Released Nov 1, 2018
Copyright 1997-2018, Theo de Raadt.
6.4 Song: Maybe...
- See the information on the FTP page for
a list of mirror machines.
- Go to the pub/OpenBSD/6.4/ directory on
one of the mirror sites.
- Have a look at the 6.4 errata page for a list
of bugs and workarounds.
- See a detailed log of changes between the
6.3 and 6.4 releases.
- signify(1)
pubkeys for this release:
base: RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA
fw: RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97
pkg: RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via ports.tar.gz.
What's New
This is a partial list of new features and systems included in OpenBSD 6.4.
For a comprehensive list, see the changelog leading
to 6.4.
- Improved hardware support, including:
- New umt(4) driver
for USB Windows Precision Touchpad devices.
- New bnxt(4)
driver for Broadcom NetXtreme-C/E PCI Express Ethernet
adapters based on the Broadcom BCM573xx and BCM574xx chipsets. Enabled
on amd64 and arm64 platforms.
- New mue(4)
driver for Microchip LAN7500/LAN7505/LAN7515/LAN7850 USB 2.0
and LAN7800/LAN7801 USB 3.0 Gigabit Ethernet devices.
- New acpisurface(4)
driver providing ACPI support for Microsoft Surface Book laptops.
- New dwpcie(4)
driver for the Synopsys Designware PCIe controller,
which is built into various SoCs.
- New acpipci(4/arm64)
driver providing support for PCI host bridges
based on information provided by ACPI.
- New
mvclock(4),
mvgpio(4),
mvicu(4),
mvrng(4),
mvrtc(4), and
mvtemp(4)
drivers for various components of the Marvell Armada SoCs.
- New
hiclock(4),
hidwusb(4),
hireset(4), and
hitemp(4)
drivers for various components of the HiSilicon SoCs.
- New ccp(4) and
octcrypto(4/octeon)
drivers for hardware-accelerated cryptography.
- New ccpmic(4) and
tipmic(4)
drivers for Intel Crystal Cove and Dollar Cove
TI Power Management ICs.
- New imxrtc(4)
driver for the RTC integrated in Freescale i.MX7 and i.MX8 processors.
- New fanpwr(4)
driver for the Fairchild FAN53555 and Silergy SYR827/828
voltage regulators.
- New pinctrl(4)
driver for generic pin multiplexing.
- New plgpio(4)
driver for the ARM PrimeCell PL061 GPIO controller.
- PIE support for the m88k platform.
- Support for some HID-over-I2C touchscreen devices in
imt(4).
- Support for RTL8188EE and RTL8723AE in
rtwn(4).
- Support for RT3290 in
ral(4).
- Support for SAS 3.5 controllers (SAS34xx and SAS35xx) in
mpii(4).
- Support for drive and battery status sensors and bio in
mfii(4).
- vmm(4)/
vmd(8) improvements:
- Support for qcow2 disk images.
- Added initial unveil(2)
support to vmctl(8)
along with general cleanups.
- IEEE 802.11 wireless stack improvements:
- With the new 'auto-join' feature, the kernel manages automatic switching
between different wifi networks.
- Generic network stack improvements:
- trunk(4)
now has LACP administrative knobs for: mode, timeout, system priority,
port priority, and ifq priority.
- ifconfig(8)
now has the ability to adjust LACP administrative knobs:
lacpmode
and lacptimeout
.
- Installer improvements:
- Routing daemons and other userland network improvements:
- ospf6d(8) can now
redistribute routes depending on carp(4) interface states.
- ospf6d(8) is
now pledged.
- Prevent ospfd(8) and ospf6d(8) to be started more than once
(in the same routing domain).
- slaacd(8) is now fully
pledged.
- slaacd(8) is informed by
the kernel when Duplicate Address Detection (DAD) fails and generates
different addresses when possible.
- When slaacd(8) detects
roaming between networks it deprecates all configured IPs. IPs from
newly advertised prefixes will the preferred.
- A new daemon, rad(8) sends
IPv6 Router Advertisement messages and replaces the old rtadvd(8)
daemon from KAME.
- The anachronistic
networks(5)
configuration file is no longer supported.
