openbsd
/
www
mirror of https://github.com/openbsd/www.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
www/62.html

1124 lines
51 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 6.2</title>
<meta name="description" content="OpenBSD 6.2">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/62.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
6.2
</h2>
<table>
<tr>
<td>
<a href="images/MoBSD-l.gif">
<img width="227" height="343" src="images/MoBSD.gif" alt="MoBSD"></a>
<td>
Released October 9, 2017<br>
Copyright 1997-2017, Theo de Raadt.<br>
<br>
6.2 Song:
<a href="lyrics.html#62">"A 3 line diff"</a>.
<br>
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/6.2/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata62.html">the 6.2 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus62.html">detailed log of changes</a> between the
6.1 and 6.2 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-62-base.pub:
<td>
RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
<tr><td>
openbsd-62-fw.pub:
<td>
RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
<tr><td>
openbsd-62-pkg.pub:
<td>
RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 6.2.
For a comprehensive list, see the <a href="plus62.html">changelog</a> leading
to 6.2.
<ul>
<li>Improved hardware support, including:
<ul>
<li>arm: New <a href="https://man.openbsd.org/rkgrf.4">rkgrf(4)</a> driver
for the Rockchip RK3399/RK3288 register file.
<li>arm: New <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>
driver for Rockchip RK3399/RK3288 clocks.
<li>arm: New <a href="https://man.openbsd.org/rkpinctrl.4">rkpinctrl(4)</a>
driver for controlling Rockchip RK3399/RK3288 pins.
<li>arm: New <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a> driver
for GPIO on Rockchip SoCs.
<li>arm: New <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a> driver
for Rockchip RK3399 temperature sensors.
<li>arm: New <a href="https://man.openbsd.org/rkiic.4">rkiic(4)</a> driver
for Rockchip RK3399 I2C controllers.
<li>arm: New <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> driver
for the RK808 Power Management IC.
<li>arm: New <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a> driver
for Synopsis DesignWare SD/MMC controllers.
<li>arm: New <a href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> driver
for the Synopsys DesignWare watchdog timer.
<li>arm: New <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> driver
for the Synopsys DesignWare Ethernet controller.
<li>arm: New <a href="https://man.openbsd.org/sxitwi.4">sxitwi(4)</a> driver
for the two-wire bus on Allwinner SoCs.
<li>arm: New <a href="https://man.openbsd.org/axppmic.4">axppmic(4)</a>
driver for the AXP209 I2C PMIC.
<li>arm: New <a href="https://man.openbsd.org/bcmaux.4">bcmaux(4)</a> driver
for clocks and interrupts on the auxiliary UART on BCM2835 devices.
<li>arm: New <a href="https://man.openbsd.org/armv7/mvmpic.4">mvmpic(4)</a>
driver for an interrupt controller on Marvell ARMADA 38x.
<li>arm: New <a href="https://man.openbsd.org/armv7/mvpxa.4">mvpxa(4)</a>
driver for the SD Host Controller on Marvell ARMADA 38x.
<li>arm: New <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>
driver to configure pins on Marvell ARMADA 38x.
<li>arm: New <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> driver
the Ethernet controller on Marvell ARMADA 38x.
<li>arm: New <a
href="https://man.openbsd.org/armv7/amdisplay.4">amdisplay(4)</a> &amp;
<a href="https://man.openbsd.org/armv7/nxphdmi.4">nxphdmi(4)</a> drivers
for the Texas Instruments AM335x LCD controller.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octcib.4">octcib(4)</a> driver for
the interrupt bus widget on CN70xx/CN71xx.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octcit.4">octcit(4)</a> driver for
the central interrupt unit version 3 on CN72xx/CN73xx/CN77xx/CN78xx.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octsctl.4">octsctl(4)</a> driver
for the OCTEON SATA controller bridge.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octxctl.4">octxctl(4)</a> driver
for the OCTEON USB3 controller bridge.
<li>octeon: Rhino Labs Inc. SDNA Shasta, and Ubiquiti Networks EdgeRouter 4
and 6 are now supported.
<li>New <a href="https://man.openbsd.org/hvs.4">hvs(4)</a> driver for
Hyper-V storage.
<li>New <a href="https://man.openbsd.org/pcxrtc.4">pcxrtc(4)</a> driver for
the NXP PCF8563 Real Time Clock.
<li>New <a href="https://man.openbsd.org/urng.4">urng(4)</a> driver for USB
random number generator devices.
<li>Intel 8265 and 3168 support was added to the
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
<li>RTL8192CE support was added to the
<a href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> driver.
