======================================================================
= OpenBSD =
======================================================================
Introduction
======================================================================
OpenBSD is a security-focused, free software, Unix-like operating
system based on the Berkeley Software Distribution (BSD). Theo de
Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD
project emphasizes portability, standardization, correctness,
proactive security, and integrated cryptography.
The OpenBSD project maintains portable versions of many subsystems as
packages for other operating systems. Because of the project's
preferred BSD license, which allows binary redistributions without the
source code, many components are reused in proprietary and
corporate-sponsored software projects. The firewall code in Apple's
macOS is based on OpenBSD's PF firewall code, Android's Bionic C
standard library is based on OpenBSD code, LLVM uses OpenBSD's regular
expression library, and Windows 10 uses OpenSSH (OpenBSD Secure Shell)
with LibreSSL.
The word "open" in the name OpenBSD refers to the availability of the
operating system source code on the Internet, although the word "open"
in the name OpenSSH means "OpenBSD". It also refers to the wide range
of hardware platforms the system supports. OpenBSD supports a variety
of system architectures including x86-64, IA-32, ARM, PowerPC, and
64-bit RISC-V. Its default GUI is the X11 interface.
History
======================================================================
In December 1994, Theo de Raadt, a founding member of the NetBSD
project, was asked to resign from the NetBSD core team over
disagreements and conflicts with the other members of the NetBSD team.
In October 1995, De Raadt founded OpenBSD, a new project forked from
NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996,
followed by OpenBSD 2.0 in October of the same year. Since then, the
project has issued a release every six months, each of which is
supported for one year.
On 25 July 2007, OpenBSD developer Bob Beck announced the formation of
the OpenBSD Foundation, a Canadian non-profit organization formed to
"act as a single point of contact for persons and organizations
requiring a legal entity to deal with when they wish to support
OpenBSD."
In 2024, the project had separated far enough that all files which
were a part of the original fork from NetBSD had been either modified
or removed, with the replacement of a data file for the "quiz"
program.
Usage statistics
======================================================================
It is hard to determine how widely OpenBSD is used, because the
developers do not publish or collect usage statistics.
In September 2005, the BSD Certification Group surveyed 4330
individual BSD users, showing that 32.8% used OpenBSD, behind FreeBSD
with 77%, ahead of NetBSD with 16.3% and DragonFly BSD with 2.6%.
However, the authors of this survey clarified that it is neither
"exhaustive" nor "completely accurate", since the survey was spread
mainly through mailing lists, forums and word of mouth. This combined
with other factors, like the lack of a control group, a pre-screening
process or significant outreach outside of the BSD community, makes
the survey unreliable for judging BSD usage globally.
Network appliances
====================
OpenBSD features a robust TCP/IP networking stack, and can be used as
a router or wireless access point. OpenBSD's security enhancements,
built-in cryptography, and packet filter make it suitable for security
purposes such as firewalls, intrusion-detection systems, and VPN
gateways.
Several proprietary systems are based on OpenBSD, including devices
from Armorlogic (Profense web application firewall), Calyptix
Security, GeNUA, RTMX, and .vantronix.
Other operating systems
=========================
Some versions of Microsoft's Services for UNIX, an extension to the
Windows operating system to provide Unix-like functionality, use much
of the OpenBSD code base that is included in the Interix
interoperability suite, developed by Softway Systems Inc., which
Microsoft acquired in 1999. Core Force, a security product for
Windows, is based on OpenBSD's pf firewall. The pf firewall is also
found in other operating systems: including FreeBSD, and macOS.
Personal computers
====================
OpenBSD ships with Xenocara, an implementation of the X Window System,
and is suitable as a desktop operating system for personal computers,
including laptops. , OpenBSD includes approximately 8000 packages in
its software repository, including desktop environments such as
Lumina, GNOME, KDE Plasma, and Xfce, and web browsers such as Firefox
and Chromium. The project also includes three window managers in the
main distribution: cwm, FVWM (part of the default configuration for
Xenocara), and twm.
