forked from openbsd/www
-
Notifications
You must be signed in to change notification settings - Fork 0
/
64.html
1010 lines (933 loc) · 44.6 KB
/
64.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!doctype html>
<html lang=en id=release>
<meta charset=utf-8>
<title>OpenBSD 6.4</title>
<meta name="description" content="OpenBSD 6.4">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/64.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
6.4
</h2>
<table>
<tr>
<td>
<a href="images/Puffoil.jpg">
<img width="227" height="343" src="images/Puffoil.gif" alt="Puffoil"></a>
<td>
Released Oct 18, 2018<br>
Copyright 1997-2018, Theo de Raadt.<br>
<br>
<br>
Artwork by Aston Fenby.<br>
<ul>
<li>See the information on <a href="ftp.html">the FTP page</a> for
a list of mirror machines.
<li>Go to the <code class=reldir>pub/OpenBSD/6.4/</code> directory on
one of the mirror sites.
<li>Have a look at <a href="errata64.html">the 6.4 errata page</a> for a list
of bugs and workarounds.
<li>See a <a href="plus64.html">detailed log of changes</a> between the
6.3 and 6.4 releases.
<p>
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>
pubkeys for this release:<p>
<table class=signify>
<tr><td>
openbsd-64-base.pub:
<td>
RWQq6XmS4eDAcQW4KsT5Ka0KwTQp2JMOP9V/DR4HTVOL5Bc0D7LeuPwA
<tr><td>
openbsd-64-fw.pub:
<td>
RWRoBbjnosJ/39llpve1XaNIrrQND4knG+jSBeIUYU8x4WNkxz6a2K97
<tr><td>
openbsd-64-pkg.pub:
<td>
RWRF5TTY+LoN/51QD5kM2hKDtMTzycQBBPmPYhyQEb1+4pff/H6fh/kA
</table>
</ul>
<p>
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via <code>ports.tar.gz</code>.
</table>
<hr>
<section id=new>
<h3>What's New</h3>
<p>
This is a partial list of new features and systems included in OpenBSD 6.4.
For a comprehensive list, see the <a href="plus64.html">changelog</a> leading
to 6.4.
<ul>
<li>Improved hardware support, including:
<ul>
<li>ACPI support on OpenBSD/arm64 platforms.
<li>The <a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
driver was updated to code based on Linux 4.4.155, adding modesetting
support for KAVERI/KABINI/MULLINS APUs and
OLAND/BONAIRE/HAINAN/HAWAII GPUs.
<li>Support for
<a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a>
on OpenBSD/arm64 platforms.
<li>New <a href="https://man.openbsd.org/umt.4">umt(4)</a> driver
for USB Windows Precision Touchpad devices.
<li>New <a href="https://man.openbsd.org/bnxt.4">bnxt(4)</a>
driver for Broadcom NetXtreme-C/E PCI Express Ethernet
adapters based on the Broadcom BCM573xx and BCM574xx chipsets. Enabled
on amd64 and arm64 platforms.
<li>New <a href="https://man.openbsd.org/mue.4">mue(4)</a>
driver for Microchip LAN7500/LAN7505/LAN7515/LAN7850 USB 2.0
and LAN7800/LAN7801 USB 3.0 Gigabit Ethernet devices.
<li>New <a href="https://man.openbsd.org/acpisurface.4">acpisurface(4)</a>
driver providing ACPI support for Microsoft Surface Book laptops.
<li>New
<a href="https://man.openbsd.org/agintcmsi.4">agintcmsi(4/arm64)</a>
driver for the ITS component of the ARM GIC.
<li>New <a href="https://man.openbsd.org/dwpcie.4">dwpcie(4)</a>
driver for the Synopsys Designware PCIe controller,
which is built into various SoCs.
<li>New <a href="https://man.openbsd.org/acpipci.4">acpipci(4/arm64)</a>
driver providing support for PCI host bridges
based on information provided by ACPI.
<li>New
<a href="https://man.openbsd.org/mvclock.4">mvclock(4)</a>,
<a href="https://man.openbsd.org/mvgpio.4">mvgpio(4)</a>,
<a href="https://man.openbsd.org/mvicu.4">mvicu(4)</a>,
<a href="https://man.openbsd.org/mvrng.4">mvrng(4)</a>,
<a href="https://man.openbsd.org/mvrtc.4">mvrtc(4)</a>, and
<a href="https://man.openbsd.org/mvtemp.4">mvtemp(4)</a>
drivers for various components of the Marvell Armada SoCs.
<li>New
<a href="https://man.openbsd.org/hiclock.4">hiclock(4)</a>,
<a href="https://man.openbsd.org/hidwusb.4">hidwusb(4)</a>,
<a href="https://man.openbsd.org/hireset.4">hireset(4)</a>, and
<a href="https://man.openbsd.org/hitemp.4">hitemp(4)</a>
drivers for various components of the HiSilicon SoCs.
<li>New <a href="https://man.openbsd.org/ccp.4">ccp(4)</a> and
<a href="https://man.openbsd.org/octcrypto.4">octcrypto(4/octeon)</a>
drivers for hardware-accelerated cryptography.
