OpenBSD 5.8 arrives on the 20th birthday of the OpenBSD project.
October 18, 2015.
We are pleased to announce the official release of OpenBSD 5.8.
This is our 38th release on CD-ROM (and 39th via FTP/HTTP). We remain
proud of OpenBSD's record of twenty years with only two remote holes in
the default install.
As in our previous releases, 5.8 provides significant improvements,
including new features, in nearly all areas of the system:
- Improved hardware support, including:
o New rtwn(4) driver for Realtek RTL8188CE wifi cards.
o New hpb(4) driver for HyperTransport bridges as found in the IBM
CPC945.
o The ugold(4) driver now supports TEMPerHUMV1.x temperature and
humidity sensors.
o Improved sensor support for the upd(4) driver for USB Power
Devices (UPS).
o Support for jumbo frames on re(4) devices using RTL8168C/D/E/F/G
and RTL8411, including PC Engines APU.
o re(4) now works with newer devices e.g. RTL8111GU.
o Partial support has been added for full-speed isochronous devices
in ehci(4), allowing USB 1.1 audio devices to be used on
EHCI-only systems in some cases.
o Improved macppc stability and G5 performances with MP kernels.
o acpicpu(4) uses ACPI C-state information to reduce power
consumption of idle CPUs.
o Kernel supports x86 AVX instructions on CPUs that have them.
o Avoid assigning low address to PCI BARs, fixing various issues on
machines whose BIOSes neglect to claim low memory.
o wscons(4) works with even more odd trackpads.
o Added pvbus(4) paravirtual device tree root on virtual machines
that are running on hypervisors.
o New octdwctwo(4) driver for USB support on OpenBSD/octeon.
o New amdcf(4) driver for embedded flash on OpenBSD/octeon.
o Support for RTL8188EU devices was added to the urtwn(4) driver.
- Removed hardware support:
o The lmc(4) driver for Lan Media Corporation SSI/T1/DS1/HSSI/DS3
devices has been removed.
o The san(4) driver for Sangoma Technologies AFT T1/E1 devices has
been removed.
- Generic network stack improvements:
o MTU of vlan(4) devices can now be set independently from the
parent interface's MTU.
o The same network range can now be assigned to multiple
interfaces, using interface priorities to choose between them.
o New MPLS pseudowire driver mpw(4).
o Much preparatory work for MP unlocking of the network stack.
- Installer improvements:
o The logic of the 'Allow root ssh login?' question has been
changed.
- The default answer is now 'no'.
- 'prohibit-password' has been added to the list of possible
answers.
o autoinstall(8) has been extended to allow
- hostname-mode.conf response file names.
- response files to be placed in a subdir of the webserver's
document root.
- passing a template file to disklabel(8) to automatically
partition the disk.
o ntpd(8) is now enabled by default at install time.
o DUID support has improved enough that new installs now use them
unconditionally.
o Installing sets from CD-ROM has been fixed if more than one
CD-ROM drive is present.
o The 'Which CD-ROM contains the install media?' question has been
removed. Available cdrom devices are now shown directly in the
'Location of sets?' prompt.
- Routing daemons and other userland network improvements:
o Many improvements and simplifications in ldpd(8), including
configuration reload and support for mpw(4) pseudowire interfaces.
o bgpd(8) now allows rules to match on the peer AS number.
o For terminated BGP sessions, bgpctl(8) now displays the number of
prefixes received on the last session.
o ospfd(8) now correctly handles carp(4) interfaces in "backup" mode
at startup.
o Log messages in bgpd(8) and ospfd(8) have been made more specific.
o The default Diffie-Hellman group for VPNs configured by
ipsec.conf(5) has been changed to modp3072.
o New radiusd(8), Remote Authentication Dial In User Service
(RADIUS) daemon.
