Annotation of www/59.html, Revision 1.18
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.9</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 5.9">
7: <meta name="copyright" content="This document copyright 2015 by OpenBSD.">
8: <link rel="canonical" href="http://www.openbsd.org/59.html">
9: </head>
10:
11: <body bgcolor="#ffffff" text="#000000" link="#24248E">
12:
13: <a href="index.html">
14: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
15: <p>
16:
17: <a href="images/XXX.jpg">
18: <img align="left" width="227" height="343" hspace="24" vspace="10" src="images/XXX.jpg"></a>
19: <h2><font color="#0000e0">OpenBSD 5.9</font></h2>
20: <p>
1.11 tedu 21: To be released May 1, 2016<br>
1.1 deraadt 22: Copyright 1997-2016, Theo de Raadt.<br>
23: <font color="#e00000">ISBN 978-0-9881561-7-3</font>
24: <br>
25: 5.9 Songs: <a href="lyrics.html#59a">"xxx"</a>,
26: <a href="lyrics.html#59b">"xxx"</a>
27: <ul>
28: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
29: <li>See the information on <a href="ftp.html">the FTP page</a> for
30: a list of mirror machines.
31: <li>Go to the <font color="#e00000">pub/OpenBSD/5.9/</font> directory on
32: one of the mirror sites.
33: <li>Have a look at <a href="errata59.html">the 5.9 errata page</a> for a list
34: of bugs and workarounds.
35: <li>See a <a href="plus59.html">detailed log of changes</a> between the
36: 5.8 and 5.9 releases.
37: <p>
38: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br>
39: <pre>
1.4 jsg 40: base: RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVn
41: fw: RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1
42: pkg: RWSLRYDCTJeWLIScncqwGuXK6JVXDcIyRT0q+0m30MXXG4W2xWS4NZBP
1.1 deraadt 43: </pre>
44: </ul>
45: <br clear=all>
46: All applicable copyrights and credits can be found in the applicable
47: file sources found in the files src.tar.gz, sys.tar.gz,
48: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
49: distribution files used to build packages from the ports.tar.gz file
50: are not included on the CDROM because of lack of space.
51: <p>
52:
53: <a name="new"></a>
54: <hr>
55: <p>
56: <h3><font color="#0000e0">What's New</font></h3>
57: <p>
58: This is a partial list of new features and systems included in OpenBSD 5.9.
59: For a comprehensive list, see the <a href="plus59.html">changelog</a> leading
60: to 5.9.
61: <p>
62:
63: <ul>
64: <li>Improved hardware support, including:
65: <ul>
66: <li>...
67: </ul>
68: <p>
69:
70: <li>Removed hardware support:
71: <ul>
72: <li>...
73: </ul>
74: <p>
75:
76: <li>Generic network stack improvements:
77: <ul>
1.9 tedu 78: <li>Remove support for obsolete IPv6 socket options
1.1 deraadt 79: <li>...
80: </ul>
81: <p>
82:
83: <li>Installer improvements:
84: <ul>
85: <li>...
86: </ul>
87: <p>
88:
89: <li>Routing daemons and other userland network improvements:
90: <ul>
91: <li>...
92: </ul>
93: <p>
94:
95: <li>Security improvements:
96: <ul>
97: <li>...
1.10 tedu 98: <li>Support for looking up hosts via YP has been removed from libc.
99: The 'yp' lookup method in
100: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5">resolv.conf</a>
101: is no longer available.
102: <li>Support for the HOSTALIASES environment variable has been removed from libc.
1.1 deraadt 103: </ul>
104: <p>
105:
106: <li>Assorted improvements:
107: <ul>
1.9 tedu 108: <li>doas is a little friendlier to use
109: <li>Updated flex
110: <li>Updated and improved less
1.1 deraadt 111: <li>...
112: </ul>
113: <p>
114:
115: <li>OpenBSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>:
116: <ul>
117: <li>...
118: </ul>
119: <p>
120:
121: <li>OpenSMTPD
122: <ul>
123: <li>...
