Annotation of www/60.html, Revision 1.55
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 6.0</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 6.0">
7: <meta name="copyright" content="This document copyright 2016 by OpenBSD.">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.48 tb 10: <link rel="canonical" href="https://www.openbsd.org/60.html">
1.1 deraadt 11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <h2>
16: <a href="index.html">
17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
18: <font color="#e00000">6.0</font>
19: </h2>
20:
21: <a href="images/puff.jpg">
22: <img alt="Puff" align="left" width="227" height="343" hspace="24" src="images/puff.jpg"></a>
1.24 deraadt 23: To be released Sep 1, 2016<br>
1.1 deraadt 24: Copyright 1997-2016, Theo de Raadt.<br>
25: <font color="#e00000">ISBN 978-0-9881561-8-0</font>
26: <br>
1.34 deraadt 27: 6.0 Songs:
1.40 deraadt 28: <a href="lyrics.html#60a">"Another Smash of the Stack"</a>,
1.43 deraadt 29: <a href="lyrics.html#60b">"Black Hat"</a>,
30: <a href="lyrics.html#60c">"Money"</a><br>
31:
32:
33:
34: (plus 3 more...)
1.1 deraadt 35:
36: <ul>
37: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
38: <li>See the information on <a href="ftp.html">the FTP page</a> for
39: a list of mirror machines.
40: <li>Go to the <font color="#e00000">pub/OpenBSD/6.0/</font> directory on
41: one of the mirror sites.
42: <li>Have a look at <a href="errata60.html">the 6.0 errata page</a> for a list
43: of bugs and workarounds.
44: <li>See a <a href="plus60.html">detailed log of changes</a> between the
45: 5.9 and 6.0 releases.
46: <p>
1.6 schwarze 47: <li><a href="http://man.openbsd.org/signify.1">signify(1)</a>
1.1 deraadt 48: pubkeys for this release:<br>
49: <pre>
50: base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8
51: fw: RWRWf7GJKFvJTWEMIaw9wld0DujiqL1mlrC6HisE6i78C+2SRArV1Iyo
52: pkg: RWQHIajRlT2mX7tmRgb6oN6mfJu3AgQ/TU38acrWABO8lz90dR3rNmey
53: </pre>
54: <p>
55: All applicable copyrights and credits are in the src.tar.gz,
56: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
57: files fetched via ports.tar.gz.
58: </ul>
59: <br clear=all>
60:
61: <hr>
62:
63: <h3 id="new"><font color="#0000e0">What's New</font></h3>
64:
65: This is a partial list of new features and systems included in OpenBSD 6.0.
66: For a comprehensive list, see the <a href="plus60.html">changelog</a> leading
67: to 6.0.
68:
69: <ul>
1.27 jsg 70: <li>New/extended platforms:
71: <ul>
1.28 deraadt 72: <li><a href="armv7.html">armv7</a>:
1.27 jsg 73: <ul>
74: <li>EFI bootloader added, kernels are now loaded from FFS instead
75: of FAT or EXT filesystems, without U-Boot headers.
76: <li>A single kernel and ramdisk are now used for all SoCs.
77: <li>Hardware is dynamically enumerated via Flattened Device
78: Tree (FDT) instead of via static tables based on board id numbers.
79: <li>Miniroot installer images include U-Boot 2016.07 with support for
80: EFI payloads.
81: </ul>
1.28 deraadt 82: <li><a href="vax.html">vax</a>:
83: <ul>
84: <li>Removed.
85: </ul>
1.27 jsg 86: </ul>
87: <p>
88:
1.1 deraadt 89: <li>Improved hardware support, including:
90: <ul>
1.25 jsg 91: <li>New <a href="http://man.openbsd.org/?query=bytgpio">bytgpio(4)</a>
92: driver for the Intel Bay Trail GPIO controller.
93: <li>New <a href="http://man.openbsd.org/?query=chvgpio">chvgpio(4)</a>
94: driver for the Intel Cherry View GPIO controller.
95: <li>New <a href="http://man.openbsd.org/?query=maxrtc">maxrtc(4)</a>
96: driver for the Maxim DS1307 real time clock.
97: <li>New <a href="http://man.openbsd.org/?query=nvme">nvme(4)</a>
98: driver for the Non-Volatile Memory Express (NVMe) host controller interface.
99: <li>New <a href="http://man.openbsd.org/?query=pcfrtc">pcfrtc(4)</a>
100: driver for the NXP PCF8523 real time clock.
101: <li>New <a href="http://man.openbsd.org/?query=umb">umb(4)</a>
102: driver for the Mobile Broadband Interface Model (MBIM).
103: <li>New <a href="http://man.openbsd.org/?query=ure">ure(4)</a>
104: driver for RealTek RTL8152 based 10/100 USB Ethernet devices.
105: <li>New <a href="http://man.openbsd.org/?query=utvfu">utvfu(4)</a>
106: driver for audio/video capture devices based on the Fushicai USBTV007.
107: <li>The <a href="http://man.openbsd.org/?query=iwm">iwm(4)</a> driver
108: supports more models, notably the Intel Wireless 3165 and 8260.
109: <li>Support for I2C HID devices with GPIO signalled interrupts has
110: been added to <a href="http://man.openbsd.org/?query=dwiic">dwiic(4)</a>.
1.26 jsg 111: <li>Support for larger bus widths, high speed modes, and DMA
112: transfers has been added to
113: <a href="http://man.openbsd.org/?query=sdmmc">sdmmc(4)</a>,
1.55 ! tb 114: <a href="http://man.openbsd.org/?query=rtsx">rtsx(4)</a>,
1.26 jsg 115: <a href="http://man.openbsd.org/?query=sdhc">sdhc(4)</a>, and
1.55 ! tb 116: <a href="http://man.openbsd.org/?query=imxesdhc">imxesdhc(4)</a>.
1.31 visa 117: <li>Support for EHCI and OHCI compliant USB controllers on Octeon II SoCs.
118: <li>Many USB device drivers have been enabled on OpenBSD/octeon.