Servers
=========
OpenBSD features a full server suite and can be configured as a mail
server, web server, FTP server, DNS server, router, firewall, NFS file
server, or any combination of these. Since version 6.8, OpenBSD has
also shipped with native in-kernel WireGuard support.
Security
======================================================================
Shortly after OpenBSD was created, De Raadt was contacted by a local
security software company named Secure Networks (later acquired by
McAfee). The company was developing a network security auditing tool
called Ballista, which was intended to find and exploit software
security flaws. This coincided with De Raadt's interest in security,
so the two cooperated leading up to the release of OpenBSD 2.3. This
collaboration helped to define security as the focus of the OpenBSD
project.
OpenBSD includes numerous features designed to improve security, such
as:
* Secure alternatives to POSIX functions in the C standard library,
such as strlcat for strcat and strlcpy for strcpy
* Toolchain alterations, including a static bounds checker
* Memory protection techniques to guard against invalid accesses, such
as ProPolice and the W^X page protection feature
* Strong cryptography and randomization
* System call and filesystem access restrictions to limit process
capabilities
To reduce the risk of a vulnerability or misconfiguration allowing
privilege escalation, many programs have been written or adapted to
make use of privilege separation, privilege revocation and chrooting.
Privilege separation is a technique, pioneered on OpenBSD and inspired
by the principle of least privilege, where a program is split into two
or more parts, one of which performs privileged operations and the
other--almost always the bulk of the code--runs without privilege.
Privilege revocation is similar and involves a program performing any
necessary operations with the privileges it starts with then dropping
them. Chrooting involves restricting an application to one section of
the file system, prohibiting it from accessing areas that contain
private or system files. Developers have applied these enhancements to
OpenBSD versions of many common applications, such as tcpdump, file,
tmux, smtpd, and syslogd.
OpenBSD developers were instrumental in the creation and development
of OpenSSH (aka OpenBSD Secure Shell), which is developed in the
OpenBSD CVS repositories. OpenBSD Secure Shell is based on the
original SSH. It first appeared in OpenBSD 2.6 and is now by far the
most popular SSH client and server, available on many operating
systems.
The project has a policy of continually auditing source code for
problems, work that developer Marc Espie has described as "never
finished ... more a question of process than of a specific bug being
hunted." He went on to list several typical steps once a bug is found,
including examining the entire source tree for the same and similar
issues, "try[ing] to find out whether the documentation ought to be
amended", and investigating whether "it's possible to augment the
compiler to warn against this specific problem."
Security record
=================
The OpenBSD website features a prominent reference to the system's
security record. Until June 2002, it read:
In June 2002, Mark Dowd of Internet Security Systems disclosed a bug
in the OpenSSH code implementing challenge-response authentication.
This vulnerability in the OpenBSD default installation allowed an
attacker remote access to the root account, which was extremely
serious not only to OpenBSD, but also to the large number of other
operating systems that were using OpenSSH by that time. This problem
necessitated the adjustment of the slogan on the OpenBSD website to:
The quote remained unchanged as time passed, until on 13 March 2007,
when Alfredo Ortega of Core Security Technologies disclosed a
network-related remote vulnerability. The quote was subsequently
changed to:
This statement has been criticized because the default install
contains few running services, and many use cases require additional
services. Also, because the ports tree contains unaudited third-party
software, it is easy for users to compromise security by installing or
improperly configuring packages. However, the project maintains that
the slogan is 'intended' to refer to a default install and that it is
correct by that measure.
One of the fundamental ideas behind OpenBSD is a drive for systems to
be simple, clean, and secure by default. The default install is quite
minimal, which the project states is to ensure novice users "do not
need to become security experts overnight", which fits with
open-source and code auditing practices considered important elements
of a security system. Additional services are to be enabled manually
to make users think of the security implications first.
