Annotation of www/59.html, Revision 1.17
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.9</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 5.9">
7: <meta name="copyright" content="This document copyright 2015 by OpenBSD.">
8: <link rel="canonical" href="http://www.openbsd.org/59.html">
9: </head>
10:
11: <body bgcolor="#ffffff" text="#000000" link="#24248E">
12:
13: <a href="index.html">
14: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
15: <p>
16:
17: <a href="images/XXX.jpg">
18: <img align="left" width="227" height="343" hspace="24" vspace="10" src="images/XXX.jpg"></a>
19: <h2><font color="#0000e0">OpenBSD 5.9</font></h2>
20: <p>
1.11 tedu 21: To be released May 1, 2016<br>
1.1 deraadt 22: Copyright 1997-2016, Theo de Raadt.<br>
23: <font color="#e00000">ISBN 978-0-9881561-7-3</font>
24: <br>
25: 5.9 Songs: <a href="lyrics.html#59a">"xxx"</a>,
26: <a href="lyrics.html#59b">"xxx"</a>
27: <ul>
28: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
29: <li>See the information on <a href="ftp.html">the FTP page</a> for
30: a list of mirror machines.
31: <li>Go to the <font color="#e00000">pub/OpenBSD/5.9/</font> directory on
32: one of the mirror sites.
33: <li>Have a look at <a href="errata59.html">the 5.9 errata page</a> for a list
34: of bugs and workarounds.
35: <li>See a <a href="plus59.html">detailed log of changes</a> between the
36: 5.8 and 5.9 releases.
37: <p>
38: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br>
39: <pre>
1.4 jsg 40: base: RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVn
41: fw: RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1
42: pkg: RWSLRYDCTJeWLIScncqwGuXK6JVXDcIyRT0q+0m30MXXG4W2xWS4NZBP
1.1 deraadt 43: </pre>
44: </ul>
45: <br clear=all>
46: All applicable copyrights and credits can be found in the applicable
47: file sources found in the files src.tar.gz, sys.tar.gz,
48: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
49: distribution files used to build packages from the ports.tar.gz file
50: are not included on the CDROM because of lack of space.
51: <p>
52:
53: <a name="new"></a>
54: <hr>
55: <p>
56: <h3><font color="#0000e0">What's New</font></h3>
57: <p>
58: This is a partial list of new features and systems included in OpenBSD 5.9.
59: For a comprehensive list, see the <a href="plus59.html">changelog</a> leading
60: to 5.9.
61: <p>
62:
63: <ul>
64: <li>Improved hardware support, including:
65: <ul>
66: <li>...
67: </ul>
68: <p>
69:
70: <li>Removed hardware support:
71: <ul>
72: <li>...
73: </ul>
74: <p>
75:
76: <li>Generic network stack improvements:
77: <ul>
1.9 tedu 78: <li>Remove support for obsolete IPv6 socket options
1.1 deraadt 79: <li>...
80: </ul>
81: <p>
82:
83: <li>Installer improvements:
84: <ul>
85: <li>...
86: </ul>
87: <p>
88:
89: <li>Routing daemons and other userland network improvements:
90: <ul>
91: <li>...
92: </ul>
93: <p>
94:
95: <li>Security improvements:
96: <ul>
97: <li>...
1.10 tedu 98: <li>Support for looking up hosts via YP has been removed from libc.
99: The 'yp' lookup method in
100: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5">resolv.conf</a>
101: is no longer available.
102: <li>Support for the HOSTALIASES environment variable has been removed from libc.
1.1 deraadt 103: </ul>
104: <p>
105:
106: <li>Assorted improvements:
107: <ul>
1.9 tedu 108: <li>doas is a little friendlier to use
109: <li>Updated flex
110: <li>Updated and improved less
1.1 deraadt 111: <li>...
112: </ul>
113: <p>
114:
115: <li>OpenBSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>:
116: <ul>
117: <li>...
