OpenBSD 5.3 released May 1, 2013

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

OpenBSD 5.3 released May 1, 2013

Stuart Henderson-10
- OpenBSD 5.3 RELEASED -------------------------------------------------

May 1, 2013.

We are pleased to announce the official release of OpenBSD 5.3.
This is our 33rd release on CD-ROM (and 34th via FTP).  We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.

As in our previous releases, 5.3 provides significant improvements,
including new features, in nearly all areas of the system:

 - Improved hardware support, including:
    o New driver oce(4) for Emulex OneConnect 10Gb Ethernet adapters.
    o New driver rtsx(4) for the Realtek RTS5209 card reader.
    o New driver mfii(4) for the LSI Logic MegaRAID SAS Fusion controllers.
    o New driver smsc(4) for SMSC LAN95xx 10/100 USB Ethernet adapters.
    o New drivers for Toradex OAK USB sensors: uoaklux(4) (illuminance),
      uoakrh(4) (temperature and relative humidity) and
      uoakv(4) (+/- 10V 8channel ADC).
    o New drivers for virtio(4) devices: vio(4) (network), vioblk(4)
      (block devices, attaching as SCSI disks) and viomb(4)
      (memory ballooning).
    o Support for Adaptec 39320LPE added to ahd(4).
    o Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in bge(4).
    o Intel X540-based 10Gb Ethernet devices supported in ix(4).
    o Support for SFP+ hot-plug (82599) and various other improvements
      in ix(4).
    o TX interrupt mitigation, hardware VLAN tagging and checksum offload
      reduce CPU use in vr(4).
    o Baby jumbo frames supported in vr(4) and sis(4) useful for e.g. MPLS,
      vlan(4) tag stacking (QinQ) and RFC4638 pppoe(4).
    o TCP RX Checksum offload in gem(4).
    o Improvements for NICs using 82579/pch2 in em(4).
    o Flow control is now supported on bnx(4) 5708S/5709S adapters,
      gem(4) and jme(4).
    o Power-saving clients supported in hostap mode with acx(4) and athn(4).
    o A cause of RT2661 ral(4) wedging in hostap mode was fixed.
    o iwn(4) supports additional devices (Centrino Advanced-N 6235 and
      initial support for Centrino Wireless-N 1030).
    o Improvements to ahci(4).
    o Support for the fixed-function performance counter on newer x86
      chips with constant time stamp counters.
    o Elantech touchpads supported in pms(4) and synaptics(4).
    o Support for "physical devices" on skinny mfi(4) controllers.
    o VMware emulated SAS adapters supported by mpi(4).
    o Support for Intel's Supervisor Mode Execution Protection (SMEP)
      and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64.
    o Support for the RDRAND instruction to read the hardware random
      number generator on recent Intel processors.
    o amd64 PCI memory extent changed to cover the whole 64-bit memory
      space; fixes erroneous extent allocation panic on IBM x3100.
    o ulpt(4) can now upload firmware to certain HP LaserJet printers.
    o Added stat clock to Loongson machines, improving accuracy of CPU
      usage statistics.
    o CPU throttling supported on Loongson 2F.
    o Support for Apple UniNorth and U3 AGP added to agp(4).
    o DRM support for macppc.

 - Generic network stack improvements:
    o Restriction on writing to trunk(4) member interfaces relaxed; BPF
      can now write to interfaces directly (useful for LLDP).
    o UDP support added to sosplice(9) (zero-copy socket splicing).
    o IPv6 autoconfprivacy is enabled by default (can be disabled
      per-interface with an ifconfig(8) flag).
    o ifconfig(8) hwfeatures displays the maximum MTU supported by
      the driver (indicating support for jumbo/baby-jumbo frames).
    o Vastly improved IPsec v3 compatibility, including support for
      Extended Sequence Numbers in the AES-NI driver for AES-GCM
      and other modes.