Alleged backdoor
==================
On 11 December 2010, Gregory Perry, a former technical consultant for
the Federal Bureau of Investigation (FBI), emailed De Raadt alleging
that the FBI had paid some OpenBSD ex-developers 10 years prior to
insert backdoors into the OpenBSD Cryptographic Framework. De Raadt
made the email public on 14 December by forwarding it to the
openbsd-tech mailing list and suggested an audit of the IPsec
codebase. De Raadt's response was skeptical of the report and he
invited all developers to independently review the relevant code. In
the weeks that followed, bugs were fixed but no evidence of backdoors
was found. De Raadt stated "I believe that NetSec was probably
contracted to write backdoors as alleged. If those were written, I
don't believe they made it into our tree. They might have been
deployed as their own product."
Criticisms
============
In December 2017, Ilja van Sprundel, director at IOActive, gave a talk
at the CCC as well as DEF CON, entitled "Are all BSDs created equally?
-- A survey of BSD kernel vulnerabilities", in which he stated that
although OpenBSD was the clear winner of the BSDs in terms of
security, "Bugs are still easy to find in those kernels, even in
OpenBSD".
Two years later, in 2019, an anonymous critic called "Stein" gave a
talk named "A systematic evaluation of OpenBSD's mitigations" at the
CCC. While admitting OpenBSD has some effective mitigations, he
alleged a significant number were "useless at best and based on pure
luck and superstition".
Subprojects
======================================================================
Many open source projects started as components of OpenBSD, including:
* bioctl, a generic RAID management interface similar to ifconfig
* CARP, a free alternative to Cisco's patented HSRP/VRRP redundancy
protocols
* cwm, a stacking window manager
* doas, a safer replacement for sudo
* OpenBSD httpd, an implementation of httpd
* hw.sensors, a sensors framework used by over 100 drivers
* LibreSSL, an implementation of the SSL and TLS protocols, forked
from OpenSSL 1.0.1g
* OpenBGPD, an implementation of BGP-4
* OpenIKED, an implementation of IKEv2
* OpenNTPD, a simpler alternative to ntp.org's NTP daemon
* OpenOSPFD, an implementation of OSPF
* OpenSMTPD, an SMTP daemon with IPv4/IPv6, PAM, Maildir, and virtual
domains support
* OpenSSH, an implementation of SSH
* PF, an IPv4/IPv6 stateful firewall with NAT, PAT, QoS and traffic
normalization support
* pfsync, a firewall state synchronization protocol for PF with high
availability support using CARP
* sndio, a compact audio and MIDI framework
* spamd, a spam filter with greylisting support designed to
inter-operate with PF
* Xenocara, a customized X.Org build infrastructure
Some subsystems have been integrated into other BSD operating systems,
and many are available as packages for use in other Unix-like systems.
OpenBSD runs nearly all of its standard daemons within chroot and
privsep security structures by default, as part of hardening the base
system.
The Calgary Internet Exchange was formed in 2012, in part to serve the
needs of the OpenBSD project.
In 2017, Isotop, a French project aiming to adapt OpenBSD to desktops
and laptops, using xfce then dwm, started to be developed.
Third-party components
======================================================================
OpenBSD includes a number of third-party components, many with
OpenBSD-specific patches, such as X.Org, Clang (the default compiler
on several architectures), GCC, Perl, NSD, Unbound, ncurses, GNU
binutils, GDB, and AWK.
Development
======================================================================
Development is continuous, and team management is open and tiered.
Anyone with appropriate skills may contribute, with commit rights
being awarded on merit and De Raadt acting as coordinator. Two
official releases are made per year, with the version number
incremented by 0.1, and these are each supported for twelve months
(two release cycles). Snapshot releases are also available at frequent
intervals.
Maintenance patches for supported releases may be applied using
syspatch, manually or by updating the system against the patch branch
of the CVS source repository for that release. Alternatively, a system
administrator may opt to upgrade to the next snapshot release using
sysupgrade, or by using the branch of the CVS repository, in order to
gain pre-release access to recently added features. The sysupgrade
tool can also upgrade to the latest stable release version.
The generic OpenBSD kernel provided by default is strongly recommended
for end users, in contrast to operating systems that recommend user
kernel customization.
