Annotation of www/60.html, Revision 1.56
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 6.0</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 6.0">
7: <meta name="copyright" content="This document copyright 2016 by OpenBSD.">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.48 tb 10: <link rel="canonical" href="https://www.openbsd.org/60.html">
1.1 deraadt 11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <h2>
16: <a href="index.html">
17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
18: <font color="#e00000">6.0</font>
19: </h2>
20:
21: <a href="images/puff.jpg">
22: <img alt="Puff" align="left" width="227" height="343" hspace="24" src="images/puff.jpg"></a>
1.24 deraadt 23: To be released Sep 1, 2016<br>
1.1 deraadt 24: Copyright 1997-2016, Theo de Raadt.<br>
25: <font color="#e00000">ISBN 978-0-9881561-8-0</font>
26: <br>
1.34 deraadt 27: 6.0 Songs:
1.40 deraadt 28: <a href="lyrics.html#60a">"Another Smash of the Stack"</a>,
1.43 deraadt 29: <a href="lyrics.html#60b">"Black Hat"</a>,
30: <a href="lyrics.html#60c">"Money"</a><br>
31:
32:
33:
34: (plus 3 more...)
1.1 deraadt 35:
36: <ul>
37: <li>Order a CDROM from our <a href="https://openbsdstore.com">ordering system</a>.
38: <li>See the information on <a href="ftp.html">the FTP page</a> for
39: a list of mirror machines.
40: <li>Go to the <font color="#e00000">pub/OpenBSD/6.0/</font> directory on
41: one of the mirror sites.
42: <li>Have a look at <a href="errata60.html">the 6.0 errata page</a> for a list
43: of bugs and workarounds.
44: <li>See a <a href="plus60.html">detailed log of changes</a> between the
45: 5.9 and 6.0 releases.
46: <p>
1.6 schwarze 47: <li><a href="http://man.openbsd.org/signify.1">signify(1)</a>
1.1 deraadt 48: pubkeys for this release:<br>
49: <pre>
50: base: RWSho3oKSqgLQy+NpIhFXZJDtkE65tzlmtC24mStf8DoJd2OPMgna4u8
51: fw: RWRWf7GJKFvJTWEMIaw9wld0DujiqL1mlrC6HisE6i78C+2SRArV1Iyo
52: pkg: RWQHIajRlT2mX7tmRgb6oN6mfJu3AgQ/TU38acrWABO8lz90dR3rNmey
53: </pre>
54: <p>
55: All applicable copyrights and credits are in the src.tar.gz,
56: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
57: files fetched via ports.tar.gz.
58: </ul>
59: <br clear=all>
60:
61: <hr>
62:
63: <h3 id="new"><font color="#0000e0">What's New</font></h3>
64:
65: This is a partial list of new features and systems included in OpenBSD 6.0.
66: For a comprehensive list, see the <a href="plus60.html">changelog</a> leading
67: to 6.0.
68:
69: <ul>
1.27 jsg 70: <li>New/extended platforms:
71: <ul>
1.28 deraadt 72: <li><a href="armv7.html">armv7</a>:
1.27 jsg 73: <ul>
74: <li>EFI bootloader added, kernels are now loaded from FFS instead
75: of FAT or EXT filesystems, without U-Boot headers.
76: <li>A single kernel and ramdisk are now used for all SoCs.
77: <li>Hardware is dynamically enumerated via Flattened Device
78: Tree (FDT) instead of via static tables based on board id numbers.
79: <li>Miniroot installer images include U-Boot 2016.07 with support for
80: EFI payloads.
81: </ul>
1.28 deraadt 82: <li><a href="vax.html">vax</a>:
83: <ul>
84: <li>Removed.
85: </ul>
1.27 jsg 86: </ul>
87: <p>
88:
1.1 deraadt 89: <li>Improved hardware support, including:
90: <ul>
1.25 jsg 91: <li>New <a href="http://man.openbsd.org/?query=bytgpio">bytgpio(4)</a>
92: driver for the Intel Bay Trail GPIO controller.
93: <li>New <a href="http://man.openbsd.org/?query=chvgpio">chvgpio(4)</a>
94: driver for the Intel Cherry View GPIO controller.
95: <li>New <a href="http://man.openbsd.org/?query=maxrtc">maxrtc(4)</a>
96: driver for the Maxim DS1307 real time clock.
97: <li>New <a href="http://man.openbsd.org/?query=nvme">nvme(4)</a>
98: driver for the Non-Volatile Memory Express (NVMe) host controller interface.
99: <li>New <a href="http://man.openbsd.org/?query=pcfrtc">pcfrtc(4)</a>
100: driver for the NXP PCF8523 real time clock.
101: <li>New <a href="http://man.openbsd.org/?query=umb">umb(4)</a>
102: driver for the Mobile Broadband Interface Model (MBIM).
103: <li>New <a href="http://man.openbsd.org/?query=ure">ure(4)</a>
104: driver for RealTek RTL8152 based 10/100 USB Ethernet devices.
105: <li>New <a href="http://man.openbsd.org/?query=utvfu">utvfu(4)</a>
106: driver for audio/video capture devices based on the Fushicai USBTV007.
107: <li>The <a href="http://man.openbsd.org/?query=iwm">iwm(4)</a> driver
108: supports more models, notably the Intel Wireless 3165 and 8260.
109: <li>Support for I2C HID devices with GPIO signalled interrupts has
110: been added to <a href="http://man.openbsd.org/?query=dwiic">dwiic(4)</a>.
1.26 jsg 111: <li>Support for larger bus widths, high speed modes, and DMA
112: transfers has been added to
113: <a href="http://man.openbsd.org/?query=sdmmc">sdmmc(4)</a>,
1.55 tb 114: <a href="http://man.openbsd.org/?query=rtsx">rtsx(4)</a>,
1.26 jsg 115: <a href="http://man.openbsd.org/?query=sdhc">sdhc(4)</a>, and
1.55 tb 116: <a href="http://man.openbsd.org/?query=imxesdhc">imxesdhc(4)</a>.
1.31 visa 117: <li>Support for EHCI and OHCI compliant USB controllers on Octeon II SoCs.
118: <li>Many USB device drivers have been enabled on OpenBSD/octeon.
1.54 stsp 119: <li>Improved support for hardware-reduced ACPI implementations.
1.53 kettenis 120: <li>AES-NI crypto is now down without holding the kernel lock.