118: </ul>
119: <p>
120:
121: <li>OpenSMTPD
122: <ul>
123: <li>...
124: </ul>
125: <p>
126:
1.3 jsg 127: <li>OpenSSH 7.1
1.1 deraadt 128: <ul>
129: <li>Security:
130: <ul>
1.16 sobrado 131: <li>Qualys Security identified vulnerabilities in the
132: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
133: client experimential support for resuming SSH-connections (roaming).
134: In the default configuration, this could potentially leak client keys
135: to a hostile server. The authentication of the server host key
136: prevents exploitation by a man-in-the-middle, so this information leak
137: is restricted to connections to malicious or compromised servers.
138: This feature has been disabled in the
139: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
140: client, and it has been removed from the source tree. The matching
141: server code has never been shipped.
142: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
143: OpenSSH 7.0 contained a logic error in
144: <tt>PermitRootLogin=prohibit-password/without-password</tt> that could,
145: depending on compile-time configuration, permit password authentication
146: to root while preventing other forms of authentication.
147: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
148: <li>Eliminate the fallback from untrusted X11-forwarding to trusted
149: forwarding for cases when the X server disables the <tt>SECURITY</tt>
150: extension.
151: <li>Fix an out of-bound read access in the packet handling code.
152: <li>Further use of explicit_bzero has been added in various buffer
153: handling code paths to guard against compilers aggressively doing
154: dead-store removal.
1.1 deraadt 155: </ul>
156: <li>The following significant bugs have been fixed in this release:
157: <ul>
1.16 sobrado 158: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
159: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
160: add compatability workarounds for FuTTY.
161: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
162: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
163: refine compatability workarounds for WinSCP.
164: <li>Fix a number of memory faults (double-free, free of uninitialised
165: memory, etc) in
166: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
167: and
168: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>.
169: <li>Correctly interpret the 'first_kex_follows' option during the intial
170: key exchange.
1.1 deraadt 171: </ul>
172: </ul>
173: <p>
1.17 ! sobrado 174: <li>LibreSSL 2.3.2
1.1 deraadt 175: <ul>
176: <li>User-visible features:
177: <ul>
1.17 ! sobrado 178: <li>This release corrects the handling of <tt>ClientHello</tt> messages
! 179: that do not include TLS extensions, resulting in such handshakes being
! 180: aborted.
! 181: <li>When loading a DSA key from an raw (without DH parameters) ASN.1
! 182: serialization, perform some consistency checks on its `p' and `q'
! 183: values, and return an error if the checks failed.
! 184: <li>Fixed a bug in <tt>ECDH_compute_key</tt> that can lead to silent
! 185: truncation of the result key without error. A coding error could cause
! 186: software to use much shorter keys than intended.
! 187: <li>Removed support for <tt>DTLS_BAD_VER</tt>. Pre-DTLSv1 implementations
! 188: are no longer supported.
! 189: <li>The engine command and parameters are removed from
! 190: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>.
! 191: Previous releases removed dynamic and builtin engine support already.
! 192: <li>SHA-0 is removed, which was withdrawn shortly after publication
! 193: twenty years ago.
! 194: <li>Added <tt>Certplus CA</tt> root certificate to the default
! 195: <tt>cert.pem</tt> file.
! 196: <li>Fixed a leak in <tt>SSL_new</tt> in the error path.
! 197: <li>Fixed a memory leak and out-of-bounds access in <tt>OBJ_obj2txt</tt>.
! 198: <li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
! 199: <tt>sizeof(RC4_CHUNK)</tt>.
! 200: <li>Added <tt>EVP_aead_chacha20_poly1305_ietf()</tt> which matches the
! 201: AEAD construction introduced in RFC 7539, which is different than that
! 202: already used in TLS with <tt>EVP_aead_chacha20_poly1305()</tt>.
! 203: <li>More man pages converted from pod to mdoc format.
! 204: <li>Added <tt>COMODO RSA Certification Authority</tt> and
! 205: <tt>QuoVadis</tt> root certificates to <tt>cert.pem</tt>.
