Install was very quick on my Sun V100. Congratulations to all involved.
Any news on if/when there will be packages for Sparc64?
On Wed, 24 Apr 2019 at 14:46, Theo de Raadt <dera...@openbsd.org> wrote:
> OpenBSD 6.5 builds finished a week early, so the May 1 dated code can
> go out the door 1 week early.
>
> ------------------------------------------------------------------------
> - OpenBSD 6.5 RELEASED -------------------------------------------------
>
> May 1, 2019.
>
> We are pleased to announce the official release of OpenBSD 6.5.
> This is our 46th release. We remain proud of OpenBSD's record of more
> than twenty years with only two remote holes in the default install.
>
> As in our previous releases, 6.5 provides significant improvements,
> including new features, in nearly all areas of the system:
>
> - Improved hardware support, including:
> o clang(1) is now provided on mips64.
> o The default linker has been switched from the binutils bfd-based
> linker to lld on amd64 and i386.
> o octeon: Now the system automatically detects the number of
> available cores. However, manual setting of the numcores, or
> coremask, boot parameter is still needed to enable secondary
> cores.
> o octeon: It is now possible to use the root disk's DUID as the
> value of the rootdev boot parameter.
> o New octgpio(4) driver for the OCTEON GPIO controller.
> o New pvclock(4) driver for KVM paravirtual clock.
> o New ixl(4) driver for Intel Ethernet 700 series controller
> devices.
> o New abcrtc(4) driver for Abracon AB1805 real-time clock.
> o New imxsrc(4) driver for i.MX system reset controller.
> o New uxrcom(4) driver for Exar XR21V1410 USB serial adapters.
> o New mvgicp(4) driver for Marvell ARMADA 7K/8K GICP controller.
> o Support for QCA AR816x/AR817x in alc(4).
> o Support for isochronous transfers in xhci(4).
> o uaudio(4) has been replaced by a new driver which supports USB
> audio class v2.0.
> o Improved support for nmea(4) devices, providing altitude and
> ground speed values as sensors.
>
> - IEEE 802.11 wireless stack improvements:
> o Reduced usage of RTS frames improves overall throughput and
> latency.
> o Improved transmit rate selection in the iwm(4) driver.
> o Improved radio hardware calibration in the athn(4) driver.
> o The bwfm(4) driver now provides more accurate device configuration
> information to userland.
> o Added new routing socket message RTM_80211INFO to provide details
> of 802.11 interface state changes to dhclient(8) and route(8).
> o If an auto-join list is configured, wireless interfaces will no
> longer connect to unknown open networks by default. This behaviour
> must now be explicitly enabled by adding the empty network name to
> the auto-join list, e.g. ifconfig iwm0 join "", or join "" in
> hostname.if files.
> o The iwn(4) and iwm(4) drivers will now automatically try to
> connect to a network if the radio kill switch is toggled to allow
> radio transmissions while the interface is marked UP.
>
> - Generic network stack improvements:
> o New bpe(4) Backbone Provider Edge pseudo-device.
> o New mpip(4) MPLS IP layer 2 pseudowire driver.
> o MPLS encapsulation interfaces support configuration of alternative
> MPLS route domains.
> o The vlan(4) driver bypasses queue processing and outputs directly
> to the parent interface.
> o New per SAD counters visible via ipsecctl(8).
> o The bpf(4) filter drop mechanism has been extended to allow
> dropping without capturing packets, and use of the mechanism with
> tcpdump(8) as a filtering mechanism early in the device receive
> path.
> o ifconfig(8) gains txprio for controlling the encoding of priority
> in tunnel headers, and support in drivers including vlan(4),
> gre(4), gif(4), and etherip(4).
>
> - Installer improvements:
> o rdsetroot(8) (a build-time tool) is now available for general use.
> o During upgrades, some components of old releases are deleted.
>
> - Security improvements:
> o unveil(2) has been improved to understand and find covering unveil
> matches above the working directory of the running process for
> relative path accesses. As a result many programs now can use
> unveil in broad ways such as unveil("/", "r").
> o unveil(2) no longer silently allows stat(2) and access(2) to work
> on any unveiled path component.
