Movatterモバイル変換

04 Feb 2016 - 10 Jul 2025

Aug	NOV	Dec
	01
2017	2018	2019

success

fail

About this capture

COLLECTED BY

Organization:Alexa Crawls

Starting in 1996,Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to theWayback Machine after an embargo period.

Collection:Alexa Crawls

Starting in 1996,Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to theWayback Machine after an embargo period.

TIMESTAMPS

The Wayback Machine - https://web.archive.org/web/20181101094013/http://www.openbsd.org:80/59.html

Released March 29, 2016
Copyright 1997-2016, Theo de Raadt.

5.9 Songs:"Doctor W^X","Systemagic (Anniversary Edition)"

See the information onthe FTP page for a list of mirror machines.
Go to the directory on one of the mirror sites.
Have a look atthe 5.9 errata page for a list of bugs and workarounds.
See adetailed log of changes between the 5.8 and 5.9 releases.

signify(1) pubkeys for this release:

base: RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVnfw:   RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1pkg:  RWSLRYDCTJeWLIScncqwGuXK6JVXDcIyRT0q+0m30MXXG4W2xWS4NZBP

All applicable copyrights and credits are in the src.tar.gz,sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in thefiles fetched via ports.tar.gz.

This is a partial list of new features and systems included in OpenBSD 5.9.For a comprehensive list, see thechangelog leadingto 5.9.