<li>New <a href="https://man.openbsd.org/ccpmic.4">ccpmic(4)</a> and
<a href="https://man.openbsd.org/tipmic.4">tipmic(4)</a>
drivers for Intel Crystal Cove and Dollar Cove
TI Power Management ICs.
<li>New <a href="https://man.openbsd.org/imxrtc.4">imxrtc(4)</a>
driver for the RTC integrated in Freescale i.MX7 and i.MX8 processors.
<li>New <a href="https://man.openbsd.org/fanpwr.4">fanpwr(4)</a>
driver for the Fairchild FAN53555 and Silergy SYR827/828
voltage regulators.
<li>New <a href="https://man.openbsd.org/pinctrl.4">pinctrl(4)</a>
driver for generic pin multiplexing.
<li>New <a href="https://man.openbsd.org/plgpio.4">plgpio(4)</a>
driver for the ARM PrimeCell PL061 GPIO controller.
<li>PIE support for the m88k platform.
<li>Support for some HID-over-I²C touchscreen devices in
<a href="https://man.openbsd.org/imt.4">imt(4)</a>.
<li>Support for RTL8188EE and RTL8723AE in
<a href="https://man.openbsd.org/rtwn.4">rtwn(4)</a>.
<li>Support for RT3290 in
<a href="https://man.openbsd.org/ral.4">ral(4)</a>.
<li>Support for SAS 3.5 controllers (SAS34xx and SAS35xx) in
<a href="https://man.openbsd.org/mpii.4">mpii(4)</a>.
<li>Support for drive and battery status sensors and bio in
<a href="https://man.openbsd.org/mfii.4">mfii(4)</a>.
<li>On i386 Intel CPU microcode is loaded on boot.
<li>On i386 reduce the size of the area reserved for
<a href="https://man.openbsd.org/brk.2">brk(2)</a>
to make more memory available to anonymous
<a href="https://man.openbsd.org/mmap.2">mmap(2)</a> calls.
<li>On sparc64 <a href="https://man.openbsd.org/ldomctl.8">ldomctl(8)</a>
now supports more modern firmware found on SPARC T2+ and T3 machines in
particular such as T1000, T5120 and T5240.
NVRAM variables can now be set per logical domain.
<li><a href="https://man.openbsd.org/com.4">com(4)</a>
better supports Synopsys Designware UARTs.
<li>New <a href="https://man.openbsd.org/islrtc.4">islrtc(4)</a>
driver for Intersil ISL1208 Real Time Clock.
<li>Support for the Huawei k3772 in
<a href="https://man.openbsd.org/umsm.4">umsm(4)</a>.
<li>Support for the VIA VX900 chipset in
<a href="https://man.openbsd.org/viapm.4">viapm(4)</a>.
<li>Support for GNSS networks other than GPS in
<a href="https://man.openbsd.org/nmea.4">nmea(4)</a>.
<li>Support for Elantech trackpoints in
<a href="https://man.openbsd.org/pms.4">pms(4)</a>.
<li>Added a sensor for port replicatior status to
<a href="https://man.openbsd.org/acpithinkpad.4">acpithinkpad(4)</a>.
<li>Support for Allwinner H3 and A64 SoC in
<a href="https://man.openbsd.org/sxitemp.4">scitemp(4)</a>.
</ul>
<li><a href="https://man.openbsd.org/amd64/vmm.4">vmm(4)</a> and
<a href="https://man.openbsd.org/amd64/vmd.8">vmd(8)</a> improvements:
<ul>
<li>Support for qcow2 disk and snapshot images.
<li>Support for VM templates and derived instances in
<a href="https://man.openbsd.org/vm.conf.5#VM_INSTANCES">vm.conf(5)</a> and
<a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
<li>Added initial <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
support to <a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>
along with general cleanups.
<li>Various bug fixes and improvements.
</ul>
<li>IEEE 802.11 wireless stack improvements:
<ul>
<li>With the new 'join' feature (managed with <a
href="http://man.openbsd.org/ifconfig#IEEE_802.11_(WIRELESS_DEVICES)">
ifconfig(8)</a>), the kernel manages automatic switching between
different WiFi networks.
<li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
scan performance has been improved for many devices.
</ul>
<li>Generic network stack improvements:
<ul>
<li><a href="https://man.openbsd.org/trunk.4">trunk(4)</a>
now has LACP administrative knobs for mode, timeout, system priority,
port priority, and ifq priority.
<li><a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
now has the ability to adjust LACP administrative knobs
<code>lacpmode</code> and <code>lacptimeout</code>.
<li><a href="https://man.openbsd.org/sendmsg.2">sendmsg(2)</a>,
<a href="https://man.openbsd.org/sendto.2">sendto(2)</a>,
<a href="https://man.openbsd.org/recvfrom.2">recvfrom(2)</a> and
<a href="https://man.openbsd.org/recvmsg.2">recvmsg(2)</a> are
run without KERNEL_LOCK.