1.54 stsp 119: <li>Improved support for hardware-reduced ACPI implementations.
1.53 kettenis 120: <li>AES-NI crypto is now down without holding the kernel lock.
1.54 stsp 121: <li>Improved AGP support on PowerPC G5 machines.
122: <li>Added support for the SD card slot in Intel Bay Trail SoCs.
123: <li>The <a href="http://man.openbsd.org/?query=ichiic">ichiic(4)</a> driver
124: now ignores the SMBALERT# interrupt to prevent an interrupt storm.
125: <li>Device attachment problems with the
126: <a href="http://man.openbsd.org/?query=axen">axen(4)</a> driver have
127: been fixed.
128: <li>The <a href="http://man.openbsd.org/?query=ral">ral(4)</a> driver
129: is more stable under load with RT2860 devices.
130: <li>Problems with dead keyboards after resume have been fixed in the
131: <a href="http://man.openbsd.org/?query=pckbd">pckbd(4)</a> driver.
132: <li>The <a href="http://man.openbsd.org/?query=rtsx">rtsx(4)</a> driver
133: now supports RTS522A devices.
134: <li>Initial support for MSI-X has been added.
135: <li>Support for MSI-X has been added to the
136: <a href="http://man.openbsd.org/?query=virtio">virtio(4)</a> driver.
137: <li>Added a workaround for hardware DMA overruns to the
138: <a href="http://man.openbsd.org/man4/dc.4">dc(4)</a> driver.
139: <li>The <a href="http://man.openbsd.org/?query=acpitz">acpitz(4)</a> driver
140: now spins the fan down after cooling if ACPI uses hysteresis for
141: active cooling.
142: <li>The <a href="http://man.openbsd.org/?query=xhci">xhci(4)</a> driver
143: now performs handoff from an xHCI-capable BIOS correctly.
1.1 deraadt 144: </ul>
145: <p>
146:
147: <li>SMP network stack improvements:
148: <ul>
1.31 visa 149: <li>The Tx queue of the
150: <a href="http://man.openbsd.org/?query=cnmac">cnmac(4)</a>
151: driver can now be processed in parallel of the rest of the kernel.
1.49 mpi 152: <li>Network input path is now run in thread context.
1.1 deraadt 153: </ul>
154: <p>
155:
1.30 stsp 156: <li>IEEE 802.11 wireless stack improvements:
1.1 deraadt 157: <ul>
1.30 stsp 158: <li>The HT block ack receive buffer logic follows the algorithm given
159: in the 802.11-2012 spec more closely.
160: <li>The <a href="http://man.openbsd.org/?query=iwn">iwn(4)</a> driver now
161: keeps track of HT protection changes while associated to an 11n AP.
162: <li>The wireless stack and several drivers make more aggressive use
163: of RTS/CTS to avoid interference from legacy devices and hidden nodes.
1.1 deraadt 164: </ul>
165: <p>
166:
167: <li>Generic network stack improvements:
168: <ul>
1.49 mpi 169: <li>The routing table is now based on
170: <a href="http://www.hariguchi.org/art/art.pdf">ART</a> offering a
171: faster lookup.
172: <li>The number of route lookup per packet has been reduced to 1 in the
173: forwarding path.
174: <li>The prio field on VLAN headers is now correctly set on each fragment
175: of an IPv4 packet going out on a
176: <a href="http://man.openbsd.org/vlan.4">vlan(4)</a> interface.
1.42 lteo 177: <li>Enabled device cloning for
178: <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>.
179: This allows the system to have just one bpf device node in /dev
180: that services all bpf consumers (up to 1024).
1.1 deraadt 181: </ul>
182: <p>
183:
184: <li>Installer improvements:
185: <ul>
1.47 krw 186: <li>updated list of restricted usercodes
187: <li>install.sh and upgrade.sh merged into install.sub
188: <li>update automatically runs <a href="http://man.openbsd.org/sysmerge">sysmerge(8)</a>
189: in batch mode before
190: <a href="http://man.openbsd.org/fw_update">fw_update(1)</a>
191: <li>questions and answers are logged in a format that can be used as a
192: response file for use by
193: <a href="http://man.openbsd.org/autoinstall">autoinstall(8)</a>
1.55 ! tb 194: <li><tt>/usr/local</tt> is set to <tt>wxallowed</tt> during install
1.1 deraadt 195: </ul>
196: <p>
197:
198: <li>Routing daemons and other userland network improvements:
199: <ul>
1.11 schwarze 200: <li>Add routing table support to
201: <a href="http://man.openbsd.org/rc.d.8">rc.d(8)</a> and
202: <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>.
1.12 schwarze 203: <li>Let <a href="http://man.openbsd.org/nc.1">nc(1)</a>
204: support service names in addition to port numbers.
205: <li>Add <tt>-M</tt> and <tt>-m</tt> TTL flags to
206: <a href="http://man.openbsd.org/nc.1">nc(1)</a>.
207: <li>Add <tt>AF_UNIX</tt> support to
1.13 schwarze 208: <a href="http://man.openbsd.org/tcpbench.1">tcpbench(1)</a>.
1.32 visa 209: <li>Fixed a regression in
210: <a href="http://man.openbsd.org/rarpd.8">rarpd(8)</a>.
211: The daemon could hang if it was idle for a long time.
1.33 vgross 212: <li>Added the <tt>llprio</tt> option in
213: <a href="http://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.42 lteo 214: <li>Multiple programs that use
215: <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>
216: have been modified to take advantage of
217: <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>
218: device cloning by opening <tt>/dev/bpf0</tt> instead of looping
219: through <tt>/dev/bpf*</tt> devices. These programs include
220: <a href="http://man.openbsd.org/arp.8">arp(8)</a>,
221: <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>,
222: <a href="http://man.openbsd.org/dhcpd.8">dhcpd(8)</a>,
223: <a href="http://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>,
224: <a href="http://man.openbsd.org/hostapd.8">hostapd(8)</a>,
225: <a href="http://man.openbsd.org/mopd.8">mopd(8)</a>,
226: <a href="http://man.openbsd.org/npppd.8">npppd(8)</a>,
227: <a href="http://man.openbsd.org/rarpd.8">rarpd(8)</a>,
228: <a href="http://man.openbsd.org/rbootd.8">rbootd(8)</a>, and
229: <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
230: The <a href="http://man.openbsd.org/pcap.3">libpcap</a> library
231: has also been modified accordingly.
