Annotation of www/65.html, Revision 1.23
1.1 beck 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
4: <title>OpenBSD 6.5</title>
5: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
6: <meta name="description" content="OpenBSD 6.5">
7: <meta name="copyright" content="This document copyright 2019 by OpenBSD.">
8: <meta name="viewport" content="width=device-width, initial-scale=1">
9: <link rel="stylesheet" type="text/css" href="openbsd.css">
10: <link rel="canonical" href="https://www.openbsd.org/65.html">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#24248E">
14:
15: <h2>
16: <a href="index.html">
17: <i><font color="#0000ff">Open</font></i><font color="#000084">BSD</font></a>
1.5 beck 18: <font color="#e00000">6.5</font>
1.1 beck 19: </h2>
20:
21: <a href="images/notyet.jpg">
22: <img align="left" width="227" height="343" hspace="24" src="images/Puffoil.gif"></a>
23: Released XXX XX, 2018<br>
24: Copyright 1997-2019, Theo de Raadt.<br>
25: <br>
26: <br>
27:
28: <br>
29: <ul>
30: <li>See the information on <a href="ftp.html">the FTP page</a> for
31: a list of mirror machines.
32: <li>Go to the <font color="#e00000">pub/OpenBSD/6.5/</font> directory on
33: one of the mirror sites.
1.2 beck 34: <li>Have a look at <a href="errata65.html">the 6.5 errata page</a> for a list
1.1 beck 35: of bugs and workarounds.
1.2 beck 36: <li>See a <a href="plus65.html">detailed log of changes</a> between the
1.1 beck 37: 6.4 and 6.5 releases.
38: <p>
39: <li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
40: pubkeys for this release:<br>
41: <pre>
42: </pre>
43: <p>
44: All applicable copyrights and credits are in the src.tar.gz,
45: sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
46: files fetched via ports.tar.gz.
47: </ul>
48: <br clear=all>
49:
50: <hr>
51:
52: <h3 id="new"><font color="#0000e0">What's New</font></h3>
53:
54: This is a partial list of new features and systems included in OpenBSD 6.5.
1.2 beck 55: For a comprehensive list, see the <a href="plus65.html">changelog</a> leading
1.1 beck 56: to 6.5.
57:
58: <ul>
59:
60: <li>Improved hardware support, including:
1.3 visa 61: <ul>
62: <li><a href="https://man.openbsd.org/clang.1">clang(1)</a>
63: is now provided on mips64.
1.15 visa 64: <li>octeon: Now the system automatically detects the number of available
65: cores. However, manual setting of the numcores, or coremask,
66: boot parameter is still needed to enable secondary cores.
67: <li>octeon: It is now possible to use the root disk's DUID as the value
68: of the rootdev boot parameter.
1.3 visa 69: </ul>
1.1 beck 70:
71: <p>
72:
73: <li>IEEE 802.11 wireless stack improvements:
74: <p>
75:
76: <li>Generic network stack improvements:
77: <p>
78:
79: <li>Installer improvements:
80: <p>
81:
82: <li>Security improvements:
83: <p>
84:
85: <li>Routing daemons and other userland network improvements:
1.10 denis 86: <ul>
87: <li><a href="https://man.openbsd.org/bgplg.8">bgplg(8)</a> and
88: <a href="https://man.openbsd.org/bgplgsh.8">bgplgsh(8)</a> can
89: now filter on Origin Validation State and Extended Communities.
1.12 denis 90: <li><a href="https://man.openbsd.org/pcap-filter.3">pcap-filter(3)</a> can
91: now filter on MPLS packets.
1.10 denis 92: </ul>
1.1 beck 93: <p>
94:
95: <li>Assorted improvements:
1.20 anton 96: <ul>
97: <li>
98: <a href="https://man.openbsd.org/kcov.4">kcov(4)</a>
99: gained support for
100: <a href="https://man.openbsd.org/kcov#KCOV_MODE_TRACE_CMP">KCOV_MODE_TRACE_CMP</a>.
