forked from openbsd/www
-
Notifications
You must be signed in to change notification settings - Fork 0
/
62.html
1123 lines (1047 loc) · 50.8 KB
/
62.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 6.2</title>
<meta name="description" content="OpenBSD 6.2">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/62.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
6.2
</h2>
<table>
<tr>
<td>
<a href="images/MoBSD-l.gif">
<img width="227" height="343" src="images/MoBSD.gif" alt="MoBSD"></a>
<td>
Released October 9, 2017<br>
Copyright 1997-2017, Theo de Raadt.<br>
<br>
6.2 Song:
<a href="lyrics.html#62">"A 3 line diff"</a>.
<br>
<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/6.2/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata62.html">the 6.2 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus62.html">detailed log of changes</a> between the
6.1 and 6.2 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-62-base.pub:
<td>
RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
<tr><td>
openbsd-62-fw.pub:
<td>
RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
<tr><td>
openbsd-62-pkg.pub:
<td>
RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 6.2.
For a comprehensive list, see the <a href="plus62.html">changelog</a> leading
to 6.2.
<ul>
<li>Improved hardware support, including:
<ul>
<li>arm: New <a href="https://man.openbsd.org/rkgrf.4">rkgrf(4)</a> driver
for the Rockchip RK3399/RK3288 register file.
<li>arm: New <a href="https://man.openbsd.org/rkclock.4">rkclock(4)</a>
driver for Rockchip RK3399/RK3288 clocks.
<li>arm: New <a href="https://man.openbsd.org/rkpinctrl.4">rkpinctrl(4)</a>
driver for controlling Rockchip RK3399/RK3288 pins.
<li>arm: New <a href="https://man.openbsd.org/rkgpio.4">rkgpio(4)</a> driver
for GPIO on Rockchip SoCs.
<li>arm: New <a href="https://man.openbsd.org/rktemp.4">rktemp(4)</a> driver
for Rockchip RK3399 temperature sensors.
<li>arm: New <a href="https://man.openbsd.org/rkiic.4">rkiic(4)</a> driver
for Rockchip RK3399 I2C controllers.
<li>arm: New <a href="https://man.openbsd.org/rkpmic.4">rkpmic(4)</a> driver
for the RK808 Power Management IC.
<li>arm: New <a href="https://man.openbsd.org/dwmmc.4">dwmmc(4)</a> driver
for Synopsis DesignWare SD/MMC controllers.
<li>arm: New <a href="https://man.openbsd.org/dwdog.4">dwdog(4)</a> driver
for the Synopsys DesignWare watchdog timer.
<li>arm: New <a href="https://man.openbsd.org/dwxe.4">dwxe(4)</a> driver
for the Synopsys DesignWare Ethernet controller.
<li>arm: New <a href="https://man.openbsd.org/sxitwi.4">sxitwi(4)</a> driver
for the two-wire bus on Allwinner SoCs.
<li>arm: New <a href="https://man.openbsd.org/axppmic.4">axppmic(4)</a>
driver for the AXP209 I2C PMIC.
<li>arm: New <a href="https://man.openbsd.org/bcmaux.4">bcmaux(4)</a> driver
for clocks and interrupts on the auxiliary UART on BCM2835 devices.
<li>arm: New <a href="https://man.openbsd.org/armv7/mvmpic.4">mvmpic(4)</a>
driver for an interrupt controller on Marvell ARMADA 38x.
<li>arm: New <a href="https://man.openbsd.org/armv7/mvpxa.4">mvpxa(4)</a>
driver for the SD Host Controller on Marvell ARMADA 38x.
<li>arm: New <a href="https://man.openbsd.org/mvpinctrl.4">mvpinctrl(4)</a>
driver to configure pins on Marvell ARMADA 38x.
<li>arm: New <a href="https://man.openbsd.org/mvneta.4">mvneta(4)</a> driver
the Ethernet controller on Marvell ARMADA 38x.
<li>arm: New <a
href="https://man.openbsd.org/armv7/amdisplay.4">amdisplay(4)</a> &
<a href="https://man.openbsd.org/armv7/nxphdmi.4">nxphdmi(4)</a> drivers
for the Texas Instruments AM335x LCD controller.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octcib.4">octcib(4)</a> driver for
the interrupt bus widget on CN70xx/CN71xx.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octcit.4">octcit(4)</a> driver for
the central interrupt unit version 3 on CN72xx/CN73xx/CN77xx/CN78xx.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octsctl.4">octsctl(4)</a> driver
for the OCTEON SATA controller bridge.
<li>octeon: New <a
href="https://man.openbsd.org/octeon/octxctl.4">octxctl(4)</a> driver
for the OCTEON USB3 controller bridge.
<li>octeon: Rhino Labs Inc. SDNA Shasta, and Ubiquiti Networks EdgeRouter 4
and 6 are now supported.