1.1 deraadt 232: </ul>
233: <p>
234:
235: <li>Security improvements:
236: <ul>
1.3 guenther 237: <li><tt>W^X</tt> is now strictly enforced by default;
238: a program can only violate it if the executable is marked with
1.38 tb 239: <tt>PT_OPENBSD_WXNEEDED</tt> and is located on a filesystem
1.6 schwarze 240: mounted with the <tt>wxallowed</tt>
241: <a href="http://man.openbsd.org/mount.8">mount(8)</a> option.
1.36 deraadt 242: Because there are still too many ports which violate W^X, the
243: installer mounts the <tt>/usr/local</tt> filesystem with
244: <tt>wxallowed</tt>. This allows the base system to be more
1.37 tb 245: secure as long as <tt>/usr/local</tt> is a separate filesystem.
1.36 deraadt 246: If you use no W^X violating programs, consider manually
247: revoking that option.
1.6 schwarze 248: <li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a>
1.3 guenther 249: family of functions now apply XOR cookies to stack and return-address
250: values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.
1.28 deraadt 251: <li>SROP mitigation: <a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a>
1.3 guenther 252: can now only be used by the kernel-provided signal trampoline,
253: with a cookie to detect attempts to reuse it.
1.22 tom 254: <li>To deter code reuse exploits, <a href="http://man.openbsd.org/rc.8">rc(8)</a>
255: re-links libc.so on startup, placing the objects in a random order.
1.11 schwarze 256: <li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a>
257: family of functions, stop opening the shadow database by default.
1.12 schwarze 258: <li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
259: <tt>-r</tt> to be started without root privileges.
1.11 schwarze 260: <li>Remove
261: <a href="http://man.openbsd.org/OpenBSD-5.9/systrace">systrace</a>.
262: <li>Remove Linux emulation support.
1.17 tedu 263: <li>Remove support for the usermount option.
1.19 tedu 264: <li>The TCP SYN cache reseeds its random hash function from
1.14 bluhm 265: time to time.
1.19 tedu 266: This prevents an attacker from calculating the distribution
1.14 bluhm 267: of the hash function with a timing attack.
268: <li>To work against SYN flooding attacks the administrator can
269: change the size of the hash array now.
1.16 schwarze 270: <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>
1.14 bluhm 271: <tt>-s -p tcp</tt> shows the relevant information to tune
1.15 bluhm 272: the SYN cache with
1.16 schwarze 273: <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>
1.15 bluhm 274: <tt>net.inet.tcp</tt>.
1.33 vgross 275: <li>The administrator can require root privileges for binding to some TCP
276: and UDP ports with
277: <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>
278: <tt>net.inet.tcp.rootonly</tt> and
279: <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>
280: <tt>net.inet.udp.rootonly</tt>.
1.1 deraadt 281: </ul>
282: <p>
283:
284: <li>Assorted improvements:
285: <ul>
1.3 guenther 286: <li>The thread library can now be loaded into a single-threaded process.
287: <li>Improved symbol handling and standards compliance in libc.
288: For example, defining an <tt>open()</tt> function will no longer
289: interfere with the operation of
1.6 schwarze 290: <a href="http://man.openbsd.org/fopen.3">fopen(3)</a>.
1.3 guenther 291: <li><tt>PT_TLS</tt> sections are now supported in initially loaded object.
292: <li>Improved handling of "no paths" and "empty path" in
1.6 schwarze 293: <a href="http://man.openbsd.org/fts.3">fts(3)</a>.
1.12 schwarze 294: <li>In <a href="http://man.openbsd.org/pcap.3">pcap(3)</a>,
295: provide the functions <tt>pcap_free_datalinks()</tt>
296: and <tt>pcap_offline_filter()</tt>.
297: <li>Many bugfixes and structural cleanup in the
298: <a href="http://man.openbsd.org/editline">editline(3)</a> library.
299: <li>Remove ancient
300: <a href="http://man.openbsd.org/OpenBSD-5.9/dbm.3">dbm(3)</a>
301: functions;
302: <a href="http://man.openbsd.org/ndbm.3">ndbm(3)</a> remains.
1.17 tedu 303: <li>Add <tt>setenv</tt> keyword for more powerful environment handling in
1.12 schwarze 304: <a href="http://man.openbsd.org/doas.conf.5">doas.conf(5)</a>.
305: <li>Add <tt>-g</tt> and <tt>-p</tt> options to
306: <a href="http://man.openbsd.org/aucat.1">aucat.1</a>
307: for time positioning.
308: <li>Rewrite <a href="http://man.openbsd.org/audioctl.1">audioctl(1)</a>
309: with a simpler user interface.
310: <li>Add <tt>-F</tt> option to
311: <a href="http://man.openbsd.org/install.1">install(1)</a>
312: to <a href="http://man.openbsd.org/fsync.2">fsync(2)</a>
313: the file before closing it.
1.6 schwarze 314: <li><a href="http://man.openbsd.org/kdump.1">kdump(1)</a>
315: now dumps <tt>pollfd</tt> structures.
1.12 schwarze 316: <li>Improve various details of
317: <a href="http://man.openbsd.org/ksh.1">ksh(1)</a> POSIX compliance.
318: <li><a href="http://man.openbsd.org/mknod.8">mknod(8)</a> rewritten in a
319: <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>-friendly
320: style and to support creating multiple devices at once.
321: <li>Implement <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>
322: <tt>get all</tt> and <tt>getdef all</tt>.
323: <li>Implement the <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>
324: <tt>-I</tt> (interactive) flag.
1.11 schwarze 325: <li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>,
326: implement Mdocdate keyword substitution.
327: <li>In <a href="http://man.openbsd.org/top.1">top(1)</a>,
328: allow to filter process arguments if they are being displayed.