 - Routing daemons and other userland network improvements:
    o OpenBSD now includes npppd(8), a server-side daemon for L2TP,
      L2TP/IPsec, PPTP and PPPoE.
    o New standalone tftp-proxy(8) to replace the old inetd(8)-based implementation.
    o SNMPv3 supported in snmpd(8).
    o bgpd(8) is more tolerant of unknown capabilities when bringing
      up a session (logs a warning rather than fails).
    o bgpd(8) now handles client side of "graceful restart".
    o bgpd(8) can now filter based on the NEXTHOP attribute.
    o A stratum can now be assigned to hardware sensors in ntpd(8).
    o authpf(8) now supports the use of per-group rules files.
    o ftp(1) client now supports basic HTTP authentication as per
      RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file".
    o ftp(1) client's mput command allows to upload a directory
      tree recursively using the -r switch.
    o relayd(8) has various improvements including additional
      scheduling algorithms (least-states, for redirections, and
      random/source-hash, for relays).
    o The iked(8) IKEv2 daemon supports NAT-T. (The isakmpd daemon
      for IKEv1 has supported this for a long time).
    o iked(8) blocks IPv6 traffic unless there are v6 VPN flows; this
      is to prevent leakages as described in draft-gont-opsec-vpn-leakages.

- dhclient(8) improvements:
    o dhclient-script eliminated, all configuration is done with ioctl's
      and routing sockets.
    o Interface configuration is much faster.
    o HUP signals cause dhclient to restart; making it re-read the
      dhclient.conf(5) and resolv.conf.tail(5) files, and obtain a new lease.
    o INIT, USR1, USR2 signals cause dhclient to exit after attempting
      to remove routes and addresses it configured.
    o resolv.conf(5) is written only when the in-use default route was
      inserted by dhclient. Possible changes to the default route are
      detected and cause dhclient to write out resolv.conf when appropriate.
    o Interface hardware address changes are detected and cause
      dhclient to restart.
    o dhclient.conf directive 'ignore' and command line option '-i'
      added, allowing the suppression of specific options offered by server.
    o '-L' command line option added, allowing the creation of a complete
      record of the most recent offer and what we modified it to when
      binding the lease.
    o Rejected offers no longer prevent dhclient from trying recorded
      leases and going daemon.
    o Cleanup of routing tables when starting and exiting is more complete.
    o Log messages cleaned up and reduced.
    o dhclient(8) is automatically placed in the routing domain of the interface.
    o Incoming and outgoing packet buffers are separate, eliminating
      possible transmission of inappropriate packets when re-trying
    o resolv.conf.tail read only once, at startup.
    o Both OFFER and ACK packets that lack required options are rejected.
    o File names passed to '-L' and '-l' are constrained to be regular files.
    o Bind success reported after binding complete, not when it is started.
    o Privileged process daemonizes, eliminating its controlling terminal.
    o STDIN/STDOUT/STDERR no longer redirected to /dev/null when '-d' specified.
    o All existing addresses on the interface are deleted when binding
      a new lease.
    o Leases which would cause routing problems because another interface
      is already configured with the same subnet are rejected.
    o Premature and repeated DISCOVER and/or REQUEST messages at startup
      are avoided.
    o Permanent ARP cache entries are no longer deleted during binding.
    o Allow empty lists of option names for 'ignore', 'request', and
      'require' dhclient.conf directives, so lists can be reset in
      interface declarations.
    o dhcpd(8) and dhclient recognize the same list of dhcp options.
    o Hand-rolled IMSG implementation replaced with imsg_init(3) and
      related functions..
    o Hand-rolled date string construction replaced with strftime(3)
    o Hand-rolled '%m' option replaced with strerror(3) invocations.
    o Many other internal code improvements.

 - pf(4) improvements:
    o The divert(4) socket now supports the new IP_DIVERTFL socket option
      to control whether both inbound and outbound packets are diverted
      (the default) or only packets travelling in one direction.
    o Sloppy state tracking (a special mode occasionally needed with
      asymmetric routing) now works correctly with ICMP.
    o PF now restricts the fragment limit to protect against a
      misconfiguration running the kernel out of mbuf clusters.