124: </ul>
125: <p>
126:
1.3 jsg 127: <li>OpenSSH 7.1
1.1 deraadt 128: <ul>
129: <li>Security:
130: <ul>
1.16 sobrado 131: <li>Qualys Security identified vulnerabilities in the
132: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
1.18 ! sobrado 133: client experimental support for resuming SSH-connections (roaming).
1.16 sobrado 134: In the default configuration, this could potentially leak client keys
135: to a hostile server. The authentication of the server host key
136: prevents exploitation by a man-in-the-middle, so this information leak
137: is restricted to connections to malicious or compromised servers.
138: This feature has been disabled in the
139: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
140: client, and it has been removed from the source tree. The matching
141: server code has never been shipped.
142: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
143: OpenSSH 7.0 contained a logic error in
144: <tt>PermitRootLogin=prohibit-password/without-password</tt> that could,
145: depending on compile-time configuration, permit password authentication
146: to root while preventing other forms of authentication.
147: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
148: <li>Eliminate the fallback from untrusted X11-forwarding to trusted
149: forwarding for cases when the X server disables the <tt>SECURITY</tt>
150: extension.
151: <li>Fix an out of-bound read access in the packet handling code.
1.18 ! sobrado 152: <li>Further use of
! 153: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">explicit_bzero(3)</a>
! 154: has been added in various buffer handling code paths to guard against
! 155: compilers aggressively doing dead-store removal.
1.1 deraadt 156: </ul>
157: <li>The following significant bugs have been fixed in this release:
158: <ul>
1.16 sobrado 159: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
160: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
1.18 ! sobrado 161: add compatibility workarounds for FuTTY.
1.16 sobrado 162: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
163: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
1.18 ! sobrado 164: refine compatibility workarounds for WinSCP.
1.16 sobrado 165: <li>Fix a number of memory faults (double-free, free of uninitialised
166: memory, etc) in
167: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
168: and
169: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>.
1.18 ! sobrado 170: <li>Correctly interpret the <tt>first_kex_follows</tt> option during the
! 171: initial key exchange.
1.1 deraadt 172: </ul>
173: </ul>
174: <p>
1.17 sobrado 175: <li>LibreSSL 2.3.2
1.1 deraadt 176: <ul>
177: <li>User-visible features:
178: <ul>
1.17 sobrado 179: <li>This release corrects the handling of <tt>ClientHello</tt> messages
180: that do not include TLS extensions, resulting in such handshakes being
181: aborted.
182: <li>When loading a DSA key from an raw (without DH parameters) ASN.1
183: serialization, perform some consistency checks on its `p' and `q'
184: values, and return an error if the checks failed.
185: <li>Fixed a bug in <tt>ECDH_compute_key</tt> that can lead to silent
186: truncation of the result key without error. A coding error could cause
187: software to use much shorter keys than intended.
188: <li>Removed support for <tt>DTLS_BAD_VER</tt>. Pre-DTLSv1 implementations
189: are no longer supported.
190: <li>The engine command and parameters are removed from
191: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>.
192: Previous releases removed dynamic and builtin engine support already.
193: <li>SHA-0 is removed, which was withdrawn shortly after publication
194: twenty years ago.
195: <li>Added <tt>Certplus CA</tt> root certificate to the default
196: <tt>cert.pem</tt> file.
197: <li>Fixed a leak in <tt>SSL_new</tt> in the error path.
198: <li>Fixed a memory leak and out-of-bounds access in <tt>OBJ_obj2txt</tt>.
199: <li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
200: <tt>sizeof(RC4_CHUNK)</tt>.
201: <li>Added <tt>EVP_aead_chacha20_poly1305_ietf()</tt> which matches the
1.18 ! sobrado 202: <tt>AEAD</tt> construction introduced in RFC 7539, which is different
! 203: than that already used in TLS with
! 204: <tt>EVP_aead_chacha20_poly1305()</tt>.
! 205: <li>More man pages converted from pod to
! 206: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mdoc&sektion=7">mdoc(7)</a>
! 207: format.