1.54 stsp 121: <li>Improved AGP support on PowerPC G5 machines.
122: <li>Added support for the SD card slot in Intel Bay Trail SoCs.
123: <li>The <a href="http://man.openbsd.org/?query=ichiic">ichiic(4)</a> driver
124: now ignores the SMBALERT# interrupt to prevent an interrupt storm.
125: <li>Device attachment problems with the
126: <a href="http://man.openbsd.org/?query=axen">axen(4)</a> driver have
127: been fixed.
128: <li>The <a href="http://man.openbsd.org/?query=ral">ral(4)</a> driver
129: is more stable under load with RT2860 devices.
130: <li>Problems with dead keyboards after resume have been fixed in the
131: <a href="http://man.openbsd.org/?query=pckbd">pckbd(4)</a> driver.
132: <li>The <a href="http://man.openbsd.org/?query=rtsx">rtsx(4)</a> driver
133: now supports RTS522A devices.
134: <li>Initial support for MSI-X has been added.
135: <li>Support for MSI-X has been added to the
136: <a href="http://man.openbsd.org/?query=virtio">virtio(4)</a> driver.
137: <li>Added a workaround for hardware DMA overruns to the
138: <a href="http://man.openbsd.org/man4/dc.4">dc(4)</a> driver.
139: <li>The <a href="http://man.openbsd.org/?query=acpitz">acpitz(4)</a> driver
140: now spins the fan down after cooling if ACPI uses hysteresis for
141: active cooling.
142: <li>The <a href="http://man.openbsd.org/?query=xhci">xhci(4)</a> driver
143: now performs handoff from an xHCI-capable BIOS correctly.
1.1 deraadt 144: </ul>
145: <p>
146:
147: <li>SMP network stack improvements:
148: <ul>
1.31 visa 149: <li>The Tx queue of the
150: <a href="http://man.openbsd.org/?query=cnmac">cnmac(4)</a>
151: driver can now be processed in parallel of the rest of the kernel.
1.49 mpi 152: <li>Network input path is now run in thread context.
1.1 deraadt 153: </ul>
154: <p>
155:
1.30 stsp 156: <li>IEEE 802.11 wireless stack improvements:
1.1 deraadt 157: <ul>
1.30 stsp 158: <li>The HT block ack receive buffer logic follows the algorithm given
159: in the 802.11-2012 spec more closely.
160: <li>The <a href="http://man.openbsd.org/?query=iwn">iwn(4)</a> driver now
161: keeps track of HT protection changes while associated to an 11n AP.
162: <li>The wireless stack and several drivers make more aggressive use
163: of RTS/CTS to avoid interference from legacy devices and hidden nodes.
1.1 deraadt 164: </ul>
165: <p>
166:
167: <li>Generic network stack improvements:
168: <ul>
1.49 mpi 169: <li>The routing table is now based on
170: <a href="http://www.hariguchi.org/art/art.pdf">ART</a> offering a
171: faster lookup.
172: <li>The number of route lookup per packet has been reduced to 1 in the
173: forwarding path.
174: <li>The prio field on VLAN headers is now correctly set on each fragment
175: of an IPv4 packet going out on a
176: <a href="http://man.openbsd.org/vlan.4">vlan(4)</a> interface.
1.42 lteo 177: <li>Enabled device cloning for
178: <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>.
179: This allows the system to have just one bpf device node in /dev
180: that services all bpf consumers (up to 1024).
1.1 deraadt 181: </ul>
182: <p>
183:
184: <li>Installer improvements:
185: <ul>
1.47 krw 186: <li>updated list of restricted usercodes
187: <li>install.sh and upgrade.sh merged into install.sub
188: <li>update automatically runs <a href="http://man.openbsd.org/sysmerge">sysmerge(8)</a>
189: in batch mode before
190: <a href="http://man.openbsd.org/fw_update">fw_update(1)</a>
191: <li>questions and answers are logged in a format that can be used as a
192: response file for use by
193: <a href="http://man.openbsd.org/autoinstall">autoinstall(8)</a>
1.55 tb 194: <li><tt>/usr/local</tt> is set to <tt>wxallowed</tt> during install
1.1 deraadt 195: </ul>
196: <p>
197:
198: <li>Routing daemons and other userland network improvements:
199: <ul>
1.11 schwarze 200: <li>Add routing table support to
201: <a href="http://man.openbsd.org/rc.d.8">rc.d(8)</a> and
202: <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>.
1.12 schwarze 203: <li>Let <a href="http://man.openbsd.org/nc.1">nc(1)</a>
204: support service names in addition to port numbers.
205: <li>Add <tt>-M</tt> and <tt>-m</tt> TTL flags to
206: <a href="http://man.openbsd.org/nc.1">nc(1)</a>.
207: <li>Add <tt>AF_UNIX</tt> support to
1.13 schwarze 208: <a href="http://man.openbsd.org/tcpbench.1">tcpbench(1)</a>.
1.32 visa 209: <li>Fixed a regression in
210: <a href="http://man.openbsd.org/rarpd.8">rarpd(8)</a>.
211: The daemon could hang if it was idle for a long time.
1.33 vgross 212: <li>Added the <tt>llprio</tt> option in
213: <a href="http://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.42 lteo 214: <li>Multiple programs that use
215: <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>
216: have been modified to take advantage of
217: <a href="http://man.openbsd.org/bpf.4">bpf(4)</a>
218: device cloning by opening <tt>/dev/bpf0</tt> instead of looping
219: through <tt>/dev/bpf*</tt> devices. These programs include
220: <a href="http://man.openbsd.org/arp.8">arp(8)</a>,
221: <a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a>,
222: <a href="http://man.openbsd.org/dhcpd.8">dhcpd(8)</a>,
223: <a href="http://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>,
224: <a href="http://man.openbsd.org/hostapd.8">hostapd(8)</a>,
225: <a href="http://man.openbsd.org/mopd.8">mopd(8)</a>,
226: <a href="http://man.openbsd.org/npppd.8">npppd(8)</a>,
227: <a href="http://man.openbsd.org/rarpd.8">rarpd(8)</a>,
228: <a href="http://man.openbsd.org/rbootd.8">rbootd(8)</a>, and
229: <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
230: The <a href="http://man.openbsd.org/pcap.3">libpcap</a> library
231: has also been modified accordingly.