> o Now using unveil(2) in ospfd(8), ospf6d(8), rebound(8),
> getconf(1), kvm_mkdb(8), bdftopcf(1), Xserver(1), passwd(1),
> spamlogd(8), spamd(8), sensorsd(8), snmpd(8), htpasswd(1),
> ifstated(8). Some pledge(2) changes were required to accommodate
> unveil.
> o ROP mitigations in clang(1) have been improved, resulting in a
> significant decrease in the number of polymorphic ROP gadgets in
> binaries on i386/amd64.
> o RETGUARD performance and security has been improved in clang(1) by
> keeping data on registers instead of on the stack when possible,
> and lengthening the epilogue trapsled on amd64 to consume the rest
> of the cache line before the return.
> o RETGUARD replaces the stack protector on amd64 and arm64, since
> RETGUARD instruments every function that returns and provides
> better security properties than the traditional stack protector.
>
> - Routing daemons and other userland network improvements:
> o pcap-filter(3) can now filter on MPLS packets.
> o The routing priority for ospfd(8), ospf6d(8) and ripd(8) is now
> configurable.
> o ripd(8) is now pledged.
> o First release of unwind(8), a validating, recursive nameserver for
> 127.0.0.1. It is particularly suitable for laptops moving between
> networks.
> o ifconfig(8) gains sff and sffdump modes, displaying diagnostic
> information from fibre transceivers and similar modules. Currently
> ix(4) and ixl(4) are supported.
> o ldpd(8) now supports configuration of TCP MD5 for networks, not
> just specific neighbors.
>
> - bgpd(8) improvements:
> o bgpd(8) has now a real Adj-RIB-Out which improved overall memory
> usage.
> o Implemented a simple ruleset optimizer that merges filter rules
> that differ only by filter sets.
> o First release of OpenBGPD-portable. There is currently no FIB
> support in the portable version and some other features are also
> disabled.
> o The configuration of BGP MPLS VPN changed and the config needs to
> be adjusted if VPNs are used.
> o Added support for IPv6 BGP MPLS VPNs.
> o Implemented as-override in bgpd(8), a feature where the neighbor
> AS is replaced by the local AS in AS paths.
> o It is now possible to match multiple communities, ext-communities
> or large-communities per filter rule.
> o Added support for *, local-as and neighbor-as for ext-community
> matching and addition or removal.
> o Prevent bgpd(8) from being started more than once with the same
> config.
> o announce inet none no longer clears announce settings of other
> address families.
> o Removed potential for a spurious End-of-RIB marker being sent.
> o Fixed mrt table dumps and the route collector mode.
> o Improved throttling of initial routing table dump.
> o bgpd(8) terminates RIB table walks if bgpctl(8) terminates early.
> o Improved handling of communities, large-communities and
> ext-communities in bgpctl(8)
> o It is now possible to use neighbor group <name> to run bgpctl(8)
> commands against the specified group of neighbors:
> bgpctl neighbor group [clear|destroy|down|refresh|up]
> bgpctl show neighbor group [messages|terse|timers]
> bgpctl show rib neighbor group ...
> o bgpctl(8) can now add networks into BGP VPN tables by specifying
> the route distinguisher rd on the network command.
> o bgplg(8) and bgplgsh(8) can now filter on Origin Validation State
> and Extended Communities.
> o bgplgsh(8) can now [clear|destroy|down|refresh|up] and show groups
> of neighbors.
>
> - Assorted improvements:
> o kcov(4) gained support for KCOV_MODE_TRACE_CMP.
> o A 'video' promise was added to pledge(2).
> o The kern.witnesswatch sysctl(8) has been renamed to
> kern.witness.watch.
> o New pthread rwlock implementation improving latency of threaded
> applications.
> o kubsan(4) capable of detecting undefined behavior in the kernel.
> o signify -n option to zero date header in -z mode.
> o Remove OXTABS from default pty flags.
> o install(1) now always copies files safely (as with -S), avoiding
> race conditions.
> o syslog.conf(5) now supports program names containing dots and
> underscores.
> o tcpdump(8) already used privsep, pledge(2) and unveil(2)
> containment. It now also drops root privileges completely
> (switching to a reserved uid).
> o The multi-threaded performance of malloc(3) has been improved.
> o malloc(3) now uses sysctl(2) to get its settings, making it
> respect the system-wide settings in chroots as well.