- Security improvements:
o sudo in base has been replaced with doas(1), sudo is available as
a package.
o file(1) has been replaced with a new modern implementation,
including sandbox and privilege separation.
o pax(1) (and tar(1) and cpio(1)) now prevent archive extraction
from escaping the current directory via symlinks; tar(1) without
-P option now strips up through any ".." path components.
o Static PIE support for sparc.
o Alpha switched to secure PLT.
o Improved kernel checks of ELF headers.
o Support for the NX (No-eXecute) bit on i386, resulting in much
better W^X enforcement in userland for hardware that has this
feature.
o Enforcement of W^X in the kernel address space on i386 when using
processors with the NX bit.
o Work started on a new process-containment facility called tame(2).
- Assorted improvements:
o The worm(6) now grows at a rate proportional to terminal size.
o dlclose(3) now unregisters handlers registered by a
pthread_atfork(3) call from the unloaded libraries.
o cp(1), mv(1), and pax(1) with the -rw option now preserve
timestamps with full nanosecond precision.
o pax(1) now detects failure to decompress an archive when reading
it and errors out immediately.
o nm(1) now supports the -D option for displaying the dynamic symbol
table.
o dump(8) now uses DUIDs in /etc/dumpdates when present and the -U
option has thus been removed.
o Corrected kdump(1) reporting of lseek(2) return value on ILP32
archs and getsockopt/setsockopt(2) level and optname arguments.
iovec, msghdr, and cmsghdr structures are now dumped.
o sed(1) -i option added.
o New, much simpler man.conf(5) configuration file format for
man(1), apropos(1), and makewhatis(8).
o When using man(1) with the less(1) pager, support the :t internal
command to search for definitions of keywords similar to what
ctags(1) provides.
o Improvements in checking of numeric option values in many
utilities.
o Upgraded to binutils version 2.17 with additional fixes.
o Improved correctness of poll(2) and poll(2) of O_RDONLY FIFO fds.
o Restored reporting of closed sockets by netstat(1) and systat(1).
o fdisk(8) now zeros correct GPT sector at end of disk.
o fdisk(8) now accepts 'T' sizes for terabytes.
o fdisk(8) repaired to work on 4K sector disks again.
o dhcpd(8) now logs correct giaddr and ciaddr information even when
DHCP relays are present.
o dhcpd(8) now accommodates Linux and MS clients by not sending
routers or static routes info when classless static routes are
sent.
o dhcpd(8) and dhclient(8) now accept hostnames beginning with a
digit.
o dhclient(8) no longer rejects leases with addresses overlapping
existing subnets on other interfaces. Kernel routing logic now
just works.
o Improvements to realloc(3) decrease system calls and increase
efficiency.
o The reaper now tears down dead processes without holding on to the
kernel lock. This greatly reduces latency and increases
performance on multi-processor systems.
- OpenBSD httpd(8):
o New features:
- Added support for matching and redirections with Lua
patterns(7).
- Implemented If-Modified-Since for conditional GET or HEAD
requests (RFC 7232).
- Added byte-range support for range requests (RFC 7233).
- Allowing to specify a global or per-location default media
type instead of application/octet-stream.
- Added support for HTTP Strict Transport Security (HSTS; RFC
6797).
- Added initial regression test suite based on relayd(8)'s
implementation.
o Fixes and improvements:
- TLS in httpd(8) and relayd(8) now defaults to TLSv1.2-only.
- Fixed support for large TLS keys or certificate bundles with
up to 16KB each.
- Fixed the Content-Length header for files larger than 2 GB on
32-bit architectures.
- Fixed translation of CGI environment variables in accordance
with RFCs 7230 and 3875.
- Improved memory usage and fixed possible memory exhaustion on
large file transfers.
- Added URL-encoding of specific CGI variables before using
them in the Location header.
- Prepend files or directories containing ":" with "./" in
directory indexes as per RFC 3986.
- Allowing to specify characters like "?" in the Location URI.
- Various other bug fixes and improvements.