Processor support, including:
- W^X policy enforced in the i386 kernel address space.
Improved hardware support, including:
- Newasmc(4) driver for the Apple System Management Controller.
- Newpchtemp(4) driver for the thermal sensor found on Intel X99, C610 series, 9 series and 100 series PCH.
- Newuonerng(4) driver for the Moonbase Otago OneRNG.
- Newdwiic(4) driver for the Synopsys DesignWare I2C controller.
- Newikbd(4),ims(4), andimt(4) drivers for HID-over-i2c keyboards, mice and multitouch touchpads.
- Newefifb(4) driver for EFI frame buffer.
- Newviocon(4) driver for thevirtio(4)console interface provided by KVM, QEMU, and others.
- Newxen(4) driver implementing Xen domU initialization and PVHVM device attachment.
- Newxspd(4) driver for the XenSource Platform Device providing guests with additional capabilities.
- Newxnf(4) driver for Xen paravirtualized networking interface.
- amd64 can now boot from 32 bit and 64 bit EFI.
- Initial support for hardware reduced ACPI added toacpi(4).
- Support for ACPI configured SD host controllers has been added tosdhc(4).
- Thepuc(4) driver now supports Moxa CP-168U, Perle Speed8 LE and QEMU PCI serial devices.
- Intel 100 Series PCH Ethernet MAC with i219 PHY support has been added to theem(4) driver.
- RTL8168H/RTL8111H support has been added tore(4).
- inteldrm(4) has been updated to Linux 3.14.52, adding initial support for Bay Trail and Broadwell graphics.
- Support for audio in Thinkpad docks has been added to theazalia(4) driver.
- Support for Synaptic touchpads without W mode has been added to thepms(4) driver.
- Support for tap-and-drag detection with ALPS touchpads in thepms(4) driver has been improved.
- Thesdmmc(4) driver now supports sector mode for eMMC devices, such as those found on some BeagleBone Black boards.
- Thecnmac(4) driver now supports checksum offloading.
- Theipmi(4) driver now supports OpenIPMI compatible character device.
- Support for ST-506 disks has been removed.
pledge(2) support integrated:
- The tame(2) system call was renamed to pledge(2). Behavior and semantics were extended and refined.
- 453 out of 707 base system binaries were adapted to use pledge.
- 14 ports now use pledge(2): some decompression tools, mutt, some pdf tools, chromium/iridium, and the i3 window manager.
- Various bugs exposed by pledge(2) were corrected. For example in bgpd(8), iked(8), ldapd(8), ntpd(8), and syslogd(8).
- Several misfeatures were removed, such as:
  - support for HOSTALIASES in the resolver.
  - support forlookup yp in resolv.conf(5).
  - setuid-preserving code in tools from binutils.
  - handling of ed-style diffs via proc/exec in patch(1).
- Userland programs were audited so that they could be properly annotated with pledge(2). This resulted in design changes such as:
  - addition of privilege separation to rdate(8)
  - addition of privilege separation to sndiod(8)
  - the introduction of theSOCK_DNS socket(2) flag that makes anSS_DNS tagged socket conceptually different from a plain socket.
- pledge(2) is also used to constrain programs that handle untrusted data to a very limited subset of POSIX. For example, strings(1) or objdump(1) from binutils or the RSA-privsep process in smtpd(8).
SMP network stack improvements:
- The task processing incoming packets can now run mostly in parallel of the rest of the kernel. This includes:
  - carp(4),trunk(4),vlan(4) and other pseudo-drivers, with the exception ofbridge(4).
  - Ethernet decapsulation, ARP processing and MPLS forwarding path.
  - bpf(4) filter matching.
- The Rx and Tx rings of theix(4),myx(4),em(4),bge(4),bnx(4),vmx(4),gem(4),re(4) andcas(4) drivers can now be processed in parallel of the rest of the kernel.
- The Rx ring of thecnmac(4) driver can now be processed in parallel of the rest of the kernel.
Initial IEEE 802.11n wireless support:
- Theieee80211(9) subsystem now supports HT data rates up to 65 Mbit/s (802.11n MCS 0-7).
- The input path ofieee80211(9) now supports receiving A-MPDU and A-MSDU aggregated frames.
- Theiwm(4) andiwn(4) drivers make use of the above features.
- 802.11n mode is used by default if supported by the OpenBSD wireless driver and the access point. Operation in 802.11a, 802.11b, and 802.11g modes can be forced with the newifconfig(8)mode subcommand.
Generic network stack improvements:
- Newetherip(4) pseudo-device for tunneling Ethernet frames across IP[46] networks using RFC 3378 EtherIP encapsulation.
- Newpair(4) pseudo-device for creating paired virtual Ethernet interfaces.
- Newtap(4) pseudo-device, split up fromtun(4), providing a layer 3 interface with userland tools.
- Support for obsolete IPv6 socket options has been removed.
- Theiwn(4) driver now passes IEEE 802.11 control frames in monitor mode, allowing full capture of traffic on a particular wireless channel.
- pflow(4) now supports IPv6 for transport.
Installer improvements:
- Inappropriate user choices from a list of options are more reliably rejected.
- Installing to a disk partitioned with a GPT is now supported (amd64 only).
- When initializing a GPT, the required EFI System partition is automatically created.
- When installing to a GPT disk, installboot(8) now formats the EFI System partition, creates the appropriate directory structure and copies the required UEFI boot files into place.
Routing daemons and other userland network improvements:
- Neweigrpd(8) routing daemon for the Enhanced Interior Gateway Routing Protocol.
- dhclient(8) now supports multiple domain names provided via DHCP option 15 (Domain Name).
- dhclient(8) now supports search domains provided via DHCP option 119 (Domain Search).
- dhclient(8) no longer continually checks for a change to the routing domain of the interface it controls. It now relies on the appropriate routing socket messages.
- dhclient(8) now issues DHCP DECLINE responses to lease offers found to be inadequate, and restarts the DISCOVER/RENEW process rather than waiting indefinitely for a better lease to appear.
- dhclient(8) no longer exits if a desired route cannot be added. It now just reports the fact.
- dhclient(8) now takes a much more careful approach to received packets to ensure only received data is used to process the packet. Packets with incorrect length information or lacking appropriate header information are now dropped.
- dhclient(8) again disables pending timeouts if the interface link is lost, preventing endless retries at obtaining a lease.
- dhcpd(8) again properly utilizesdefault-lease-time,max-lease-time andbootp-lease-time options.
- tcpdump(8) now displays more information about IEEE 802.11 frames when run with the-y IEEE802_11_RADIO and-v options.
- Several interoperability issues iniked(8) have been fixed, including EAP auth with OS X El Capitan.
Security improvements:
- Chacha20-Poly1305 authenticated encryption mode has been implemented in the IPsec stack for the ESP protocol.
- Support for looking up hosts via YP has been removed from libc. The 'yp' lookup method in resolv.conf is no longer available.
- Support for the HOSTALIASES environment variable has been removed from libc.
Assorted improvements:
- doas(1) is a little friendlier to use.
- Updatedflex(1).
- Forkedless(1) from upstream, then proceeded to clean it up substantially.
- pdisk(8) was largely rewritten and pledged.
- Renaming files in the root directory of a MSDOS filesystem was fixed.
- Many obsoletedisktab(5) attributes and entries were removed.
- softraid(4) volumes now correctly look for the disklabel in the first OpenBSD disk partition, not the last.
- softraid(4) volumes can now be partitioned with a GPT.
- fdisk(8) now creates a default GPT as well as the protective MBR when the-g flag is used.
- fdisk(8) now has a-b flag that specifies the size of the EFI System partition to create.
- fdisk(8) now has a-v flag that causes a verbose display of both MBR and GPT information.
- fdisk(8) now provides full interactive GPT editing.
- fdisk(8) was pledged.
- Disks with sector sizes other than 512 bytes can now be partitioned with a GPT.
- The GPT kernel option was removed and GPT support is part of all GENERIC and GENERIC derived kernels.
- Many improvements were made to the GPT kernel support to ensure safe and reliable operation of GPT and MBR processing.
- disklabel(8) no longer supports boot code installation, with the-B and-b flags being removed. The associated fields in the disklabel were also removed. These functions are now all performed by installboot(8).
- PowerPC converted to secure-PLT ABI variant.
- Perform lazy binding updates inld.so(1) usingkbind(2) to improve security and reduce overhead in threaded processes.
- Over 100 internal or obsolete interfaces have been deleted or are no longer exported by libc, reducing symbol conflicts and process size.
- libc now uses local references for most of its own functions to avoid symbol overriding, improve standards compliance, increase speed, and reduce dynamic linking overhead.
- Handle intra-thread kills via newthrkill(2) system call to tightenpledge(2) restrictions and improvepthread_kill(3) andpthread_cancel(3) compliance.
- Added getpwnam_shadow(3) and getpwuid_shadow(3) to permit tighterpledge(2) restrictions.
- Added support toktrace(1) the arguments toexecve(2) andpledge(2). Removed support for tracing context switch points.kevent structures are now dumped.
- Disabled support for loading locales other than UTF-8.
- UTF-8 character locale data has been updated to Unicode 7.0.0.
- Added UTF-8 support to several utilities, includingcalendar(1),colrm(1),cut(1),fmt(1),ls(1),ps(1),rs(1),ul(1),uniq(1) andwc(1).
- Partial support for inserting and deleting UTF-8 characters inksh(1) emacs command line editing mode.
- Native language support (NLS) has been removed from libc.
- ddb(4) now automatically shows a stack trace upon panic.
OpenSMTPD 5.9.1
- Security:
  - Bothsmtpd(8)andsmtpctl(8)have been pledged.
  - The offline enqueue mode ofsmtpctl(8)has been redesigned to remove the need for a publicly writable directory which was a vector of multiple attacks in the Qualys Security audit.
- The following improvements were brought in this release:
  - Experimental support for filters API is now available with several filters available in ports.
  - Add Message-Id header if necessary.
  - Removed the kick mechanism which was misbehaving.
  - Increased the length of acceptable headers lines.
  - Assume messages are 8-bit bytes by default.
OpenSSH 7.2
- Security:
  - Qualys Security identified vulnerabilities in thessh(1) client experimental support for resuming SSH-connections (roaming). In the default configuration, this could potentially leak client keys to a hostile server. The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers. This feature has been disabled in thessh(1) client, and it has been removed from the source tree. The matching server code has never been shipped.
