Released Nov 1, 2014
Copyright 1997-2014, Theo de Raadt.
ISBN 978-0-9881561-4-2
5.6 Song: "Ride of the Valkyries"
- See the information on the FTP page for
a list of mirror machines.
- Go to the pub/OpenBSD/5.6/ directory on
one of the mirror sites.
- Have a look at the 5.6 errata page for a list
of bugs and workarounds.
- See a detailed log of changes between the
5.5 and 5.6 releases.
- signify(1) pubkeys for this release:
base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV
fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw
pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via ports.tar.gz.
What's New
This is a partial list of new features and systems included in OpenBSD 5.6.
For a comprehensive list, see the changelog leading
to 5.6.
- LibreSSL
- This release forks OpenSSL into
LibreSSL, a version of the TLS/crypto
stack with goals of modernizing the codebase, improving security, and
applying best practice development processes.
- No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms,
as well as antique compilers.
- Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP,
CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is
irrelevant, or because they require external non-free libraries to work.
- No support for FIPS-140 compliance.
- No EBCDIC support.
- No support for big-endian i386 and amd64 platforms.
- Use standard routines from the C library (malloc, strdup, snprintf...)
instead of rolling our own, sometimes badly.
- Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for
all the entropy needs.
- Remove the MD2 and SEED algorithms.
- Remove J-PAKE, PSK and SRP (mis)features.
- Aggressive cleaning of BN memory when no longer used.
- No support for Kerberos.
- No support for SSLv2.
- No support for the questionable DTLS heartbeat extension.
- No support for TLS compression.
- No support for US-Export SSL ciphers.
- Do not use the current time as a random seed in libssl.
- Support for ChaCha and Poly1305 algorithm.
- Support for Brainpool and ANSSI elliptic curves.
- Support for AES-GCM and ChaCha20-Poly1305 AEAD modes.
- Improved hardware support, including:
- SCSI Multipathing support via mpath(4) and associated path drivers on several architectures.
- New qlw(4) driver for QLogic ISP SCSI HBAs.
- New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs.
- New upd(4) sensor driver for USB Power Devices (UPS).
- New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet PHYs.
- New uscom(4) driver for simple USB serial adapters.
- New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB Ethernet devices.
- The inteldrm(4) and radeondrm(4) drivers have improved suspend/resume support.
- The userland interface for the agp(4) driver has been removed.
- The rtsx(4) driver now supports card readers based on the RTS5227 and RTL8402 chipsets.
- The firmware for the run(4) driver has been updated to version 0.33.
- The run(4) driver now supports devices based on the RT3900E chipset.
- The zyd(4) driver, which was broken for some time, has been fixed.
- The bwi(4) driver now works in systems with more than 1GB of RAM.
- The re(4) driver now supports devices based on the RTL8168EP/8111EP, RTL8168G/8111G, and RTL8168GU/8111GU chipsets.
- Generic network stack improvements:
- divert(4) now supports checksum offload.
- IPv6 is now turned off on new interfaces by default. Assigning an IPv6 address will enable IPv6 on an interface.
- Support for RFC4620 IPv6 Node Information Queries has been removed.
- The kernel no longer supports the SO_DONTROUTE socket option.
- The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag defined in RFC 3493.
- Include router alert option (RAO) in IGMP packets, as required by RFC2236.
- ALTQ has been removed.
- The hash table for Protocol Control Block (PCB) of TCP and UDP now resize automatically on load.
- Installer improvements:
- Remove ftp and tape as install methods.
- Preserve the disklabel (and next 6 blocks) when installing boot block on
4k-sector disk drives.
- Change the "Server?" question to "HTTP Server?" to allow unambiguous autoinstall(8) handling.
- Allow autoinstall(8) to fetch and install sets from multiple locations.
- Many sample configuration files have moved from /etc to /etc/examples.
- Routing daemons and other userland network improvements:
- When used with the -v flag, tcpdump(8) now shows the actual bad checksum within the IP/protocol header itself and what the good checksum should be.
- ftp(1) now allows its User-Agent to be changed via the -U command-line option.
- The -r option of ping(8) and traceroute(8) has been removed.
- ifconfig(8) can now explicitly assign an IPv6 link-local address and turn IPv6 autoconf on or off.
- ifconfig(8) has been made smarter about parsing WEP keys on the command line.
