Annotation of www/65.html, Revision 1.2
1.1 beck 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 6.5</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 6.5">
7: <meta name="copyright" content="This document copyright 2019 by OpenBSD.">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/65.html">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <h2>
16: <a href="index.html">
17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
18: <font color="#e00000">6.4</font>
19: </h2>
20:
21: <a href="images/notyet.jpg">
22: <img align="left" width="227" height="343" hspace="24" src="images/Puffoil.gif"></a>
23: Released XXX XX, 2018<br>
24: Copyright 1997-2019, Theo de Raadt.<br>
25: <br>
26: <br>
27:
28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <font color="#e00000">pub/OpenBSD/6.5/</font> directory on
33: one of the mirror sites.
1.2 ! beck 34: <li>Have a look at <a href="errata65.html">the 6.5 errata page</a> for a list
1.1 beck 35: of bugs and workarounds.
1.2 ! beck 36: <li>See a <a href="plus65.html">detailed log of changes</a> between the
1.1 beck 37: 6.4 and 6.5 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<br>
41: <pre>
42: </pre>
43: <p>
44: All applicable copyrights and credits are in the src.tar.gz,
45: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
46: files fetched via ports.tar.gz.
47: </ul>
48: <br clear=all>
49:
50: <hr>
51:
52: <h3 id="new"><font color="#0000e0">What's New</font></h3>
53:
54: This is a partial list of new features and systems included in OpenBSD 6.5.
1.2 ! beck 55: For a comprehensive list, see the <a href="plus65.html">changelog</a> leading
1.1 beck 56: to 6.5.
57:
58: <ul>
59:
60: <li>Improved hardware support, including:
61:
62: <p>
63:
64: <li>IEEE 802.11 wireless stack improvements:
65: <p>
66:
67: <li>Generic network stack improvements:
68: <p>
69:
70: <li>Installer improvements:
71: <p>
72:
73: <li>Security improvements:
74: <p>
75:
76: <li>Routing daemons and other userland network improvements:
77: <p>
78:
79: <li>Assorted improvements:
80: <p>
81:
82: <li>OpenSMTPD
83: <p>
84:
85: li>LibreSSL 2.9.X>
86: <li>API and Documentation Enhancements
87: <ul>
88: <li>CRYPTO_LOCK is now automatically initialized, with the
89: legacy callbacks stubbed for compatibility
90: <li>Added SM3 hash function support
91: </ul>
92: <li>Testing and Proactive Security
93: <ul>
94: <li>Added interperability tests between LibreSSL and OpenSSL
95: 1.0 and 1.1
96: </ul>
97:
98: <li>Internal Improvements
99: <ul>
100: <li>Simplified sigalgs option processing and handshake signing algorithm
101: selection.
102: <li>Added the ability to use the RSA PSS algorithm for
103: handshake signatures.
104: <li>Added bn_rand_interval() and use it in code needing
105: ranges of random bn values
106: <li>Added functionaly to derive early, handshake, and
107: application secrets as per RFC8446
108: <li>Added handshake state machine from RFC8446
109: </ul>
110:
111: <li>Bug Fixes
112: <ul>
113: <li> Fix timing vulnerability in ECDSA signature generation
114: (CVE-2018-0735)
115: <li> Fix for Portsmash vulnerability originally by Brumley,
116: ul Hassan and Tuveri
117: <li>
118: </ul>
119: </ul>
120: <p>
121:
122: <li>Mandoc
123: <p>
124:
125: <li>Ports and packages:
126: <p>
127:
128: <li>As usual, steady improvements in manual pages and other documentation.
129: <p>
130:
131: <li>The system includes the following major components from outside suppliers:
132: <p>
133:
134: </ul>
135:
136: <hr>
137:
138: <h3 id="install"><font color="#0000e0">How to install</font></h3>
139:
140: Please refer to the following files on the mirror site for
141: extensive details on how to install OpenBSD 6.5 on your machine:
142:
143: <ul>
144: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/alpha/INSTALL.alpha">
145: .../OpenBSD/6.5/alpha/INSTALL.alpha</a>
146: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/amd64/INSTALL.amd64">
147: .../OpenBSD/6.5/amd64/INSTALL.amd64</a>
148: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/arm64/INSTALL.arm64">
149: .../OpenBSD/6.5/arm64/INSTALL.arm64</a>
150: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/armv7/INSTALL.armv7">
151: .../OpenBSD/6.5/armv7/INSTALL.armv7</a>
152: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/hppa/INSTALL.hppa">
153: .../OpenBSD/6.5/hppa/INSTALL.hppa</a>
154: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/i386/INSTALL.i386">
155: .../OpenBSD/6.5/i386/INSTALL.i386</a>
156: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/landisk/INSTALL.landisk">
157: .../OpenBSD/6.5/landisk/INSTALL.landisk</a>
158: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/loongson/INSTALL.loongson">
159: .../OpenBSD/6.5/loongson/INSTALL.loongson</a>
160: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/luna88k/INSTALL.luna88k">
161: .../OpenBSD/6.5/luna88k/INSTALL.luna88k</a>
162: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/macppc/INSTALL.macppc">
163: .../OpenBSD/6.5/macppc/INSTALL.macppc</a>
164: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/octeon/INSTALL.octeon">
165: .../OpenBSD/6.5/octeon/INSTALL.octeon</a>
166: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/sgi/INSTALL.sgi">
167: .../OpenBSD/6.5/sgi/INSTALL.sgi</a>
168: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/sparc64/INSTALL.sparc64">
169: .../OpenBSD/6.5/sparc64/INSTALL.sparc64</a>
170: </ul>
171:
172: <hr>
173:
174: <p>
175: Quick installer information for people familiar with OpenBSD, and the use of
176: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
177: If you are at all confused when installing OpenBSD, read the relevant
178: INSTALL.* file as listed above!