Packages outside the base system are maintained by CVS through a ports
tree and are the responsibility of the individual maintainers, known
as porters. As well as keeping the current branch up to date, porters
are expected to apply appropriate bug-fixes and maintenance fixes to
branches of their package for OpenBSD's supported releases. Ports are
generally not subject to the same continuous auditing as the base
system due to lack of manpower.
Binary packages are built centrally from the ports tree for each
architecture. This process is applied for the current version, for
each supported release, and for each snapshot. Administrators are
recommended to use the package mechanism rather than build the package
from the ports tree, unless they need to perform their own source
changes.
OpenBSD's developers regularly meet at special events called
hackathons, where they "sit down and code", emphasizing productivity.
Most new releases include a song.
Open source and open documentation
======================================================================
OpenBSD is known for its high-quality documentation.
When OpenBSD was created, De Raadt decided that the source code should
be available for anyone to read. At the time, a small team of
developers generally had access to a project's source code. Chuck
Cranor and De Raadt concluded this practice was "counter to the open
source philosophy" and inconvenient to potential contributors.
Together, Cranor and De Raadt set up the first public, anonymous
revision control system server. De Raadt's decision allowed users to
"take a more active role", and established the project's commitment to
open access. OpenBSD is notable for its continued use of CVS (more
precisely an unreleased, OpenBSD-managed fork named OpenCVS), when
most other projects that used it have migrated to other systems.
OpenBSD does not include closed source binary drivers in the source
tree, nor does it include code requiring the signing of non-disclosure
agreements. According to the GNU Project, OpenBSD includes small
"blobs" of proprietary object code as device firmware.
Since OpenBSD is based in Canada, no United States export restrictions
on cryptography apply, allowing the distribution to make full use of
modern algorithms for encryption. For example, the swap space is
divided into small sections and each section is encrypted with its own
key, ensuring that sensitive data does not leak into an insecure part
of the system.
OpenBSD randomizes various behaviors of applications, making them less
predictable and thus more difficult to attack. For example, PIDs are
created and associated randomly to processes; the bind system call
uses random port numbers; files are created with random inode numbers;
and IP datagrams have random identifiers. This approach also helps
expose bugs in the kernel and in user space programs.
The OpenBSD policy on openness extends to hardware documentation: in
the slides for a December 2006 presentation, De Raadt explained that
without it "developers often make mistakes writing drivers", and
pointed out that "the [oh my god, I got it to work] rush is harder to
achieve, and some developers just give up." He went on to say that
vendor-supplied binary drivers are unacceptable for inclusion in
OpenBSD, that they have "no trust of vendor binaries running in our
kernel" and that there is "no way to fix [them] ... when they break."
Licensing
======================================================================
OpenBSD maintains a strict license policy, preferring the ISC license
and other variants of the BSD license. The project attempts to
"maintain the spirit of the original Berkeley Unix copyrights," which
permitted a "relatively un-encumbered Unix source distribution." The
widely used Apache License and GNU General Public License are
considered overly restrictive.
In June 2001, triggered by concerns over Darren Reed's modification of
IPFilter's license wording, a systematic license audit of the OpenBSD
ports and source trees was undertaken. Code in more than a hundred
files throughout the system was found to be unlicensed, ambiguously
licensed or in use against the terms of the license. To ensure that
all licenses were properly adhered to, an attempt was made to contact
all the relevant copyright holders: some pieces of code were removed,
many were replaced, and others, such as the multicast routing tools
and , were relicensed so that OpenBSD could continue to use them. Also
removed during this audit was all software produced by Daniel J.
Bernstein. At the time, Bernstein requested that all modified versions
of his code be approved by him prior to redistribution, a requirement
to which OpenBSD developers were unwilling to devote time or effort.
Because of licensing concerns, the OpenBSD team has reimplemented
software from scratch or adopted suitable existing software. For
example, OpenBSD developers created the PF packet filter after
unacceptable restrictions were imposed on IPFilter. PF first appeared
in OpenBSD 3.0 and is now available in many other operating systems.
