Install was very quick on my Sun V100. Congratulations to all involved. Any news on if/when there will be packages for Sparc64?
On Wed, 24 Apr 2019 at 14:46, Theo de Raadt <dera...@openbsd.org> wrote: > OpenBSD 6.5 builds finished a week early, so the May 1 dated code can > go out the door 1 week early. > > ------------------------------------------------------------------------ > - OpenBSD 6.5 RELEASED ------------------------------------------------- > > May 1, 2019. > > We are pleased to announce the official release of OpenBSD 6.5. > This is our 46th release. We remain proud of OpenBSD's record of more > than twenty years with only two remote holes in the default install. > > As in our previous releases, 6.5 provides significant improvements, > including new features, in nearly all areas of the system: > > - Improved hardware support, including: > o clang(1) is now provided on mips64. > o The default linker has been switched from the binutils bfd-based > linker to lld on amd64 and i386. > o octeon: Now the system automatically detects the number of > available cores. However, manual setting of the numcores, or > coremask, boot parameter is still needed to enable secondary > cores. > o octeon: It is now possible to use the root disk's DUID as the > value of the rootdev boot parameter. > o New octgpio(4) driver for the OCTEON GPIO controller. > o New pvclock(4) driver for KVM paravirtual clock. > o New ixl(4) driver for Intel Ethernet 700 series controller > devices. > o New abcrtc(4) driver for Abracon AB1805 real-time clock. > o New imxsrc(4) driver for i.MX system reset controller. > o New uxrcom(4) driver for Exar XR21V1410 USB serial adapters. > o New mvgicp(4) driver for Marvell ARMADA 7K/8K GICP controller. > o Support for QCA AR816x/AR817x in alc(4). > o Support for isochronous transfers in xhci(4). > o uaudio(4) has been replaced by a new driver which supports USB > audio class v2.0. > o Improved support for nmea(4) devices, providing altitude and > ground speed values as sensors. > > - IEEE 802.11 wireless stack improvements: > o Reduced usage of RTS frames improves overall throughput and > latency. > o Improved transmit rate selection in the iwm(4) driver. > o Improved radio hardware calibration in the athn(4) driver. > o The bwfm(4) driver now provides more accurate device configuration > information to userland. > o Added new routing socket message RTM_80211INFO to provide details > of 802.11 interface state changes to dhclient(8) and route(8). > o If an auto-join list is configured, wireless interfaces will no > longer connect to unknown open networks by default. This behaviour > must now be explicitly enabled by adding the empty network name to > the auto-join list, e.g. ifconfig iwm0 join "", or join "" in > hostname.if files. > o The iwn(4) and iwm(4) drivers will now automatically try to > connect to a network if the radio kill switch is toggled to allow > radio transmissions while the interface is marked UP. > > - Generic network stack improvements: > o New bpe(4) Backbone Provider Edge pseudo-device. > o New mpip(4) MPLS IP layer 2 pseudowire driver. > o MPLS encapsulation interfaces support configuration of alternative > MPLS route domains. > o The vlan(4) driver bypasses queue processing and outputs directly > to the parent interface. > o New per SAD counters visible via ipsecctl(8). > o The bpf(4) filter drop mechanism has been extended to allow > dropping without capturing packets, and use of the mechanism with > tcpdump(8) as a filtering mechanism early in the device receive > path. > o ifconfig(8) gains txprio for controlling the encoding of priority > in tunnel headers, and support in drivers including vlan(4), > gre(4), gif(4), and etherip(4). > > - Installer improvements: > o rdsetroot(8) (a build-time tool) is now available for general use. > o During upgrades, some components of old releases are deleted. > > - Security improvements: > o unveil(2) has been improved to understand and find covering unveil > matches above the working directory of the running process for > relative