! 206: <li>Removed Remhve "<tt>C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
! 207: Certification Authority</tt>"
! 208: (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
! 209: root certificate from <tt>cert.pem</tt>.
! 210: <li>Fixed incorrect TLS certificate loading by
! 211: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.
! 212: <li>The following CVEs had been fixed:
! 213: <ul>
! 214: <li><tt>CVE-2015-3194</tt>—NULL pointer dereference in client
! 215: side certificate validation.
! 216: <li><tt>CVE-2015-3195</tt>—memory leak in PKCS7, not reachable
! 217: from TLS/SSL.
! 218: </ul>
! 219: <li>Note: The following OpenSSL CVEs did not apply to LibreSSL:
! 220: <ul>
! 221: <li><tt>CVE-2015-3193</tt>—carry propagating bug in the x86_64
! 222: Montgomery squaring procedure.
! 223: <li><tt>CVE-2015-3196</tt>—double free race condition of the
! 224: identify hint data.
! 225: </ul>
1.1 deraadt 226: </ul>
227: <li>Code improvements:
228: <ul>
1.17 ! sobrado 229: <li>Added install target for <tt>cmake</tt> builds.
! 230: <li>Updated <tt>pkgconfig</tt> files to correctly report the release
! 231: version number, not the individual library ABI version numbers.
! 232: <li>SSLv3 is now permanently removed from the tree.
! 233: <li>The <tt>libtls</tt> API is changed from the 2.2.x series:
! 234: <ul>
! 235: <li>The tls_read/write functions now work better with external event
! 236: libraries.
! 237: <li>Client-side verification is now supported, with the client
! 238: supplying the certificate to the server.
! 239: <li>Also, when using <tt>tls_connect_fds</tt>,
! 240: <tt>tls_connect_socket</tt> or <tt>tls_accept_fds</tt>,
! 241: <tt>libtls</tt> no longer implicitly closes the passed in sockets.
! 242: The caller is responsible for closing them in this case.
! 243: </ul>
! 244: <li>New interface <tt>OPENSSL_cpu_caps</tt> is provided that does not
! 245: allow software to inadvertently modify cpu capability flags.
! 246: <tt>OPENSSL_ia32cap</tt> and <tt>OPENSSL_ia32cap_loc</tt> are removed.
! 247: <li>The <tt>out_len</tt> argument of AEAD changed from <tt>ssize_t</tt>
! 248: to <tt>size_t</tt>.
! 249: <li>Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
! 250: <li>Converted
! 251: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>
! 252: to use <tt>libtls</tt> for client and server operations; it is
! 253: included in the libressl-portable distribution as an example of how
! 254: to use the <tt>libtls</tt> library. This is intended to be a simpler
! 255: and more robust replacement for <tt>openssl s_client</tt> and
! 256: <tt>openssl s_server</tt> for day-to-day operations.
! 257: <li>ASN.1 cleanups and RFC5280 compliance fixes.
! 258: <li>Time representations switched from <tt>unsigned long</tt> to
! 259: <tt>time_t</tt>. LibreSSL now checks if the host OS supports 64-bit
! 260: <tt>time_t</tt>.
! 261: <li>Support always extracting the peer cipher and version with
! 262: <tt>libtls</tt>.
! 263: <li>Added ability to check certificate validity times with
! 264: <tt>libtls</tt>, <tt>tls_peer_cert_notbefore</tt> and
! 265: <tt>tls_peer_cert_notafter</tt>.
! 266: <li>Changed tls_connect_servername to use the first address that
! 267: resolves with getaddrinfo().
! 268: <li>Remove broken conditional <tt>EVP_CHECK_DES_KEY</tt> code
! 269: (non-functional since initial commit in 2004).
! 270: <li>Reject too small bits value in <tt>BN_generate_prime_ex()</tt>,
! 271: so that it does not risk becoming negative in
! 272: <tt>probable_prime_dh_safe()</tt>.
