<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD 5.9</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="description" content="OpenBSD 5.9">
<meta name="copyright" content="This document copyright 2015 by OpenBSD.">
<link rel="canonical" href="http://www.openbsd.org/59.html">
</head>
<body bgcolor="#ffffff" text="#000000" link="#24248E">
<a href="index.html">
<img alt="[OpenBSD]" height="30" width="141" hspace="24" src="images/smalltitle.gif" border="0"></a>
<p>
<a href="images/XXX.jpg">
<img align="left" width="227" height="343" hspace="24" vspace="10" src="images/XXX.jpg"></a>
<h2><font color="#0000e0">OpenBSD 5.9</font></h2>
<p>
To be released May 1, 2016<br>
Copyright 1997-2016, Theo de Raadt.<br>
<font color="#e00000">ISBN 978-0-9881561-7-3</font>
<br>
5.9 Songs: <a href="lyrics.html#59a">"xxx"</a>,
<a href="lyrics.html#59b">"xxx"</a>
<ul>
<li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <font color="#e00000">pub/OpenBSD/5.9/</font> directory on
one of the mirror sites.
<li>Have a look at <a href="errata59.html">the 5.9 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus59.html">detailed log of changes</a> between the
5.8 and 5.9 releases.
<p>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br>
<pre>
base: RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVn
fw: RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1
pkg: RWSLRYDCTJeWLIScncqwGuXK6JVXDcIyRT0q+0m30MXXG4W2xWS4NZBP
</pre>
</ul>
<br clear=all>
All applicable copyrights and credits can be found in the applicable
file sources found in the files src.tar.gz, sys.tar.gz,
xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
distribution files used to build packages from the ports.tar.gz file
are not included on the CDROM because of lack of space.
<p>
<a name="new"></a>
<hr>
<p>
<h3><font color="#0000e0">What's New</font></h3>
<p>
This is a partial list of new features and systems included in OpenBSD 5.9.
For a comprehensive list, see the <a href="plus59.html">changelog</a> leading
to 5.9.
<p>
<ul>
<li>Improved hardware support, including:
<ul>
<li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=puc&sektion=4">puc(4)</a> driver now supports Moxa CP-168U, Perle Speed8 LE and QEMU PCI serial devices.
<li>Intel i219 network chip support added to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> driver.
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=asmc&sektion=4">asmc(4)</a> driver for the Apple System Management Controller.
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchtemp&sektion=4">pchtemp(4)</a> driver for the thermal sensor found on Intel X99, C610 series, 9 series and 100 series PCH.
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uonerng&sektion=4">uonerng(4)</a> driver for the Moonbase Otago OneRNG.
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ikbd&sektion=4">ikbd(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=imt&sektion=4">imt(4)</a> drivers for HID-over-i2c keyboards and multitouch touchpads.
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=viocon&sektion=4">viocon(4)</a> driver for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=virtio&sektion=4">virtio(4)</a> console interface provided by KVM, QEMU, and others.
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=etherip&sektion=4">etherip(4)</a> pseude-device for tunnelling Ethernet frames across IP[46] networks using RFC 3378 EtherIP encapsulation.
<li>...
</ul>
<p>
<li>Removed hardware support:
<ul>
<li>ST-506 disks are no longer supported.
<li>...
</ul>
<p>
<li>Generic network stack improvements:
<ul>
<li>Remove support for obsolete IPv6 socket options.
<li>...
</ul>
<p>
<li>Installer improvements:
<ul>
<li>Inappropriate user choices from a list of options are more reliably rejected.
<li>Installing to a disk partitioned with a GPT is now supported (amd64 only).
<li>When initializing a GPT the required EFI System partition is automatically created.
<li>When installing to a GPT disk <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=installboot&sektion=8">installboot(8)</a> now formats the EFI System partition, creates the appropriate directory structure and copies the required UEFI boot files into place.
<li>...
</ul>
<p>
<li>Routing daemons and other userland network improvements:
<ul>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now supports multiple domain names provided via DHCP option 15 (Domain Name).
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now supports search domains provided via DHCP option 119 (Domain Search).
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> no longer continually checks for a change to the routing domain of the interface it controls. It now relies on the appropriate routing socket messages.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now issues DHCP DECLINE responses to lease offers found to be inadequate, and restarts the DISCOVER/RENEW process rather than waiting indefinitely for a better lease to appear.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> no longer exits if a desired route cannot be added. It now just reports the fact.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> now takes a much more careful approach to received packets to ensure only received data is used to process the packet. Packets with incorrect length information or lacking appropriate header information are now dropped.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> again disables pending timeouts if the interface link is lost, preventing endless retries at obtaining a lease.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> was pledged.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> again properly utilizes default-lease-time, max-lease-time and bootp-lease-time options.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> was pledged.
