File: [local] / www / 69.html (download) (as text)
Revision 1.14, Sat Apr 10 17:16:19 2021 UTC (3 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.13: +19 -2 lines
a few more things i committed.
|
<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 6.9</title>
<meta name="description" content="OpenBSD 6.9">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/69.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
6.9
</h2>
<table>
<tr>
<td>
<a href="images/XXX.png">
<img width="227" height="303" src="images/XXX-s.gif" alt="XXX"></a>
<td>
Released May 1, 2021.<br>
Copyright 1997-2021, Theo de Raadt.<br>
<br>
6.9 Song:
<a href="lyrics.html#69">"XXX"</a>.
<br>
Artwork by Joy San.
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/6.9/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata69.html">the 6.9 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus69.html">detailed log of changes</a> between the
6.8 and 6.9 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-69-base.pub:
<td>
<a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/openbsd-69-base.pub">
RWQZj25CSG5R2oLo5735Hh6C48kkjFsj5rJDjW+fGZwyY+BkD5/zps8f</a>
<tr><td>
openbsd-69-fw.pub:
<td>
RWSYx4htNi/zavF8ZToMBDFz2xymRfFnnR1MEKV9csYbvnrTBwdkXhdy
<tr><td>
openbsd-69-pkg.pub:
<td>
RWQlDXyHx5KlPoEiz4yWRK/Gt/rvPwI8KEAt3utge/dBS7R+EscdzA5K
<tr><td>
openbsd-69-syspatch.pub:
<td>
RWRWuHkSV0U8PUX24vGa3ywrvKNQY6llV3PLvKEzDTiTVPfIRaXPfvzR
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 6.9.
For a comprehensive list, see the <a href="plus69.html">changelog</a> leading
to 6.9.
<ul>
<li>New/extended platforms:
<ul>
<li>Added <a href="https://man.openbsd.org/astfb.4">astfb(4)</a>, a
driver for the framebuffer of the Aspeed BMC found on many POWER8 and
POWER9 systems.
<li>Added bsd.mp to powerpc64's installXX.{img,iso}.
<li>Added RETGUARD implementation for powerpc and powerpc64.
<li>Added powerpc64 retguard macros for setjmp/longjmp.
<li>Added retguard macros to powerpc64 locore functions.
<li>Added a workaround for PCIO devices that cannot address the full
64-bit PCI address space to powerpc64. Needed for <a
href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> and <a
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> since Radeon
GPUs only implement 36, 40, or 44 bits of address space.
<li>Added limited emulation of unaligned access in the powerpc64 kernel.
<li>Changed <a href="https://man.openbsd.org/astfb.4">astfb(4)</a> to
allow it to become the console on powerpc64.
<li>Added support for passing a bootmac command line argument to
RAMDISK on powerpc64.
<li>Fixed booting on powerpc64 machines with memory banks higher in
physical address space, needing a larger TCE table.
<li>Introduced power-saving mode on POWER9 (ISA v3).
<li>Enabled floating-point exceptions on powerpc64.
<li>Added support for <a
href="https://man.openbsd.org/ipmi.4">ipmi(4)</a> on PowerNV systems.
<!-- ARM64 on Apple M1 -->
<li>Recognized Apple Icestorm cores on arm64.
<li>Added basic support for BCM4379, found on the Apple M1 SoCs, to
<a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a>.
<li>Added <a href="https://man.openbsd.org/exuart.4">exuart(4)</a>
support for hte UART found on the Apple M1 SoC.
<li>Added <a href="https://man.openbsd.org/apldog.4">apldog(4)</a>, a
driver for the watchdog on Apple M1 SoCs, allowing reboot of the
machine.
<li>Added <a href="https://man.openbsd.org/aplintc.4">aplintc(4)</a>,
a driver for the interrupt controller found on Apple M1 SoCs.
<li>Added <a href="https://man.openbsd.org/aplpcie.4">aplpcie(4)</a>,
a driver for the PCIe host bridge on Apple M1 SoCs.
<li>Increased RX buffers available to the <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> chip to 256,
allowing use of the Apple M1's wifi.
<li>Added <a href="https://man.openbsd.org/apldart.4">apldart(4)</a>,
a driver for the IOMMU on Apple M1 SoCs.
<li>Added <a href="https://man.openbsd.org/smmu.4">smmu(4)</a>, a
driver for the ARM System MMU.
<!-- loongson -->
<li>Made loongson kernels recognize Lynloong LM9002/9003 and LM9013.
<li>Use native display resolution 1368x768 for Lynloong all-in-one computers.
<li>Disabled base-gcc on loongson and octeon.
</ul>
<li>Improvements to time measurements, mostly in the kernel:
<ul>
<li>Changed the <a href="https://man.openbsd.org/pool.9">pool(9)</a> timeouts to use the system uptime instead of ticks.
<li>Ensured <a href="https://man.openbsd.org/sleep.3">sleep(3)</a>
calls <a href="https://man.openbsd.org/nanosleep.2">nanosleep(2)</a>
if seconds is zero, now delegating all decisions about whether or not
to yield the CPU.
</ul>
<li>Various kernel improvements:
<ul>
<li>Added basic support for kclock timeouts to <a
href="https://man.openbsd.org/timeout.9">timeout(9)</a>.
<li>Added a top-level 'reboot' command to <a
href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Fixed the "entry point at 0x10010000" hang reported on amd64
machines by using a 64MB block to load the kernel.
<li>Added <a href="https://man.openbsd.org/witness.4">witness(4)</a>
check for uninitialized (or zeroed) lock usage.