  - sshd(8): OpenSSH 7.0 contained a logic error inPermitRootLogin=prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication.
  - Fix an out of-bound read access in the packet handling code.
  - Further use ofexplicit_bzero(3) has been added in various buffer handling code paths to guard against compilers aggressively doing dead-store removal.
  - ssh(1),sshd(8): remove unfinished and unused roaming code.
  - ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables theSECURITY extension.
  - ssh(1),sshd(8): increase the minimum modulus size supported fordiffie-hellman-group-exchange to 2048 bits.
- Potentially-incompatible changes:
  - This release disables a number of legacy cryptographic algorithms by default inssh(1):
    - Several ciphers:blowfish-cbc,cast128-cbc, allarcfour variants and therijndael-cbc aliases for AES.
    - MD5-based and truncated HMAC algorithms.
- New/changed features:
  - all: add support for RSA signatures using SHA-256/512 hash algorithms based ondraft-rsa-dsa-sha2-256-03.txt anddraft-ssh-ext-info-04.txt.
  - ssh(1): add anAddKeysToAgent client option which can be set toyes,no,ask, orconfirm, and defaults tono. When enabled, a private key that is used during authentication will be added tossh-agent(1) if it is running (with confirmation enabled if set toconfirm).
  - sshd(8): add a newauthorized_keys optionrestrict that includes all current and future key restrictions (no-*-forwarding, etc.). Also add permissive versions of the existing restrictions, e.g.no-pty ->pty. This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future.
  - ssh(1): addssh_config(5) CertificateFile option to explicitly list certificates. (bz#2436)
  - ssh-keygen(1): allowssh-keygen(1) to change the key comment for all supported formats.
  - ssh-keygen(1): allow fingerprinting from standard input, e.g. "ssh-keygen -lf -".
  - ssh-keygen(1): allow fingerprinting multiple public keys in a file, e.g.ssh-keygen -lf ~/.ssh/authorized_keys. (bz#1319)
  - sshd(8): supportnone as an argument forsshd_config(5)Foreground andChrootDirectory. Useful insideMatch blocks to override a global default. (bz#2486)
  - ssh-keygen(1): support multiple certificates (one per line) and reading from standard input (using "-f -") forssh-keygen -L.
  - ssh-keyscan(1): addssh-keyscan -c ... flag to allow fetching certificates instead of plain keys.
  - ssh(1): better handle anchored FQDNs (e.g.cvs.openbsd.org.) in hostname canonicalisation - treat them as already canonical and trailing '.' before matchingssh_config(5).
- The following significant bugs have been fixed in this release:
  - ssh(1),sshd(8): add compatibility workarounds for FuTTY.
  - ssh(1),sshd(8): refine compatibility workarounds for WinSCP.
  - Fix a number of memory faults (double-free, free of uninitialised memory, etc.) inssh(1) andssh-keygen(1).
  - Correctly interpret thefirst_kex_follows option during the initial key exchange.
  - sftp(1): existing destination directories should not terminate recursive uploads (regression in openssh 6.8). (bz#2528)
  - ssh(1),sshd(8): correctly send backSSH2_MSG_UNIMPLEMENTED replies to unexpected messages during key exchange. (bz#2949)
  - ssh(1): refuse attempts to setConnectionAttempts=0, which does not make sense and would cause ssh to print an uninitialised stack variable. (bz#2500)
  - ssh(1): fix errors when attempting to connect to scoped IPv6 addresses with hostname canonicalisation enabled.
  - sshd_config(5): list a couple more options usable inMatch blocks. (bz#2489)
  - sshd(8): fixPubkeyAcceptedKeyTypes +... inside aMatch block.
  - ssh(1): expand tilde characters in filenames passed to-i options before checking whether or not the identity file exists. Avoids confusion for cases where shell doesn't expand (e.g.-i ~/file vs.-i~/file). (bz#2481)
  - ssh(1): do not prepend "exec" to the shell command run byMatch exec in a config file, which could cause some commands to fail in certain environments. (bz#2471)
  - ssh-keyscan(1): fix output for multiple hosts/addrs on one line when host hashing or a non standard port is in use. (bz#2479)
  - sshd(8): skip "Could not chdir to home directory" message whenChrootDirectory is active. (bz#2485)
  - ssh(1): includePubkeyAcceptedKeyTypes inssh -G config dump.
  - sshd(8): avoid changingTunnelForwarding device flags if they are already what is needed; makes it possible to usetun(4)/tap(4) networking as non-root user if device permissions and interface flags are pre-established.
  - ssh(1),sshd(8):RekeyLimits could be exceeded by one packet. (bz#2521)
  - ssh(1): fix multiplexing master failure to notice client exit.
  - ssh(1),ssh-agent(1): avoidfatal() for PKCS11 tokens that present empty key IDs. (bz#1773)
  - sshd(8): avoidprintf(3) of NULL argument. (bz#2535)
  - ssh(1),sshd(8): allowRekeyLimits larger than 4GB. (bz#2521)
  - ssh-agent(1),sshd(8): fix several bugs in (unused) KRL signature support.
  - ssh(1),sshd(8): fix connections with peers that use the key exchange guess feature of the protocol. (bz#2515)
  - sshd(8): include remote port number in log messages. (bz#2503)
  - ssh(1): don't try to load SSHv1 private key when compiled without SSHv1 support. (bz#2505)
  - ssh-agent(1),ssh(1): fix incorrect error messages during key loading and signing errors. (bz#2507)