<li>...
</ul>
<p>
<li>Security improvements:
<ul>
<li>...
<li>Support for looking up hosts via YP has been removed from libc.
The 'yp' lookup method in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5">resolv.conf</a>
is no longer available.
<li>Support for the HOSTALIASES environment variable has been removed from libc.
</ul>
<p>
<li>Assorted improvements:
<ul>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=doas&sektion=1">doas(1)</a>
is a little friendlier to use.
<li>Updated
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=flex&sektion=1">flex(1)</a>.
<li>Updated and improved
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=less&sektion=1">less(1)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/macppc/pdisk.8?query=pdisk">pdisk(8)</a> was largely rewritten and pledged.
<li>Renaming files in the root directory of a MSDOS filesystem was fixed.
<li>Many obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/disktab.5?query=disktab">disktab(5)</a> attributes and entries were removed.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4?query=softraid">softraid(4)</a> volumes now correctly look for the disklabel in the first OpenBSD disk partition, not the last.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4?query=softraid">softraid(4)</a> volumes can now be partitioned with a GPT.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=9">fdisk(8)</a> now creates a default GPT as well as the protective MBR when the '-g' flag is used.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8">fdisk(8)</a> now has a '-b' flag that specifies the size of the EFI System partition to create.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8">fdisk(8)</a> now has a '-v' flag that causes a verbose display of both MBR and GPT information.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8">fdisk(8)</a> now provides full interactive GPT editing.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8">fdisk(8)</a> was pledged.
<li>Disks with sector sizes other than 512 bytes can now be partitioned with a GPT.
<li>The GPT kernel option was removed and GPT support is part of all GENERIC and GENERIC derived kernels.
<li>Many improvements were made to the GPT kernel support to ensure safe and reliable operation of GPT and MBR processing.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sec=8">disklabel(8)</a> no longer supports boot code installation, with the -B and -b flags being removed. The associated fields in the disklabel were also removed. These functions are now all performed by
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=installboot&sektion=8">installboot(8)</a>.
<li>...
</ul>
<p>
<li>OpenBSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>:
<ul>
<li>...
</ul>
<p>
<li>OpenSMTPD
<ul>
<li>...
</ul>
<p>
<li>OpenSSH 7.1
<ul>
<li>Security:
<ul>
<li>Qualys Security identified vulnerabilities in the
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
client experimental support for resuming SSH-connections (roaming).
In the default configuration, this could potentially leak client keys
to a hostile server. The authentication of the server host key
prevents exploitation by a man-in-the-middle, so this information leak
is restricted to connections to malicious or compromised servers.
This feature has been disabled in the
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
client, and it has been removed from the source tree. The matching
server code has never been shipped.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
OpenSSH 7.0 contained a logic error in
<tt>PermitRootLogin=prohibit-password/without-password</tt> that could,
depending on compile-time configuration, permit password authentication
to root while preventing other forms of authentication.
<li>Eliminate the fallback from untrusted X11-forwarding to trusted
forwarding for cases when the X server disables the <tt>SECURITY</tt>
extension.
<li>Fix an out of-bound read access in the packet handling code.
<li>Further use of
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">explicit_bzero(3)</a>
has been added in various buffer handling code paths to guard against
compilers aggressively doing dead-store removal.
</ul>
<li>The following significant bugs have been fixed in this release:
<ul>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
add compatibility workarounds for FuTTY.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
refine compatibility workarounds for WinSCP.
<li>Fix a number of memory faults (double-free, free of uninitialised
memory, etc) in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
and
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>.
<li>Correctly interpret the <tt>first_kex_follows</tt> option during the
initial key exchange.
</ul>
</ul>
<p>
<li>LibreSSL 2.3.2
<ul>
<li>User-visible features:
<ul>
<li>This release corrects the handling of <tt>ClientHello</tt> messages
that do not include TLS extensions, resulting in such handshakes being
aborted.
<li>When loading a DSA key from an raw (without DH parameters) ASN.1
serialization, perform some consistency checks on its `p' and `q'
values, and return an error if the checks failed.
<li>Fixed a bug in <tt>ECDH_compute_key</tt> that can lead to silent
truncation of the result key without error. A coding error could cause
software to use much shorter keys than intended.
<li>Removed support for <tt>DTLS_BAD_VER</tt>. Pre-DTLSv1 implementations
are no longer supported.