329: <li>Added UTF-8 support to
330: <a href="http://man.openbsd.org/fold.1">fold(1)</a> and
331: <a href="http://man.openbsd.org/rev.1">rev(1)</a>.
332: <li>Enable UTF-8 by default in
333: <a href="http://man.openbsd.org/xterm.1">xterm(1)</a> and
334: <a href="http://man.openbsd.org/pod2man.1">pod2man(1)</a>.
335: <li>Filter out non-ASCII characters in
336: <a href="http://man.openbsd.org/wall.1">wall(1)</a>.
1.12 schwarze 337: <li>Handle the <a href="http://man.openbsd.org/?apropos=1&query=Ev%3DCOLUMNS">COLUMNS</a>
338: environment variable consistently across many programs.
1.14 bluhm 339: <li>The options <tt>-c</tt> and <tt>-k</tt> allow to provide
340: TLS client certificates for
341: <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>
342: on the sending side.
1.18 tedu 343: With that the receiving side can verify log messages
1.14 bluhm 344: are authentic.
345: Note that syslogd does not have this check feature yet.
346: <li>When the klog buffer overflows, syslogd will write a log
347: message to show that some entries is missing.
1.31 visa 348: <li>On OpenBSD/octeon, CPU cache write buffering is enabled
349: to improve performance.
1.35 espie 350: <li><a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a> and
351: <a href="http://man.openbsd.org/pkg_info.1">pkg_info(1)</a> now
352: understand a notion of branch to ease selection of some popular
353: packages such as python or php, e.g., say
354: <tt>pkg_add python%3.4</tt> to select the <tt>3.4</tt> branch,
355: and use <tt>pkg_info -zm</tt> to get a fuzzy listing with branch
356: selection suitable for <tt>pkg_add -l</tt>.
1.45 krw 357: <li><a href="http://man.openbsd.org/?query=fdisk">fdisk(8)</a> and
358: <a href="http://man.openbsd.org/?query=pdisk">pdisk(8)</a>
359: immediately exit unless passed a character special device
360: <li><a href="http://man.openbsd.org/?query=st">st(4)</a>
361: correctly tracks the current block count for variable sized blocks
362: <li><a href="http://man.openbsd.org/?query=fsck_ext2fs">fsck_ext2fs(8)</a>
363: works again
364: <li><a href="http://man.openbsd.org/?query=softraid">softraid(4)</a> volumes
365: can be constructed with disks that have a sector size other than 512 bytes
366: <li><a href="http://man.openbsd.org/?query=dhclient">dhclient(8)</a>
367: DECLINE's and discards unused OFFER's.
368: <li><a href="http://man.openbsd.org/?query=dhclient">dhclient(8)</a>
369: immediately exits if its interface (e.g. a
370: <a href="http://man.openbsd.org/?query=bridge">bridge(4)</a>)
371: returns EAFNOSUPPORT when a packet is sent.
372: <li><a href="http://man.openbsd.org/?query=httpd">httpd(8)</a> returns
373: 400 Bad Request for HTTP v0.9 requests.
374: <li>ffs2's lazy node initialization avoids treating random disk data as
375: an inode
376: <li><a href="http://man.openbsd.org/?query=fcntl">fcntl(2)</a> invocations
377: in base programs use the idiom fcntl(n,F_GETFL) instead of fcntl(n,F_GETFL,0)
378: <li><a href="http://man.openbsd.org/?query=socket">socket(2)</a> and
379: <a href="http://man.openbsd.org/?query=accept4">accept4(2)</a> invocations
380: in base programs use SOCK_NONBLOCK to eliminate the need for a separate
381: <a href="http://man.openbsd.org/?query=fcntl">fcntl(2)</a>.
1.47 krw 382: <li>tmpfs not enabled by default
1.50 tb 383: <li>the in-kernel semantics of
384: <a href="http://man.openbsd.org/pledge">pledge(2)</a>
385: were improved in numerous ways.
386: Highlights include:
387: a new <tt>chown</tt> promise that allows pledged programs to set
388: setugid attributes,
389: a stricter enforcement of the <tt>recvfd</tt> promise and
390: <a href="man.openbsd.org/chroot.2">chroot(2)</a> is no longer allowed
391: for pledged programs.
392: <li>a number of
393: <a href="http://man.openbsd.org/pledge">pledge(2)</a>-related bugs
394: (missing promises, unintended changes of behavior, crashes) were fixed,
395: notably in
396: <a href="http://man.openbsd.org/gzip">gzip(1)</a>,
397: <a href="http://man.openbsd.org/nc">nc(1)</a>,
398: <a href="http://man.openbsd.org/sed">sed(1)</a>,
399: <a href="http://man.openbsd.org/skeyinit">skeyinit(1)</a>,
400: <a href="http://man.openbsd.org/stty">stty(1)</a>,
401: and various disk-related utilities, such as
402: <a href="http://man.openbsd.org/disklabel">disklabel(8)</a> and
403: <a href="http://man.openbsd.org/fdisk">fdisk(8)</a>.
1.1 deraadt 404: </ul>
405: <p>
406:
1.28 deraadt 407: <li>OpenSMTPD 5.9.1
1.1 deraadt 408: <ul>
409: <li>...
410: </ul>
411: <p>
412:
1.28 deraadt 413: <li>OpenSSH 7.3
1.1 deraadt 414: <ul>
415: <li>Security:
416: <ul>
1.39 sobrado 417: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
418: Mitigate a potential denial-of-service attack against the system's
419: <a href="http://man.openbsd.org/crypt.3">crypt(3)</a>
420: function via
421: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>.
422: An attacker could send very long passwords that would cause
423: excessive CPU use in
424: <a href="http://man.openbsd.org/crypt.3">crypt(3)</a>.
425: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>
426: now refuses to accept password authentication requests of length
427: greater than 1024 characters.
428: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
429: Mitigate timing differences in password authentication that could be
430: used to discern valid from invalid account names when long passwords
431: were sent and particular password hashing algorithms are in use on
432: the server. CVE-2016-6210.