<li>New global IPsec counters are available via
<a href="https://man.openbsd.org/netstat.1">netstat(1)</a>.
<li>New <a href="https://man.openbsd.org/eoip.4">eoip(4)</a>
interface for the MikroTik Ethernet over IP (EoIP)
encapsulation protocol.
</ul>
<li>Installer improvements:
<ul>
<li><a href="https://man.openbsd.org/installurl.5">installurl(5)</a> now
defaults to
<a href="ftp.html">cdn.openbsd.org</a> if
no mirror was chosen during installation.
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> and
<a href="https://man.openbsd.org/syspatch.8">syspatch(8)</a>
will thus work out of the box.
<li>DUID can be used to answer the "Which disk is the root disk?"
question during upgrade.
<li>Installing a
<a href="https://man.openbsd.org/diskless.8">diskless(8)</a>
setup can be done over interfaces configured with
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
now creates a /usr/obj partition with a minimum size of 5G when using
automatic disk allocation.
<li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
now creates a /usr/local partition with a maximum size of 20G when
using automatic disk allocation.
</ul>
<li>Security improvements:
<ul>
<li>New <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
system call to restrict file system access of the calling
process to the specified files and directories. It is most
powerful when properly combined with privilege separation
and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
<li>Implemented MAP_STACK option for
<a href="https://man.openbsd.org/mmap.2">mmap(2)</a>.
At pagefaults and syscalls the kernel will check that the
stack pointer points to MAP_STACK memory, which mitigates
against attacks using stack pivots.
<li>New RETGUARD security mechanism on amd64 and arm64:
use per-function random cookies to protect access to function
return instructions, making them harder to use in ROP gadgets.
<li><a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
includes a pass that identifies common instructions which
may be useful in ROP gadgets and replaces them with safe
alternatives on amd64 and i386.
<li>The Retpoline mitigation against Spectre Variant 2 has been
enabled in <a href="https://man.openbsd.org/clang.1">clang(1)</a>
and in assembly files on amd64 and i386.
<li>Added SpectreRSB mitigation on amd64.
<li>Added Intel L1 Terminal Fault mitigation on amd64.
<li>When available, PCIDs are used on amd64 to separate user
and kernel thread TLB entries.
<li>Meltdown mitigation was added to i386.
<li>amd64 now uses eager-FPU switching to prevent FPU state
information speculatively leaking across protection boundaries.
<li>Because Simultaneous MultiThreading (SMT) uses core resources in
a shared and unsafe manner, it is now disabled by default.
It can be enabled with the new <code>hw.smt</code>
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable.
<li>Audio recording is now disabled by default and can be enabled
with the new <code>kern.audio.record</code>
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable.
<li><a href="https://man.openbsd.org/getpwnam.3">getpwnam(3)</a> and
<a href="https://man.openbsd.org/getpwnam.3">getpwuid(3)</a> no
longer return a pointer to static storage but a managed allocation
which gets unmapped. This allows detection of access to stale entries.
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a> includes
improved defence against user enumeration attacks.
</ul>
<li>Routing daemons and other userland network improvements:
<ul>
<li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> can now set
the metric for a route depending on the status of an interface.
<li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> can now be
bound into an alternate routing domain.
<li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> is
now pledged.
<li>Prevent <a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a> and
<a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> from being
started more than once (in the same routing domain).
<li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> is now fully
pledged.
<li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> is informed by
the kernel when Duplicate Address Detection (DAD) fails and generates
different addresses when possible.
<li>When <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a> detects
roaming between networks, it deprecates all configured IPs. IPs from
newly advertised prefixes will be preferred.
<li>A new daemon, <a href="https://man.openbsd.org/rad.8">rad(8)</a>, sends
IPv6 Router Advertisement messages and replaces the old rtadvd(8)
daemon from KAME.
<li>The anachronistic
<a href="https://man.openbsd.org/OpenBSD-6.3/networks.5">networks(5)</a>
configuration file is no longer supported.
<li>More robust <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>
parsing routines and corner case fixes around table and anchor
handling.
<li><a href="https://man.openbsd.org/route.8">route(8)</a> now errors out
on bad <code>-netmask/-prefixlen</code> usage instead of configuring
ambiguous routes.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
now adds a direct route to the default route gateway when the
gateway is not reachable via the address/netmask provided by the
lease.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
now updates
<a href="https://man.openbsd.org/dhclient.leases.5">dhclient.leases(5)</a>,
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>,
and any '-L'
file before daemonizing and returning control
to invoking scripts.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>'s
'-i' option now discards any previously defined values for the options
to be ignored.
<li>Any change to any interface now causes
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
to appropriately update
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
now always records the client identifier used to obtain a lease,
enabling better conformance to RFC 6842.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
now has the '-r' option to release the current lease and exit.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>
now avoids inappropriate changes to
<a href="https://man.openbsd.org/resolv.conf.5">resolv.conf(5)</a>
by ignoring
<a href="https://man.openbsd.org/dhclient.leases.5">dhclient.leases(5)</a>
for interfaces that cannot report their link status.
</ul>
<li><a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> improvements:
<ul>
<li>The default filter action was changed from allow to deny.