1.1 deraadt 232: </ul>
233: <p>
234:
235: <li>Security improvements:
236: <ul>
1.3 guenther 237: <li><tt>W^X</tt> is now strictly enforced by default;
238: a program can only violate it if the executable is marked with
1.38 tb 239: <tt>PT_OPENBSD_WXNEEDED</tt> and is located on a filesystem
1.6 schwarze 240: mounted with the <tt>wxallowed</tt>
241: <a href="http://man.openbsd.org/mount.8">mount(8)</a> option.
1.36 deraadt 242: Because there are still too many ports which violate W^X, the
243: installer mounts the <tt>/usr/local</tt> filesystem with
244: <tt>wxallowed</tt>. This allows the base system to be more
1.37 tb 245: secure as long as <tt>/usr/local</tt> is a separate filesystem.
1.36 deraadt 246: If you use no W^X violating programs, consider manually
247: revoking that option.
1.6 schwarze 248: <li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a>
1.3 guenther 249: family of functions now apply XOR cookies to stack and return-address
250: values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.
1.28 deraadt 251: <li>SROP mitigation: <a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a>
1.3 guenther 252: can now only be used by the kernel-provided signal trampoline,
253: with a cookie to detect attempts to reuse it.
1.22 tom 254: <li>To deter code reuse exploits, <a href="http://man.openbsd.org/rc.8">rc(8)</a>
255: re-links libc.so on startup, placing the objects in a random order.
1.11 schwarze 256: <li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a>
257: family of functions, stop opening the shadow database by default.
1.12 schwarze 258: <li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a>
259: <tt>-r</tt> to be started without root privileges.
1.11 schwarze 260: <li>Remove
261: <a href="http://man.openbsd.org/OpenBSD-5.9/systrace">systrace</a>.
262: <li>Remove Linux emulation support.
1.17 tedu 263: <li>Remove support for the usermount option.
1.19 tedu 264: <li>The TCP SYN cache reseeds its random hash function from
1.14 bluhm 265: time to time.
1.19 tedu 266: This prevents an attacker from calculating the distribution
1.14 bluhm 267: of the hash function with a timing attack.
268: <li>To work against SYN flooding attacks the administrator can
269: change the size of the hash array now.
1.16 schwarze 270: <a href="http://man.openbsd.org/netstat.1">netstat(1)</a>
1.14 bluhm 271: <tt>-s -p tcp</tt> shows the relevant information to tune
1.15 bluhm 272: the SYN cache with
1.16 schwarze 273: <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>
1.15 bluhm 274: <tt>net.inet.tcp</tt>.
1.33 vgross 275: <li>The administrator can require root privileges for binding to some TCP
276: and UDP ports with
277: <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>
278: <tt>net.inet.tcp.rootonly</tt> and
279: <a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a>
280: <tt>net.inet.udp.rootonly</tt>.
1.1 deraadt 281: </ul>
282: <p>
283:
284: <li>Assorted improvements:
285: <ul>
1.3 guenther 286: <li>The thread library can now be loaded into a single-threaded process.
287: <li>Improved symbol handling and standards compliance in libc.
288: For example, defining an <tt>open()</tt> function will no longer
289: interfere with the operation of
1.6 schwarze 290: <a href="http://man.openbsd.org/fopen.3">fopen(3)</a>.
1.3 guenther 291: <li><tt>PT_TLS</tt> sections are now supported in initially loaded object.
292: <li>Improved handling of "no paths" and "empty path" in
1.6 schwarze 293: <a href="http://man.openbsd.org/fts.3">fts(3)</a>.
1.12 schwarze 294: <li>In <a href="http://man.openbsd.org/pcap.3">pcap(3)</a>,
295: provide the functions <tt>pcap_free_datalinks()</tt>
296: and <tt>pcap_offline_filter()</tt>.
297: <li>Many bugfixes and structural cleanup in the
298: <a href="http://man.openbsd.org/editline">editline(3)</a> library.
299: <li>Remove ancient
300: <a href="http://man.openbsd.org/OpenBSD-5.9/dbm.3">dbm(3)</a>
301: functions;
302: <a href="http://man.openbsd.org/ndbm.3">ndbm(3)</a> remains.
1.17 tedu 303: <li>Add <tt>setenv</tt> keyword for more powerful environment handling in
1.12 schwarze 304: <a href="http://man.openbsd.org/doas.conf.5">doas.conf(5)</a>.
305: <li>Add <tt>-g</tt> and <tt>-p</tt> options to
306: <a href="http://man.openbsd.org/aucat.1">aucat.1</a>
307: for time positioning.
308: <li>Rewrite <a href="http://man.openbsd.org/audioctl.1">audioctl(1)</a>
309: with a simpler user interface.
310: <li>Add <tt>-F</tt> option to
311: <a href="http://man.openbsd.org/install.1">install(1)</a>
312: to <a href="http://man.openbsd.org/fsync.2">fsync(2)</a>
313: the file before closing it.
1.6 schwarze 314: <li><a href="http://man.openbsd.org/kdump.1">kdump(1)</a>
315: now dumps <tt>pollfd</tt> structures.
1.12 schwarze 316: <li>Improve various details of
317: <a href="http://man.openbsd.org/ksh.1">ksh(1)</a> POSIX compliance.
318: <li><a href="http://man.openbsd.org/mknod.8">mknod(8)</a> rewritten in a
319: <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>-friendly
320: style and to support creating multiple devices at once.
321: <li>Implement <a href="http://man.openbsd.org/rcctl.8">rcctl(8)</a>
322: <tt>get all</tt> and <tt>getdef all</tt>.
323: <li>Implement the <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>
324: <tt>-I</tt> (interactive) flag.
1.11 schwarze 325: <li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>,
326: implement Mdocdate keyword substitution.
327: <li>In <a href="http://man.openbsd.org/top.1">top(1)</a>,
328: allow to filter process arguments if they are being displayed.
329: <li>Added UTF-8 support to
330: <a href="http://man.openbsd.org/fold.1">fold(1)</a> and
331: <a href="http://man.openbsd.org/rev.1">rev(1)</a>.
332: <li>Enable UTF-8 by default in
333: <a href="http://man.openbsd.org/xterm.1">xterm(1)</a> and
334: <a href="http://man.openbsd.org/pod2man.1">pod2man(1)</a>.
335: <li>Filter out non-ASCII characters in
336: <a href="http://man.openbsd.org/wall.1">wall(1)</a>.
