Annotation of www/62.html, Revision 1.61
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 6.2</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 6.2">
7: <meta name="copyright" content="This document copyright 2017 by OpenBSD.">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/62.html">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <h2>
16: <a href="index.html">
17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
18: <font color="#e00000">6.2</font>
19: </h2>
20:
1.53 deraadt 21: <a href="images/MoBSD.gif">
1.59 jsg 22: <img alt="MoBSD" align="left" width="227" height="343" hspace="24" src="images/MoBSD.gif"></a>
1.1 deraadt 23: Released October 15, 2017<br>
24: Copyright 1997-2017, Theo de Raadt.<br>
25: <br>
26: <br>
27: 6.2 Song:
1.50 deraadt 28: <a href="lyrics.html#62">coming in December</a>.
1.1 deraadt 29:
30: <br>
31: <ul>
32: <li>See the information on <a href="ftp.html">the FTP page</a> for
33: a list of mirror machines.
34: <li>Go to the <font color="#e00000">pub/OpenBSD/6.2/</font> directory on
35: one of the mirror sites.
36: <li>Have a look at <a href="errata62.html">the 6.2 errata page</a> for a list
37: of bugs and workarounds.
38: <li>See a <a href="plus62.html">detailed log of changes</a> between the
39: 6.1 and 6.2 releases.
40: <p>
41: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
42: pubkeys for this release:<br>
43: <pre>
44: base: RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
45: fw: RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
46: pkg: RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI
47: </pre>
48: <p>
49: All applicable copyrights and credits are in the src.tar.gz,
50: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
51: files fetched via ports.tar.gz.
52: </ul>
53: <br clear=all>
54:
55: <hr>
56:
57: <h3 id="new"><font color="#0000e0">What's New</font></h3>
58:
59: This is a partial list of new features and systems included in OpenBSD 6.2.
60: For a comprehensive list, see the <a href="plus62.html">changelog</a> leading
61: to 6.2.
62:
63: <ul>
64:
65: <li>Improved hardware support, including:
66: <ul>
1.61 ! jsing 67: <li>arm: New <a href="https://man.openbsd.org/rkgrf.4">rkgrf(4)</a> driver
! 68: for the Rockchip RK3399/RK3288 register file.
! 69: <li>arm: New <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>
! 70: driver for Rockchip RK3399/RK3288 clocks.
! 71: <li>arm: New <a href="https://man.openbsd.org/rkpinctrl.4">rkpinctrl(4)</a>
! 72: driver for controlling Rockchip RK3399/RK3288 pins.
! 73: <li>arm: New <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a> driver
! 74: for GPIO on Rockchip SoCs.
! 75: <li>arm: New <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a> driver
! 76: for Rockchip RK3399 temperature sensors.
! 77: <li>arm: New <a href="https://man.openbsd.org/rkiic.4">rkiic(4)</a> driver
! 78: for Rockchip RK3399 I2C controllers.
! 79: <li>arm: New <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> driver
! 80: for the RK808 Power Management IC.
! 81: <li>arm: New <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a> driver
! 82: for Synopsis DesignWare SD/MMC controllers.
! 83: <li>arm: New <a href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> driver
! 84: for the Synopsys DesignWare watchdog timer.
! 85: <li>arm: New <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> driver
! 86: for the Synopsys DesignWare Ethernet controller.
! 87: <li>arm: New <a href="https://man.openbsd.org/sxitwi.4">sxitwi(4)</a> driver
! 88: for the two-wire bus on Allwinner SoCs.
! 89: <li>arm: New <a href="https://man.openbsd.org/axppmic.4">axppmic(4)</a>
! 90: driver for the AXP209 I2C PMIC.
! 91: <li>arm: New <a href="https://man.openbsd.org/bcmaux.4">bcmaux(4)</a> driver
! 92: for clocks and interrupts on the auxilliary UART on BCM2835 devices.
! 93: <li>arm: New <a href="https://man.openbsd.org/armv7/mvmpic.4">mvmpic(4)</a>
! 94: driver for an interrupt controller on Marvell ARMADA 38x.
! 95: <li>arm: New <a href="https://man.openbsd.org/armv7/mvpxa.4">mvpxa(4)</a>
! 96: driver for the SD Host Controller on Marvell ARMADA 38x.
! 97: <li>arm: New <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>
! 98: driver to configure pins on Marvell ARMADA 38x.
! 99: <li>arm: New <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> driver
! 100: the Ethernet controller on Marvell ARMADA 38x.
! 101: <li>arm: New <a
! 102: href="https://man.openbsd.org/armv7/amdisplay.4">amdisplay(4)</a> &
! 103: <a href="https://man.openbsd.org/armv7/nxphdmi.4">nxphdmi(4)</a> drivers
! 104: for the Texas Instruments AM335x LCD controller.
! 105: <li>octeon: New <a
! 106: href="https://man.openbsd.org/octeon/octcib.4">octcib(4)</a> driver for
! 107: the interrupt bus widget on CN70xx/CN71xx.
! 108: <li>octeon: New <a
! 109: href="https://man.openbsd.org/octeon/octcit.4">octcit(4)</a> driver for
! 110: the central interrupt unit version 3 on CN72xx/CN73xx/CN77xx/CN78xx.
! 111: <li>octeon: New <a
! 112: href="https://man.openbsd.org/octeon/octsctl.4">octsctl(4)</a> driver
! 113: for the OCTEON SATA controller bridge.
! 114: <li>octeon: New <a
! 115: href="https://man.openbsd.org/octeon/octxctl.4">octxctl(4)</a> driver
! 116: for the OCTEON USB3 controller bridge.
! 117: <li>octeon: Rhino Labs Inc. SDNA Shasta, and Ubiquiti Networks EdgeRouter 4
! 118: and 6 are now supported.
! 119: <li>New <a href="https://man.openbsd.org/hvs.4">hvs(4)</a> driver for
! 120: Hyper-V storage.
! 121: <li>New <a href="https://man.openbsd.org/pcxrtc.4">pcxrtc(4)</a> driver for
! 122: the NXP PCF8563 Real Time Clock.
! 123: <li>New <a href="https://man.openbsd.org/urng.4">urng(4)</a> driver for USB
! 124: random number generator devices.
! 125: <li>Intel 8265 and 3168 support was added to the
! 126: <a href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
! 127: <li>RTL8192CE support was added to the
! 128: <a href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> driver.
! 129: <li>RT5360 support was added to the
! 130: <a href="https://man.openbsd.org/ral.4">ral(4)</a> driver.