<li>New <a href="https://man.openbsd.org/hvs.4">hvs(4)</a> driver for
Hyper-V storage.
<li>New <a href="https://man.openbsd.org/pcxrtc.4">pcxrtc(4)</a> driver for
the NXP PCF8563 Real Time Clock.
<li>New <a href="https://man.openbsd.org/urng.4">urng(4)</a> driver for USB
random number generator devices.
<li>Intel 8265 and 3168 support was added to the
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> driver.
<li>RTL8192CE support was added to the
<a href="https://man.openbsd.org/rtwn.4">rtwn(4)</a> driver.
<li>RT5360 support was added to the
<a href="https://man.openbsd.org/ral.4">ral(4)</a> driver.
<li>RTS525A support was added to the
<a href="https://man.openbsd.org/rtsx.4">rtsx(4)</a> driver.
<li>The <a href="https://man.openbsd.org/acpibat.4">acpibat(4)</a> driver
now supports _BIX entries from ACPI 4.0.
<li>ACPI hibernate support was added to the
<a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver.
<li>Substantially improved ACPI hibernate performance in the
<a href="https://man.openbsd.org/ahci.4">ahci(4)</a> driver.
<li>The <a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a> driver
was updated to code based on Linux 4.4.70 - it now supports Skylake,
Kaby Lake, and Cherryview devices and has better support for Broadwell
and Valleyview devices.
<li>The <a href="https://man.openbsd.org/puc.4">puc(4)</a> driver now
supports ASIX AX99100 devices.
<li>Xen platform support and the
<a href="https://man.openbsd.org/xbf.4">xbf(4)</a> driver in particular
have been substantially improved.
<li>The <a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver now reports
correct last sector address to SCSI, allowing a valid GPT to be created.
<li>Repair <a href="https://man.openbsd.org/ioapic.4">ioapic(4)</a> misconfigurations.
</ul>
<li><a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>/
<a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> improvements:
<ul>
<li><a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a> supports
paused VM migration and memory snapshotting using send and receive commands.
<li>VPID/ASID reuse/rollover in <a
href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a>.
<li>SGABIOS imported as an option ROM payload in SeaBIOS (for VGA to serial
console redirection).
<li><a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> resets the
guest VM RTC (real time clock) on host resume from suspend/hibernate
(OpenBSD guests only).
<li>Allow guest VMs access to AVX/AVX2 host CPU features.
<li>Support for AMD SVM/RVI hosts.
<li>Allow larger guest VM memory sizes (up to MAXDSIZ sized guests - e.g.
32GB on amd64 hosts).
<li>Better handling of guest VM MONITOR/MWAIT and HLT instructions.
<li>Various device emulation improvements in <a
href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a>.
<li>Increase the <a href="https://man.openbsd.org/virtio.4">virtio(4)</a>
queue size provided by <a
href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> from 64 to 128 entries, to increase performance.
<li>Many fixes to <a href="https://man.openbsd.org/amd64/vmctl.8">vmctl(8)</a>
and <a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> error handling.
</ul>
<li>IEEE 802.11 wireless stack improvements:
<ul>
<li>MiRA 802.11n TX rate scaling now supports devices with unequal numbers
of Tx and Rx streams. Fixes 11n mode for some
<a href="https://man.openbsd.org/athn.4">athn(4)</a> devices.
<li>The <a href="https://man.openbsd.org/iwn.4">iwn(4)</a> and
<a href="https://man.openbsd.org/iwm.4">iwm(4)</a> drivers will now start
scanning for a new access point if they no longer receive beacons from
the current AP.
<li>Prefer the 5GHz band over the 2GHz band during access point selection.
<li>Improved debug output in
<a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> when a wireless
interface is put into debug mode with
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
</ul>
<li>Generic network stack improvements:
<ul>
<li>Incoming and forwarded IP packets are now processed without
KERNEL_LOCK, resulting in better performances and reduced latency.
<li>The kernel no longer handles IPv6 Stateless Address
Autoconfiguration (RFC 4862), allowing cleanup and simplification
of the IPv6 network stack.
<li>The kernel sends IPv6 router solicitations for link local addresses
with a link local source address.
<li>FQ-CoDel algorithm has been implemented for use with <a
href="https://man.openbsd.org/pf.conf#QUEUEING">pf(4) queueing</a>.
<li>Improved IPv6 checks for IPsec policies and made them consistent
with IPv4.
<li>Refactored local IP delivery to process IPsec packets in a flow and
avoid enqueueing a second time.
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a>
now inspects AH packets and matches on the inner protocol.
This makes IPv4 authentication headers work like IPv6.
<li>The length of extension header chains in pf(4) is limited.
This prevents spending excessive CPU time on crafted packets.
<li>Block IPv6 packets in
<a href="https://man.openbsd.org/pf.4">pf(4)</a>
that have a hop-by-hop options header or a destination options header.
