I see, TCP wrappers has been removed i am assuming using only PF is the
practice for stuff people who where using TCP wrappers for
and, thanks for the hard work
-Nex6
On Nov 1, 2014, at 10:22 AM, Antoine Jacoutot <ajacou...@openbsd.org> wrote:
> November 1, 2014.
>
> We are pleased to announce the official release of OpenBSD 5.6.
> This is our 36th release on CD-ROM (and 37th via FTP/HTTP). We remain
> proud of OpenBSD's record of more than ten years with only two remote
> holes in the default install.
>
> As in our previous releases, 5.6 provides significant improvements,
> including new features, in nearly all areas of the system:
>
> - LibreSSL:
> o This release forks OpenSSL into LibreSSL, a version of the
> TLS/crypto stack with goals of modernizing the codebase, improving
> security, and applying best practice development processes.
> o No support for legacy MacOS, Netware, OS/2, VMS and Windows
> platforms, as well as antique compilers.
> o Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST,
> GMP, CSwift, CHIL, CAPI, Atalla and AEP engines, either because
> the hardware is irrelevant, or because they require external
> non-free libraries to work.
> o No support for FIPS-140 compliance.
> o No EBCDIC support.
> o No support for big-endian i386 and amd64 platforms.
> o Use standard routines from the C library (malloc, strdup,
> snprintf...) instead of rolling our own, sometimes badly.
> o Remove the old OpenSSL PRNG, and rely upon arc4random_buf from
> libc for all the entropy needs.
> o Remove the MD2 and SEED algorithms.
> o Remove J-PAKE, PSK and SRP (mis)features.
> o Aggressive cleaning of BN memory when no longer used.
> o No support for Kerberos.
> o No support for SSLv2.
> o No support for the questionable DTLS heartbeat extension.
> o No support for TLS compression.
> o No support for US-Export SSL ciphers.
> o Do not use the current time as a random seed in libssl.
> o Support for ChaCha and Poly1305 algorithm.
> o Support for Brainpool and ANSSI elliptic curves.
> o Support for AES-GCM and ChaCha20-Poly1305 AEAD modes.
>
> - Improved hardware support, including:
> o SCSI Multipathing support via mpath(4) and associated path drivers
> on several architectures.
> o New qlw(4) driver for QLogic ISP SCSI HBAs.
> o New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs.
> o New upd(4) sensor driver for USB Power Devices (UPS).
> o New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet
> PHYs.
> o New uscom(4) driver for simple USB serial adapters.
> o New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB
> Ethernet devices.
> o The inteldrm(4) and radeondrm(4) drivers have improved
> suspend/resume support.
> o The userland interface for the agp(4) driver has been removed.
> o The rtsx(4) driver now supports card readers based on the RTS5227
> and RTL8402 chipsets.
> o The firmware for the run(4) driver has been updated to version 0.33.
> o The run(4) driver now supports devices based on the RT3900E
> chipset.
> o The zyd(4) driver, which was broken for some time, has been fixed.
> o The bwi(4) driver now works in systems with more than 1GB of RAM.
> o The re(4) driver now supports devices based on the RTL8168EP/8111EP,
> RTL8168G/8111G, and RTL8168GU/8111GU chipsets.
>
> - Generic network stack improvements:
> o divert(4) now supports checksum offload.
> o IPv6 is now turned off on new interfaces by default. Assigning an
> IPv6 address will enable IPv6 on an interface.
> o Support for RFC4620 IPv6 Node Information Queries has been removed.
> o The kernel no longer supports the SO_DONTROUTE socket option.
> o The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag
> defined in RFC 3493.
> o Include router alert option (RAO) in IGMP packets, as required by
> RFC2236.
> o ALTQ has been removed.
> o The hash table for Protocol Control Block (PCB) of TCP and UDP now
> resize automatically on load.
>
> - Installer improvements:
> o Remove ftp and tape as install methods.
> o Preserve the disklabel (and next 6 blocks) when installing boot
> block on 4k-sector disk drives.
> o Change the "Server?" question to "HTTP Server?" to allow unambiguous
> autoinstall(8) handling.
> o Allow autoinstall(8) to fetch and install sets from multiple
> locations.
> o Many sample configuration files have moved from /etc to
> /etc/examples.
