Annotation of www/59.html, Revision 1.23
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 5.9</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 5.9">
7: <meta name="copyright" content="This document copyright 2015 by OpenBSD.">
8: <link rel="canonical" href="http://www.openbsd.org/59.html">
9: </head>
10:
11: <body bgcolor="#ffffff" text="#000000" link="#24248E">
12:
13: <a href="index.html">
14: <img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
15: <p>
16:
17: <a href="images/XXX.jpg">
18: <img align="left" width="227" height="343" hspace="24" vspace="10" src="images/XXX.jpg"></a>
19: <h2><font color="#0000e0">OpenBSD 5.9</font></h2>
20: <p>
1.11 tedu 21: To be released May 1, 2016<br>
1.1 deraadt 22: Copyright 1997-2016, Theo de Raadt.<br>
23: <font color="#e00000">ISBN 978-0-9881561-7-3</font>
24: <br>
25: 5.9 Songs: <a href="lyrics.html#59a">"xxx"</a>,
26: <a href="lyrics.html#59b">"xxx"</a>
27: <ul>
28: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
29: <li>See the information on <a href="ftp.html">the FTP page</a> for
30: a list of mirror machines.
31: <li>Go to the <font color="#e00000">pub/OpenBSD/5.9/</font> directory on
32: one of the mirror sites.
33: <li>Have a look at <a href="errata59.html">the 5.9 errata page</a> for a list
34: of bugs and workarounds.
35: <li>See a <a href="plus59.html">detailed log of changes</a> between the
36: 5.8 and 5.9 releases.
37: <p>
38: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br>
39: <pre>
1.4 jsg 40: base: RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVn
41: fw: RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1
42: pkg: RWSLRYDCTJeWLIScncqwGuXK6JVXDcIyRT0q+0m30MXXG4W2xWS4NZBP
1.1 deraadt 43: </pre>
44: </ul>
45: <br clear=all>
46: All applicable copyrights and credits can be found in the applicable
47: file sources found in the files src.tar.gz, sys.tar.gz,
48: xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
49: distribution files used to build packages from the ports.tar.gz file
50: are not included on the CDROM because of lack of space.
51: <p>
52:
53: <a name="new"></a>
54: <hr>
55: <p>
56: <h3><font color="#0000e0">What's New</font></h3>
57: <p>
58: This is a partial list of new features and systems included in OpenBSD 5.9.
59: For a comprehensive list, see the <a href="plus59.html">changelog</a> leading
60: to 5.9.
61: <p>
62:
63: <ul>
64: <li>Improved hardware support, including:
65: <ul>
66: <li>...
67: </ul>
68: <p>
69:
70: <li>Removed hardware support:
71: <ul>
72: <li>...
73: </ul>
74: <p>
75:
76: <li>Generic network stack improvements:
77: <ul>
1.9 tedu 78: <li>Remove support for obsolete IPv6 socket options
1.1 deraadt 79: <li>...
80: </ul>
81: <p>
82:
83: <li>Installer improvements:
84: <ul>
85: <li>...
86: </ul>
87: <p>
88:
89: <li>Routing daemons and other userland network improvements:
90: <ul>
1.23 ! krw 91: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now supports multiple domain names provided via DHCP option 15 (Domain Name).
! 92: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now supports search domains provided via DHCP option 119 (Domain Search).
! 93: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> no longer continually checks for a change to the routing domain of the interface it controls. It now relies on the appropriate routing socket messages.
! 94: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now issues DHCP DECLINE responses to lease offers found to be inadequate, and restarts the DISCOVER/RENEW process rather than waiting indefinitely for a better lease to appear.
! 95: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> no longer exits if a desired route cannot be added. It now just reports the fact.
! 96: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now takes a much more careful approach to received packets to ensure only received data is used to process the packet. Packets with incorrect length information or lacking appropriate header information are now dropped.
! 97: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> again disables pending timeouts if the interface link is lost, preventing endless retries at obtaining a lease.
! 98: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> was pledged.
! 99: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> again properly utilizes default-lease-time, max-lease-time and bootp-lease-time options.
! 100: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> was pledged.
1.1 deraadt 101: <li>...
102: </ul>
103: <p>
104:
105: <li>Security improvements:
106: <ul>
107: <li>...