! 131: <li>RTS525A support was added to the
! 132: <a href="https://man.openbsd.org/rtsx.4">rtsx(4)</a> driver.
! 133: <li>The <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> driver
! 134: now supports _BIX entries from ACPI 4.0.
! 135: <li>ACPI hibernate support was added to the
! 136: <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver.
! 137: <li>Substantially improved ACPI hibernate performance in the
! 138: <a href="https://man.openbsd.org/ahci.4">ahci(4)</a> driver.
! 139: <li>The <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> driver
! 140: was updated to code based on Linux 4.4.70 - it now supports Skylake,
! 141: Kaby Lake, and Cherryview devices and has better support for Broadwell
! 142: and Valleyview devices.
! 143: <li>The <a href="https://man.openbsd.org/puc.4">puc(4)</a> driver now
! 144: supports ASIX AX99100 devices.
! 145: <li>Xen platform support and the
! 146: <a href="https://man.openbsd.org/xbf.4">xbf(4)</a> driver in particular
! 147: have been substantially improved.
! 148: <li>The <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver now reports
! 149: correct last sector address to SCSI, allowing a valid GPT to be created.
! 150: <li>Repair <a href="https://man.openbsd.org/ioapic.4">ioapic(4)</a> misconfigurations.
1.1 deraadt 151: </ul>
152:
153: <p>
1.36 pd 154: <li><a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>/
155: <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> improvements:
1.1 deraadt 156: <ul>
1.46 mlarkin 157: <li><a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> supports paused VM migration and memory snapshotting using send and receive commands.
158: <li>VPID/ASID reuse/rollover in <a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>.
159: <li>SGABIOS imported as an option ROM payload in SeaBIOS (for VGA to serial console redirection.)
160: <li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> resets the guest VM RTC (real time clock) on host resume from suspend/hibernate (OpenBSD guests only.)
161: <li>Allow guest VMs access to AVX/AVX2 host CPU features
162: <li>Support for AMD SVM/RVI hosts
163: <li>Allow larger guest VM memory sizes (up to MAXDSIZ sized guests - eg, 32GB on amd64 hosts)
164: <li>Better handling of guest VM MONITOR/MWAIT and HLT instructions
165: <li>Various device emulation improvements in <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a>.
166: <li>Increase the <a href="https://man.openbsd.org/virtio.4">virtio(4)</a> queue size provided by <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> from 64 to 128 entries, to increase performance.
167: <li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling.
1.1 deraadt 168: </ul>
169: <p>
170:
171: <li>IEEE 802.11 wireless stack improvements:
172: <ul>
1.8 stsp 173: <li>MiRA 802.11n TX rate scaling now supports devices with unequal numbers of Tx and Rx streams. Fixes 11n mode for some <a href="https://man.openbsd.org/athn.8">athn(8)</a> devices.
174: <li>The <a href="https://man.openbsd.org/iwn.8">iwn(8)</a> and <a href="https://man.openbsd.org/iwm.8">iwm(8)</a> drivers will now start scanning for a new access point if they no longer receive beacons from their current AP.
175: <li>Prefer the 5GHz band over the 2GHz band during access point selection.
176: <li>Improved debug output in <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> when a wireless interface is put into debug mode with <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
1.1 deraadt 177: </ul>
178: <p>
179:
180: <li>Generic network stack improvements:
181: <ul>
1.20 mpi 182: <li> Incoming and forwarded IP packets are now processed without
183: KERNEL_LOCK, resulting in better performances and reduced latency
1.4 florian 184: <li> The kernel no longer handles IPv6 Stateless Address
185: Autoconfiguration (RFC 4862), allowing cleanup and simplification
186: of the IPv6 network stack.
187: <li> The kernel sends IPv6 router solicitations for link local addresses
188: with a link local source address.
1.16 mikeb 189: <li> FQ-CoDel algorithm has been implemented for use with <a
190: href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>.
1.31 bluhm 191: <li>Improve IPv6 checks for IPsec policies and make them consistent
192: with IPv4.
193: <li>Refactor local IP delivery to process IPsec packets in a flow.
194: Avoid that they are enqueued a second time.
195: <li><a href="https://man.openbsd.org/pf.4">pf(4)</a>
196: looks into AH packets and matches on the inner protocol.
197: This makes IPv4 authentication headers work like IPv6.
198: <li>The length of extension header chains in pf(4) is limited.
199: This prevents spending excessive cpu time on crafted packets.
200: <li>Block IPv6 packets in pf(4) that have hop-by-hop options
201: header or destination options header.
202: Such packets can be passed by adding "allow-opts" to the
203: rule.
204: So IPv6 options are handled like their counterpart in IPv4
205: now.
1.38 jca 206: <li>If the IPv4 ID gets reused too fast, pf(4) fragment reassembly
1.31 bluhm 207: uses a smarter strategy to drop packets.
1.52 dlg 208: <li>Enable the use of per-CPU caches on the network packet allocators
1.1 deraadt 209: </ul>
210: <p>
211:
212: <li>Installer improvements:
213: <ul>
1.4 florian 214: <li> The installer now uses the Allotment Routing Table (ART).
1.7 rpe 215: <li> A unique kernel is now created by the installer to boot from after install/upgrade.
216: <li> On release installs of architectures supported by syspatch "syspatch -c" is added to rc.firsttime.
217: <li> Backwards compatibility code to support the 'rtsol' keyword in hostname.if(5) has been removed.
218: <li> The install.site and upgrade.site scripts are now executed at the end of the install/upgrade process.
219: <li> More detailed information is shown to identify disks.
220: <li> The IPv6 default router selection has been fixed.
1.45 tb 221: <li> On the amd64 platform, the AES-NI is used if present.
1.1 deraadt 222: </ul>
223: <p>
224:
225: <li>Routing daemons and other userland network improvements:
226: <ul>
1.4 florian 227: <li> A new daemon, <a
1.31 bluhm 228: href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> handles IPv6
1.4 florian 229: Stateless Address Autoconfiguration (RFC 4862).
1.31 bluhm 230: <li> <a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now supports
1.4 florian 231: "Reducing Energy Consumption of Router Advertisements" (RFC 7772).
1.37 jca 232: <li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> has
233: been fixed to quickly handle IPv6 prefixes changes on the system.
1.31 bluhm 234: <li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>
235: can show SA bundles now.
236: The keyword "bundle" allows to create them explicitly.
237: This avoids confusion as they were used implicitly before.
238: <li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
239: has got the option -W "recvlimit" to terminate netcat after
240: receiving a number of packets.