path accesses. As a result many programs now can use > unveil in broad ways such as unveil("/", "r"). > o unveil(2) no longer silently allows stat(2) and access(2) to work > on any unveiled path component. > o Now using unveil(2) in ospfd(8), ospf6d(8), rebound(8), > getconf(1), kvm_mkdb(8), bdftopcf(1), Xserver(1), passwd(1), > spamlogd(8), spamd(8), sensorsd(8), snmpd(8), htpasswd(1), > ifstated(8). Some pledge(2) changes were required to accommodate > unveil. > o ROP mitigations in clang(1) have been improved, resulting in a > significant decrease in the number of polymorphic ROP gadgets in > binaries on i386/amd64. > o RETGUARD performance and security has been improved in clang(1) by > keeping data on registers instead of on the stack when possible, > and lengthening the epilogue trapsled on amd64 to consume the rest > of the cache line before the return. > o RETGUARD replaces the stack protector on amd64 and arm64, since > RETGUARD instruments every function that returns and provides > better security properties than the traditional stack protector. > > - Routing daemons and other userland network improvements: > o pcap-filter(3) can now filter on MPLS packets. > o The routing priority for ospfd(8), ospf6d(8) and ripd(8) is now > configurable. > o ripd(8) is now pledged. > o First release of unwind(8), a validating, recursive nameserver for > 127.0.0.1. It is particularly suitable for laptops moving between > networks. > o ifconfig(8) gains sff and sffdump modes, displaying diagnostic > information from fibre transceivers and similar modules. Currently > ix(4) and ixl(4) are supported. > o ldpd(8) now supports configuration of TCP MD5 for networks, not > just specific neighbors. > > - bgpd(8) improvements: > o bgpd(8) has now a real Adj-RIB-Out which improved overall memory > usage. > o Implemented a simple ruleset optimizer that merges filter rules > that differ only by filter sets. > o First release of OpenBGPD-portable. There is currently no FIB > support in the portable version and some other features are also > disabled. > o The configuration of BGP MPLS VPN changed and the config needs to > be adjusted if VPNs are used. > o Added support for IPv6 BGP MPLS VPNs. > o Implemented as-override in bgpd(8), a feature where the neighbor > AS is replaced by the local AS in AS paths. > o It is now possible to match multiple communities, ext-communities > or large-communities per filter rule. > o Added support for *, local-as and neighbor-as for ext-community > matching and addition or removal. > o Prevent bgpd(8) from being started more than once with the same > config. > o announce inet none no longer clears announce settings of other > address families. > o Removed potential for a spurious End-of-RIB marker being sent. > o Fixed mrt table dumps and the route collector mode. > o Improved throttling of initial routing table dump. > o bgpd(8) terminates RIB table walks if bgpctl(8) terminates early. > o Improved handling of communities, large-communities and > ext-communities in bgpctl(8) > o It is now possible to use neighbor group <name> to run bgpctl(8) > commands against the specified group of neighbors: > bgpctl neighbor group [clear|destroy|down|refresh|up] > bgpctl show neighbor group [messages|terse|timers] > bgpctl show rib neighbor group ... > o bgpctl(8) can now add networks into BGP VPN tables by specifying > the route distinguisher rd on the network command. > o bgplg(8) and bgplgsh(8) can now filter on Origin Validation State > and Extended Communities. > o bgplgsh(8) can now [clear|destroy|down|refresh|up] and show groups > of neighbors. > > - Assorted improvements: > o kcov(4) gained support for KCOV_MODE_TRACE_CMP. > o A 'video' promise was added to pledge(2). > o The kern.witnesswatch sysctl(8) has been renamed to > kern.witness.watch. > o New pthread rwlock implementation improving latency of threaded > applications. > o kubsan(4) capable of detecting undefined behavior in the kernel. > o signify -n option to zero date header in -z mode. > o Remove OXTABS from default pty flags. > o