- OpenSMTPD 5.4.4
o smtpd(8) reliability and bug fixes.
o NOTE: Some security risks were discovered and fixed after the
OpenBSD 5.8 release. See 5.8 errata 004.
- OpenSSH 7.0:
o Security:
- ssh(1): when forwarding X11 connections with
ForwardX11Trusted=no, connections made after
ForwardX11Timeout expired could be permitted and no longer
subject to XSECURITY restrictions because of an ineffective
timeout check in ssh(1) coupled with "fail open" behaviour in
the X11 server when clients attempted connections with
expired credentials. This problem was reported by Jann Horn.
- ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
password guessing by implementing an increasing failure
delay, storing a salted hash of the password rather than the
password itself and using a timing-safe comparison function
for verifying unlock attempts. This problem was reported by
Ryan Castellucci.
- sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
world-writable. Local attackers may be able to write
arbitrary messages to logged-in users, including terminal
escape sequences.
- sshd(8): fix circumvention of MaxAuthTries using
keyboard-interactive authentication. By specifying a long,
repeating keyboard-interactive "devices" string, an attacker
could request the same authentication method be tried
thousands of times in a single pass. The LoginGraceTime
timeout in sshd(8) and any authentication failure delays
implemented by the authentication mechanism itself were still
applied.
o Potentially-incompatible changes:
- Support for the legacy SSH version 1 protocol is disabled by
default at compile time.
- Support for the 1024-bit diffie-hellman-group1-sha1 key
exchange is disabled by default at run-time. It may be
re-enabled using the instructions at
http://www.openssh.com/legacy.html.
- Support for ssh-dss, ssh-dss-cert-* host and user keys is
disabled by default at run-time. These may be re-enabled
using the instructions at http://www.openssh.com/legacy.html.
- Support for the legacy v00 cert format has been removed.
- The default for the sshd_config(5) PermitRootLogin option has
changed from "yes" to "prohibit-password" (but the OpenBSD
installer defaults to "no").
- NOTE: 'PermitRootLogin prohibit-password' is subtly broken in
the OpenBSD 5.8 / OpenSSH 7.0; see 5.8 errata 001.
o New/changed features:
- ssh(1), sshd(8): promote chacha20-poly1...@openssh.com to be
the default cipher.
- sshd(8): support admin-specified arguments to
AuthorizedKeysCommand. (bz#2081)
- sshd(8): add AuthorizedPrincipalsCommand that allows
retrieving authorized principals information from a
subprocess rather than a file.
- ssh(1), ssh-add(1): support PKCS#11 devices with external PIN
entry devices. (bz#2240)
- sshd(8): allow GSSAPI host credential check to be relaxed for
multihomed hosts via GSSAPIStrictAcceptorCheck option.
(bz#928)
- ssh-keygen(1): support ssh-keygen -lF hostname to search
known_hosts and print key hashes rather than full keys.
- ssh-agent(1): add -D flag to leave ssh-agent(1) in foreground
without enabling debug mode. (bz#2381)
- ssh_config(5): add PubkeyAcceptedKeyTypes option to control
which public key types are available for user authentication.
- sshd_config(5): add HostKeyAlgorithms option to control which
public key types are offered for host authentications.
- ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
HostKeyAlgorithms, PubkeyAcceptedKeyTypes and
HostbasedKeyTypes options to allow appending to the default
set of algorithms instead of replacing it. Options may now be
prefixed with a + to append to the default, e.g.
"HostKeyAlgorithms=+ssh-dss".
o The following significant bugs have been fixed in this release:
- ssh(1), sshd(8): deprecate legacy
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use
it against some 3rd-party SSH implementations that use it
(older PuTTY, WinSCP).