433: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
434: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
435: Fix observable timing weakness in the <i>CBC padding oracle
436: countermeasures</i>. Note that CBC ciphers are disabled by default
437: and only included for legacy compatibility.
438: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
439: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
440: Improve ordering ordering of MAC verification for
441: <i>Encrypt-then-MAC</i> (EtM) mode transport MAC algorithms to
442: verify the MAC before decrypting any ciphertext. This removes the
443: possibility of timing differences leaking facts about the plaintext,
444: though no such leakage is known.
1.1 deraadt 445: </ul>
446: <li>New/changed features:
447: <ul>
1.39 sobrado 448: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
449: Add a <tt>ProxyJump</tt> option and corresponding <tt>-J</tt>
450: command-line flag to allow simplified indirection through a one or
451: more SSH bastions or "jump hosts".
452: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
453: Add an <tt>IdentityAgent</tt> option to allow specifying specific
454: agent sockets instead of accepting one from the environment.
455: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
456: Allow <tt>ExitOnForwardFailure</tt> and <tt>ClearAllForwardings</tt>
457: to be optionally overridden when using <tt>ssh -W</tt>. (bz#2577)
458: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
459: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
460: Implement support for the IUTF8 terminal mode as per
461: <i>draft-sgtatham-secsh-iutf8-00</i>.
462: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
463: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
464: Add support for additional <i>fixed Diffie-Hellman 2K</i>, <i>4K</i>
465: and <i>8K</i> groups from <i>draft-ietf-curdle-ssh-kex-sha2-03</i>.
466: <li><a href="http://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>,
467: <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
468: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
469: support SHA256 and SHA512 RSA signatures in certificates.
470: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
471: Add an <tt>Include</tt> directive for
472: <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
473: files.
474: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
475: Permit UTF-8 characters in pre-authentication banners sent from the
476: server. (bz#2058)
1.1 deraadt 477: </ul>
478: <li>The following significant bugs have been fixed in this release:
479: <ul>
1.11 schwarze 480: <li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a>
1.39 sobrado 481: and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>,
482: prevent screwing up terminal settings by escaping bytes
483: not forming ASCII or UTF-8 characters.
484: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
485: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
486: Reduce the syslog level of some relatively common protocol events
487: from <tt>LOG_CRIT</tt>. (bz#2585)
488: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
489: Refuse <tt>AuthenticationMethods=""</tt> in configurations and accept
490: <tt>AuthenticationMethods=any</tt> for the default behaviour of not
491: requiring multiple authentication. (bz#2398)
492: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
493: Remove obsolete and misleading <tt>"POSSIBLE BREAK-IN ATTEMPT!"</tt>
494: message when forward and reverse DNS don't match. (bz#2585)
495: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
496: Close <tt>ControlPersist</tt> background process stderr except in
497: debug mode or when logging to syslog. (bz#1988)
498: <li>misc: Make PROTOCOL description for
499: <i>direct-streamlocal@openssh.com</i> channel open messages match
500: deployed code. (bz#2529)
501: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
502: Deduplicate <tt>LocalForward</tt> and <tt>RemoteForward</tt> entries
503: to fix failures when both <tt>ExitOnForwardFailure</tt> and
504: <tt>hostname</tt> canonicalisation are enabled. (bz#2562)
505: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
506: Remove fallback from moduli to obsolete "primes" file that was
507: deprecated in 2001. (bz#2559)
508: <li><a href="http://man.openbsd.org/sshd_config.5">sshd_config(5)</a>:
509: Correct description of <tt>UseDNS</tt>: it affects ssh hostname
510: processing for <tt>authorized_keys</tt>, not <tt>known_hosts</tt>.
511: (bz#2554)
512: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
513: Fix authentication using lone certificate keys in an agent without
514: corresponding private keys on the filesystem. (bz#2550)
515: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
516: Send <tt>ClientAliveInterval</tt> pings when a time-based
517: <tt>RekeyLimit</tt> is set; previously keepalive packets were not
518: being sent. (bz#2252)
1.1 deraadt 519: </ul>
520: </ul>
521: <p>
1.5 sobrado 522:
523: <li>OpenNTPD 6.0
524: <ul>
525: <li>When a single "constraint" is specified, try all returned addresses
526: until one succeeds, rather than the first returned address.
527: <li>Relaxed the constraint error margin to be proportional to the number
528: of NTP peers, avoid constant reconnections when there is a bad NTP
529: peer.
530: <li>Removed disabled
1.6 schwarze 531: <a href="http://man.openbsd.org/hotplug.4">hotplug(4)</a>
1.5 sobrado 532: sensor support.
533: <li>Added support for detecting crashes in constraint subprocesses.
534: <li>Moved the execution of constraints from the ntp process to the
535: parent process, allowing for better privilege separation since the
536: ntp process can be further restricted.
537: <li>Added
1.6 schwarze 538: <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>
1.5 sobrado 539: support.
540: <li>Fixed high CPU usage when the network is down.
541: <li>Fixed various memory leaks.
542: <li>Switched to RMS for jitter calculations.
543: <li>Unified logging functions with other OpenBSD base programs.
544: <li>Set <tt>MOD_MAXERROR</tt> to avoid unsynced time status when using
545: ntp_adjtime.
546: <li>Fixed HTTP Timestamp header parsing to use
1.6 schwarze 547: <a href="http://man.openbsd.org/strptime.3">strptime(3)</a>
1.5 sobrado 548: in a more portable fashion.
549: <li>Hardened TLS for
1.6 schwarze 550: <a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a>
1.5 sobrado 551: constraints, enabling server name verification.
552: </ul>
553: <p>
554:
1.4 sobrado 555: <li>LibreSSL 2.4.2
1.1 deraadt 556: <ul>
557: <li>User-visible features:
558: <ul>
1.4 sobrado 559: <li>Fixed some broken manpage links in the install target.
560: <li><tt>cert.pem</tt> has been reorganized and synced with Mozilla's
561: certificate store.
562: <li>Reliability fix, correcting an error when parsing certain ASN.1
563: elements over 16k in size.