Such packets can be passed by adding "allow-opts" to the rule.
This makes IPv6 option handling consistent with IPv4.
<li>If the IPv4 ID gets reused too fast, pf(4) fragment reassembly
uses a smarter strategy to drop packets.
<li>Enabled the use of per-CPU caches in the network packet allocators.
</ul>
<li>Installer improvements:
<ul>
<li>The installer now uses the Allotment Routing Table (ART).
<li>A unique kernel is now created by the installer to boot from after
install/upgrade.
<li>On release installs of architectures supported by syspatch,
"syspatch -c" is now added to rc.firsttime.
<li>Backwards compatibility code to support the 'rtsol' keyword in
<a href="https://man.openbsd.org/hostname.if.5">hostname.if(5)</a>
has been removed.
<li>The <code>install.site</code> and <code>upgrade.site</code> scripts are now
executed at the end of the install/upgrade process.
<li>More detailed information is shown to identify disks.
<li>The IPv6 default router selection has been fixed.
<li>On the amd64 platform, AES-NI is used if present.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li>A new daemon, <a
href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> handles IPv6
Stateless Address Autoconfiguration (RFC 4862).
<li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> now supports
"Reducing Energy Consumption of Router Advertisements" (RFC 7772).
<li><a href="https://man.openbsd.org/rtadvd.8">rtadvd(8)</a> has
been fixed to quickly handle IPv6 prefix changes on the system.
<li><a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>
can now show SA bundles and the "bundle" keyword allows them to be
explicitly created. This avoids confusion as they were previously
used implicitly.
<li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
now has a <code>-W recvlimit</code> option to terminate netcat after
receiving the specified number of packets. This allows for a UDP
request to be sent, a reply to be received and the result checked on
the command line.
<li><a href="https://man.openbsd.org/nc.1">nc(1)</a>
now has a <code>-Z</code> option, allowing the peer certificate and chain to be
saved to a file in PEM format.
<li>A new <code>-T tlscompat</code> option was added to
<a href="https://man.openbsd.org/nc.1">nc(1)</a>, which enables the use
of all TLS protocols and libtls "compat" ciphers.
<li>Various races have been fixed in
<a href="https://man.openbsd.org/relayd.8">relayd(8)</a>,
especially in HTTP chunked mode.
<li><a href="https://man.openbsd.org/ndp.8">ndp(8)</a> now shows the
relevant NDP information when run in a non-default routing
domain.
<li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a> now
copes with interface departures/arrivals.
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> can now
be started multiple times in different
<a href="https://man.openbsd.org/rdomain.4">routing domains</a>,
this provides virtual router functionality.
</ul>
<li>Security improvements:
<ul>
<li>A new function
<a href="https://man.openbsd.org/freezero.3">freezero(3)</a>
to easily clear and free memory holding sensitive data has been added.
<li>Double free detection has been improved when the F
<a href="https://man.openbsd.org/malloc.3">malloc(3)</a> option is used.
The existing S option now includes F.
<li>The <a href="https://man.openbsd.org/tty.4#TIOCSTI">TIOCSTI</a>
tty ioctl has been removed. The I/O-loops in the last two consumers
<a href="https://man.openbsd.org/csh.1">csh(1)</a> and
<a href="https://man.openbsd.org/mail.1">mail(1)</a>
were rewritten to cope with the removal.
<li>Trapsleds, a new mitigation that significantly reduces the amount of
nops in the instruction stream, replacing them with trap instructions
or jump-over-trap sequences, thereby requiring greater accuracy for
targeting potential gadgets.
<li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
files of the kernel to be relinked in a random order, creating a unique
kernel for each boot. /bsd is now non-readable to users, to try to
keep the secret.
<li>Like with libc previously,
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on
startup, placing the objects in a random order.
<li>In addition to libcrypto, to deter code reuse exploits,
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links
<a href="https://man.openbsd.org/ld.so.1">ld.so</a> on
startup, placing the objects in a random order.
<li>If process accounting is activated with
<a href="https://man.openbsd.org/accton.8">accton(8)</a>,
the daily mail shows pledge violations and program crashes.
<a href="https://man.openbsd.org/lastcomm.1">lastcomm(1)</a>
uses the flags P and T for such processes.
<li><a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a> uses the
fork+exec model.
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> uses the
fork+exec model.
<li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a>
uses <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> and
<a href="https://man.openbsd.org/snmpctl.8">snmpctl(8)</a> now use
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
<li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>.
<li>Fixed and simplified pledge logic for
<a href="https://man.openbsd.org/nc.1">nc(1)</a>.
<li>More application of
<a href="https://man.openbsd.org/recallocarray.3">recallocarray(3)</a>
in userland, and tracked sizes to
<a href="https://man.openbsd.org/free.9">free(9)</a> in the kernel.