- OpenSMTPD 5.3:
    o New features:
      - Code is now considered stable and suitable for use in production.
      - smtpctl(8) trace supports runtime tracing of various components,
        including imsg exchanges, incoming and outgoing sessions, aliases
        expansion and much more.
      - smtpctl(8) monitor can now be used to monitor in real-time an
        instance of smtpd(8).
      - smtpctl(8) show queue now supports an "online" mode where the
        scheduler is queried instead of the disk-based queue to provide
        more accurate information.
      - Virtual domain support has been reworked to simplify and bring
        support for new features like global catch-alls and shared
        user mappings.
      - New table API replaces the map API: better handling of transient
        errors, improved performances and a much better interface.
      - The transfer process may now select the source IP address to
        use as well as the HELO hostname to advertise from a table.
      - Each listener may advertise a different banner hostname.
      - An alternate user database may be provided instead of
        instance of smtpd(8).relying on getpwnam(3).
      - Users may now be authenticated using credentials from a table.
      - Incoming sessions can be tagged, allowing for rules to only
        match envelopes that have been reinjected in the daemon after
        being passed to a proxy tool.
      - Intermediate bounces are now sent at configurable rates.
      - Rules can now check for a sender email address or domain.
      - Experimental (yet functional) support for aldap and sqlite as
        table backends.
    o Improvements:
      - Improved logging format to make it both easier to read and parse.
      - Improved memory use by scheduler, smtp, queue and transfer
      - More reliable and efficient disk-based queue.
      - Improved scheduler, dns and relaying logic that optimizes transfers.
      - Simplified grammar for smtpd.conf(5).
      - Initial support for client and server SSL peer certificates
      - SSL certificate tree is now isolated and network-facing processes
        request SSL information on-demand by imsg.
      - Improved and simplified SMTP and MTA engines.
      - Much improved performances on both incoming and outgoing code paths.
      - Tons of cleanup and assorted minor bug fixes.

 - Security improvements:
    o Position-independent executables (PIE) are now used by default
      on alpha, amd64, hppa, landisk, loongson, sgi and sparc64.
    o gcc(1) stack smashing protector added for Alpha and MIPS
      (enabled by default).
    o Shared libraries on GCC 4 platforms now each get their own stack
      protector cookies instead of sharing a single global cookie.

 - Performance improvements:
    o Switch default disk I/O sort algorithm to NSCAN for improved
      fairness and response times.
    o Softdep speedup improvements by the revert of a previously
      necessary workaround to prevent kva starvation.
    o Large performance and reliability improvements in make(1), especially
      in parallel mode.  Make no longer does any busy waiting, it
      handles concurrent targets correctly, and displays more accurate
      error messages.
    o Increased stack alignment in constructor functions and new threads
      on i386 to meet requirements for SSE.
    o Coredumping no longer hogs CPU or I/O and can be aborted by sending
      the process a SIGKILL signal.

 - Threading improvements:
    o Threaded programs and libraries can now be linked with the
      POSIX-standard -lpthread flag instead of the
      OpenBSD-specific -pthread flag
    o abort(3) and raise(3) now direct the signal to the calling thread,
      as specified by POSIX.
    o Whether a thread is currently executing on an alternate signal
      stack (c.f. sigaltstack(2)) is now determined dynamically, so the
      stack can be reused if siglongjmp(3) is used to exit the signal handler.
    o libpthread now caches automatically allocated, default size
      thread stacks.
    o Improvements in the handling of profiling, tracing, and %cpu
      calculation of threaded processes.