>
> - Routing daemons and other userland network improvements:
> o When used with the -v flag, tcpdump(8) now shows the actual bad
> checksum within the IP/protocol header itself and what the good
> checksum should be.
> o ftp(1) now allows its User-Agent to be changed via the -U
> command-line option.
> o The -r option of ping(8) and traceroute(8) has been removed.
> o ifconfig(8) can now explicitly assign an IPv6 link-local address
> and turn IPv6 autoconf on or off.
> o ifconfig(8) has been made smarter about parsing WEP keys on the
> command line.
> o ifconfig(8) scan now shows the encryption type of wireless networks
> (WEP, WPA, WPA2, 802.1x).
> o MS-CHAPv1 (RFC2433) support has been removed from pppd(8).
> o traceroute6(8) has been merged into traceroute(8).
> o The asr API for asynchronous address resolution and nameserver
> querying is now public.
> o pflow(4)'s pflowproto 9 has been removed.
> o The userland ppp(8) daemon and its associated PPPoE helper,
> pppoe(8), have been removed.
> o snmpd(8), snmpctl(8), and relayd(8) now communicate via the AgentX
> protocol.
> o relayd(8) has a new filtering subsystem, where the new configuration
> language uses last-matching pf-like rules.
> o The new relayd(8) filter rules now support URL-based relaying.
> o relayd(8) now uses privilege separation for private keys. This acts
> as an additional mitigation to prevent leakage of the private keys
> from the processes doing SSL/TLS.
> o New httpd(8) HTTP server with FastCGI and SSL support.
>
> - OpenSMTPD 5.4.3 (includes changes to 5.4.2):
> o New/changed features:
> - OpenSMTPD replaces Sendmail as the default MTA.
> - Queue process now runs under a different user for better
> isolation.
> - Merged MDA, MTA and SMTP processes into a single unprivileged
> process.
> - Killed the MFA process, it is no longer needed.
> - Added support for email addresses lookups in the table_db
> backend.
> - Added RSA privilege separation support to prevent possible
> private key leakage.
> o The following significant bugs have been fixed in this release:
> - Minor bug fixes in some corner cases of the routing logic.
> - The enqueuer no longer adds its own User-Agent.
> - Disabled profiling code, allowing all processes to rest rather
> than waking up every second.
> - Reworked the purge task to avoid disk-hits unless necessary...
> only once at startup.
> - Fix various header parsing bugs in the local enqueuer.
> - Assorted minor fixes and code cleanups.
>
> - Security improvements:
> o Changed the heuristics of the stack protector to also protect
> functions with local array definitions and references to local
> frame addresses. This matches the -fstack-protector-strong option
> of upstream GCC.
> o Position-independent executables (PIE) are now used by default on
> powerpc.
> o Removed Kerberos.
> o Default bcrypt hash type is now $2b$.
> o Remove md5crypt support.
> o Improved easier to use bcrypt API is now available.
> o Increase randomness of random mmap mappings.
> o Added getentropy(2).
> o Added timingsafe_memcmp(3).
> o Removed the MD4 hash algorithm and functions from cksum(1), S/Key,
> and libc.
> o gets(3) has been removed.
> o Added reallocarray(3), which allows multiple sized objects to be
> allocated without the cost of clearing memory while avoiding
> possible integer overflows.
> o Extended fread(3) and fwrite(3) to check for integer overflows.
>
> - Assorted improvements:
> o locate databases for both base and xenocara, as
> /usr/lib/locate/src.db and /usr/X11R6/lib/locate/xorg.db.
> o Much faster package updates, due to package contents reordering
> that precludes re-downloading unchanged files.
> o Fix many programs that failed when accessing disks having sector
> sizes other than 512 bytes, including badsect(8), df(1), dump(8),
> dumpfs(8), fsck_ext2fs(8), fsck_ffs(8), fsdb(8), growfs(8),
> ncheck_ffs(8), quotacheck(8), tunefs(8).
> o Constrain MSDOS timestamps to 1/1/1980 through 12/31/2107. 64-bit
> time_t values outside that range are stored as 1/1/1980.
> o bs(6) now prints a battleship splash screen.
> o rcp, rsh, rshd, rwho, rwhod, ruptime, asa, bdes, fpr, mkstr, page,
> spray, xstr, oldrdist, fsplit, uyap, and bluetooth have been
> removed.
> o rmail(8) and uucpd(8) have been removed from the base system and
> added to the ports tree.