564: <li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites.
565: <li>Fixed password prompts from
1.6 schwarze 566: <a href="http://man.openbsd.org/openssl.1">openssl(1)</a>
1.4 sobrado 567: to properly handle ^C.
1.1 deraadt 568: </ul>
569: <li>Code improvements:
570: <ul>
1.4 sobrado 571: <li>Fixed an <i>nginx</i> compatibility issue by adding an
572: '<tt>install_sw</tt>' build target.
573: <li>Changed default
1.6 schwarze 574: <a href="http://man.openbsd.org/EVP_AEAD_CTX_init.3">EVP_aead_chacha20_poly1305(3)</a>
1.4 sobrado 575: implementation to the IETF version, which is now the default.
576: <li>Reworked error handling in <tt>libtls</tt> so that configuration
577: errors are more visible.
578: <li>Added missing error handling around
1.6 schwarze 579: <a href="http://man.openbsd.org/bn_wexpand.3">bn_wexpand(3)</a>
1.4 sobrado 580: calls.
581: <li>Added
1.6 schwarze 582: <a href="http://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a>
1.4 sobrado 583: calls for freed ASN.1 objects.
584: <li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation
585: failure.
586: <li>Deprecated internal use of
1.6 schwarze 587: <a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>.
1.4 sobrado 588: <li>Fixed a problem that prevents the DSA signing algorithm from running
589: in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set.
590: <li>Fixed several issues in the OCSP code that could result in the
591: incorrect generation and parsing of OCSP requests. This remediates
592: a lack of error checking on time parsing in these functions, and
593: ensures that only <tt>GENERALIZEDTIME</tt> formats are accepted for
594: OCSP, as per <i>RFC 6960</i>.
595: </ul>
1.22 tom 596: <li>The following CVEs have been fixed:
1.4 sobrado 597: <ul>
598: <li><tt>CVE-2016-2105</tt>—EVP_EncodeUpdate overflow.
599: <li><tt>CVE-2016-2106</tt>—EVP_EncryptUpdate overflow.
600: <li><tt>CVE-2016-2107</tt>—padding oracle in AES-NI CBC MAC check.
601: <li><tt>CVE-2016-2108</tt>—memory corruption in the ASN.1 encoder.
602: <li><tt>CVE-2016-2109</tt>—ASN.1 BIO excessive memory allocation.
1.1 deraadt 603: </ul>
604: </ul>
605: <p>
606:
607: <li>Ports and packages:
1.35 espie 608: <dl>
609: <dt>New proot(1) tool in the ports tree for building packages in a chroot.
610: </dl>
1.1 deraadt 611: <dl>
612: <dt>Many pre-built packages for each architecture:
613: </dl>
614: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
615: <table border=0 cellspacing=0 cellpadding=2 width="95%">
616: <tr>
617: <td valign="top" width="25%">
618: <ul>
1.46 landry 619: <li>alpha: 7422
1.41 deraadt 620: <li>amd64: 9433
621: <li>hppa: 6346
1.1 deraadt 622: </ul></td><td valign=top width="25%"><ul>
1.41 deraadt 623: <li>i386: 9394
1.1 deraadt 624: <li>mips64: xxxx
625: <li>mips64el: xxxx
626: </ul></td><td valign=top width="25%"><ul>
627: <li>powerpc: xxxx
1.46 landry 628: <li>sparc64: 8570
1.1 deraadt 629: </ul></td></tr></table>
630: <p>
631:
632: <dl>
633: <dt>Some highlights:
634: </dl>
635: <table border=0 cellspacing=0 cellpadding=2 width="95%">
636: <tr>
1.7 schwarze 637: <td valign="top" width="50%"><ul>
638: <li>Afl 2.19b
639: <li>Chromium 51.0.2704.106
640: <li>Emacs 21.4 and 24.5
641: <li>GCC 4.9.3
642: <li>GHC 7.10.3
643: <li>Gimp 2.8.16
1.9 jasper 644: <li>GNOME 3.20.2
1.7 schwarze 645: <li>Go 1.6.3
646: <li>Groff 1.22.3
647: <li>JDK 7u80 and 8u72
1.9 jasper 648: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
1.7 schwarze 649: <li>LLVM/Clang 3.8.0
650: <li>LibreOffice 5.1.4.2
651: <li>Lua 5.1.5, 5.2.4, and 5.3.3
652: <li>MariaDB 10.0.25
653: <li>Mono 4.4.0.182
654: <li>Mozilla Firefox 45.2.0esr and 47.0.1
655: </ul></td><td valign=top width="50%"><ul>
656: <li>Mozilla Thunderbird 45.2.0
657: <li>Mutt 1.6.2
658: <li>Node.js 4.4.5
1.45 krw 659: <li>Ocaml 4.3.0
1.7 schwarze 660: <li>OpenLDAP 2.3.43 and 2.4.44
661: <li>PHP 5.5.37, 5.6.23, and 7.0.8
662: <li>Postfix 3.1.1 and 3.2-20160515
663: <li>PostgreSQL 9.5.3
664: <li>Python 2.7.12, 3.4.5, and 3.5.2
665: <li>R 3.3.1
666: <li>Ruby 1.8.7.374, 2.0.0.648, 2.1.9, 2.2.5, and 2.3.1
667: <li>Rust 1.9.0-20160608
668: <li>Sendmail 8.15.2
669: <li>Sudo 1.8.17.1
670: <li>Tcl/Tk 8.5.18 and 8.6.4
671: <li>TeX Live 2015
672: <li>Vim 7.4.1467
673: <li>Xfce 4.12
674: </ul></td></tr></table>
1.1 deraadt 675: <p>
676:
677: <li>As usual, steady improvements in manual pages and other documentation.