<li>Added fd close notification for kqueue-based <a
href="https://man.openbsd.org/poll.2">poll(2)</a> and <a
href="https://man.openbsd.org/select.2">select(2)</a>.
<li>Added a global "nowake" channel for threads avoiding <a
href="https://man.openbsd.org/wakeup.9">wakeup(9)</a> to <a
href="https://man.openbsd.org/tsleep.9">tsleep(9)</a>.
<li>Corrected accounting of zero length Transfer Descriptors in <a
href="https://man.openbsd.org/xhci.4">xhci(4)</a>, preventing running
out of free Transfer Ring Blocks.
<li>Used per-CPU counter for fault and stats counters reached in uvm_fault().
<li>Introduced kern.video.record for <a
href="https://man.openbsd.org/video.4">video(4)</a> devices, an analog
to the kern.audio.record <a
href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> parameter for <a
href="https://man.openbsd.org/audio.4">audio(4)</a> devices. By
default, kern.video.record will be set to zero and blank all data
delivered by drivers attaching to <a
href="https://man.openbsd.org/video.4">video(4)</a>.
<li>Allowed a process to open a <a
href="https://man.openbsd.org/video.4">video(4)</a> device multiple
times. Fixes webcam usage with Firefox and BigBlueButton.
<li>Enabled multiple opens of a <a
href="https://man.openbsd.org/video.4">video(4)</a> device as
described in the V4L2 specification.
<li>Added trace points for <a
href="https://man.openbsd.org/malloc.9">malloc(9)</a> and <a
href="https://man.openbsd.org/free.9">free(9)</a>, making them
traceabe via <a href="https://man.openbsd.org/dt.4">dt(4)</a> and <a
href="https://man.openbsd.org/btrace.8">btrace(8)</a>.
<li>Fixed a boot-time crash on sparc64 due to mutex use during the
message buffer initialization.
<li>Prevented a panic in some acpi firmware that provided invalid
memory regions in their reserved memory region reporting table.
<li>Disabled <a href="https://man.openbsd.org/com.4">com(4)</a> on
sparc64 for m3000s. Console i/o should fall back to ofw routines.
<li>In softraid(4), added the RAID1C (raid1 + crypto) <a
href="https://man.openbsd.org/softraid.4">softraid(4)</a> discipline,
encrypting data like the CRYPTO discipline and accepting multiple
chunks during creation and assembly like the RAID1 discipline.
<li>Corrected raidlevel verification specified by the -c option in <a
href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>.
<li>Added a barrier between reading the cqe flags and the command ID
to prevent completion of the wrong scsi io for <a
href="https://man.openbsd.org/nvme.4">nvme(4)</a> drives.
<li>Prevent <a href="https://man.openbsd.org/nvme.4">nvme(4)</a>
attachment to devices with size zero.
<li>Introduced new function <a
href="https://man.openbsd.org/if_unit.9">if_unit(9)</a>, returning a
pointer to the interface descriptor corresponding to the unique name.
<li>Clear interrupts on luna88k processors more efficiently at boot
time.
<li>Added <a
href="https://man.openbsd.org/acpiiort.4">acpiiort(4)</a>, a driver
for the ACPI I/O Remapping Table.
<!-- SMP -->
<li>Introduced "if_cloners_lock" rwlock and used it to serialize if_clone_{create,destroy}(), avoiding multiple race conditions.
<li>Introduced a system-wide mutex that serializes msgbuf operations.
<li>Made <a href="https://man.openbsd.org/uvm_pagealloc.9">uvm_pagealloc(9)</a> of the physical memory allocator mp-safe.
<li>Unlocked <a href="https://man.openbsd.org/getppid.2">getppid(2)</a>.
<li>Introduced locking for amaps and anons, improving build performance.
<li>Moved UNIX domain sockets out of the kernel lock, using the new "unp_lock" <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> as solock()'s backend to protect the whole layer.
<!-- DRM -->
<li>Implemented linux interval tree functions for <a href="https://man.openbsd.org/drm.4">drm(4)</a>.
<li>Fixed <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a> display commands when using <a href="https://man.openbsd.org/drm.4">drm(4)</a> drivers on macppc.
<li>Changed from <a href="https://man.openbsd.org/rwlock.9">rwlock(9)</a> to <a href="https://man.openbsd.org/mutex.9">mutex(9)</a> for linux rwlocks.
<li>Fixed a panic associated with locks and <a href="https://man.openbsd.org/drm.4">drm(4)</a> on macppc with Powerbook5,6 and RV350.
<li>Revised the initialization of the <a href="https://man.openbsd.org/drm.4">drm(4)</a> Linux emulation layer to call it only when the first drm instance attaches.
<li>Fixed DRI3 support on <a href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a> and <a href="https://man.openbsd.org/ati.4">ati(4)</a>.
<li>Created /dev/ drm nodes with the same names as linux to simplify libdrm and negate the need for certain ports patches.
<!-- VMM -->
<li>Prevented memory corruption or improper page access in <a
href="https://man.openbsd.org/vmm.4">vmm(4)</a> due to improper TLB
flushing for now by wiring the pages used by virtual machines.
</ul>
<li>Various new userland features:
<ul>
<li>Added <a
href="https://man.openbsd.org/doas.conf.5">doas.conf(5)</a> "nolog"
option to avoid <a
href="https://man.openbsd.org/syslog.3">syslog(3)</a>.