1.10 tedu 108: <li>Support for looking up hosts via YP has been removed from libc.
109: The 'yp' lookup method in
110: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5">resolv.conf</a>
111: is no longer available.
112: <li>Support for the HOSTALIASES environment variable has been removed from libc.
1.1 deraadt 113: </ul>
114: <p>
115:
116: <li>Assorted improvements:
117: <ul>
1.9 tedu 118: <li>doas is a little friendlier to use
119: <li>Updated flex
120: <li>Updated and improved less
1.1 deraadt 121: <li>...
122: </ul>
123: <p>
124:
125: <li>OpenBSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>:
126: <ul>
127: <li>...
128: </ul>
129: <p>
130:
131: <li>OpenSMTPD
132: <ul>
133: <li>...
134: </ul>
135: <p>
136:
1.3 jsg 137: <li>OpenSSH 7.1
1.1 deraadt 138: <ul>
139: <li>Security:
140: <ul>
1.16 sobrado 141: <li>Qualys Security identified vulnerabilities in the
142: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
1.18 sobrado 143: client experimental support for resuming SSH-connections (roaming).
1.16 sobrado 144: In the default configuration, this could potentially leak client keys
145: to a hostile server. The authentication of the server host key
146: prevents exploitation by a man-in-the-middle, so this information leak
147: is restricted to connections to malicious or compromised servers.
148: This feature has been disabled in the
149: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
150: client, and it has been removed from the source tree. The matching
151: server code has never been shipped.
152: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
153: OpenSSH 7.0 contained a logic error in
154: <tt>PermitRootLogin=prohibit-password/without-password</tt> that could,
155: depending on compile-time configuration, permit password authentication
156: to root while preventing other forms of authentication.
157: <li>Eliminate the fallback from untrusted X11-forwarding to trusted
158: forwarding for cases when the X server disables the <tt>SECURITY</tt>
159: extension.
160: <li>Fix an out of-bound read access in the packet handling code.
1.18 sobrado 161: <li>Further use of
162: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">explicit_bzero(3)</a>
163: has been added in various buffer handling code paths to guard against
164: compilers aggressively doing dead-store removal.
1.1 deraadt 165: </ul>
166: <li>The following significant bugs have been fixed in this release:
167: <ul>
1.16 sobrado 168: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
169: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
1.18 sobrado 170: add compatibility workarounds for FuTTY.
1.16 sobrado 171: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
172: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
1.18 sobrado 173: refine compatibility workarounds for WinSCP.
1.16 sobrado 174: <li>Fix a number of memory faults (double-free, free of uninitialised
175: memory, etc) in
176: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
177: and
178: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>.
1.18 sobrado 179: <li>Correctly interpret the <tt>first_kex_follows</tt> option during the
180: initial key exchange.
1.1 deraadt 181: </ul>
182: </ul>
183: <p>
1.17 sobrado 184: <li>LibreSSL 2.3.2
1.1 deraadt 185: <ul>
186: <li>User-visible features:
187: <ul>
1.17 sobrado 188: <li>This release corrects the handling of <tt>ClientHello</tt> messages
189: that do not include TLS extensions, resulting in such handshakes being
190: aborted.
191: <li>When loading a DSA key from an raw (without DH parameters) ASN.1
192: serialization, perform some consistency checks on its `p' and `q'
193: values, and return an error if the checks failed.
194: <li>Fixed a bug in <tt>ECDH_compute_key</tt> that can lead to silent
195: truncation of the result key without error. A coding error could cause
196: software to use much shorter keys than intended.
197: <li>Removed support for <tt>DTLS_BAD_VER</tt>. Pre-DTLSv1 implementations
198: are no longer supported.
199: <li>The engine command and parameters are removed from
200: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>.
201: Previous releases removed dynamic and builtin engine support already.
202: <li>SHA-0 is removed, which was withdrawn shortly after publication
203: twenty years ago.
204: <li>Added <tt>Certplus CA</tt> root certificate to the default
205: <tt>cert.pem</tt> file.
1.19 sobrado 206: <li>Fixed a leak in
207: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=SSL_new&sektion=3">SSL_new(3)</a>
208: in the error path.