241: This allows to send a UDP request, receive a reply and check
242: the result on the command line.
1.58 jsing 243: <li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
244: now has a -Z option, allowing the peer certificate and chain to be
245: saved to a file in PEM format.
246: <li>A new "-T tlscompat" option was added to
247: <a href="https://man.openbsd.org/nc.1">nc(1)</a>, which enables the use
248: of all TLS protocols and libtls "compat" ciphers.
1.31 bluhm 249: <li>Fix a bunch of races in
250: <a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
251: expecially in HTTP chunked mode.
1.37 jca 252: <li><a href="https://man.openbsd.org/ndp.8">ndp(8)</a> shows the
253: relevant NDP information when run in a non-default routing
254: domain.
1.40 jca 255: <li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a> now
256: copes with interface departures/arrivals.
1.51 benno 257: <li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> can now
258: be started multiple times in different
259: <a href="https://man.openbsd.org/rdomain.4">routing domains</a>,
260: this provides virtual router functionality.
1.1 deraadt 261: </ul>
262: <p>
263:
264: <li>Security improvements:
265: <ul>
1.9 otto 266: <li>A new function
267: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
268: to easily clear and free memory holding sensitive data has been added.
269: <li>Double free detection has been improved when the F
270: <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> option is used.
271: The existing S option now includes F.
1.24 anton 272: <li>The <a href="https://man.openbsd.org/tty.4#TIOCSTI">TIOCSTI</a>
1.19 deraadt 273: tty ioctl has been removed. The I/O-loops in the last two consumers
1.24 anton 274: <a href="https://man.openbsd.org/csh.1">csh(1)</a> and
275: <a href="https://man.openbsd.org/mail.1">mail(1)</a>
1.19 deraadt 276: were rewritten to cope with the removal.
1.29 brynet 277: <li>Trapsleds, a new mitigation that significantly reduces the amount of
1.53 deraadt 278: nops in the instruction stream, replacing them with trap instructions
279: or jump-over-trap sequences, thereby requiring greater accuracy for
280: targetting potential gadgets.
1.29 brynet 281: <li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
282: files of the kernel to be relinked in a random order, creating a unique
1.53 deraadt 283: kernel for each boot. /bsd is now non-readable to users, to try to
284: keep the secret.
1.29 brynet 285: <li>Like with libc previously,
286: <a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on
287: startup, placing the objects in a random order.
288: <li>In addition to libcrypto, to deter code reuse exploits,
289: <a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links
290: <a href="https://man.openbsd.org/ld.so.1">ld.so</a> on
291: startup, placing the objects in a random order.
1.31 bluhm 292: <li>If process accounting is activated with
293: <a href="https://man.openbsd.org/accton.8">accton(8)</a>,
294: the daily mail shows pledge violations and program crashes.
295: <a href="https://man.openbsd.org/lastcomm.8">lastcomm(8)</a>
296: uses the flags P and T for such processes.
1.34 brynet 297: <li><a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a> uses the
298: fork+exec model.
299: <li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> uses the
300: fork+exec model.
1.39 jca 301: <li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a>
302: uses <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
303: <li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and
304: <a href="https://man.openbsd.org/snmpd.8">snmpctl(8)</a> now use
305: <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
1.45 tb 306: <li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>.
307: <li>Fixed and simplified pledge logic for
308: <a href="https://man.openbsd.org/nc.1">nc(1)</a>.
1.53 deraadt 309: <li>More application of recallocarray(3) in userland, and tracked sizes
310: to free(9) in the kernel.
311: <li>Achieve higher levels of paranoia regarding structure packing, and
312: clear many kernel objects before passing to userland.
313: <li>Disable some optimizations in clang(1) due to incompatibility
314: with security.
315: <li>For instance, cope with clang(1)'s assumption that static or const
316: objects placed in unknown sections (such as .openbsd.randomdata)
317: are surely always 0, and therefore such memory accesses can be
318: optimized away..
319: <li>In kernel, randomly bias down the top-of-stack per kthread.
1.1 deraadt 320: </ul>
321: <p>
322:
1.32 krw 323: <li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>/
1.1 deraadt 324: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> improvements:
325: <ul>
1.32 krw 326: <li>Add support for echo-client-id statement to
1.35 krw 327: <a href="https://man.openbsd.org/dhcpd.conf.5">dhclient.conf(5)</a>.
328: <li>Take greater care to process all data read, and only data read, from the
329: <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
330: socket.
331: <li>Use /dev/bpf instead of /dev/bpf0.
332: <li>Handle DHCPINFORM messages from clients behind a DHCP relay.
333: <li>Fix handling of
334: <a href="https://man.openbsd.org/carp.4">carp(4)</a>
335: interfaces in
336: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>.
337: <li>Don't stop
338: <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>
339: logging to stderr when it is started with the -d option.
1.32 krw 340: </ul>
341: <p>
342:
343: <li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> improvements:
344: <ul>
345: <li>Log messages reworked and clarified, in particular by prefixing
346: the name of the relevant network interface.
347: <li>Treat SSID as 0 to 32 bytes of binary data, not a string.
348: <li>Use RTM_PROPOSAL to take control of an interface rather than flipping
349: interface down and up in the hope that other
350: <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
351: instances notice.
352: <li>Reduce file operations needed by -L option by opening file at
353: startup and using it throughout process lifetime.
354: <li>Improve <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
355: handling by reducing writes and more reliably determining which interface
356: has the current default route.
357: <li>Take greater care to process all data read, and only data read, from the
358: <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
359: socket.
360: <li>Improve the determination of the link state of an interface.
361: <li>Decline inappropriate lease offers as soon as they are deemed
362: inappropriate.
363: <li>Drop support for the timestamp formats used in lease files created
364: more than four years ago.
365: <li>Accept an offer from the server that sent the first copy of
366: the offer, not the server that sent the last copy.
367: <li>Don't delete addresses and routes when exiting.
368: <li>Ensure IPv6 packets are not read from sockets.
369: <li>Don't silently ignore obsolete keywords in
370: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
371: <li>Reduce memory footprint by shrinking oversized static buffers.
372: <li>Eliminate repeated socket opens by opening the required sockets during
373: startup.
374: <li>Fix construction of unicast UDP packets, broken in 5.6.
375: <li>Improve determination of when a renewed lease requires interface
376: configuration changes.
377: <li>Don't exit when addresses are manually added or deleted from an
378: interface.
379: <li>Don't support option 33, classfull IP addresses.
380: <li>Fix configuration of default routes supplied by classless route options.