> o Various improvements to the join command.
> o Work has started on a ISC-licensed rsync-compatible program called
> OpenRSYNC. In this release it has basic functionality such as -a,
> --delete, but lacks --exclude. Work will continue.
> o New Spleen font 8x16, 12x24, 16x32 and 32x64 variants added and
> enabled in wsfont, along with font selection logic to allow
> selecting larger fonts when available at runtime in rasops(9).
>
> - OpenSMTPD 6.5.0
> o New Features
> - Added the new matching criteria "from rdns" to smtpd.conf(5)
> to allow matching of sessions based on the reverse DNS of the
> client.
> - Added regex(3) support to table lookups in smtpd.conf(5).
>
> - LibreSSL 2.9.1
> o API and Documentation Enhancements
> - CRYPTO_LOCK is now automatically initialized, with the legacy
> callbacks stubbed for compatibility.
> - Added the SM3 hash function from the Chinese standard GB/T
> 32905-2016.
> - Added the SM4 block cipher from the Chinese standard GB/T
> 32907-2016.
> - Added more OPENSSL_NO_* macros for compatibility with
> OpenSSL.
> - Partial port of the OpenSSL EC_KEY_METHOD API for use by
> OpenSSH.
> - Implemented further missing OpenSSL 1.1 API.
> - Added support for XChaCha20 and XChaCha20-Poly1305.
> - Added support for AES key wrap constructions via the EVP
> interface.
> o Compatibility Changes
> - Added pbkdf2 key derivation support to openssl(1) enc.
> - Changed the default digest type of openssl(1) enc to sha256.
> - Changed the default digest type of openssl(1) dgst to sha256.
> - Changed the default digest type of openssl(1) x509
> -fingerprint to sha256.
> - Changed the default digest type of openssl(1) crl
> -fingerprint to sha256.
> o Testing and Proactive Security
> - Added extensive interoperability tests between LibreSSL and
> OpenSSL 1.0 and 1.1.
> - Added additional Wycheproof tests and related bug fixes.
> o Internal Improvements
> - Simplified sigalgs option processing and handshake signing
> algorithm selection.
> - Added the ability to use the RSA PSS algorithm for handshake
> signatures.
> - Added bn_rand_interval() and use it in code needing ranges of
> random bn values.
> - Added functionality to derive early, handshake, and
> application secrets as per RFC8446.
> - Added handshake state machine from RFC8446.
> - Removed some ASN.1 related code from libcrypto that had not
> been used since around 2000.
> - Unexported internal symbols and internalized more record
> layer structs.
> - Removed SHA224 based handshake signatures from consideration
> for use in a TLS 1.2 handshake.
> o Portable Improvements
> - Added support for assembly optimizations on 32-bit ARM ELF
> targets.
> - Added support for assembly optimizations on Mingw-w64
> targets.
> - Improved Android compatibility
> o Bug Fixes
> - Improved protection against timing side channels in ECDSA
> signature generation.
> - Coordinate blinding was added to some elliptic curves. This
> is the last bit of the work by Brumley et al. to protect
> against the Portsmash vulnerability.
> - Ensure transcript handshake is always freed with TLS 1.2.
>
> - OpenSSH 8.0
> o New Features
> - ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys
> in PKCS#11 tokens.
> - ssh(1), sshd(8): Add experimental quantum-computing resistant
> key exchange method, based on a combination of Streamlined
> NTRU Prime 4591^761 and X25519.
> - ssh-keygen(1): Increase the default RSA key size to 3072
> bits, following NIST Special Publication 800-57's guidance
> for a 128-bit equivalent symmetric security level.
> - ssh(1): Allow "PKCS11Provider=none" to override later
> instances of the PKCS11Provider directive in ssh_config;
> bz#2974
> - sshd(8): Add a log message for situations where a connection
> is dropped for attempting to run a command but a sshd_config
> ForceCommand=internal-sftp restriction is in effect; bz#2960
> - ssh(1): When prompting whether to record a new host key,
> accept the key fingerprint as a synonym for "yes". This
> allows the user to paste a fingerprint obtained out of band
> at the prompt and have the client do the comparison for you.