> o Lynx has been removed from the base system and added to the ports
> tree.
> o TCP Wrappers have been removed.
> o Fix atexit(3) recursive handlers.
> o Enhance disklabel(8) to recover filesystem mountpoint information
> when reading saved ascii labels.
> o Properly handle msgbuf_write(3) EOF conditions, including uses in
> tmux(1), dvmrpd(8), ldapd(8), ldpd(8), ospf6d(8), ospfd(8),
> relayd(8), ripd(8), smtpd(8), ypldap(8).
> o Constrain fdisk(8) '-l' to disk sizes of 64 blocks or more.
> o Sync fdisk(8) built-in MBR with current /usr/mdec/mbr.
> o Quiet dhclient(8) '-q' even more.
> o Log less redundant dhclient(8) info.
> o New leases, lease renewals, cable state changes more obvious to
> applications monitoring dhclient(8) files.
> o Preserve chronological order of leases in the dhclient.leases(5)
> leases files.
> o Use 'lease {}' statements in dhclient.conf(5), allowing interfaces
> to get an address when no dynamic lease is available.
> o Improve dhclient(8) parsing and printing of classess static routes.
> o Eliminate unnecessary rewrites of resolv.conf(5) by dhclient(8).
> o Added sendsyslog(2): syslog(3) now works even when out of file
> descriptors or in a chroot.
> o Added errc(3), verrc(3), warnc(3) and vwarnc(3).
> o Faster hibernate/unhibernate performance on amd64 and i386
> platforms.
> o Support hibernating to softraid(4) crypto volumes.
> o Improved performance of seekdir(3) to start of current buffer.
> o Added <endian.h> per the revision of the POSIX spec in progress.
> o Apache has been removed.
> o Read support for ext4 filesystems.
> o Reworked mplocks as ticket locks instead of spinlocks on amd64,
> i386, and sparc64. This provides fairer access to the kernel lock
> between logical CPUs, especially in multi socket systems.
>
> - OpenSSH 6.7:
> o Potentially-incompatible changes:
> - sshd(8): The default set of ciphers and MACs has been altered to
> remove unsafe algorithms. In particular, CBC ciphers and
> arcfour* are disabled by default.
> - sshd(8): Support for tcpwrappers/libwrap has been removed.
> - OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
> using the "curve25519-sha...@libssh.org" KEX exchange method to
> fail when connecting with something that implements the
> specification correctly. OpenSSH 6.7 disables this KEX method
> when speaking to one of the affected versions.
> o New/changed features:
> - Major internal refactoring to begin to make part of OpenSSH
> usable as a library. So far the wire parsing, key handling and
> KRL code has been refactored. Please note that we do not
> consider the API stable yet, nor do we offer the library in
> separable form.
> - ssh(1), sshd(8): Add support for Unix domain socket forwarding.
> A remote TCP port may be forwarded to a local Unix domain socket
> and vice versa or both ends may be a Unix domain socket.
> - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
> Ed25519 key types.
> - sftp(1): Allow resumption of interrupted uploads.
> - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if
> it is the same as the one sent during initial key exchange.
> (bz#2154)
> - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind
> addresses when GatewayPorts=no; allows client to choose address
> family. (bz#2222)
> - sshd(8): Add a sshd_config(5) PermitUserRC option to control
> whether ~/.ssh/rc is executed, mirroring the no-user-rc
> authorized_keys option. (bz#2160)
> - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath
> that expands to a unique identifer based on a hash of the tuple
> of (local host, remote user, hostname, port). Helps avoid
> exceeding miserly pathname limits for Unix domain sockets in
> multiplexing control paths. (bz#2220)
> - sshd(8): Make the "Too many authentication failures" message
> include the user, source address, port and protocol in a format
> similar to the authentication success/failure messages. (bz#2199)
> - Added unit and fuzz tests for refactored code.
> o The following significant bugs have been fixed in this release:
> - sshd(8): Fix remote forwarding with same listen port but
> different listen address.
> - ssh(1): Fix inverted test that caused PKCS#11 keys that were
> explicitly listed in ssh_config(5) or on the commandline not to
> be preferred.
> - ssh-keygen(1): Fix bug in KRL generation: multiple consecutive
> revoked certificate serial number ranges could be serialised to
> an invalid format. Readers of a broken KRL caused by this bug
> will fail closed, so no should-have-been-revoked key will be
> accepted.
> - ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures
> in exit status. Previously we were always returning 0. (bz#2255)
> - ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in
> the randomart border. (bz#2247)
> - ssh-agent(1): Only cleanup agent socket in the main agent process
> and not in any subprocesses it may have started (e.g. forked
> askpass). Fixes agent sockets being zapped when askpass processes
> fatal(). (bz#2236)
> - ssh-add(1): Make stdout line-buffered; saves partial output
> getting lost when ssh-add(1) fatal()s part-way through (e.g. when
> listing keys from an agent that supports key types that
> ssh-add(1) doesn't). (bz#2234)
> - ssh-keygen(1): When hashing or removing hosts, don't choke on
> "@revoked" markers and don't remove "@cert-authority" markers.
> (bz#2241)
> - ssh(1): Don't fatal when hostname canonicalisation fails and a
> ProxyCommand is in use; continue and allow the ProxyCommand to
> connect anyway (e.g. to a host with a name outside the DNS behind
> a bastion).
> - scp(1): When copying local->remote fails during read, don't send
> uninitialised heap to the remote end.
> - sftp(1): Fix fatal "el_insertstr failed" errors when
> tab-completing filenames with a single quote char somewhere in
> the string. (bz#2238)
> - ssh-keyscan(1): Scan for Ed25519 keys by default.
> - ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver,
> down-convert any certificate keys to plain keys and attempt SSHFP
> resolution. Prevents a server from skipping SSHFP lookup and
> forcing a new-hostkey dialog by offering only certificate keys.
> - sshd(8): Avoid crash at exit via NULL pointer reference.
> (bz#2225)
> - Fix some strict-alignment errors.
>
> - mandoc 1.13.0:
> o New implementation of apropos(1), whatis(1), and makewhatis(8)
> based on SQLite3 databases.
> o Substantial improvements of mandoc(1) error and warning messages.
> o Almost complete implementation of roff(7) numerical expressions.
> o About a dozen minor new features and numerous bug fixes.
>
> - Ports and packages:
> o Over 8,800 ports.
>
> - Many pre-built packages for each architecture:
> o i386: 8588 o sparc64: 7965
> o alpha: 6278 o sh: 2626
> o amd64: 8588 o powerpc: 8049
> o sparc: 3394 o arm: 5633
> o hppa: 6143 o vax: 1995
> o mips64: 4686 o mips64el: 6697
> o m88k: 2475
>
> - Some highlights:
> o GNOME 3.12.2 o KDE 3.5.10 and 4.13.3
> o Xfce 4.10 o MySQL 5.1.73
> o PostgreSQL 9.3.4 o Postfix 2.11.1
> o OpenLDAP 2.3.43 and 2.4.39 o GHC 7.6.3
> o Mozilla Firefox 31.0 o LibreOffice 4.1.6.2
> o Mozilla Thunderbird 31.0 o Vim 7.4.135
> o Emacs 21.4 and 24.3 o Python 2.7.8, 3.3.5 and 3.4.1
> o PHP 5.3.28, 5.4.30 and 5.5.14 o Mono 3.4.0
> o Ruby 1.8.7.374, 1.9.3.545, 2.0.0.481 and 2.1.2
> o Tcl/Tk 8.5.15 and 8.6.1 o Groff 1.22.2
> o JDK 1.6.0.32 and 1.7.0.55 o GCC 4.6.4, 4.8.3 and 4.9.0
> o Chromium 36.0.1985.125 o Go 1.3
> o LLVM/Clang 3.5 (20140228) o Node.js 0.10.28
>
> - As usual, steady improvements in manual pages and other documentation.
>
> - The system includes the following major components from outside
suppliers:
> o Xenocara (based on X.Org 7.7 with xserver 1.15.2 + patches,
> freetype 2.5.3, fontconfig 2.11.1, Mesa 10.2.3, xterm 309,
> xkeyboard-config 2.11 and more)
> o Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
> o Perl 5.18.2 (+ patches)
> o Nginx 1.6.0 (+ patches)
> o SQLite 3.8.4.3 (+ patches)
> o Sendmail 8.14.8, with libmilter
> o Bind 9.4.2-P2 (+ patches)
> o NSD 4.0.3
> o Sudo 1.7.2p8
> o Ncurses 5.7
> o Binutils 2.15 (+ patches)
> o Gdb 6.3 (+ patches)
> o Less 458 (+ patches)
> o Awk Aug 10, 2011 version
>
> If you'd like to see a list of what has changed between OpenBSD 5.5
> and 5.6, look at
>
> http://www.OpenBSD.org/plus56.html
>
> Even though the list is a summary of the most important changes
> made to OpenBSD, it still is a very very long list.