install(1) now always copies files safely (as with -S), avoiding > race conditions. > o syslog.conf(5) now supports program names containing dots and > underscores. > o tcpdump(8) already used privsep, pledge(2) and unveil(2) > containment. It now also drops root privileges completely > (switching to a reserved uid). > o The multi-threaded performance of malloc(3) has been improved. > o malloc(3) now uses sysctl(2) to get its settings, making it > respect the system-wide settings in chroots as well. > o Various improvements to the join command. > o Work has started on a ISC-licensed rsync-compatible program called > OpenRSYNC. In this release it has basic functionality such as -a, > --delete, but lacks --exclude. Work will continue. > o New Spleen font 8x16, 12x24, 16x32 and 32x64 variants added and > enabled in wsfont, along with font selection logic to allow > selecting larger fonts when available at runtime in rasops(9). > > - OpenSMTPD 6.5.0 > o New Features > - Added the new matching criteria "from rdns" to smtpd.conf(5) > to allow matching of sessions based on the reverse DNS of the > client. > - Added regex(3) support to table lookups in smtpd.conf(5). > > - LibreSSL 2.9.1 > o API and Documentation Enhancements > - CRYPTO_LOCK is now automatically initialized, with the legacy > callbacks stubbed for compatibility. > - Added the SM3 hash function from the Chinese standard GB/T > 32905-2016. > - Added the SM4 block cipher from the Chinese standard GB/T > 32907-2016. > - Added more OPENSSL_NO_* macros for compatibility with > OpenSSL. > - Partial port of the OpenSSL EC_KEY_METHOD API for use by > OpenSSH. > - Implemented further missing OpenSSL 1.1 API. > - Added support for XChaCha20 and XChaCha20-Poly1305. > - Added support for AES key wrap constructions via the EVP > interface. > o Compatibility Changes > - Added pbkdf2 key derivation support to openssl(1) enc. > - Changed the default digest type of openssl(1) enc to sha256. > - Changed the default digest type of openssl(1) dgst to sha256. > - Changed the default digest type of openssl(1) x509 > -fingerprint to sha256. > - Changed the default digest type of openssl(1) crl > -fingerprint to sha256. > o Testing and Proactive Security > - Added extensive interoperability tests between LibreSSL and > OpenSSL 1.0 and 1.1. > - Added additional Wycheproof tests and related bug fixes. > o Internal Improvements > - Simplified sigalgs option processing and handshake signing > algorithm selection. > - Added the ability to use the RSA PSS algorithm for handshake > signatures. > - Added bn_rand_interval() and use it in code needing ranges of > random bn values. > - Added functionality to derive early, handshake, and > application secrets as per RFC8446. > - Added handshake state machine from RFC8446. > - Removed some ASN.1 related code from libcrypto that had not > been used since around 2000. > - Unexported internal symbols and internalized more record > layer structs. > - Removed SHA224 based handshake signatures from consideration > for use in a TLS 1.2 handshake. > o Portable Improvements > - Added support for assembly optimizations on 32-bit ARM ELF > targets. > - Added support for assembly optimizations on Mingw-w64 > targets. > - Improved Android compatibility > o Bug Fixes > - Improved protection against timing side channels in ECDSA > signature generation. > - Coordinate blinding was added to some elliptic curves. This > is the last bit of the work by Brumley et al. to protect > against the Portsmash vulnerability. > - Ensure transcript handshake is always freed with TLS 1.2. > > - OpenSSH 8.0 > o New Features > - ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys > in PKCS#11 tokens. > - ssh(1), sshd(8): Add experimental quantum-computing resistant > key exchange method, based on a combination of Streamlined > NTRU Prime 4591^761 and X25519. > - ssh-keygen(1): Increase the default RSA key size to 3072 > bits, following NIST Special Publication 800-57's guidance > for a 128-bit equivalent symmetric security level. > - ssh(1): Allow "PKCS11Provider=none" to