1.12 schwarze 337: <li>Handle the <a href="http://man.openbsd.org/?apropos=1&query=Ev%3DCOLUMNS">COLUMNS</a>
338: environment variable consistently across many programs.
1.14 bluhm 339: <li>The options <tt>-c</tt> and <tt>-k</tt> allow to provide
340: TLS client certificates for
341: <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>
342: on the sending side.
1.18 tedu 343: With that the receiving side can verify log messages
1.14 bluhm 344: are authentic.
345: Note that syslogd does not have this check feature yet.
346: <li>When the klog buffer overflows, syslogd will write a log
347: message to show that some entries is missing.
1.31 visa 348: <li>On OpenBSD/octeon, CPU cache write buffering is enabled
349: to improve performance.
1.35 espie 350: <li><a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a> and
351: <a href="http://man.openbsd.org/pkg_info.1">pkg_info(1)</a> now
352: understand a notion of branch to ease selection of some popular
353: packages such as python or php, e.g., say
354: <tt>pkg_add python%3.4</tt> to select the <tt>3.4</tt> branch,
355: and use <tt>pkg_info -zm</tt> to get a fuzzy listing with branch
356: selection suitable for <tt>pkg_add -l</tt>.
1.45 krw 357: <li><a href="http://man.openbsd.org/?query=fdisk">fdisk(8)</a> and
358: <a href="http://man.openbsd.org/?query=pdisk">pdisk(8)</a>
359: immediately exit unless passed a character special device
360: <li><a href="http://man.openbsd.org/?query=st">st(4)</a>
361: correctly tracks the current block count for variable sized blocks
362: <li><a href="http://man.openbsd.org/?query=fsck_ext2fs">fsck_ext2fs(8)</a>
363: works again
364: <li><a href="http://man.openbsd.org/?query=softraid">softraid(4)</a> volumes
365: can be constructed with disks that have a sector size other than 512 bytes
366: <li><a href="http://man.openbsd.org/?query=dhclient">dhclient(8)</a>
367: DECLINE's and discards unused OFFER's.
368: <li><a href="http://man.openbsd.org/?query=dhclient">dhclient(8)</a>
369: immediately exits if its interface (e.g. a
370: <a href="http://man.openbsd.org/?query=bridge">bridge(4)</a>)
371: returns EAFNOSUPPORT when a packet is sent.
372: <li><a href="http://man.openbsd.org/?query=httpd">httpd(8)</a> returns
373: 400 Bad Request for HTTP v0.9 requests.
374: <li>ffs2's lazy node initialization avoids treating random disk data as
375: an inode
376: <li><a href="http://man.openbsd.org/?query=fcntl">fcntl(2)</a> invocations
377: in base programs use the idiom fcntl(n,F_GETFL) instead of fcntl(n,F_GETFL,0)
378: <li><a href="http://man.openbsd.org/?query=socket">socket(2)</a> and
379: <a href="http://man.openbsd.org/?query=accept4">accept4(2)</a> invocations
380: in base programs use SOCK_NONBLOCK to eliminate the need for a separate
381: <a href="http://man.openbsd.org/?query=fcntl">fcntl(2)</a>.
1.47 krw 382: <li>tmpfs not enabled by default
1.50 tb 383: <li>the in-kernel semantics of
384: <a href="http://man.openbsd.org/pledge">pledge(2)</a>
385: were improved in numerous ways.
386: Highlights include:
387: a new <tt>chown</tt> promise that allows pledged programs to set
388: setugid attributes,
389: a stricter enforcement of the <tt>recvfd</tt> promise and
390: <a href="man.openbsd.org/chroot.2">chroot(2)</a> is no longer allowed
391: for pledged programs.
392: <li>a number of
393: <a href="http://man.openbsd.org/pledge">pledge(2)</a>-related bugs
394: (missing promises, unintended changes of behavior, crashes) were fixed,
395: notably in
396: <a href="http://man.openbsd.org/gzip">gzip(1)</a>,
397: <a href="http://man.openbsd.org/nc">nc(1)</a>,
398: <a href="http://man.openbsd.org/sed">sed(1)</a>,
399: <a href="http://man.openbsd.org/skeyinit">skeyinit(1)</a>,
400: <a href="http://man.openbsd.org/stty">stty(1)</a>,
401: and various disk-related utilities, such as
402: <a href="http://man.openbsd.org/disklabel">disklabel(8)</a> and
403: <a href="http://man.openbsd.org/fdisk">fdisk(8)</a>.
1.1 deraadt 404: </ul>
405: <p>
406:
1.56 ! lteo 407: <li>OpenSMTPD 6.0.0
1.1 deraadt 408: <ul>
1.56 ! lteo 409: <li>Security:
! 410: <ul>
! 411: <li>Implement the fork+exec pattern in
! 412: <a href="http://man.openbsd.org/smtpd">smtpd(8)</a>.
! 413: <li>Fix a logic issue in the SMTP state machine that can lead to
! 414: an invalid state and result in a crash.
! 415: <li>Plug a file-pointer leak that can lead to resource exhaustion
! 416: and result in a crash.
! 417: <li>Use automatic DH parameters instead of fixed ones.
! 418: <li>Disable DHE by default since it is computationally expensive
! 419: and a potential DoS vector.
! 420: </ul>
! 421: <li>The following improvements were brought in this release:
! 422: <ul>
! 423: <li>Add the <tt>-r</tt> option to the
! 424: <a href="http://man.openbsd.org/smtpd">smtpd(8)</a>
! 425: enqueuer for compatibility with mailx.
! 426: <li>Explicitly enclose SMTP transactions between BEGIN and
! 427: COMMIT/ROLLBACK filter events.
! 428: <li>Add missing date or message-id when listening on the submit
! 429: port.
! 430: <li>Fix "smtpctl show queue" reporting "invalid" envelope state.
! 431: <li>Rework the format of the "Received" header so that the TLS
! 432: part does not violate the RFC.
! 433: <li>Increase the number of connections a local address is
! 434: allowed to establish, and decrease the delay between
! 435: transactions in the same session.
! 436: <li>Properly reset the transaction when a filter rejects a
! 437: message.
! 438: <li>Deal with LMTP servers returning continuation lines.