179:
180: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
181:
182: <ul style="list-style-type: none">
183: <li>
1.2 ! beck 184: Write <i>floppy65.fs</i> or <i>floppyB65.fs</i> (depending on your machine)
1.1 beck 185: to a diskette and enter <i>boot dva0</i>.
186: Refer to INSTALL.alpha for more details.
187: <p>
188: <li>
189: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
190: will most likely fail.
191: </ul>
192:
193: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
194:
195: <ul style="list-style-type: none">
196: <li>
1.2 ! beck 197: If your machine can boot from CD, you can write <i>install65.iso</i> or
! 198: <i>cd65.iso</i> to a CD and boot from it.
1.1 beck 199: You may need to adjust your BIOS options first.
200: <p>
201: <li>
1.2 ! beck 202: If your machine can boot from USB, you can write <i>install65.fs</i> or
! 203: <i>miniroot65.fs</i> to a USB stick and boot from it.
1.1 beck 204: <p>
205: <li>
206: If you can't boot from a CD, floppy disk, or USB,
207: you can install across the network using PXE as described in the included
208: INSTALL.amd64 document.
209: <p>
210: <li>
211: If you are planning to dual boot OpenBSD with another OS, you will need to
212: read INSTALL.amd64.
213: </ul>
214:
215: <h3><font color="#e00000">OpenBSD/arm64:</font></h3>
216:
217: <ul style="list-style-type: none">
218: <li>
1.2 ! beck 219: Write <i>miniroot65.fs</i> to a disk and boot from it after connecting
1.1 beck 220: to the serial console. Refer to INSTALL.arm64 for more details.
221: <p>
222: </ul>
223:
224: <h3><font color="#e00000">OpenBSD/armv7:</font></h3>
225:
226: <ul style="list-style-type: none">
227: <li>
228: Write a system specific miniroot to an SD card and boot from it after connecting
229: to the serial console. Refer to INSTALL.armv7 for more details.
230: <p>
231: </ul>
232:
233: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
234:
235: <ul style="list-style-type: none">
236: <li>
237: Boot over the network by following the instructions in INSTALL.hppa or the
238: <a href="hppa.html#install">hppa platform page</a>.
239: </ul>
240:
241: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
242:
243: <ul style="list-style-type: none">
244: <li>
1.2 ! beck 245: If your machine can boot from CD, you can write <i>install65.iso</i> or
! 246: <i>cd65.iso</i> to a CD and boot from it.
1.1 beck 247: You may need to adjust your BIOS options first.
248: <p>
249: <li>
1.2 ! beck 250: If your machine can boot from USB, you can write <i>install65.fs</i> or
! 251: <i>miniroot65.fs</i> to a USB stick and boot from it.
1.1 beck 252: <p>
253: <li>
254: If you can't boot from a CD, floppy disk, or USB,
255: you can install across the network using PXE as described in
256: the included INSTALL.i386 document.
257: <p>
258: <li>
259: If you are planning on dual booting OpenBSD with another OS, you will need to
260: read INSTALL.i386.
261: </ul>
262:
263: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
264:
265: <ul style="list-style-type: none">
266: <li>
1.2 ! beck 267: Write <i>miniroot65.fs</i> to the start of the CF
1.1 beck 268: or disk, and boot normally.
269: </ul>
270:
271: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
272:
273: <ul style="list-style-type: none">
274: <li>
1.2 ! beck 275: Write <i>miniroot65.fs</i> to a USB stick and boot bsd.rd from it
1.1 beck 276: or boot bsd.rd via tftp.
277: Refer to the instructions in INSTALL.loongson for more details.
278: </ul>
279:
280: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
281:
282: <ul style="list-style-type: none">
283: <li>
284: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
285: from the PROM, and then bsd.rd from the bootloader.
286: Refer to the instructions in INSTALL.luna88k for more details.