override later > instances of the PKCS11Provider directive in ssh_config; > bz#2974 > - sshd(8): Add a log message for situations where a connection > is dropped for attempting to run a command but a sshd_config > ForceCommand=internal-sftp restriction is in effect; bz#2960 > - ssh(1): When prompting whether to record a new host key, > accept the key fingerprint as a synonym for "yes". This > allows the user to paste a fingerprint obtained out of band > at the prompt and have the client do the comparison for you. > - ssh-keygen(1): When signing multiple certificates on a single > command-line invocation, allow automatically incrementing the > certificate serial number. > - scp(1), sftp(1): Accept -J option as an alias to ProxyJump on > the scp and sftp command-lines. > - ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v" > command-line flags to increase the verbosity of output; pass > verbose flags though to subprocesses, such as > ssh-pkcs11-helper started from ssh-agent. > - ssh-add(1): Add a "-T" option to allowing testing whether > keys in an agent are usable by performing a signature and a > verification. > - sftp-server(8): Add a "lsets...@openssh.com" protocol > extension that replicates the functionality of the existing > SSH2_FXP_SETSTAT operation but does not follow symlinks. > bz#2067 > - sftp(1): Add "-h" flag to chown/chgrp/chmod commands to > request they do not follow symlinks. > - sshd(8): Expose $SSH_CONNECTION in the PAM environment. This > makes the connection 4-tuple available to PAM modules that > wish to use it in decision-making. bz#2741 > - sshd(8): Add a ssh_config "Match final" predicate Matches in > same pass as "Match canonical" but doesn't require hostname > canonicalisation be enabled. bz#2906 > - sftp(1): Support a prefix of '@' to suppress echo of sftp > batch commands; bz#2926 > - ssh-keygen(1): When printing certificate contents using > "ssh-keygen -Lf /path/certificate", include the algorithm > that the CA used to sign the cert. > o Bugfixes > - sshd(8): Fix authentication failures when sshd_config > contains "AuthenticationMethods any" inside a Match block > that overrides a more restrictive default. > - sshd(8): Avoid sending duplicate keepalives when > ClientAliveCount is enabled. > - sshd(8): Fix two race conditions related to SIGHUP daemon > restart. Remnant file descriptors in recently-forked child > processes could block the parent sshd's attempt to listen(2) > to the configured addresses. Also, the restarting parent sshd > could exit before any child processes that were awaiting > their re-execution state had completed reading it, leaving > them in a fallback path. > - ssh(1): Fix stdout potentially being redirected to /dev/null > when ProxyCommand=- was in use. > - sshd(8): Avoid sending SIGPIPE to child processes if they > attempt to write to stderr after their parent processes have > exited; bz#2071 > - ssh(1): Fix bad interaction between the ssh_config > ConnectTimeout and ConnectionAttempts directives - connection > attempts after the first were ignoring the requested timeout; > bz#2918 > - ssh-keyscan(1): Return a non-zero exit status if no keys were > found; bz#2903 > - scp(1): Sanitize scp filenames to allow UTF-8 characters > without terminal control sequences; bz#2434 > - sshd(8): Fix confusion between ClientAliveInterval and > time-based RekeyLimit that could cause connections to be > incorrectly closed. bz#2757 > - ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN > handling at initial token login. The attempt to read the PIN > could be skipped in some cases, particularly on devices with > integrated PIN readers. This would lead to an inability to > retrieve keys from these tokens. bz#2652 > - ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set > the CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login > after the C_SignInit operation. bz#2638 > - ssh(1): Improve documentation for ProxyJump/-J, clarifying > that local configuration does not apply to jump hosts. > - ssh-keygen(1): Clarify manual - ssh-keygen -e only writes > public