1.17 sobrado 209: <li>Fixed a memory leak and out-of-bounds access in <tt>OBJ_obj2txt</tt>.
210: <li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
211: <tt>sizeof(RC4_CHUNK)</tt>.
1.19 sobrado 212: <li>Added
213: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=EVP_AEAD_CTX_init&sektion=3">EVP_aead_chacha20_poly1305(3)</a>
214: which matches the
1.18 sobrado 215: <tt>AEAD</tt> construction introduced in RFC 7539, which is different
216: than that already used in TLS with
1.19 sobrado 217: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=EVP_AEAD_CTX_init&sektion=3">EVP_aead_chacha20_poly1305(3)</a>.
1.18 sobrado 218: <li>More man pages converted from pod to
219: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mdoc&sektion=7">mdoc(7)</a>
220: format.
1.17 sobrado 221: <li>Added <tt>COMODO RSA Certification Authority</tt> and
222: <tt>QuoVadis</tt> root certificates to <tt>cert.pem</tt>.
223: <li>Removed Remhve "<tt>C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
224: Certification Authority</tt>"
225: (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
226: root certificate from <tt>cert.pem</tt>.
227: <li>Fixed incorrect TLS certificate loading by
228: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.
229: <li>The following CVEs had been fixed:
230: <ul>
231: <li><tt>CVE-2015-3194</tt>—NULL pointer dereference in client
232: side certificate validation.
233: <li><tt>CVE-2015-3195</tt>—memory leak in PKCS7, not reachable
234: from TLS/SSL.
235: </ul>
236: <li>Note: The following OpenSSL CVEs did not apply to LibreSSL:
237: <ul>
238: <li><tt>CVE-2015-3193</tt>—carry propagating bug in the x86_64
239: Montgomery squaring procedure.
240: <li><tt>CVE-2015-3196</tt>—double free race condition of the
241: identify hint data.
242: </ul>
1.1 deraadt 243: </ul>
244: <li>Code improvements:
245: <ul>
1.17 sobrado 246: <li>Added install target for <tt>cmake</tt> builds.
247: <li>Updated <tt>pkgconfig</tt> files to correctly report the release
248: version number, not the individual library ABI version numbers.
249: <li>SSLv3 is now permanently removed from the tree.
250: <li>The <tt>libtls</tt> API is changed from the 2.2.x series:
251: <ul>
1.19 sobrado 252: <li>The
253: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_read(3)</a>
254: and
255: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_write(3)</a>
256: functions now work better with external event libraries.
1.17 sobrado 257: <li>Client-side verification is now supported, with the client
258: supplying the certificate to the server.
1.19 sobrado 259: <li>Also, when using
260: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_fds(3)</a>,
261: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_socket(3)</a>
262: or
263: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_accept_fds(3)</a>,
1.17 sobrado 264: <tt>libtls</tt> no longer implicitly closes the passed in sockets.
265: The caller is responsible for closing them in this case.
266: </ul>
267: <li>New interface <tt>OPENSSL_cpu_caps</tt> is provided that does not
268: allow software to inadvertently modify cpu capability flags.
269: <tt>OPENSSL_ia32cap</tt> and <tt>OPENSSL_ia32cap_loc</tt> are removed.
1.18 sobrado 270: <li>The <tt>out_len</tt> argument of <tt>AEAD</tt> changed from
271: <tt>ssize_t</tt> to <tt>size_t</tt>.
1.17 sobrado 272: <li>Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
273: <li>Converted
274: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>
275: to use <tt>libtls</tt> for client and server operations; it is
276: included in the libressl-portable distribution as an example of how
277: to use the <tt>libtls</tt> library. This is intended to be a simpler
278: and more robust replacement for <tt>openssl s_client</tt> and
279: <tt>openssl s_server</tt> for day-to-day operations.
280: <li>ASN.1 cleanups and RFC5280 compliance fixes.
281: <li>Time representations switched from <tt>unsigned long</tt> to
282: <tt>time_t</tt>. LibreSSL now checks if the host OS supports 64-bit
283: <tt>time_t</tt>.
284: <li>Support always extracting the peer cipher and version with
285: <tt>libtls</tt>.