OpenBSD developers have also replaced GPL-licensed tools (such as CVS
and pkg-config) with permissively licensed equivalents.
Funding
======================================================================
Although the operating system and its portable components are used in
commercial products, De Raadt says that little of the funding for the
project comes from the industry: "traditionally all our funding has
come from user donations and users buying our CDs (our other products
don't really make us much money). Obviously, that has not been a lot
of money."
For a two-year period in the early 2000s, the project received funding
from DARPA, which "paid the salaries of 5 people to work completely
full-time, bought about $30k in hardware, and paid for 3 hackathons",
from the POSSE project.
In 2006, the OpenBSD project experienced financial difficulties. The
Mozilla Foundation and GoDaddy are among the organizations that helped
OpenBSD to survive. However, De Raadt expressed concern about the
asymmetry of funding: "I think that contributions should have come
first from the vendors, secondly from the corporate users, and thirdly
from individual users. But the response has been almost entirely the
opposite, with almost a 15-to-1 dollar ratio in favor of the little
people. Thanks a lot, little people!"
On 14 January 2014, Bob Beck issued a request for funding to cover
electrical costs. If sustainable funding was not found, Beck suggested
the OpenBSD project would shut down. The project soon received a
US$20,000 donation from Mircea Popescu, the Romanian creator of the
MPEx bitcoin stock exchange, paid in bitcoins. The project raised
US$150,000 in response to the appeal, enabling it to pay its bills and
securing its short-term future.
OpenBSD Foundation
====================
The OpenBSD Foundation is a Canadian federal non-profit organization
founded by the OpenBSD project as a "single point of contact for
persons and organizations requiring a legal entity to deal with when
they wish to support OpenBSD." It was announced to the public by
OpenBSD developer Bob Beck on 25 July 2007. It also serves as a legal
safeguard over other projects which are affiliated with OpenBSD,
including OpenSSH, OpenBGPD, OpenNTPD, OpenCVS, OpenSMTPD and
LibreSSL.
Since 2014, several large contributions to the OpenBSD Foundation have
come from corporations such as Microsoft, Facebook, and Google as well
as the Core Infrastructure Initiative.
In 2015, Microsoft became the foundation's first gold level
contributor, donating between $25,000-50,000 to support development of
OpenSSH, which had been integrated into PowerShell in July, and later
into Windows Server in 2018. Other contributors include Google,
Facebook and DuckDuckGo.
During the 2016 and 2017 fundraising campaigns, Smartisan, a Chinese
company, was the leading financial contributor to the OpenBSD
Foundation.
Distribution
======================================================================
OpenBSD is freely available in various ways: the source can be
retrieved by anonymous CVS, binary releases and development snapshots
can be downloaded by FTP, HTTP, and rsync. Prepackaged CD-ROM sets
through version 6.0 can be ordered online for a small fee, complete
with an assortment of stickers and a copy of the release's theme song.
These, with their artwork and other bonuses, have been one of the
project's few sources of income, funding hardware, Internet service,
and other expenses. Beginning with version 6.1, CD-ROM sets are no
longer released.
OpenBSD provides a package management system, referred to as 'pkg*
tools', for easy installation and management of programs which are not
part of the base operating system. Packages are binary files which are
extracted, managed and removed using the package tools. On OpenBSD,
the source of packages is the ports system, a collection of Makefiles
and other infrastructure required to create packages. In OpenBSD, the
ports and base operating system are developed and released together
for each version: this means that the ports or packages released with,
for example, 4.6 are not suitable for use with 4.5 and vice versa.
Songs and artwork
======================================================================
Initially, OpenBSD used a haloed version of the BSD daemon mascot
drawn by Erick Green, who was asked by De Raadt to create the logo for
the 2.3 and 2.4 versions of OpenBSD. Green planned to create a full
daemon, including head and body, but only the head was completed in
time for OpenBSD 2.3. The body as well as pitchfork and tail was
completed for OpenBSD 2.4.
Subsequent releases used variations such as a police daemon by Ty
Semaka, but eventually settled on a pufferfish named Puffy. Since
then, Puffy has appeared on OpenBSD promotional material and featured
in release songs and artwork.