381: <li>Consider
382: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
383: contents when determining what MTU value to configure.
384: <li>Consider
385: <a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
386: contents when creating the content of
387: <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
388: <li>Delete direct routes when routes are flushed.
389: <li>Don't label routes with "DHCLIENT nnnn".
390: <li>Don't delete addresses or routes that will be immediately added back.
391: <li>Delete addresses and routes only when a renewal request is NAK'ed.
392: <li>Don't wait forever for requested information on the default route.
393: <li>Don't exit when an attempt to send a packet fails.
394: <li>Don't log a packet send when the send fails.
395: <li>Remove the -u option, broken since 2013 without complaints.
1.35 krw 396: <li>Use /dev/bpf instead of /dev/bpf0.
1.1 deraadt 397: </ul>
398: <p>
399:
400: <li>Assorted improvements:
401: <ul>
1.53 deraadt 402: <li>The <a href="https://www.openbsd.org/i386.html">i386</a> and
403: <a href="https://www.openbsd.org/amd64.html">amd64</a>
404: platforms have switched to using
405: <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
406: as the base system compiler.
1.14 anton 407: <li>Improved UTF-8 line editing support for
1.24 anton 408: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
1.14 anton 409: Emacs and Vi input mode.
1.22 tb 410: <li>The HISTFILE of <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> now uses
411: a plain text format. Support for the
412: <a href="https://man.openbsd.org/ksh#HISTCONTROL">HISTCONTROL</a>
413: environment variable was added.
1.37 jca 414: <li>The performance of the memory deallocator used by
415: <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> has been fixed.
416: <li>The <tt>emacs-usemeta</tt> <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
417: flag is no longer needed and is now deprecated.
1.41 schwarze 418: <li>New <a href="https://man.openbsd.org/futex">futex(2)</a> syscall.
419: <li>New pthread
420: <a href="https://man.openbsd.org/pthread_mutex_init">mutex</a> and
421: <a href="https://man.openbsd.org/pthread_cond_init">condition
422: variable</a> implementations improving latency
423: of threaded applications.
424: <li>New POSIX <a href="https://man.openbsd.org/newlocale.3">xlocale</a>
425: implementation written from scratch, complete in the sense that
426: all POSIX *locale(3) and *_l(3) functions are included, but in
427: OpenBSD, we of course only really care about <code>LC_CTYPE</code>
428: and we only support ASCII and UTF-8.
1.44 mpi 429: <li>New <a href="https://man.openbsd.org/ctfdump">ctfdump(1)</a> and
430: <a href="https://man.openbsd.org/ctfconv">ctfconv(1)</a>
1.41 schwarze 431: tools to manipulate CTF (Compact C Type Format).
1.31 bluhm 432: <li>The error handling in
433: <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
434: has been improved.
1.38 jca 435: Even if internal errors occur, the daemon tries to keep
1.31 bluhm 436: unaffected subsystems active.
437: So as many messages as possible are logged.
438: They can be filtered by severity and facility "syslog".
439: <li>syslogd(8) can now suppress "last message repeated" which is
440: useful for remote logging.
441: <li>syslogd(8) can listen on multiple TLS sockets.
442: <li>syslogd(8) closes the *.514 UDP sockets when they are not
443: needed.
1.54 bluhm 444: <li>Truncate log messages at 8192 bytes everywhere.
1.37 jca 445: <li><a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>
446: now skips and logs invalid config lines.
1.31 bluhm 447: <li>Nested mount points are umounted in correct order.
1.33 krw 448: <li>Fix creation of
449: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
450: CONCAT volumes.
451: <li>Include
452: <a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
453: volume and backing disk information in i/o error messages.
454: <li>Make
455: <a href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>
456: a normal
457: <a href="https://man.openbsd.org/scsi.4">scsi(4)</a>
458: device by eliminating its use of the obsolete XS_NO_CCB mechanism.
1.38 jca 459: <li>Remove last vestiges of now unused XS_NO_CCB mechanism.
1.43 visa 460: <li>Userspace can now get the address of the thread control block
461: without a system call on OCTEON II and later.
462: <li>FPU is enabled on OCTEON III.
1.44 mpi 463: <li>GENERIC kernels now include a .SUNW_ctf section containing CTF data
464: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <tt>kill</tt>
465: command, send an uncatchable SIGABRT to a process.
466: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <tt>pprint</tt>
467: command, using CTF information to "pretty print" global symbols.
468: <li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>
469: <tt>show struct</tt> command, using CTF information to display the content
470: of in memory C structures.
471: <li>x86: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> uses CTF data
472: to display the correct number of function arguments in backtraces
1.45 tb 473: <li>Power off all codecs in
474: <a href="https://man.openbsd.org/azalia.4">azalia(4)</a> to avoid static
475: noise in speakers and headphones on reboot.
1.46 mlarkin 476: <li>Fix i386 boot regression seen on very old 486DX CPUs.
1.49 visa 477: <li>New <a href="https://man.openbsd.org/witness.4">witness(4)</a> tool
478: for debugging lock order issues in the kernel.
479: The tool is not built in by default, and only amd64, hppa and i386
480: are supported.
1.53 deraadt 481: <li>Modernize some bizzare tty behaviours of getty(8).
482: <li>Some subtle changes to pledge(2) to satisfy requirements observed
483: in real life.
484: <li>Prefer use of waitpid(2) rather than wait(3) where possible, to
485: avoid problems with pre-existing children.
486: <li>Rewrite swaths of machine-dependent system call stub code in ld.so(1)
487: in a more portable fashion.
1.52 dlg 488: <li><a href="https://man.openbsd.org/pool_cache_init.9">Per-CPU
489: caches</a> implemented in pools
1.46 mlarkin 490: </ul>
1.1 deraadt 491: <p>
492:
493: <li>OpenSMTPD X.X.X
494: <ul>
495: <li>...
496: </ul>
497: <p>
498:
1.57 deraadt 499: <li>OpenSSH 7.6
1.1 deraadt 500: <ul>
501: <li>Security:
502: <ul>
1.56 djm 503: <li>sftp-server(8): in read-only mode, sftp-server was incorrectly
504: permitting creation of zero-length files.
1.1 deraadt 505: </ul>
506: <li>New/changed features:
507: <ul>
1.31 bluhm 508: <li>Add RemoteCommand option to specify a command in the
509: <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
510: config file instead of giving it on the client's command
511: line.
512: The feature allows to automate tasks using ssh config.