- ifconfig(8) scan now shows the encryption type of wireless networks (WEP, WPA, WPA2, 802.1x).
- MS-CHAPv1 (RFC2433) support has been removed from pppd(8).
- traceroute6(8)
has been merged into
traceroute(8).
- The asr API
for asynchronous address resolution and nameserver querying is now public.
- pflow(4)'s
pflowproto 9 has been removed.
- The userland ppp(8) daemon and its associated PPPoE helper, pppoe(8), have been removed.
- snmpd(8),
snmpctl(8), and
relayd(8)
now communicate via the AgentX protocol.
- relayd(8)
has a new filtering subsystem, where the new configuration language uses last-matching pf-like rules.
- The new
relayd(8)
filter rules now support URL-based relaying.
- relayd(8)
now uses privilege separation for private keys. This acts as an additional mitigation to
prevent leakage of the private keys from the processes doing SSL/TLS.
- New httpd(8)
HTTP server with FastCGI and SSL support.
- OpenSMTPD 5.4.3 (includes changes to 5.4.2):
- New/changed features:
- OpenSMTPD replaces Sendmail as the default MTA.
- Queue process now runs under a different user for better isolation.
- Merged MDA, MTA and SMTP processes into a single unprivileged process.
- Killed the MFA process, it is no longer needed.
- Added support for email addresses lookups in the
table_db backend.
- Added RSA privilege separation support to prevent possible private key leakage.
- The following significant bugs have been fixed in this release:
- Minor bug fixes in some corner cases of the routing logic.
- The enqueuer no longer adds its own User-Agent.
- Disabled profiling code, allowing all processes to rest rather than waking up every second.
- Reworked the purge task to avoid disk-hits unless necessary... only once at startup.
- Fix various header parsing bugs in the local enqueuer.
- Assorted minor fixes and code cleanups.
- Security improvements:
- Changed the heuristics of the stack protector to also protect functions with local array definitions and references to local frame addresses. This matches the -fstack-protector-strong option of upstream GCC.
- Position-independent executables (PIE) are now used by default on powerpc.
- Removed Kerberos.
- Default bcrypt hash type is now $2b$.
- Remove md5crypt support.
- Improved easier to use bcrypt API is now available.
- Increase randomness of random mmap mappings.
- Added getentropy(2).
- Added timingsafe_memcmp(3).
- Removed the MD4 hash algorithm and functions from
cksum(1),
S/Key,
and libc.
- gets(3) has been removed.
- Added reallocarray(3),
which allows multiple sized objects to be allocated without the cost of
clearing memory while avoiding possible integer overflows.
- Extended fread(3) and
fwrite(3)
to check for integer overflows.
- Assorted improvements:
- locate databases for both base and xenocara, as
/usr/lib/locate/src.db
and
/usr/X11R6/lib/locate/xorg.db
.
- Much faster package updates, due to package contents reordering that
precludes re-downloading unchanged files.
- Fix many programs that failed when accessing disks having sector sizes other than 512 bytes, including
badsect(8),
df(1),
dump(8),
dumpfs(8),
fsck_ext2fs(8),
fsck_ffs(8),
fsdb(8),
growfs(8),
ncheck_ffs(8),
quotacheck(8),
tunefs(8).
- Constrain MSDOS timestamps to 1/1/1980 through 12/31/2107. 64-bit
time_t values outside that range are stored as 1/1/1980.
- bs(6) now prints a battleship splash screen.
- rcp, rsh, rshd, rwho, rwhod, ruptime, asa, bdes, fpr, mkstr, page, spray, xstr, oldrdist, fsplit, uyap, and bluetooth have been removed.
- rmail(8) and uucpd(8) have been removed from the base system and added to the ports tree.
- Lynx has been removed from the base system and added to the ports tree.
- TCP Wrappers have been removed.
- Fix atexit(3) recursive handlers.
- Enhance
disklabel(8) to recover filesystem mountpoint information when reading saved ascii labels.
- Properly handle
msgbuf_write(3) EOF conditions, including uses in
tmux(1),
dvmrpd(8),
ldapd(8),
ldpd(8),
ospf6d(8),
ospfd(8),
relayd(8),
ripd(8),
smtpd(8),
ypldap(8).
- Constrain fdisk(8) '-l' to disk sizes of 64 blocks or more.