1.17 sobrado 208: <li>Added <tt>COMODO RSA Certification Authority</tt> and
209: <tt>QuoVadis</tt> root certificates to <tt>cert.pem</tt>.
210: <li>Removed Remhve "<tt>C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
211: Certification Authority</tt>"
212: (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
213: root certificate from <tt>cert.pem</tt>.
214: <li>Fixed incorrect TLS certificate loading by
215: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.
216: <li>The following CVEs had been fixed:
217: <ul>
218: <li><tt>CVE-2015-3194</tt>—NULL pointer dereference in client
219: side certificate validation.
220: <li><tt>CVE-2015-3195</tt>—memory leak in PKCS7, not reachable
221: from TLS/SSL.
222: </ul>
223: <li>Note: The following OpenSSL CVEs did not apply to LibreSSL:
224: <ul>
225: <li><tt>CVE-2015-3193</tt>—carry propagating bug in the x86_64
226: Montgomery squaring procedure.
227: <li><tt>CVE-2015-3196</tt>—double free race condition of the
228: identify hint data.
229: </ul>
1.1 deraadt 230: </ul>
231: <li>Code improvements:
232: <ul>
1.17 sobrado 233: <li>Added install target for <tt>cmake</tt> builds.
234: <li>Updated <tt>pkgconfig</tt> files to correctly report the release
235: version number, not the individual library ABI version numbers.
236: <li>SSLv3 is now permanently removed from the tree.
237: <li>The <tt>libtls</tt> API is changed from the 2.2.x series:
238: <ul>
1.18 ! sobrado 239: <li>The <tt>tls_read</tt>/<tt>write</tt> functions now work better
! 240: with external event libraries.
1.17 sobrado 241: <li>Client-side verification is now supported, with the client
242: supplying the certificate to the server.
243: <li>Also, when using <tt>tls_connect_fds</tt>,
244: <tt>tls_connect_socket</tt> or <tt>tls_accept_fds</tt>,
245: <tt>libtls</tt> no longer implicitly closes the passed in sockets.
246: The caller is responsible for closing them in this case.
247: </ul>
248: <li>New interface <tt>OPENSSL_cpu_caps</tt> is provided that does not
249: allow software to inadvertently modify cpu capability flags.
250: <tt>OPENSSL_ia32cap</tt> and <tt>OPENSSL_ia32cap_loc</tt> are removed.
1.18 ! sobrado 251: <li>The <tt>out_len</tt> argument of <tt>AEAD</tt> changed from
! 252: <tt>ssize_t</tt> to <tt>size_t</tt>.
1.17 sobrado 253: <li>Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
254: <li>Converted
255: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>
256: to use <tt>libtls</tt> for client and server operations; it is
257: included in the libressl-portable distribution as an example of how
258: to use the <tt>libtls</tt> library. This is intended to be a simpler
259: and more robust replacement for <tt>openssl s_client</tt> and
260: <tt>openssl s_server</tt> for day-to-day operations.
261: <li>ASN.1 cleanups and RFC5280 compliance fixes.
262: <li>Time representations switched from <tt>unsigned long</tt> to
263: <tt>time_t</tt>. LibreSSL now checks if the host OS supports 64-bit
264: <tt>time_t</tt>.
265: <li>Support always extracting the peer cipher and version with
266: <tt>libtls</tt>.
267: <li>Added ability to check certificate validity times with
268: <tt>libtls</tt>, <tt>tls_peer_cert_notbefore</tt> and
269: <tt>tls_peer_cert_notafter</tt>.
1.18 ! sobrado 270: <li>Changed <tt>tls_connect_servername</tt> to use the first address that
! 271: resolves with
! 272: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
1.17 sobrado 273: <li>Remove broken conditional <tt>EVP_CHECK_DES_KEY</tt> code
274: (non-functional since initial commit in 2004).
275: <li>Reject too small bits value in <tt>BN_generate_prime_ex()</tt>,
276: so that it does not risk becoming negative in
277: <tt>probable_prime_dh_safe()</tt>.