<li>The config option 'announce (all|self|none|default-route)'
has been deprecated and superseded by filter configuration.
<li>Improved prefix-sets both in speed and user experience.
<li>Introduced as-sets to match ASPATH against large lists of AS numbers.
<li>Support for BGP Origin Validation
<a href="https://tools.ietf.org/html/rfc6811">RFC 6811</a>
through the <code>roa-set</code> directive.
<li>Added origin-sets for matching prefix / origin AS pairs efficiently.
<li>Some syntax cleanups: newlines are optional inside expansion
lists (previously newlines needed to be escaped) but, in neighbor,
group and rdomain blocks multiple statements have to be on new lines.
<li>Reduce the amount of work done during a configuration reload.
<li>Config reloading no longer blocks other event handling in the
route decision engine.
<li>Better support and bugfixes for multiple bgpd processes
running in different rdomains.
</ul>
<li>Assorted improvements:
<ul>
<li><a href="https://man.openbsd.org/rasops.9">rasops(9)</a>-backed
framebuffer consoles such as
<a href="https://man.openbsd.org/inteldrm.4">inteldrm(4)</a>,
<a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> and
<a href="https://man.openbsd.org/efifb.4">efifb(4)</a> now support
scrollback.
<li><a href="https://man.openbsd.org/rebound.8">rebound(8)</a>
gained support for permanent A records, similar to
<code>local-data</code>
supported by
<a href="https://man.openbsd.org/unbound.8">unbound(8)</a>.
<li>New
<a href="https://man.openbsd.org/kcov.4">kcov(4)</a>
driver used for collection of code coverage inside the kernel.
It's used in an ongoing effort to fuzz the kernel.
<li><a href="https://man.openbsd.org/uid_from_user.3">uid_from_user(3)</a>
and
<a href="https://man.openbsd.org/gid_from_group.3">gid_from_group(3)</a>
were added to the C library and are now used in several programs
to speed up repeated lookups.
<li>New semaphore implementation making
<a href="https://man.openbsd.org/sem_post.3">sem_post(3)</a>
async-safe.
<li><a href="https://man.openbsd.org/pcap_set_immediate_mode.3"
>pcap_set_immediate_mode(3)</a> was imported from mainline libpcap,
allowing programs to process packets as soon as they arrive.
<li><a href="https://man.openbsd.org/ksh.1">ksh(1)</a> now supports
64-bit integers on all architectures.
<li>A bug in
<a href="https://man.openbsd.org/ksh.1">ksh(1)</a>
related to variable expansion of read-only variables has been fixed.
<li><a href="https://man.openbsd.org/lam.1">lam(1)</a>
now provides UTF-8 support.
<li>Enable <a href="https://man.openbsd.org/trunk.4">trunk(4)</a> and
<a href="https://man.openbsd.org/vlan.4">vlan(4)</a> on arm64 RAMDISK.
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a> IP fragment
reassembly uses a better algorithm to make it robust against
denial of service attacks.
<li>New <a href="https://man.openbsd.org/ldap.1">ldap(1)</a>
tool implementing a simple LDAP search client.
<li>A bug in <a href="https://man.openbsd.org/init.8">init(8)</a>
that caused hangs on i386 under VMware has been fixed.
<li>TFTP boot support was added for U-Boot based arm64 and armv7 platforms
via EFI Simple Network protocol.
<li>Support was added for the EFI Random Number Generator Protocol
to insert additional entropy into the kernel at boot.
<li>Support for RFC 3430 (TCP connections) was added to
<a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>.
<li>Enable <a href="https://man.openbsd.org/bwfm.4">bwfm(4)</a> on amd64,
i386, arm64 and armv7. Also on loongson and macppc for USB devices.
<li>New "Spleen 5x8" font added to wsfont, targeted at small OLED displays.
<li><a href="https://man.openbsd.org/usbdevs.8">usbdevs(8)</a> now reports
USB port statuses.
<li><a href="https://man.openbsd.org/top.1">top(1)</a> and
<a href="https://man.openbsd.org/systat.1">systat(1)</a> now report
the time spent by each CPU waiting on spinning locks.
<li>Improved read speed on MSDOSFS via clustering.
<li>Access to NFS nodes is now serialized.
<li><a href="https://man.openbsd.org/systat.1">systat(1)</a>
has a new uvm view that displays statistics relevant to the UVM subsystem.
<li><a href="https://man.openbsd.org/mg.1">mg(1)</a>
now handles carriage returns during incremental search by setting the
mark and exiting the search, as modern emacsen do.
<li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
improved the rounding of partition offsets and
sizes to cylinder boundaries.
<li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
now range checks all user input.
<li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
no longer allows FS_RAID partitions to be given a mount point.
<li><a href="https://man.openbsd.org/disklabel.8">disklabel(8)</a>
now changes partition information only when all user
input is valid.
<li><a href="https://man.openbsd.org/relayd.8">relayd(8)</a> has
improved log directives in its configuration file for finer
grained control of what gets logged.