101: </ul>
1.1 beck 102: <p>
103:
104: <li>OpenSMTPD
105: <p>
106:
1.4 bcook 107: <li>LibreSSL 2.9.X
108: <ul>
109: <li>API and Documentation Enhancements
110: <ul>
111: <li>
112: CRYPTO_LOCK is now automatically initialized, with the legacy
1.9 bcook 113: callbacks stubbed for compatibility.
1.4 bcook 114: <li>
115: Added the SM3 hash function from the Chinese standard GB/T 32905-2016.
1.7 bcook 116: <li>
1.9 bcook 117: Added more OPENSSL_NO_* macros for compatibility with OpenSSL.
1.16 beck 118: <li>
1.19 jsg 119: Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH.
120: <li>
121: Implemented further missing OpenSSL 1.1 API.
1.21 tb 122: <li>
123: Added support for XChaCha20 and XChaCha20-Poly1305.
1.19 jsg 124: </ul>
125:
126: <li>Compatibility Changes
127: <ul>
128: <li>
1.23 ! beck 129: Added pbkdf2 key derivation support
! 130: to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> enc.
! 131: <li>
1.19 jsg 132: Changed the default digest type of
133: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> enc
134: to sha256.
1.18 naddy 135: <li>
136: Changed the default digest type of
137: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> dgst
138: to sha256.
1.17 tb 139: <li>
1.19 jsg 140: Changed the default digest type of
141: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
142: x509 -fingerprint to sha256.
1.17 tb 143: <li>
1.19 jsg 144: Changed the default digest type of
145: <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
146: crl -fingerprint to sha256.
1.4 bcook 147: </ul>
148:
149: <li>Testing and Proactive Security
150: <ul>
151: <li>
1.8 bcook 152: Added extensive interoperability tests between LibreSSL and OpenSSL 1.0
1.9 bcook 153: and 1.1.
1.7 bcook 154: <li>
155: Added additional wycheproof tests and related bug fixes.
1.4 bcook 156: </ul>
157:
158: <li>Internal Improvements
159: <ul>
160: <li>
161: Simplified sigalgs option processing and handshake signing algorithm
1.9 bcook 162: selection.
1.4 bcook 163: <li>
1.9 bcook 164: Added the ability to use the RSA PSS algorithm for handshake signatures.
1.4 bcook 165: <li>
166: Added bn_rand_interval() and use it in code needing ranges of random bn
1.9 bcook 167: values.
1.4 bcook 168: <li>
169: Added functionality to derive early, handshake, and application secrets
1.9 bcook 170: as per RFC8446.
1.4 bcook 171: <li>
1.9 bcook 172: Added handshake state machine from RFC8446.
1.7 bcook 173: <li>
174: Removed some ASN.1 related code from libcrypto that had not been used
1.9 bcook 175: since around 2000.
1.7 bcook 176: <li>
177: Unexported internal symbols and internalized more record layer structs.
1.23 ! beck 178: <li>
! 179: Removed SHA224 based handshake signatures from consideration for use in a TLS 1.2 handshake.
1.4 bcook 180: </ul>
181:
1.6 bcook 182: <li>Portable Improvements
183: <ul>
184: <li>
1.9 bcook 185: Added support for assembly optimizations on 32-bit ARM ELF targets.
1.6 bcook 186: </ul>
187:
1.4 bcook 188: <li>Bug Fixes
189: <ul>
190: <li>
1.13 tb 191: Improved protection against timing side channels in ECDSA signature
192: generation.
1.4 bcook 193: <li>
1.14 tb 194: Coordinate blinding was added to some elliptic curves.
1.13 tb 195: This is the last bit of the work by Brumley et al. to protect against
196: the Portsmash vulnerability.
1.4 bcook 197: <li>
1.9 bcook 198: Ensure transcript handshake is always freed with TLS 1.2.
1.4 bcook 199: </ul>
200: </ul>
1.1 beck 201: <p>
202:
203: <li>Mandoc
204: <p>
205:
206: <li>Ports and packages:
207: <p>
208:
209: <li>As usual, steady improvements in manual pages and other documentation.