! 273: <li>Changed format of LIBRESSL_VERSION_NUMBER to match that of
! 274: <tt>OPENSSL_VERSION_NUMBER</tt>.
! 275: <li>Avoid a potential undefined C99+ behavior due to shift overflow in
! 276: <tt>AES_decrypt</tt>.
! 277: <li>Deprecated the <tt>SSL_OP_SINGLE_DH_USE</tt> flag.
1.1 deraadt 278: </ul>
279: </ul>
280: <p>
281: <li>Syslogd:
282: <ul>
283: <li>...
284: </ul>
285: <p>
286: <li>Ports and packages:
287: <dl>
288: <dt>Many pre-built packages for each architecture:
289: <table border=0 cellspacing=0 cellpadding=2 width="95%">
290: <tr>
291: <td valign="top" width="25%">
292: <ul>
293: <li>alpha: xxxx
294: <li>amd64: xxxx
295: <li>hppa: xxxx
296: </ul></td><td valign=top width="25%"><ul>
297: <li>i386: xxxx
298: <li>mips64: xxxx
299: <li>mips64el: xxxx
300: </ul></td><td valign=top width="25%"><ul>
301: <li>powerpc: xxxx
302: <li>sh: xxxx
303: <li>sparc64: xxxx
304: </ul></td><td valign=top width="25%"><ul>
305: <li>vax: xxxx
306: </ul></td></tr></table>
307: <p>
308:
309: <dt>Some highlights:
310: <table border=0 cellspacing=0 cellpadding=2 width="95%">
311: <tr>
312: <td valign="top" width="33%"><ul>
1.15 lteo 313: <li>Chromium 48.0.2564.97
1.1 deraadt 314: <li>Emacs 21.4 and 24.5
1.3 jsg 315: <li>GCC 4.9.3
316: <li>GHC 7.10.3
317: <li>GNOME 3.18.2
1.5 sthen 318: <li>Go 1.5.3
1.1 deraadt 319: <li>Groff 1.22.3
320: <li>JDK 1.7.0.80 and 1.8.0.45
321: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
322: <li>LLVM/Clang 3.5 (20140228)
1.3 jsg 323: <li>LibreOffice 5.0.4.2
324: <li>MariaDB 10.0.23
325: <li>Mono 4.2.1.102
1.13 jsg 326: <li>Mozilla Firefox 38.6.0esr and 44.0
1.3 jsg 327: <li>Mozilla Thunderbird 38.5.1
1.1 deraadt 328: </ul></td><td valign=top width="33%"><ul>
1.14 abieber 329: <li>Node.js 4.2.6
1.3 jsg 330: <li>OpenLDAP 2.3.43 and 2.4.43
1.5 sthen 331: <li>PHP 5.4.45, 5.5.31 and 5.6.17
1.3 jsg 332: <li>Postfix 3.0.3
333: <li>PostgreSQL 9.4.5
334: <li>Python 2.7.11, 3.4.4 and 3.5.1
335: <li>R 3.2.3
336: <li>Ruby 1.8.7.374, 2.0.0.648, 2.1.8, 2.2.4 and 2.3.0
1.15 lteo 337: <li>Rust 1.6.0
1.1 deraadt 338: <li>Sendmail 8.15.2
1.3 jsg 339: <li>Sudo 1.8.15
1.1 deraadt 340: <li>Tcl/Tk 8.5.18 and 8.6.4
341: <li>TeX Live 2014
1.3 jsg 342: <li>Vim 7.4.900
1.1 deraadt 343: <li>Xfce 4.12
344: </ul></td><td valign=top width="34%">
345: </td></tr></table>
346: <p>
347:
348: <li>As usual, steady improvements in manual pages and other documentation.