286: <li>Added ability to check certificate validity times with
1.19 sobrado 287: <tt>libtls</tt>,
288: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_peer_cert_notbefore(3)</a>
289: and
290: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_peer_cert_notafter(3)</a>.
291: <li>Changed
292: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_servername(3)</a>
293: to use the first address that resolves with
1.18 sobrado 294: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
1.17 sobrado 295: <li>Remove broken conditional <tt>EVP_CHECK_DES_KEY</tt> code
296: (non-functional since initial commit in 2004).
1.19 sobrado 297: <li>Reject too small bits value in
298: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=BN_generate_prime&sektion=3">BN_generate_prime_ex(3)</a>,
1.17 sobrado 299: so that it does not risk becoming negative in
300: <tt>probable_prime_dh_safe()</tt>.
1.18 sobrado 301: <li>Changed format of <tt>LIBRESSL_VERSION_NUMBER</tt> to match that of
1.17 sobrado 302: <tt>OPENSSL_VERSION_NUMBER</tt>.
303: <li>Avoid a potential undefined C99+ behavior due to shift overflow in
304: <tt>AES_decrypt</tt>.
305: <li>Deprecated the <tt>SSL_OP_SINGLE_DH_USE</tt> flag.
1.1 deraadt 306: </ul>
307: </ul>
308: <p>
309: <li>Syslogd:
310: <ul>
311: <li>...
312: </ul>
313: <p>
314: <li>Ports and packages:
315: <dl>
316: <dt>Many pre-built packages for each architecture:
317: <table border=0 cellspacing=0 cellpadding=2 width="95%">
318: <tr>
319: <td valign="top" width="25%">
320: <ul>
321: <li>alpha: xxxx
322: <li>amd64: xxxx
323: <li>hppa: xxxx
324: </ul></td><td valign=top width="25%"><ul>
325: <li>i386: xxxx
326: <li>mips64: xxxx
327: <li>mips64el: xxxx
328: </ul></td><td valign=top width="25%"><ul>
329: <li>powerpc: xxxx
330: <li>sh: xxxx
331: <li>sparc64: xxxx
332: </ul></td><td valign=top width="25%"><ul>
333: <li>vax: xxxx
334: </ul></td></tr></table>
335: <p>
336:
337: <dt>Some highlights:
338: <table border=0 cellspacing=0 cellpadding=2 width="95%">
339: <tr>
340: <td valign="top" width="33%"><ul>
1.15 lteo 341: <li>Chromium 48.0.2564.97
1.1 deraadt 342: <li>Emacs 21.4 and 24.5
1.3 jsg 343: <li>GCC 4.9.3
344: <li>GHC 7.10.3
345: <li>GNOME 3.18.2
1.5 sthen 346: <li>Go 1.5.3
1.1 deraadt 347: <li>Groff 1.22.3
348: <li>JDK 1.7.0.80 and 1.8.0.45
349: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
350: <li>LLVM/Clang 3.5 (20140228)
1.3 jsg 351: <li>LibreOffice 5.0.4.2
352: <li>MariaDB 10.0.23
353: <li>Mono 4.2.1.102
1.13 jsg 354: <li>Mozilla Firefox 38.6.0esr and 44.0
1.3 jsg 355: <li>Mozilla Thunderbird 38.5.1
1.1 deraadt 356: </ul></td><td valign=top width="33%"><ul>
1.22 abieber 357: <li>Node.js 4.3.0
1.3 jsg 358: <li>OpenLDAP 2.3.43 and 2.4.43
1.5 sthen 359: <li>PHP 5.4.45, 5.5.31 and 5.6.17
1.3 jsg 360: <li>Postfix 3.0.3
361: <li>PostgreSQL 9.4.5
362: <li>Python 2.7.11, 3.4.4 and 3.5.1
363: <li>R 3.2.3
364: <li>Ruby 1.8.7.374, 2.0.0.648, 2.1.8, 2.2.4 and 2.3.0
1.15 lteo 365: <li>Rust 1.6.0
1.1 deraadt 366: <li>Sendmail 8.15.2
1.3 jsg 367: <li>Sudo 1.8.15
1.1 deraadt 368: <li>Tcl/Tk 8.5.18 and 8.6.4
369: <li>TeX Live 2014
1.3 jsg 370: <li>Vim 7.4.900
1.1 deraadt 371: <li>Xfce 4.12
372: </ul></td><td valign=top width="34%">
373: </td></tr></table>
374: <p>
375:
376: <li>As usual, steady improvements in manual pages and other documentation.
