Released Apr 15, 2018
Copyright 1997-2018, Theo de Raadt.
6.3 Song: XXX.
- See the information on the FTP page for
a list of mirror machines.
- Go to the pub/OpenBSD/6.3/ directory on
one of the mirror sites.
- Have a look at the 6.3 errata page for a list
of bugs and workarounds.
- See a detailed log of changes between the
6.2 and 6.3 releases.
- signify(1)
pubkeys for this release:
base: RWRxzbLwAd76ZZxHU7wuIFUOVGwl6SjNNzanKWTql8w+hui7WLE/72mW
fw: RWT3tdmiAc+DH/CJOxPFT10kUM90/UcLTgSEUEKzhKm9QEhy+UD4CWPy
pkg: RWT58k1AWz/zZO9DHcPHXiHhDNP6hdwGjxNkyMoc/sh4O5NI8Zz1R1lD
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via ports.tar.gz.
What's New
This is a partial list of new features and systems included in OpenBSD 6.3.
For a comprehensive list, see the changelog leading
to 6.3.
- Improved hardware support, including:
- vmm(4)/
vmd(8) improvements:
- Add CD-ROM/DVD ISO support to vmd(8) via vioscsi(4).
- vmd(8) no longer
creates an underlying bridge interface for virtual switches defined in
vm.conf(5)
- vmd(8) receives
switch information (rdomain, etc) from underlying switch interface in
conjunction of settings in vm.conf(5)
- TSC (time stamp counter) support in guest VMs
- Support ukvm/Solo5 unikernels in
vmm(4)
- Handle valid (but uncommon) instruction encodings better
- Better PAE paging support for 32-bit Linux guest VMs
- vmd(8) now allows up
to 4 network interfaces in each VM
- Add paused migration and snapshotting support to vmm(4) for AMD SVM/RVI
hosts.
- Many fixes to vmctl(8)
and vmd(8) error handling
- IEEE 802.11 wireless stack improvements:
- Generic network stack improvements:
- Cleanup and removal of code in sys/netinet6 since autoconfiguration
runs in userland now.
- ...
- Installer improvements:
- Routing daemons and other userland network improvements:
- bgpctl(8) has a new
ssv option which outputs rib entries as a single semicolon-seperated
like for selection before output.
- slaacd(8) generates
random but stable IPv6 stateless autoconfiguration addresses according
to RFC 7217.
These are enabled per default in accordance with RFC 8064.
- slaacd(8) can generate
RFC 7217 (random but stable) and RFC 4941 (privacy) style stateless
autoconfiguration addresses on non-/64 prefixes.
- ...
- Security improvements:
- Use even more trap-sleds on various architectures.
- More use of .rodata for constant variables in assembly source.
- Stop using x86 "repz ret" in dusty corners of the tree.
- Introduce "execpromises" in
pledge(2).
- Prepare for the introduction of MAP_STACK to
mmap(2) after 6.3.
- Push a small piece of KARL-linked kernel text into the random
number generator as entropy at startup.
- Put a small random gap at the top of thread stacks, so that attackers
have yet another calculation to perform for their ROP work.
- Mitigation for Meltdown vulnerability for Intel brand amd64 CPUs
- ...
- dhcpd(8)/
dhcrelay(8) improvements:
- dhclient(8) improvements:
- Assorted improvements:
- Code reorganization and other improvements to
malloc(3)
and friends to make them more efficient.
- When performing suspend or hibernate operations, ensure all filesystems
are properly syncronized and marked clean, or if they cannot be
put into perfectly clean state on disk (due to open+unlinked files)
then mark them dirty, so that a failed resume/unhinbernate is gauranteed
to perform fsck.
- acme-client(1)
autodetects the agreement url and follows 30x http redirects.
- Added __cxa_thread_atexit() to support modern C++ tool chains
- Added EVFILT_DEVICE support to
kqueue(2) for
monitoring changes to drm devices.
- ...