<li><a href="https://man.openbsd.org/tmux.1">tmux(1)</a>
now handles terminfo colors greater than 256 correctly.
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a>
now supports client certificate authentication.
<li>Numerous improvements to the
<a href="https://man.openbsd.org/fuse.4">fuse(4)</a> subsystem.
<li>Improvements to the way the kernel searches for available
memory to satisfy anonymous
<a href="https://man.openbsd.org/mmap.2">mmap(2)</a>
calls.
<li><a href="https://man.openbsd.org/efifb.4">efifb(4)</a> now remaps
the EFI framebuffer early to use a write combining mapping, speeding
things up considerably.
</ul>
<li>OpenSMTPD
<ul>
<li>Incompatible change to the
<a href="https://man.openbsd.org/smtpd.conf.5">smtpd.conf(5)</a>
grammar: separate envelope matching, which happens during the
SMTP dialogue while receiving a message and merely results
in assigning an action name, from delivery actions, which do
not take effect until the queue runner makes a delivery attempt.
This gets rid of several different roadblocks in OpenSMTPD
development.
<li>Improve SMTP server engine with a new RFC 5322 message parser.
<li>Remove limitations preventing
<a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>
from dealing with clients submitting long lines.
<li>Improve security by moving expansion of .forward file variables
into the users' MDA process.
<li>Introduce MDA wrappers allowing recipient MDA commands to be
transparently wrapped inside global commands.
<li>A new <a href="https://man.openbsd.org/smtp.1">smtp(1)</a>
command line client has been added.
<li>Assorted documentation improvements, cleanups and minor bug fixes.
</ul>
<li><a href="https://www.openssh.com/releasenotes.html#7.9">OpenSSH 7.9</a>
<ul>
<li>New features:
<ul>
<li>In most places
in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>
and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> where
port numbers are used, service names (from /etc/services) can
now be used.
<li>The <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>
IdentityAgent configuration directive now accepts environment
variable names. This supports the use of multiple agent
sockets without needing to use fixed paths.
<li>Support signalling sessions via the SSH protocol in
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>.
<li>"ssh -Q sig" can be used to list supported signature
options. Also "ssh -Q help" will show the full set of
supported queries.
<li>The new CASignatureAlgorithms option
in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>
and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>
controls the allowed signature formats for CAs to sign
certificates with. For example, this allows banning CAs that
sign certificates using the RSA-SHA1 signature algorithm.
<li>Key revocation lists (KRLs) can now contain keys specified
by SHA256 hash. These lists are managed
by <a href="http://man.openbsd.org/ssh-keygen.8">ssh-keygen(8)</a>. In
addition, KRLs can now be created from base64-encoded SHA256
fingerprints, i.e. from only the information contained
in <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>
authentication log messages.
</ul>
<li>Non-exhaustive list of bug fixes:
<ul>
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>:
<a href="http://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>:
avoid spurious "invalid format" errors when attempting to load
PEM private keys while using an incorrect passphrase.
<li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: when a
channel closed message is received from a client, close the
stderr file descriptor at the same time stdout is closed. This
avoids stuck processes if they were waiting for stderr to
close and were insensitive to stdin/out closing.
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>: allow
ForwardX11Timeout=0 to disable the untrusted X11 forwarding
timeout and support X11 forwarding indefinitely. Previously
the behaviour of ForwardX11Timeout=0 was undefined.
<li><a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: do not
fail closed when configured with a text key revocation list
that contains a too-short key.
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>: treat
connections with ProxyJump specified the same as ones with a
ProxyCommand set with regards to hostname canonicalisation
(i.e. don't try to canonicalise the hostname unless
CanonicalizeHostname is set to 'always').
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>: fix
regression in OpenSSH 7.8 that could prevent public-key
authentication using certificates hosted in
a <a href="http://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a> or
against <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>
from OpenSSH <7.8.
</ul>
</ul>
<li>LibreSSL 2.8.2
<ul>
<li>API and Documentation Enhancements
<ul>
<li>X.509 verification is now more strict so
<a href="https://man.openbsd.org/X509_VERIFY_PARAM_set_flags.3">X509_VERIFY_PARAM</a>
host, ip or email failure will cause future
<a href="https://man.openbsd.org/X509_verify_cert.3">X509_verify_cert(3)</a>
calls to fail.
<li>Support for single DES cipher suites is removed.
<li>Support for RSASSA-PKCS1-v1_5 (RFC 8017) is added to
<a href="https://man.openbsd.org/man3/RSA_sign.3">RSA_sign(3)</a>
<li>Modified signature of <a href="https://man.openbsd.org/CRYPTO_mem_leaks.3">CRYPTO_mem_leaks_*(3)</a> to return -1. This function
is a no-op in LibreSSL, so this function returns an error to not
indicate the (non-)existence of memory leaks.
<li><a href="https://man.openbsd.org/SSL_copy_session_id.3">SSL_copy_session_id(3)</a>, PEM_Sign, <a href="https://man.openbsd.org/EVP_EncodeUpdate.3">EVP_EncodeUpdate(3)</a>, <a href="https://man.openbsd.org/BIO_set_cipher.3">BIO_set_cipher(3)</a>, <a href="https://man.openbsd.org/X509_OBJECT_up_ref_count.3">X509_OBJECT_up_ref_count(3)</a> now return an int for error handling, matching OpenSSL.