> - ssh-keygen(1): When signing multiple certificates on a single
> command-line invocation, allow automatically incrementing the
> certificate serial number.
> - scp(1), sftp(1): Accept -J option as an alias to ProxyJump on
> the scp and sftp command-lines.
> - ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
> command-line flags to increase the verbosity of output; pass
> verbose flags though to subprocesses, such as
> ssh-pkcs11-helper started from ssh-agent.
> - ssh-add(1): Add a "-T" option to allowing testing whether
> keys in an agent are usable by performing a signature and a
> verification.
> - sftp-server(8): Add a "lsets...@openssh.com" protocol
> extension that replicates the functionality of the existing
> SSH2_FXP_SETSTAT operation but does not follow symlinks.
> bz#2067
> - sftp(1): Add "-h" flag to chown/chgrp/chmod commands to
> request they do not follow symlinks.
> - sshd(8): Expose $SSH_CONNECTION in the PAM environment. This
> makes the connection 4-tuple available to PAM modules that
> wish to use it in decision-making. bz#2741
> - sshd(8): Add a ssh_config "Match final" predicate Matches in
> same pass as "Match canonical" but doesn't require hostname
> canonicalisation be enabled. bz#2906
> - sftp(1): Support a prefix of '@' to suppress echo of sftp
> batch commands; bz#2926
> - ssh-keygen(1): When printing certificate contents using
> "ssh-keygen -Lf /path/certificate", include the algorithm
> that the CA used to sign the cert.
> o Bugfixes
> - sshd(8): Fix authentication failures when sshd_config
> contains "AuthenticationMethods any" inside a Match block
> that overrides a more restrictive default.
> - sshd(8): Avoid sending duplicate keepalives when
> ClientAliveCount is enabled.
> - sshd(8): Fix two race conditions related to SIGHUP daemon
> restart. Remnant file descriptors in recently-forked child
> processes could block the parent sshd's attempt to listen(2)
> to the configured addresses. Also, the restarting parent sshd
> could exit before any child processes that were awaiting
> their re-execution state had completed reading it, leaving
> them in a fallback path.
> - ssh(1): Fix stdout potentially being redirected to /dev/null
> when ProxyCommand=- was in use.
> - sshd(8): Avoid sending SIGPIPE to child processes if they
> attempt to write to stderr after their parent processes have
> exited; bz#2071
> - ssh(1): Fix bad interaction between the ssh_config
> ConnectTimeout and ConnectionAttempts directives - connection
> attempts after the first were ignoring the requested timeout;
> bz#2918
> - ssh-keyscan(1): Return a non-zero exit status if no keys were
> found; bz#2903
> - scp(1): Sanitize scp filenames to allow UTF-8 characters
> without terminal control sequences; bz#2434
> - sshd(8): Fix confusion between ClientAliveInterval and
> time-based RekeyLimit that could cause connections to be
> incorrectly closed. bz#2757
> - ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN
> handling at initial token login. The attempt to read the PIN
> could be skipped in some cases, particularly on devices with
> integrated PIN readers. This would lead to an inability to
> retrieve keys from these tokens. bz#2652
> - ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set
> the CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login
> after the C_SignInit operation. bz#2638
> - ssh(1): Improve documentation for ProxyJump/-J, clarifying
> that local configuration does not apply to jump hosts.
> - ssh-keygen(1): Clarify manual - ssh-keygen -e only writes
> public keys, not private.
> - ssh(1), sshd(8): be more strict in processing protocol
> banners, allowing \r characters only immediately before \n.
> - Various: fix a number of memory leaks, including bz#2942 and
> bz#2938
> - scp(1), sftp(1): fix calculation of initial bandwidth limits.
> Account for bytes written before the timer starts and adjust
> the schedule on which recalculations are performed. Avoids an
> initial burst of traffic and yields more accurate bandwidth
> limits; bz#2927
> - sshd(8): Only consider the ext-info-c extension during the
> initial key eschange. It shouldn't be sent in subsequent
> ones, but if it is present we should ignore it. This prevents
> sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
> these clients. bz#2929
> - ssh-keygen(1): Clarify manual that ssh-keygen -F (find host
> in authorized_keys) and -R (remove host from authorized_keys)
> options may accept either a bare hostname or a
> [hostname]:port combo. bz#2935
> - ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK;
> bz#2936
> - sshd(8): Silence error messages when sshd fails to load some
> of the default host keys. Failure to load an
> explicitly-configured hostkey is still an error, and failure
> to load any host key is still fatal. pr/103
> - ssh(1): Redirect stderr of ProxyCommands to /dev/null when
> ssh is started with ControlPersist; prevents random
> ProxyCommand output from interfering with session output.