377: <p>
378:
379: <li>The system includes the following major components from outside suppliers:
380: <ul>
1.3 jsg 381: <li>Xenocara (based on X.Org 7.7 with xserver 1.17.4 + patches,
1.8 jsg 382: freetype 2.6.2, fontconfig 2.11.1, Mesa 11.0.9, xterm 322,
1.21 matthieu 383: xkeyboard-config 2.17 and more)
1.1 deraadt 384: <li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
385: <li>Perl 5.20.2 (+ patches)
1.3 jsg 386: <li>SQLite 3.9.2 (+ patches)
387: <li>NSD 4.1.7
388: <li>Unbound 1.5.7
1.1 deraadt 389: <li>Ncurses 5.7
390: <li>Binutils 2.17 (+ patches)
391: <li>Gdb 6.3 (+ patches)
392: <li>Less 458 (+ patches)
393: <li>Awk Aug 10, 2011 version
394: </ul>
395:
396: </ul>
397:
398: <a name="install"></a>
399: <hr>
400: <p>
401: <h3><font color="#0000e0">How to install</font></h3>
402: <p>
403: Following this are the instructions which you would have on a piece of
404: paper if you had purchased a CDROM set instead of doing an alternate
405: form of install. The instructions for doing an HTTP (or other style
406: of) install are very similar; the CDROM instructions are left intact
407: so that you can see how much easier it would have been if you had
408: purchased a CDROM instead.
409: <p>
410:
411: <hr>
412: Please refer to the following files on the three CDROMs or mirror site for
413: extensive details on how to install OpenBSD 5.9 on your machine:
414: <p>
415: <ul>
416: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
417: .../OpenBSD/5.9/alpha/INSTALL.alpha (on CD1)</a>
418: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/i386/INSTALL.i386">
419: .../OpenBSD/5.9/i386/INSTALL.i386 (on CD1)</a>
420: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
421: .../OpenBSD/5.9/hppa/INSTALL.hppa (on CD1)</a>
422: <p>
423: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/amd64/INSTALL.amd64">
424: .../OpenBSD/5.9/amd64/INSTALL.amd64 (on CD2)</a>
425: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
426: .../OpenBSD/5.9/macppc/INSTALL.macppc (on CD2)</a>
427: <p>
428: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sparc64/INSTALL.sparc64">
429: .../OpenBSD/5.9/sparc64/INSTALL.sparc64 (on CD3)</a>
430: <p>
431: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
432: .../OpenBSD/5.9/alpha/INSTALL.alpha</a>
433: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
434: .../OpenBSD/5.9/hppa/INSTALL.hppa</a>
435: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/landisk/INSTALL.landisk">
436: .../OpenBSD/5.9/landisk/INSTALL.landisk</a>
437: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/loongson/INSTALL.loongson">
438: .../OpenBSD/5.9/loongson/INSTALL.loongson</a>
439: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/luna88k/INSTALL.luna88k">
440: .../OpenBSD/5.9/luna88k/INSTALL.luna88k</a>
441: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
442: .../OpenBSD/5.9/macppc/INSTALL.macppc</a>
443: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/octeon/INSTALL.octeon">
444: .../OpenBSD/5.9/octeon/INSTALL.octeon</a>
445: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sgi/INSTALL.sgi">
446: .../OpenBSD/5.9/sgi/INSTALL.sgi</a>
447: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/socppc/INSTALL.socppc">
448: .../OpenBSD/5.9/socppc/INSTALL.socppc</a>
449: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/vax/INSTALL.vax">
450: .../OpenBSD/5.9/vax/INSTALL.vax</a>
451: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/zaurus/INSTALL.zaurus">
452: .../OpenBSD/5.9/zaurus/INSTALL.zaurus</a>
453: </ul>
454: <hr>
455:
456: <p>
457: Quick installer information for people familiar with OpenBSD, and the
458: use of the "disklabel -E" command. If you are at all confused when
459: installing OpenBSD, read the relevant INSTALL.* file as listed above!