- Many fixes for problems caused by compile-time deactivation
of SSH1 support. (including bz#2369)
- ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco
implementations as some would fail when attempting to use
group sizes greater than 4K. (bz#2209)
- ssh(1): fix out-of-bound read in EscapeChar configuration
option parsing. (bz#2396)
- sshd(8): fix application of PermitTunnel, LoginGraceTime,
AuthenticationMethods and StreamLocalBindMask options in
Match blocks.
- ssh(1), sshd(8): improve disconnection message on TCP reset.
(bz#2257)
- ssh(1): remove failed remote forwards established by
multiplexing from the list of active forwards. (bz#2363)
- sshd(8): make parsing of authorized_keys "environment="
options independent of PermitUserEnv being enabled. (bz#2329)
- sshd(8): fix post-auth crash with permitopen=none. (bz#2355)
- ssh(1), ssh-add(1), ssh-keygen(1): allow new-format private
keys to be encrypted with AEAD ciphers. (bz#2366)
- ssh(1): allow ListenAddress, Port and AddressFamily
configuration options to appear in any order. (bz#86)
- sshd(8): check for and reject missing arguments for
VersionAddendum and ForceCommand. (bz#2281)
- ssh(1), sshd(8): don't treat unknown certificate extensions
as fatal. (bz#2387)
- ssh-keygen(1): make stdout and stderr output consistent.
(bz#2325)
- ssh(1): mention missing DISPLAY environment in debug log when
X11 forwarding requested. (bz#1682)
- sshd(8): correctly record login when UseLogin is set.
(bz#378)
- sshd(8): add some missing options to sshd -T output and fix
output of VersionAddendum and HostCertificate. (bz#2346)
- Document and improve consistency of options that accept a
"none" argument: TrustedUserCAKeys, RevokedKeys (bz#2382),
AuthorizedPrincipalsFile (bz#2288).
- ssh(1): include remote username in debug output. (bz#2368)
- sshd(8): avoid compatibility problem with some versions of
Tera Term, which would crash when they received the hostkeys
notification message (hostkeys...@openssh.com).
- sshd(8): mention ssh-keygen -E as useful when comparing
legacy MD5 host key fingerprints. (bz#2332)
- ssh(1): clarify pseudo-terminal request behaviour and use
make manual language consistent. (bz#1716)
- ssh(1): document that the TERM environment variable is not
subject to SendEnv and AcceptEnv. (bz#2386)
- ssh(1), sshd(8): add compatability workarounds for Cisco and
more PuTTY versions. (bz#2424)
- Fix some omissions and errors in the PROTOCOL and PROTCOL.mux
documentation relating to Unix domain socket forwarding.
(bz#2421, bz#2422)
- ssh(1): Improve the ssh(1) manual page to include a better
desciption of Unix domain socket forwarding. (bz#2423)
- ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots,
fixing failures to load keys when they are present. (bz#2427)
- ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that
wth empty CKA_ID. (bz#2429)
- sshd(8): clarify documentation for UseDNS option. (bz#2045)
- LibreSSL
o User-visible features:
- Reject all server DH keys smaller than 1024 bits.
- Multiple CVEs fixed including CVE-2015-0207, CVE-2015-0209,
CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,
CVE-2015-1788, CVE-2015-1789, CVE-2015-1792.
- Protocol parsing conversions to BoringSSL's CRYPTO ByteString
(CBS) API.
- Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL.
- Removed Dynamic Engine support.
- Removed MDC-2DES support.
- Switched openssl dhparam default from 512 to 2048 bits.
- Fixed openssl pkeyutl -verify to exit with a 0 on success.
- Fixed dozens of Coverity issues including dead code, memory
leaks, logic errors and more.
- Ensure that openssl(1) restores terminal echo state after
reading a password.
- Incorporated fix for OpenSSL issue #3683.
- Removed SSLv3 support from openssl(1).
- Modified tls_write in libtls to allow partial writes,
clarified with examples in the documentation.
- Removed RSAX engine.
- Tested SSLv3 removal with the OpenBSD ports tree and found
several applications that were not ready to build without
SSLv3 yet. For now, building a program that intentionally
uses SSLv3 will result in a linker warning.