1.56 djm 513: <li>sshd(8): add ExposeAuthInfo option that enables writing details of
514: the authentication methods used (including public keys where
515: applicable) to a file that is exposed via a $SSH_USER_AUTH
516: environment variable in the subsequent session.
517: <li>ssh(1): add support for reverse dynamic forwarding. In this mode,
518: ssh will act as a SOCKS4/5 proxy and forward connections
519: to destinations requested by the remote SOCKS client. This mode
520: is requested using extended syntax for the -R and RemoteForward
521: options and, because it is implemented solely at the client,
522: does not require the server be updated to be supported.
523: <li>sshd(8): allow LogLevel directive in sshd_config Match blocks.
524: <li>ssh-keygen(1): allow inclusion of arbitrary string or flag
525: certificate extensions and critical options.`
526: <li>ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
527: a CA when signing certificates.
528: <li>ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
529: ToS/DSCP value and just use the operating system default.
530: <li>ssh-add(1): added -q option to make ssh-add quiet on success.
531: <li>ssh(1): expand the StrictHostKeyChecking option with two new
532: settings. The first "accept-new" will automatically accept
533: hitherto-unseen keys but will refuse connections for changed or
534: invalid hostkeys. This is a safer subset of the current behaviour
535: of StrictHostKeyChecking=no. The second setting "off", is a synonym
536: for the current behaviour of StrictHostKeyChecking=no: accept new
537: host keys, and continue connection for hosts with incorrect
538: hostkeys. A future release will change the meaning of
539: StrictHostKeyChecking=no to the behaviour of "accept-new".
540: <li>ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
541: option in sshd(8).
1.1 deraadt 542: </ul>
543: <li>The following significant bugs have been fixed in this release:
544: <ul>
1.56 djm 545: <li>ssh(1): use HostKeyAlias if specified instead of hostname for
546: matching host certificate principal names
547: <li>sftp(1): implement sorting for globbed ls.
548: <li>ssh(1): add a user@host prefix to client's "Permission denied"
549: messages, useful in particular when using "stacked" connections
550: (e.g. ssh -J) where it's not clear which host is denying.
551: <li>ssh(1): accept unknown EXT_INFO extension values that contain \0
552: characters. These are legal, but would previously cause fatal
553: connection errors if received.
554: <li>ssh(1)/sshd(8): repair compression statistics printed at
555: connection exit.
556: <li>sftp(1): print '?' instead of incorrect link count (that the
557: protocol doesn't provide) for remote listings.
558: <li>ssh(1): return failure rather than fatal() for more cases during
559: session multiplexing negotiations. Causes the session to fall back
560: to a non-mux connection if they occur.
561: <li>ssh(1): mention that the server may send debug messages to explain
562: public key authentication problems under some circumstances.
563: <li>Translate OpenSSL error codes to better report incorrect passphrase
564: errors when loading private keys.
565: <li>sshd(8): adjust compatibility patterns for WinSCP to correctly
566: identify versions that implement only the legacy DH group exchange
567: scheme.
568: <li>ssh(1): print the "Killed by signal 1" message only at LogLevel
569: verbose so that it is not shown at the default level; prevents it
570: from appearing during ssh -J and equivalent ProxyCommand configs.
571: <li>ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
572: existing keys if they exist but are zero length. zero-length keys
573: could previously be made if ssh-keygen failed or was interrupted part
574: way through generating them.
575: <li>ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
576: place the current session in the background.
577: <li>ssh-keyscan(1): avoid double-close() on file descriptors.
578: <li>sshd(8): avoid reliance on shared use of pointers shared between
579: monitor and child sshd processes.
580: <li>sshd_config(8): document available AuthenticationMethods.
581: <li>ssh(1): avoid truncation in some login prompts.
582: <li>ssh(1): make "--" before the hostname terminate argument processing
583: after the hostname too.
584: <li>ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
585: new-style private keys. Fixes problems related to private key
586: handling for no-OpenSSL builds.
587: <li>ssh(1): warn and do not attempt to use keys when the public and
588: private halves do not match.
589: <li>sftp(1): don't print verbose error message when ssh disconnects
590: from under sftp.
591: <li>sshd(8): fix keepalive scheduling problem: activity on a forwarded
592: port from preventing the keepalive from being sent.
593: <li>sshd(8): when started without root privileges, don't require the
594: privilege separation user or path to exist. Makes running the
595: regression tests easier without touching the filesystem.
596: <li>Make integrity.sh regression tests more robust against timeouts.
597: <li>ssh(1)/sshd(8): correctness fix for channels implementation: accept
598: channel IDs greater than 0x7FFFFFFF.
1.1 deraadt 599: </ul>
600: </ul>
601: <p>
602:
1.58 jsing 603: <li>LibreSSL 2.6.3
1.1 deraadt 604: <ul>
1.60 jsing 605: <li>Added support for providing CRLs to libtls - once a CRL is provided via
606: <a href="https://man.openbsd.org/tls_config_set_crl_file.3">tls_config_set_crl_file(3)</a>
607: or
608: <a href="https://man.openbsd.org/tls_config_set_crl_mem.3">tls_config_set_crl_mem(3)</a>,
609: CRL checking is enabled and required for the full certificate chain.
1.58 jsing 610: <li>Reworked TLS certificate name verification code to more strictly
611: follow RFC 6125.
612: <li>Cleaned up and simplified server key exchange EC point handling.
613: <li>Removed inconsistent IPv6 handling from BIO_get_accept_socket(),
614: simplified BIO_get_host_ip() and BIO_accept().
615: <li>Added definitions for three OIDs used in EV certificates.
616: <li>Relaxed SNI validation to allow non-RFC-compliant clients using literal
617: IP addresses with SNI to connect to a libtls-based TLS server.
618: <li>Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
619: validation callbacks such as those in relayd.
620: <li>Converted explicit clear/free sequences to use
621: <a href="https://man.openbsd.org/freezero.3">freezero(3)</a>.
622: <li>Fixed the
623: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
624: ca command so that is generates certificates with RFC 5280-conformant time.
625: <li>Added
626: <a href="https://man.openbsd.org/ASN1_TIME_set_tm.3">ASN1_TIME_set_tm(3)</a>
627: to set an ASN.1 time from a struct tm *.
628: <li>Added
629: <a href="https://man.openbsd.org/SSL_CTX_set_min_proto_version.3">SSL{,_CTX}_set_{min,max}_proto_version(3)</a>
630: functions.
631: <li>Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
632: <li>Provided a
633: <a href="https://man.openbsd.org/tls_unload_file.3">tls_unload_file(3)</a>
634: function that frees the memory returned from a
635: <a href="https://man.openbsd.org/tls_load_file.3">tls_load_file(3)</a>
636: call, ensuring that it the contents become inaccessible.