<li>The engine command and parameters are removed from
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>.
Previous releases removed dynamic and builtin engine support already.
<li>SHA-0 is removed, which was withdrawn shortly after publication
twenty years ago.
<li>Added <tt>Certplus CA</tt> root certificate to the default
<tt>cert.pem</tt> file.
<li>Fixed a leak in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=SSL_new&sektion=3">SSL_new(3)</a>
in the error path.
<li>Fixed a memory leak and out-of-bounds access in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=OBJ_nid2obj&sektion=3">OBJ_obj2txt(3)</a>.
<li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
<tt>sizeof(RC4_CHUNK)</tt>.
<li>Added
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=EVP_AEAD_CTX_init&sektion=3">EVP_aead_chacha20_poly1305(3)</a>
which matches the
<tt>AEAD</tt> construction introduced in RFC 7539, which is different
than that already used in TLS with
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=EVP_AEAD_CTX_init&sektion=3">EVP_aead_chacha20_poly1305(3)</a>.
<li>More man pages converted from pod to
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mdoc&sektion=7">mdoc(7)</a>
format.
<li>Added <tt>COMODO RSA Certification Authority</tt> and
<tt>QuoVadis</tt> root certificates to <tt>cert.pem</tt>.
<li>Removed Remhve "<tt>C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority</tt>"
(serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
root certificate from <tt>cert.pem</tt>.
<li>Fixed incorrect TLS certificate loading by
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.
<li>The following CVEs had been fixed:
<ul>
<li><tt>CVE-2015-3194</tt>—NULL pointer dereference in client
side certificate validation.
<li><tt>CVE-2015-3195</tt>—memory leak in PKCS7, not reachable
from TLS/SSL.
</ul>
<li>Note: The following OpenSSL CVEs did not apply to LibreSSL:
<ul>
<li><tt>CVE-2015-3193</tt>—carry propagating bug in the x86_64
Montgomery squaring procedure.
<li><tt>CVE-2015-3196</tt>—double free race condition of the
identify hint data.
</ul>
</ul>
<li>Code improvements:
<ul>
<li>Added install target for <tt>cmake</tt> builds.
<li>Updated <tt>pkgconfig</tt> files to correctly report the release
version number, not the individual library ABI version numbers.
<li>SSLv3 is now permanently removed from the tree.
<li>The <tt>libtls</tt> API is changed from the 2.2.x series:
<ul>
<li>The
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_read(3)</a>
and
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_write(3)</a>
functions now work better with external event libraries.
<li>Client-side verification is now supported, with the client
supplying the certificate to the server.
<li>Also, when using
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_fds(3)</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_socket(3)</a>
or
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_accept_fds(3)</a>,
<tt>libtls</tt> no longer implicitly closes the passed in sockets.
The caller is responsible for closing them in this case.
</ul>
<li>New interface <tt>OPENSSL_cpu_caps</tt> is provided that does not
allow software to inadvertently modify cpu capability flags.
<tt>OPENSSL_ia32cap</tt> and <tt>OPENSSL_ia32cap_loc</tt> are removed.
<li>The <tt>out_len</tt> argument of <tt>AEAD</tt> changed from
<tt>ssize_t</tt> to <tt>size_t</tt>.
<li>Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
<li>Converted
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>
to use <tt>libtls</tt> for client and server operations; it is
included in the libressl-portable distribution as an example of how
to use the <tt>libtls</tt> library. This is intended to be a simpler
and more robust replacement for <tt>openssl s_client</tt> and
<tt>openssl s_server</tt> for day-to-day operations.
<li>ASN.1 cleanups and RFC5280 compliance fixes.
<li>Time representations switched from <tt>unsigned long</tt> to
<tt>time_t</tt>. LibreSSL now checks if the host OS supports 64-bit
<tt>time_t</tt>.
<li>Support always extracting the peer cipher and version with
<tt>libtls</tt>.
<li>Added ability to check certificate validity times with
<tt>libtls</tt>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_peer_cert_notbefore(3)</a>
and
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_peer_cert_notafter(3)</a>.
<li>Changed
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_servername(3)</a>
to use the first address that resolves with
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
<li>Remove broken conditional <tt>EVP_CHECK_DES_KEY</tt> code
(non-functional since initial commit in 2004).
<li>Reject too small bits value in
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=BN_generate_prime&sektion=3">BN_generate_prime_ex(3)</a>,
so that it does not risk becoming negative in
<tt>probable_prime_dh_safe()</tt>.