> We provide patches for known security threats and other important
> issues discovered after each CD release. As usual, between the
> creation of the OpenBSD 5.6 HTTP/CD-ROM binaries and the actual 5.6
> release date, our team found and fixed some new reliability problems
> (note: most are minor and in subsystems that are not enabled by
> default). Our continued research into security means we will find
> new security problems -- and we always provide patches as soon as
> possible. Therefore, we advise regular visits to
>
> http://www.OpenBSD.org/security.html
> and
> http://www.OpenBSD.org/errata.html
> Mailing lists are an important means of communication among users and
> developers of OpenBSD. For information on OpenBSD mailing lists, please
> see:
>
> http://www.OpenBSD.org/mail.html
> OpenBSD 5.6 is also available on CD-ROM. The 3-CD set costs 44 EUR and
> is available via web order worldwide.
>
> The CD set includes a colourful booklet which carefully explains the
> installation of OpenBSD. A new set of cute little stickers is also
> included (sorry, but our HTTP mirror sites do not support STP, the Sticker
> Transfer Protocol). As an added bonus, the second CD contains an audio
> track, a song entitled "Ride of the Valkyries". MP3 and OGG versions of
> the audio track can be found on the first CD.
>
> Lyrics (and an explanation) for the songs may be found at:
>
> http://www.OpenBSD.org/lyrics.html#56
>
> Profits from CD sales are the primary income source for the OpenBSD
> project -- in essence selling these CD-ROM units ensures that OpenBSD
> will continue to make another release six months from now.
>
> The OpenBSD 5.6 CD-ROMs are bootable on the following platforms:
>
> o i386
> o amd64
> o macppc
> o sparc64
>
> (Other platforms must boot from network, floppy, or other method).
>
> For more information on ordering CD-ROMs, see:
>
> http://www.OpenBSD.org/orders.html
>
> All of our developers strongly urge you to buy a CD-ROM and support
> our future efforts. Additionally, donations to the project are
> highly appreciated, as described in more detail at:
>
> http://www.OpenBSD.org/donations.html
> For those unable to make their contributions as straightforward gifts,
> the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
> not-for-profit corporation that can accept larger contributions and
> issue receipts. In some situations, their receipt may qualify as a
> business expense write-off, so this is certainly a consideration for
> some organizations or businesses. There may also be exposure benefits
> since the Foundation may be interested in participating in press releases.
> In turn, the Foundation then uses these contributions to assist OpenBSD's
> infrastructure needs. Contact the foundation directors at
> direct...@openbsdfoundation.org for more information.
> The OpenBSD distribution companies also sell T-shirts and polo shirts,
> with new and old designs, available from our web ordering system.
> If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
> installed via HTTP downloads. Typically you need a single
> small piece of boot media (e.g., a USB flash drive) and then the rest
> of the files can be installed from a number of locations, including
> directly off the Internet. Follow this simple set of instructions
> to ensure that you find all of the documentation you will need
> while performing an install via HTTP. With the CD-ROMs,
> the necessary documentation is easier to find.
>
> 1) Read either of the following two files for a list of HTTP
> mirrors which provide OpenBSD, then choose one near you:
>
> http://www.OpenBSD.org/ftp.html
> http://ftp.openbsd.org/pub/OpenBSD/ftplist
>
> As of November 1, 2014, the following HTTP mirror sites have the 5.6
release:
>
> http://ftp.eu.openbsd.org/pub/OpenBSD/5.6/ Stockholm, Sweden
> http://ftp.bytemine.net/pub/OpenBSD/5.6/ Oldenburg, Germany
> http://ftp.ch.openbsd.org/pub/OpenBSD/5.6/ Zurich, Switzerland
> http://ftp.fr.openbsd.org/pub/OpenBSD/5.6/ Paris, France
> http://ftp5.eu.openbsd.org/pub/OpenBSD/5.6/ Vienna, Austria
> http://mirror.aarnet.edu.au/pub/OpenBSD/5.6/ Brisbane, Australia
> http://ftp.usa.openbsd.org/pub/OpenBSD/5.6/ CO, USA
> http://ftp5.usa.openbsd.org/pub/OpenBSD/5.6/ CA, USA
> http://mirror.esc7.net/pub/OpenBSD/5.6/ TX, USA
>
> The release is also available at the master site:
>
> http://ftp.openbsd.org/pub/OpenBSD/5.6/ Alberta, Canada
>
> However it is strongly suggested you use a mirror.