<li>Converted a number of #defines into proper functions, matching
OpenSSL's ABI (e.g. <a href="https://man.openbsd.org/X509_CRL_get_issuer.3">X509_CRL_get_issuer(3)</a> and other X509_*get*(3) functions)
<li>Added X509_get0_serialNumber(3) from OpenSSL.
<li>Removed EVP_PKEY2PKCS8_broken(3) and PKCS8_set_broken(3), while adding
PKCS8_pkey_add1_attr_by_NID(3) and PKCS8_pkey_get0_attrs(3), matching
OpenSSL.
<li>Removed broken pkcs8 formats from <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>.
<li>Added <a href="https://man.openbsd.org/RSA_meth_get_finish.3">RSA_meth_get_finish(3)</a> and <a href="https://man.openbsd.org/RSA_meth_set1_name.3">RSA_meth_set1_name(3)</a> from OpenSSL.
<li>Added new <a href="https://man.openbsd.org/EVP_CIPHER_CTX_get_iv.3">EVP_CIPHER_CTX_(get|set)_iv(3)</a> API that allows the IV to be retrieved and set with appropriate validation.
<li>Extensive documentation updates and additional API history.
<li>Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.
<li>Made <a href="https://man.openbsd.org/ENGINE_finish.3">ENGINE_finish(3)</a> and <a href="https://man.openbsd.org/ENGINE_free.3">ENGINE_free(3)</a> succeed on NULL and simplify callers and matching OpenSSL behavior, rewrote ENGINE_* documentation.
<li>Added const annotations to many existing APIs from OpenSSL, making
interoperability easier for downstream applications.
<li>Documented <a href="https://man.openbsd.org/BN_set_flags.3#BUGS">security pitfalls</a> with BN_FLG_CONSTTIME and constant-time operation of BN_* functions.
</ul>
<li>Testing and Proactive Security
<ul>
<li>Added Wycheproof test support for ECDH, RSASSA-PSS, AES-GCM,
AES-CMAC, AES-CCM, AES-CBC-PKCS5, DSA, ChaCha20-Poly1305, ECDSA, and
X25519 test vectors. Applied appropriate fixes for errors uncovered by
tests.
<li>Added more cipher tests, including all TLSv1.2 ciphers.
<li>Added a blinding value when generating DSA and ECDSA signatures, in
order to reduce the possibility of a side-channel attack leaking the
private key.
<li>Added timing-safe compares for checking results of signature
verification.
<li>Added ECC constant time scalar multiplication support.
From Billy Brumley and his team at Tampere University of Technology.
</ul>
<li>Internal Improvements
<ul>
<li>Simplified key exchange signature generation and verification.
<li>Converted more code paths to use CBB/CBS. All handshake messages are
now created by CBB. RSA key exchange is simplified and uses dedicated
buffers for secrets.
<li>Simplified session ticket parsing and handling, inspired by
BoringSSL.
<li>Stopped handing AES-GCM in ssl_cipher_get_evp, since they use the
EVP_AEAD interface.
<li>Stopped using composite EVP_CIPHER AEADs.
<li>Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and
SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths.
<li>Updated BN_clear to use explicit_bzero.
<li>Cleaned up BN_* implementations following changes made in OpenSSL by
Davide Galassi and others.
<li>Revised the implementation of RSASSA-PKCS1-v1_5 to match the
specification in RFC 8017. Based on an OpenSSL commit by David
Benjamin.
</ul>
<li>Bug Fixes
<ul>
<li>Fixed a one-byte buffer overrun in callers of EVP_read_pw_string
<li>Fixed various memory leaks found by Coverity.
<li>Converted more functions in public API to use const arguments.
<li>Correctly clear the current cipher state, when changing cipher state.
This fixed an issue where renegotiation of cipher suites would fail
when switched from AEAD to non-AEAD or vice-versa.
Issue reported by Bernard Spil.
<li>Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry
<li>Fixed a potential memory leak on failure in ASN1_item_digest
<li>Fixed a potential memory alignment crash in asn1_item_combine_free
<li>Fixed small timing side-channels in ecdsa_sign_setup and
dsa_sign_setup.
<li>Added a missing bounds check in c2i_ASN1_BIT_STRING.
<li>Fixed a potential leak/incorrect return value in DSA signature
generation.
</ul>
</ul>
<li>Mandoc 1.14.4
<ul>
<li>In HTML output, many
<a href="https://man.openbsd.org/mdoc.7">mdoc(7)</a> macros
now use more fitting HTML elements.
<li>In HTML output, almost all "style" attributes and a number of
redundant "class" attributes were removed.
<li>Baby steps towards responsive design: use a @media query in
mandoc.css, use the HTML meta viewport element, and remove all
hard-coded widths and heights from the generated HTML code.