<li>RT5360 support was added to the
<a href="https://man.openbsd.org/ral.4">ral(4)</a> driver.
<li>RTS525A support was added to the
<a href="https://man.openbsd.org/rtsx.4">rtsx(4)</a> driver.
<li>The <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> driver
now supports _BIX entries from ACPI 4.0.
<li>ACPI hibernate support was added to the
<a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver.
<li>Substantially improved ACPI hibernate performance in the
<a href="https://man.openbsd.org/ahci.4">ahci(4)</a> driver.
<li>The <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> driver
was updated to code based on Linux 4.4.70 - it now supports Skylake,
Kaby Lake, and Cherryview devices and has better support for Broadwell
and Valleyview devices.
<li>The <a href="https://man.openbsd.org/puc.4">puc(4)</a> driver now
supports ASIX AX99100 devices.
<li>Xen platform support and the
<a href="https://man.openbsd.org/xbf.4">xbf(4)</a> driver in particular
have been substantially improved.
<li>The <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver now reports
correct last sector address to SCSI, allowing a valid GPT to be created.
<li>Repair <a href="https://man.openbsd.org/ioapic.4">ioapic(4)</a> misconfigurations.
</ul>
<li><a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>/
<a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> improvements:
<ul>
<li><a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> supports
paused VM migration and memory snapshotting using send and receive commands.
<li>VPID/ASID reuse/rollover in <a
href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>.
<li>SGABIOS imported as an option ROM payload in SeaBIOS (for VGA to serial
console redirection).
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> resets the
guest VM RTC (real time clock) on host resume from suspend/hibernate
(OpenBSD guests only).
<li>Allow guest VMs access to AVX/AVX2 host CPU features.
<li>Support for AMD SVM/RVI hosts.
<li>Allow larger guest VM memory sizes (up to MAXDSIZ sized guests - e.g.
32GB on amd64 hosts).
<li>Better handling of guest VM MONITOR/MWAIT and HLT instructions.
<li>Various device emulation improvements in <a
href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a>.
<li>Increase the <a href="https://man.openbsd.org/virtio.4">virtio(4)</a>
queue size provided by <a
href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> from 64 to 128 entries, to increase performance.
<li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a>
and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling.
</ul>
<li>IEEE 802.11 wireless stack improvements:
<ul>
<li>MiRA 802.11n TX rate scaling now supports devices with unequal numbers
of Tx and Rx streams. Fixes 11n mode for some
<a href="https://man.openbsd.org/athn.4">athn(4)</a> devices.
<li>The <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> and
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> drivers will now start
scanning for a new access point if they no longer receive beacons from
the current AP.
<li>Prefer the 5GHz band over the 2GHz band during access point selection.
<li>Improved debug output in
<a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> when a wireless
interface is put into debug mode with
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
</ul>
<li>Generic network stack improvements:
<ul>
<li>Incoming and forwarded IP packets are now processed without
KERNEL_LOCK, resulting in better performances and reduced latency.
<li>The kernel no longer handles IPv6 Stateless Address
Autoconfiguration (RFC 4862), allowing cleanup and simplification
of the IPv6 network stack.
<li>The kernel sends IPv6 router solicitations for link local addresses
with a link local source address.
<li>FQ-CoDel algorithm has been implemented for use with <a
href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>.
<li>Improved IPv6 checks for IPsec policies and made them consistent
with IPv4.
<li>Refactored local IP delivery to process IPsec packets in a flow and
avoid enqueueing a second time.
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a>
now inspects AH packets and matches on the inner protocol.
This makes IPv4 authentication headers work like IPv6.
<li>The length of extension header chains in pf(4) is limited.
This prevents spending excessive CPU time on crafted packets.
<li>Block IPv6 packets in
<a href="https://man.openbsd.org/pf.4">pf(4)</a>
that have a hop-by-hop options header or a destination options header.
Such packets can be passed by adding "allow-opts" to the rule.
This makes IPv6 option handling consistent with IPv4.
<li>If the IPv4 ID gets reused too fast, pf(4) fragment reassembly
uses a smarter strategy to drop packets.
<li>Enabled the use of per-CPU caches in the network packet allocators.
</ul>
<li>Installer improvements:
<ul>
<li>The installer now uses the Allotment Routing Table (ART).
<li>A unique kernel is now created by the installer to boot from after
install/upgrade.
<li>On release installs of architectures supported by syspatch,
"syspatch -c" is now added to rc.firsttime.
<li>Backwards compatibility code to support the 'rtsol' keyword in
<a href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a>
has been removed.
<li>The <code>install.site</code> and <code>upgrade.site</code> scripts are now
executed at the end of the install/upgrade process.