- More robust pfctl(8)
parsing routines and corner case fixes around table and anchor
handling.
- route(8) now errors out
on bad -netmask/-prefixlen usage instead of configuring
ambigious routes.
- Security improvements:
- New unveil(2)
system call to restrict file system access of the calling
process to the specified files and directories. It is most
powerful when properly combined with privilege separation
and pledge(2).
- New "retguard" security mechanism on amd64 and arm64:
use per-function random cookies to protect access to function
return instructions, making them harder to use in ROP gadgets.
- Simultaneous multithreading (SMT) is now disabled by default
and can be enabled with the new
hw.smt
sysctl(2) variable.
- Audio recording is now disabled by default and can be enabled
with the new
kern.audio.record
sysctl(2) variable.
- bgpd(8) improvements:
- Fast prefix-sets
- Support for BGP Origin Validation
RFC 6811 through the
roa-set
directive.
- Some syntax cleanups; newlines are optional inside expansion
lists (previously newlines needed to be escaped), but in neighbor,
group and rdomain blocks multiple statements have to be on new lines.
- Make the event loop more reponsive while softreconfig is running.
- Reduce the amount of work done during a configuration reload.
- Make config reload not block other event handling in the
route decision engine.
- Better support and bugfixes for multiple bgpd processes
running in different rdomains
- The config option 'announce (all|self|none|default-route)'
has been deprecated and superseded by filter configuration.
- Assorted improvements:
- rasops(9)-backed
framebuffer consoles such as
inteldrm(4) and
efifb(4) now support
scrollback.
- rebound(8)
gained support for permanent A records, similiar to
local-data
supported by
unbound(8).
- New
kcov(4)
driver used for collection of code coverage inside the kernel.
It's used in an ongoing effort to fuzz the kernel.
- uid_from_user(3)
and
gid_from_group(3)
were added to the C library and are now used in several programs,
to speed up repeated lookups.
- New semaphore implementation making
sem_post(3)
async-safe.
- pcap_set_immediate_mode(3) was imported from mainline libpcap,
allowing programs to process packets as soon as they arrive.
- ksh(1) now supports
64 bit integers on all architectures.
- A bug in
ksh(1)
related to variable expansion of read-only varibles has been fixed.
- lam(1)
now provides UTF-8 support.
- Enable trunk(4) and
vlan(4) on arm64 RAMDISK.
- OpenSMTPD x.x.x
- Incompatible change to the
smtpd.conf(5)
grammar: separate envelope matching, which happens during the
SMTP dialogue while receiving a message and merely results
in assigning an action name, from delivery actions, which do
not take effect until the queue runner makes a delivery attempt.
This gets rid of several different roadblocks in OpenSMTPD
development.
- ...
- OpenSSH 7.8
- LibreSSL 2.x.x
- Mandoc 1.14.4
- In HTML output, many
mdoc(7) macros
now use more fitting HTML elements.
- In HTML output, almost all "style" attributes and a number of
redundant "class" attributes were removed.
- Baby steps towards responsive design: use a @media query in
mandoc.css, use the HTML meta viewport element, and remove all
hard-coded widths and heights from the generated HTML code.
- Many style improvements in
mandoc.css.
- More than 15 new low level
roff(7)
and GNU man-ext features.
Mandoc can now format the manuals of the groff port.