> - ssh(1): The ssh client was keeping a redundant ssh-agent
> socket (leftover from authentication) around for the life of
> the connection; bz#2912
> - sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
> PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture
> types were specified, then authentication would always fail
> for RSA keys as the monitor checks only the base key (not the
> signature algorithm) type against *AcceptedKeyTypes. bz#2746
> - ssh(1): Request correct signature types from ssh-agent when
> certificate keys and RSA-SHA2 signatures are in use.
>
> - Mandoc 1.14.5
> o Improved POSIX compliance in apropos(1) by accepting
> case-insensitive extended regular expressions by default.
> o New -O tag output option to open a page at the definition of a
> term.
> o Many tbl(7) improvements: line drawing, spanning, horizontal and
> vertical alignment in HTML output, improved column width
> calculations in terminal output, use of box drawing characters in
> UTF-8 output.
> o Much better HTML output, in particular with respect to paragraphs,
> line breaks, and vertical spacing in tagged lists. Tooltips are
> now implemented in pure CSS, the title attribute is no longer
> abused.
>
> - Xenocara
> o Xorg(1), the X window server, is no longer installed setuid.
> xenodm(1) should be used to start X.
> o The radeonsi Mesa driver is now included for hardware acceleration
> on Southern Islands and Sea Islands radeondrm(4) devices.
>
> - Ports and packages:
> o C++ ports for non-clang architectures are now compiled with ports
> gcc, so that more packages can be provided.
> o Pre-built packages are available for the following architectures on
> the day of release:
> - aarch64 (arm64): 9654
> - amd64: 10602
> - i386: 10535
> o Packages for the following architectures will be made available as
> their builds complete:
> - arm
> - mips64
> - mips64el
> - powerpc
> - sparc64
>
> - Some highlights:
>
> o AFL 2.52b o Mozilla Thunderbird 60.6.1
> o Asterisk 16.2.1 o Mutt 1.11.4 and NeoMutt 20180716
> o Audacity 2.3.1 o Node.js 10.15.0
> o CMake 3.10.2 o OCaml 4.07.1
> o Chromium 73.0.3683.86 o OpenLDAP 2.3.43 and 2.4.47
> o Emacs 26.1 o PHP 7.1.28, 7.2.17 and 7.3.4
> o FFmpeg 4.1.3 o Postfix 3.3.3 and 3.4.20190106
> o GCC 4.9.4 and 8.3.0 o PostgreSQL 11.2
> o GHC 8.2.2 o Python 2.7.16 and 3.6.8
> o GNOME 3.30.2.1 o R 3.5.3
> o Go 1.12.1 o Ruby 2.4.6, 2.5.5 and 2.6.2
> o Groff 1.22.4 o Rust 1.33.0
> o JDK 8u202 and 11.0.2+9-3 o Sendmail 8.16.0.41
> o LLVM/Clang 7.0.1 o SQLite3 3.27.2
> o LibreOffice 6.2.2.2 o Sudo 1.8.27
> o Lua 5.1.5, 5.2.4 and 5.3.5 o Suricata 4.1.3
> o MariaDB 10.0.38 o Tcl/Tk 8.5.19 and 8.6.8
> o Mono 5.18.1.0 o TeX Live 2018
> o Mozilla Firefox 66.0.2 and o Vim 8.1.1048 and Neovim 0.3.4
> ESR 60.6.1 o Xfce 4.12
>
> - As usual, steady improvements in manual pages and other documentation.