- Added TLS_method, TLS_client_method and TLS_server_method as
a replacement for the SSLv23_*method calls.
- Default cert.pem, openssl.cnf, and x509v3.cnf files are now
installed under $sysconfdir/ssl or the directory specified by
--with-openssldir. Previous versions of LibreSSL left these
empty.
- NOTE: LibreSSL 2.2.2 in OpenBSD 5.8 incorrectly handles
ClientHello messages that do not include TLS extensions,
resulting in such handshakes being aborted. see 5.8 errata
002.
o Code improvements:
- Fix incorrect comparison function in openssl(1) certhash
command. Thanks to Christian Neukirchen / Void Linux.
- Removal of OPENSSL_issetugid and all library getenv calls.
Applications can and should no longer rely on environment
variables for changing library behavior. OPENSSL_CONF and
SSLEAY_CONF are still supported with the openssl(1) command,
but note that $ENV:: is no longer supported in .cnf files.
- libtls API and documentation additions.
- Various bug fixes and simplifications to libssl and
libcrypto.
- Reworked openssl(1) option handling.
- LibreSSL version define LIBRESSL_VERSION_NUMBER will now be
bumped for each portable release.
- Removed workarounds for TLS client padding bugs.
- Removed IE 6 SSLv3 workarounds.
- --with-enginesdir is removed as a configuration parameter.
- Syslogd:
o OpenBSD syslogd(8) can bind to explicitly given UDP or TCP sockets
to receive messages. TCP streams are accepted with the octet
counting or the non transparent framing method.
o Blocks in syslog.conf(5) started with +host process messages
created by certain hosts specifically.
o Handle situations when the file descriptor limit is exhausted
gracefully.
o Since libtls handles short writes smarter, syslogd(8) can use the
complete output buffer to save messages, coping with longer TLS
server down times without losing messages.
- Ports and packages:
Many pre-built packages for each architecture:
o alpha: 7093 o powerpc: 8114
o amd64: 8866 o sh: 133
o hppa: 5813 o sparc: 3655
o i386: 8839 o sparc64: 7851
o mips64: 4267 o vax: 1959
o mips64el: 5922
- Some highlights:
o Chromium 44.0.2403.125 o Mozilla Thunderbird 38.1.0
o Emacs 21.4 and 24.5 o Node.js 0.10.35
o GCC 4.8.4 and 4.9.3 o OpenLDAP 2.3.43 and 2.4.41
o GHC 7.8.4 o PHP 5.4.43, 5.5.27 and 5.6.11
o GNOME 3.14.2 o Postfix 2.11.4
o Go 1.4.2 o PostgreSQL 9.4.1
o Groff 1.22.3 o Python 2.7.9 and 3.4.2
o JDK 1.7.0.80 and 1.8.0.45 o R 3.1.2
o KDE 3.5.10 and 4.14.3 (plus o Ruby 1.8.7.374, 1.9.3.551,
KDE4 core updates) 2.0.0.598, 2.1.5, and 2.2.0
o LLVM/Clang 3.5 (20140228) o Sendmail 8.15.2
o LibreOffice 4.4.4.3 o Tcl/Tk 8.5.18 and 8.6.4
o MariaDB 10.0.20 o TeX Live 2014
o Mono 3.12.1 o Vim 7.4.769
o Mozilla Firefox 38.1.1esr and o Xfce 4.12
39.0.3
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
o Xenocara (based on X.Org 7.7 with xserver 1.16.4 + patches,
freetype 2.6, fontconfig 2.11.1, Mesa 10.2.9, xterm 314,
xkeyboard-config 2.14 and more)
o Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
o Perl 5.20.2 (+ patches)
o SQLite 3.8.9 (+ patches)
o NSD 4.1.3
o Unbound 1.5.4
o Ncurses 5.7
o Binutils 2.17 (+ patches)
o Gdb 6.3 (+ patches)
o Less 458 (+ patches)
o Awk Aug 10, 2011 version
If you'd like to see a list of what has changed between OpenBSD 5.7
and 5.8, look at
http://www.OpenBSD.org/plus58.html
Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------
We provide patches for known security threats and other important
issues discovered after each CD release. As usual, between the
creation of the OpenBSD 5.8 HTTP/CD-ROM binaries and the actual 5.8
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default). Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible. Therefore, we advise regular visits to
http://www.OpenBSD.org/security.html
and
http://www.OpenBSD.org/errata.html
------------------------------------------------------------------------
- MAILING LISTS --------------------------------------------------------
Mailing lists are an important means of communication among users and
developers of OpenBSD. For information on OpenBSD mailing lists, please
see:
http://www.OpenBSD.org/mail.html
------------------------------------------------------------------------
- CD-ROM SALES ---------------------------------------------------------
OpenBSD 5.8 is also available on CD-ROM. The 3-CD set costs 44 EUR and
is available via web order worldwide.