1.18 ! sobrado 278: <li>Changed format of <tt>LIBRESSL_VERSION_NUMBER</tt> to match that of
1.17 sobrado 279: <tt>OPENSSL_VERSION_NUMBER</tt>.
280: <li>Avoid a potential undefined C99+ behavior due to shift overflow in
281: <tt>AES_decrypt</tt>.
282: <li>Deprecated the <tt>SSL_OP_SINGLE_DH_USE</tt> flag.
1.1 deraadt 283: </ul>
284: </ul>
285: <p>
286: <li>Syslogd:
287: <ul>
288: <li>...
289: </ul>
290: <p>
291: <li>Ports and packages:
292: <dl>
293: <dt>Many pre-built packages for each architecture:
294: <table border=0 cellspacing=0 cellpadding=2 width="95%">
295: <tr>
296: <td valign="top" width="25%">
297: <ul>
298: <li>alpha: xxxx
299: <li>amd64: xxxx
300: <li>hppa: xxxx
301: </ul></td><td valign=top width="25%"><ul>
302: <li>i386: xxxx
303: <li>mips64: xxxx
304: <li>mips64el: xxxx
305: </ul></td><td valign=top width="25%"><ul>
306: <li>powerpc: xxxx
307: <li>sh: xxxx
308: <li>sparc64: xxxx
309: </ul></td><td valign=top width="25%"><ul>
310: <li>vax: xxxx
311: </ul></td></tr></table>
312: <p>
313:
314: <dt>Some highlights:
315: <table border=0 cellspacing=0 cellpadding=2 width="95%">
316: <tr>
317: <td valign="top" width="33%"><ul>
1.15 lteo 318: <li>Chromium 48.0.2564.97
1.1 deraadt 319: <li>Emacs 21.4 and 24.5
1.3 jsg 320: <li>GCC 4.9.3
321: <li>GHC 7.10.3
322: <li>GNOME 3.18.2
1.5 sthen 323: <li>Go 1.5.3
1.1 deraadt 324: <li>Groff 1.22.3
325: <li>JDK 1.7.0.80 and 1.8.0.45
326: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
327: <li>LLVM/Clang 3.5 (20140228)
1.3 jsg 328: <li>LibreOffice 5.0.4.2
329: <li>MariaDB 10.0.23
330: <li>Mono 4.2.1.102
1.13 jsg 331: <li>Mozilla Firefox 38.6.0esr and 44.0
1.3 jsg 332: <li>Mozilla Thunderbird 38.5.1
1.1 deraadt 333: </ul></td><td valign=top width="33%"><ul>
1.14 abieber 334: <li>Node.js 4.2.6
1.3 jsg 335: <li>OpenLDAP 2.3.43 and 2.4.43
1.5 sthen 336: <li>PHP 5.4.45, 5.5.31 and 5.6.17
1.3 jsg 337: <li>Postfix 3.0.3
338: <li>PostgreSQL 9.4.5
339: <li>Python 2.7.11, 3.4.4 and 3.5.1
340: <li>R 3.2.3
341: <li>Ruby 1.8.7.374, 2.0.0.648, 2.1.8, 2.2.4 and 2.3.0
1.15 lteo 342: <li>Rust 1.6.0
1.1 deraadt 343: <li>Sendmail 8.15.2
1.3 jsg 344: <li>Sudo 1.8.15
1.1 deraadt 345: <li>Tcl/Tk 8.5.18 and 8.6.4
346: <li>TeX Live 2014
1.3 jsg 347: <li>Vim 7.4.900
1.1 deraadt 348: <li>Xfce 4.12
349: </ul></td><td valign=top width="34%">
350: </td></tr></table>
351: <p>
352:
353: <li>As usual, steady improvements in manual pages and other documentation.