- Sync fdisk(8) built-in MBR with current /usr/mdec/mbr.
- Quiet dhclient(8) '-q' even more.
- Log less redundant dhclient(8) info.
- New leases, lease renewals, cable state changes more obvious to applications monitoring dhclient(8) files.
- Preserve chronological order of leases in the dhclient.leases(5) leases files.
- Use 'lease {}' statements in dhclient.conf(5), allowing interfaces to get an address when no dynamic lease is available.
- Improve dhclient(8) parsing and printing of classess static routes.
- Eliminate unnecessary rewrites of resolv.conf(5) by dhclient(8).
- Added sendsyslog(2): syslog(3) now works even when out of file descriptors or in a chroot.
- Added
errc(3),
verrc(3),
warnc(3) and
vwarnc(3).
- Faster hibernate/unhibernate performance on amd64 and i386 platforms.
- Support hibernating to softraid(4) crypto volumes.
- Improved performance of seekdir(3) to start of current buffer.
- Added <endian.h> per the revision of the POSIX spec in progress.
- Apache has been removed.
- Read support for ext4 filesystems.
- Reworked mplocks as ticket locks instead of spinlocks on amd64, i386, and sparc64. This provides fairer access to the kernel lock between logical CPUs, especially in multi socket systems.
- OpenSSH 6.7
- Potentially-incompatible changes:
- sshd(8):
The default set of ciphers and MACs has been altered to remove
unsafe algorithms. In particular, CBC ciphers and
arcfour* are disabled by default.
- sshd(8):
Support for tcpwrappers/libwrap has been removed.
- OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the "curve25519-sha256@libssh.org" KEX exchange method
to fail when connecting with something that implements the
specification correctly. OpenSSH 6.7 disables this KEX method when
speaking to one of the affected versions.
- New/changed features:
- Major internal refactoring to begin to make part of OpenSSH usable
as a library. So far the wire parsing, key handling and KRL code
has been refactored. Please note that we do not consider the API
stable yet, nor do we offer the library in separable form.
- ssh(1),
sshd(8):
Add support for Unix domain socket forwarding. A remote TCP
port may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket.
- ssh(1),
ssh-keygen(1):
Add support for SSHFP DNS records for Ed25519 key types.
- sftp(1):
Allow resumption of interrupted uploads.
- ssh(1):
When rekeying, skip file/DNS lookups of the hostkey if it is the same
as the one sent during initial key exchange. (bz#2154)
- sshd(8):
Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
GatewayPorts=no; allows client to choose address family.
(bz#2222)
- sshd(8):
Add a
sshd_config(5)
PermitUserRC option to control whether ~/.ssh/rc is
executed, mirroring the no-user-rc authorized_keys option.
(bz#2160)
- ssh(1):
Add a %C escape sequence for LocalCommand and
ControlPath that expands to a unique identifer based on a
hash of the tuple of (local host, remote user, hostname, port). Helps
avoid exceeding miserly pathname limits for Unix domain sockets in
multiplexing control paths. (bz#2220)
- sshd(8):
Make the "Too many authentication failures" message include the user,
source address, port and protocol in a format similar to the
authentication success/failure messages. (bz#2199)
- Added unit and fuzz tests for refactored code.
- The following significant bugs have been fixed in this release:
- sshd(8):
Fix remote forwarding with same listen port but different listen
address.
- ssh(1):
Fix inverted test that caused PKCS#11 keys that were explicitly
listed in
ssh_config(5)
or on the commandline not to be preferred.
- ssh-keygen(1):
Fix bug in KRL generation: multiple consecutive revoked certificate
serial number ranges could be serialised to an invalid format.
Readers of a broken KRL caused by this bug will fail closed, so no
should-have-been-revoked key will be accepted.
- ssh(1):
Reflect stdio-forward ("ssh -W host:port ...") failures in
exit status. Previously we were always returning 0. (bz#2255)
- ssh(1),
ssh-keygen(1):
Make Ed25519 keys' title fit properly in the randomart border.