<li>Achieve higher levels of paranoia regarding structure packing, and
clear many kernel objects before passing to userland.
<li>Disable some optimizations in
<a href="https://man.openbsd.org/clang.1">clang(1)</a>
due to incompatibility with security.
<li>For instance, cope with
<a href="https://man.openbsd.org/clang.1">clang(1)</a>'s assumption
that static or const
objects placed in unknown sections (such as .openbsd.randomdata)
are surely always 0, and therefore such memory accesses can be
optimized away.
<li>In kernel, randomly bias down the top-of-stack per kthread.
</ul>
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>/
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> improvements:
<ul>
<li>Add support for echo-client-id statement to
<a href="https://man.openbsd.org/dhcpd.conf.5">dhcpd.conf(5)</a>.
<li>Take greater care to process all data read, and only data read, from the
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
socket.
<li>Use /dev/bpf instead of /dev/bpf0.
<li>Handle DHCPINFORM messages from clients behind a DHCP relay.
<li>Fix handling of
<a href="https://man.openbsd.org/carp.4">carp(4)</a>
interfaces in
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>.
<li>Don't stop
<a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>
logging to stderr when it is started with the -d option.
</ul>
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> improvements:
<ul>
<li>Log messages reworked and clarified, in particular by prefixing
the name of the relevant network interface.
<li>Treat SSID as 0 to 32 bytes of binary data, not a string.
<li>Use RTM_PROPOSAL to take control of an interface rather than flipping
interface down and up in the hope that other
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
instances notice.
<li>Reduce file operations needed by -L option by opening file at
startup and using it throughout process lifetime.
<li>Improve <a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
handling by reducing writes and more reliably determining which interface
has the current default route.
<li>Take greater care to process all data read, and only data read, from the
<a href="https://man.openbsd.org/bpf.4">bpf(4)</a>
socket.
<li>Improve the determination of the link state of an interface.
<li>Decline inappropriate lease offers as soon as they are deemed
inappropriate.
<li>Drop support for the timestamp formats used in lease files created
more than four years ago.
<li>Accept an offer from the server that sent the first copy of
the offer, not the server that sent the last copy.
<li>Don't delete addresses and routes when exiting.
<li>Ensure IPv6 packets are not read from sockets.
<li>Don't silently ignore obsolete keywords in
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>.
<li>Reduce memory footprint by shrinking oversized static buffers.
<li>Eliminate repeated socket opens by opening the required sockets during
startup.
<li>Fix construction of unicast UDP packets, broken in 5.6.
<li>Improve determination of when a renewed lease requires interface
configuration changes.
<li>Don't exit when addresses are manually added or deleted from an
interface.
<li>Don't support option 33, classfull IP addresses.
<li>Fix configuration of default routes supplied by classless route options.
<li>Consider
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
contents when determining what MTU value to configure.
<li>Consider
<a href="https://man.openbsd.org/dhclient.conf.5">dhclient.conf(5)</a>
contents when creating the content of
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
<li>Delete direct routes when routes are flushed.
<li>Don't label routes with "DHCLIENT nnnn".
<li>Don't delete addresses or routes that will be immediately added back.
<li>Delete addresses and routes only when a renewal request is NAK'ed.
<li>Don't wait forever for requested information on the default route.
<li>Don't exit when an attempt to send a packet fails.
<li>Don't log a packet send when the send fails.
<li>Remove the -u option, broken since 2013 without complaints.
<li>Use /dev/bpf instead of /dev/bpf0.
</ul>
<li>Assorted improvements:
<ul>
<li>The <a href="https://www.openbsd.org/i386.html">i386</a> and
<a href="https://www.openbsd.org/amd64.html">amd64</a>
platforms have switched to using
<a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
as the base system compiler.
<li>Improved UTF-8 line editing support for
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
Emacs and Vi input mode.
<li>The HISTFILE of <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> now uses
a plain text format. Support for the
<a href="https://man.openbsd.org/ksh#HISTCONTROL">HISTCONTROL</a>
environment variable was added.
<li>The performance of the memory deallocator used by
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a> has been fixed.
<li>The <code>emacs-usemeta</code> <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
flag is no longer needed and is now deprecated.
<li>New <a href="https://man.openbsd.org/futex">futex(2)</a> syscall.
<li>New pthread
<a href="https://man.openbsd.org/pthread_mutex_init">mutex</a> and
<a href="https://man.openbsd.org/pthread_cond_init">condition
variable</a> implementations improving latency
of threaded applications.
<li>New POSIX <a href="https://man.openbsd.org/newlocale.3">xlocale</a>
implementation written from scratch, complete in the sense that
all POSIX *locale(3) and *_l(3) functions are included, but in
OpenBSD, we of course only really care about <code>LC_CTYPE</code>
and we only support ASCII and UTF-8.