keys, not private. > - ssh(1), sshd(8): be more strict in processing protocol > banners, allowing \r characters only immediately before \n. > - Various: fix a number of memory leaks, including bz#2942 and > bz#2938 > - scp(1), sftp(1): fix calculation of initial bandwidth limits. > Account for bytes written before the timer starts and adjust > the schedule on which recalculations are performed. Avoids an > initial burst of traffic and yields more accurate bandwidth > limits; bz#2927 > - sshd(8): Only consider the ext-info-c extension during the > initial key eschange. It shouldn't be sent in subsequent > ones, but if it is present we should ignore it. This prevents > sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy > these clients. bz#2929 > - ssh-keygen(1): Clarify manual that ssh-keygen -F (find host > in authorized_keys) and -R (remove host from authorized_keys) > options may accept either a bare hostname or a > [hostname]:port combo. bz#2935 > - ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; > bz#2936 > - sshd(8): Silence error messages when sshd fails to load some > of the default host keys. Failure to load an > explicitly-configured hostkey is still an error, and failure > to load any host key is still fatal. pr/103 > - ssh(1): Redirect stderr of ProxyCommands to /dev/null when > ssh is started with ControlPersist; prevents random > ProxyCommand output from interfering with session output. > - ssh(1): The ssh client was keeping a redundant ssh-agent > socket (leftover from authentication) around for the life of > the connection; bz#2912 > - sshd(8): Fix bug in HostbasedAcceptedKeyTypes and > PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture > types were specified, then authentication would always fail > for RSA keys as the monitor checks only the base key (not the > signature algorithm) type against *AcceptedKeyTypes. bz#2746 > - ssh(1): Request correct signature types from ssh-agent when > certificate keys and RSA-SHA2 signatures are in use. > > - Mandoc 1.14.5 > o Improved POSIX compliance in apropos(1) by accepting > case-insensitive extended regular expressions by default. > o New -O tag output option to open a page at the definition of a > term. > o Many tbl(7) improvements: line drawing, spanning, horizontal and > vertical alignment in HTML output, improved column width > calculations in terminal output, use of box drawing characters in > UTF-8 output. > o Much better HTML output, in particular with respect to paragraphs, > line breaks, and vertical spacing in tagged lists. Tooltips are > now implemented in pure CSS, the title attribute is no longer > abused. > > - Xenocara > o Xorg(1), the X window server, is no longer installed setuid. > xenodm(1) should be used to start X. > o The radeonsi Mesa driver is now included for hardware acceleration > on Southern Islands and Sea Islands radeondrm(4) devices. > > - Ports and packages: > o C++ ports for non-clang architectures are now compiled with ports > gcc, so that more packages can be provided. > o Pre-built packages are available for the following architectures on > the day of release: > - aarch64 (arm64): 9654 > - amd64: 10602 > - i386: 10535 > o Packages for the following architectures will be made available as > their builds complete: > - arm > - mips64 > - mips64el > - powerpc > - sparc64 > > - Some highlights: > > o AFL 2.52b o Mozilla Thunderbird 60.6.1 > o Asterisk 16.2.1 o Mutt 1.11.4 and NeoMutt 20180716 > o Audacity 2.3.1 o Node.js 10.15.0 > o CMake 3.10.2 o OCaml 4.07.1 > o Chromium 73.0.3683.86 o OpenLDAP 2.3.43 and 2.4.47 > o Emacs 26.1 o PHP 7.1.28, 7.2.17 and 7.3.4 > o FFmpeg 4.1.3 o Postfix 3.3.3 and 3.4.20190106 > o GCC 4.9.4 and 8.3.0 o PostgreSQL 11.2 > o GHC 8.2.2 o Python 2.7.16 and 3.6.8 > o GNOME 3.30.2.1 o R 3.5.3 > o Go 1.12.1 o Ruby 2.4.6, 2.5.5 and 2.6.2 > o Groff 1.22.4 o Rust 1.33.0 > o JDK 8u202 and 11.0.2+9-3 o Sendmail 8.16.0.41 > o LLVM/Clang 7.0.1 o SQLite3 3.27.2 > o LibreOffice 6.2.2.2 o Sudo 1.8.27 > o Lua 5.1.5, 5.2.4 and 5.3.5 o Suricata 4.1.3 > o MariaDB 10.0.38 o Tcl/Tk 8.5.19 and 