354: <p>
355:
356: <li>The system includes the following major components from outside suppliers:
357: <ul>
1.3 jsg 358: <li>Xenocara (based on X.Org 7.7 with xserver 1.17.4 + patches,
1.8 jsg 359: freetype 2.6.2, fontconfig 2.11.1, Mesa 11.0.9, xterm 322,
1.3 jsg 360: xkeyboard-config 2.16 and more)
1.1 deraadt 361: <li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
362: <li>Perl 5.20.2 (+ patches)
1.3 jsg 363: <li>SQLite 3.9.2 (+ patches)
364: <li>NSD 4.1.7
365: <li>Unbound 1.5.7
1.1 deraadt 366: <li>Ncurses 5.7
367: <li>Binutils 2.17 (+ patches)
368: <li>Gdb 6.3 (+ patches)
369: <li>Less 458 (+ patches)
370: <li>Awk Aug 10, 2011 version
371: </ul>
372:
373: </ul>
374:
375: <a name="install"></a>
376: <hr>
377: <p>
378: <h3><font color="#0000e0">How to install</font></h3>
379: <p>
380: Following this are the instructions which you would have on a piece of
381: paper if you had purchased a CDROM set instead of doing an alternate
382: form of install. The instructions for doing an HTTP (or other style
383: of) install are very similar; the CDROM instructions are left intact
384: so that you can see how much easier it would have been if you had
385: purchased a CDROM instead.
386: <p>
387:
388: <hr>
389: Please refer to the following files on the three CDROMs or mirror site for
390: extensive details on how to install OpenBSD 5.9 on your machine:
391: <p>
392: <ul>
393: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
394: .../OpenBSD/5.9/alpha/INSTALL.alpha (on CD1)</a>
395: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/i386/INSTALL.i386">
396: .../OpenBSD/5.9/i386/INSTALL.i386 (on CD1)</a>
397: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
398: .../OpenBSD/5.9/hppa/INSTALL.hppa (on CD1)</a>
399: <p>
400: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/amd64/INSTALL.amd64">
401: .../OpenBSD/5.9/amd64/INSTALL.amd64 (on CD2)</a>
402: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
403: .../OpenBSD/5.9/macppc/INSTALL.macppc (on CD2)</a>
404: <p>
405: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sparc64/INSTALL.sparc64">
406: .../OpenBSD/5.9/sparc64/INSTALL.sparc64 (on CD3)</a>
407: <p>
408: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
409: .../OpenBSD/5.9/alpha/INSTALL.alpha</a>
410: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
411: .../OpenBSD/5.9/hppa/INSTALL.hppa</a>
412: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/landisk/INSTALL.landisk">
413: .../OpenBSD/5.9/landisk/INSTALL.landisk</a>
414: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/loongson/INSTALL.loongson">
415: .../OpenBSD/5.9/loongson/INSTALL.loongson</a>
416: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/luna88k/INSTALL.luna88k">
417: .../OpenBSD/5.9/luna88k/INSTALL.luna88k</a>
418: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
419: .../OpenBSD/5.9/macppc/INSTALL.macppc</a>
420: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/octeon/INSTALL.octeon">
421: .../OpenBSD/5.9/octeon/INSTALL.octeon</a>
422: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sgi/INSTALL.sgi">
423: .../OpenBSD/5.9/sgi/INSTALL.sgi</a>
424: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/socppc/INSTALL.socppc">
425: .../OpenBSD/5.9/socppc/INSTALL.socppc</a>
426: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/vax/INSTALL.vax">
427: .../OpenBSD/5.9/vax/INSTALL.vax</a>
428: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/zaurus/INSTALL.zaurus">
429: .../OpenBSD/5.9/zaurus/INSTALL.zaurus</a>
430: </ul>
431: <hr>
432:
433: <p>
434: Quick installer information for people familiar with OpenBSD, and the
435: use of the "disklabel -E" command. If you are at all confused when
436: installing OpenBSD, read the relevant INSTALL.* file as listed above!
437: <p>
438:
439: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
440: <ul>
441: The OpenBSD/i386 release is on CD1.
442: Boot from the CD to begin the install - you may need to adjust
443: your BIOS options first.