210: <p>
211:
212: <li>The system includes the following major components from outside suppliers:
1.4 bcook 213: <p>
1.1 beck 214:
215: </ul>
216:
217: <hr>
218:
219: <h3 id="install"><font color="#0000e0">How to install</font></h3>
220:
221: Please refer to the following files on the mirror site for
222: extensive details on how to install OpenBSD 6.5 on your machine:
223:
224: <ul>
225: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/alpha/INSTALL.alpha">
226: .../OpenBSD/6.5/alpha/INSTALL.alpha</a>
227: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/amd64/INSTALL.amd64">
228: .../OpenBSD/6.5/amd64/INSTALL.amd64</a>
229: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/arm64/INSTALL.arm64">
230: .../OpenBSD/6.5/arm64/INSTALL.arm64</a>
231: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/armv7/INSTALL.armv7">
232: .../OpenBSD/6.5/armv7/INSTALL.armv7</a>
233: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/hppa/INSTALL.hppa">
234: .../OpenBSD/6.5/hppa/INSTALL.hppa</a>
235: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/i386/INSTALL.i386">
236: .../OpenBSD/6.5/i386/INSTALL.i386</a>
237: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/landisk/INSTALL.landisk">
238: .../OpenBSD/6.5/landisk/INSTALL.landisk</a>
239: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/loongson/INSTALL.loongson">
240: .../OpenBSD/6.5/loongson/INSTALL.loongson</a>
241: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/luna88k/INSTALL.luna88k">
242: .../OpenBSD/6.5/luna88k/INSTALL.luna88k</a>
243: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/macppc/INSTALL.macppc">
244: .../OpenBSD/6.5/macppc/INSTALL.macppc</a>
245: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/octeon/INSTALL.octeon">
246: .../OpenBSD/6.5/octeon/INSTALL.octeon</a>
247: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/sgi/INSTALL.sgi">
248: .../OpenBSD/6.5/sgi/INSTALL.sgi</a>
249: <li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.5/sparc64/INSTALL.sparc64">
250: .../OpenBSD/6.5/sparc64/INSTALL.sparc64</a>
251: </ul>
252:
253: <hr>
254:
255: <p>
256: Quick installer information for people familiar with OpenBSD, and the use of
257: the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
258: If you are at all confused when installing OpenBSD, read the relevant
259: INSTALL.* file as listed above!
260:
261: <h3><font color="#e00000">OpenBSD/alpha:</font></h3>
262:
263: <ul style="list-style-type: none">
264: <li>
1.2 beck 265: Write <i>floppy65.fs</i> or <i>floppyB65.fs</i> (depending on your machine)
1.1 beck 266: to a diskette and enter <i>boot dva0</i>.
267: Refer to INSTALL.alpha for more details.
268: <p>
269: <li>
270: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
271: will most likely fail.
272: </ul>
273:
274: <h3><font color="#e00000">OpenBSD/amd64:</font></h3>
275:
276: <ul style="list-style-type: none">
277: <li>
1.2 beck 278: If your machine can boot from CD, you can write <i>install65.iso</i> or
279: <i>cd65.iso</i> to a CD and boot from it.
1.1 beck 280: You may need to adjust your BIOS options first.
281: <p>
282: <li>
1.2 beck 283: If your machine can boot from USB, you can write <i>install65.fs</i> or
284: <i>miniroot65.fs</i> to a USB stick and boot from it.
1.1 beck 285: <p>
286: <li>
287: If you can't boot from a CD, floppy disk, or USB,
288: you can install across the network using PXE as described in the included
289: INSTALL.amd64 document.
290: <p>
291: <li>
292: If you are planning to dual boot OpenBSD with another OS, you will need to
293: read INSTALL.amd64.
294: </ul>
295:
296: <h3><font color="#e00000">OpenBSD/arm64:</font></h3>
297:
298: <ul style="list-style-type: none">
299: <li>
1.2 beck 300: Write <i>miniroot65.fs</i> to a disk and boot from it after connecting
1.1 beck 301: to the serial console. Refer to INSTALL.arm64 for more details.