8.6.8 > o Mono 5.18.1.0 o TeX Live 2018 > o Mozilla Firefox 66.0.2 and o Vim 8.1.1048 and Neovim 0.3.4 > ESR 60.6.1 o Xfce 4.12 > > - As usual, steady improvements in manual pages and other documentation. > > - The system includes the following major components from outside > suppliers: > o Xenocara (based on X.Org 7.7 with xserver 1.19.7 + patches, > freetype 2.9.1, fontconfig 2.12.4, Mesa 18.3.5, xterm 344, > xkeyboard-config 2.20 and more) > o LLVM/Clang 7.0.1 (+ patches) > o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches) > o Perl 5.28.1 (+ patches) > o NSD 4.1.27 > o Unbound 1.9.1 > o Ncurses 5.7 > o Binutils 2.17 (+ patches) > o Gdb 6.3 (+ patches) > o Awk Aug 10, 2011 version > o Expat 2.2.6 > > ------------------------------------------------------------------------ > - SECURITY AND ERRATA -------------------------------------------------- > > We provide patches for known security threats and other important > issues discovered after each release. Our continued research into > security means we will find new security problems -- and we always > provide patches as soon as possible. Therefore, we advise regular > visits to > > https://www.OpenBSD.org/security.html > and > https://www.OpenBSD.org/errata.html > > ------------------------------------------------------------------------ > - MAILING LISTS AND FAQ ------------------------------------------------ > > Mailing lists are an important means of communication among users and > developers of OpenBSD. For information on OpenBSD mailing lists, please > see: > > https://www.OpenBSD.org/mail.html > > You are also encouraged to read the Frequently Asked Questions (FAQ) at: > > https://www.OpenBSD.org/faq/ > > ------------------------------------------------------------------------ > - DONATIONS ------------------------------------------------------------ > > The OpenBSD Project is a volunteer-driven software group funded by > donations. Besides OpenBSD itself, we also develop important software > like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet > filter, the quality work of our ports development process, and many > others. This ecosystem is all handled under the same funding umbrella. > > We hope our quality software will result in contributions that maintain > our build/development infrastructure, pay our electrical/internet costs, > and allow us to continue operating very productive developer hackathon > events. > > All of our developers strongly urge you to donate and support our future > efforts. Donations to the project are highly appreciated, and are > described in more detail at: > > https://www.OpenBSD.org/donations.html > > ------------------------------------------------------------------------ > - OPENBSD FOUNDATION --------------------------------------------------- > > For those unable to make their contributions as straightforward gifts, > the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian > not-for-profit corporation that can accept larger contributions and > issue receipts. In some situations, their receipt may qualify as a > business expense write-off, so this is certainly a consideration for > some organizations or businesses. > > There may also be exposure benefits since the Foundation may be > interested in participating in press releases. In turn, the Foundation > then uses these contributions to assist OpenBSD's infrastructure needs. > Contact the foundation directors at direct...@openbsdfoundation.org for > more information. > > ------------------------------------------------------------------------ > - HTTP/HTTPS INSTALLS -------------------------------------------------- > > OpenBSD can be easily installed via HTTP/HTTPS downloads. Typically you > need a single small piece of boot media (e.g., a USB flash drive) and > then the rest of the files can be installed from a number of locations, > including directly off the Internet. Follow this simple set of > instructions to ensure that you find all of the documentation you will > need while performing an install via HTTP/HTTPS. > > 1) Read either of the