The promotional material of early OpenBSD releases did not have a
cohesive theme or design, but later the CD-ROMs, release songs,
posters and tee-shirts for each release have been produced with a
single style and theme, sometimes contributed to by Ty Semaka of the
Plaid Tongued Devils. These have become a part of OpenBSD advocacy,
with each release expounding a moral or political point important to
the project, often through parody.
Themes have included 'Puff the Barbarian' in OpenBSD 3.3, which
included an 80s rock song and parody of Conan the Barbarian alluding
to open documentation, 'The Wizard of OS' in OpenBSD 3.7, related to
the project's work on wireless drivers, and 'Hackers of the Lost
RAID', a parody of Indiana Jones referencing the new RAID tools in
OpenBSD 3.8.
Releases
======================================================================
The following table summarizes the version history of the OpenBSD
operating system.
Version Release date Supported until Significant changes
18 October 1995 * OpenBSD CVS repository created by Theo de Raadt. *
While the version number used at this stage was 1.1, OpenBSD 1.1 was
not an official OpenBSD release in the sense which this term
subsequently came to be used.
1 July 1996 * Creation of the intro(9) man page, for documenting
kernel internals. * Integration of the update(8) command into the
kernel. * As before, while this version number was used in the early
development of the OS, OpenBSD 1.2 was not an official release in the
subsequently applicable sense.
1 October 1996 * The first official release of OpenBSD, and also
the point at which XFree86 first recognized OpenBSD as separate from
NetBSD. * Initial integration of the FreeBSD ports system. *
Replacement of gawk with the AT&T awk. * Integration of zlib. *
Added sudo.
1 June 1997 Replacement of the older sh with pdksh.
1 December 1997 Addition of the afterboot(8) man page.
19 May 1998 Introduced the 'haloed daemon', or aureola beastie, in
head-only form created by Erick Green.
1 December 1998 Featured the complete 'haloed daemon', with trident
and a finished body.
19 May 1999 Introduced the Cop daemon image done by Ty Semaka.
1 December 1999 Based on the original SSH suite and developed
further by the OpenBSD team, 2.6 saw the first release of OpenSSH,
which is now available standard on most Unix-like operating systems
and is the most widely used SSH suite.
15 June 2000 Support for SSH2 added to OpenSSH.
1 December 2000 isakmpd(8)
1 June 2001 Filesystem performance increases from softupdates and
dirpref code.
1 December 2001 'E-Railed (OpenBSD Mix)', a techno track performed
by the release mascot 'Puff Daddy', the famed rapper and political
icon. * After license restrictions were imposed on IPFilter, the pf
packet filter was developed. pf is now available in DragonFly BSD,
NetBSD and FreeBSD.
19 May 2002 'Systemagic', where 'Puffy, the Kitten Slayer', battles
evil script kitties. Inspired by the works of Rammstein and a parody
of Buffy the Vampire Slayer. * First official remote security hole -
OpenSSH integer overflow
1 November 2002 'Goldflipper', a tale in which 'James Pond, agent
077', super spy and suave lady's man, deals with the dangers of a
hostile internet. Styled after the orchestral introductory ballads of
James Bond films.
1 May 2003 'Puff the Barbarian', born in a tiny bowl; Puff was a
slave, now he hacks through the C, searching for the AMD64 * In 2003,
code from [[ALTQ, which had a license disallowing the sale of
derivatives, was relicensed, integrated into pf and made available in
OpenBSD 3.3. * First release adding the W^X feature, a fine-grained
memory permissions layout, ensuring that memory which can be written
to by application programs can not be executable at the same time and
vice versa.
1 November 2003 'The Legend of Puffy Hood' where 'Sir Puffy of
Ramsay', a freedom fighter who, with Little Bob of Beckley, took from
the rich and gave to all. Tells of the POSSE project's cancellation.