(bz#2247)
- ssh-agent(1):
Only cleanup agent socket in the main agent process and not in any
subprocesses it may have started (e.g. forked askpass). Fixes agent
sockets being zapped when askpass processes fatal(). (bz#2236)
- ssh-add(1):
Make stdout line-buffered; saves partial output getting lost when
ssh-add(1)
fatal()s part-way through (e.g. when listing keys from an
agent that supports key types that
ssh-add(1)
doesn't). (bz#2234)
- ssh-keygen(1):
When hashing or removing hosts, don't choke on "@revoked" markers and
don't remove "@cert-authority" markers. (bz#2241)
- ssh(1):
Don't fatal when hostname canonicalisation fails and a
ProxyCommand is in use; continue and allow the
ProxyCommand to connect anyway (e.g. to a host with a name
outside the DNS behind a bastion).
- scp(1):
When copying local->remote fails during read, don't send uninitialised
heap to the remote end.
- sftp(1):
Fix fatal "el_insertstr failed" errors when tab-completing filenames
with a single quote char somewhere in the string. (bz#2238)
- ssh-keyscan(1):
Scan for Ed25519 keys by default.
- ssh(1):
When using VerifyHostKeyDNS with a DNSSEC resolver,
down-convert any certificate keys to plain keys and attempt SSHFP
resolution. Prevents a server from skipping SSHFP lookup and forcing
a new-hostkey dialog by offering only certificate keys.
- sshd(8):
Avoid crash at exit via NULL pointer reference. (bz#2225)
- Fix some strict-alignment errors.
- mandoc 1.13.0:
- New implementation of apropos(1),
whatis(1),
and makewhatis(8) based on SQLite3 databases.
- Substantial improvements of mandoc(1) error and warning messages.
- Almost complete implementation of roff(7) numerical expressions.
- About a dozen minor new features and numerous bug fixes.
- Ports and packages:
- Many pre-built packages for each architecture:
- i386: 8588
- sparc64: 7965
- alpha: 6278
- sh: 2626
|
- amd64: 8588
- powerpc: 8049
- m88k: 2475
- sparc: 3394
|
- arm: 5633
- hppa: 6143
- vax: 1995
|
- mips64: 4686
- mips64el: 6697
|
- Some highlights:
- GNOME 3.12.2
- KDE 3.5.10
- KDE 4.13.3
- Xfce 4.10
- MySQL 5.1.73
- PostgreSQL 9.3.4
- Postfix 2.11.1
- OpenLDAP 2.3.43 and 2.4.39
- Mozilla Firefox 31.0
- Mozilla Thunderbird 31.0
- GHC 7.6.3
- LibreOffice 4.1.6.2
- Emacs 21.4 and 24.3
- Vim 7.4.135
- PHP 5.3.28, 5.4.30 and 5.5.14
- Python 2.7.8, 3.3.5 and 3.4.1
- Ruby 1.8.7.374, 1.9.3.545, 2.0.0.481 and 2.1.2
- Tcl/Tk 8.5.15 and 8.6.1
- JDK 1.7.0.55
- Mono 3.4.0
- Chromium 36.0.1985.125
- Groff 1.22.2
- Go 1.3
- GCC 4.6.4, 4.8.3 and 4.9.0
- LLVM/Clang 3.5 (20140228)
- Node.js 0.10.28
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.7 with xserver 1.15.2 + patches,
freetype 2.5.3, fontconfig 2.11.1, Mesa 10.2.3, xterm 309,
xkeyboard-config 2.11 and more)
- Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.18.2 (+ patches)
- Nginx 1.6.0 (+ patches)
- SQLite 3.8.4.3 (+ patches)
- Sendmail 8.14.8, with libmilter
- Bind 9.4.2-P2 (+ patches)
- NSD 4.0.3
- Unbound 1.4.22
- Sudo 1.7.2p8
- Ncurses 5.7
- Binutils 2.15 (+ patches)
- Gdb 6.3 (+ patches)
- Less 458 (+ patches)
- Awk Aug 10, 2011 version
How to install
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an FTP (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.
Please refer to the following files on the three CDROMs or FTP mirror for
extensive details on how to install OpenBSD 5.6 on your machine:
Quick installer information for people familiar with OpenBSD, and the
use of the "disklabel -E" command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!
OpenBSD/i386:
Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
release is on CD1. If your BIOS does not support booting from CD, you will need
to create a boot floppy to install from. To create a boot floppy write
CD1:5.6/i386/floppy56.fs to a floppy and boot via the floppy drive.