349: <p>
350:
351: <li>The system includes the following major components from outside suppliers:
352: <ul>
1.3 jsg 353: <li>Xenocara (based on X.Org 7.7 with xserver 1.17.4 + patches,
1.8 jsg 354: freetype 2.6.2, fontconfig 2.11.1, Mesa 11.0.9, xterm 322,
1.3 jsg 355: xkeyboard-config 2.16 and more)
1.1 deraadt 356: <li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
357: <li>Perl 5.20.2 (+ patches)
1.3 jsg 358: <li>SQLite 3.9.2 (+ patches)
359: <li>NSD 4.1.7
360: <li>Unbound 1.5.7
1.1 deraadt 361: <li>Ncurses 5.7
362: <li>Binutils 2.17 (+ patches)
363: <li>Gdb 6.3 (+ patches)
364: <li>Less 458 (+ patches)
365: <li>Awk Aug 10, 2011 version
366: </ul>
367:
368: </ul>
369:
370: <a name="install"></a>
371: <hr>
372: <p>
373: <h3><font color="#0000e0">How to install</font></h3>
374: <p>
375: Following this are the instructions which you would have on a piece of
376: paper if you had purchased a CDROM set instead of doing an alternate
377: form of install. The instructions for doing an HTTP (or other style
378: of) install are very similar; the CDROM instructions are left intact
379: so that you can see how much easier it would have been if you had
380: purchased a CDROM instead.
381: <p>
382:
383: <hr>
384: Please refer to the following files on the three CDROMs or mirror site for
385: extensive details on how to install OpenBSD 5.9 on your machine:
386: <p>
387: <ul>
388: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
389: .../OpenBSD/5.9/alpha/INSTALL.alpha (on CD1)</a>
390: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/i386/INSTALL.i386">
391: .../OpenBSD/5.9/i386/INSTALL.i386 (on CD1)</a>
392: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
393: .../OpenBSD/5.9/hppa/INSTALL.hppa (on CD1)</a>
394: <p>
395: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/amd64/INSTALL.amd64">
396: .../OpenBSD/5.9/amd64/INSTALL.amd64 (on CD2)</a>
397: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
398: .../OpenBSD/5.9/macppc/INSTALL.macppc (on CD2)</a>
399: <p>
400: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sparc64/INSTALL.sparc64">
401: .../OpenBSD/5.9/sparc64/INSTALL.sparc64 (on CD3)</a>
402: <p>
403: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
404: .../OpenBSD/5.9/alpha/INSTALL.alpha</a>
405: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
406: .../OpenBSD/5.9/hppa/INSTALL.hppa</a>
407: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/landisk/INSTALL.landisk">
408: .../OpenBSD/5.9/landisk/INSTALL.landisk</a>
409: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/loongson/INSTALL.loongson">
410: .../OpenBSD/5.9/loongson/INSTALL.loongson</a>
411: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/luna88k/INSTALL.luna88k">
412: .../OpenBSD/5.9/luna88k/INSTALL.luna88k</a>
413: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
414: .../OpenBSD/5.9/macppc/INSTALL.macppc</a>
415: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/octeon/INSTALL.octeon">
416: .../OpenBSD/5.9/octeon/INSTALL.octeon</a>
417: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sgi/INSTALL.sgi">
418: .../OpenBSD/5.9/sgi/INSTALL.sgi</a>
419: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/socppc/INSTALL.socppc">
420: .../OpenBSD/5.9/socppc/INSTALL.socppc</a>
421: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/vax/INSTALL.vax">
422: .../OpenBSD/5.9/vax/INSTALL.vax</a>
423: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/zaurus/INSTALL.zaurus">
424: .../OpenBSD/5.9/zaurus/INSTALL.zaurus</a>
425: </ul>
426: <hr>
427:
428: <p>
429: Quick installer information for people familiar with OpenBSD, and the
430: use of the "disklabel -E" command. If you are at all confused when
431: installing OpenBSD, read the relevant INSTALL.* file as listed above!
432: <p>
433:
434: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
435: <ul>
436: The OpenBSD/i386 release is on CD1.
437: Boot from the CD to begin the install - you may need to adjust
438: your BIOS options first.