<li>More detailed information is shown to identify disks.
<li>The IPv6 default router selection has been fixed.
<li>On the amd64 platform, AES-NI is used if present.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li>A new daemon, <a
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> handles IPv6
Stateless Address Autoconfiguration (RFC 4862).
<li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now supports
"Reducing Energy Consumption of Router Advertisements" (RFC 7772).
<li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> has
been fixed to quickly handle IPv6 prefix changes on the system.
<li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>
can now show SA bundles and the "bundle" keyword allows them to be
explicitly created. This avoids confusion as they were previously
used implicitly.
<li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
now has a <code>-W recvlimit</code> option to terminate netcat after
receiving the specified number of packets. This allows for a UDP
request to be sent, a reply to be received and the result checked on
the command line.
<li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
now has a <code>-Z</code> option, allowing the peer certificate and chain to be
saved to a file in PEM format.
<li>A new <code>-T tlscompat</code> option was added to
<a href="https://man.openbsd.org/nc.1">nc(1)</a>, which enables the use
of all TLS protocols and libtls "compat" ciphers.
<li>Various races have been fixed in
<a href="https://man.openbsd.org/relayd.8">relayd(8)</a>,
especially in HTTP chunked mode.
<li><a href="https://man.openbsd.org/ndp.8">ndp(8)</a> now shows the
relevant NDP information when run in a non-default routing
domain.
<li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a> now
copes with interface departures/arrivals.
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> can now
be started multiple times in different
<a href="https://man.openbsd.org/rdomain.4">routing domains</a>,
this provides virtual router functionality.
</ul>
<li>Security improvements:
<ul>
<li>A new function
<a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
to easily clear and free memory holding sensitive data has been added.
<li>Double free detection has been improved when the F
<a href="https://man.openbsd.org/malloc.3">malloc(3)</a> option is used.
The existing S option now includes F.
<li>The <a href="https://man.openbsd.org/tty.4#TIOCSTI">TIOCSTI</a>
tty ioctl has been removed. The I/O-loops in the last two consumers
<a href="https://man.openbsd.org/csh.1">csh(1)</a> and
<a href="https://man.openbsd.org/mail.1">mail(1)</a>
were rewritten to cope with the removal.
<li>Trapsleds, a new mitigation that significantly reduces the amount of
nops in the instruction stream, replacing them with trap instructions
or jump-over-trap sequences, thereby requiring greater accuracy for
targeting potential gadgets.
<li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
files of the kernel to be relinked in a random order, creating a unique
kernel for each boot. /bsd is now non-readable to users, to try to
keep the secret.
<li>Like with libc previously,
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on
startup, placing the objects in a random order.
<li>In addition to libcrypto, to deter code reuse exploits,
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links
<a href="https://man.openbsd.org/ld.so.1">ld.so</a> on
startup, placing the objects in a random order.
<li>If process accounting is activated with
<a href="https://man.openbsd.org/accton.8">accton(8)</a>,
the daily mail shows pledge violations and program crashes.
<a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
uses the flags P and T for such processes.
<li><a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a> uses the
fork+exec model.
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> uses the
fork+exec model.
<li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a>
uses <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and
<a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a> now use
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
<li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>.
<li>Fixed and simplified pledge logic for
<a href="https://man.openbsd.org/nc.1">nc(1)</a>.
<li>More application of
<a href="https://man.openbsd.org/recallocarray.3">recallocarray(3)</a>
in userland, and tracked sizes to
<a href="https://man.openbsd.org/free.9">free(9)</a> in the kernel.
<li>Achieve higher levels of paranoia regarding structure packing, and
clear many kernel objects before passing to userland.
<li>Disable some optimizations in
<a href="https://man.openbsd.org/clang.1">clang(1)</a>
due to incompatibility with security.
<li>For instance, cope with
<a href="https://man.openbsd.org/clang.1">clang(1)</a>'s assumption
that static or const
objects placed in unknown sections (such as .openbsd.randomdata)
are surely always 0, and therefore such memory accesses can be
optimized away.
<li>In kernel, randomly bias down the top-of-stack per kthread.
</ul>
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>/
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> improvements:
<ul>
<li>Add support for echo-client-id statement to
<a href="https://man.openbsd.org/dhcpd.conf.5">dhcpd.conf(5)</a>.
<li>Take greater care to process all data read, and only data read, from the
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
socket.
<li>Use /dev/bpf instead of /dev/bpf0.
<li>Handle DHCPINFORM messages from clients behind a DHCP relay.
<li>Fix handling of
<a href="https://man.openbsd.org/carp.4">carp(4)</a>
interfaces in
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>.
