OpenBSD Journal

OpenBSD 6.0 released

Contributed by tj on from the puff-floyd dept.

September 1st, 2016: The OpenBSD team announces the availability of 6.0!

We are pleased to announce the official release of OpenBSD 6.0.
This is our 40th release on CD-ROM (and 41st via FTP/HTTP).  We remain
proud of OpenBSD's record of more than twenty years with only two remote
holes in the default install.

As in our previous releases, 6.0 provides significant improvements,
including new features, in nearly all areas of the system:

Some of the notable changes include:

W^X enforcement. In their latest attempt to push better security practices to the software ecosystem, OpenBSD has turned W^X on by default for the base system. Binaries can only violate W^X if they're marked with PT_OPENBSD_WXNEEDED and their filesystem is mounted with the new wxallowed option. The installer will set this flag on the /usr/local partition (where third party packages go) by default now, but users may need to manually add it if you're upgrading. More details can be found in this email. If you don't use any W^X-violating applications, you don't need the flag at all.

ARMv7 improvements. Much work has been going into the ARM area since 5.9 came out, and those changes are finally trickling down to the -release branch. All newer arm platforms have been switched to an EFI + bootloader mechanism that works just like amd64. A Flattened Device Tree (FDT) is now used for device discovery, resulting in many arm boards being supported rapidly. Development of this platform is ongoing even now, so if you're an ARM fan, be sure to watch this space closely.

Continuing SMP work. The network stack has undergone more renovation, and the most important parts are that much closer to being unlocked. For desktop users, web browser responsiveness should also be better, thanks to some fixes in the scheduler.

OpenSSH, OpenSMTPD, OpenNTPD, OpenBGPD, LibreSSL updates. Each sub-project has a long list of improvements of their own, so check the release page for all the bugfixes and new features. A few specific additions of interest are IETF ChaCha20-Poly1305 in LibreSSL, the new ProxyJump feature in OpenSSH, fork+exec patterns in OpenSMTPD, and hardened TLS constraints in OpenNTPD.

VAX support, Linux emulation, kern.usermount removed. As with every OpenBSD release, some of the older and unmaintained bits get removed. Support for VAX hardware is no more. Support for running Linux-only binaries was also removed, having been unmaintained and likely used by hardly anyone. Finally, the kern.usermount sysctl is also no more. Administrators who want to let users mount devices will need to configure doas(1) for that task.

A much more detailed list of changes between 5.9 and 6.0 can be found here.

This release also includes six original songs, one being sung by project leader Theo de Raadt himself! If you haven't kept up to date with OpenBSD songs lately, there's a new CD containing all the 5.2 - 6.0 tracks.

Speaking of CDs, you can also get the 6.0 CD set at the usual place. One thing to note: this will be the last version of OpenBSD to be pressed on CD. The project will now focus on internet-only distribution, giving much more flexibility in the release schedule. If you've been collecting the sets over the years, this is definitely one you'll want to have on your shelf.

Be sure to check out the upgrade guide for instructions on how to bring your 5.9 boxes up to date, as well as the errata page for any last-minute fixes to apply. Happy upgrades!

(Comments are closed)


  1. By Ove_ (85.227.152.98) on

    Not having done upgrades before but rather resorted to re-installing cleanly I have to say that hands down this was the smoothest upgrade procedure I have ever done. Great work and congratulations on 6.0.

  2. By Anonymous Coward (46.227.67.167) on

    A month old errata requires recompling and installing a new kernel.
    http://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/001_uvmisavail.patch.sig
    Had only the downloadable ISO included these erratas.

    If the OpenBSD project wants my donations they have to come up with something better than PayPal. And no, I'm not doing bank transfers.
    My credit cards rarely gets accepted by PayPal. Also all the personal info PayPal requires is just beyond what I'm willing to give up.
    Recently I payed for something using BrainTree (owned by PayPal) that only required credit card number and an expiration date.

    1. By Anonymous Coward (192.35.17.16) on

      > If the OpenBSD project wants my donations they have to come up with something better than PayPal. And no, I'm not doing bank transfers.

      And you don't do Cheques and you don't do Bitcoin. (http://www.openbsdfoundation.org/donations.html) Damn this Foundation making it sooo hard to donate.

      1. By Broketech (2601:204:c600:3ad0:fd99:362f:7faa:7fd9) on

        Check it again, bitcoin is available.

    2. By Anonymous Coward (69.178.115.138) Billy Larlad on

      > A month old errata requires recompling and installing a new kernel.
      > http://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/001_uvmisavail.patch.sig
      > Had only the downloadable ISO included these erratas.
      >
      > If the OpenBSD project wants my donations they have to come up with something better than PayPal. And no, I'm not doing bank transfers.
      > My credit cards rarely gets accepted by PayPal. Also all the personal info PayPal requires is just beyond what I'm willing to give up.
      > Recently I payed for something using BrainTree (owned by PayPal) that only required credit card number and an expiration date.

      So you want to donate to the project, but don't want the slightest inconvenience when doing so? In fact, you want to deride the project until they accommodate your demands. Very charitable.