637: <li>Implemented reference counting for libtls tls_config, allowing
638: <a href="https://man.openbsd.org/tls_config_free.3">tls_config_free(3)</a>
639: to be called as soon as it has been passed to the final
640: <a href="https://man.openbsd.org/tls_configure.3">tls_configure(3)</a>
641: call, simplifying lifetime tracking for the application.
642: <li>Dropped cipher suites using DSS authentication.
643: <li>Removed support for DSS/DSA from libssl.
644: <li>Distinguish between self-issued certificates and self-signed
645: certificates. The certificate verification code has special cases
646: for self-signed certificates and without this change, self-issued
647: certificates (which it seems are common place with
648: openvpn/easyrsa) were also being included in this category.
649: <li>Added a new TLS extension handling framework and converted all
650: TLS extensions to use it.
651: <li>Improved and added many new manpages. Updated
652: <a href="https://man.openbsd.org/SSL_CTX_check_private_key.3">SSL_{CTX_,}check_private_key(3)</a>
653: manpages with additional cautions regarding their use.
654: <li>Cleaned up and simplified EC key/curve configuration handling.
655: <li>Added
656: <a href="https://man.openbsd.org/tls_config_set_ecdhecurves.3">tls_config_set_ecdhecurves(3)</a>
657: to libtls, which allows the names of the elliptical curves that may
658: be used during client and server key exchange to be specified.
659: <li>Converted more code paths to use CBB/CBS.
660: <li>Removed NPN support - NPN was never standardised and the last draft
661: expired in October 2012.
662: <li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
663: CryptoPro clients.
664: <li>Removed support for the TLS padding extension, which was added as a
1.60 jsing 665: workaround for an old bug in F5's TLS termination.
1.58 jsing 666: <li>Added ability to clamp notafter valies in certificates for systems
667: with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
668: <li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
669: <li>Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
670: <li>Provide a useful error with libtls if there are no OCSP URLs in a
671: peer certificate.
672: <li>Keep track of which keypair is in use by a TLS context, fixing a bug
673: where a TLS server with SNI would only return the OCSP staple for the
674: default keypair.
675: <li>If
676: <a href="https://man.openbsd.org/tls_config_parse_protocols.3">tls_config_parse_protocols(3)</a>
677: is called with a NULL pointer it now
678: returns the default protocols.
1.1 deraadt 679: </ul>
680: <p>
681:
1.41 schwarze 682: <li>mandoc 1.14.3
1.1 deraadt 683: <ul>
1.41 schwarze 684: <li>Full <a href="https://man.openbsd.org/mandocdb.5">mandoc.db(5)</a>
685: databases are now enabled by default, allowing semantic searching
686: with <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>
687: without any local configuration changes.
688: <li>Full integration of the former
689: <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/usr.bin/mdoclint/">mdoclint(1)</a>
690: utility into <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
691: <code>-Wall</code>, new <code>-Wstyle</code> and
692: <code>-Wopenbsd</code> message levels, and many new messages,
693: for example about typos in <code>.Sh</code> lines,
694: unknown <code>.Xr</code> targets, and links to self.
695: <li>Additional steps unifying the
696: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>,
697: <a href="https://man.openbsd.org/man.7">man(7)</a>, and
698: <a href="https://man.openbsd.org/roff.7">roff(7)</a> parsers:
699: use one common data type and
700: <a href="https://man.openbsd.org/ohash_init.3">ohash_init(3)</a>
701: for all requests and macros and support creation of syntax tree
702: nodes in the roff(7) parser, allowing support for many new
703: low-level roff(7) features.
704: Only about 25 ports still need <code>USE_GROFF</code> now.
705: <li>Many improvements to
706: <a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
707: parsing and formatting,
708: including automatic line wrapping inside table columns.
709: <li>Many improvements to
710: <a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
711: parsing and formatting, including better font selection,
712: recognition of well-known mathematical function names, and writing
713: of <code><mn></code> and <code><mo></code> HTML tags.
714: <li>Intelligible rendering of mathematical symbols in
715: <code>-Tascii</code> output.
716: <li>Several parsing and rendering improvements for the
717: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
718: <code>.Lk</code> macro.
719: <li>Some CSS improvements in HTML output, in particular for the
720: <a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
721: <code>.Bl</code> macro.
1.1 deraadt 722: </ul>
723: <p>
724:
725: <li>Ports and packages:
726: <dl>
1.10 espie 727: <dt>A massive amount of clang-related fixes happened between 6.1 and 6.2.
1.1 deraadt 728: <dt>Many pre-built packages for each architecture:
729: </dl>
730: <!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
731: <table border=0 cellspacing=0 cellpadding=2 width="95%">
732: <tr>
733: <td valign="top" width="25%">
734: <ul>
735: <li>alpha: XXXX
1.53 deraadt 736: <li>amd64: 9728
1.1 deraadt 737: <li>arm: XXXX
738: </ul></td><td valign=top width="25%"><ul>
739: <li>hppa: XXXX
1.53 deraadt 740: <li>i386: 9285
1.1 deraadt 741: <li>mips64: XXXX
742: </ul></td><td valign=top width="25%"><ul>
743: <li>mips64el: XXXX
744: <li>powerpc: XXXX
745: <li>sparc64: XXXX
746: </ul></td></tr></table>
747: <p>
748:
749: <dl>
750: <dt>Some highlights:
751: </dl>
752: <table border=0 cellspacing=0 cellpadding=2 width="95%">
753: <tr>
754: <td valign="top" width="50%"><ul>
1.3 jasper 755: <li>AFL 2.51b
1.47 dcoppa 756: <li>CMake 3.9.3
1.3 jasper 757: <li>Chromium 61.0.3163.100
758: <li>Emacs 21.4 and 25.3
1.1 deraadt 759: <li>GCC 4.9.4
760: <li>GHC 7.10.3
1.3 jasper 761: <li>Gimp 2.8.22
762: <li>GNOME 3.24.2
763: <li>Go 1.9
1.1 deraadt 764: <li>Groff 1.22.3
1.3 jasper 765: <li>JDK 8u144
1.18 lteo 766: <li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
1.3 jasper 767: <li>LLVM/Clang 5.0.0
768: <li>LibreOffice 5.2.7.2
1.1 deraadt 769: <li>Lua 5.1.5, 5.2.4, and 5.3.4
1.3 jasper 770: <li>MariaDB 10.0.32
771: <li>Mozilla Firefox 52.4.0esr and 56.0.0
772: <li>Mozilla Thunderbird 52.2.1
1.1 deraadt 773: </ul></td><td valign=top width="50%"><ul>
1.3 jasper 774: <li>Mutt 1.9.1 and NeoMutt 20170912
775: <li>Node.js 6.11.2
1.1 deraadt 776: <li>Ocaml 4.03.0
1.3 jasper 777: <li>OpenLDAP 2.3.43 and 2.4.45
1.18 lteo 778: <li>PHP 5.6.31 and 7.0.23
1.3 jasper 779: <li>Postfix 3.2.2 and 3.3-20170910
780: <li>PostgreSQL 9.6.5
781: <li>Python 2.7.14 and 3.6.2
782: <li>R 3.4.1
783: <li>Ruby 1.8.7.374, 2.1.9, 2.2.8, 2.3.5 and 2.4.2
784: <li>Rust 1.20.0
785: <li>Sendmail 8.16.0.21
786: <li>SQLite3 3.20.1
787: <li>Sudo 1.8.21.2
788: <li>Tcl/Tk 8.5.19 and 8.6.6
789: <li>TeX Live 2016
790: <li>Vim 8.0.0987
1.1 deraadt 791: <li>Xfce 4.12
792: </ul></td></tr></table>
793: <p>
794:
795: <li>As usual, steady improvements in manual pages and other documentation.