The CD set includes a colourful booklet which carefully explains the
installation of OpenBSD. A new set of cute little stickers is also
included (sorry, but our HTTP mirror sites do not support STP, the Sticker
Transfer Protocol). As an added bonus, the second CD contains audio tracks
for four songs: "20 years ago today", "Fanza", "So much better", and
"A Year in the Life". MP3 and OGG versions of the audio tracks can be
found on the first CD.
Lyrics (and an explanation) for the songs may be found at:
http://www.OpenBSD.org/lyrics.html#58
Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.
The OpenBSD 5.8 CD-ROMs are bootable on the following platforms:
o i386
o amd64
o macppc
o sparc64
(Other platforms must boot from network, floppy, or other method).
For more information on ordering CD-ROMs, see:
http://www.OpenBSD.org/orders.html
All of our developers strongly urge you to buy a CD-ROM and support
our future efforts. Additionally, donations to the project are
highly appreciated, as described in more detail at:
http://www.OpenBSD.org/donations.html
------------------------------------------------------------------------
- OPENBSD FOUNDATION ---------------------------------------------------
For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts. In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses. There may also be exposure benefits
since the Foundation may be interested in participating in press releases.
In turn, the Foundation then uses these contributions to assist OpenBSD's
infrastructure needs. Contact the foundation directors at
direct...@openbsdfoundation.org for more information.
------------------------------------------------------------------------
- T-SHIRT SALES --------------------------------------------------------
The OpenBSD distribution company also sells T-shirts with new and old
designs and other merchandise, available from its web ordering system.
------------------------------------------------------------------------
- HTTP INSTALLS --------------------------------------------------------
If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via HTTP downloads. Typically you need a single
small piece of boot media (e.g., a USB flash drive) and then the rest
of the files can be installed from a number of locations, including
directly off the Internet. Follow this simple set of instructions
to ensure that you find all of the documentation you will need
while performing an install via HTTP. With the CD-ROMs,
the necessary documentation is easier to find.
1) Read either of the following two files for a list of HTTP
mirrors which provide OpenBSD, then choose one near you:
http://www.OpenBSD.org/ftp.html
http://ftp.openbsd.org/pub/OpenBSD/ftplist
As of October 18, 2015, the following HTTP mirror sites have the 5.8 release:
http://ftp.eu.openbsd.org/pub/OpenBSD/5.8/ Stockholm, Sweden
http://ftp.bytemine.net/pub/OpenBSD/5.8/ Oldenburg, Germany
http://ftp.ch.openbsd.org/pub/OpenBSD/5.8/ Zurich, Switzerland
http://ftp.fr.openbsd.org/pub/OpenBSD/5.8/ Paris, France
http://ftp5.eu.openbsd.org/pub/OpenBSD/5.8/ Vienna, Austria
http://mirror.aarnet.edu.au/pub/OpenBSD/5.8/ Brisbane, Australia
http://ftp.usa.openbsd.org/pub/OpenBSD/5.8/ CO, USA
http://ftp5.usa.openbsd.org/pub/OpenBSD/5.8/ CA, USA
http://mirror.esc7.net/pub/OpenBSD/5.8/ TX, USA
The release is also available at the master site:
http://ftp.openbsd.org/pub/OpenBSD/5.8/ Alberta, Canada
However it is strongly suggested you use a mirror.