>
> - The system includes the following major components from outside
> suppliers:
> o Xenocara (based on X.Org 7.7 with xserver 1.19.7 + patches,
> freetype 2.9.1, fontconfig 2.12.4, Mesa 18.3.5, xterm 344,
> xkeyboard-config 2.20 and more)
> o LLVM/Clang 7.0.1 (+ patches)
> o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
> o Perl 5.28.1 (+ patches)
> o NSD 4.1.27
> o Unbound 1.9.1
> o Ncurses 5.7
> o Binutils 2.17 (+ patches)
> o Gdb 6.3 (+ patches)
> o Awk Aug 10, 2011 version
> o Expat 2.2.6
>
> ------------------------------------------------------------------------
> - SECURITY AND ERRATA --------------------------------------------------
>
> We provide patches for known security threats and other important
> issues discovered after each release. Our continued research into
> security means we will find new security problems -- and we always
> provide patches as soon as possible. Therefore, we advise regular
> visits to
>
> https://www.OpenBSD.org/security.html
> and
> https://www.OpenBSD.org/errata.html
>
> ------------------------------------------------------------------------
> - MAILING LISTS AND FAQ ------------------------------------------------
>
> Mailing lists are an important means of communication among users and
> developers of OpenBSD. For information on OpenBSD mailing lists, please
> see:
>
> https://www.OpenBSD.org/mail.html
>
> You are also encouraged to read the Frequently Asked Questions (FAQ) at:
>
> https://www.OpenBSD.org/faq/
>
> ------------------------------------------------------------------------
> - DONATIONS ------------------------------------------------------------
>
> The OpenBSD Project is a volunteer-driven software group funded by
> donations. Besides OpenBSD itself, we also develop important software
> like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet
> filter, the quality work of our ports development process, and many
> others. This ecosystem is all handled under the same funding umbrella.
>
> We hope our quality software will result in contributions that maintain
> our build/development infrastructure, pay our electrical/internet costs,
> and allow us to continue operating very productive developer hackathon
> events.
>
> All of our developers strongly urge you to donate and support our future
> efforts. Donations to the project are highly appreciated, and are
> described in more detail at:
>
> https://www.OpenBSD.org/donations.html
>
> ------------------------------------------------------------------------
> - OPENBSD FOUNDATION ---------------------------------------------------
>
> For those unable to make their contributions as straightforward gifts,
> the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
> not-for-profit corporation that can accept larger contributions and
> issue receipts. In some situations, their receipt may qualify as a
> business expense write-off, so this is certainly a consideration for
> some organizations or businesses.
>
> There may also be exposure benefits since the Foundation may be
> interested in participating in press releases. In turn, the Foundation
> then uses these contributions to assist OpenBSD's infrastructure needs.
> Contact the foundation directors at direct...@openbsdfoundation.org for
> more information.
>
> ------------------------------------------------------------------------
> - HTTP/HTTPS INSTALLS --------------------------------------------------
>
> OpenBSD can be easily installed via HTTP/HTTPS downloads. Typically you
> need a single small piece of boot media (e.g., a USB flash drive) and
> then the rest of the files can be installed from a number of locations,
> including directly off the Internet. Follow this simple set of
> instructions to ensure that you find all of the documentation you will
> need while performing an install via HTTP/HTTPS.
>
> 1) Read either of the following two files for a list of HTTP/HTTPS
> mirrors which provide OpenBSD, then choose one near you:
>
> https://www.OpenBSD.org/ftp.html
> https://ftp.openbsd.org/pub/OpenBSD/ftplist
>
> As of May 1, 2019, the following HTTP/HTTPS mirror sites have
> the 6.5 release:
>
> https://cdn.openbsd.org/pub/OpenBSD/6.5/ Global
> https://ftp.eu.openbsd.org/pub/OpenBSD/6.5/ Stockholm,
> Sweden
> https://ftp.hostserver.de/pub/OpenBSD/6.5/ Frankfurt,
> Germany
> http://ftp.bytemine.net/pub/OpenBSD/6.5/ Oldenburg,
> Germany
> https://ftp.fr.openbsd.org/pub/OpenBSD/6.5/ Paris, France
> https://mirror.aarnet.edu.au/pub/OpenBSD/6.5/ Brisbane,
> Australia
> https://ftp.usa.openbsd.org/pub/OpenBSD/6.5/ CO, USA
> https://ftp5.usa.openbsd.org/pub/OpenBSD/6.5/ CA, USA
> https://mirror.esc7.net/pub/OpenBSD/6.5/ TX, USA
> https://openbsd.cs.toronto.edu/pub/OpenBSD/6.5/ Toronto,
> Canada
> https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.5/ Global
> https://fastly.cdn.openbsd.org/pub/OpenBSD/6.5/ Global
>
> The release is also available at the master site:
>
> https://ftp.openbsd.org/pub/OpenBSD/6.5/ Alberta,
> Canada
>
> However it is strongly suggested you use a mirror.