460: <p>
461:
462: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
463: <ul>
464: The OpenBSD/i386 release is on CD1.
465: Boot from the CD to begin the install - you may need to adjust
466: your BIOS options first.
467:
468: <p>
469: If your machine can boot from USB, you can write <i>install59.fs</i> or
470: <i>miniroot59.fs</i> to a USB stick and boot from it.
471:
472: <p>
473: If you can't boot from a CD, floppy disk, or USB,
474: you can install across the network using PXE as described in
475: the included INSTALL.i386 document.
476:
477: <p>
478: If you are planning on dual booting OpenBSD with another OS, you will need to
479: read INSTALL.i386.
480:
481: </ul>
482:
483: <p>
484: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
485: <ul>
486: The OpenBSD/amd64 release is on CD2.
487: Boot from the CD to begin the install - you may need to adjust
488: your BIOS options first.
489:
490: <p>
491: If your machine can boot from USB, you can write <i>install59.fs</i> or
492: <i>miniroot59.fs</i> to a USB stick and boot from it.
493:
494: <p>
495: If you can't boot from a CD, floppy disk, or USB,
496: you can install across the network using PXE as described in the included
497: INSTALL.amd64 document.
498:
499: <p>
500: If you are planning to dual boot OpenBSD with another OS, you will need to
501: read INSTALL.amd64.
502: </ul>
503:
504: <p>
505: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
506: <ul>
507: Burn the image from a mirror site to a CDROM, and power on your machine
508: while holding down the <i>C</i> key until the display turns on and
509: shows <i>OpenBSD/macppc boot</i>.
510:
511: <p>
512: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
513: /5.9/macppc/bsd.rd</i>
514: </ul>
515:
516: <p>
517: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
518: <ul>
519: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
520:
521: <p>
522: If this doesn't work, or if you don't have a CDROM drive, you can write
523: <i>CD3:5.9/sparc64/floppy59.fs</i> or <i>CD3:5.9/sparc64/floppyB59.fs</i>
524: (depending on your machine) to a floppy and boot it with <i>boot
525: floppy</i>. Refer to INSTALL.sparc64 for details.
526:
527: <p>
528: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
529: will most likely fail.
530:
531: <p>
532: You can also write <i>CD3:5.9/sparc64/miniroot59.fs</i> to the swap partition on
533: the disk and boot with <i>boot disk:b</i>.
534:
535: <p>
536: If nothing works, you can boot over the network as described in INSTALL.sparc64.
537: </ul>
538:
539: <p>
540: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
541: <ul>
542: <p>Write <i>FTP:5.9/alpha/floppy59.fs</i> or
543: <i>FTP:5.9/alpha/floppyB59.fs</i> (depending on your machine) to a diskette and
544: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
545:
546: <p>
547: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
548: will most likely fail.
549:
550: </ul>
551:
552: <p>
553: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
554: <ul>
555: <p>
556: Boot over the network by following the instructions in INSTALL.hppa or the
557: <a href="hppa.html#install">hppa platform page</a>.
558: </ul>
559:
560: <p>
561: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
562: <ul>
563: <p>
564: Write <i>miniroot59.fs</i> to the start of the CF
565: or disk, and boot normally.
566: </ul>
567:
568: <p>
569: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
570: <ul>
571: <p>
572: Write <i>miniroot59.fs</i> to a USB stick and boot bsd.rd from it
573: or boot bsd.rd via tftp.
574: Refer to the instructions in INSTALL.loongson for more details.
575: </ul>
576: <p>
577:
578: <p>
579: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
580: <ul>
581: <p>
582: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
583: from the PROM, and then bsd.rd from the bootloader.
584: Refer to the instructions in INSTALL.luna88k for more details.
585: </ul>
586:
587: <p>
588: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
589: <ul>
590: <p>
591: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
592: Refer to the instructions in INSTALL.octeon for more details.
593: </ul>
594:
595: <p>
596: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
597: <ul>
598: <p>
599: To install, burn cd59.iso on a CD-R, put it in the CD drive of your
600: machine and select <i>Install System Software</i> from the System Maintenance
601: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
602: CD-ROM, and need a proper invocation from the PROM prompt.