796: <p>
797:
798: <li>The system includes the following major components from outside suppliers:
799: <ul>
1.13 matthieu 800: <li>Xenocara (based on X.Org 7.7 with xserver 1.18.4 + patches,
801: freetype 2.8.0, fontconfig 2.12.4, Mesa 13.0.6, xterm 330,
1.1 deraadt 802: xkeyboard-config 2.20 and more)
803: <li>LLVM/Clang 4.0.0 (+ patches)
804: <li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
1.18 lteo 805: <li>Perl 5.24.2 (+ patches)
1.2 florian 806: <li>NSD 4.1.17
807: <li>Unbound 1.6.6
1.1 deraadt 808: <li>Ncurses 5.7
809: <li>Binutils 2.17 (+ patches)
810: <li>Gdb 6.3 (+ patches)
811: <li>Awk Aug 10, 2011 version
1.31 bluhm 812: <li>Expat 2.2.4
1.1 deraadt 813: </ul>
814: </ul>
815:
816: <hr>
817:
818: <h3 id="install"><font color="#0000e0">How to install</font></h3>
819:
820: Please refer to the following files on the mirror site for
821: extensive details on how to install OpenBSD 6.2 on your machine:
822:
823: <ul>
824: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/alpha/INSTALL.alpha">
825: .../OpenBSD/6.2/alpha/INSTALL.alpha</a>
826: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/amd64/INSTALL.amd64">
827: .../OpenBSD/6.2/amd64/INSTALL.amd64</a>
828: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/arm64/INSTALL.arm64">
829: .../OpenBSD/6.2/arm64/INSTALL.arm64</a>
830: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/armv7/INSTALL.armv7">
831: .../OpenBSD/6.2/armv7/INSTALL.armv7</a>
832: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/hppa/INSTALL.hppa">
833: .../OpenBSD/6.2/hppa/INSTALL.hppa</a>
834: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/i386/INSTALL.i386">
835: .../OpenBSD/6.2/i386/INSTALL.i386</a>
836: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/landisk/INSTALL.landisk">
837: .../OpenBSD/6.2/landisk/INSTALL.landisk</a>
838: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/loongson/INSTALL.loongson">
839: .../OpenBSD/6.2/loongson/INSTALL.loongson</a>
840: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/luna88k/INSTALL.luna88k">
841: .../OpenBSD/6.2/luna88k/INSTALL.luna88k</a>
842: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/macppc/INSTALL.macppc">
843: .../OpenBSD/6.2/macppc/INSTALL.macppc</a>
844: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/octeon/INSTALL.octeon">
845: .../OpenBSD/6.2/octeon/INSTALL.octeon</a>
846: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sgi/INSTALL.sgi">
847: .../OpenBSD/6.2/sgi/INSTALL.sgi</a>
848: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sparc64/INSTALL.sparc64">
849: .../OpenBSD/6.2/sparc64/INSTALL.sparc64</a>
850: </ul>
851:
852: <hr>
853:
854: <p>
855: Quick installer information for people familiar with OpenBSD, and the use of
856: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
857: If you are at all confused when installing OpenBSD, read the relevant
858: INSTALL.* file as listed above!
859:
860: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
861:
862: <ul style="list-style-type: none">
863: <li>
864: Write <i>floppy62.fs</i> or <i>floppyB62.fs</i> (depending on your machine)
865: to a diskette and enter <i>boot dva0</i>.
866: Refer to INSTALL.alpha for more details.
867: <p>
868: <li>
869: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
870: will most likely fail.
871: </ul>
872:
873: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
874:
875: <ul style="list-style-type: none">
876: <li>
877: If your machine can boot from CD, you can write <i>install62.iso</i> or
878: <i>cd62.iso</i> to a CD and boot from it.
879: You may need to adjust your BIOS options first.
880: <p>
881: <li>
882: If your machine can boot from USB, you can write <i>install62.fs</i> or
883: <i>miniroot62.fs</i> to a USB stick and boot from it.
884: <p>
885: <li>
886: If you can't boot from a CD, floppy disk, or USB,
887: you can install across the network using PXE as described in the included
888: INSTALL.amd64 document.
889: <p>
890: <li>
891: If you are planning to dual boot OpenBSD with another OS, you will need to
892: read INSTALL.amd64.
893: </ul>
894:
895: <h3><font color="#e00000">OpenBSD/arm64:</font></h3>
896:
897: <ul style="list-style-type: none">
898: <li>
899: Write <i>miniroot62.fs</i> to a disk and boot from it after connecting
900: to the serial console. Refer to INSTALL.arm64 for more details.
901: <p>
902: </ul>
903:
904: <h3><font color="#e00000">OpenBSD/armv7:</font></h3>
905:
906: <ul style="list-style-type: none">
907: <li>
908: Write a system specific miniroot to an SD card and boot from it after connecting
909: to the serial console. Refer to INSTALL.armv7 for more details.
910: <p>
911: </ul>
912:
913: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
914:
915: <ul style="list-style-type: none">
916: <li>
917: Boot over the network by following the instructions in INSTALL.hppa or the
918: <a href="hppa.html#install">hppa platform page</a>.
