cvs(1)</a> if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_7</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 5.7 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
![[BACK]](/icons/back.gif){kind=icon}
Return to 57.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www