<li>Many style improvements in
<a href="https://man.openbsd.org/mandoc.css">mandoc.css</a>.
<li>More than 15 new low level
<a href="https://man.openbsd.org/roff.7">roff(7)</a>
and GNU man-ext features.
Mandoc can now format the manuals of the groff port.
</ul>
<li><p>Ports and packages:
<ul>
<li><a href="https://man.openbsd.org/update-plist.1">update-plist(1)</a>
has been entirely rewritten and now figures out MULTI_PACKAGES and
variable substitution almost 100%.
<li>New packages now run maintenance database tools like
update-desktop-database just once instead of after
every package addition/removal.
<li>Ports infrastructure manuals
(<a href="https://man.openbsd.org/bulk.8">bulk(8)</a>,
<a href="https://man.openbsd.org/dpb.1">dpb(1)</a> and others) are now
included in the base install and are therefore readable without the
ports tree.
</ul>
<p>Many pre-built packages for each architecture:
<!-- number of FTP packages minus SHA256, SHA256.sig, index.txt -->
<ul style="column-count: 3">
<li>aarch64: 8319
<li>amd64: 10304
<li>arm: 8324
<li>i386: 10230
<li>mips64: 7181
<li>mips64el: 7255
<li>powerpc: 8737
<li>sparc64: 7327
</ul>
<p>Some highlights:
<ul style="column-count: 2">
<li>AFL 2.52b
<li>CMake 3.10.2
<li>Chromium 69.0.3497.100
<li>Emacs 21.4 and 26.1
<li>GCC 4.9.4
<li>GHC 8.2.2
<li>Gimp 2.8.22
<li>GNOME 3.28.2
<li>Go 1.11
<li>Groff 1.22.3
<li>JDK 8u172
<li>LLVM/Clang 6.0.1
<li>LibreOffice 6.1.1.2
<li>Lua 5.1.5, 5.2.4 and 5.3.5
<li>MariaDB 10.0.36
<li>Mono 5.14.0.177
<li>Mozilla Firefox 60.2.2esr and 62.0.3
<li>Mozilla Thunderbird 60.2.1
<li>Mutt 1.10.1 and NeoMutt 20180716
<li>Node.js 8.12.0
<li>OCaml 4.03.0
<li>OpenLDAP 2.3.43 and 2.4.46
<li>PHP 5.6.38, 7.0.32, 7.1.22 and 7.2.10
<li>Postfix 3.3.1 and 3.4-20180904
<li>PostgreSQL 10.5
<li>Python 2.7.15 and 3.6.6
<li>R 3.5.1
<li>Ruby 2.3.7, 2.4.4 and 2.5.1
<li>Rust 1.29.2
<li>Sendmail 8.16.0.29
<li>SQLite3 3.24.0
<li>Sudo 1.8.25
<li>Tcl/Tk 8.5.19 and 8.6.8
<li>TeX Live 2017
<li>Vim 8.1.438
<li>Xfce 4.12
</ul>
<li>As usual, steady improvements in manual pages and other documentation.
<li>The system includes the following major components from outside suppliers:
<ul>
<li>Xenocara (based on X.Org 7.7 with xserver 1.19.6 + patches,
freetype 2.9.1, fontconfig 2.12.4, Mesa 13.0.6, xterm 331,
xkeyboard-config 2.20 and more)
<li>LLVM/Clang 6.0.0 (+ patches)
<li>GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
<li>Perl 5.24.3 (+ patches)
<li>NSD 4.1.25
<li>Unbound 1.8.1
<li>Ncurses 5.7
<li>Binutils 2.17 (+ patches)
<li>Gdb 6.3 (+ patches)
<li>Awk Aug 10, 2011 version
<li>Expat 2.2.6
</ul>
</ul>
</section>
<hr>
<section id=install>
<h3>How to install</h3>
<p>
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 6.4 on your machine:
<ul>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/alpha/INSTALL.alpha">
.../OpenBSD/6.4/alpha/INSTALL.alpha</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/amd64/INSTALL.amd64">
.../OpenBSD/6.4/amd64/INSTALL.amd64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/arm64/INSTALL.arm64">
.../OpenBSD/6.4/arm64/INSTALL.arm64</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/armv7/INSTALL.armv7">
.../OpenBSD/6.4/armv7/INSTALL.armv7</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/hppa/INSTALL.hppa">
.../OpenBSD/6.4/hppa/INSTALL.hppa</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/i386/INSTALL.i386">
.../OpenBSD/6.4/i386/INSTALL.i386</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/landisk/INSTALL.landisk">
.../OpenBSD/6.4/landisk/INSTALL.landisk</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/loongson/INSTALL.loongson">
.../OpenBSD/6.4/loongson/INSTALL.loongson</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/luna88k/INSTALL.luna88k">
.../OpenBSD/6.4/luna88k/INSTALL.luna88k</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/macppc/INSTALL.macppc">
.../OpenBSD/6.4/macppc/INSTALL.macppc</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/octeon/INSTALL.octeon">
.../OpenBSD/6.4/octeon/INSTALL.octeon</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/sgi/INSTALL.sgi">
.../OpenBSD/6.4/sgi/INSTALL.sgi</a>
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/6.4/sparc64/INSTALL.sparc64">
.../OpenBSD/6.4/sparc64/INSTALL.sparc64</a>
</ul>
</section>
<hr>
<section id=quickinstall>
<p>
Quick installer information for people familiar with OpenBSD, and the use of
the "<a href="https://man.openbsd.org/disklabel.8">disklabel</a> -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
<h3>OpenBSD/alpha:</h3>
<p>
Write <i>floppy64.fs</i> or <i>floppyB64.fs</i> (depending on your machine)
to a diskette and enter <i>boot dva0</i>.