An unusual blend of both Hip hop music * i386 platform switched
executable format from [[a.out to Executable and Linkable Format * The
GPL licensed gzip was replaced by retooling the existing compress tool
to include its functionality. * The GPL licensed grep was replaced
with FreeGrep, an updated BSD licensed grep. This new grep is now also
available in NetBSD. * A public domain diff was updated and used to
replace the GPL licensed diff previously included. * Code from the
LGPL licensed was relicensed to allow pf to feature passive operating
system detection. * Address space layout randomization (ASLR) by
default * Basic sysctl hw.sensors API introduced for hardware
monitoring.
1 May 2004 'CARP License' and 'Redundancy must be free', where a
fish seeking to license his free redundancy protocol, CARP, finds
trouble with the red tape. A parody of the Fish Licence skit and Eric
the Half-a-Bee Song by Monty Python, with an anti-software patents
message. * CARP, an open alternative to the HSRP and VRRP redundancy
systems available from commercial vendors. * GPL licensed parts of the
GNU tool-set, bc, dc, nm and size, were all replaced with BSD licensed
equivalents. * AMD64 platform becomes stable enough for release and is
included for the first time as part of a release.
1 November 2004 'Pond-erosa Puff (live)' was the tale of 'Pond-erosa
Puff', * Because of its questionable security record and doubts of
developers for better future development, OpenBSD removed Ethereal
from its ports tree prior to its 3.6 release. * Added support for I2C
master/slave devices
19 May 2005 'The Wizard of OS',
1 November 2005 1 November 2006 'Hackers of the Lost RAID', which
detailed the exploits of 'Puffiana Jones', famed hackologist and
adventurer, seeking out the Lost RAID, Styled after the radio serials
of the 1930s and 40s, this was a parody of Indiana Jones and was
linked to the new RAID tools featured as part of this release. This is
the first version released without the telnet daemon which was
completely removed from the source tree by Theo de Raadt in May 2005.
* bioctl introduced as a new universal RAID management tool (similar
to ifconfig)
1 May 2006 1 May 2007 'Attack of the Binary BLOB', which chronicles
the developer's fight against binary blobs and vendor lock-in, a
parody of the 1958 film The Blob and the pop-rock music of the era. *
Enhanced OpenBGPD feature-set. * Improved hardware sensors support,
including a new IPMI subsystem and a new I2C scan subsystem; number of
drivers using the sensors framework increased to a total of 33 drivers
(compared to 9 in the prior 3.8 release 6 months ago).
1 November 2006 1 November 2007 'Humppa Negala', a Hava Nagilah
parody with a portion of Entrance of the Gladiators and Humppa music
fused together, with no story behind it, simply a homage to one of the
OpenBSD developers' favorite genres of music. * Second official remote
security hole - buffer overflow by malformed ICMPv6 packets
1 May 2007 1 May 2008 'Puffy Baba and the 40 Vendors', a parody of
the Arabic fable Ali Baba and the Forty Thieves, part of the book of
One Thousand and One Nights, in which Linux developers are mocked over
their allowance of non-disclosure agreements when developing software
while at the same time implying hardware vendors are criminals for not
releasing documentation required to make reliable device drivers. *
Redesigned sysctl hw.sensors into a two-level sensor API; a total of
46 device drivers exporting sensors through the framework with this
release.
1 November 2007 1 November 2008 '100001 1010101', * The hw.sensors
framework is used by 72 device drivers.
18 October 2009 1 November 2010 'Planet of the Users'.
1 November 2012 1 November 2013 'Aquarela do Linux'. * nginx(8) HTTP
server * SSLv2 disabled
1 May 2013 1 May 2014 |title=Release
Notes|url=
https://www.openbsd.org/53.html|access-date=9 October
2018|archive-date=24 October
2018|archive-url=
https://web.archive.org/web/20181024054059/http://www.openbsd.org/53.html|url-status=live}}
* Position-independent executables (PIE) by default for seven hardware
platforms
1 November 2013 1 November 2014 'Our favorite hacks', a parody of My
Favorite Things.