 - Assorted improvements:
    o ldomctl(8) was added to manage logical domains on sun4v systems
      through ldomd(8).
    o Support for WPA Enterprise was added to the wpa_supplicant package.
    o OpenBSD/luna88k and OpenBSD/mvme88k have switched to GCC 3, elf(5)
      and gained shared library support.
    o OpenBSD/hp300 and OpenBSD/mvme68k have switched to GCC 3 and elf(5).
    o softraid(4) RAID1 and crypto volumes are now bootable on i386
      and amd64 (full disk encryption).
    o The mg(1) emacs-like editor now supports diff-buffer-with-file,
      make-directory and revert-buffer. Column numbers have been made
      configurable and locale is respected for ctype purposes, like
      displaying ISO Latin 1 characters.
    o Improved our own pkg-config(1) implementation to make it compatible
      with's 0.27.1 release.
    o A number of improvements to the buffer cache and page daemon
      interactions to avoid issues in low memory/low kva situations.
    o Various bug fixes in uvm to avoid potential races and
      deadlock issues.
    o Memory filesystem (mfs) switched to bufq, giving us queue limits
      and FIFO queueing (rather than the current LIFO queueing).
    o Many improvements to the cwm(1) window manager, including tab
      completion and Xft support for menus, improved Xinerama support,
      and per-group vertical/horizontal manual tiling support.
    o Added dprintf(3), grantpt(3), posix_openpt(3), ptsname(3),
      unlockpt(3), and vdprintf(3).
    o Corrected the order of invocation of constructor and destruction
    o Improved compliance and/or cleanliness of header files, particularly
      <dlfcn.h>, <netdb.h>, <net/if.h>, <netinet/in.h>, <sys/socket.h>,
      <sys/uio.h>, and <sys/un.h>.

 - OpenSSH 6.2:
    o New features:
      - ssh(1) and sshd(8): Added support for AES-GCM authenticated
        encryption in SSH protocol 2. The new cipher is available as
        "[hidden email]" and "[hidden email]". It uses
        an identical packet format to the AES-GCM mode specified in
        RFC 5647, but uses simpler and different selection rules during
        key exchange.
      - ssh(1) and sshd(8): Added support for encrypt-then-mac (EtM)
        MAC modes for SSH protocol 2. These modes alter the packet
        format and compute the MAC over the packet length and encrypted
        packet rather than over the plaintext data. These modes are
        considered more secure and are used by default when available.
      - ssh(1) and sshd(8): Added support for the UMAC-128 MAC as
        "[hidden email]" and "[hidden email]". The
        latter being an encrypt-then-mac mode.
      - sshd(8): Added support for multiple required authentication
        in SSH protocol 2 via an AuthenticationMethods option. This
        option lists one or more comma-separated lists of authentication
        method names. Successful completion of all the methods in any
        list is required for authentication to complete. This allows,
        for example, requiring a user having to authenticate via public
        key or GSSAPI before they are offered password authentication.
      - sshd(8) and ssh-keygen(1): Added support for Key Revocation
        Lists (KRLs), a compact binary format to represent lists of
        revoked keys and certificates that take as little as one bit
        per certificate when revoking by serial number. KRLs may be
        generated using ssh-keygen(1) and are loaded into sshd(8) via
        the existing RevokedKeys sshd_config(5) option.
      - ssh(1): IdentitiesOnly now applies to keys obtained from a
        PKCS11Provider. This allows control of which keys are offered
        from tokens using IdentityFile.
      - sshd(8): sshd_config(5)'s AllowTcpForwarding now accepts "local"
        and "remote" in addition to its previous "yes"/"no" keywords to
        allow the server to specify whether just local or remote TCP
        forwarding is enabled.
      - sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand
        to support fetching authorized_keys from a command in addition
        to (or instead of) from the filesystem. The command is run under
        an account specified by an AuthorizedKeysCommandUser
        sshd_config(5) option.
      - sftp-server(8): Now supports a -d option to allow the starting
        directory to be something other than the user's home directory.
      - ssh-keygen(1): Now allows fingerprinting of keys hosted in
        PKCS#11 tokens using "ssh-keygen -lD pkcs11_provider".
      - ssh(1): When SSH protocol 2 only is selected (the default),
        ssh(1) now immediately sends its SSH protocol banner to the
        server without waiting to receive the server's banner, saving
        time when connecting.
      - ssh(1) Added ~v and ~V escape sequences to raise and lower the
        logging level respectively.
      - ssh(1) Made the escape command help (~?) context sensitive so
        that only commands that will work in the current session are shown.
      - ssh-keygen(1): When deleting host lines from known_hosts using
        "ssh-keygen -R host", ssh-keygen(1) now prints details of
        which lines were removed.
    o The following significant bugs have been fixed in this release:
      - ssh(1): Force a clean shutdown of ControlMaster client sessions
        when the ~. escape sequence is used. This means that ~. should
        now work in mux clients even if the server is no longer responding.
      - ssh(1): Correctly detect errors during local TCP forward
        setup in multiplexed clients. (bz#2055)
      - ssh-add(1): Made deleting explicit keys "ssh-add -d" symmetric
        with adding keys with respect to certificates. It now tries to
        delete the corresponding certificate and respects the -k option
        to allow deleting of the key only.
      - sftp(1): Fix a number of parsing and command-editing bugs,
        including bz#1956.
      - ssh(1): When muxmaster is run with -N, ensure that it shuts
        down gracefully when a client sends it "-O stop" rather than
        hanging around. (bz#1985)
      - ssh-keygen(1): When screening moduli candidates, append to the
        file rather than overwriting to allow resumption. (bz#1957)
      - ssh(1): Record "Received disconnect" messages at ERROR rather
        than INFO priority. (bz#2057)
      - ssh(1): Loudly warn if explicitly-provided private key is
        unreadable. (bz#1981)