<li>Don't stop
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>
logging to stderr when it is started with the -d option.
</ul>
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> improvements:
<ul>
<li>Log messages reworked and clarified, in particular by prefixing
the name of the relevant network interface.
<li>Treat SSID as 0 to 32 bytes of binary data, not a string.
<li>Use RTM_PROPOSAL to take control of an interface rather than flipping
interface down and up in the hope that other
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
instances notice.
<li>Reduce file operations needed by -L option by opening file at
startup and using it throughout process lifetime.
<li>Improve <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
handling by reducing writes and more reliably determining which interface
has the current default route.
<li>Take greater care to process all data read, and only data read, from the
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
socket.
<li>Improve the determination of the link state of an interface.
<li>Decline inappropriate lease offers as soon as they are deemed
inappropriate.
<li>Drop support for the timestamp formats used in lease files created
more than four years ago.
<li>Accept an offer from the server that sent the first copy of
the offer, not the server that sent the last copy.
<li>Don't delete addresses and routes when exiting.
<li>Ensure IPv6 packets are not read from sockets.
<li>Don't silently ignore obsolete keywords in
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>.
<li>Reduce memory footprint by shrinking oversized static buffers.
<li>Eliminate repeated socket opens by opening the required sockets during
startup.
<li>Fix construction of unicast UDP packets, broken in 5.6.
<li>Improve determination of when a renewed lease requires interface
configuration changes.
<li>Don't exit when addresses are manually added or deleted from an
interface.
<li>Don't support option 33, classfull IP addresses.
<li>Fix configuration of default routes supplied by classless route options.
<li>Consider
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
contents when determining what MTU value to configure.
<li>Consider
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
contents when creating the content of
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
<li>Delete direct routes when routes are flushed.
<li>Don't label routes with "DHCLIENT nnnn".
<li>Don't delete addresses or routes that will be immediately added back.
<li>Delete addresses and routes only when a renewal request is NAK'ed.
<li>Don't wait forever for requested information on the default route.
<li>Don't exit when an attempt to send a packet fails.
<li>Don't log a packet send when the send fails.
<li>Remove the -u option, broken since 2013 without complaints.
<li>Use /dev/bpf instead of /dev/bpf0.
</ul>
<li>Assorted improvements:
<ul>
<li>The <a href="https://www.openbsd.org/i386.html">i386</a> and
<a href="https://www.openbsd.org/amd64.html">amd64</a>
platforms have switched to using
<a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
as the base system compiler.
<li>Improved UTF-8 line editing support for
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
Emacs and Vi input mode.
<li>The HISTFILE of <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> now uses
a plain text format. Support for the
<a href="https://man.openbsd.org/ksh#HISTCONTROL">HISTCONTROL</a>
environment variable was added.
<li>The performance of the memory deallocator used by
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a> has been fixed.
<li>The <code>emacs-usemeta</code> <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
flag is no longer needed and is now deprecated.
<li>New <a href="https://man.openbsd.org/futex">futex(2)</a> syscall.
<li>New pthread
<a href="https://man.openbsd.org/pthread_mutex_init">mutex</a> and
<a href="https://man.openbsd.org/pthread_cond_init">condition
variable</a> implementations improving latency
of threaded applications.
<li>New POSIX <a href="https://man.openbsd.org/newlocale.3">xlocale</a>
implementation written from scratch, complete in the sense that
all POSIX *locale(3) and *_l(3) functions are included, but in
OpenBSD, we of course only really care about <code>LC_CTYPE</code>
and we only support ASCII and UTF-8.
<li>Automatic hibernation and suspend by
<a href="https://man.openbsd.org/apmd">apmd</a>
when battery is low.
<li>New <a href="https://man.openbsd.org/ctfdump">ctfdump(1)</a> and
<a href="https://man.openbsd.org/ctfconv">ctfconv(1)</a>
tools to manipulate CTF (Compact C Type Format).
<li>The error handling in
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
has been improved.
Even if internal errors occur, the daemon tries to keep
unaffected subsystems active.
So as many messages as possible are logged.
They can be filtered by severity and facility "syslog".
<li>syslogd(8) can now suppress "last message repeated" which is
useful for remote logging.
<li>syslogd(8) can listen on multiple TLS sockets.
<li>syslogd(8) closes the *.514 UDP sockets when they are not
needed.
<li>Truncate log messages at 8192 bytes everywhere.
<li><a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>
now skips and logs invalid config lines.
<li>Nested mount points are umounted in correct order.
<li>Fix creation of
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
CONCAT volumes.