! 439: </ul>
1.1 deraadt 440: </ul>
441: <p>
442:
1.28 deraadt 443: <li>OpenSSH 7.3
1.1 deraadt 444: <ul>
445: <li>Security:
446: <ul>
1.39 sobrado 447: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
448: Mitigate a potential denial-of-service attack against the system's
449: <a href="http://man.openbsd.org/crypt.3">crypt(3)</a>
450: function via
451: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>.
452: An attacker could send very long passwords that would cause
453: excessive CPU use in
454: <a href="http://man.openbsd.org/crypt.3">crypt(3)</a>.
455: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>
456: now refuses to accept password authentication requests of length
457: greater than 1024 characters.
458: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
459: Mitigate timing differences in password authentication that could be
460: used to discern valid from invalid account names when long passwords
461: were sent and particular password hashing algorithms are in use on
462: the server. CVE-2016-6210.
463: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
464: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
465: Fix observable timing weakness in the <i>CBC padding oracle
466: countermeasures</i>. Note that CBC ciphers are disabled by default
467: and only included for legacy compatibility.
468: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
469: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
470: Improve ordering ordering of MAC verification for
471: <i>Encrypt-then-MAC</i> (EtM) mode transport MAC algorithms to
472: verify the MAC before decrypting any ciphertext. This removes the
473: possibility of timing differences leaking facts about the plaintext,
474: though no such leakage is known.
1.1 deraadt 475: </ul>
476: <li>New/changed features:
477: <ul>
1.39 sobrado 478: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
479: Add a <tt>ProxyJump</tt> option and corresponding <tt>-J</tt>
480: command-line flag to allow simplified indirection through a one or
481: more SSH bastions or "jump hosts".
482: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
483: Add an <tt>IdentityAgent</tt> option to allow specifying specific
484: agent sockets instead of accepting one from the environment.
485: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
486: Allow <tt>ExitOnForwardFailure</tt> and <tt>ClearAllForwardings</tt>
487: to be optionally overridden when using <tt>ssh -W</tt>. (bz#2577)
488: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
489: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
490: Implement support for the IUTF8 terminal mode as per
491: <i>draft-sgtatham-secsh-iutf8-00</i>.
492: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
493: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
494: Add support for additional <i>fixed Diffie-Hellman 2K</i>, <i>4K</i>
495: and <i>8K</i> groups from <i>draft-ietf-curdle-ssh-kex-sha2-03</i>.
496: <li><a href="http://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>,
497: <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
498: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
499: support SHA256 and SHA512 RSA signatures in certificates.
500: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
501: Add an <tt>Include</tt> directive for
502: <a href="http://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
503: files.
504: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
505: Permit UTF-8 characters in pre-authentication banners sent from the
506: server. (bz#2058)
1.1 deraadt 507: </ul>
508: <li>The following significant bugs have been fixed in this release:
509: <ul>
1.11 schwarze 510: <li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a>
1.39 sobrado 511: and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>,
512: prevent screwing up terminal settings by escaping bytes
513: not forming ASCII or UTF-8 characters.
514: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>,
515: <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
516: Reduce the syslog level of some relatively common protocol events
517: from <tt>LOG_CRIT</tt>. (bz#2585)
518: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
519: Refuse <tt>AuthenticationMethods=""</tt> in configurations and accept
520: <tt>AuthenticationMethods=any</tt> for the default behaviour of not
521: requiring multiple authentication. (bz#2398)
522: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
523: Remove obsolete and misleading <tt>"POSSIBLE BREAK-IN ATTEMPT!"</tt>
524: message when forward and reverse DNS don't match. (bz#2585)
525: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
526: Close <tt>ControlPersist</tt> background process stderr except in
527: debug mode or when logging to syslog. (bz#1988)
528: <li>misc: Make PROTOCOL description for
529: <i>direct-streamlocal@openssh.com</i> channel open messages match
530: deployed code. (bz#2529)
531: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
532: Deduplicate <tt>LocalForward</tt> and <tt>RemoteForward</tt> entries
533: to fix failures when both <tt>ExitOnForwardFailure</tt> and
534: <tt>hostname</tt> canonicalisation are enabled. (bz#2562)
535: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
536: Remove fallback from moduli to obsolete "primes" file that was
537: deprecated in 2001. (bz#2559)
538: <li><a href="http://man.openbsd.org/sshd_config.5">sshd_config(5)</a>:
539: Correct description of <tt>UseDNS</tt>: it affects ssh hostname
540: processing for <tt>authorized_keys</tt>, not <tt>known_hosts</tt>.
541: (bz#2554)
542: <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
543: Fix authentication using lone certificate keys in an agent without
544: corresponding private keys on the filesystem. (bz#2550)
545: <li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>:
546: Send <tt>ClientAliveInterval</tt> pings when a time-based
547: <tt>RekeyLimit</tt> is set; previously keepalive packets were not
548: being sent. (bz#2252)
1.1 deraadt 549: </ul>
550: </ul>
551: <p>
1.5 sobrado 552:
553: <li>OpenNTPD 6.0
554: <ul>
555: <li>When a single "constraint" is specified, try all returned addresses
556: until one succeeds, rather than the first returned address.
557: <li>Relaxed the constraint error margin to be proportional to the number
558: of NTP peers, avoid constant reconnections when there is a bad NTP
559: peer.
560: <li>Removed disabled
1.6 schwarze 561: <a href="http://man.openbsd.org/hotplug.4">hotplug(4)</a>
1.5 sobrado 562: sensor support.
563: <li>Added support for detecting crashes in constraint subprocesses.
564: <li>Moved the execution of constraints from the ntp process to the
565: parent process, allowing for better privilege separation since the
566: ntp process can be further restricted.
567: <li>Added
1.6 schwarze 568: <a href="http://man.openbsd.org/pledge.2">pledge(2)</a>
1.5 sobrado 569: support.
570: <li>Fixed high CPU usage when the network is down.
571: <li>Fixed various memory leaks.
572: <li>Switched to RMS for jitter calculations.
573: <li>Unified logging functions with other OpenBSD base programs.
574: <li>Set <tt>MOD_MAXERROR</tt> to avoid unsynced time status when using
575: ntp_adjtime.
576: <li>Fixed HTTP Timestamp header parsing to use
1.6 schwarze 577: <a href="http://man.openbsd.org/strptime.3">strptime(3)</a>
1.5 sobrado 578: in a more portable fashion.
579: <li>Hardened TLS for
1.6 schwarze 580: <a href="http://man.openbsd.org/ntpd.8">ntpd(8)</a>
1.5 sobrado 581: constraints, enabling server name verification.