    3. By Ralph Siegler (66.87.95.188) on

      Please use Windows Server 2016, it's made for people like you. MICROSOFT will never gave you spend the 90 seconds it takes to patch and compile a kernel. Microsoft can tbe had with cash, bitcoin, credit card, or check. It even has a bash shell!

  3. By brynet (Brynet) on http://brynet.biz.tm/

    Lots of exciting stuff went into 6.0, nice work everyone! :-)

  4. By Tom VL (94.226.32.115) on

    So no more CD's. Will we be able to buy something every release? For example, I love the stickers.

    1. By Anonymous Coward (216.37.137.133) on

      > So no more CD's. Will we be able to buy something every release? For example, I love the stickers.

      And T-Shirts! It's a great way to donate plus get some cool swag...

      1. By HappyUser (195.228.45.176) on

        > > So no more CD's. Will we be able to buy something every release? For example, I love the stickers.
        >
        > And T-Shirts! It's a great way to donate plus get some cool swag...

        I hate to see OpenBSD's CDs go. I liked that artistic approach of putting a new song and a different artwork in a physical package. Something I can pay for (donate), see in my mailbox and use and then on my shelf.

        Is there a way to continue making these official CDs? As far as I know, they remain the major source of funding. And people still buy them.

        Theo, you are indeed a great singer, but please keep making the CDs! :-)))

        1. By d.c. (d.c.) on

          > I hate to see OpenBSD's CDs go.
          Me too.

          It's more less "second channel" source for getting the signatures and code.

          For authors and contributors it's something physical they made or helped to be made. For "sponsors" the same.

          If the release of the physical media is that difficult, why not to straighten it up? If the rolling-release is planned it's not a good piece of news...

          1. By Anonymous Coward (217.84.140.9) on

            According to Theo:
            > (...) the CDs have been sold at close to a loss for years

            http://marc.info/?l=openbsd-misc&m=147162146329631&w=2

            and:
            > > It was mentioned in another post that sales of the OpenBSD CD's
            > > loses money.
            >
            > The effort expended vs payout received is probably on par with the
            > newspaper route I operated at age 16.
            >
            > I could be doing far better things than making CDs.
            >
            > For 20 years I really had no other choice.
            >
            > > Would it be better to make dontations to the foundation?
            > 
            > Absolutely.  Look at the results:
            >
            > http://www.openbsdfoundation.org/activities.html

            http://marc.info/?l=openbsd-misc&m=147174269920352&w=2

            In light of these statements the decision to cease physical distribution seems reasonable. Besides, I'm sure there'll still be t-shirts and other merchandise available.

            And who knows, they might even make the stickers available as a stand-alone merchandise product. I'd certainly buy a few sets...

            1. By Anonymous Coward (85.25.103.69) on

              I would add to that: https://www.openbsd.org/lyrics.html#60f

            2. By Anonymous Coward (94.226.32.115) on

              > And who knows, they might even make the stickers available as a stand-alone merchandise product. I'd certainly buy a few sets...

              I think Theo owns the current artwork. Not a lot you can do with that without his permission then. Maybe they can work out something with unixstickers.com?

              1. By Anonymous Coward (217.84.140.9) on

                > > And who knows, they might even make the stickers available as a stand-alone merchandise product. I'd certainly buy a few sets...
                >
                > I think Theo owns the current artwork. Not a lot you can do with that without his permission then. Maybe they can work out something with unixstickers.com?

                I meant that they might sell stickers, just like they sell t-shirts, posters, or even mugs right now... (cf. https://www.openbsdstore.com). There's still going to be new artwork with each release.

                1. By Anonymous Coward (46.105.100.149) on

                  > > > And who knows, they might even make the stickers available as a stand-alone merchandise product. I'd certainly buy a few sets...
                  > >
                  > > I think Theo owns the current artwork. Not a lot you can do with that without his permission then. Maybe they can work out something with unixstickers.com?
                  >
                  > I meant that they might sell stickers, just like they sell t-shirts, posters, or even mugs right now... (cf. https://www.openbsdstore.com). There's still going to be new artwork with each release.
                  >

                  If they still plan to release new artwork on stickers or t-shirts with each new release, why not keep producing the CDs just like they do it now? I doubt that production of a t-shirt with new artwork is cheaper than production of a CD-set.

                  I don't need t-shirts (not my kind of style) or stickers, but I would happily donate and get a CD in return. I don't mind waiting and receiving it *after* the release of the official "download-only" release.

                  I guess Theo just doesn't care about CDs and he thinks that other people don't care as well...

                  1. By phessler (phessler) on http://www.openbsdfoundation.org/donations.html

                    > > > > And who knows, they might even make the stickers available as a stand-alone merchandise product. I'd certainly buy a few sets...
                    > > >
                    > > > I think Theo owns the current artwork. Not a lot you can do with that without his permission then. Maybe they can work out something with unixstickers.com?
                    > >
                    > > I meant that they might sell stickers, just like they sell t-shirts, posters, or even mugs right now... (cf. https://www.openbsdstore.com). There's still going to be new artwork with each release.
                    > >
                    >
                    > If they still plan to release new artwork on stickers or t-shirts with each new release, why not keep producing the CDs just like they do it now? I doubt that production of a t-shirt with new artwork is cheaper than production of a CD-set.
                    >
                    > I don't need t-shirts (not my kind of style) or stickers, but I would happily donate and get a CD in return. I don't mind waiting and receiving it *after* the release of the official "download-only" release.
                    >
                    > I guess Theo just doesn't care about CDs and he thinks that other people don't care as well...