>
> Other mirror sites may take a day or two to update.
>
> 2) Connect to that HTTP mirror site and go into the directory
> pub/OpenBSD/5.6/ which contains these files and directories.
> This is a list of what you will see:
>
> ANNOUNCEMENT alpha/ luna88k/ sparc/
> Changelogs/ amd64/ macppc/ sparc64/
> HARDWARE armv7/ octeon/ src.tar.gz
> PACKAGES aviion/ packages/ sys.tar.gz
> PORTS hppa/ ports.tar.gz tools/
> README i386/ root.mail vax/
> SHA256 landisk/ sgi/ xenocara.tar.gz
> SHA256.sig loongson/ socppc/ zaurus/
>
> It is quite likely that you will want at LEAST the following
> files which apply to all the architectures OpenBSD supports.
>
> README - generic README
> HARDWARE - list of hardware we support
> PORTS - description of our ports tree
> PACKAGES - description of pre-compiled packages
> root.mail - a copy of root's mail at initial login.
> (This is really worthwhile reading).
>
> 3) Read the README file. It is short, and a quick read will make
> sure you understand what else you need to fetch.
>
> 4) Next, go into the directory that applies to your architecture,
> for example, amd64. This is a list of what you will see:
>
> INSTALL.amd64 cd56.iso index.txt xetc56.tgz
> SHA256 cdboot* install56.fs xfont56.tgz
> SHA256.sig cdbr* install56.iso xserv56.tgz
> base56.tgz comp56.tgz man56.tgz xshare56.tgz
> bsd* etc56.tgz miniroot56.fs
> bsd.mp* floppy56.fs pxeboot*
> bsd.rd* game56.tgz xbase56.tgz
>
> If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
> and install56.iso. The install56.iso file (roughly 250MB in size)
> is a one-step ISO-format install CD image which contains the various
> *.tgz files so you do not need to fetch them separately.
>
> If you prefer to use a USB flash drive, fetch install56.fs and
> follow the instructions in INSTALL.amd64.
>
> 5) If you are an expert, follow the instructions in the file called
> README; otherwise, use the more complete instructions in the
> file called INSTALL.amd64. INSTALL.amd64 may tell you that you
> need to fetch other files.
>
> 6) Just in case, take a peek at:
>
> http://www.OpenBSD.org/errata.html
>
> This is the page where we talk about the mistakes we made while
> creating the 5.6 release, or the significant bugs we fixed
> post-release which we think our users should have fixes for.
> Patches and workarounds are clearly described there.
>
> Note: If you end up needing to write a raw floppy using Windows,
> you can use "fdimage.exe" located in the pub/OpenBSD/5.6/tools
> directory to do so.
> X.Org has been integrated more closely into the system. This release
> contains X.Org 7.7. Most of our architectures ship with X.Org, including
> amd64, sparc, sparc64 and macppc. During installation, you can install
> X.Org quite easily. Be sure to try out xdm(1) and see how we have
> customized it for OpenBSD.
> The OpenBSD ports tree contains automated instructions for building
> third party software. The software has been verified to build and
> run on the various OpenBSD architectures. The 5.6 ports collection,
> including many of the distribution files, is included on the 3-CD
> set. Please see the PORTS file for more information.
>
> Note: some of the most popular ports, e.g., the nginx web server
> and several X applications, come standard with OpenBSD. Also, many
> popular ports have been pre-compiled for those who do not desire
> to build their own binaries (see BINARY PACKAGES, below).
> A large number of binary packages are provided. Please see the PACKAGES
> file (http://ftp.OpenBSD.org/pub/OpenBSD/5.6/PACKAGES) for more details.