- Ports and packages:
- Many pre-built packages for each architecture:
- Some highlights:
- AFL 2.52b
- CMake 3.10.2
- Chromium 69.0.3497.100
- Emacs 21.4 and 26.1
- GCC 4.9.4
- GHC 8.2.2
- Gimp 2.8.22
- GNOME 3.28.2
- Go 1.11
- Groff 1.22.3
- JDK 8u172
- LLVM/Clang 6.0.1
- LibreOffice 6.1.1.2
- Lua 5.1.5, 5.2.4 and 5.3.5
- MariaDB 10.0.36
- Mono 5.14.0.177
- Mozilla Firefox 60.2.1esr and 62.0.2
- Mozilla Thunderbird 52.9.1
|
- Mutt 1.10.1 and NeoMutt 20180716
- Node.js 8.12.0
- Ocaml 4.03.0
- OpenLDAP 2.3.43 and 2.4.46
- PHP 5.6.38, 7.0.32, 7.1.22 and 7.2.10
- Postfix 3.3.1 and 3.4-20180904
- PostgreSQL 10.5
- Python 2.7.15 and 3.6.6
- R 3.5.1
- Ruby 2.3.7, 2.4.4 and 2.5.1
- Rust 1.29.1
- Sendmail 8.16.0.29
- SQLite3 3.24.0
- Sudo 1.8.25
- Tcl/Tk 8.5.19 and 8.6.8
- TeX Live 2017
- Vim 8.1.438
- Xfce 4.12
|
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.7 with xserver 1.19.6 + patches,
freetype 2.9.1, fontconfig 2.12.4, Mesa 13.0.6, xterm 331,
xkeyboard-config 2.20 and more)
- LLVM/Clang 6.0.0 (+ patches)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.24.3 (+ patches)
- NSD 4.1.25
- Unbound 1.8.0
- Ncurses 5.7
- Binutils 2.17 (+ patches)
- Gdb 6.3 (+ patches)
- Awk Aug 10, 2011 version
- Expat 2.2.6
How to install
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 6.4 on your machine:
Quick installer information for people familiar with OpenBSD, and the use of
the "disklabel -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
OpenBSD/alpha:
-
Write floppy64.fs or floppyB64.fs (depending on your machine)
to a diskette and enter boot dva0.
Refer to INSTALL.alpha for more details.
-
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
OpenBSD/amd64:
-
If your machine can boot from CD, you can write install64.iso or
cd64.iso to a CD and boot from it.
You may need to adjust your BIOS options first.
-
If your machine can boot from USB, you can write install64.fs or
miniroot64.fs to a USB stick and boot from it.
-
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
-
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
OpenBSD/arm64:
-
Write miniroot64.fs to a disk and boot from it after connecting
to the serial console. Refer to INSTALL.arm64 for more details.
OpenBSD/armv7:
-
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
OpenBSD/hppa:
-
Boot over the network by following the instructions in INSTALL.hppa or the
hppa platform page.
OpenBSD/i386:
-
If your machine can boot from CD, you can write install64.iso or
cd64.iso to a CD and boot from it.
You may need to adjust your BIOS options first.
-
If your machine can boot from USB, you can write install64.fs or
miniroot64.fs to a USB stick and boot from it.
-
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
-
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
OpenBSD/landisk:
-
Write miniroot64.fs to the start of the CF
or disk, and boot normally.
OpenBSD/loongson:
-
Write miniroot64.fs to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
OpenBSD/luna88k:
-
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
OpenBSD/macppc:
-
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the C key until the display turns on and
shows OpenBSD/macppc boot.
-
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
/6.4/macppc/bsd.rd
OpenBSD/octeon:
-
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
OpenBSD/sgi:
-
To install, burn cd64.iso on a CD-R, put it in the CD drive of your
machine and select Install System Software from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
-
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
OpenBSD/sparc64:
-
Burn the image from a mirror site to a CDROM, boot from it, and type
boot cdrom.
-
If this doesn't work, or if you don't have a CDROM drive, you can write
floppy64.fs or floppyB64.fs
(depending on your machine) to a floppy and boot it with boot
floppy. Refer to INSTALL.sparc64 for details.
-
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
-
You can also write miniroot64.fs to the swap partition on
the disk and boot with boot disk:b.
-
If nothing works, you can boot over the network as described in INSTALL.sparc64.
How to upgrade
If you already have an OpenBSD 6.3 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
Notes about the source code
src.tar.gz contains a source archive starting at /usr/src.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
Ports Tree
A ports tree archive is also provided. To extract:
# cd /usr
# tar xvfz /tmp/ports.tar.gz
Go read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
The ports/ directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
AnonCVS.
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree
with a command like:
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_4
[Of course, you must replace the server name here with a nearby anoncvs
server.]
Note that most ports are available as packages on our mirrors. Updated
ports for the 6.4 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
ports@openbsd.org is a good place to know.