Other mirror sites may take a day or two to update.
2) Connect to that HTTP mirror site and go into the directory
pub/OpenBSD/5.8/ which contains these files and directories.
This is a list of what you will see:
ANNOUNCEMENT alpha/ luna88k/ sparc/
Changelogs/ amd64/ macppc/ sparc64/
HARDWARE armish/ octeon/ src.tar.gz
PACKAGES armv7/ packages/ sys.tar.gz
PORTS hppa/ ports.tar.gz tools/
README i386/ root.mail vax/
SHA256 landisk/ sgi/ xenocara.tar.gz
SHA256.sig loongson/ socppc/ zaurus/
It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.
README - generic README
HARDWARE - list of hardware we support
PORTS - description of our ports tree
PACKAGES - description of pre-compiled packages
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).
3) Read the README file. It is short, and a quick read will make
sure you understand what else you need to fetch.
4) Next, go into the directory that applies to your architecture,
for example, amd64. This is a list of what you will see:
INSTALL.amd64 bsd.rd* game58.tgz pxeboot*
SHA256 cd58.iso index.txt xbase58.tgz
SHA256.sig cdboot* install58.fs xfont58.tgz
base58.tgz cdbr* install58.iso xserv58.tgz
bsd* comp58.tgz man58.tgz xshare58.tgz
bsd.mp* floppy58.fs miniroot58.fs
If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
and install58.iso. The install58.iso file (roughly 290MB in size)
is a one-step ISO-format install CD image which contains the various
*.tgz files so you do not need to fetch them separately.
If you prefer to use a USB flash drive, fetch install58.fs and
follow the instructions in INSTALL.amd64.
5) If you are an expert, follow the instructions in the file called
README; otherwise, use the more complete instructions in the
file called INSTALL.amd64. INSTALL.amd64 may tell you that you
need to fetch other files.
6) Just in case, take a peek at:
http://www.OpenBSD.org/errata.html
This is the page where we talk about the mistakes we made while
creating the 5.8 release, or the significant bugs we fixed
post-release which we think our users should have fixes for.
Patches and workarounds are clearly described there.
------------------------------------------------------------------------
- X.ORG FOR MOST ARCHITECTURES -----------------------------------------
X.Org has been integrated more closely into the system. This release
contains X.Org 7.7. Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc. During installation, you can install
X.Org quite easily. Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.
------------------------------------------------------------------------
- PORTS TREE -----------------------------------------------------------
The OpenBSD ports tree contains automated instructions for building
third party software. The software has been verified to build and
run on the various OpenBSD architectures. The 5.8 ports collection
is included on the 3-CD set. Please see the PORTS file for more
information.
Note: a few popular ports, e.g., NSD, Unbound, and several X
applications, come standard with OpenBSD. Also, many popular ports have
been pre-compiled for those who do not desire to build their own binaries
(see BINARY PACKAGES, below).
------------------------------------------------------------------------
- BINARY PACKAGES ------------------------------------------------------
A large number of binary packages are provided. Please see the PACKAGES
file (http://ftp.OpenBSD.org/pub/OpenBSD/5.8/PACKAGES) for more details.