1 May 2014 1 May 2015 'Wrap in Time'. * signify(1) cryptographic
signatures of release and packages * 64bit time_t on all platforms
(Y2K38 ready)
1 November 2014 18 October 2015 'Ride of the Valkyries'. * LibreSSL
fork of OpenSSL * Apache HTTPD removed from base
1 May 2015 29 March 2016 'Source Fish'. * rcctl(8) utility to
control daemons * nginx(8) removed from base * procfs has been removed
18 October 2015 1 September 2016 '20 years ago today', 'Fanza', 'So
much better', 'A Year in the Life'. (20th anniversary release) *
doas(1) replacement of sudo
29 March 2016 11 April 2017 'Doctor W^X', 'Systemagic (Anniversary
Edition)'. * W^X enforced in i386 kernel * pledge(2) process
restriction
1 September 2016 9 October 2017 'Another Smash of the Stack', 'Black
Hat', 'Money', 'Comfortably Dumb (the misc song)', 'Mother', 'Goodbye'
and 'Wish you were Secure', Release songs parodies of Pink Floyd's The
Wall, Comfortably Numb and Wish You Were Here. * vmm(4) virtualization
(disabled by default) * Removed vax and 32-bit SPARC support
11 April 2017 15 April 2018 'Winter of 95', a parody of Summer of
'69. * syspatch(8) utility for binary base system updates * new arm64
platform
9 October 2017 18 October 2018 'A three-line diff' * inteldrm(4)
Skylake/Kaby Lake/Cherryview devices * clang(1) base system compiler
on i386 and amd64 platforms
2 April 2018 3 May 2019 * SMP is supported on arm64 platforms. *
Several parts of the network stack now run without KERNEL_LOCK(). *
Multiple security improvements have been made, including
Meltdown/Spectre (variant 2) mitigations. Intel CPU microcode is
loaded on boot on amd64. * pledge() has been modified to support
"execpromises" (as the second argument).
18 October 2018 17 October 2019 * unveil(2) filesystem visibility
restriction.
24 April 2019 19 May 2020 * Support for parsing NMEA 0183 altitude
and ground speed hw.sensors. * Xenocara: Xorg (X Window Server) is no
longer setuid.
17 October 2019 18 October 2020 * sysupgrade(8) automates upgrades
to new releases or snapshots. * amdgpu(4) AMD RADEON GPU video driver.
19 May 2020 1 May 2021 * Made ffs2 the default filesystem type on
installs except for landisk, luna88k and sgi.
18 October 2020 14 October 2021 * 25th anniversary release. * New
powerpc64 platform.
1 May 2021 21 April 2022 * 50th release.
14 October 2021 20 October 2022 * 51st release. *New riscv64
platform.
21 April 2022 10 April 2023 * 52nd release. * loongson support was
temporarily discontinued for this release.
20 October 2022 16 October 2023 * 53rd release.
10 April 2023 5 April 2024 * 54th release. * Immutable permissions
on address space regions. * "xonly" support on many architectures. *
Support for full-disk encryption in the installer (via softraid
driver)
16 October 2023 8 October 2024 * 55th release.
5 April 2024 28 April 2025 * 56th release.
8 October 2024 Oct 2025 * 57th release.
28 April 2025 May 2026 * 58th release.
See also
======================================================================
*Comparison of BSD operating systems
*Comparison of open-source operating systems
*KAME project, responsible for OpenBSD's IPv6 support
*Lumina (desktop environment)
*OpenBSD Journal
*OpenBSD security features
*Security-focused operating system
*Unix security
External links
======================================================================
*
* [
https://github.com/openbsd GitHub mirror]
* [
https://man.openbsd.org OpenBSD manual pages]
* [
http://ports.su/ OpenBSD ports & packages]
([
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/ latest])
* [
http://BXR.SU/OpenBSD/ OpenBSD source code search]
License
=========
All content on Gopherpedia comes from Wikipedia, and is licensed under CC-BY-SA
License URL:
http://creativecommons.org/licenses/by-sa/3.0/
Original Article:
http://en.wikipedia.org/wiki/OpenBSD