582: </ul>
583: <p>
584:
1.4 sobrado 585: <li>LibreSSL 2.4.2
1.1 deraadt 586: <ul>
587: <li>User-visible features:
588: <ul>
1.4 sobrado 589: <li>Fixed some broken manpage links in the install target.
590: <li><tt>cert.pem</tt> has been reorganized and synced with Mozilla's
591: certificate store.
592: <li>Reliability fix, correcting an error when parsing certain ASN.1
593: elements over 16k in size.
594: <li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites.
595: <li>Fixed password prompts from
1.6 schwarze 596: <a href="http://man.openbsd.org/openssl.1">openssl(1)</a>
1.4 sobrado 597: to properly handle ^C.
1.1 deraadt 598: </ul>
599: <li>Code improvements:
600: <ul>
1.4 sobrado 601: <li>Fixed an <i>nginx</i> compatibility issue by adding an
602: '<tt>install_sw</tt>' build target.
603: <li>Changed default
1.6 schwarze 604: <a href="http://man.openbsd.org/EVP_AEAD_CTX_init.3">EVP_aead_chacha20_poly1305(3)</a>
1.4 sobrado 605: implementation to the IETF version, which is now the default.
606: <li>Reworked error handling in <tt>libtls</tt> so that configuration
607: errors are more visible.
608: <li>Added missing error handling around
1.6 schwarze 609: <a href="http://man.openbsd.org/bn_wexpand.3">bn_wexpand(3)</a>
1.4 sobrado 610: calls.
611: <li>Added
1.6 schwarze 612: <a href="http://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a>
1.4 sobrado 613: calls for freed ASN.1 objects.
614: <li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation
615: failure.
616: <li>Deprecated internal use of
1.6 schwarze 617: <a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>.
1.4 sobrado 618: <li>Fixed a problem that prevents the DSA signing algorithm from running
619: in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set.
620: <li>Fixed several issues in the OCSP code that could result in the
621: incorrect generation and parsing of OCSP requests. This remediates
622: a lack of error checking on time parsing in these functions, and
623: ensures that only <tt>GENERALIZEDTIME</tt> formats are accepted for
624: OCSP, as per <i>RFC 6960</i>.
625: </ul>
1.22 tom 626: <li>The following CVEs have been fixed:
1.4 sobrado 627: <ul>
628: <li><tt>CVE-2016-2105</tt>—EVP_EncodeUpdate overflow.
629: <li><tt>CVE-2016-2106</tt>—EVP_EncryptUpdate overflow.
630: <li><tt>CVE-2016-2107</tt>—padding oracle in AES-NI CBC MAC check.
631: <li><tt>CVE-2016-2108</tt>—memory corruption in the ASN.1 encoder.
632: <li><tt>CVE-2016-2109</tt>—ASN.1 BIO excessive memory allocation.
1.1 deraadt 633: </ul>
634: </ul>
635: <p>
636:
637: <li>Ports and packages:
1.35 espie 638: <dl>
639: <dt>New proot(1) tool in the ports tree for building packages in a chroot.
640: </dl>
1.1 deraadt 641: <dl>
642: <dt>Many pre-built packages for each architecture:
643: </dl>
644: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
645: <table border=0 cellspacing=0 cellpadding=2 width="95%">
646: <tr>
647: <td valign="top" width="25%">
648: <ul>
1.46 landry 649: <li>alpha: 7422
1.41 deraadt 650: <li>amd64: 9433
651: <li>hppa: 6346
1.1 deraadt 652: </ul></td><td valign=top width="25%"><ul>
1.41 deraadt 653: <li>i386: 9394
1.1 deraadt 654: <li>mips64: xxxx
655: <li>mips64el: xxxx
656: </ul></td><td valign=top width="25%"><ul>
657: <li>powerpc: xxxx
1.46 landry 658: <li>sparc64: 8570
1.1 deraadt 659: </ul></td></tr></table>
660: <p>
661:
662: <dl>
663: <dt>Some highlights:
664: </dl>
665: <table border=0 cellspacing=0 cellpadding=2 width="95%">
666: <tr>
1.7 schwarze 667: <td valign="top" width="50%"><ul>
668: <li>Afl 2.19b
669: <li>Chromium 51.0.2704.106
670: <li>Emacs 21.4 and 24.5
671: <li>GCC 4.9.3
672: <li>GHC 7.10.3
673: <li>Gimp 2.8.16
1.9 jasper 674: <li>GNOME 3.20.2
1.7 schwarze 675: <li>Go 1.6.3
676: <li>Groff 1.22.3
677: <li>JDK 7u80 and 8u72
1.9 jasper 678: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
1.7 schwarze 679: <li>LLVM/Clang 3.8.0
680: <li>LibreOffice 5.1.4.2
681: <li>Lua 5.1.5, 5.2.4, and 5.3.3
682: <li>MariaDB 10.0.25
683: <li>Mono 4.4.0.182
684: <li>Mozilla Firefox 45.2.0esr and 47.0.1
685: </ul></td><td valign=top width="50%"><ul>
686: <li>Mozilla Thunderbird 45.2.0
687: <li>Mutt 1.6.2
688: <li>Node.js 4.4.5
1.45 krw 689: <li>Ocaml 4.3.0
1.7 schwarze 690: <li>OpenLDAP 2.3.43 and 2.4.44
691: <li>PHP 5.5.37, 5.6.23, and 7.0.8
692: <li>Postfix 3.1.1 and 3.2-20160515
693: <li>PostgreSQL 9.5.3
694: <li>Python 2.7.12, 3.4.5, and 3.5.2
695: <li>R 3.3.1
696: <li>Ruby 1.8.7.374, 2.0.0.648, 2.1.9, 2.2.5, and 2.3.1
697: <li>Rust 1.9.0-20160608
698: <li>Sendmail 8.15.2
699: <li>Sudo 1.8.17.1
700: <li>Tcl/Tk 8.5.18 and 8.6.4
701: <li>TeX Live 2015
702: <li>Vim 7.4.1467
703: <li>Xfce 4.12
704: </ul></td></tr></table>
1.1 deraadt 705: <p>
706:
707: <li>As usual, steady improvements in manual pages and other documentation.