<li>Automatic hibernation and suspend by
<a href="https://man.openbsd.org/apmd">apmd</a>
when battery is low.
<li>New <a href="https://man.openbsd.org/ctfdump">ctfdump(1)</a> and
<a href="https://man.openbsd.org/ctfconv">ctfconv(1)</a>
tools to manipulate CTF (Compact C Type Format).
<li>The error handling in
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>
has been improved.
Even if internal errors occur, the daemon tries to keep
unaffected subsystems active.
So as many messages as possible are logged.
They can be filtered by severity and facility "syslog".
<li>syslogd(8) can now suppress "last message repeated" which is
useful for remote logging.
<li>syslogd(8) can listen on multiple TLS sockets.
<li>syslogd(8) closes the *.514 UDP sockets when they are not
needed.
<li>Truncate log messages at 8192 bytes everywhere.
<li><a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>
now skips and logs invalid config lines.
<li>Nested mount points are umounted in correct order.
<li>Fix creation of
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
CONCAT volumes.
<li>Include
<a href="https://man.openbsd.org/softraid.4">softraid(4)</a>
volume and backing disk information in i/o error messages.
<li>Make
<a href="https://man.openbsd.org/vioscsi.4">vioscsi(4)</a>
a normal
<a href="https://man.openbsd.org/scsi.4">scsi(4)</a>
device by eliminating its use of the obsolete XS_NO_CCB mechanism.
<li>Remove last vestiges of now unused XS_NO_CCB mechanism.
<li>Userspace can now get the address of the thread control block
without a system call on OCTEON II and later.
<li>FPU is enabled on OCTEON III.
<li>GENERIC kernels now include a .SUNW_ctf section containing CTF data.
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <code>kill</code>
command, send an uncatchable SIGABRT to a process.
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> <code>pprint</code>
command, using CTF information to "pretty print" global symbols.
<li>New <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>
<code>show struct</code> command, using CTF information to display the content
of in memory C structures.
<li>x86: <a href="https://man.openbsd.org/ddb.4">ddb(4)</a> uses CTF data
to display the correct number of function arguments in backtraces.
<li>Power off all codecs in
<a href="https://man.openbsd.org/azalia.4">azalia(4)</a> to avoid static
noise in speakers and headphones on reboot.
<li>Fix i386 boot regression seen on very old 486DX CPUs.
<li>New <a href="https://man.openbsd.org/witness.4">witness(4)</a> tool
for debugging lock order issues in the kernel.
The tool is not built in by default, and only amd64, hppa and i386
are supported.
<li>Modernize some bizarre tty behaviours of getty(8).
<li>Some subtle changes to pledge(2) to satisfy requirements observed
in real life.
<li>Prefer use of waitpid(2) rather than wait(3) where possible, to
avoid problems with pre-existing children.
<li>Rewrite swaths of machine-dependent system call stub code in ld.so(1)
in a more portable fashion.
<li><a href="https://man.openbsd.org/pool_cache_init.9">Per-CPU
caches</a> implemented in pools.
<li><a href="https://man.openbsd.org/pthread_mutex_lock.3">Mutex</a>,
<a href="https://man.openbsd.org/pthread_cond_wait.3">condition-variable</a>,
<a href="https://man.openbsd.org/pthread_getspecific.3">thread-specific data</a>,
<a href="https://man.openbsd.org/pthread_once.3">pthread_once(3)</a>,
and <a href="https://man.openbsd.org/pthread_exit.3">pthread_exit(3)</a>
routines moved to libc from libpthread for ease of library
use and compatibility with other OSes.
<li>Added <a href="https://man.openbsd.org/openpty.3">getptmfd(3)</a>,
<a href="https://man.openbsd.org/openpty.3">fdopenpty(3)</a>, and
<a href="https://man.openbsd.org/openpty.3">fdforkpty(3)</a>
to simplify privilege separation and use of pledge(2).
<li>Improved computational complexity in various cases of
<a href="https://man.openbsd.org/strstr.3">strstr(3)</a>,
<a href="https://man.openbsd.org/qsort.3">qsort(3)</a>,
and <a href="https://man.openbsd.org/glob.3">glob(3)</a>.
<li>Added support for <code>EV_RECEIPT</code> and <code>EV_DISPATCH</code> to
<a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a>.
<li>Added <a href="https://man.openbsd.org/ktrace.2">fktrace(2)</a>.
</ul>
<li>OpenSMTPD 6.0.0
<ul>
<li>Fix an off-by-one in the config parser that made 65535 an invalid port.
<li>Fix a fd leak in the session congestion mechanism.
<li>Fix a possible crash when relaying with smtps.
<li>Remove support for the "listen secure" syntax (expicitely define two listeners for tls and smtps instead).
<li>Remove experimental support for filters.
<li>Assorted code and documentation cleanups and improvements.