>
> Other mirror sites may take a day or two to update.
>
> 2) Connect to that HTTP/HTTPS mirror site and go into the directory
> pub/OpenBSD/6.5/ which contains these files and directories.
> This is a list of what you will see:
>
> ANNOUNCEMENT arm64/ luna88k/ sgi/
> README armv7/ macppc/ sparc64/
> SHA256 hppa/ octeon/ src.tar.gz
> SHA256.sig i386/ packages/ sys.tar.gz
> alpha/ landisk/ ports.tar.gz xenocara.tar.gz
> amd64/ loongson/ root.mail
>
> It is quite likely that you will want at LEAST the following
> files which apply to all the architectures OpenBSD supports.
>
> README - generic README
> root.mail - a copy of root's mail at initial login.
> (This is really worthwhile reading).
>
> 3) Read the README file. It is short, and a quick read will make
> sure you understand what else you need to fetch.
>
> 4) Next, go into the directory that applies to your architecture,
> for example, amd64. This is a list of what you will see:
>
> BOOTIA32.EFI* bsd* floppy65.fs pxeboot*
> BOOTX64.EFI* bsd.mp* game65.tgz xbase65.tgz
> BUILDINFO bsd.rd* index.txt xfont65.tgz
> INSTALL.amd64 cd65.iso install65.fs xserv65.tgz
> SHA256 cdboot* install65.iso xshare65.tgz
> SHA256.sig cdbr* man65.tgz
> base65.tgz comp65.tgz miniroot65.fs
>
> If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
> and install65.iso. The install65.iso file (roughly 407MB in size)
> is a one-step ISO-format install CD image which contains the various
> *.tgz files so you do not need to fetch them separately.
>
> If you prefer to use a USB flash drive, fetch install65.fs and
> follow the instructions in INSTALL.amd64.
>
> 5) If you are an expert, follow the instructions in the file called
> README; otherwise, use the more complete instructions in the
> file called INSTALL.amd64. INSTALL.amd64 may tell you that you
> need to fetch other files.
>
> 6) Just in case, take a peek at:
>
> https://www.OpenBSD.org/errata.html
>
> This is the page where we talk about the mistakes we made while
> creating the 6.5 release, or the significant bugs we fixed
> post-release which we think our users should have fixes for.
> Patches and workarounds are clearly described there.
>
> ------------------------------------------------------------------------
> - X.ORG FOR MOST ARCHITECTURES -----------------------------------------
>
> X.Org has been integrated more closely into the system. This release
> contains X.Org 7.7. Most of our architectures ship with X.Org, including
> amd64, sparc64 and macppc. During installation, you can install X.Org
> quite easily. Be sure to try out xenodm(1), our new, simplified X11
> display manager forked from xdm(1).
>
> ------------------------------------------------------------------------
> - PACKAGES AND PORTS ---------------------------------------------------
>
> Many third party software applications have been ported to OpenBSD and
> can be installed as pre-compiled binary packages on the various OpenBSD
> architectures. Please see https://www.openbsd.org/faq/faq15.html for
> more information on working with packages and ports.
>
> Note: a few popular ports, e.g., NSD, Unbound, and several X
> applications, come standard with OpenBSD and do not need to be installed
> separately.
>
> ------------------------------------------------------------------------
> - SYSTEM SOURCE CODE ---------------------------------------------------
>
> The source code for all four subsystems can be found in the
> pub/OpenBSD/6.5/ directory:
>
> xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
>
> The README (https://ftp.OpenBSD.org/pub/OpenBSD/6.5/README) file
> explains how to deal with these source files.
>
> ------------------------------------------------------------------------
> - THANKS ---------------------------------------------------------------
>
> Ports tree and package building by Pierre-Emmanuel Andre, Landry Breuil,
> Visa Hankala, Stuart Henderson, Peter Hessler, and Christian Weisgerber.