 - Over 7,800 ports, major performance and stability improvements in
   the package build process
 - The parallel ports builder is more efficient. The main improvement
   is that dpb consumes much less cpu on busy boxes, but there are
   lots of small optimizations that amount to a large performance
   increase: dpb can now build selected large ports using parallel
   make, and it has a notion of affinity, so that ports failing on a
   cluster will be preferentially restarted on the same machine.

 - Many pre-built packages for each architecture:
    o i386:  7670                     o sparc64: 6756
    o alpha: 6151                     o sh: 1111
    o amd64: 7632                     o powerpc: 7215
    o sparc: 4635                     o arm: 4944
    o hppa: 6401                      o vax: 2081
    o mips64: 6519                    o mips64el: 6539

 - Some highlights:
    o GNOME 3.6.2                     o KDE 3.5.10
    o Xfce 4.10                       o MySQL 5.1.68
    o PostgreSQL 9.2.3                o Postfix 2.9.6
    o OpenLDAP 2.3.43 and 2.4.33      o GHC 7.4.2
    o Mozilla Firefox 3.6.28 and 18.0.2
    o Mozilla Thunderbird 17.0.2      o LibreOffice
    o Emacs 21.4 and 24.2             o Vim 7.3.154
    o PHP 5.2.17 and 5.3.21           o Python 2.5.4, 2.7.3 and 3.2.3
    o Ruby and    o Tcl/Tk 8.5.13 and 8.6.0
    o Jdk and       o Mono 2.10.9
    o Chromium 24.0.1312.68           o Groff 1.21
    o Go 1.0.3                        o GCC 4.6.3 and 4.7.2
    o LLVM/Clang 3.2

 - As usual, steady improvements in manual pages and other documentation.

