Recent Releases
7.429 Mar 2024 21:58
major feature:
Fixed ssh-keygen(1) find-principals on allowed_signers files with blank lines.
Disabled LRO in ix(4) on sparc64 by default for stability for the 7.5 release.
Enabled dwxe(4) on riscv64.
Added Allwinner D1 ethernet controller clocks and reset support to sxiccmu(4).
Added SPI clocks for other 64-bit Rockchip SoCs in rkclock(4).
Added backup of disklabel for softraid(4) chunks to security(8).
Converted 't_lock', 'r_keypair_lock' and 'c_lock' rwlock(9)s to corresponding mutex(9)es.
Switched to using whois.internic.net for whois(1) -i.
Added validation for IPv4 packet options in divert(4).
Fixed detection of qcpas0 driver on x13s when booted in ACPI mode.
Separated ssh(1) parsing of string array options from applying them to the active configuration. Fixed some cases where the config parser improperly rejected valid configuration.
Started flushing the D-cache before disabling the cache on armv7 in efiboot.
Added a workaround for an 88100 errata where FPU imprevise exceptions could be raised in error.
Fixed awacs(4) audio on some iMac G3 models.
Bumped smtpd(8) version to 7.5.0.
Added support for attaching rkpmic(4) to an SPI bus. Added support for the RK806 PMIC which can attach to both I2C and SPI.
Added rkspi(4), a driver for the SPI controller found on various Rockchip SoCs.
Added clocks for the RK3588 SPI controller to rkclock(4).
Made iked(8) trigger retransmission only for fragment 1/x to prevent each received fragment triggering retransmission of the full fragment queue.
Bumped OpenIKED to 7.4.
Bumped libressl to 3.9.0.
Removed GOST and STREEBOG support from libressl.
Added mktemp(1) suffix support for compatibility with the GNU version. It is now possible to use templates where the Xs are not at the end.
Added mkdtemps(3), identical to mkdtemp(3) except that it permits a suffix to exist in the template.
Allowed fdisk(8) to add GPT partitions of protected types, making it possible to provision virtual machine images that need a "BIOS Boot" partition.
6.419 Oct 2018 14:25
major feature:
Improved hardware support.
vmm(4) and vmd(8) improvements.
IEEE 802.11 wireless stack improvements.
Generic network stack improvements.
Installer improvements.
Security improvements:
New unveil(2) system call.
Routing daemons and other userland network improvements.
OpenSSH 7.9.
LibreSSL 2.8.2.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.19.6 + patches, freetype 2.9.1, fontconfig 2.12.4, Mesa 13.0.6, xterm 331, xkeyboard-config 2.20 and more)
LLVM/Clang 6.0.0 (+ patches)
GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.24.3 (+ patches)
NSD 4.1.25
Unbound 1.8.1
Ncurses 5.7
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Awk Aug 10, 2011 version
Expat 2.2.6
5.818 Oct 2015 13:42
major feature:
Improved hardware support, including: Realtek RTL8188CE wifi, HyperTransport bridges,
USB Power Devices (UPS), RTL8111GU, full-speed isochronous EHCI, x86 AVX instructions, more odd trackpads, pvbus(4).
Generic network stack improvements.
Installer improvements.
Routing daemons and other userland network improvements in ldpd, mpw, bgpd, bgpctl, ospfd, carp, radiusd.
Security improvements: sudo replaced with doas(1), modern sandboxed file(1) reimplementation, pax/tar/cpio prevent symlink directory lapses, static PIE support for sparc, Alpha switched to secure PLT, improved kernel checks of ELF headers, support for the NX (No-eXecute) bit on i386. Work started on a new process-containment facility called tame(2).
Various other improvements in userland tools.
OpenBSD HTTPD new features: matching/redirection per Lua patterns, If-Modified-Since, byte-range support, DefaultType support, HSTS, large TLS certificate bundles, CGI env fixes, header escaping and special character handling.
OpenSMTPD 5.4.4 reliability and bug fixes.
OpenSSH 7.0 security and performance as well as feature improvements.
Latest LibreSSL release with just as many security fixes.
Totalling 8866 packages for amd64/i386.
New software included: Chromium 44.0.2403.125, Emacs 24.5, GNOME 3.16.2, KDE 3.5.10,
LibreOffice 4.4.4.3,
MariaDB 10.0.20,
Mono 3.12.1,
Mozilla Firefox 39.0.3,
Postfix 3.0.2,
PostgreSQL 9.4.4,
Python 3.4.3,
Ruby 2.2.2,
Tcl/Tk 8.6.4.
As usual, steady improvements in manual pages and other documentation.