<li>Allowed specific <a
href="https://man.openbsd.org/sndio.7">sndio(7)</a> devices to be used
for play-only and rec-only modes.
<li>Use an 8th order FIR low-pass filter for resampling in <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> and for <a
href="https://man.openbsd.org/aucat.1">aucat(1)</a>, removing most of
the aliasing noise during resampling.
<li>Disabled <a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>
autovolume by default and set the default volume to 127. Setting "-w
on" will replicate the previous behavior of automatically decreasing
playback volume when new programs start playing.
<li>Allowed mixing of alternative devices (-F) with different
capabilities in <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> by treating any
device as full-duplex.
<li>Enabled build and install of <a href="https://man.openbsd.org/lldb.1">lldb(1)</a>.
<li>Added <a href="https://man.openbsd.org/logger.1">logger(1)</a>
support to <a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>, <a
href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a> and <a
href="https://man.openbsd.org/rc.d.8">rc.d(8)</a> for daemons logging
to stdout/stderr.
<!-- XXX own heading and introductory text ? -->
<li>Introduced <a
href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>, a dhcp
daemon to acquire IPv4 address leases from servers.
<li>Added <a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>,
a daemon to rewrite <a
href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
</ul>
<li>Various bugfixes and tweaks in userland:
<ul>
<li>Fixed a pledge violation in <a
href="https://man.openbsd.org/csh.1">csh(1)</a> where redirecting
input from a file containing ^T would cause csh(1) to perform a tty
ioctl operation against a non-tty.
<li>Made <a href="https://man.openbsd.org/syspatch.8">syspatch(8)</a> work
again when fewer than 3 patches are available.
<li>Stopped exempting file systems from <a
href="https://man.openbsd.org/security.8">security(8)</a> on the basis
of nodev and nosuid options, which may not be used for file systems
mounted beneath.
<li>Modified <a href="https://man.openbsd.org/daily.8">daily(8)</a>
to stop reporting disk status and networking statistics.
<li>Made <a
href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a> specify
a version when it uses <a
href="https://man.openbsd.org/fw_update.1">fw_update(1)</a> to avoid
the situation where upgrading a pre-6.8 snapshot to 6.8 release with
"-r" would install firmware packages from snapshots.
<li>Increased speed of the dependency check pass for <a
href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>.
<li>Prevented process exit in multithreaded programs from reporting
the wrong error code.
<li>Allowed booting of amd64/i386 from 4TB GPT formatted disks.
<li>When using the <a href="https://man.openbsd.org/cat.1">cat(1)</a>
-n flag, correctly enumerate files with more than INT_MAX lines.
<li>Fixed a memory leak in ld.so's malloc.
<li>Added a "xenodm" login class for <a
href="https://man.openbsd.org/xenodm.1">xenodm(1)</a> and increased
openfiles to 512 to avoid running out of file descriptors with a busy
desktop.
<li>Fixed -s option for <a href="https://man.openbsd.org/cmp.1">cmp(1)</a>.
<li>Improve pledge in <a
href="https://man.openbsd.org/doas.1">doas(1)</a>, specifically added
pledge to the "-C" code path.
<li>Inproved performance of <a
href="https://man.openbsd.org/malloc.3">malloc(3)</a>'s cache.
<li>Made editing GPT in <a
href="https://man.openbsd.org/fdisk.8">fdisk(8)</a> safer by
defaulting offset to the beginning of the largest free space and
preventing the creation of overlapping partitions.
<li>Fixed a crash that could occur in <a
href="https://man.openbsd.org/sndiod.8">sndiod(8)</a> when a usb
device is unplugged.
<li>Append .html suffixes to temporary files in <a
href="https://man.openbsd.org/mandoc.1">mandoc(1)</a> to allow
recognition by browsers.
<li>Allow specification of a path to the <a
href="https://man.openbsd.org/mg.1">mg(1)</a> startup file on the
command line.
</ul>
<li>Improved hardware support and driver bugfixes, including:
<ul>
<li>Moved mfokclock(4) from loongson to make it available for other
platforms and renamed it to <a
href="https://man.openbsd.org/mfokrtc.4">mfokrtc(4)</a>.
<li>Fixed brightness setting on MacBooks.
<li>Added AMD Vi and Intel VTD IOMMU support. This creates separate
domains for each PCI device and can provide protection against invalid
memory access.
<li>Enabled brightness keys on powerbooks where the keyboard attaches
as <a href="https://man.openbsd.org/ukbd.4">ukbd(4)</a>.
<li>Set initial default display brightness on macppc via
of_setbrightness() to ensure <a
href="https://man.openbsd.org/wscons.4">wscons(4)</a> and ofw are in
sync.
<li>Added the ClearFog GT 8K to <a
href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>.
<li>Added support for the PL2303HXN series chips to <a
href="https://man.openbsd.org/uplcom.4">uplcom(4)</a>.
<li>Added support for the PCA9547 I2C mux to <a
href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>.
<li>Extended <a href="https://man.openbsd.org/pcamux.4">pcamux(4)</a>
with ACPI support.
<li>Added <a href="https://man.openbsd.org/acpige.4">acpige(4)</a>, a
driver for ACPI generic event devices, used on te HoneyComb LX2K to
implement power button handling.
<li>Added <a href="https://man.openbsd.org/pchgpio.4">pchgpio(4)</a>,
a driver for the GPIO controllers found on modern Intel PCHs.
<li>Added ACPI support to <a
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
<li>Fixed panics on the HoneyComb LX2K with <a
href="https://man.openbsd.org/amdgpu.4">amdgpu(4)</a>.