Use CD1:5.6/i386/floppyB56.fs instead for greater SCSI controller
support, or CD1:5.6/i386/floppyC56.fs for better laptop support.
If your machine can boot from USB, you can write install56.fs or
miniroot56.fs to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
To make a boot floppy under MS-DOS, use the "rawrite" utility located
at CD1:5.6/tools/rawrite.exe. To make the boot floppy under a Unix OS,
use the
dd(1)
utility. The following is an example usage of
dd(1),
where the device could be "floppy", "rfd0c", or
"rfd0a".
# dd if=<file> of=/dev/<device> bs=32k
Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
your install will most likely fail. For more information on creating a boot
floppy and installing OpenBSD/i386 please refer to
this page.
OpenBSD/amd64:
The 5.6 release of OpenBSD/amd64 is located on CD2.
Boot from the CD to begin the install - you may need to adjust
your BIOS options first.
If you can't boot from the CD, you can create a boot floppy to install from.
To do this, write CD2:5.6/amd64/floppy56.fs to a floppy, then
boot from the floppy drive.
If your machine can boot from USB, you can write install56.fs or
miniroot56.fs to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
OpenBSD/macppc:
Burn the image from the FTP site to a CDROM, and power on your machine
while holding down the C key until the display turns on and
shows OpenBSD/macppc boot.
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
/5.6/macppc/bsd.rd
OpenBSD/sparc64:
Put CD3 in your CDROM drive and type boot cdrom.
If this doesn't work, or if you don't have a CDROM drive, you can write
CD3:5.6/sparc64/floppy56.fs or CD3:5.6/sparc64/floppyB56.fs
(depending on your machine) to a floppy and boot it with boot
floppy. Refer to INSTALL.sparc64 for details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
You can also write CD3:5.6/sparc64/miniroot56.fs to the swap partition on
the disk and boot with boot disk:b.
If nothing works, you can boot over the network as described in INSTALL.sparc64.
OpenBSD/alpha:
Write FTP:5.6/alpha/floppy56.fs or
FTP:5.6/alpha/floppyB56.fs (depending on your machine) to a diskette and
enter boot dva0. Refer to INSTALL.alpha for more details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
OpenBSD/armish:
After connecting a serial port, Thecus can boot directly from the network
either tftp or http. Configure the network using fconfig, reset,
then load bsd.rd, see INSTALL.armish for specific details.
IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
More details are available in INSTALL.armish.
OpenBSD/hppa:
OpenBSD/landisk:
Write miniroot56.fs to the start of the CF
or disk, and boot normally.
OpenBSD/loongson:
Write miniroot56.fs to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
OpenBSD/luna88k:
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and the bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
OpenBSD/octeon:
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
OpenBSD/sgi:
To install, burn cd56.iso on a CD-R, put it in the CD drive of your
machine and select Install System Software from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
OpenBSD/socppc:
After connecting a serial port, boot over the network via DHCP/tftp.
Refer to the instructions in INSTALL.socppc for more details.
OpenBSD/sparc:
Boot from one of the provided install ISO images, using one of the two
commands listed below, depending on the version of your ROM.
ok boot cdrom 5.6/sparc/bsd.rd
or
> b sd(0,6,0)5.6/sparc/bsd.rd
If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
To do so you need to write floppy56.fs to a floppy.
For more information see this page.
To boot from the floppy use one of the two commands listed below,
depending on the version of your ROM.
ok boot floppy
or
> b fd()
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
setup a bootable tape, or install via network, as told in the
INSTALL.sparc file.
OpenBSD/vax:
Boot over the network via mopbooting as described in INSTALL.vax.
OpenBSD/zaurus:
Using the Linux built-in graphical ipkg installer, install the
openbsd56_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
for a few important details.
Notes about the source code:
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
How to upgrade
If you already have an OpenBSD 5.5 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
Ports Tree
A ports tree archive is also provided. To extract:
# cd /usr
# tar xvfz /tmp/ports.tar.gz
The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go
read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
The ports/ directory represents a CVS (see the manpage for
cvs(1) if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via
AnonCVS.
So, in order to keep current with it, you must make the ports/ tree
available on a read-write medium and update the tree with a command
like:
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_6
[Of course, you must replace the server name here with a nearby anoncvs
server.]
Note that most ports are available as packages through FTP. Updated
packages for the 5.6 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
ports@openbsd.org is a good place to know.