</ul>
<li>OpenSSH 7.6
<ul>
<li>Security:
<ul>
<li>sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files.
</ul>
<li>New/changed features:
<ul>
<li>Add RemoteCommand option to specify a command in the
<a href="https://man.openbsd.org/ssh.1">ssh(1)</a>
config file instead of giving it on the client's command
line.
The feature allows to automate tasks using ssh config.
<li>sshd(8): add ExposeAuthInfo option that enables writing details of
the authentication methods used (including public keys where
applicable) to a file that is exposed via a $SSH_USER_AUTH
environment variable in the subsequent session.
<li>ssh(1): add support for reverse dynamic forwarding. In this mode,
ssh will act as a SOCKS4/5 proxy and forward connections
to destinations requested by the remote SOCKS client. This mode
is requested using extended syntax for the -R and RemoteForward
options and, because it is implemented solely at the client,
does not require the server be updated to be supported.
<li>sshd(8): allow LogLevel directive in sshd_config Match blocks.
<li>ssh-keygen(1): allow inclusion of arbitrary string or flag
certificate extensions and critical options.
<li>ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
a CA when signing certificates.
<li>ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
ToS/DSCP value and just use the operating system default.
<li>ssh-add(1): added -q option to make ssh-add quiet on success.
<li>ssh(1): expand the StrictHostKeyChecking option with two new
settings. The first "accept-new" will automatically accept
hitherto-unseen keys but will refuse connections for changed or
invalid hostkeys. This is a safer subset of the current behaviour
of StrictHostKeyChecking=no. The second setting "off", is a synonym
for the current behaviour of StrictHostKeyChecking=no: accept new
host keys, and continue connection for hosts with incorrect
hostkeys. A future release will change the meaning of
StrictHostKeyChecking=no to the behaviour of "accept-new".
<li>ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
option in sshd(8).
</ul>
<li>The following significant bugs have been fixed in this release:
<ul>
<li>ssh(1): use HostKeyAlias if specified instead of hostname for
matching host certificate principal names.
<li>sftp(1): implement sorting for globbed ls.
<li>ssh(1): add a user@host prefix to client's "Permission denied"
messages, useful in particular when using "stacked" connections
(e.g. ssh -J) where it's not clear which host is denying.
<li>ssh(1): accept unknown EXT_INFO extension values that contain \0
characters. These are legal, but would previously cause fatal
connection errors if received.
<li>ssh(1)/sshd(8): repair compression statistics printed at
connection exit.
<li>sftp(1): print '?' instead of incorrect link count (that the
protocol doesn't provide) for remote listings.
<li>ssh(1): return failure rather than fatal() for more cases during
session multiplexing negotiations. Causes the session to fall back
to a non-mux connection if they occur.
<li>ssh(1): mention that the server may send debug messages to explain
public key authentication problems under some circumstances.
<li>Translate OpenSSL error codes to better report incorrect passphrase
errors when loading private keys.
<li>sshd(8): adjust compatibility patterns for WinSCP to correctly
identify versions that implement only the legacy DH group exchange
scheme.
<li>ssh(1): print the "Killed by signal 1" message only at LogLevel
verbose so that it is not shown at the default level; prevents it
from appearing during ssh -J and equivalent ProxyCommand configs.
<li>ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys
could previously be made if ssh-keygen failed or was interrupted part
way through generating them.
<li>ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
place the current session in the background.
<li>ssh-keyscan(1): avoid double-close() on file descriptors.
<li>sshd(8): avoid reliance on shared use of pointers shared between
monitor and child sshd processes.
<li>sshd_config(8): document available AuthenticationMethods.
<li>ssh(1): avoid truncation in some login prompts.
<li>ssh(1): make "--" before the hostname terminate argument processing
after the hostname too.
<li>ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. Fixes problems related to private key
handling for no-OpenSSL builds.
<li>ssh(1): warn and do not attempt to use keys when the public and
private halves do not match.
<li>sftp(1): don't print verbose error message when ssh disconnects
from under sftp.
<li>sshd(8): fix keepalive scheduling problem: activity on a forwarded
port from preventing the keepalive from being sent.
<li>sshd(8): when started without root privileges, don't require the
privilege separation user or path to exist. Makes running the
regression tests easier without touching the filesystem.
<li>Make integrity.sh regression tests more robust against timeouts.
<li>ssh(1)/sshd(8): correctness fix for channels implementation: accept
channel IDs greater than 0x7FFFFFFF.
</ul>
</ul>
<li>LibreSSL 2.6.3
<ul>
<li>Added support for providing CRLs to libtls - once a CRL is provided via
<a href="https://man.openbsd.org/tls_config_set_crl_file.3">tls_config_set_crl_file(3)</a>
or
<a href="https://man.openbsd.org/tls_config_set_crl_mem.3">tls_config_set_crl_mem(3)</a>,
CRL checking is enabled and required for the full certificate chain.