<li>Changed format of <tt>LIBRESSL_VERSION_NUMBER</tt> to match that of
<tt>OPENSSL_VERSION_NUMBER</tt>.
<li>Avoid a potential undefined C99+ behavior due to shift overflow in
<tt>AES_decrypt</tt>.
<li>Deprecated the <tt>SSL_OP_SINGLE_DH_USE</tt> flag.
</ul>
</ul>
<p>
<li>Syslogd:
<ul>
<li>...
</ul>
<p>
<li>Ports and packages:
<dl>
<dt>Many pre-built packages for each architecture:
<table border=0 cellspacing=0 cellpadding=2 width="95%">
<tr>
<td valign="top" width="25%">
<ul>
<li>alpha: xxxx
<li>amd64: xxxx
<li>hppa: xxxx
</ul></td><td valign=top width="25%"><ul>
<li>i386: xxxx
<li>mips64: xxxx
<li>mips64el: xxxx
</ul></td><td valign=top width="25%"><ul>
<li>powerpc: xxxx
<li>sh: xxxx
<li>sparc64: xxxx
</ul></td><td valign=top width="25%"><ul>
<li>vax: xxxx
</ul></td></tr></table>
<p>
<dt>Some highlights:
<table border=0 cellspacing=0 cellpadding=2 width="95%">
<tr>
<td valign="top" width="33%"><ul>
<li>Chromium 48.0.2564.109
<li>Emacs 21.4 and 24.5
<li>GCC 4.9.3
<li>GHC 7.10.3
<li>GNOME 3.18.2
<li>Go 1.5.3
<li>Groff 1.22.3
<li>JDK 1.7.0.80 and 1.8.0.45
<li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
<li>LLVM/Clang 3.5 (20140228)
<li>LibreOffice 5.0.4.2
<li>MariaDB 10.0.23
<li>Mono 4.2.1.102
<li>Mozilla Firefox 38.6.1esr and 44.0.2
<li>Mozilla Thunderbird 38.6.0
</ul></td><td valign=top width="33%"><ul>
<li>Node.js 4.3.0
<li>OpenLDAP 2.3.43 and 2.4.43
<li>PHP 5.4.45, 5.5.32 and 5.6.18
<li>Postfix 3.0.3
<li>PostgreSQL 9.4.6
<li>Python 2.7.11, 3.4.4 and 3.5.1
<li>R 3.2.3
<li>Ruby 1.8.7.374, 2.0.0.648, 2.1.8, 2.2.4 and 2.3.0
<li>Rust 1.6.0
<li>Sendmail 8.15.2
<li>Sudo 1.8.15
<li>Tcl/Tk 8.5.18 and 8.6.4
<li>TeX Live 2014
<li>Vim 7.4.900
<li>Xfce 4.12
</ul></td><td valign=top width="34%">
</td></tr></table>
<p>
<li>As usual, steady improvements in manual pages and other documentation.
<p>
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 1.17.4 + patches,
freetype 2.6.2, fontconfig 2.11.1, Mesa 11.0.9, xterm 322,
xkeyboard-config 2.17 and more)
<li>Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.20.2 (+ patches)
<li>SQLite 3.9.2 (+ patches)
<li>NSD 4.1.7
<li>Unbound 1.5.7
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Less 458 (+ patches)
<li>Awk Aug 10, 2011 version
</ul>
</ul>
<a name="install"></a>
<hr>
<p>
<h3><font color="#0000e0">How to install</font></h3>
<p>
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an HTTP (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.
<p>
<hr>
Please refer to the following files on the three CDROMs or mirror site for
extensive details on how to install OpenBSD 5.9 on your machine:
<p>
<ul>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
.../OpenBSD/5.9/alpha/INSTALL.alpha (on CD1)</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/i386/INSTALL.i386">
.../OpenBSD/5.9/i386/INSTALL.i386 (on CD1)</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
.../OpenBSD/5.9/hppa/INSTALL.hppa (on CD1)</a>
<p>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/amd64/INSTALL.amd64">
.../OpenBSD/5.9/amd64/INSTALL.amd64 (on CD2)</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
.../OpenBSD/5.9/macppc/INSTALL.macppc (on CD2)</a>
<p>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sparc64/INSTALL.sparc64">
.../OpenBSD/5.9/sparc64/INSTALL.sparc64 (on CD3)</a>
<p>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/alpha/INSTALL.alpha">
.../OpenBSD/5.9/alpha/INSTALL.alpha</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/hppa/INSTALL.hppa">
.../OpenBSD/5.9/hppa/INSTALL.hppa</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/landisk/INSTALL.landisk">
.../OpenBSD/5.9/landisk/INSTALL.landisk</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/loongson/INSTALL.loongson">
.../OpenBSD/5.9/loongson/INSTALL.loongson</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/luna88k/INSTALL.luna88k">
.../OpenBSD/5.9/luna88k/INSTALL.luna88k</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/macppc/INSTALL.macppc">
.../OpenBSD/5.9/macppc/INSTALL.macppc</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/octeon/INSTALL.octeon">
.../OpenBSD/5.9/octeon/INSTALL.octeon</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/sgi/INSTALL.sgi">
.../OpenBSD/5.9/sgi/INSTALL.sgi</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/socppc/INSTALL.socppc">
.../OpenBSD/5.9/socppc/INSTALL.socppc</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/vax/INSTALL.vax">
.../OpenBSD/5.9/vax/INSTALL.vax</a>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/5.9/zaurus/INSTALL.zaurus">
.../OpenBSD/5.9/zaurus/INSTALL.zaurus</a>
</ul>
<hr>
<p>
Quick installer information for people familiar with OpenBSD, and the
use of the "disklabel -E" command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!