678: <p>
679:
680: <li>The system includes the following major components from outside suppliers:
681: <ul>
1.8 schwarze 682: <li>Xenocara (based on X.Org 7.7 with xserver 1.18.3 + patches,
683: freetype 2.6.3, fontconfig 2.11.1, Mesa 11.2.2, xterm 322,
684: xkeyboard-config 2.18 and more)
1.34 deraadt 685: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.8 schwarze 686: <li>Perl 5.20.3 (+ patches)
687: <li>SQLite 3.9.2 (+ patches)
688: <li>NSD 4.1.10
689: <li>Unbound 1.5.9
690: <li>Ncurses 5.7
691: <li>Binutils 2.17 (+ patches)
692: <li>Gdb 6.3 (+ patches)
693: <li>Awk Aug 10, 2011 version
1.12 schwarze 694: <li>Expat 2.1.1
1.1 deraadt 695: </ul>
696: </ul>
697:
698: <hr>
699:
700: <h3 id="install"><font color="#0000e0">How to install</font></h3>
701:
702: Following this are the instructions which you would have on a piece of
703: paper if you had purchased a CDROM set instead of doing an alternate
704: form of install. The instructions for doing an HTTP (or other style
705: of) install are very similar; the CDROM instructions are left intact
706: so that you can see how much easier it would have been if you had
707: purchased a CDROM instead.
708: <p>
709:
710: <hr>
711: <p>
712: Please refer to the following files on the three CDROMs or mirror site for
713: extensive details on how to install OpenBSD 6.0 on your machine:
714:
715: <ul>
716: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/alpha/INSTALL.alpha">
717: .../OpenBSD/6.0/alpha/INSTALL.alpha (on CD1)</a>
718: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/i386/INSTALL.i386">
719: .../OpenBSD/6.0/i386/INSTALL.i386 (on CD1)</a>
720: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/hppa/INSTALL.hppa">
721: .../OpenBSD/6.0/hppa/INSTALL.hppa (on CD1)</a>
722: <p>
723: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/amd64/INSTALL.amd64">
724: .../OpenBSD/6.0/amd64/INSTALL.amd64 (on CD2)</a>
725: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/macppc/INSTALL.macppc">
726: .../OpenBSD/6.0/macppc/INSTALL.macppc (on CD2)</a>
727: <p>
728: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/sparc64/INSTALL.sparc64">
729: .../OpenBSD/6.0/sparc64/INSTALL.sparc64 (on CD3)</a>
730: <p>
731: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/armv7/INSTALL.armv7">
732: .../OpenBSD/6.0/armv7/INSTALL.armv7</a>
733: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/hppa/INSTALL.hppa">
734: .../OpenBSD/6.0/hppa/INSTALL.hppa</a>
735: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/landisk/INSTALL.landisk">
736: .../OpenBSD/6.0/landisk/INSTALL.landisk</a>
737: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/loongson/INSTALL.loongson">
738: .../OpenBSD/6.0/loongson/INSTALL.loongson</a>
739: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/luna88k/INSTALL.luna88k">
740: .../OpenBSD/6.0/luna88k/INSTALL.luna88k</a>
741: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/octeon/INSTALL.octeon">
742: .../OpenBSD/6.0/octeon/INSTALL.octeon</a>
743: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/sgi/INSTALL.sgi">
744: .../OpenBSD/6.0/sgi/INSTALL.sgi</a>
745: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/socppc/INSTALL.socppc">
746: .../OpenBSD/6.0/socppc/INSTALL.socppc</a>
747: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/zaurus/INSTALL.zaurus">
748: .../OpenBSD/6.0/zaurus/INSTALL.zaurus</a>
749: </ul>
750:
751:
752: <hr>
753:
754: <p>
1.6 schwarze 755: Quick installer information for people familiar with OpenBSD, and the use of
756: the "<a href="http://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
757: If you are at all confused when installing OpenBSD, read the relevant
758: INSTALL.* file as listed above!
1.1 deraadt 759:
760: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
761:
762: <ul style="list-style-type: none">
763: <li>
764: The OpenBSD/i386 release is on CD1.
765: Boot from the CD to begin the install - you may need to adjust
766: your BIOS options first.
767: <p>
768: <li>
769: If your machine can boot from USB, you can write <i>install60.fs</i> or
770: <i>miniroot60.fs</i> to a USB stick and boot from it.
771: <p>
772: <li>
773: If you can't boot from a CD, floppy disk, or USB,
774: you can install across the network using PXE as described in
775: the included INSTALL.i386 document.
776: <p>
777: <li>
778: If you are planning on dual booting OpenBSD with another OS, you will need to
779: read INSTALL.i386.
780: </ul>
781:
782: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
783:
784: <ul style="list-style-type: none">
785: <li>
786: The OpenBSD/amd64 release is on CD2.
787: Boot from the CD to begin the install - you may need to adjust
788: your BIOS options first.
789: <p>
790: <li>
791: If your machine can boot from USB, you can write <i>install60.fs</i> or
792: <i>miniroot60.fs</i> to a USB stick and boot from it.
793: <p>
794: <li>
795: If you can't boot from a CD, floppy disk, or USB,
796: you can install across the network using PXE as described in the included
797: INSTALL.amd64 document.
798: <p>
799: <li>
800: If you are planning to dual boot OpenBSD with another OS, you will need to
801: read INSTALL.amd64.
802: </ul>
803:
804: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
805:
806: <ul style="list-style-type: none">
807: <li>
808: Burn the image from a mirror site to a CDROM, and power on your machine
809: while holding down the <i>C</i> key until the display turns on and
810: shows <i>OpenBSD/macppc boot</i>.
811: <p>
812: <li>
813: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
814: /6.0/macppc/bsd.rd</i>
815: </ul>
816:
817: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
818:
819: <ul style="list-style-type: none">
820: <li>
821: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
822: <p>
823: <li>
824: If this doesn't work, or if you don't have a CDROM drive, you can write
825: <i>CD3:6.0/sparc64/floppy60.fs</i> or <i>CD3:6.0/sparc64/floppyB60.fs</i>
826: (depending on your machine) to a floppy and boot it with <i>boot
827: floppy</i>. Refer to INSTALL.sparc64 for details.
828: <p>
829: <li>
830: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
831: will most likely fail.