302: <p>
303: </ul>
304:
305: <h3><font color="#e00000">OpenBSD/armv7:</font></h3>
306:
307: <ul style="list-style-type: none">
308: <li>
309: Write a system specific miniroot to an SD card and boot from it after connecting
310: to the serial console. Refer to INSTALL.armv7 for more details.
311: <p>
312: </ul>
313:
314: <h3><font color="#e00000">OpenBSD/hppa:</font></h3>
315:
316: <ul style="list-style-type: none">
317: <li>
318: Boot over the network by following the instructions in INSTALL.hppa or the
319: <a href="hppa.html#install">hppa platform page</a>.
320: </ul>
321:
322: <h3><font color="#e00000">OpenBSD/i386:</font></h3>
323:
324: <ul style="list-style-type: none">
325: <li>
1.2 beck 326: If your machine can boot from CD, you can write <i>install65.iso</i> or
327: <i>cd65.iso</i> to a CD and boot from it.
1.1 beck 328: You may need to adjust your BIOS options first.
329: <p>
330: <li>
1.2 beck 331: If your machine can boot from USB, you can write <i>install65.fs</i> or
332: <i>miniroot65.fs</i> to a USB stick and boot from it.
1.1 beck 333: <p>
334: <li>
335: If you can't boot from a CD, floppy disk, or USB,
336: you can install across the network using PXE as described in
337: the included INSTALL.i386 document.
338: <p>
339: <li>
340: If you are planning on dual booting OpenBSD with another OS, you will need to
341: read INSTALL.i386.
342: </ul>
343:
344: <h3><font color="#e00000">OpenBSD/landisk:</font></h3>
345:
346: <ul style="list-style-type: none">
347: <li>
1.2 beck 348: Write <i>miniroot65.fs</i> to the start of the CF
1.1 beck 349: or disk, and boot normally.
350: </ul>
351:
352: <h3><font color="#e00000">OpenBSD/loongson:</font></h3>
353:
354: <ul style="list-style-type: none">
355: <li>
1.2 beck 356: Write <i>miniroot65.fs</i> to a USB stick and boot bsd.rd from it
1.1 beck 357: or boot bsd.rd via tftp.
358: Refer to the instructions in INSTALL.loongson for more details.
359: </ul>
360:
361: <h3><font color="#e00000">OpenBSD/luna88k:</font></h3>
362:
363: <ul style="list-style-type: none">
364: <li>
365: Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
366: from the PROM, and then bsd.rd from the bootloader.
367: Refer to the instructions in INSTALL.luna88k for more details.
368: </ul>
369:
370: <h3><font color="#e00000">OpenBSD/macppc:</font></h3>
371:
372: <ul style="list-style-type: none">
373: <li>
374: Burn the image from a mirror site to a CDROM, and power on your machine
375: while holding down the <i>C</i> key until the display turns on and
376: shows <i>OpenBSD/macppc boot</i>.
377: <p>
378: <li>
379: Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
380: /6.5/macppc/bsd.rd</i>
381: </ul>
382:
383: <h3><font color="#e00000">OpenBSD/octeon:</font></h3>
384:
385: <ul style="list-style-type: none">
386: <li>
387: After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
388: Refer to the instructions in INSTALL.octeon for more details.
389: </ul>
390:
391: <h3><font color="#e00000">OpenBSD/sgi:</font></h3>
392:
393: <ul style="list-style-type: none">
394: <li>
1.2 beck 395: To install, burn cd65.iso on a CD-R, put it in the CD drive of your
1.1 beck 396: machine and select <i>Install System Software</i> from the System Maintenance
397: menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
398: CD-ROM, and need a proper invocation from the PROM prompt.
399: Refer to the instructions in INSTALL.sgi for more details.
400:
401: <p>
402: <li>
403: If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
404: server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
405: system type. Refer to the instructions in INSTALL.sgi for more details.
406: </ul>
407:
408: <h3><font color="#e00000">OpenBSD/sparc64:</font></h3>
409:
410: <ul style="list-style-type: none">
411: <li>
412: Burn the image from a mirror site to a CDROM, boot from it, and type
413: <i>boot cdrom</i>.