<li>Fixed very old <a
href="https://man.openbsd.org/umass.4">umass(4)</a> devices where the
INQUIRY command succeeds but with a residue equal to the requested
bytes.
<li>Added Gemini Lake I2C id to <a
href="https://man.openbsd.org/dwiic.4">dwiic(4)</a>, making the
touchpad work on the Teclast F7 Plus laptop.
<li>Introduced <a href="https://man.openbsd.org/ujoy.4">ujoy(4)</a>, a
restricted subset of <a
href="https://man.openbsd.org/uhid.4">uhid(4)</a> for game controllers
which uses /dev/ujoy/* device nodes.
<li>Set up <a href="https://man.openbsd.org/ims.4">ims(4)</a> devices
in X11 to behave like touchpads.
<li>Stopped relying on USB devices to correctly present their
indices, instead searching for the correct interfaces. This fixes E+
Corp. DAC Audio devices.
<li>Introduced <a
href="https://man.openbsd.org/uhidpp.4">uhidpp(4)</a>, a driver for
Logitech HID++ devices.
<!-- ARM64 -->
<li>Optimized arm64 <a
href="https://man.openbsd.org/copyin.9">copyin(9)</a>, <a
href="https://man.openbsd.org/copyout.9">copyout(9)</a> and <a
href="https://man.openbsd.org/kcopy.9">kcopy(9)</a> by doing 16-byte
copies if possible.
<li>Added recognition of Cortex-A78AE, Cortex-X1 and Neoverse V1 arm64 CPUs.
<li>Added clock support for i.MX8MP.
<li>Added support for the VF610 I2C controller to <a
href="https://man.openbsd.org/imxiic.4">imxiic(4)</a>.
<li>Fixed a panic seen with mbuf chains on arm64.
<li>Added <a href="https://man.openbsd.org/dwgpio.4">dwgpio(4)</a>, a
driver for the Synopsys DesignWare GPIO controller.
<li>Added "amlogic,meson-g12a-dwmac" to <a
href="https://man.openbsd.org/dwge.4">dwge(4)</a>.
<li>Added <a
href="https://man.openbsd.org/amlpinctrl.4">amlpinctrl(4)</a> support
for the "Always On" GPIOs.
<li>Added PCIe clocks to <a
href="https://man.openbsd.org/amlclock.4">amlclock(4)</a>.
<li>Made large read and write transactions work in <a
href="https://man.openbsd.org/amliic.4">amliic(4)</a>.
<li>Added PCIe support to <a
href="https://man.openbsd.org/amlpciephy.4">amlpciephy(4)</a>.
<li>Added support to <a
href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a> for the PCIe
controller found on Amlogic G12A/G12B/SM1 SoCs.
<li>Implemented intx support in <a
href="https://man.openbsd.org/mvkpcie.4">mvkpcie(4)</a>.
<li>Added <a href="https://man.openbsd.org/cryptox.4">cryptox(4)</a>,
a driver for armv8 cryptographic extensions.
<li>Added support for PCIe on the NanoPi R4S to <a
href="https://man.openbsd.org/rkpcie.4">rkpcie(4)</a>.
</ul>
<li>New or improved network hardware support:
<ul>
<li>Fixed link state change behavior in 82598 <a
href="https://man.openbsd.org/ix.4">ix(4)</a> chips.
<li>Fixed issues with network stopping after the first down/up cycle
in <a href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> Marvel Armada
Ethernet device.
<li>Added SFP+ support to ofw, including support for direct attach cables.
<li>Added 10G media support to <a
href="https://man.openbsd.org/mvpp.4">mvpp(4)</a>.
<li>Added support for 1000base-x and 2500base-x connections to <a
href="https://man.openbsd.org/mvneta.4">mvneta(4)</a>.
<li>Added <a href="https://man.openbsd.org/mvsw.4">mvsw(4)</a>, a
driver for Marvel "SOHO" switches.
<li>Enabled auto-negotiation on the SerDes links, allowing
in-band-status to work between <a
href="https://man.openbsd.org/mvpp.4">mvpp(4)</a> and <a
href="https://man.openbsd.org/mvsw.4">mvsw(4)</a> on the ClearFog GT
8K.
<li>Added support for the i.MX8MP PCIe clocks, USB clocks and second
ethernet.
<li>Added Wake on LAN support to <a
href="https://man.openbsd.org/rge.4">rge(4)</a>.
<li>Enabled IPv4 and TCP/UDP checksum offload on transmission in <a
href="https://man.openbsd.org/ogx.4">ogx(4)</a>.
<li>Raised the maximum number of queues/interrupts from 1 to 16 on <a
href="https://man.openbsd.org/mcx.4">mcx(4)</a> devices.
<li>Added support for the Netgear ProSecure UTM25 to octeon.
</ul>
<li>Added or improved wireless network drivers:
<ul>
<li>Fixed <a href="https://man.openbsd.org/athn.4">athn(4)</a> in
client mode against APs that use WPA1/TKIP as the group cipher.
<li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
against access points using WPA1/TKIP as the group cipher.
<li>Added multicast support to <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> to allow IPv6.
<li>Fixed <a href="https://man.openbsd.org/urtwn.4">urtwn(4)</a>
repeated DEAUTH and loss/restoration of link.
<li>Introduced a delay to work around an issue in <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> on the BCM43602 that
was triggering "unexpected pairwise key update" errors.
<li>Enabled <a href="https://man.openbsd.org/athn.4">athn(4)</a> for arm64.