 - The system includes the following major components from outside suppliers:
    o Xenocara (based on X.Org 7.7 with xserver 1.12.3 + patches,
      freetype 2.4.11, fontconfig 2.8.0, Mesa 7.11.2, xterm 287,
      xkeyboard-config 2.7 and more)
    o Gcc 4.2.1 (+ patches), 3.3.5 (+ patches) and 2.95.3 (+ patches)
    o Perl 5.12.2 (+ patches)
    o Our improved and secured version of Apache 1.3, with SSL/TLS
      and DSO support
    o Nginx 1.2.6 (+ patches)
    o OpenSSL 1.0.1c (+ patches)
    o SQLite (+ patches)
    o Sendmail 8.14.6, with libmilter
    o Bind 9.4.2-P2 (+ patches)
    o NSD 3.2.15
    o Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
    o Sudo 1.7.2p8
    o Ncurses 5.7
    o Heimdal 0.7.2 (+ patches)
    o Binutils 2.15 (+ patches)
    o Gdb 6.3 (+ patches)
    o Less 444 (+ patches)
    o Awk Aug 10, 2011 version

If you'd like to see a list of what has changed between OpenBSD 5.2
and 5.3, look at

Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.

- SECURITY AND ERRATA --------------------------------------------------

We provide patches for known security threats and other important
issues discovered after each CD release.  As usual, between the
creation of the OpenBSD 5.3 FTP/CD-ROM binaries and the actual 5.3
release date, our team found and fixed some new reliability problems
(note: most are minor and in subsystems that are not enabled by
default).  Our continued research into security means we will find
new security problems -- and we always provide patches as soon as
possible.  Therefore, we advise regular visits to

Security patch announcements are sent to the [hidden email]
mailing list.  For information on OpenBSD mailing lists, please see:

- CD-ROM SALES ---------------------------------------------------------

OpenBSD 5.3 is also available on CD-ROM.  The 3-CD set costs $50 CDN and
is available via mail order and from a number of contacts around the
world.  The set includes a colourful booklet which carefully explains the
installation of OpenBSD.  A new set of cute little stickers is also
included (sorry, but our FTP mirror sites do not support STP, the Sticker
Transfer Protocol).  As an added bonus, the second CD contains an audio
track, a song entitled "Blade Swimmer".  MP3 and OGG versions of
the audio track can be found on the first CD.

Lyrics (and an explanation) for the songs may be found at:

Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

The OpenBSD 5.3 CD-ROMs are bootable on the following platforms:

  o i386
  o amd64
  o sparc64

(Other platforms must boot from floppy, network, or other method).

For more information on ordering CD-ROMs, see:

The above web page lists a number of places where OpenBSD CD-ROMs
can be purchased from.  For our default mail order, go directly to:

All of our developers strongly urge you to buy a CD-ROM and support
our future efforts.  Additionally, donations to the project are
highly appreciated, as described in more detail at:

- OPENBSD FOUNDATION ---------------------------------------------------

For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation ( is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts.  In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses.  There may also be exposure benefits
since the Foundation may be interested in participating in press releases.
In turn, the Foundation then uses these contributions to assist OpenBSD's
infrastructure needs.  Contact the foundation directors at
[hidden email] for more information.

- T-SHIRT SALES --------------------------------------------------------

The OpenBSD distribution companies also sell tshirts and polo shirts,
with new and old designs, available from our web ordering system.

- FTP INSTALLS ---------------------------------------------------------

If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily
installed via FTP or HTTP downloads.  Typically you need a single
small piece of boot media (e.g., a boot floppy) and then the rest
of the files can be installed from a number of locations, including
directly off the Internet.  Follow this simple set of instructions
to ensure that you find all of the documentation you will need
while performing an install via FTP or HTTP.  With the CD-ROMs,
the necessary documentation is easier to find.

1) Read either of the following two files for a list of ftp/http
   mirrors which provide OpenBSD, then choose one near you:

   As of May 1, 2013, the following ftp mirror sites have the 5.3 release:       Stockholm, Sweden         Oldenburg, Germany       Zurich, Switzerland       Paris, France      Vienna, Austria     Brisbane, Australia      CO, USA     CA, USA

        The release is also available at the master site:          Alberta, Canada

        However it is strongly suggested you use a mirror.

   Other mirror sites may take a day or two to update.