<li>Include
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
volume and backing disk information in i/o error messages.
<li>Make
<a href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>
a normal
<a href="https://man.openbsd.org/scsi.4">scsi(4)</a>
device by eliminating its use of the obsolete XS_NO_CCB mechanism.
<li>Remove last vestiges of now unused XS_NO_CCB mechanism.
<li>Userspace can now get the address of the thread control block
without a system call on OCTEON II and later.
<li>FPU is enabled on OCTEON III.
<li>GENERIC kernels now include a .SUNW_ctf section containing CTF data.
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <code>kill</code>
command, send an uncatchable SIGABRT to a process.
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <code>pprint</code>
command, using CTF information to "pretty print" global symbols.
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>
<code>show struct</code> command, using CTF information to display the content
of in memory C structures.
<li>x86: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> uses CTF data
to display the correct number of function arguments in backtraces.
<li>Power off all codecs in
<a href="https://man.openbsd.org/azalia.4">azalia(4)</a> to avoid static
noise in speakers and headphones on reboot.
<li>Fix i386 boot regression seen on very old 486DX CPUs.
<li>New <a href="https://man.openbsd.org/witness.4">witness(4)</a> tool
for debugging lock order issues in the kernel.
The tool is not built in by default, and only amd64, hppa and i386
are supported.
<li>Modernize some bizarre tty behaviours of getty(8).
<li>Some subtle changes to pledge(2) to satisfy requirements observed
in real life.
<li>Prefer use of waitpid(2) rather than wait(3) where possible, to
avoid problems with pre-existing children.
<li>Rewrite swaths of machine-dependent system call stub code in ld.so(1)
in a more portable fashion.
<li><a href="https://man.openbsd.org/pool_cache_init.9">Per-CPU
caches</a> implemented in pools.
<li><a href="https://man.openbsd.org/pthread_mutex_lock.3">Mutex</a>,
<a href="https://man.openbsd.org/pthread_cond_wait.3">condition-variable</a>,
<a href="https://man.openbsd.org/pthread_getspecific.3">thread-specific data</a>,
<a href="https://man.openbsd.org/pthread_once.3">pthread_once(3)</a>,
and <a href="https://man.openbsd.org/pthread_exit.3">pthread_exit(3)</a>
routines moved to libc from libpthread for ease of library
use and compatibility with other OSes.
<li>Added <a href="https://man.openbsd.org/openpty.3">getptmfd(3)</a>,
<a href="https://man.openbsd.org/openpty.3">fdopenpty(3)</a>, and
<a href="https://man.openbsd.org/openpty.3">fdforkpty(3)</a>
to simplify privilege separation and use of pledge(2).
<li>Improved computational complexity in various cases of
<a href="https://man.openbsd.org/strstr.3">strstr(3)</a>,
<a href="https://man.openbsd.org/qsort.3">qsort(3)</a>,
and <a href="https://man.openbsd.org/glob.3">glob(3)</a>.
<li>Added support for <code>EV_RECEIPT</code> and <code>EV_DISPATCH</code> to
<a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>.
<li>Added <a href="https://man.openbsd.org/ktrace.2">fktrace(2)</a>.
</ul>
<li>OpenSMTPD 6.0.0
<ul>
<li>Fix an off-by-one in the config parser that made 65535 an invalid port.
<li>Fix a fd leak in the session congestion mechanism.
<li>Fix a possible crash when relaying with smtps.
<li>Remove support for the "listen secure" syntax (expicitely define two listeners for tls and smtps instead).
<li>Remove experimental support for filters.
<li>Assorted code and documentation cleanups and improvements.
</ul>
<li>OpenSSH 7.6
<ul>
<li>Security:
<ul>
<li>sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files.
</ul>
<li>New/changed features:
<ul>
<li>Add RemoteCommand option to specify a command in the
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
config file instead of giving it on the client's command
line.
The feature allows to automate tasks using ssh config.
<li>sshd(8): add ExposeAuthInfo option that enables writing details of
the authentication methods used (including public keys where
applicable) to a file that is exposed via a $SSH_USER_AUTH
environment variable in the subsequent session.
<li>ssh(1): add support for reverse dynamic forwarding. In this mode,
ssh will act as a SOCKS4/5 proxy and forward connections
to destinations requested by the remote SOCKS client. This mode
is requested using extended syntax for the -R and RemoteForward
options and, because it is implemented solely at the client,
does not require the server be updated to be supported.
<li>sshd(8): allow LogLevel directive in sshd_config Match blocks.
<li>ssh-keygen(1): allow inclusion of arbitrary string or flag
certificate extensions and critical options.