------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------
The CD-ROMs contain source code for all the subsystems explained
above, and the README (http://ftp.OpenBSD.org/pub/OpenBSD/5.8/README)
file explains how to deal with these source files. For those who
are doing an HTTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/5.8/ directory:
xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------
Ports tree and package building by Jasper Lievisse Adriaanse,
Pierre-Emmanuel Andre, Landry Breuil, Stuart Henderson, Peter Hessler,
Paul Irofti, Sebastian Reitenbach, Miod Vallat, and Christian Weisgerber.
Base and X system builds by Jasper Lievisse Adriaanse, Kenji Aoyama,
Theo de Raadt, Jonathan Gray, Mark Kettenis, and Miod Vallat.
ISO-9660 filesystem layout by Theo de Raadt.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who pre-ordered the 5.8 CD-ROM or bought our previous
CD-ROMs. Those who did not support us financially have still helped
us with our goal of improving the quality of the software.
Our developers are:
Aaron Bieber, Alexander Bluhm, Alexander Hall, Alexandr Nedvedicky,
Alexandr Shadchin, Alexandre Ratchov, Andrew Fresh,
Anil Madhavapeddy, Anthony J. Bentley, Antoine Jacoutot,
Benoit Lecocq, Bob Beck, Brandon Mercer, Brent Cook, Bret Lambert,
Brett Mahar, Brian Callahan, Bryan Steele, Camiel Dobbelaar,
Can Erkin Acar, Charles Longeau, Chris Cappuccio,
Christian Weisgerber, Christopher Zimmermann, Claudio Jeker,
Damien Miller, Daniel Dickman, Dariusz Swiderski, Darren Tucker,
David Coppa, David Gwynne, Dmitrij Czarkoff, Doug Hogan,
Edd Barrett, Eric Faurot, Federico G. Schwindt, Florian Obser,
Gerhard Roth, Gilles Chehade, Giovanni Bechis, Gleydson Soares,
Gonzalo L. Rodriguez, Henning Brauer, Ian Darwin, Igor Sobrado,
Ingo Feinerer, Ingo Schwarze, Jakob Schlyter, James Turner,
Jason McIntyre, Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas,
Jeremy Evans, Jim Razmus II, Joel Sing, Joerg Jung, Jonathan Armani,
Jonathan Gray, Jonathan Matthew, Joshua Elsasser, Joshua Stein,
Juan Francisco Cantero Hurtado, Kazuya Goda, Kenji Aoyama,
Kenneth R Westerback, Kent R. Spillner, Kirill Bychkov, Kurt Miller,
Landry Breuil, Lawrence Teo, Loganaden Velvindron, Luke Tymowski,
Marc Espie, Marco Pfatschbacher, Mark Kettenis, Mark Lumsden,
Markus Friedl, Martin Pelikan, Martin Pieuchot, Martin Reindl,
Martynas Venckus, Masao Uebayashi, Mats O Jansson, Matthew Dempsky,
Matthias Kilian, Matthieu Herrb, Mike Belopuhov, Mike Larkin,
Miod Vallat, Naoya Kaneko, Nayden Markatchev, Nicholas Marriott,
Nick Holland, Nigel Taylor, Okan Demirmen, Otto Moerbeek,
Pascal Stumpf, Paul de Weerd, Paul Irofti, Peter Hessler,
Philip Guenther, Pierre-Emmanuel Andre, Rafael Zalamena,
Raphael Graf, Remi Pointel, Renato Westphal, Reyk Floeter,
Robert Nagy, Robert Peichaer, Ryan Thomas McBride, Sasano Takayoshi,
Sebastian Benoit, Sebastian Reitenbach, Sebastien Marie,
Simon Perreault, Stefan Fritsch, Stefan Sperling, Stephan Rickauer,
Steven Mestdagh, Stuart Cassoff, Stuart Henderson, Sylvestre Gallon,
Ted Unangst, Theo de Raadt, Tobias Stoeckmann, Tobias Ulmer,
Todd C. Miller, Vadim Zhukov, Vincent Gross, Visa Hankala,
William Yodlowsky, Yasuoka Masahiko, Yojiro Uo