2) Connect to that ftp mirror site and go into the directory
   pub/OpenBSD/5.3/ which contains these files and directories.
   This is a list of what you will see:

        ANNOUNCEMENT     armish/          macppc/          sparc/
        Changelogs/      ftplist          mvme68k/         sparc64/
        HARDWARE         hp300/           mvme88k/         src.tar.gz
        PACKAGES         hppa/            packages/        sys.tar.gz
        PORTS            i386/            ports.tar.gz     tools/
        README           landisk/         root.mail        vax/
        alpha/           loongson/        sgi/             xenocara.tar.gz
        amd64/           luna88k/         socppc/          zaurus/

   It is quite likely that you will want at LEAST the following
   files which apply to all the architectures OpenBSD supports.

        README          - generic README
        HARDWARE        - list of hardware we support
        PORTS           - description of our "ports" tree
        PACKAGES        - description of pre-compiled packages
        root.mail       - a copy of root's mail at initial login.
                          (This is really worthwhile reading).

3) Read the README file.  It is short, and a quick read will make
   sure you understand what else you need to fetch.

4) Next, go into the directory that applies to your architecture,
   for example, i386.  This is a list of what you will see:

        INSTALL.i386    cd53.iso        floppyB53.fs    pxeboot*
        INSTALL.linux   cdboot*         floppyC53.fs    xbase53.tgz
        MD5             cdbr*           game53.tgz      xetc53.tgz
        base53.tgz      cdemu53.iso     index.txt       xfont53.tgz
        bsd*            comp53.tgz      install53.iso   xserv53.tgz*         etc53.tgz       man53.tgz       xshare53.tgz
        bsd.rd*         floppy53.fs     misc53.tgz

   If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386
   and the appropriate floppy*.fs or install53.iso files.  Consult the
   INSTALL.i386 file if you don't know which of the floppy images
   you need (or simply fetch all of them).

   If you use the install53.iso file (roughly 250MB in size), then you
   do not need the various *.tgz files since they are contained on that
   one-step ISO-format install CD.

5) If you are an expert, follow the instructions in the file called
   README; otherwise, use the more complete instructions in the
   file called INSTALL.i386.  INSTALL.i386 may tell you that you
   need to fetch other files.

6) Just in case, take a peek at:

   This is the page where we talk about the mistakes we made while
   creating the 5.3 release, or the significant bugs we fixed
   post-release which we think our users should have fixes for.
   Patches and workarounds are clearly described there.

Note: If you end up needing to write a raw floppy using Windows,
      you can use "fdimage.exe" located in the pub/OpenBSD/5.3/tools
      directory to do so.

- X.ORG FOR MOST ARCHITECTURES -----------------------------------------

X.Org has been integrated more closely into the system.  This release
contains X.Org 7.7.  Most of our architectures ship with X.Org, including
amd64, sparc, sparc64 and macppc.  During installation, you can install
X.Org quite easily.  Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.

- PORTS TREE -----------------------------------------------------------

The OpenBSD ports tree contains automated instructions for building
third party software.  The software has been verified to build and
run on the various OpenBSD architectures.  The 5.3 ports collection,
including many of the distribution files, is included on the 3-CD
set.  Please see the PORTS file for more information.

Note: some of the most popular ports, e.g., the Apache web server
and several X applications, come standard with OpenBSD.  Also, many
popular ports have been pre-compiled for those who do not desire
to build their own binaries (see BINARY PACKAGES, below).

- BINARY PACKAGES WE PROVIDE -------------------------------------------

A large number of binary packages are provided.  Please see the PACKAGES
file ( for more details.