The system includes the following major components from outside suppliers:
Xenocara (based on X.Org 7.7 with xserver 1.16.4 + patches, freetype 2.6, fontconfig 2.11.1, Mesa 10.2.9, xterm 314, xkeyboard-config 2.14 and more)
Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
Perl 5.20.2 (+ patches)
SQLite 3.8.9 (+ patches)
NSD 4.1.3
Unbound 1.5.4
Ncurses 5.7
Binutils 2.17 (+ patches)
Gdb 6.3 (+ patches)
Less 458 (+ patches)
Awk Aug 10, 2011 version
5.701 May 2015 20:25
major feature:
Improved hardware support, many new drivers.
xhci(4) USB 3.0 host controllers.
skgpio(4) Soekris net6501 GPIO and LEDs.
nep(4) Sun Neptune 10Gb Ethernet devices.
iwm(4) Intel 7260, 7265, and 3160 wifi cards.
rtsx(4) supports RTS5227 and RTL8411B card readers.
bge(4) supports jumbo frames on various additional BCM57xx chipsets.
mpi(4) and mfi(4) drivers now have mpsafe interrupt handlers running without the big lock.
ppb(4) supports PCI bridges that support subtractive decoding (fixes PCMCIA behind the ATI SB400 PCI bridge), and devices with 64-bit BARs behind PCI-PCI bridges as seen on SPARC T5-2 systems.
sdmmc(4) supports eMMC storage devices larger than 2GB.
umass(4) supports Archos 24y Vision devices.
athn(4) supports Atheros UB94 devices.
pciide(4) supports Intel C610 chipsets.
umodem(4) supports Arduino Leonardo devices.
sk(4) supports receive ring scaling.
Replaced custom jumbo allocators in sk(4), nge(4), lge(4), and ti(4) with MCLGETI(9).
Wireless network scanning problems with the iwn(4) driver have been fixed.
Support for RS* IGP Radeon devices in the radeondrm(4) driver has been fixed.
PowerMac7,2 and PowerMac7,3 can now boot with a multiprocessor kernel.
Removed hardware support: lofn(4), art(4), urio(4).
Generic network stack improvements:
The routing table is now used for most of the address lookup operations superseding the RB-tree and IPv4 address list.
The SipHash algorithm is now used for PCB hashing, trunk(4) loadbalancing, pf(4) and bridge(4).
Traffic destinated to link-local IPv6 addresses can now be seen with tcpdump(8).
A carp(4) now needs to be configured with an explicit carpdev parent interface.
The mbuf(9) layer has been made mpsafe.
Introduce mbuf_list and mbuf_queue structures and APIs.
Support changing the IPv6 input queue length via sysctl(1) and net.inet6.ip6.ifq.
Installer improvements.
The etc and xetc sets are now part of base and xbase and are not distributed separately anymore.
Ask for th
5.602 Nov 2014 07:25
major feature:
Integrates LibreSSL (legacy OS and compiler support removed, SSLv2,
Kerberos, DTLS, US-SSL, FIPS-140 removed, Barinpool, AES-GCM, ChaCha
and Poly1305 added). More hardware support (SCSI, ethernet, wireless and
video drivers). Network stack improvements, IPv6 disabled per default.
Whole distribution now signify packaged. OpenSMTPD 5.4.3 replaces Sendmail.
Security improvements: Default bcrypt hash type is now 2b , md5crypt and
MD4 frm cksum removed, Kerberos removed, stack protection added,
new getentropy(2) and timingsafe_memcmp(3), fread/fwrite integer overflow
checks. OpenSSH 6.7 is included with multiple changes and enhancements.
Among the 8600 pre-built packages are GNOME 3.12.2, KDE 3.5.10, KDE 4.13.3,
Xfce 4.10, MySQL 5.1.73, PostgreSQL 9.3.4, Postfix 2.11.1, OpenLDAP 2.3.43
and 2.4.39, Mozilla Firefox 31.0, Mozilla Thunderbird 31.0, GHC 7.6.3,
LibreOffice 4.1.6.2, Emacs 21.4 and 24.3, Vim 7.4.135, PHP 5.3.28, 5.4.30
and 5.5.14, Python 2.7.8, 3.3.5 and 3.4.1, Ruby 1.8.7.374, 1.9.3.545,
2.0.0.481 and 2.1.2, Tcl/Tk 8.5.15 and 8.6.1, JDK 1.6.0.32 and 1.7.0.55,
Mono 3.4.0, Chromium 36.0.1985.125, Groff 1.22.2, Go 1.3, GCC 4.6.4, 4.8.3
and 4.9.0, LLVM/Clang 3.5 (20140228), Node.js 0.10.28,
Xenocara (Xorg 7.7, xserver 1.52.2), GCC 4.2.1, Perl 5.18.2, SQLite
3.8.4.3, Sudo 1.7.2p8, Ncurses 5.7, and Binutils 2.15.
5.514 Aug 2014 18:08
major feature:
* time_t is 64-bit on all platforms.
* OpenBSD is now cryptographically signed with signify(1).
* New autoinstall(8) method for unattended installs.
* USB installation media for i386/amd64.
* ALTQ gone, new pf queueing subsystem.
Homepage
Download