> Base and X system builds by Kenji Aoyama, Theo de Raadt, and
> Visa Hankala.
>
> We would like to thank all of the people who sent in bug reports, bug
> fixes, donation cheques, and hardware that we use. We would also like
> to thank those who bought our previous CD sets. Those who did not
> support us financially have still helped us with our goal of improving
> the quality of the software.
>
> Our developers are:
>
> Aaron Bieber, Adam Wolk, Alexander Bluhm, Alexander Hall,
> Alexandr Nedvedicky, Alexandr Shadchin, Alexandre Ratchov,
> Andrew Fresh, Anil Madhavapeddy, Anthony J. Bentley,
> Antoine Jacoutot, Anton Lindqvist, Asou Masato, Ayaka Koshibe,
> Benoit Lecocq, Bjorn Ketelaars, Bob Beck, Brandon Mercer,
> Brent Cook, Brian Callahan, Bryan Steele, Can Erkin Acar,
> Carlos Cardenas, Charlene Wendling, Charles Longeau,
> Chris Cappuccio, Christian Weisgerber, Christopher Zimmermann,
> Claudio Jeker, Dale Rahn, Damien Miller, Daniel Dickman,
> Daniel Jakots, Darren Tucker, David Coppa, David Gwynne, David Hill,
> Denis Fondras, Doug Hogan, Edd Barrett, Elias M. Mariani,
> Eric Faurot, Florian Obser, Florian Riehm, Frederic Cambus,
> Gerhard Roth, Giannis Tsaraias, Gilles Chehade, Giovanni Bechis,
> Gleydson Soares, Gonzalo L. Rodriguez, Helg Bredow, Henning Brauer,
> Ian Darwin, Ian Sutton, Igor Sobrado, Ingo Feinerer, Ingo Schwarze,
> Inoguchi Kinichiro, James Turner, Jason McIntyre,
> Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas, Jeremy Evans,
> Job Snijders, Joel Sing, Joerg Jung, Jonathan Armani, Jonathan Gray,
> Jonathan Matthew, Joris Vink, Joshua Stein,
> Juan Francisco Cantero Hurtado, Kazuya Goda, Kenji Aoyama,
> Kenneth R Westerback, Kent R. Spillner, Kevin Lo, Kirill Bychkov,
> Klemens Nanni, Kurt Miller, Kurt Mosiejczuk, Landry Breuil,
> Lawrence Teo, Marc Espie, Marco Pfatschbacher, Marcus Glocker,
> Mark Kettenis, Mark Lumsden, Markus Friedl, Martijn van Duren,
> Martin Natano, Martin Pieuchot, Martynas Venckus, Mats O Jansson,
> Matthew Dempsky, Matthias Kilian, Matthieu Herrb, Michael Mikonos,
> Mike Belopuhov, Mike Larkin, Miod Vallat, Nayden Markatchev,
> Nicholas Marriott, Nigel Taylor, Okan Demirmen, Ori Bernstein,
> Otto Moerbeek, Pamela Mosiejczuk, Pascal Stumpf, Patrick Wildt,
> Paul Irofti, Pavel Korovin, Peter Hessler, Philip Guenther,
> Pierre-Emmanuel Andre, Pratik Vyas, Rafael Sadowski,
> Rafael Zalamena, Raphael Graf, Remi Locherer, Remi Pointel,
> Renato Westphal, Reyk Floeter, Ricardo Mestre, Richard Procter,
> Rob Pierce, Robert Nagy, Sasano Takayoshi, Scott Soule Cheloha,
> Sebastian Benoit, Sebastian Reitenbach, Sebastien Marie,
> Solene Rapenne, Stefan Fritsch, Stefan Kempf, Stefan Sperling,
> Steven Mestdagh, Stuart Cassoff, Stuart Henderson, Sunil Nimmagadda,
> T.J. Townsend, Ted Unangst, Theo Buehler, Theo de Raadt,
> Thomas Frohwein, Tim van der Molen, Tobias Stoeckmann,
> Todd C. Miller, Todd Mortimer, Tom Cosgrove, Ulf Brosziewski,
> Uwe Stuehler, Vadim Zhukov, Vincent Gross, Visa Hankala,
> Yasuoka Masahiko, Yojiro Uo
>
>