<li>Reworked TLS certificate name verification code to more strictly
follow RFC 6125.
<li>Cleaned up and simplified server key exchange EC point handling.
<li>Removed inconsistent IPv6 handling from BIO_get_accept_socket(),
simplified BIO_get_host_ip() and BIO_accept().
<li>Added definitions for three OIDs used in EV certificates.
<li>Relaxed SNI validation to allow non-RFC-compliant clients using literal
IP addresses with SNI to connect to a libtls-based TLS server.
<li>Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
validation callbacks such as those in relayd.
<li>Converted explicit clear/free sequences to use
<a href="https://man.openbsd.org/freezero.3">freezero(3)</a>.
<li>Fixed the
<a href="https://man.openbsd.org/openssl.1">openssl(1)</a>
ca command so that it generates certificates with RFC 5280-conformant time.
<li>Added
<a href="https://man.openbsd.org/ASN1_TIME_set_tm.3">ASN1_TIME_set_tm(3)</a>
to set an ASN.1 time from a struct tm *.
<li>Added
<a href="https://man.openbsd.org/SSL_CTX_set_min_proto_version.3">SSL{,_CTX}_set_{min,max}_proto_version(3)</a>
functions.
<li>Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
<li>Provided a
<a href="https://man.openbsd.org/tls_unload_file.3">tls_unload_file(3)</a>
function that frees the memory returned from a
<a href="https://man.openbsd.org/tls_load_file.3">tls_load_file(3)</a>
call, ensuring that the contents become inaccessible.
<li>Implemented reference counting for libtls tls_config, allowing
<a href="https://man.openbsd.org/tls_config_free.3">tls_config_free(3)</a>
to be called as soon as it has been passed to the final
<a href="https://man.openbsd.org/tls_configure.3">tls_configure(3)</a>
call, simplifying lifetime tracking for the application.
<li>Dropped cipher suites using DSS authentication.
<li>Removed support for DSS/DSA from libssl.
<li>Distinguish between self-issued certificates and self-signed
certificates. The certificate verification code has special cases
for self-signed certificates and without this change, self-issued
certificates (which it seems are common place with
openvpn/easyrsa) were also being included in this category.
<li>Added a new TLS extension handling framework and converted all
TLS extensions to use it.
<li>Improved and added many new manpages. Updated
<a href="https://man.openbsd.org/SSL_CTX_check_private_key.3">SSL_{CTX_,}check_private_key(3)</a>
manpages with additional cautions regarding their use.
<li>Cleaned up and simplified EC key/curve configuration handling.
<li>Added
<a href="https://man.openbsd.org/tls_config_set_ecdhecurves.3">tls_config_set_ecdhecurves(3)</a>
to libtls, which allows the names of the elliptical curves that may
be used during client and server key exchange to be specified.
<li>Converted more code paths to use CBB/CBS.
<li>Removed NPN support - NPN was never standardised and the last draft
expired in October 2012.
<li>Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
CryptoPro clients.
<li>Removed support for the TLS padding extension, which was added as a
workaround for an old bug in F5's TLS termination.
<li>Added ability to clamp notafter values in certificates for systems
with 32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
<li>Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
<li>Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
<li>Provide a useful error with libtls if there are no OCSP URLs in a
peer certificate.
<li>Keep track of which keypair is in use by a TLS context, fixing a bug
where a TLS server with SNI would only return the OCSP staple for the
default keypair.
<li>If
<a href="https://man.openbsd.org/tls_config_parse_protocols.3">tls_config_parse_protocols(3)</a>
is called with a NULL pointer it now
returns the default protocols.
</ul>
<li>mandoc 1.14.3
<ul>
<li>Full <a href="https://man.openbsd.org/mandocdb.5">mandoc.db(5)</a>
databases are now enabled by default, allowing semantic searching
with <a href="https://man.openbsd.org/apropos.1">apropos(1)</a>
without any local configuration changes.
<li>Full integration of the former
<a href="https://cvsweb.openbsd.org/src/regress/usr.bin/mdoclint/">mdoclint(1)</a>
utility into <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>
<code>-Wall</code>, new <code>-Wstyle</code> and
<code>-Wopenbsd</code> message levels, and many new messages,
for example about typos in <code>.Sh</code> lines,
unknown <code>.Xr</code> targets, and links to self.
<li>Additional steps unifying the
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>,
<a href="https://man.openbsd.org/man.7">man(7)</a>, and
<a href="https://man.openbsd.org/roff.7">roff(7)</a> parsers:
use one common data type and
<a href="https://man.openbsd.org/ohash_init.3">ohash_init(3)</a>
for all requests and macros and support creation of syntax tree
nodes in the roff(7) parser, allowing support for many new
low-level roff(7) features.