439:
440: <p>
441: If your machine can boot from USB, you can write <i>install59.fs</i> or
442: <i>miniroot59.fs</i> to a USB stick and boot from it.
443:
444: <p>
445: If you can't boot from a CD, floppy disk, or USB,
446: you can install across the network using PXE as described in
447: the included INSTALL.i386 document.
448:
449: <p>
450: If you are planning on dual booting OpenBSD with another OS, you will need to
451: read INSTALL.i386.
452:
453: </ul>
454:
455: <p>
456: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
457: <ul>
458: The OpenBSD/amd64 release is on CD2.
459: Boot from the CD to begin the install - you may need to adjust
460: your BIOS options first.
461:
462: <p>
463: If your machine can boot from USB, you can write <i>install59.fs</i> or
464: <i>miniroot59.fs</i> to a USB stick and boot from it.
465:
466: <p>
467: If you can't boot from a CD, floppy disk, or USB,
468: you can install across the network using PXE as described in the included
469: INSTALL.amd64 document.
470:
471: <p>
472: If you are planning to dual boot OpenBSD with another OS, you will need to
473: read INSTALL.amd64.
474: </ul>
475:
476: <p>
477: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
478: <ul>
479: Burn the image from a mirror site to a CDROM, and power on your machine
480: while holding down the <i>C</i> key until the display turns on and
481: shows <i>OpenBSD/macppc boot</i>.
482:
483: <p>
484: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
485: /5.9/macppc/bsd.rd</i>
486: </ul>
487:
488: <p>
489: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
490: <ul>
491: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
492:
493: <p>
494: If this doesn't work, or if you don't have a CDROM drive, you can write
495: <i>CD3:5.9/sparc64/floppy59.fs</i> or <i>CD3:5.9/sparc64/floppyB59.fs</i>
496: (depending on your machine) to a floppy and boot it with <i>boot
497: floppy</i>. Refer to INSTALL.sparc64 for details.
498:
499: <p>
500: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
501: will most likely fail.
502:
503: <p>
504: You can also write <i>CD3:5.9/sparc64/miniroot59.fs</i> to the swap partition on
505: the disk and boot with <i>boot disk:b</i>.
506:
507: <p>
508: If nothing works, you can boot over the network as described in INSTALL.sparc64.
509: </ul>
510:
511: <p>
512: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
513: <ul>
514: <p>Write <i>FTP:5.9/alpha/floppy59.fs</i> or
515: <i>FTP:5.9/alpha/floppyB59.fs</i> (depending on your machine) to a diskette and
516: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
517:
518: <p>
519: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
520: will most likely fail.
521:
522: </ul>
523:
524: <p>
525: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
526: <ul>
527: <p>
528: Boot over the network by following the instructions in INSTALL.hppa or the
529: <a href="hppa.html#install">hppa platform page</a>.
530: </ul>
531:
532: <p>
533: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
534: <ul>
535: <p>
536: Write <i>miniroot59.fs</i> to the start of the CF
537: or disk, and boot normally.
538: </ul>
539:
540: <p>
541: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
542: <ul>
543: <p>
544: Write <i>miniroot59.fs</i> to a USB stick and boot bsd.rd from it
545: or boot bsd.rd via tftp.
546: Refer to the instructions in INSTALL.loongson for more details.
547: </ul>
548: <p>
549:
550: <p>
551: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
552: <ul>
553: <p>
554: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
555: from the PROM, and then bsd.rd from the bootloader.
556: Refer to the instructions in INSTALL.luna88k for more details.
557: </ul>
558:
559: <p>
560: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
561: <ul>
562: <p>
563: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
564: Refer to the instructions in INSTALL.octeon for more details.
565: </ul>
566:
567: <p>
568: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
569: <ul>
570: <p>
571: To install, burn cd59.iso on a CD-R, put it in the CD drive of your
572: machine and select <i>Install System Software</i> from the System Maintenance
573: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
574: CD-ROM, and need a proper invocation from the PROM prompt.