287: </ul>
288:
289: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
290:
291: <ul style="list-style-type: none">
292: <li>
293: Burn the image from a mirror site to a CDROM, and power on your machine
294: while holding down the <i>C</i> key until the display turns on and
295: shows <i>OpenBSD/macppc boot</i>.
296: <p>
297: <li>
298: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
299: /6.5/macppc/bsd.rd</i>
300: </ul>
301:
302: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
303:
304: <ul style="list-style-type: none">
305: <li>
306: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
307: Refer to the instructions in INSTALL.octeon for more details.
308: </ul>
309:
310: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
311:
312: <ul style="list-style-type: none">
313: <li>
1.2 ! beck 314: To install, burn cd65.iso on a CD-R, put it in the CD drive of your
1.1 beck 315: machine and select <i>Install System Software</i> from the System Maintenance
316: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
317: CD-ROM, and need a proper invocation from the PROM prompt.
318: Refer to the instructions in INSTALL.sgi for more details.
319:
320: <p>
321: <li>
322: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
323: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
324: system type. Refer to the instructions in INSTALL.sgi for more details.
325: </ul>
326:
327: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
328:
329: <ul style="list-style-type: none">
330: <li>
331: Burn the image from a mirror site to a CDROM, boot from it, and type
332: <i>boot cdrom</i>.
333: <p>
334: <li>
335: If this doesn't work, or if you don't have a CDROM drive, you can write
1.2 ! beck 336: <i>floppy65.fs</i> or <i>floppyB65.fs</i>
1.1 beck 337: (depending on your machine) to a floppy and boot it with <i>boot
338: floppy</i>. Refer to INSTALL.sparc64 for details.
339: <p>
340: <li>
341: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
342: will most likely fail.
343: <p>
344: <li>
1.2 ! beck 345: You can also write <i>miniroot65.fs</i> to the swap partition on
1.1 beck 346: the disk and boot with <i>boot disk:b</i>.
347: <p>
348: <li>
349: If nothing works, you can boot over the network as described in INSTALL.sparc64.
350: </ul>
351:
352: <hr>
353:
354: <h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3>
355:
356: If you already have an OpenBSD 6.4 system, and do not want to reinstall,
357: upgrade instructions and advice can be found in the
1.2 ! beck 358: <a href="faq/upgrade65.html">Upgrade Guide</a>.
1.1 beck 359: <p>
360:
361: <hr>
362:
363: <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3>
364:
365: <tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>.
366: This file contains everything you need except for the kernel sources,
367: which are in a separate archive.
368: To extract:
369:
370: <blockquote><pre>
371: # <b>mkdir -p /usr/src</b>
372: # <b>cd /usr/src</b>
373: # <b>tar xvfz /tmp/src.tar.gz</b>
374: </pre></blockquote>
375:
376: <tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>.
377: This file contains all the kernel sources you need to rebuild kernels.
378: To extract:
379:
380: <blockquote><pre>
381: # <b>mkdir -p /usr/src/sys</b>
382: # <b>cd /usr/src</b>
383: # <b>tar xvfz /tmp/sys.tar.gz</b>
384: </pre></blockquote>
385:
386: Both of these trees are a regular CVS checkout. Using these trees it
387: is possible to get a head-start on using the anoncvs servers as
388: described <a href="anoncvs.html">here</a>.
389: Using these files
390: results in a much faster initial CVS update than you could expect from
391: a fresh checkout of the full OpenBSD source tree.
392: <p>
393:
394: <hr>
395:
396: <h3 id="ports"><font color="#0000e0">Ports Tree</font></h3>
397:
398: A ports tree archive is also provided. To extract:
399:
400: <blockquote><pre>
401: # <b>cd /usr</b>
402: # <b>tar xvfz /tmp/ports.tar.gz</b>
403: </pre></blockquote>
404:
405: Go read the <a href="faq/ports/index.html">ports</a> page
406: if you know nothing about ports
407: at this point. This text is not a manual of how to use ports.
408: Rather, it is a set of notes meant to kickstart the user on the
409: OpenBSD ports system.
410: <p>
411: The <i>ports/</i> directory represents a CVS checkout of our ports.
412: As with our complete source tree, our ports tree is available via
413: <a href="anoncvs.html">AnonCVS</a>.
414: So, in order to keep up to date with the -stable branch, you must make
415: the <i>ports/</i> tree available on a read-write medium and update the tree
416: with a command like:
417:
418: <blockquote><pre>
419: # <b>cd /usr/ports</b>
420: # <b>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_4</b>
421: </pre></blockquote>
422:
423: [Of course, you must replace the server name here with a nearby anoncvs
424: server.]
425: <p>
426: Note that most ports are available as packages on our mirrors. Updated
427: ports for the 6.5 release will be made available if problems arise.
428: <p>
429: If you're interested in seeing a port added, would like to help out, or just
430: would like to know more, the mailing list
431: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
432: <p>
433: </body>
434: </html>