444:
445: <p>
446: If your machine can boot from USB, you can write <i>install59.fs</i> or
447: <i>miniroot59.fs</i> to a USB stick and boot from it.
448:
449: <p>
450: If you can't boot from a CD, floppy disk, or USB,
451: you can install across the network using PXE as described in
452: the included INSTALL.i386 document.
453:
454: <p>
455: If you are planning on dual booting OpenBSD with another OS, you will need to
456: read INSTALL.i386.
457:
458: </ul>
459:
460: <p>
461: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
462: <ul>
463: The OpenBSD/amd64 release is on CD2.
464: Boot from the CD to begin the install - you may need to adjust
465: your BIOS options first.
466:
467: <p>
468: If your machine can boot from USB, you can write <i>install59.fs</i> or
469: <i>miniroot59.fs</i> to a USB stick and boot from it.
470:
471: <p>
472: If you can't boot from a CD, floppy disk, or USB,
473: you can install across the network using PXE as described in the included
474: INSTALL.amd64 document.
475:
476: <p>
477: If you are planning to dual boot OpenBSD with another OS, you will need to
478: read INSTALL.amd64.
479: </ul>
480:
481: <p>
482: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
483: <ul>
484: Burn the image from a mirror site to a CDROM, and power on your machine
485: while holding down the <i>C</i> key until the display turns on and
486: shows <i>OpenBSD/macppc boot</i>.
487:
488: <p>
489: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
490: /5.9/macppc/bsd.rd</i>
491: </ul>
492:
493: <p>
494: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
495: <ul>
496: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
497:
498: <p>
499: If this doesn't work, or if you don't have a CDROM drive, you can write
500: <i>CD3:5.9/sparc64/floppy59.fs</i> or <i>CD3:5.9/sparc64/floppyB59.fs</i>
501: (depending on your machine) to a floppy and boot it with <i>boot
502: floppy</i>. Refer to INSTALL.sparc64 for details.
503:
504: <p>
505: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
506: will most likely fail.
507:
508: <p>
509: You can also write <i>CD3:5.9/sparc64/miniroot59.fs</i> to the swap partition on
510: the disk and boot with <i>boot disk:b</i>.
511:
512: <p>
513: If nothing works, you can boot over the network as described in INSTALL.sparc64.
514: </ul>
515:
516: <p>
517: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
518: <ul>
519: <p>Write <i>FTP:5.9/alpha/floppy59.fs</i> or
520: <i>FTP:5.9/alpha/floppyB59.fs</i> (depending on your machine) to a diskette and
521: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
522:
523: <p>
524: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
525: will most likely fail.
526:
527: </ul>
528:
529: <p>
530: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
531: <ul>
532: <p>
533: Boot over the network by following the instructions in INSTALL.hppa or the
534: <a href="hppa.html#install">hppa platform page</a>.
535: </ul>
536:
537: <p>
538: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
539: <ul>
540: <p>
541: Write <i>miniroot59.fs</i> to the start of the CF
542: or disk, and boot normally.
543: </ul>
544:
545: <p>
546: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
547: <ul>
548: <p>
549: Write <i>miniroot59.fs</i> to a USB stick and boot bsd.rd from it
550: or boot bsd.rd via tftp.
551: Refer to the instructions in INSTALL.loongson for more details.
552: </ul>
553: <p>
554:
555: <p>
556: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
557: <ul>
558: <p>
559: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
560: from the PROM, and then bsd.rd from the bootloader.
561: Refer to the instructions in INSTALL.luna88k for more details.
562: </ul>
563:
564: <p>
565: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
566: <ul>
567: <p>
568: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
569: Refer to the instructions in INSTALL.octeon for more details.
570: </ul>
571:
572: <p>
573: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
574: <ul>
575: <p>
576: To install, burn cd59.iso on a CD-R, put it in the CD drive of your
577: machine and select <i>Install System Software</i> from the System Maintenance
578: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
579: CD-ROM, and need a proper invocation from the PROM prompt.