603: Refer to the instructions in INSTALL.sgi for more details.
604:
605: <p>
606: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
607: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
608: system type. Refer to the instructions in INSTALL.sgi for more details.
609: </ul>
610:
611: <p>
612: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
613: <ul>
614: <p>
615: After connecting a serial port, boot over the network via DHCP/tftp.
616: Refer to the instructions in INSTALL.socppc for more details.
617: </ul>
618:
619: <p>
620: <h3><font color="#e00000">OpenBSD/vax:</font></h3>
621: <ul>
622: Boot over the network via mopbooting as described in INSTALL.vax.
623: </ul>
624:
625: <p>
626: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
627: <ul>
628: <p>
629: Using the Linux built-in graphical ipkg installer, install the
630: openbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
631: for a few important details.
632: </ul>
633:
634: <a name="upgrade"></a>
635: <hr>
636: <p>
637: <h3><font color="#0000e0">How to upgrade</font></h3>
638: <p>
1.6 tj 639: If you already have an OpenBSD 5.8 system, and do not want to reinstall,
1.1 deraadt 640: upgrade instructions and advice can be found in the
641: <a href="faq/upgrade59.html">Upgrade Guide</a>.
642:
643: <a name="sourcecode"></a>
644: <hr>
645: <p>
646: <h3><font color="#0000e0">Notes about the source code</font></h3>
647: <p>
648: src.tar.gz contains a source archive starting at /usr/src. This file
649: contains everything you need except for the kernel sources, which are
650: in a separate archive. To extract:
651: <p>
652: <ul><pre>
653: # <strong>mkdir -p /usr/src</strong>
654: # <strong>cd /usr/src</strong>
655: # <strong>tar xvfz /tmp/src.tar.gz</strong>
656: </pre></ul>
657: <p>
658: sys.tar.gz contains a source archive starting at /usr/src/sys.
659: This file contains all the kernel sources you need to rebuild kernels.
660: To extract:
661: <p>
662: <ul><pre>
663: # <strong>mkdir -p /usr/src/sys</strong>
664: # <strong>cd /usr/src</strong>
665: # <strong>tar xvfz /tmp/sys.tar.gz</strong>
666: </pre></ul>
667: <p>
668: Both of these trees are a regular CVS checkout. Using these trees it
669: is possible to get a head-start on using the anoncvs servers as
670: described <a href="anoncvs.html">here</a>.
671: Using these files
672: results in a much faster initial CVS update than you could expect from
673: a fresh checkout of the full OpenBSD source tree.
674: <p>
675:
676: <a name="ports"></a>
677: <hr>
678: <p>
679: <h3><font color="#0000e0">Ports Tree</font></h3>
680: <p>
681: A ports tree archive is also provided. To extract:
682: <p>
683: <ul><pre>
684: # <strong>cd /usr</strong>
685: # <strong>tar xvfz /tmp/ports.tar.gz</strong>
686: </pre></ul>
687: <p>
688: Go read the <a href="faq/ports/index.html">ports</a> page
689: if you know nothing about ports
690: at this point. This text is not a manual of how to use ports.
691: Rather, it is a set of notes meant to kickstart the user on the
692: OpenBSD ports system.
693: <p>
694: The <i>ports/</i> directory represents a CVS (see the manpage for
695: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
696: cvs(1)</a> if
697: you aren't familiar with CVS) checkout of our ports. As with our complete
698: source tree, our ports tree is available via
699: <a href="anoncvs.html">AnonCVS</a>.
700: So, in order to keep up to date with the <i>-stable</i> branch, you must make
701: the <i>ports/</i> tree available on a read-write medium and update the tree
702: with a command like:
703: <p>
704: <ul><pre>
705: # <strong>cd /usr/ports</strong>
706: # <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9</strong>
707: </pre></ul>
708: <p>
709: [Of course, you must replace the server name here with a nearby anoncvs
710: server.]
711: <p>
712: Note that most ports are available as packages on our mirrors. Updated
713: ports for the 5.9 release will be made available if problems arise.
714: <p>
715: If you're interested in seeing a port added, would like to help out, or just
716: would like to know more, the mailing list
717: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
718: <p>
719: </body>
720: </html>