- SYSTEM SOURCE CODE ---------------------------------------------------

The CD-ROMs contain source code for all the subsystems explained
above, and the README (
file explains how to deal with these source files.  For those who
are doing an FTP install, the source code for all four subsystems
can be found in the pub/OpenBSD/5.3/ directory:

        xenocara.tar.gz     ports.tar.gz   src.tar.gz     sys.tar.gz

- THANKS ---------------------------------------------------------------

Ports tree and package building by Jasper Lievisse Adriaanse,
Pierre-Emmanuel Andre, Landry Breuil, Michael Erdely, Stuart Henderson,
Peter Hessler, Paul Irofti, Antoine Jacoutot, Sebastian Reitenbach,
and Christian Weisgerber.  System builds by Theo de Raadt and Miod
Vallat. X11 builds by Todd Fries and Miod Vallat.  ISO-9660 filesystem
layout by Theo de Raadt.

We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use.  We would also like
to thank those who pre-ordered the 5.3 CD-ROM or bought our previous
CD-ROMs.  Those who did not support us financially have still helped
us with our goal of improving the quality of the software.

Our developers are:

    Aaron Bieber, Alexander Bluhm, Alexander Hall, Alexander Yurchenko,
    Alexandr Shadchin, Alexandre Ratchov, Anil Madhavapeddy,
    Anthony J. Bentley, Antoine Jacoutot, Austin Hook, Benoit Lecocq,
    Bob Beck, Brad Smith, Brandon Mercer, Bret Lambert, Brett Mahar,
    Brian Callahan, Bryan Steele, Camiel Dobbelaar, Can Erkin Acar,
    Charles Longeau, Chris Cappuccio, Christian Ehrhardt,
    Christian Weisgerber, Christiano F. Haesbaert,
    Christopher Zimmermann, Claudio Jeker, Damien Miller, Darren Tucker,
    David Coppa, David Gwynne, David Krause, Edd Barrett, Eric Faurot,
    Federico G. Schwindt, Felix Kronlage, Florian Obser, Gerhard Roth,
    Gilles Chehade, Giovanni Bechis, Gleydson Soares,
    Gonzalo L. Rodriguez, Henning Brauer, Ian Darwin, Igor Sobrado,
    Ingo Schwarze, Jakob Schlyter, James Turner, Janne Johansson,
    Jason George, Jason McIntyre, Jasper Lievisse Adriaanse,
    Jeremy Evans, Jim Razmus II, Joel Knight, Joel Sing, Joerg Jung,
    Jolan Luff, Jonathan Armani, Jonathan Gray, Jonathan Matthew,
    Joshua Elsasser, Joshua Stein, Kenji Aoyama, Kenneth R Westerback,
    Kirill Bychkov, Kurt Miller, Landry Breuil, Laurent Fanis,
    Lawrence Teo, Luke Tymowski, Marc Espie, Marco Pfatschbacher,
    Marcus Glocker, Mark Kettenis, Mark Lumsden, Markus Friedl,
    Martin Pieuchot, Martynas Venckus, Mats O Jansson, Matthew Dempsky,
    Matthias Kilian, Matthieu Herrb, Michael Erdely, Mike Belopuhov,
    Mike Larkin, Miod Vallat, Nayden Markatchev, Nicholas Marriott,
    Nick Holland, Nigel Taylor, Okan Demirmen, Otto Moerbeek,
    Pascal Stumpf, Patrick Wildt, Paul de Weerd, Paul Irofti,
    Peter Hessler, Peter Valchev, Philip Guenther,
    Pierre-Emmanuel Andre, Pierre-Yves Ritschard, Remi Pointel,
    Reyk Floeter, Robert Nagy, Robert Peichaer, Ryan Freeman,
    Ryan Thomas McBride, Sasano, Sebastian Benoit, Sebastian Reitenbach,
    Simon Perreault, Stefan Fritsch, Stefan Sperling,
    Stephan A. Rickauer, Steven Mestdagh, Stuart Cassoff,
    Stuart Henderson, Takuya Asada, Ted Unangst, Theo de Raadt,
    Tobias Stoeckmann, Tobias Ulmer, Tobias Weingartner, Todd C. Miller,
    Todd Fries, Vadim Zhukov, Will Maier, William Yodlowsky,
    Yasuoka Masahiko, Yojiro Uo