<p>
<h3><font color="#e00000">OpenBSD/i386:</font></h3>
<ul>
The OpenBSD/i386 release is on CD1.
Boot from the CD to begin the install - you may need to adjust
your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install59.fs</i> or
<i>miniroot59.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/amd64:</font></h3>
<ul>
The OpenBSD/amd64 release is on CD2.
Boot from the CD to begin the install - you may need to adjust
your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install59.fs</i> or
<i>miniroot59.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/macppc:</font></h3>
<ul>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/5.9/macppc/bsd.rd</i>
</ul>
<p>
<h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
<ul>
Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>CD3:5.9/sparc64/floppy59.fs</i> or <i>CD3:5.9/sparc64/floppyB59.fs</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>CD3:5.9/sparc64/miniroot59.fs</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/alpha:</font></h3>
<ul>
<p>Write <i>FTP:5.9/alpha/floppy59.fs</i> or
<i>FTP:5.9/alpha/floppyB59.fs</i> (depending on your machine) to a diskette and
enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/hppa:</font></h3>
<ul>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/landisk:</font></h3>
<ul>
<p>
Write <i>miniroot59.fs</i> to the start of the CF
or disk, and boot normally.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/loongson:</font></h3>
<ul>
<p>
Write <i>miniroot59.fs</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
</ul>
<p>
<p>
<h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
<ul>
<p>
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/octeon:</font></h3>
<ul>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/sgi:</font></h3>
<ul>
<p>
To install, burn cd59.iso on a CD-R, put it in the CD drive of your
machine and select <i>Install System Software</i> from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
<p>
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/socppc:</font></h3>
<ul>
<p>
After connecting a serial port, boot over the network via DHCP/tftp.
Refer to the instructions in INSTALL.socppc for more details.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/vax:</font></h3>
<ul>
Boot over the network via mopbooting as described in INSTALL.vax.
</ul>
<p>
<h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
<ul>
<p>
Using the Linux built-in graphical ipkg installer, install the
openbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
for a few important details.
</ul>
<a name="upgrade"></a>
<hr>
<p>
<h3><font color="#0000e0">How to upgrade</font></h3>
<p>
If you already have an OpenBSD 5.8 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade59.html">Upgrade Guide</a>.
<a name="sourcecode"></a>
<hr>
<p>
<h3><font color="#0000e0">Notes about the source code</font></h3>
<p>
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
<p>
<ul><pre>
# <strong>mkdir -p /usr/src</strong>
# <strong>cd /usr/src</strong>
# <strong>tar xvfz /tmp/src.tar.gz</strong>
</pre></ul>
<p>
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<p>
<ul><pre>
# <strong>mkdir -p /usr/src/sys</strong>
# <strong>cd /usr/src</strong>
# <strong>tar xvfz /tmp/sys.tar.gz</strong>
</pre></ul>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
<p>
<a name="ports"></a>
<hr>
<p>
<h3><font color="#0000e0">Ports Tree</font></h3>
<p>
A ports tree archive is also provided. To extract:
<p>
<ul><pre>
# <strong>cd /usr</strong>
# <strong>tar xvfz /tmp/ports.tar.gz</strong>
</pre></ul>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS (see the manpage for
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1&arch=i386">
cvs(1)</a> if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the <i>-stable</i> branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<p>
<ul><pre>
# <strong>cd /usr/ports</strong>
# <strong>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9</strong>
</pre></ul>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 5.9 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
<p>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to 59.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www