OpenBSD Journal

OpenBSD 5.8 released

Contributed by tj on from the breathing-underwater dept.

October 18th, 2015: The OpenBSD team marks the 20th anniversary of the project today with the general availability of OpenBSD 5.8.

We are pleased to announce the official release of OpenBSD 5.8.
This is our 38th release on CD-ROM (and 39th via FTP/HTTP).  We remain
proud of OpenBSD's record of twenty years with only two remote holes in
the default install.

As in our previous releases, 5.8 provides significant improvements,
including new features, in nearly all areas of the system:

The release page lists many of those improvements, and a more detailed changelog can be seen here. New hardware support has been added, security enhancements have been made, many base daemons have been updated and much more. Of particular interest is the replacement of some third party utilities with homegrown alternatives: sudo has been removed in favor of the much simpler doas(1), and file(1) has been completely rewritten with sandboxing and privilege separation. Looking forward, more network SMP groundwork is in place, and some initial pledge(2) support can be found as well. Expect big improvements in these two areas when 5.9 drops next May, with pledge calls throughout the userland likely being a big highlight.

To commemorate the anniversary, four songs accompany this release: 20 Years Ago Today, Fanza, So Much Better and A Year in the Life. The main artwork for 5.8 (also available as a poster) features the faces of many past and present OpenBSD developers, as well as others who have been involved with the project over the last two decades. The CD set includes a list of names to cross-reference with the image if you're curious as to who's who.

The full announcement text can be found here. Be sure to check the errata page and apply any post-release fixes that didn't make it in time for the builds. Happy upgrades!

(Comments are closed)


Comments
  1. By Bill A (67.88.230.2) bill@blowfish-labs.com on

    Doas looks very nice. As someone who typically just uses release, will we still be using visudo to edit doas.conf, or will that change as well?

    Comments
    1. By Noryungi (noryungi) on

      > Doas looks very nice. As someone who typically just uses release,
      > will we still be using visudo to edit doas.conf, or will that change
      > as well?

      Well, from what I understand from doas.conf(5), there is no equivalent to the ''visudo'' command.

      This being said, but I hope to be corrected if I am wrong, the syntax is so simple you can probably put this in /etc/doas.conf to emulate the behaviour of sudo:

      permit keepenv nopass as root :wheel

      This would allow users in group wheel to execute any command as root, without asking for a password, and conserving the root environment variables.

      Another solution would be to enter this:

      permit keepenv your_user_name_here as root

      This would require your password, but allow you to execute any command as root, keeping the environment.

      Again, this is just a cursory glance through the man pages, as I haven't had time to install 5.8 or upgrade existing machines to 5.8. Take everything shown above with a big rain of salt.

      As someone who has been bitten in the _____ quite a few times trying to configure sudo, reading that short man page is a breath of fresh air.

    2. By Anonymous Coward (70.70.146.217) on

      > Doas looks very nice. As someone who typically just uses release, will we still be using visudo to edit doas.conf, or will that change as well?

      I was able to reproduce my sudo config with a single line in /etc/doas.conf:
      ---
      permit :wheel
      ---

  2. By Anonymous Coward (23.91.115.123) on

    I am looking forward to using it, and playing around with doas.

    I have been getting annoyed at the silly insults sudo gives whenever a password attempt is incorrect. It's funny the first few times it happens, but not anymore.

    Comments
    1. By rjc (rjc) on

      > I have been getting annoyed at the silly insults sudo gives whenever a password attempt is incorrect. It's funny the first few times it happens, but not anymore.

      You know these can be disabled, right? ;^)

    2. By Miod Vallat (miod) on

      > I am looking forward to using it, and playing around with doas.
      >
      > I have been getting annoyed at the silly insults sudo gives whenever a password attempt is incorrect. It's funny the first few times it happens, but not anymore.

      But have you considered trying to match wits with a rutabaga?

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]