  - ssh-keygen(1): don't leave empty temporary files when performingknown_hosts file edits whenknown_hosts doesn't exist.
  - sshd(8): correct packet format for tcpip-forward replies for requests that don't allocate a port. (bz#2509)
  - ssh(1),sshd(8): fix possible hang on closed output. (bz#2469)
  - ssh(1): expand%i inControlPath to UID. (bz#2449)
  - ssh(1),sshd(8): fix return type ofopenssh_RSA_verify. (bz#2460)
  - ssh(1),sshd(8): fix some option parsing memory leaks. (bz#2182)
  - ssh(1): add some debug output before DNS resolution; it's a place where ssh could previously silently stall in cases of unresponsive DNS servers. (bz#2433)
  - ssh(1): remove spurious newline in visual hostkey. (bz#2686)
  - ssh(1): fix printing (ssh -G ...) ofHostKeyAlgorithms=+...
  - ssh(1): fix expansion ofHostkeyAlgorithms=+...
LibreSSL 2.3.2
- User-visible features:
  - This release corrects the handling ofClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted.
  - When loading a DSA key from a raw (without DH parameters) ASN.1 serialization, perform some consistency checks on its `p' and `q' values, and return an error if the checks failed.
  - Fixed a bug inECDH_compute_key that can lead to silent truncation of the result key without error. A coding error could cause software to use much shorter keys than intended.
  - Removed support forDTLS_BAD_VER. Pre-DTLSv1 implementations are no longer supported.
  - Theengine command and parameters are removed from openssl(1). Previous releases removed dynamic and built-in engine support already.
  - SHA-0 is removed, which was withdrawn shortly after publication twenty years ago.
  - AddedCertplus CA root certificate to the defaultcert.pem file.
  - Fixed a leak in SSL_new(3) in the error path.
  - Fixed a memory leak and out-of-bounds access in OBJ_obj2txt(3).
  - Fixed an up-to 7 byte overflow in RC4 when len is not a multiple ofsizeof(RC4_CHUNK).
  - Added EVP_aead_chacha20_poly1305_ietf(3) which matches theAEAD construction introduced in RFC 7539, which is different than that already used in TLS with EVP_aead_chacha20_poly1305(3).
  - More man pages converted from pod tomdoc(7) format.
  - AddedCOMODO RSA Certification Authority andQuoVadis root certificates tocert.pem.
  - Removed "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root certificate fromcert.pem.
  - Fixed incorrect TLS certificate loading bync(1).
  - The openssl(1)s_time command now performs a proper shutdown which allows a full TLS connection to be benchmarked more accurately. A new-no_shutdown flag makess_time adopt the previous behavior so that comparisons can still be made with OpenSSL's version.
  - Removed support for theSSLEAY_CONF backwards compatibility environment variable in openssl(1).
  - The following CVEs had been fixed:
    - CVE-2015-3194—NULL pointer dereference in client side certificate validation.
    - CVE-2015-3195—memory leak in PKCS7, not reachable from TLS/SSL.
  - Note: The following OpenSSL CVEs did not apply to LibreSSL:
    - CVE-2015-3193—carry propagating bug in the x86_64 Montgomery squaring procedure.
    - CVE-2015-3196—double free race condition of the identify hint data.
- Code improvements:
  - Added install target forcmake builds.
  - Updatedpkgconfig files to correctly report the release version number, not the individual library ABI version numbers.
  - SSLv3 is now permanently removed from the tree.
  - Thelibtls API is changed from the 2.2.x series:
    - The tls_read(3) and tls_write(3) functions now work better with external event libraries.
    - Client-side verification is now supported, with the client supplying the certificate to the server.
    - Also, when using tls_connect_fds(3), tls_connect_socket(3) or tls_accept_fds(3),libtls no longer implicitly closes the passed in sockets. The caller is responsible for closing them in this case.
  - New interfaceOPENSSL_cpu_caps is provided that does not allow software to inadvertently modify cpu capability flags.OPENSSL_ia32cap andOPENSSL_ia32cap_loc are removed.
  - Theout_len argument ofAEAD changed fromssize_t tosize_t.
  - Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
  - Convertednc(1) to uselibtls for client and server operations; it is included in the libressl-portable distribution as an example of how to use thelibtls library. This is intended to be a simpler and more robust replacement foropenssl s_client andopenssl s_server for day-to-day operations.
  - ASN.1 cleanups and RFC5280 compliance fixes.
  - Time representations switched fromunsigned long totime_t. LibreSSL now checks if the host OS supports 64-bittime_t.
  - Support always extracting the peer cipher and version withlibtls.
  - Added ability to check certificate validity times withlibtls, tls_peer_cert_notbefore(3) and tls_peer_cert_notafter(3).
  - Changed tls_connect_servername(3) to use the first address that resolves with getaddrinfo(3).
  - Remove broken conditionalEVP_CHECK_DES_KEY code (non-functional since initial commit in 2004).
  - Reject too small bits value in BN_generate_prime(3), so that it does not risk becoming negative inprobable_prime_dh_safe().
  - Changed format ofLIBRESSL_VERSION_NUMBER to match that ofOPENSSL_VERSION_NUMBER.
  - Avoid a potential undefined C99+ behavior due to shift overflow inAES_decrypt.
  - Deprecated theSSL_OP_SINGLE_DH_USE flag.