<li>ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
a CA when signing certificates.
<li>ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
ToS/DSCP value and just use the operating system default.
<li>ssh-add(1): added -q option to make ssh-add quiet on success.
<li>ssh(1): expand the StrictHostKeyChecking option with two new
settings. The first "accept-new" will automatically accept
hitherto-unseen keys but will refuse connections for changed or
invalid hostkeys. This is a safer subset of the current behaviour
of StrictHostKeyChecking=no. The second setting "off", is a synonym
for the current behaviour of StrictHostKeyChecking=no: accept new
host keys, and continue connection for hosts with incorrect
hostkeys. A future release will change the meaning of
StrictHostKeyChecking=no to the behaviour of "accept-new".
<li>ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
option in sshd(8).
</ul>
<li>The following significant bugs have been fixed in this release:
<ul>
<li>ssh(1): use HostKeyAlias if specified instead of hostname for
matching host certificate principal names.
<li>sftp(1): implement sorting for globbed ls.
<li>ssh(1): add a user@host prefix to client's "Permission denied"
messages, useful in particular when using "stacked" connections
(e.g. ssh -J) where it's not clear which host is denying.
<li>ssh(1): accept unknown EXT_INFO extension values that contain \0
characters. These are legal, but would previously cause fatal
connection errors if received.
<li>ssh(1)/sshd(8): repair compression statistics printed at
connection exit.
<li>sftp(1): print '?' instead of incorrect link count (that the
protocol doesn't provide) for remote listings.
<li>ssh(1): return failure rather than fatal() for more cases during
session multiplexing negotiations. Causes the session to fall back
to a non-mux connection if they occur.
<li>ssh(1): mention that the server may send debug messages to explain
public key authentication problems under some circumstances.
<li>Translate OpenSSL error codes to better report incorrect passphrase
errors when loading private keys.
<li>sshd(8): adjust compatibility patterns for WinSCP to correctly
identify versions that implement only the legacy DH group exchange
scheme.
<li>ssh(1): print the "Killed by signal 1" message only at LogLevel
verbose so that it is not shown at the default level; prevents it
from appearing during ssh -J and equivalent ProxyCommand configs.
<li>ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys
could previously be made if ssh-keygen failed or was interrupted part
way through generating them.
<li>ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
place the current session in the background.
<li>ssh-keyscan(1): avoid double-close() on file descriptors.
<li>sshd(8): avoid reliance on shared use of pointers shared between
monitor and child sshd processes.
<li>sshd_config(8): document available AuthenticationMethods.
<li>ssh(1): avoid truncation in some login prompts.
<li>ssh(1): make "--" before the hostname terminate argument processing
after the hostname too.
<li>ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. Fixes problems related to private key
handling for no-OpenSSL builds.
<li>ssh(1): warn and do not attempt to use keys when the public and
private halves do not match.
<li>sftp(1): don't print verbose error message when ssh disconnects
from under sftp.
<li>sshd(8): fix keepalive scheduling problem: activity on a forwarded
port from preventing the keepalive from being sent.
<li>sshd(8): when started without root privileges, don't require the
privilege separation user or path to exist. Makes running the
regression tests easier without touching the filesystem.
<li>Make integrity.sh regression tests more robust against timeouts.
<li>ssh(1)/sshd(8): correctness fix for channels implementation: accept
channel IDs greater than 0x7FFFFFFF.
</ul>
</ul>
<li>LibreSSL 2.6.3
<ul>
<li>Added support for providing CRLs to libtls - once a CRL is provided via
<a href="https://man.openbsd.org/tls_config_set_crl_file.3">tls_config_set_crl_file(3)</a>
or
<a href="https://man.openbsd.org/tls_config_set_crl_mem.3">tls_config_set_crl_mem(3)</a>,
CRL checking is enabled and required for the full certificate chain.
<li>Reworked TLS certificate name verification code to more strictly
follow RFC 6125.
<li>Cleaned up and simplified server key exchange EC point handling.
<li>Removed inconsistent IPv6 handling from BIO_get_accept_socket(),
simplified BIO_get_host_ip() and BIO_accept().
<li>Added definitions for three OIDs used in EV certificates.
<li>Relaxed SNI validation to allow non-RFC-compliant clients using literal
IP addresses with SNI to connect to a libtls-based TLS server.
<li>Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
validation callbacks such as those in relayd.
<li>Converted explicit clear/free sequences to use
<a href="https://man.openbsd.org/freezero.3">freezero(3)</a>.
<li>Fixed the
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
ca command so that it generates certificates with RFC 5280-conformant time.