<li>Added support for version 7 of the <a
href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> PCIe interface.
</ul>
<li>IEEE 802.11 wireless stack improvements and bugfixes:
<ul>
<li>Fixed the calculation of "maxlen" in <a
href="https://man.openbsd.org/iwm.4">iwm(4)</a> and <a
href="https://man.openbsd.org/iwx.4">iwx(4)</a> when there are
multiple MPDUs in one packet.
<li>Fixed 802.11 RSN capabilities announced to peers.
<li>Flushed the reorder buffer after gap timeout to prevent frames
from remaining in the buffer until the next frame is received.
<li>Avoided spurious "input packet decapsulations failed" errors in
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a> -W with
A-MSDU enabled.
</ul>
<li>Generic network stack improvements and bugfixes:
<ul>
<li>Prevented kernel reuse of mbuf memory when generating the ICMP6
response to an IPv6 packet.
<li>Added the ability to force the selection of source IP address for
programs that do not specify a source IP, configurable via <a
href="https://man.openbsd.org/route.8">route(8)</a>.
<li>For IPv6 addresses, added tracking of address proposal creation
times to be able to establish total lifetime. This information is used
to renew pltime/vltime of privacy addresse per RFC 4941.
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> on macppc
by keeping track of allowed ips pointer correctly.
<li>Use the toeplitz hash algorithm to a flowid for tcp packets,
which in turn is used to choose the tx ring on network cards with
multiple rings.
<li>Fixed <a href="https://man.openbsd.org/wg.4">wg(4)</a> ioctl to
handle multiple wgpeers.
<li>Removed the direct ACK on every other data segment. After
receiving a data segment, we were sending out two ACKs, the first one
in tcp_input() direct after receiving and the second ACK after the
userland or the sosplice task read some data out of the socket buffer.
This change removes the ACK in tcp_input(), saving processing time and
improving network performance.
<li>Removed the maxburst feature from tcp_output().
<li>Added a MONITOR feature to interfaces. Packets received on these
interfaces do not enter the network stack for further processing. This
can be used to watch traffic, for example with <a
href="https://man.openbsd.org/bpf.4">bpf(4)</a> without risk of the packets
interfering with the system.
<li>Added etherbridge, the internals of a reusable learning bridge
interface providing common code reusable for other drivers needing a
mac learning bridge.
<li>Introduced <a href="https://man.openbsd.org/veb.4">veb(4)</a>, a
Virtual Ethernet Bridge driver.
<li>Added support for adding and deleting mac addr entries on <a
href="https://man.openbsd.org/nvgre.4">nvgre(4)</a>.
<li>Added support for adding and deleting address table entries to <a
href="https://man.openbsd.org/bpe.4">bpe(4)</a>, <a
href="https://man.openbsd.org/veb.4">veb(4)</a> and etherbridge.
</ul>
<li>Installer improvements:
<ul>
<li>Prevented a race in <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> privsep
which could cause autoinstall to fail by calling <a
href="https://man.openbsd.org/ftp.1">ftp(1)</a> without a local
address.
<li>Fixed hangs on amd64 bsd.rd due to misreported core clock
frequency on newer Intel Comet Lake models.
<li>Began distributing the gzip'd version of bsd.rd on all platforms with boot methods supporting it.
</ul>
<li>Security improvements:
<ul>
<li>Added notices to syslog whenever the "%n" format string component of <a href="https://man.openbsd.org/printf.3">printf(3)</a> is used.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<!-- BGP -->
<li>Fixed a memory leak when parsing <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> roa-set lists.
<li>Stopped allowing configuration of the same neighbor multiple
times in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>When exporting prefixes from multiple sessions in <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> into the same <a
href="https://man.openbsd.org/pf.4">pf(4)</a> table, now prefixes are
only removed from the table when withdrawn from all sessions that
announced them.
<li>Introduced a send hold timer in <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> to detect stalls on
the sending side of a TCP connection, acting as a last resort to
detect faulty peers.
<li>Added <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
"show sets" to display information about the roa-set, as-sets and
prefix-sets loaded into <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Introduced the <a
href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> per
neighbor and global config option "reject as-set yes/no" to allow
rejection of received UPDATES with AS_SET segments. These rejected
prefixes can be viewed with <a
href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> "show rib in
error".
<li>Properly implemented "rde med compare strict" in <a
href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and ensured that the
order of prefixes is always correct.
<li>Added RTR support to <a href="https://man.openbsd.org/bgpd.8">OpenBGPD</a>.
<li>Added <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>
"show rtr" to display basic information about RTR sessions.
<li>Introduced <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
<code>rde evaluate all</code> to work around path hiding in IXP
route-server environments.
<li>Allowed use of <a
href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> on interfaces that
share the same IP.
<!-- HTTPD -->
<li>Prevented a crash due to
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> listening on port
443 with missing TLS certificates.
<li>Created a new "location (found|notfound)" option for
<a href="https://man.openbsd.org/httpd.conf.5">httpd.conf(5)</a> to allow
testing for resource path existence.
<li>Added a directive to <a
href="https://man.openbsd.org/httpd.8">httpd(8)</a> to check if a path
is accessible.
<li>Fixed detection of duplicate locations in <a
href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Fixed leak of access and error log filenames on config reload in
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<li>Avoid leaking the log message in
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>'s
server_sendlog.
<li>Incorrect order of
<a href="https://man.openbsd.org/close.2">close(2)</a> and
<a href="https://man.openbsd.org/tls_close.3">tls_close(3)</a>
together with a bug in LibSSL led to leaking memory in
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
for each TLS connection.