Refer to INSTALL.alpha for more details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<h3>OpenBSD/amd64:</h3>
<p>
If your machine can boot from CD, you can write <i>install64.iso</i> or
<i>cd64.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install64.fs</i> or
<i>miniroot64.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
<p>
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
<h3>OpenBSD/arm64:</h3>
<p>
Write <i>miniroot64.fs</i> to a disk and boot from it after connecting
to the serial console. Refer to INSTALL.arm64 for more details.
<h3>OpenBSD/armv7:</h3>
<p>
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
<h3>OpenBSD/hppa:</h3>
<p>
Boot over the network by following the instructions in INSTALL.hppa or the
<a href="hppa.html#install">hppa platform page</a>.
<h3>OpenBSD/i386:</h3>
<p>
If your machine can boot from CD, you can write <i>install64.iso</i> or
<i>cd64.iso</i> to a CD and boot from it.
You may need to adjust your BIOS options first.
<p>
If your machine can boot from USB, you can write <i>install64.fs</i> or
<i>miniroot64.fs</i> to a USB stick and boot from it.
<p>
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
<p>
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
<h3>OpenBSD/landisk:</h3>
<p>
Write <i>miniroot64.fs</i> to the start of the CF
or disk, and boot normally.
<h3>OpenBSD/loongson:</h3>
<p>
Write <i>miniroot64.fs</i> to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
<h3>OpenBSD/luna88k:</h3>
<p>
Copy 'boot' and 'bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
<h3>OpenBSD/macppc:</h3>
<p>
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the <i>C</i> key until the display turns on and
shows <i>OpenBSD/macppc boot</i>.
<p>
Alternatively, at the Open Firmware prompt, enter <i>boot cd:,ofwboot
/6.4/macppc/bsd.rd</i>
<h3>OpenBSD/octeon:</h3>
<p>
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
<h3>OpenBSD/sgi:</h3>
<p>
To install, burn cd64.iso on a CD-R, put it in the CD drive of your
machine and select <i>Install System Software</i> from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
<p>
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
<h3>OpenBSD/sparc64:</h3>
<p>
Burn the image from a mirror site to a CDROM, boot from it, and type
<i>boot cdrom</i>.
<p>
If this doesn't work, or if you don't have a CDROM drive, you can write
<i>floppy64.fs</i> or <i>floppyB64.fs</i>
(depending on your machine) to a floppy and boot it with <i>boot
floppy</i>. Refer to INSTALL.sparc64 for details.
<p>
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
<p>
You can also write <i>miniroot64.fs</i> to the swap partition on
the disk and boot with <i>boot disk:b</i>.
<p>
If nothing works, you can boot over the network as described in INSTALL.sparc64.
</section>
<hr>
<section id=upgrade>
<h3>How to upgrade</h3>
<p>
If you already have an OpenBSD 6.3 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
<a href="faq/upgrade64.html">Upgrade Guide</a>.
</section>
<hr>
<section id=sourcecode>
<h3>Notes about the source code</h3>
<p>
<code>src.tar.gz</code> contains a source archive starting at <code>/usr/src</code>.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/src.tar.gz</kbd>
</pre></blockquote>
<p>
<code>sys.tar.gz</code> contains a source archive starting at <code>/usr/src/sys</code>.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
<blockquote><pre>
# <kbd>mkdir -p /usr/src/sys</kbd>
# <kbd>cd /usr/src</kbd>
# <kbd>tar xvfz /tmp/sys.tar.gz</kbd>
</pre></blockquote>
<p>
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described <a href="anoncvs.html">here</a>.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
</section>
<hr>
<section id=ports>
<h3>Ports Tree</h3>
<p>
A ports tree archive is also provided. To extract:
<blockquote><pre>
# <kbd>cd /usr</kbd>
# <kbd>tar xvfz /tmp/ports.tar.gz</kbd>
</pre></blockquote>
<p>
Go read the <a href="faq/ports/index.html">ports</a> page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
<p>
The <i>ports/</i> directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
<a href="anoncvs.html">AnonCVS</a>.
So, in order to keep up to date with the -stable branch, you must make
the <i>ports/</i> tree available on a read-write medium and update the tree
with a command like:
<blockquote><pre>
# <kbd>cd /usr/ports</kbd>
# <kbd>cvs -d [email protected]:/cvs update -Pd -rOPENBSD_6_4</kbd>
</pre></blockquote>
<p>