<li>Added
<a href="https://man.openbsd.org/ASN1_TIME_set_tm.3">ASN1_TIME_set_tm(3)</a>
to set an ASN.1 time from a struct tm *.
<li>Added
<a href="https://man.openbsd.org/SSL_CTX_set_min_proto_version.3">SSL{,_CTX}_set_{min,max}_proto_version(3)</a>
functions.
<li>Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
<li>Provided a
<a href="https://man.openbsd.org/tls_unload_file.3">tls_unload_file(3)</a>
function that frees the memory returned from a
<a href="https://man.openbsd.org/tls_load_file.3">tls_load_file(3)</a>
call, ensuring that the contents become inaccessible.
<li>Implemented reference counting for libtls tls_config, allowing
<a href="https://man.openbsd.org/tls_config_free.3">tls_config_free(3)</a>
to be called as soon as it has been passed to the final
<a href="https://man.openbsd.org/tls_configure.3">tls_configure(3)</a>
call, simplifying lifetime tracking for the application.
<li>Dropped cipher suites using DSS authentication.
<li>Removed support for DSS/DSA from libssl.
<li>Distinguish between self-issued certificates and self-signed
certificates. The certificate verification code has special cases
for self-signed certificates and without this change, self-issued
certificates (which it seems are common place with
openvpn/easyrsa) were also being included in this category.
<li>Added a new TLS extension handling framework and converted all
TLS extensions to use it.
<li>Improved and added many new manpages. Updated
<a href="https://man.openbsd.org/SSL_CTX_check_private_key.3">SSL_{CTX_,}check_private_key(3)</a>
manpages with additional cautions regarding their use.
<li>Cleaned up and simplified EC key/curve configuration handling.
<li>Added
<a href="https://man.openbsd.org/tls_config_set_ecdhecurves.3">tls_config_set_ecdhecurves(3)</a>
to libtls, which allows the names of the elliptical curves that may
be used during client and server key exchange to be specified.
<li>Converted more code paths to use CBB/CBS.
<li>Removed NPN support - NPN was never standardised and the last draft
expired in October 2012.
<li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
CryptoPro clients.
<li>Removed support for the TLS padding extension, which was added as a
workaround for an old bug in F5's TLS termination.
<li>Added ability to clamp notafter values in certificates for systems
with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
<li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
<li>Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
<li>Provide a useful error with libtls if there are no OCSP URLs in a
peer certificate.
<li>Keep track of which keypair is in use by a TLS context, fixing a bug
where a TLS server with SNI would only return the OCSP staple for the
default keypair.
<li>If
<a href="https://man.openbsd.org/tls_config_parse_protocols.3">tls_config_parse_protocols(3)</a>
is called with a NULL pointer it now
returns the default protocols.
</ul>
<li>mandoc 1.14.3
<ul>
<li>Full <a href="https://man.openbsd.org/mandocdb.5">mandoc.db(5)</a>
databases are now enabled by default, allowing semantic searching
with <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>
without any local configuration changes.
<li>Full integration of the former
<a href="https://cvsweb.openbsd.org/src/regress/usr.bin/mdoclint/">mdoclint(1)</a>
utility into <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
<code>-Wall</code>, new <code>-Wstyle</code> and
<code>-Wopenbsd</code> message levels, and many new messages,
for example about typos in <code>.Sh</code> lines,
unknown <code>.Xr</code> targets, and links to self.
<li>Additional steps unifying the
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>,
<a href="https://man.openbsd.org/man.7">man(7)</a>, and
<a href="https://man.openbsd.org/roff.7">roff(7)</a> parsers:
use one common data type and
<a href="https://man.openbsd.org/ohash_init.3">ohash_init(3)</a>
for all requests and macros and support creation of syntax tree
nodes in the roff(7) parser, allowing support for many new
low-level roff(7) features.
Only about 25 ports still need <code>USE_GROFF</code> now.
<li>Many improvements to
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
parsing and formatting,
including automatic line wrapping inside table columns.
<li>Many improvements to
<a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
parsing and formatting, including better font selection,
recognition of well-known mathematical function names, and writing
of <code>&lt;mn&gt;</code> and <code>&lt;mo&gt;</code> HTML tags.
<li>Intelligible rendering of mathematical symbols in
<code>-Tascii</code> output.
<li>Several parsing and rendering improvements for the
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
<code>.Lk</code> macro.
<li>Some CSS improvements in HTML output, in particular for the
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
<code>.Bl</code> macro.
</ul>
<li><p>Ports and packages:
<p>A massive amount of clang-related fixes happened between 6.1 and 6.2.