following two files for a list of HTTP/HTTPS > mirrors which provide OpenBSD, then choose one near you: > > https://www.OpenBSD.org/ftp.html > https://ftp.openbsd.org/pub/OpenBSD/ftplist > > As of May 1, 2019, the following HTTP/HTTPS mirror sites have > the 6.5 release: > > https://cdn.openbsd.org/pub/OpenBSD/6.5/ Global > https://ftp.eu.openbsd.org/pub/OpenBSD/6.5/ Stockholm, > Sweden > https://ftp.hostserver.de/pub/OpenBSD/6.5/ Frankfurt, > Germany > http://ftp.bytemine.net/pub/OpenBSD/6.5/ Oldenburg, > Germany > https://ftp.fr.openbsd.org/pub/OpenBSD/6.5/ Paris, France > https://mirror.aarnet.edu.au/pub/OpenBSD/6.5/ Brisbane, > Australia > https://ftp.usa.openbsd.org/pub/OpenBSD/6.5/ CO, USA > https://ftp5.usa.openbsd.org/pub/OpenBSD/6.5/ CA, USA > https://mirror.esc7.net/pub/OpenBSD/6.5/ TX, USA > https://openbsd.cs.toronto.edu/pub/OpenBSD/6.5/ Toronto, > Canada > https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.5/ Global > https://fastly.cdn.openbsd.org/pub/OpenBSD/6.5/ Global > > The release is also available at the master site: > > https://ftp.openbsd.org/pub/OpenBSD/6.5/ Alberta, > Canada > > However it is strongly suggested you use a mirror. > > Other mirror sites may take a day or two to update. > > 2) Connect to that HTTP/HTTPS mirror site and go into the directory > pub/OpenBSD/6.5/ which contains these files and directories. > This is a list of what you will see: > > ANNOUNCEMENT arm64/ luna88k/ sgi/ > README armv7/ macppc/ sparc64/ > SHA256 hppa/ octeon/ src.tar.gz > SHA256.sig i386/ packages/ sys.tar.gz > alpha/ landisk/ ports.tar.gz xenocara.tar.gz > amd64/ loongson/ root.mail > > It is quite likely that you will want at LEAST the following > files which apply to all the architectures OpenBSD supports. > > README - generic README > root.mail - a copy of root's mail at initial login. > (This is really worthwhile reading). > > 3) Read the README file. It is short, and a quick read will make > sure you understand what else you need to fetch. > > 4) Next, go into the directory that applies to your architecture, > for example, amd64. This is a list of what you will see: > > BOOTIA32.EFI* bsd* floppy65.fs pxeboot* > BOOTX64.EFI* bsd.mp* game65.tgz xbase65.tgz > BUILDINFO bsd.rd* index.txt xfont65.tgz > INSTALL.amd64 cd65.iso install65.fs xserv65.tgz > SHA256 cdboot* install65.iso xshare65.tgz > SHA256.sig cdbr* man65.tgz > base65.tgz comp65.tgz miniroot65.fs > > If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64 > and install65.iso. The install65.iso file (roughly 407MB in size) > is a one-step ISO-format install CD image which contains the various > *.tgz files so you do not need to fetch them separately. > > If you prefer to use a USB flash drive, fetch install65.fs and > follow the instructions in INSTALL.amd64. > > 5) If you are an expert, follow the instructions in the file called > README; otherwise, use the more complete instructions in the > file called INSTALL.amd64. INSTALL.amd64 may tell you that you > need to fetch other files. > > 6) Just in case, take a peek at: > > https://www.OpenBSD.org/errata.html > > This is the page where we talk about the mistakes we made while > creating the 6.5 release, or the significant bugs we fixed > post-release which we think our users should have fixes for. > Patches and workarounds are clearly described there. > > ------------------------------------------------------------------------ > - X.ORG FOR MOST ARCHITECTURES ----------------------------------------- > > X.Org has been integrated more closely into the system. This release > contains X.Org 7.7. Most of our architectures ship with X.Org, including > amd64, sparc64 and macppc. During installation, you can install X.Org > quite easily. Be sure to try out xenodm(1), our new, simplified X11 > display manager forked from xdm(1). > > ------------------------------------------------------------------------ > - PACKAGES AND PORTS --------------------------------------------------- > > Many third party software applications have been ported to OpenBSD and > can be installed as pre-compiled