Ports and packages:

Many pre-built packages for each architecture:

alpha: 7450
amd64: 9295
hppa: 6304

i386: 9290
mips64: 7094
mips64el: 7846

powerpc: 8383
sh: 111
sparc: 1105

sparc64: 8528

Some highlights:

Chromium 48.0.2564.116
Emacs 21.4 and 24.5
GCC 4.9.3
GHC 7.10.3
GNOME 3.18.2
Go 1.5.3
Groff 1.22.3
JDK 7u80 and 8u72
KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
LLVM/Clang 3.5 (20140228)
LibreOffice 5.0.4.2
MariaDB 10.0.23
Mono 4.2.1.102
Mozilla Firefox 38.6.1esr and 44.0.2
Mozilla Thunderbird 38.6.0

Node.js 4.3.0
OpenLDAP 2.3.43 and 2.4.43
PHP 5.4.45, 5.5.32 and 5.6.18
Postfix 3.0.3
PostgreSQL 9.4.6
Python 2.7.11, 3.4.4 and 3.5.1
R 3.2.3
Ruby 1.8.7.374, 2.0.0.648, 2.1.8, 2.2.4 and 2.3.0
Rust 1.6.0
Sendmail 8.15.2
Sudo 1.8.15
Tcl/Tk 8.5.18 and 8.6.4
TeX Live 2014
Vim 7.4.900
Xfce 4.12

As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.7 with xserver 1.17.4 + patches, freetype 2.6.2, fontconfig 2.11.1, Mesa 11.0.9, xterm 322, xkeyboard-config 2.17 and more)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.20.2 (+ patches)
- SQLite 3.9.2 (+ patches)
- NSD 4.1.7
- Unbound 1.5.7
- Ncurses 5.7
- Binutils 2.17 (+ patches)
- Gdb 6.3 (+ patches)
- Awk Aug 10, 2011 version

Following this are the instructions which you would have on a piece ofpaper if you had purchased a CDROM set instead of doing an alternateform of install. The instructions for doing an HTTP (or other styleof) install are very similar; the CDROM instructions are left intactso that you can see how much easier it would have been if you hadpurchased a CDROM instead.

Please refer to the following files on the three CDROMs or mirror site forextensive details on how to install OpenBSD 5.9 on your machine:

Quick installer information for people familiar with OpenBSD, and theuse of the "disklabel -E" command. If you are at all confused wheninstalling OpenBSD, read the relevant INSTALL.* file as listed above!

The OpenBSD/i386 release is on CD1.Boot from the CD to begin the install - you may need to adjustyour BIOS options first.
If your machine can boot from USB, you can writeinstall59.fs orminiroot59.fs to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB,you can install across the network using PXE as described inthe included INSTALL.i386 document.
If you are planning on dual booting OpenBSD with another OS, you will need toread INSTALL.i386.