- OpenSMTPD 6.0.0
- OpenSSH 7.6
- Security:
- New/changed features:
- The following significant bugs have been fixed in this release:
- LibreSSL 2.6.3
- mandoc 1.14.3
- Ports and packages:
- Many pre-built packages for each architecture:
- aarch64: XXXX
- amd64: XXXX
- arm: XXXX
|
- hppa: XXXX
- i386: XXXX
- mips64: XXXX
|
- mips64el: XXXX
- powerpc: XXXX
- sparc64: XXXX
|
- Some highlights:
- AFL 2.52b
- CMake 3.10.2
- Chromium 65.0.3325.181
- Emacs 21.4 and 25.3
- GCC 4.9.4
- GHC 8.2.2
- Gimp 2.8.22
- GNOME 3.26.2
- Go 1.10
- Groff 1.22.3
- JDK 8u144
- KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
- LLVM/Clang 5.0.1
- LibreOffice 6.0.2.1
- Lua 5.1.5, 5.2.4 and 5.3.4
- MariaDB 10.0.34
- Mozilla Firefox 52.7.2esr and 59.0.1
- Mozilla Thunderbird 52.6.0
|
- Mutt 1.9.4 and NeoMutt 20180223
- Node.js 8.9.4
- Ocaml 4.03.0
- OpenLDAP 2.3.43 and 2.4.45
- PHP 5.6.34 and 7.0.28
- Postfix 3.3.0 and 3.4-20180203
- PostgreSQL 10.3
- Python 2.7.14 and 3.6.4
- R 3.4.4
- Ruby 2.3.6, 2.4.3 and 2.5.0
- Rust 1.24.0
- Sendmail 8.16.0.21
- SQLite3 3.22.0
- Sudo 1.8.22
- Tcl/Tk 8.5.19 and 8.6.8
- TeX Live 2017
- Vim 8.0.1589
- Xfce 4.12
|
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.7 with xserver 1.19.6 + patches,
freetype 2.8.1, fontconfig 2.12.4, Mesa 13.0.6, xterm 330,
xkeyboard-config 2.20 and more)
- LLVM/Clang 5.0.1 (+ patches)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.24.3 (+ patches)
- NSD 4.1.20
- Unbound 1.6.8
- Ncurses 5.7
- Binutils 2.17 (+ patches)
- Gdb 6.3 (+ patches)
- Awk Aug 10, 2011 version
- Expat 2.2.5
How to install
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 6.3 on your machine:
Quick installer information for people familiar with OpenBSD, and the use of
the "disklabel -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
OpenBSD/alpha:
-
Write floppy63.fs or floppyB63.fs (depending on your machine)
to a diskette and enter boot dva0.
Refer to INSTALL.alpha for more details.
-
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
OpenBSD/amd64:
-
If your machine can boot from CD, you can write install63.iso or
cd63.iso to a CD and boot from it.
You may need to adjust your BIOS options first.
-
If your machine can boot from USB, you can write install63.fs or
miniroot63.fs to a USB stick and boot from it.
-
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
-
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
OpenBSD/arm64:
-
Write miniroot63.fs to a disk and boot from it after connecting
to the serial console. Refer to INSTALL.arm64 for more details.
OpenBSD/armv7:
-
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
OpenBSD/hppa:
-
Boot over the network by following the instructions in INSTALL.hppa or the
hppa platform page.
OpenBSD/i386:
-
If your machine can boot from CD, you can write install63.iso or
cd63.iso to a CD and boot from it.
You may need to adjust your BIOS options first.
-
If your machine can boot from USB, you can write install63.fs or
miniroot63.fs to a USB stick and boot from it.
-
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
-
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
OpenBSD/landisk:
-
Write miniroot63.fs to the start of the CF
or disk, and boot normally.
OpenBSD/loongson:
-
Write miniroot63.fs to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
OpenBSD/luna88k:
-
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
OpenBSD/macppc:
-
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the C key until the display turns on and
shows OpenBSD/macppc boot.
-
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
/6.3/macppc/bsd.rd
OpenBSD/octeon:
-
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
OpenBSD/sgi:
-
To install, burn cd63.iso on a CD-R, put it in the CD drive of your
machine and select Install System Software from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
-
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
OpenBSD/sparc64:
-
Burn the image from a mirror site to a CDROM, boot from it, and type
boot cdrom.
-
If this doesn't work, or if you don't have a CDROM drive, you can write
floppy63.fs or floppyB63.fs
(depending on your machine) to a floppy and boot it with boot
floppy. Refer to INSTALL.sparc64 for details.
-
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
-
You can also write miniroot63.fs to the swap partition on
the disk and boot with boot disk:b.
-
If nothing works, you can boot over the network as described in INSTALL.sparc64.
How to upgrade
If you already have an OpenBSD 6.2 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
Notes about the source code
src.tar.gz contains a source archive starting at /usr/src.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
Ports Tree
A ports tree archive is also provided. To extract:
# cd /usr
# tar xvfz /tmp/ports.tar.gz
Go read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
The ports/ directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
AnonCVS.
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree
with a command like:
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_3
[Of course, you must replace the server name here with a nearby anoncvs
server.]
Note that most ports are available as packages on our mirrors. Updated
ports for the 6.3 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
ports@openbsd.org is a good place to know.