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 4">
<li>aarch64: 7942
<li>alpha: 7426
<li>amd64: 9728
<li>arm: 7939
<li>hppa: 6260
<li>i386: 9685
<li>mips64: 7972
<li>mips64el: 7984
<li>powerpc: 8133
<li>sparc64: 8281
</ul>
<p>Some highlights:
<ul style="column-count: 2">
<li>AFL 2.51b
<li>CMake 3.9.3
<li>Chromium 61.0.3163.100
<li>Emacs 21.4 and 25.3
<li>GCC 4.9.4
<li>GHC 7.10.3
<li>Gimp 2.8.22
<li>GNOME 3.24.2
<li>Go 1.9
<li>Groff 1.22.3
<li>JDK 8u144
<li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
<li>LLVM/Clang 5.0.0
<li>LibreOffice 5.2.7.2
<li>Lua 5.1.5, 5.2.4, and 5.3.4
<li>MariaDB 10.0.32
<li>Mozilla Firefox 52.4.0esr and 56.0.0
<li>Mozilla Thunderbird 52.2.1
<li>Mutt 1.9.1 and NeoMutt 20170912
<li>Node.js 6.11.2
<li>Ocaml 4.03.0
<li>OpenLDAP 2.3.43 and 2.4.45
<li>PHP 5.6.31 and 7.0.23
<li>Postfix 3.2.2 and 3.3-20170910
<li>PostgreSQL 9.6.5
<li>Python 2.7.14 and 3.6.2
<li>R 3.4.1
<li>Ruby 1.8.7.374, 2.1.9, 2.2.8, 2.3.5 and 2.4.2
<li>Rust 1.20.0
<li>Sendmail 8.16.0.21
<li>SQLite3 3.20.1
<li>Sudo 1.8.21.2
<li>Tcl/Tk 8.5.19 and 8.6.6
<li>TeX Live 2016
<li>Vim 8.0.0987
<li>Xfce 4.12
</ul>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 1.18.4 + patches,
freetype 2.8.0, fontconfig 2.12.4, Mesa 13.0.6, xterm 330,
xkeyboard-config 2.20 and more)
<li>LLVM/Clang 4.0.0 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.24.2 (+ patches)
<li>NSD 4.1.17
<li>Unbound 1.6.6
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk Aug 10, 2011 version
<li>Expat 2.2.4
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 6.2 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/alpha/INSTALL.alpha">
.../OpenBSD/6.2/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/amd64/INSTALL.amd64">
.../OpenBSD/6.2/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/arm64/INSTALL.arm64">
.../OpenBSD/6.2/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/armv7/INSTALL.armv7">
.../OpenBSD/6.2/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/hppa/INSTALL.hppa">
.../OpenBSD/6.2/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/i386/INSTALL.i386">
.../OpenBSD/6.2/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/landisk/INSTALL.landisk">
.../OpenBSD/6.2/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/loongson/INSTALL.loongson">
.../OpenBSD/6.2/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/luna88k/INSTALL.luna88k">
.../OpenBSD/6.2/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/macppc/INSTALL.macppc">
.../OpenBSD/6.2/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/octeon/INSTALL.octeon">
.../OpenBSD/6.2/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sgi/INSTALL.sgi">
.../OpenBSD/6.2/sgi/INSTALL.sgi</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sparc64/INSTALL.sparc64">
.../OpenBSD/6.2/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
Write <i>floppy62.fs</i> or <i>floppyB62.fs</i> (depending on your machine)
to a diskette and enter <i>boot dva0</i>.
Refer to INSTALL.alpha for more details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install62.iso</i> or
<i>cd62.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install62.fs</i> or
<i>miniroot62.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
Write <i>miniroot62.fs</i> to a disk and boot from it after connecting
to the serial console. Refer to INSTALL.arm64 for more details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install62.iso</i> or
<i>cd62.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install62.fs</i> or
<i>miniroot62.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot62.fs</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot62.fs</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/6.2/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/sgi:</h3>
<p>
To install, burn cd62.iso on a CD-R, put it in the CD drive of your
machine and select <i>Install System Software</i> from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
<p>
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
<h3>OpenBSD/sparc64:</h3>
<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy62.fs</i> or <i>floppyB62.fs</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>miniroot62.fs</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 6.1 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade62.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_2</kbd>
</pre></blockquote>
<p>
[Of course, you must replace the server name here with a nearby anoncvs
server.]
<p>
Note that most ports are available as packages on our mirrors. Updated
ports for the 6.2 release will be made available if problems arise.
<p>
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
<a href="mail.html">ports@openbsd.org</a> is a good place to know.
</section>
Reference in New Issue View Git Blame Copy Permalink