919: </ul>
920:
921: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
922:
923: <ul style="list-style-type: none">
924: <li>
925: If your machine can boot from CD, you can write <i>install62.iso</i> or
926: <i>cd62.iso</i> to a CD and boot from it.
927: You may need to adjust your BIOS options first.
928: <p>
929: <li>
930: If your machine can boot from USB, you can write <i>install62.fs</i> or
931: <i>miniroot62.fs</i> to a USB stick and boot from it.
932: <p>
933: <li>
934: If you can't boot from a CD, floppy disk, or USB,
935: you can install across the network using PXE as described in
936: the included INSTALL.i386 document.
937: <p>
938: <li>
939: If you are planning on dual booting OpenBSD with another OS, you will need to
940: read INSTALL.i386.
941: </ul>
942:
943: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
944:
945: <ul style="list-style-type: none">
946: <li>
947: Write <i>miniroot62.fs</i> to the start of the CF
948: or disk, and boot normally.
949: </ul>
950:
951: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
952:
953: <ul style="list-style-type: none">
954: <li>
955: Write <i>miniroot62.fs</i> to a USB stick and boot bsd.rd from it
956: or boot bsd.rd via tftp.
957: Refer to the instructions in INSTALL.loongson for more details.
958: </ul>
959:
960: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
961:
962: <ul style="list-style-type: none">
963: <li>
964: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
965: from the PROM, and then bsd.rd from the bootloader.
966: Refer to the instructions in INSTALL.luna88k for more details.
967: </ul>
968:
969: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
970:
971: <ul style="list-style-type: none">
972: <li>
973: Burn the image from a mirror site to a CDROM, and power on your machine
974: while holding down the <i>C</i> key until the display turns on and
975: shows <i>OpenBSD/macppc boot</i>.
976: <p>
977: <li>
978: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
979: /6.2/macppc/bsd.rd</i>
980: </ul>
981:
982: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
983:
984: <ul style="list-style-type: none">
985: <li>
986: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
987: Refer to the instructions in INSTALL.octeon for more details.
988: </ul>
989:
990: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
991:
992: <ul style="list-style-type: none">
993: <li>
994: To install, burn cd62.iso on a CD-R, put it in the CD drive of your
995: machine and select <i>Install System Software</i> from the System Maintenance
996: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
997: CD-ROM, and need a proper invocation from the PROM prompt.
998: Refer to the instructions in INSTALL.sgi for more details.
999:
1000: <p>
1001: <li>
1002: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
1003: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
1004: system type. Refer to the instructions in INSTALL.sgi for more details.
1005: </ul>
1006:
1007: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
1008:
1009: <ul style="list-style-type: none">
1010: <li>
1011: Burn the image from a mirror site to a CDROM, boot from it, and type
1012: <i>boot cdrom</i>.
1013: <p>
1014: <li>
1015: If this doesn't work, or if you don't have a CDROM drive, you can write
1016: <i>floppy62.fs</i> or <i>floppyB62.fs</i>
1017: (depending on your machine) to a floppy and boot it with <i>boot
1018: floppy</i>. Refer to INSTALL.sparc64 for details.
1019: <p>
1020: <li>
1021: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
1022: will most likely fail.
1023: <p>
1024: <li>
1025: You can also write <i>miniroot62.fs</i> to the swap partition on
1026: the disk and boot with <i>boot disk:b</i>.
1027: <p>
1028: <li>
1029: If nothing works, you can boot over the network as described in INSTALL.sparc64.
1030: </ul>
1031:
1032: <hr>
1033:
1034: <h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3>
1035:
1036: If you already have an OpenBSD 6.1 system, and do not want to reinstall,
1037: upgrade instructions and advice can be found in the
1038: <a href="faq/upgrade62.html">Upgrade Guide</a>.
1039: <p>
1040:
1041: <hr>
1042:
1043: <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3>
1044:
1045: <tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>.
1046: This file contains everything you need except for the kernel sources,
1047: which are in a separate archive.
1048: To extract:
1049:
1050: <blockquote><pre>
1051: # <b>mkdir -p /usr/src</b>
1052: # <b>cd /usr/src</b>
1053: # <b>tar xvfz /tmp/src.tar.gz</b>
1054: </pre></blockquote>
1055:
1056: <tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>.
1057: This file contains all the kernel sources you need to rebuild kernels.
1058: To extract:
1059:
1060: <blockquote><pre>
1061: # <b>mkdir -p /usr/src/sys</b>
1062: # <b>cd /usr/src</b>
1063: # <b>tar xvfz /tmp/sys.tar.gz</b>
1064: </pre></blockquote>
1065:
1066: Both of these trees are a regular CVS checkout. Using these trees it
1067: is possible to get a head-start on using the anoncvs servers as
1068: described <a href="anoncvs.html">here</a>.
1069: Using these files
1070: results in a much faster initial CVS update than you could expect from
1071: a fresh checkout of the full OpenBSD source tree.
1072: <p>
1073:
1074: <hr>
1075:
1076: <h3 id="ports"><font color="#0000e0">Ports Tree</font></h3>
1077:
1078: A ports tree archive is also provided. To extract:
1079:
1080: <blockquote><pre>
1081: # <b>cd /usr</b>
1082: # <b>tar xvfz /tmp/ports.tar.gz</b>
1083: </pre></blockquote>
1084:
1085: Go read the <a href="faq/ports/index.html">ports</a> page
1086: if you know nothing about ports
1087: at this point. This text is not a manual of how to use ports.
1088: Rather, it is a set of notes meant to kickstart the user on the
1089: OpenBSD ports system.
1090: <p>
1091: The <i>ports/</i> directory represents a CVS checkout of our ports.
1092: As with our complete source tree, our ports tree is available via
1093: <a href="anoncvs.html">AnonCVS</a>.
1094: So, in order to keep up to date with the <i>-stable</i> branch, you must make
1095: the <i>ports/</i> tree available on a read-write medium and update the tree
1096: with a command like:
1097:
1098: <blockquote><pre>
1099: # <b>cd /usr/ports</b>
1.15 phessler 1100: # <b>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_2</b>
1.1 deraadt 1101: </pre></blockquote>
1102:
1103: [Of course, you must replace the server name here with a nearby anoncvs
1104: server.]
1105: <p>
1106: Note that most ports are available as packages on our mirrors. Updated
1107: ports for the 6.2 release will be made available if problems arise.
1108: <p>
1109: If you're interested in seeing a port added, would like to help out, or just
1110: would like to know more, the mailing list
1111: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
1112: <p>
1113: </body>
1114: </html>