Only about 25 ports still need <code>USE_GROFF</code> now.
<li>Many improvements to
<a href="https://man.openbsd.org/tbl.7">tbl(7)</a>
parsing and formatting,
including automatic line wrapping inside table columns.
<li>Many improvements to
<a href="https://man.openbsd.org/eqn.7">eqn(7)</a>
parsing and formatting, including better font selection,
recognition of well-known mathematical function names, and writing
of <code><mn></code> and <code><mo></code> HTML tags.
<li>Intelligible rendering of mathematical symbols in
<code>-Tascii</code> output.
<li>Several parsing and rendering improvements for the
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
<code>.Lk</code> macro.
<li>Some CSS improvements in HTML output, in particular for the
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a>
<code>.Bl</code> macro.
</ul>
<li><p>Ports and packages:
<p>A massive amount of clang-related fixes happened between 6.1 and 6.2.
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 4">
<li>aarch64: 7942
<li>alpha: 7426
<li>amd64: 9728
<li>arm: 7939
<li>hppa: 6260
<li>i386: 9685
<li>mips64: 7972
<li>mips64el: 7984
<li>powerpc: 8133
<li>sparc64: 8281
</ul>
<p>Some highlights:
<ul style="column-count: 2">
<li>AFL 2.51b
<li>CMake 3.9.3
<li>Chromium 61.0.3163.100
<li>Emacs 21.4 and 25.3
<li>GCC 4.9.4
<li>GHC 7.10.3
<li>Gimp 2.8.22
<li>GNOME 3.24.2
<li>Go 1.9
<li>Groff 1.22.3
<li>JDK 8u144
<li>KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
<li>LLVM/Clang 5.0.0
<li>LibreOffice 5.2.7.2
<li>Lua 5.1.5, 5.2.4, and 5.3.4
<li>MariaDB 10.0.32
<li>Mozilla Firefox 52.4.0esr and 56.0.0
<li>Mozilla Thunderbird 52.2.1
<li>Mutt 1.9.1 and NeoMutt 20170912
<li>Node.js 6.11.2
<li>Ocaml 4.03.0
<li>OpenLDAP 2.3.43 and 2.4.45
<li>PHP 5.6.31 and 7.0.23
<li>Postfix 3.2.2 and 3.3-20170910
<li>PostgreSQL 9.6.5
<li>Python 2.7.14 and 3.6.2
<li>R 3.4.1
<li>Ruby 1.8.7.374, 2.1.9, 2.2.8, 2.3.5 and 2.4.2
<li>Rust 1.20.0
<li>Sendmail 8.16.0.21
<li>SQLite3 3.20.1
<li>Sudo 1.8.21.2
<li>Tcl/Tk 8.5.19 and 8.6.6
<li>TeX Live 2016
<li>Vim 8.0.0987
<li>Xfce 4.12
</ul>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 1.18.4 + patches,
freetype 2.8.0, fontconfig 2.12.4, Mesa 13.0.6, xterm 330,
xkeyboard-config 2.20 and more)
<li>LLVM/Clang 4.0.0 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.24.2 (+ patches)
<li>NSD 4.1.17
<li>Unbound 1.6.6
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk Aug 10, 2011 version
<li>Expat 2.2.4
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 6.2 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/alpha/INSTALL.alpha">
.../OpenBSD/6.2/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/amd64/INSTALL.amd64">
.../OpenBSD/6.2/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/arm64/INSTALL.arm64">
.../OpenBSD/6.2/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/armv7/INSTALL.armv7">
.../OpenBSD/6.2/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/hppa/INSTALL.hppa">
.../OpenBSD/6.2/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/i386/INSTALL.i386">
.../OpenBSD/6.2/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/landisk/INSTALL.landisk">
.../OpenBSD/6.2/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/loongson/INSTALL.loongson">
.../OpenBSD/6.2/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/luna88k/INSTALL.luna88k">
.../OpenBSD/6.2/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/macppc/INSTALL.macppc">
.../OpenBSD/6.2/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/octeon/INSTALL.octeon">
.../OpenBSD/6.2/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sgi/INSTALL.sgi">
.../OpenBSD/6.2/sgi/INSTALL.sgi</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.2/sparc64/INSTALL.sparc64">
.../OpenBSD/6.2/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
Write <i>floppy62.fs</i> or <i>floppyB62.fs</i> (depending on your machine)
to a diskette and enter <i>boot dva0</i>.
Refer to INSTALL.alpha for more details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install62.iso</i> or
<i>cd62.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install62.fs</i> or
<i>miniroot62.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
Write <i>miniroot62.fs</i> to a disk and boot from it after connecting
to the serial console. Refer to INSTALL.arm64 for more details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install62.iso</i> or
<i>cd62.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install62.fs</i> or
<i>miniroot62.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot62.fs</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot62.fs</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/6.2/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>