<li>Fixed the <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
example configuration not to generate errors when running without TLS
keys already in place.
<li>Optimize disk reads of
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
by using st_blocksize as high water mark instead of
the socket buffer size.
<!-- IKE/IPSEC -->
<li>Added support to request IP addresses as IKEv2 initiator to <a
href="https://man.openbsd.org/iked.8">iked(8)</a>. If 'request addr
0.0.0.0' is configured, any address will be accepted.
<li>Make <a href="https://man.openbsd.org/iked.8">iked(8)</a> accept
ANY dynamic address with 'request addr 0.0.0.0'.
<li>Added 'dynamic' keyword to <a
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> to allow
configuration of flows to dynamically assigned addresses.
<li>Added the 'any' keyword to <a
href="https://man.openbsd.org/iked.conf.5">iked.conf(5)</a> for
requests to allow "request address any".
<li>Enabled <a href="https://man.openbsd.org/iked.8">iked(8)</a>
support for ASN1_DN ipsec identifiers.
<li>Implemented <a href="https://man.openbsd.org/iked.8">iked(8)</a>
"from dynamic," installing flows where "dynamic" is replaced by the
received dynamic IP address.
<li>Made sure not to replace 0.0.0.0 with a dynamic address in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> if it is a network
address.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> -s
socket option to specify a control socket.
<li>Used a counter instead of random IV for AES-GCM in <a
href="https://man.openbsd.org/iked.8">iked(8)</a>, eliminating the
risk of random collisions.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
support for multiple address pools.
<li>Added the <a href="https://man.openbsd.org/iked.8">iked(8)</a>
"set stickyaddress" option, which attempts to assign the same "config
address" when an IKESA is negotiated with the DSTID of an existing
IKESA.
<li>Ensured rekeying of every child SA in <a
href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a> support
for RSASSA-PSS signature verification (RFC 7427).
<li>Corrected the first packet of an <a
href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> SA to have
sequence number 1.
<li>Accepted reject and blackhole routes for IPsec PMTU discovery.
<li>Prevented leaking of ipsec_hosts in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> when building
hosts_list.
<li>Prevented initiation of new additional SAs for each policy upon
every <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a> config
reload.
<li>Fixed "any" and "dynamic" keywords for flows in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> and added proper
IPv6 support.
<li>Created a path MTU host route for <a
href="https://man.openbsd.org/ipsec.4">IPsec(4)</a> over IPv6.
<li>Added support for INVALID_KE_PAYLOAD in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> CREATE_CHILD_SA
exchange.
<li>Added support for RSA-PSS PKCS1 signatures to <a
href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Fixed path MTU discovery for ESP tunnels in IPv6.
<li>Upgraded to OpenSSL 1.1 compatible crypto API in <a
href="https://man.openbsd.org/iked.8">iked(8)</a>.
<li>Added an optional "group none" transform for child SAs in <a
href="https://man.openbsd.org/iked.8">iked(8)</a> to ensure the
ability to negotiate optional PFS.
<li>Added <a href="https://man.openbsd.org/iked.8">iked(8)</a>
dynamic address configuration for roadwarrior clients, with a new
"iface" config option which can be used to specify an interface for
the virtual addresses received from the peer.
<!-- LDAP -->
<li>Fixed <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a> cert
and key path inference for absolute paths.
<li>Fixed incorrect cast in a
<a href="https://man.openbsd.org/vsnprintf(3)">vsnprintf(3)</a>
error check
in <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>.
<li>Applied <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
to <a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>.
<!-- PF -->
<li>Relaxed checks in <a
href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> and <a
href="https://man.openbsd.org/pf.4">pf(4)</a> to accept any valid
routing domain, even if it does not yet exist.
<li>Made <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>
detect and reject bogus ranges before loading the ruleset to prevent a
panic.
<li>Changed route-to in <a
href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a> to send
packets to IPs instead of interfaces.
<li>Changed pf_route so <a
href="https://man.openbsd.org/pf.4">pf(4)</a> only runs when packets
enter and leave the stack. Running the same packet through pf multiple
times creates confusion for the state table. By default, pf states are
floating, meaning that packets are matched to states regardless of
which interface they're going over. This diff avoids multiple pf(4)
traversals of one packet causing confusion in the state table.
<li>Prevented the kernel from being stuck in an endless recursion
during TCP path MTU discovery when <a
href="https://man.openbsd.org/pf.4">pf(4)</a> changes the routing
table when sending packets.
<li>When cutting off the head of an overlapping fragment during <a
href="https://man.openbsd.org/pf.4">pf(4)</a> reassembly, reinserted
the fragment into the lookup table with the correct index.
<!-- dig -->
<li>Implemented RFC 8914 Extended DNS Errors for <a
href="https://man.openbsd.org/dig.1">dig(1)</a>.
<li>Fixed <a href="https://man.openbsd.org/dig.1">dig(1)</a> EDNS
Client Subnet option (+subnet=).
<li>Fixed IPv6 link-local address handling for nameservers to talk to
and address to bind to in <a
href="https://man.openbsd.org/dig.1">dig(1)</a>.
<!-- dhclient -->
<li>Fixed incorrect behavior when using <a
href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a> to
change the lease renew/rebind/expiry timing.
<li>Allowed the provision of <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> options on
"dhcp" lines in <a
href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a> files.