708: <p>
709:
710: <li>The system includes the following major components from outside suppliers:
711: <ul>
1.8 schwarze 712: <li>Xenocara (based on X.Org 7.7 with xserver 1.18.3 + patches,
713: freetype 2.6.3, fontconfig 2.11.1, Mesa 11.2.2, xterm 322,
714: xkeyboard-config 2.18 and more)
1.34 deraadt 715: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.8 schwarze 716: <li>Perl 5.20.3 (+ patches)
717: <li>SQLite 3.9.2 (+ patches)
718: <li>NSD 4.1.10
719: <li>Unbound 1.5.9
720: <li>Ncurses 5.7
721: <li>Binutils 2.17 (+ patches)
722: <li>Gdb 6.3 (+ patches)
723: <li>Awk Aug 10, 2011 version
1.12 schwarze 724: <li>Expat 2.1.1
1.1 deraadt 725: </ul>
726: </ul>
727:
728: <hr>
729:
730: <h3 id="install"><font color="#0000e0">How to install</font></h3>
731:
732: Following this are the instructions which you would have on a piece of
733: paper if you had purchased a CDROM set instead of doing an alternate
734: form of install. The instructions for doing an HTTP (or other style
735: of) install are very similar; the CDROM instructions are left intact
736: so that you can see how much easier it would have been if you had
737: purchased a CDROM instead.
738: <p>
739:
740: <hr>
741: <p>
742: Please refer to the following files on the three CDROMs or mirror site for
743: extensive details on how to install OpenBSD 6.0 on your machine:
744:
745: <ul>
746: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/alpha/INSTALL.alpha">
747: .../OpenBSD/6.0/alpha/INSTALL.alpha (on CD1)</a>
748: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/i386/INSTALL.i386">
749: .../OpenBSD/6.0/i386/INSTALL.i386 (on CD1)</a>
750: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/hppa/INSTALL.hppa">
751: .../OpenBSD/6.0/hppa/INSTALL.hppa (on CD1)</a>
752: <p>
753: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/amd64/INSTALL.amd64">
754: .../OpenBSD/6.0/amd64/INSTALL.amd64 (on CD2)</a>
755: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/macppc/INSTALL.macppc">
756: .../OpenBSD/6.0/macppc/INSTALL.macppc (on CD2)</a>
757: <p>
758: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/sparc64/INSTALL.sparc64">
759: .../OpenBSD/6.0/sparc64/INSTALL.sparc64 (on CD3)</a>
760: <p>
761: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/armv7/INSTALL.armv7">
762: .../OpenBSD/6.0/armv7/INSTALL.armv7</a>
763: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/hppa/INSTALL.hppa">
764: .../OpenBSD/6.0/hppa/INSTALL.hppa</a>
765: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/landisk/INSTALL.landisk">
766: .../OpenBSD/6.0/landisk/INSTALL.landisk</a>
767: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/loongson/INSTALL.loongson">
768: .../OpenBSD/6.0/loongson/INSTALL.loongson</a>
769: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/luna88k/INSTALL.luna88k">
770: .../OpenBSD/6.0/luna88k/INSTALL.luna88k</a>
771: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/octeon/INSTALL.octeon">
772: .../OpenBSD/6.0/octeon/INSTALL.octeon</a>
773: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/sgi/INSTALL.sgi">
774: .../OpenBSD/6.0/sgi/INSTALL.sgi</a>
775: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/socppc/INSTALL.socppc">
776: .../OpenBSD/6.0/socppc/INSTALL.socppc</a>
777: <li><a href="http://ftp.openbsd.org/pub/OpenBSD/6.0/zaurus/INSTALL.zaurus">
778: .../OpenBSD/6.0/zaurus/INSTALL.zaurus</a>
779: </ul>
780:
781:
782: <hr>
783:
784: <p>
1.6 schwarze 785: Quick installer information for people familiar with OpenBSD, and the use of
786: the "<a href="http://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
787: If you are at all confused when installing OpenBSD, read the relevant
788: INSTALL.* file as listed above!
1.1 deraadt 789:
790: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
791:
792: <ul style="list-style-type: none">
793: <li>
794: The OpenBSD/i386 release is on CD1.
795: Boot from the CD to begin the install - you may need to adjust
796: your BIOS options first.
797: <p>
798: <li>
799: If your machine can boot from USB, you can write <i>install60.fs</i> or
800: <i>miniroot60.fs</i> to a USB stick and boot from it.
801: <p>
802: <li>
803: If you can't boot from a CD, floppy disk, or USB,
804: you can install across the network using PXE as described in
805: the included INSTALL.i386 document.
806: <p>
807: <li>
808: If you are planning on dual booting OpenBSD with another OS, you will need to
809: read INSTALL.i386.
810: </ul>
811:
812: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
813:
814: <ul style="list-style-type: none">
815: <li>
816: The OpenBSD/amd64 release is on CD2.
817: Boot from the CD to begin the install - you may need to adjust
818: your BIOS options first.
819: <p>
820: <li>
821: If your machine can boot from USB, you can write <i>install60.fs</i> or
822: <i>miniroot60.fs</i> to a USB stick and boot from it.
823: <p>
824: <li>
825: If you can't boot from a CD, floppy disk, or USB,
826: you can install across the network using PXE as described in the included
827: INSTALL.amd64 document.
828: <p>
829: <li>
830: If you are planning to dual boot OpenBSD with another OS, you will need to
831: read INSTALL.amd64.
832: </ul>
833:
834: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
835:
836: <ul style="list-style-type: none">
837: <li>
838: Burn the image from a mirror site to a CDROM, and power on your machine
839: while holding down the <i>C</i> key until the display turns on and
840: shows <i>OpenBSD/macppc boot</i>.
841: <p>
842: <li>
843: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
844: /6.0/macppc/bsd.rd</i>
845: </ul>
846:
847: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
848:
849: <ul style="list-style-type: none">
850: <li>
851: Put CD3 in your CDROM drive and type <i>boot cdrom</i>.
852: <p>
853: <li>
854: If this doesn't work, or if you don't have a CDROM drive, you can write
855: <i>CD3:6.0/sparc64/floppy60.fs</i> or <i>CD3:6.0/sparc64/floppyB60.fs</i>
856: (depending on your machine) to a floppy and boot it with <i>boot
857: floppy</i>. Refer to INSTALL.sparc64 for details.
858: <p>
859: <li>
860: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
861: will most likely fail.