414: <p>
415: <li>
416: If this doesn't work, or if you don't have a CDROM drive, you can write
1.2 beck 417: <i>floppy65.fs</i> or <i>floppyB65.fs</i>
1.1 beck 418: (depending on your machine) to a floppy and boot it with <i>boot
419: floppy</i>. Refer to INSTALL.sparc64 for details.
420: <p>
421: <li>
422: Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
423: will most likely fail.
424: <p>
425: <li>
1.2 beck 426: You can also write <i>miniroot65.fs</i> to the swap partition on
1.1 beck 427: the disk and boot with <i>boot disk:b</i>.
428: <p>
429: <li>
430: If nothing works, you can boot over the network as described in INSTALL.sparc64.
431: </ul>
432:
433: <hr>
434:
435: <h3 id="upgrade"><font color="#0000e0">How to upgrade</font></h3>
436:
437: If you already have an OpenBSD 6.4 system, and do not want to reinstall,
438: upgrade instructions and advice can be found in the
1.2 beck 439: <a href="faq/upgrade65.html">Upgrade Guide</a>.
1.1 beck 440: <p>
441:
442: <hr>
443:
444: <h3 id="sourcecode"><font color="#0000e0">Notes about the source code</font></h3>
445:
446: <tt>src.tar.gz</tt> contains a source archive starting at <tt>/usr/src</tt>.
447: This file contains everything you need except for the kernel sources,
448: which are in a separate archive.
449: To extract:
450:
451: <blockquote><pre>
452: # <b>mkdir -p /usr/src</b>
453: # <b>cd /usr/src</b>
454: # <b>tar xvfz /tmp/src.tar.gz</b>
455: </pre></blockquote>
456:
457: <tt>sys.tar.gz</tt> contains a source archive starting at <tt>/usr/src/sys</tt>.
458: This file contains all the kernel sources you need to rebuild kernels.
459: To extract:
460:
461: <blockquote><pre>
462: # <b>mkdir -p /usr/src/sys</b>
463: # <b>cd /usr/src</b>
464: # <b>tar xvfz /tmp/sys.tar.gz</b>
465: </pre></blockquote>
466:
467: Both of these trees are a regular CVS checkout. Using these trees it
468: is possible to get a head-start on using the anoncvs servers as
469: described <a href="anoncvs.html">here</a>.
470: Using these files
471: results in a much faster initial CVS update than you could expect from
472: a fresh checkout of the full OpenBSD source tree.
473: <p>
474:
475: <hr>
476:
477: <h3 id="ports"><font color="#0000e0">Ports Tree</font></h3>
478:
479: A ports tree archive is also provided. To extract:
480:
481: <blockquote><pre>
482: # <b>cd /usr</b>
483: # <b>tar xvfz /tmp/ports.tar.gz</b>
484: </pre></blockquote>
485:
486: Go read the <a href="faq/ports/index.html">ports</a> page
487: if you know nothing about ports
488: at this point. This text is not a manual of how to use ports.
489: Rather, it is a set of notes meant to kickstart the user on the
490: OpenBSD ports system.
491: <p>
492: The <i>ports/</i> directory represents a CVS checkout of our ports.
493: As with our complete source tree, our ports tree is available via
494: <a href="anoncvs.html">AnonCVS</a>.
495: So, in order to keep up to date with the -stable branch, you must make
496: the <i>ports/</i> tree available on a read-write medium and update the tree
497: with a command like:
498:
499: <blockquote><pre>
500: # <b>cd /usr/ports</b>
1.11 beck 501: # <b>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_5</b>
1.1 beck 502: </pre></blockquote>
503:
504: [Of course, you must replace the server name here with a nearby anoncvs
505: server.]
506: <p>
507: Note that most ports are available as packages on our mirrors. Updated
508: ports for the 6.5 release will be made available if problems arise.
509: <p>
510: If you're interested in seeing a port added, would like to help out, or just
511: would like to know more, the mailing list
512: <a href="mail.html">ports@openbsd.org</a> is a good place to know.
513: <p>
514: </body>
515: </html>