<!-- other -->
<li>Changed <a href="https://man.openbsd.org/ping.8">ping(8)</a> to
drain the raw socket of packets received before we were fully setup to
avoid reporting ICMP responses intended for other instances of ping(8)
running in parallel.
<li>Added <a href="https://man.openbsd.org/ping.8">ping(8)</a> -g
option to provide a visual display of packets received and lost.
<li>Changed <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>
Duplicate Address Detection (DAD) to only generate a new address if we
are using Semantically Opaque Interface Identifiers.
<li>Handled an autoconf interface changing its rdomain in <a
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>.
<li>Do not leak the domains listed in
<a href="https://man.openbsd.org/unwind.8">unwind(8)</a>'s
blocklist file on each config reload.
<li>Do not leak duplicate domain nodes when loading the
<a href="https://man.openbsd.org/unwind.8">unwind(8)</a>
config.
<li>Fixed rare crashes of <a
href="https://man.openbsd.org/unwind.8">unwind(8)</a> when DNS answers
are larger than the maximum imsg size.
<li>Implemented <a
href="https://man.openbsd.org/unwind.8">unwind(8)</a> listening on
TCP.
<li>Implemented DNS64 synthesis in <a
href="https://man.openbsd.org/unwind.8">unwind(8)</a>.
<li>Disabled logging to <a
href="https://man.openbsd.org/syslog.3">syslog(3)</a> for libunbound
with <a href="https://man.openbsd.org/unwind.8">unwind(8)</a>. Does
not prevent logging to stderr with "unwind -d".
<li>Removed the -L option from <a
href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li>Added a simple --timeout implementation to <a
href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>.
<li>Added support for the use of !command to <a
href="https://man.openbsd.org/mygate.5">mygate(5)</a>, so that
netstart has a late opportunity to perform network configuration.
<li>Make <a href="https://man.openbsd.org/rad.8">rad(8)</a> to handle
multiple rdomains in a single daemon (instead of running it in
multiple rdomains).
<li>Added a specific headline to <a
href="https://man.openbsd.org/netstat.1">netstat(1)</a> for TCP state
and IP protocol.
<li>Handle permanent redirects (RFC 7538) in <a
href="https://man.openbsd.org/ftp.1">ftp(1)</a> fetch.
<li>Introduced <a href="https://man.openbsd.org/ftp.1">ftp(1)</a>
support for sending the If-Modified-Since header while fetching over
http or https. Switched to using the timestamps from the remote
server's Last-Modified header if available when saving local files and
introduced the ftp "-u" flag to disable this behavior.
<li>Added requests for a new certificate without requiring -F when <a
href="https://man.openbsd.org/acme-client.1">acme-client(1)</a>
detects an added or removed SAN in the config file not reflected in
the existing certificate on disk.
<li>Print rewritten addresses in <a
href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> logged with <a
href="https://man.openbsd.org/pflog.4">pflog(4)</a> for rdr-to, nat-to
and af-to rules.
<li>Removed the <a
href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> traphandler
process.
<li>When calling <a
href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> with
AI_ADDRCONFIG, consider the routing domain when checking for available
address families. This ensures that name resolution is only performed
for the address families available in the rdomain.
<li>Implemented the <a href="https://man.openbsd.org/nc.1">nc(1)</a>
-D socket debug option in <a
href="https://man.openbsd.org/tcpbench.1">tcpbench(1)</a>, allowing
analysis of TCP connections.
<li>Avoid leaking the help text in
<a href="https://man.openbsd.org/tcpbench.1">systat(8)</a>.
<li>Simplify argument parsing of
<a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> stop
thereby avoiding a
<a href="https://man.openbsd.org/printf.3">printf(3)</a> "%s" NULL,
a use of uninitialized and a dead else branch.
</ul>
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes:
<ul>
<li>Made <a href="https://man.openbsd.org/tmux.1">tmux(1)</a> synchronize-panes a pane option and added set-option -U flag to unset an option on all panes.
</ul>
<li>OpenSMTPD 6.9.0
<ul>
<li>Introduced <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>
-a to perform authentication before sending a message.
<li>Fixed a memory leak in <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> resolver.
<li>Prevented a crash due to premature release of resources by the <a
href="https://man.openbsd.org/smtpd.8">smtpd(8)</a> filter state
machine.
<li>Switch to libtls internally.
<li>Change the way SNI works in <a href="https://man.openbsd.org/smtpd.conf.5#pki~2">smtpd.conf(5)</a>.
TLS listeners may be configured with multiple certificates,
the matching is based on the names included in these certificates.
<li>Allow to specify tls protocols and ciphers per listener and relay action.
</ul>
<li>LibreSSL 3.2.2
<ul>
<li>New Features
<ul>
<!-- taken from plus.html, not sorted into categories:
<li>Added a -legacy_verify flag to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> to force use of the old validator.
<li>Changed <a href="https://man.openbsd.org/crypto.3">crypto(3)</a>
to call its get_issuer() callback to try and find a suitable
certificate in cases where it has failed to find a print certificate
from the supplied roots and intermediates.
<li>Corrected an issue where <a href="https://man.openbsd.org/openssl.1">openssl(1)</a> verify might not error on expired certificates.
<li>Fixed an issue in the TLS 1.3 code that caused stalls in haproxy and other software.
<li>Implemented auto chain for the TLSv1.3 server.
<li>Implemented the key material exporter for TLSv1.3.
<li>Fixed problems which could arise with software such as bacula and icinga when a root certificate was specified as both a trusted and an untrusted certificate.