The OpenBSD/amd64 release is on CD2.Boot from the CD to begin the install - you may need to adjustyour BIOS options first.
If your machine can boot from USB, you can writeinstall59.fs orminiroot59.fs to a USB stick and boot from it.
If you can't boot from a CD, floppy disk, or USB,you can install across the network using PXE as described in the includedINSTALL.amd64 document.
If you are planning to dual boot OpenBSD with another OS, you will need toread INSTALL.amd64.

Burn the image from a mirror site to a CDROM, and power on your machinewhile holding down theC key until the display turns on andshowsOpenBSD/macppc boot.
Alternatively, at the Open Firmware prompt, enterboot cd:,ofwboot/5.9/macppc/bsd.rd

Put CD3 in your CDROM drive and typeboot cdrom.
If this doesn't work, or if you don't have a CDROM drive, you can writeCD3:5.9/sparc64/floppy59.fs orCD3:5.9/sparc64/floppyB59.fs(depending on your machine) to a floppy and boot it withbootfloppy. Refer to INSTALL.sparc64 for details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your installwill most likely fail.
You can also writeCD3:5.9/sparc64/miniroot59.fs to the swap partition onthe disk and boot withboot disk:b.
If nothing works, you can boot over the network as described in INSTALL.sparc64.

WriteFTP:5.9/alpha/floppy59.fs orFTP:5.9/alpha/floppyB59.fs (depending on your machine) to a diskette andenterboot dva0. Refer to INSTALL.alpha for more details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your installwill most likely fail.

Boot over the network by following the instructions in INSTALL.hppa or thehppa platform page.

Writeminiroot59.fs to the start of the CFor disk, and boot normally.

Writeminiroot59.fs to a USB stick and boot bsd.rd from itor boot bsd.rd via tftp.Refer to the instructions in INSTALL.loongson for more details.

Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloaderfrom the PROM, and then bsd.rd from the bootloader.Refer to the instructions in INSTALL.luna88k for more details.

After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.Refer to the instructions in INSTALL.octeon for more details.

To install, burn cd59.iso on a CD-R, put it in the CD drive of yourmachine and selectInstall System Software from the System Maintenancemenu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically fromCD-ROM, and need a proper invocation from the PROM prompt.Refer to the instructions in INSTALL.sgi for more details.
If your machine doesn't have a CD drive, you can setup a DHCP/tftp networkserver, and boot using "bootp()/bsd.rd.IP##" using the kernel matching yoursystem type. Refer to the instructions in INSTALL.sgi for more details.

After connecting a serial port, boot over the network via DHCP/tftp.Refer to the instructions in INSTALL.socppc for more details.

Using the Linux built-in graphical ipkg installer, install theopenbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurusfor a few important details.

If you already have an OpenBSD 5.8 system, and do not want to reinstall,upgrade instructions and advice can be found in theUpgrade Guide.

src.tar.gz contains a source archive starting at /usr/src. This filecontains everything you need except for the kernel sources, which arein a separate archive. To extract:

#mkdir -p /usr/src#cd /usr/src#tar xvfz /tmp/src.tar.gz

sys.tar.gz contains a source archive starting at /usr/src/sys.This file contains all the kernel sources you need to rebuild kernels.To extract:

#mkdir -p /usr/src/sys#cd /usr/src#tar xvfz /tmp/sys.tar.gz

Both of these trees are a regular CVS checkout. Using these trees itis possible to get a head-start on using the anoncvs servers asdescribedhere.Using these filesresults in a much faster initial CVS update than you could expect froma fresh checkout of the full OpenBSD source tree.

A ports tree archive is also provided. To extract:

#cd /usr#tar xvfz /tmp/ports.tar.gz

Go read theports pageif you know nothing about portsat this point. This text is not a manual of how to use ports.Rather, it is a set of notes meant to kickstart the user on theOpenBSD ports system.

Theports/ directory represents a CVS (see the manpage forcvs(1) ifyou aren't familiar with CVS) checkout of our ports. As with our completesource tree, our ports tree is available viaAnonCVS.So, in order to keep up to date with the -stable branch, you must maketheports/ tree available on a read-write medium and update the treewith a command like:

#cd /usr/ports#cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_9

[Of course, you must replace the server name here with a nearby anoncvsserver.]

Note that most ports are available as packages on our mirrors. Updatedports for the 5.9 release will be made available if problems arise.

If you're interested in seeing a port added, would like to help out, or justwould like to know more, the mailing listports@openbsd.org is a good place to know.

[8]ページ先頭