580: Refer to the instructions in INSTALL.sgi for more details.
581:
582: <p>
583: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
584: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
585: system type. Refer to the instructions in INSTALL.sgi for more details.
586: </ul>
587:
588: <p>
589: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
590: <ul>
591: <p>
592: After connecting a serial port, boot over the network via DHCP/tftp.
593: Refer to the instructions in INSTALL.socppc for more details.
594: </ul>
595:
596: <p>
597: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
598: <ul>
599: Boot over the network via mopbooting as described in INSTALL.vax.
600: </ul>
601:
602: <p>
603: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
604: <ul>
605: <p>
606: Using the Linux built-in graphical ipkg installer, install the
607: openbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
608: for a few important details.
609: </ul>
610:
611: <a name="upgrade"></a>
612: <hr>
613: <p>
614: <h3><font color="#0000e0">How to upgrade</font></h3>
615: <p>
1.6 tj 616: If you already have an OpenBSD 5.8 system, and do not want to reinstall,
1.1 deraadt 617: upgrade instructions and advice can be found in the
618: <a href="faq/upgrade59.html">Upgrade Guide</a>.
619:
620: <a name="sourcecode"></a>
621: <hr>
622: <p>
623: <h3><font color="#0000e0">Notes about the source code</font></h3>
624: <p>
625: src.tar.gz contains a source archive starting at /usr/src. This file
626: contains everything you need except for the kernel sources, which are
627: in a separate archive. To extract:
628: <p>
629: <ul><pre>
630: # <strong>mkdir -p /usr/src</strong>
631: # <strong>cd /usr/src</strong>
632: # <strong>tar xvfz /tmp/src.tar.gz</strong>
633: </pre></ul>
634: <p>
635: sys.tar.gz contains a source archive starting at /usr/src/sys.
636: This file contains all the kernel sources you need to rebuild kernels.
637: To extract:
638: <p>
639: <ul><pre>
640: # <strong>mkdir -p /usr/src/sys</strong>
641: # <strong>cd /usr/src</strong>
642: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
643: </pre></ul>
644: <p>
645: Both of these trees are a regular CVS checkout. Using these trees it
646: is possible to get a head-start on using the anoncvs servers as
647: described <a href="anoncvs.html">here</a>.
648: Using these files
649: results in a much faster initial CVS update than you could expect from
650: a fresh checkout of the full OpenBSD source tree.
651: <p>
652:
653: <a name="ports"></a>
654: <hr>
655: <p>
656: <h3><font color="#0000e0">Ports Tree</font></h3>
657: <p>
658: A ports tree archive is also provided. To extract:
659: <p>
660: <ul><pre>
661: # <strong>cd /usr</strong>
662: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
663: </pre></ul>
664: <p>
665: Go read the <a href="faq/ports/index.html">ports</a> page
666: if you know nothing about ports
667: at this point. This text is not a manual of how to use ports.
668: Rather, it is a set of notes meant to kickstart the user on the
669: OpenBSD ports system.
670: <p>
671: The <i>ports/</i> directory represents a CVS (see the manpage for
672: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
673: cvs(1)</a> if
674: you aren't familiar with CVS) checkout of our ports. As with our complete
675: source tree, our ports tree is available via
676: <a href="anoncvs.html">AnonCVS</a>.
677: So, in order to keep up to date with the <i>-stable</i> branch, you must make
678: the <i>ports/</i> tree available on a read-write medium and update the tree
679: with a command like:
680: <p>
681: <ul><pre>
682: # <strong>cd /usr/ports</strong>
683: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9</strong>
684: </pre></ul>
685: <p>
686: [Of course, you must replace the server name here with a nearby anoncvs
687: server.]
688: <p>
689: Note that most ports are available as packages on our mirrors. Updated
690: ports for the 5.9 release will be made available if problems arise.
691: <p>
692: If you're interested in seeing a port added, would like to help out, or just
693: would like to know more, the mailing list
694: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
695: <p>
696: </body>
697: </html>