<li>Added support for <a href="https://man.openbsd.org/SSL_get_shared_ciphers.3">SSL_get_shared_ciphers(3)</a> in TLSv1.3 and fixed to correctly return ciphers shared by the client and the server.
-->
</ul>
<li>API and Documentation Enhancements
<ul>
<li>...
</ul>
<li>Compatibility Changes
<ul>
<li>...
</ul>
<li>Testing and Proactive Security
<ul>
<li>...
</ul>
<li>Internal Improvements
<ul>
<li>...
</ul>
<li>Portable Improvements
<ul>
<li>...
</ul>
<li>Bug Fixes
<ul>
<li>...
</ul>
</ul>
<li>OpenSSH 8.4
<ul>
<!-- XXX taken from plus.html, not sorted into categories yet
<li>Preferred ed25519 signature algorithm variants over ECDSA in <a
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>.
<li>Enabled <a
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
UpdateHostkeys by default when the configuration has not overridden
UserKnownHostFile.
<li>Prefixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
keyboard interactive prompts with "user@host" for easier
identification of connections.
<li>Displayed any other hostnames/addresses associated with a new
hostkey when <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
prompts the user to accept it.
<li>When doing an <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>
recursive upload or download of a read-only directory, ensured that
the directory was created with write and execute permissions in the
interim to allow the transfer.
<li>Set the specified TOS/DSCP for interactive use prior to TCP
connect in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>CLeaned up passing of struct passwd from monitor to preauth
privsep process in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Added an <a
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>
KnownHostsCommand that allows the client to obtain known_hosts data
from a command in addition to the usual files.
<li>Made CheckHostIP default to "no" in <a
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>.
<li>Added PerSourceMaxStartups and PerSourceNetBlockSize options to
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>.
<li>Renamed the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms in <a
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>.
<li>Renamed the HostbasedKeyTypes keyword in <a
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and the
HostbasedAcceptedKeyTypes keyword in <a
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> to
HostbasedAcceptedAlgorithms.
<li>Added PermitRemoteOpen to <a
href="https://man.openbsd.org/ssh.1">ssh(1)</a> for remote dynamic
forwarding with SOCKS.
-->
<li>Potentially incompatible changes.
<ul>
<li>...
</ul>
<li>New Features
<ul>
<li>...
</ul>
<li>Bugfixes
<ul>
<li>...
</ul>
</ul>
<li>Ports and packages:
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 3">
<li>aarch64: XXX
<li>amd64: XXX
<li>arm: XXX
<li>i386: XXX
<li>mips64: XXX
<li>mips64el: XXX
<li>powerpc: XXX
<li>powerpc64: XXX
<li>sparc64: XXX
</ul>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 1.20.10 + patches,
freetype 2.10.4, fontconfig 2.12.4, Mesa 20.0.8, xterm 366,
xkeyboard-config 2.20, fonttosfnt 1.2.1 and more)
<li>LLVM/Clang 10.0.1 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.32.1 (+ patches)
<li>NSD 4.3.6
<li>Unbound 1.13.1
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk December 18, 2020 version
<li>Expat 2.2.10
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 6.9 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/alpha/INSTALL.alpha">
.../OpenBSD/6.9/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/amd64/INSTALL.amd64">
.../OpenBSD/6.9/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/arm64/INSTALL.arm64">
.../OpenBSD/6.9/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/armv7/INSTALL.armv7">
.../OpenBSD/6.9/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/hppa/INSTALL.hppa">
.../OpenBSD/6.9/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/i386/INSTALL.i386">
.../OpenBSD/6.9/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/landisk/INSTALL.landisk">
.../OpenBSD/6.9/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/loongson/INSTALL.loongson">
.../OpenBSD/6.9/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/luna88k/INSTALL.luna88k">
.../OpenBSD/6.9/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/macppc/INSTALL.macppc">
.../OpenBSD/6.9/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/octeon/INSTALL.octeon">
.../OpenBSD/6.9/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/powerpc64/INSTALL.powerpc64">
.../OpenBSD/6.9/powerpc64/INSTALL.powerpc64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/sgi/INSTALL.sgi">
.../OpenBSD/6.9/sgi/INSTALL.sgi</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.9/sparc64/INSTALL.sparc64">
.../OpenBSD/6.9/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
If your machine can boot from CD, you can write <i>install69.iso</i> or
<i>cd69.iso</i> to a CD and boot from it.
Refer to INSTALL.alpha for more details.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install69.iso</i> or
<i>cd69.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install69.img</i> or
<i>miniroot69.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
Write <i>miniroot69.img</i> to a disk and boot from it after connecting
to the serial console. Refer to INSTALL.arm64 for more details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install69.iso</i> or
<i>cd69.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install69.img</i> or
<i>miniroot69.img</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot69.img</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot69.img</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/6.9/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/powerpc64:</h3>
<p>
To install, write <i>install69.img</i> or <i>miniroot69.img</i> to a
USB stick, plug it into the machine and choose the <i>OpenBSD
install</i> menu item in Petitboot.
Refer to the instructions in INSTALL.powerpc64 for more details.
<h3>OpenBSD/sgi:</h3>
<p>
To install, burn cd69.iso on a CD-R, put it in the CD drive of your
machine and select <i>Install System Software</i> from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
<p>
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
<h3>OpenBSD/sparc64:</h3>
<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy69.img</i> or <i>floppyB69.img</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>miniroot69.img</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 6.7 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade69.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_9</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 6.9 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
![[BACK]](/icons/back.gif){kind=icon}
Return to 69.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www