binary packages on the various OpenBSD > architectures. Please see https://www.openbsd.org/faq/faq15.html for > more information on working with packages and ports. > > Note: a few popular ports, e.g., NSD, Unbound, and several X > applications, come standard with OpenBSD and do not need to be installed > separately. > > ------------------------------------------------------------------------ > - SYSTEM SOURCE CODE --------------------------------------------------- > > The source code for all four subsystems can be found in the > pub/OpenBSD/6.5/ directory: > > xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz > > The README (https://ftp.OpenBSD.org/pub/OpenBSD/6.5/README) file > explains how to deal with these source files. > > ------------------------------------------------------------------------ > - THANKS --------------------------------------------------------------- > > Ports tree and package building by Pierre-Emmanuel Andre, Landry Breuil, > Visa Hankala, Stuart Henderson, Peter Hessler, and Christian Weisgerber. > Base and X system builds by Kenji Aoyama, Theo de Raadt, and > Visa Hankala. > > We would like to thank all of the people who sent in bug reports, bug > fixes, donation cheques, and hardware that we use. We would also like > to thank those who bought our previous CD sets. Those who did not > support us financially have still helped us with our goal of improving > the quality of the software. > > Our developers are: > > Aaron Bieber, Adam Wolk, Alexander Bluhm, Alexander Hall, > Alexandr Nedvedicky, Alexandr Shadchin, Alexandre Ratchov, > Andrew Fresh, Anil Madhavapeddy, Anthony J. Bentley, > Antoine Jacoutot, Anton Lindqvist, Asou Masato, Ayaka Koshibe, > Benoit Lecocq, Bjorn Ketelaars, Bob Beck, Brandon Mercer, > Brent Cook, Brian Callahan, Bryan Steele, Can Erkin Acar, > Carlos Cardenas, Charlene Wendling, Charles Longeau, > Chris Cappuccio, Christian Weisgerber, Christopher Zimmermann, > Claudio Jeker, Dale Rahn, Damien Miller, Daniel Dickman, > Daniel Jakots, Darren Tucker, David Coppa, David Gwynne, David Hill, > Denis Fondras, Doug Hogan, Edd Barrett, Elias M. Mariani, > Eric Faurot, Florian Obser, Florian Riehm, Frederic Cambus, > Gerhard Roth, Giannis Tsaraias, Gilles Chehade, Giovanni Bechis, > Gleydson Soares, Gonzalo L. Rodriguez, Helg Bredow, Henning Brauer, > Ian Darwin, Ian Sutton, Igor Sobrado, Ingo Feinerer, Ingo Schwarze, > Inoguchi Kinichiro, James Turner, Jason McIntyre, > Jasper Lievisse Adriaanse, Jeremie Courreges-Anglas, Jeremy Evans, > Job Snijders, Joel Sing, Joerg Jung, Jonathan Armani, Jonathan Gray, > Jonathan Matthew, Joris Vink, Joshua Stein, > Juan Francisco Cantero Hurtado, Kazuya Goda, Kenji Aoyama, > Kenneth R Westerback, Kent R. Spillner, Kevin Lo, Kirill Bychkov, > Klemens Nanni, Kurt Miller, Kurt Mosiejczuk, Landry Breuil, > Lawrence Teo, Marc Espie, Marco Pfatschbacher, Marcus Glocker, > Mark Kettenis, Mark Lumsden, Markus Friedl, Martijn van Duren, > Martin Natano, Martin Pieuchot, Martynas Venckus, Mats O Jansson, > Matthew Dempsky, Matthias Kilian, Matthieu Herrb, Michael Mikonos, > Mike Belopuhov, Mike Larkin, Miod Vallat, Nayden Markatchev, > Nicholas Marriott, Nigel Taylor, Okan Demirmen, Ori Bernstein, > Otto Moerbeek, Pamela Mosiejczuk, Pascal Stumpf, Patrick Wildt, > Paul Irofti, Pavel Korovin, Peter Hessler, Philip Guenther, > Pierre-Emmanuel Andre, Pratik Vyas, Rafael Sadowski, > Rafael Zalamena, Raphael Graf, Remi Locherer, Remi Pointel, > Renato Westphal, Reyk Floeter, Ricardo Mestre, Richard Procter, > Rob Pierce, Robert Nagy, Sasano Takayoshi, Scott Soule Cheloha, > Sebastian Benoit, Sebastian Reitenbach, Sebastien Marie, > Solene Rapenne, Stefan Fritsch, Stefan Kempf, Stefan Sperling, > Steven Mestdagh, Stuart Cassoff, Stuart Henderson, Sunil Nimmagadda, > T.J. Townsend, Ted Unangst, Theo Buehler, Theo de Raadt, > Thomas Frohwein, Tim van der Molen, Tobias Stoeckmann, > Todd C. Miller, Todd Mortimer, Tom Cosgrove, Ulf Brosziewski, > Uwe Stuehler, Vadim Zhukov, Vincent Gross, Visa Hankala, > Yasuoka Masahiko, Yojiro Uo > >