575: Refer to the instructions in INSTALL.sgi for more details.
576:
577: <p>
578: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
579: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
580: system type. Refer to the instructions in INSTALL.sgi for more details.
581: </ul>
582:
583: <p>
584: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
585: <ul>
586: <p>
587: After connecting a serial port, boot over the network via DHCP/tftp.
588: Refer to the instructions in INSTALL.socppc for more details.
589: </ul>
590:
591: <p>
592: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
593: <ul>
594: Boot over the network via mopbooting as described in INSTALL.vax.
595: </ul>
596:
597: <p>
598: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
599: <ul>
600: <p>
601: Using the Linux built-in graphical ipkg installer, install the
602: openbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
603: for a few important details.
604: </ul>
605:
606: <a name="upgrade"></a>
607: <hr>
608: <p>
609: <h3><font color="#0000e0">How to upgrade</font></h3>
610: <p>
1.6 tj 611: If you already have an OpenBSD 5.8 system, and do not want to reinstall,
1.1 deraadt 612: upgrade instructions and advice can be found in the
613: <a href="faq/upgrade59.html">Upgrade Guide</a>.
614:
615: <a name="sourcecode"></a>
616: <hr>
617: <p>
618: <h3><font color="#0000e0">Notes about the source code</font></h3>
619: <p>
620: src.tar.gz contains a source archive starting at /usr/src. This file
621: contains everything you need except for the kernel sources, which are
622: in a separate archive. To extract:
623: <p>
624: <ul><pre>
625: # <strong>mkdir -p /usr/src</strong>
626: # <strong>cd /usr/src</strong>
627: # <strong>tar xvfz /tmp/src.tar.gz</strong>
628: </pre></ul>
629: <p>
630: sys.tar.gz contains a source archive starting at /usr/src/sys.
631: This file contains all the kernel sources you need to rebuild kernels.
632: To extract:
633: <p>
634: <ul><pre>
635: # <strong>mkdir -p /usr/src/sys</strong>
636: # <strong>cd /usr/src</strong>
637: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
638: </pre></ul>
639: <p>
640: Both of these trees are a regular CVS checkout. Using these trees it
641: is possible to get a head-start on using the anoncvs servers as
642: described <a href="anoncvs.html">here</a>.
643: Using these files
644: results in a much faster initial CVS update than you could expect from
645: a fresh checkout of the full OpenBSD source tree.
646: <p>
647:
648: <a name="ports"></a>
649: <hr>
650: <p>
651: <h3><font color="#0000e0">Ports Tree</font></h3>
652: <p>
653: A ports tree archive is also provided. To extract:
654: <p>
655: <ul><pre>
656: # <strong>cd /usr</strong>
657: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
658: </pre></ul>
659: <p>
660: Go read the <a href="faq/ports/index.html">ports</a> page
661: if you know nothing about ports
662: at this point. This text is not a manual of how to use ports.
663: Rather, it is a set of notes meant to kickstart the user on the
664: OpenBSD ports system.
665: <p>
666: The <i>ports/</i> directory represents a CVS (see the manpage for
667: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
668: cvs(1)</a> if
669: you aren't familiar with CVS) checkout of our ports. As with our complete
670: source tree, our ports tree is available via
671: <a href="anoncvs.html">AnonCVS</a>.
672: So, in order to keep up to date with the <i>-stable</i> branch, you must make
673: the <i>ports/</i> tree available on a read-write medium and update the tree
674: with a command like:
675: <p>
676: <ul><pre>
677: # <strong>cd /usr/ports</strong>
678: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9</strong>
679: </pre></ul>
680: <p>
681: [Of course, you must replace the server name here with a nearby anoncvs
682: server.]
683: <p>
684: Note that most ports are available as packages on our mirrors. Updated
685: ports for the 5.9 release will be made available if problems arise.
686: <p>
687: If you're interested in seeing a port added, would like to help out, or just
688: would like to know more, the mailing list
689: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
690: <p>
691: </body>
692: </html>