> The CD-ROMs contain source code for all the subsystems explained
> above, and the README (http://ftp.OpenBSD.org/pub/OpenBSD/5.6/README)
> file explains how to deal with these source files. For those who
> are doing an HTTP install, the source code for all four subsystems
> can be found in the pub/OpenBSD/5.6/ directory:
>
> xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
> Ports tree and package building by Jasper Lievisse Adriaanse,
> Pierre-Emmanuel Andre, Landry Breuil, Stuart Henderson, Peter Hessler,
> Nick Holland, Paul Irofti, Sebastian Reitenbach, Miod Vallat, and
> Christian Weisgerber. System builds by Jasper Lievisse Adriaanse,
> Kenji Aoyama, Theo de Raadt, Nick Holland, and Miod Vallat.
> X11 builds by Jasper Lievisse Adriaanse, Kenji Aoyama, Todd Fries,
> Nick Holland, and Miod Vallat. ISO-9660 filesystem layout by
> Theo de Raadt.
>
> We would like to thank all of the people who sent in bug reports, bug
> fixes, donation cheques, and hardware that we use. We would also like
> to thank those who pre-ordered the 5.6 CD-ROM or bought our previous
> CD-ROMs. Those who did not support us financially have still helped
> us with our goal of improving the quality of the software.
>
> Our developers are:
>
> Aaron Bieber, Alexander Bluhm, Alexander Hall, Alexandr Shadchin,
> Alexandre Ratchov, Andrew Fresh, Anil Madhavapeddy,
> Anthony J. Bentley, Antoine Jacoutot, Austin Hook, Benoit Lecocq,
> Bob Beck, Brad Smith, Brandon Mercer, Brent Cook, Bret Lambert,
> Brett Mahar, Brian Callahan, Camiel Dobbelaar, Charles Longeau,
> Chris Cappuccio, Christian Weisgerber, Christopher Zimmermann,
> Claudio Jeker, Damien Miller, Daniel Dickman, Darren Tucker,
> David Coppa, David Gwynne, Doug Hogan, Edd Barrett, Eric Faurot,
> Federico G. Schwindt, Florian Obser, Gerhard Roth, Gilles Chehade,
> Giovanni Bechis, Gleydson Soares, Gonzalo L. Rodriguez,
> Henning Brauer, Ian Darwin, Igor Sobrado, Ingo Schwarze,
> Jakob Schlyter, James Turner, Jason McIntyre,
> Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas, Jeremy Evans,
> Jim Razmus II, Joel Sing, Joerg Jung, Jonathan Armani,
> Jonathan Gray, Jonathan Matthew, Jordan Hargrave, Joshua Elsasser,
> Joshua Stein, Juan Francisco Cantero Hurtado, Kazuya Goda,
> Kenji Aoyama, Kenneth R Westerback, Kirill Bychkov, Kurt Miller,
> Landry Breuil, Lawrence Teo, Loganaden Velvindron, Luke Tymowski,
> Marc Espie, Marco Pfatschbacher, Mark Kettenis, Mark Lumsden,
> Markus Friedl, Martin Pelikan, Martin Pieuchot, Martin Reindl,
> Martynas Venckus, Masao Uebayashi, Mats O Jansson, Matthew Dempsky,
> Matthias Kilian, Matthieu Herrb, Mike Belopuhov, Mike Larkin,
> Miod Vallat, Naoya Kaneko, Nayden Markatchev, Nicholas Marriott,
> Nick Holland, Nigel Taylor, Okan Demirmen, Otto Moerbeek,
> Pascal Stumpf, Paul de Weerd, Paul Irofti, Peter Hessler,
> Philip Guenther, Pierre-Emmanuel Andre, Raphael Graf, Remi Pointel,
> Renato Westphal, Reyk Floeter, Robert Nagy, Robert Peichaer,
> Ryan Thomas McBride, Sasano Takayoshi, Sebastian Benoit,
> Sebastian Reitenbach, Simon Perreault, Stefan Fritsch,
> Stefan Sperling, Stephan Rickauer, Steven Mestdagh, Stuart Cassoff,
> Stuart Henderson, Sylvestre Gallon, Ted Unangst, Theo de Raadt,
> Tobias Stoeckmann, Tobias Ulmer, Todd C. Miller, Todd Fries,
> Vadim Zhukov, William Yodlowsky, Wouter Wijngaards,
> Yasuoka Masahiko, Yojiro Uo
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