832: <p>
833: <li>
834: You can also write <i>CD3:6.0/sparc64/miniroot60.fs</i> to the swap partition on
835: the disk and boot with <i>boot disk:b</i>.
836: <p>
837: <li>
838: If nothing works, you can boot over the network as described in INSTALL.sparc64.
839: </ul>
840:
841: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
842:
843: <ul style="list-style-type: none">
844: <li>
845: Write <i>FTP:6.0/alpha/floppy60.fs</i> or
846: <i>FTP:6.0/alpha/floppyB60.fs</i> (depending on your machine) to a diskette and
847: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
848: <p>
849: <li>
850: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
851: will most likely fail.
852: </ul>
853:
854: <h3><font color="#e00000">OpenBSD/armv7:</font></h3>
855:
856: <ul style="list-style-type: none">
857: <li>
1.29 jsg 858: Write a system specific miniroot to an SD card and boot from it after connecting
859: to the serial console. Refer to INSTALL.armv7 for more details.
1.1 deraadt 860: <p>
861: </ul>
862:
863: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
864:
865: <ul style="list-style-type: none">
866: <li>
867: Boot over the network by following the instructions in INSTALL.hppa or the
868: <a href="hppa.html#install">hppa platform page</a>.
869: </ul>
870:
871: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
872:
873: <ul style="list-style-type: none">
874: <li>
875: Write <i>miniroot60.fs</i> to the start of the CF
876: or disk, and boot normally.
877: </ul>
878:
879: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
880:
881: <ul style="list-style-type: none">
882: <li>
883: Write <i>miniroot60.fs</i> to a USB stick and boot bsd.rd from it
884: or boot bsd.rd via tftp.
885: Refer to the instructions in INSTALL.loongson for more details.
886: </ul>
887:
888: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
889:
890: <ul style="list-style-type: none">
891: <li>
892: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
893: from the PROM, and then bsd.rd from the bootloader.
894: Refer to the instructions in INSTALL.luna88k for more details.
895: </ul>
896:
897: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
898:
899: <ul style="list-style-type: none">
900: <li>
901: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
902: Refer to the instructions in INSTALL.octeon for more details.
903: </ul>
904:
905: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
906:
907: <ul style="list-style-type: none">
908: <li>
909: To install, burn cd60.iso on a CD-R, put it in the CD drive of your
910: machine and select <i>Install System Software</i> from the System Maintenance
911: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
912: CD-ROM, and need a proper invocation from the PROM prompt.
913: Refer to the instructions in INSTALL.sgi for more details.
914:
915: <p>
916: <li>
917: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
918: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
919: system type. Refer to the instructions in INSTALL.sgi for more details.
920: </ul>
921:
922: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
923:
924: <ul style="list-style-type: none">
925: <li>
926: After connecting a serial port, boot over the network via DHCP/tftp.
927: Refer to the instructions in INSTALL.socppc for more details.
928: </ul>
929:
930: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
931:
932: <ul style="list-style-type: none">
933: <li>
934: Using the Linux built-in graphical ipkg installer, install the
935: openbsd60_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
936: for a few important details.
937: </ul>
938:
939: <hr>
940:
941: <h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3>
942:
943: If you already have an OpenBSD 5.9 system, and do not want to reinstall,
944: upgrade instructions and advice can be found in the
945: <a href="faq/upgrade60.html">Upgrade Guide</a>.
946: <p>
947:
948: <hr>
949:
950: <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3>
951:
1.6 schwarze 952: <tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>.
953: This file contains everything you need except for the kernel sources,
954: which are in a separate archive.
955: To extract:
1.1 deraadt 956:
957: <blockquote><pre>
958: # <b>mkdir -p /usr/src</b>
959: # <b>cd /usr/src</b>
960: # <b>tar xvfz /tmp/src.tar.gz</b>
961: </pre></blockquote>
962:
1.6 schwarze 963: <tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>.
1.1 deraadt 964: This file contains all the kernel sources you need to rebuild kernels.
965: To extract:
966:
967: <blockquote><pre>
968: # <b>mkdir -p /usr/src/sys</b>
969: # <b>cd /usr/src</b>
970: # <b>tar xvfz /tmp/sys.tar.gz</b>
971: </pre></blockquote>
972:
973: Both of these trees are a regular CVS checkout. Using these trees it
974: is possible to get a head-start on using the anoncvs servers as
975: described <a href="anoncvs.html">here</a>.
976: Using these files
977: results in a much faster initial CVS update than you could expect from
978: a fresh checkout of the full OpenBSD source tree.
979: <p>
980:
981: <hr>
982:
983: <h3 id="ports"><font color="#0000e0">Ports Tree</font></h3>
984:
985: A ports tree archive is also provided. To extract:
986:
987: <blockquote><pre>
988: # <b>cd /usr</b>
989: # <b>tar xvfz /tmp/ports.tar.gz</b>
990: </pre></blockquote>
991:
992: Go read the <a href="faq/ports/index.html">ports</a> page
993: if you know nothing about ports
994: at this point. This text is not a manual of how to use ports.
995: Rather, it is a set of notes meant to kickstart the user on the
996: OpenBSD ports system.
997: <p>
1.6 schwarze 998: The <i>ports/</i> directory represents a CVS checkout of our ports.
999: As with our complete source tree, our ports tree is available via
1.1 deraadt 1000: <a href="anoncvs.html">AnonCVS</a>.
1001: So, in order to keep up to date with the <i>-stable</i> branch, you must make
1002: the <i>ports/</i> tree available on a read-write medium and update the tree
1003: with a command like:
1004:
1005: <blockquote><pre>
1006: # <b>cd /usr/ports</b>
1007: # <b>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_0</b>
1008: </pre></blockquote>
1009:
1010: [Of course, you must replace the server name here with a nearby anoncvs
1011: server.]
1012: <p>
1013: Note that most ports are available as packages on our mirrors. Updated
1014: ports for the 6.0 release will be made available if problems arise.
1015: <p>
1016: If you're interested in seeing a port added, would like to help out, or just
1017: would like to know more, the mailing list
1018: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1019: <p>
1020: </body>
1021: </html>