862: <p>
863: <li>
864: You can also write <i>CD3:6.0/sparc64/miniroot60.fs</i> to the swap partition on
865: the disk and boot with <i>boot disk:b</i>.
866: <p>
867: <li>
868: If nothing works, you can boot over the network as described in INSTALL.sparc64.
869: </ul>
870:
871: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
872:
873: <ul style="list-style-type: none">
874: <li>
875: Write <i>FTP:6.0/alpha/floppy60.fs</i> or
876: <i>FTP:6.0/alpha/floppyB60.fs</i> (depending on your machine) to a diskette and
877: enter <i>boot dva0</i>. Refer to INSTALL.alpha for more details.
878: <p>
879: <li>
880: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
881: will most likely fail.
882: </ul>
883:
884: <h3><font color="#e00000">OpenBSD/armv7:</font></h3>
885:
886: <ul style="list-style-type: none">
887: <li>
1.29 jsg 888: Write a system specific miniroot to an SD card and boot from it after connecting
889: to the serial console. Refer to INSTALL.armv7 for more details.
1.1 deraadt 890: <p>
891: </ul>
892:
893: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
894:
895: <ul style="list-style-type: none">
896: <li>
897: Boot over the network by following the instructions in INSTALL.hppa or the
898: <a href="hppa.html#install">hppa platform page</a>.
899: </ul>
900:
901: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
902:
903: <ul style="list-style-type: none">
904: <li>
905: Write <i>miniroot60.fs</i> to the start of the CF
906: or disk, and boot normally.
907: </ul>
908:
909: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
910:
911: <ul style="list-style-type: none">
912: <li>
913: Write <i>miniroot60.fs</i> to a USB stick and boot bsd.rd from it
914: or boot bsd.rd via tftp.
915: Refer to the instructions in INSTALL.loongson for more details.
916: </ul>
917:
918: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
919:
920: <ul style="list-style-type: none">
921: <li>
922: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
923: from the PROM, and then bsd.rd from the bootloader.
924: Refer to the instructions in INSTALL.luna88k for more details.
925: </ul>
926:
927: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
928:
929: <ul style="list-style-type: none">
930: <li>
931: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
932: Refer to the instructions in INSTALL.octeon for more details.
933: </ul>
934:
935: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
936:
937: <ul style="list-style-type: none">
938: <li>
939: To install, burn cd60.iso on a CD-R, put it in the CD drive of your
940: machine and select <i>Install System Software</i> from the System Maintenance
941: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
942: CD-ROM, and need a proper invocation from the PROM prompt.
943: Refer to the instructions in INSTALL.sgi for more details.
944:
945: <p>
946: <li>
947: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
948: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
949: system type. Refer to the instructions in INSTALL.sgi for more details.
950: </ul>
951:
952: <h3><font color="#e00000">OpenBSD/socppc:</font></h3>
953:
954: <ul style="list-style-type: none">
955: <li>
956: After connecting a serial port, boot over the network via DHCP/tftp.
957: Refer to the instructions in INSTALL.socppc for more details.
958: </ul>
959:
960: <h3><font color="#e00000">OpenBSD/zaurus:</font></h3>
961:
962: <ul style="list-style-type: none">
963: <li>
964: Using the Linux built-in graphical ipkg installer, install the
965: openbsd60_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
966: for a few important details.
967: </ul>
968:
969: <hr>
970:
971: <h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3>
972:
973: If you already have an OpenBSD 5.9 system, and do not want to reinstall,
974: upgrade instructions and advice can be found in the
975: <a href="faq/upgrade60.html">Upgrade Guide</a>.
976: <p>
977:
978: <hr>
979:
980: <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3>
981:
1.6 schwarze 982: <tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>.
983: This file contains everything you need except for the kernel sources,
984: which are in a separate archive.
985: To extract:
1.1 deraadt 986:
987: <blockquote><pre>
988: # <b>mkdir -p /usr/src</b>
989: # <b>cd /usr/src</b>
990: # <b>tar xvfz /tmp/src.tar.gz</b>
991: </pre></blockquote>
992:
1.6 schwarze 993: <tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>.
1.1 deraadt 994: This file contains all the kernel sources you need to rebuild kernels.
995: To extract:
996:
997: <blockquote><pre>
998: # <b>mkdir -p /usr/src/sys</b>
999: # <b>cd /usr/src</b>
1000: # <b>tar xvfz /tmp/sys.tar.gz</b>
1001: </pre></blockquote>
1002:
1003: Both of these trees are a regular CVS checkout. Using these trees it
1004: is possible to get a head-start on using the anoncvs servers as
1005: described <a href="anoncvs.html">here</a>.
1006: Using these files
1007: results in a much faster initial CVS update than you could expect from
1008: a fresh checkout of the full OpenBSD source tree.
1009: <p>
1010:
1011: <hr>
1012:
1013: <h3 id="ports"><font color="#0000e0">Ports Tree</font></h3>
1014:
1015: A ports tree archive is also provided. To extract:
1016:
1017: <blockquote><pre>
1018: # <b>cd /usr</b>
1019: # <b>tar xvfz /tmp/ports.tar.gz</b>
1020: </pre></blockquote>
1021:
1022: Go read the <a href="faq/ports/index.html">ports</a> page
1023: if you know nothing about ports
1024: at this point. This text is not a manual of how to use ports.
1025: Rather, it is a set of notes meant to kickstart the user on the
1026: OpenBSD ports system.
1027: <p>
1.6 schwarze 1028: The <i>ports/</i> directory represents a CVS checkout of our ports.
1029: As with our complete source tree, our ports tree is available via
1.1 deraadt 1030: <a href="anoncvs.html">AnonCVS</a>.
1031: So, in order to keep up to date with the <i>-stable</i> branch, you must make
1032: the <i>ports/</i> tree available on a read-write medium and update the tree
1033: with a command like:
1034:
1035: <blockquote><pre>
1036: # <b>cd /usr/ports</b>
1037: # <b>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_0</b>
1038: </pre></blockquote>
1039:
1040: [Of course, you must replace the server name here with a nearby anoncvs
1041: server.]
1042: <p>
1043: Note that most ports are available as packages on our mirrors. Updated
1044: ports for the 6.0 release will be made available if problems arise.
1045: <p>
1046: If you're interested in seeing a port added, would like to help out, or just
1047: would like to know more, the mailing list
1048: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1049: <p>
1050: </body>
1051: </html>