                    CDs are a _lot_ of work. Like, you will underestimate how much time and effort it requires.

                    1. By d.c. (d.c.) on

                      > CDs are a _lot_ of work. Like, you will underestimate how much time and effort it requires.
                      Well, something probably should have been "straighten up", instead of dropped. I did prepare a few of CDs. It requires at least one full afternoon if you've got the material ready. Everything must be agreed with the plant and prepared on-time. That's all.

                  2. By Anonymous Coward (94.226.32.115) on

                    > I guess Theo just doesn't care about CDs and he thinks that other people don't care as well...

                    I do not have a machine to use these cd's for years. Yet I still buy them. Theo is right. If it was an empty plastic box I probably would still buy it ... (but I do like the stickers a lot)

                    1. By Anonymous Coward (207.244.97.183) on

                      > > I guess Theo just doesn't care about CDs and he thinks that other people don't care as well...
                      >
                      > I do not have a machine to use these cd's for years. Yet I still buy them. Theo is right. If it was an empty plastic box I probably would still buy it ... (but I do like the stickers a lot)

                      I still use optical discs. And I store the data I don't want to be accidentally rewritten/deleted on DVDs.

                      I also can't stand the idea of "all-downloadable" distribution especially when I have to pay for it. I'd rather buy a physical thing rather than an e-book, MP3 or a downloadable game code.

                      OpenBSD's approach is pretty cool. The guys take their software (and some of the components remain the same for years - such as FVWM) add cool indie songs, terrific movie-inspired artwork and turn each "piece of plastic" into a little unique object of art and history of open source computing. Not only programmers, but also artists make each release happen. And programmers release their transient work on a physical item, just like musicians on vinyl. I like that a lot!

                      I don't know whether it is profitable for them to make these CDs, but this alone promotes the system, makes it stand out. Many people (less than in the good old days, but still) still want to donate and get a CD in return. Why would anyone want to kill this source of donations?

                      1. By Anonymous Coward (217.84.144.62) on

                        > Why would anyone want to kill this source of donations?

                        If the cds sell at a loss, as Theo has repeatedly stated, they can't logically be a source of donations anymore, can they?

                      2. By Billy Larlad (69.178.115.138) on

                        > I don't know whether it is profitable for them to make these CDs, but this alone promotes the system, makes it stand out. Many people (less than in the good old days, but still) still want to donate and get a CD in return. Why would anyone want to kill this source of donations?

                        If you give the project money only because they give you a CD in return, that is not a donation -- it is a purchase, and a low-margin one at that. Not a generous or grateful attitude IMO.

                        1. By Anonymous Coward (37.187.129.166) on

                          > If you give the project money only because they give you a CD in return, that is not a donation -- it is a purchase, and a low-margin one at that. Not a generous or grateful attitude IMO.
                          >

                          OK, let's call it a "purchase" instead of a donation... whatever. It doesn't matter how you name it. I call it a donation because OpenBSD is a non-profit project/company whatever. So technically I donate to them, which means somebody pays (either me or them) less taxes. Donations are tax-free as far as I know.

                          The key words however are "give money". And for *my* money I would love to get a little something in return. Not because I am "Not a generous or grateful" one, but because I like the way they make these CDs (artwork, music, printed stuff). Think of me as a fan! But I don't want posters or t-shirts...

                          The price of a CD-set is $60 + shipping!. I *highly doubt* it costs more than sixty bucks to produce and store a single CD-set (because they make them in batches... like two or three thousands at a time). If I buy two, it'll be $120...$180 and so on. Come on! The production costs to make that cases and shiny discs are less than "retail price" when you make them in bulk.

                          1. By Theo (88.128.80.0) on

                            > > If you give the project money only because they give you a CD in return, that is not a donation -- it is a purchase, and a low-margin one at that. Not a generous or grateful attitude IMO.
                            > >
                            >
                            > OK, let's call it a "purchase" instead of a donation... whatever. It doesn't matter how you name it. I call it a donation because OpenBSD is a non-profit project/company whatever. So technically I donate to them, which means somebody pays (either me or them) less taxes. Donations are tax-free as far as I know.
                            >
                            > The key words however are "give money". And for *my* money I would love to get a little something in return. Not because I am "Not a generous or grateful" one, but because I like the way they make these CDs (artwork, music, printed stuff). Think of me as a fan! But I don't want posters or t-shirts...
                            >
                            > The price of a CD-set is $60 + shipping!. I *highly doubt* it costs more than sixty bucks to produce and store a single CD-set (because they make them in batches... like two or three thousands at a time). If I buy two, it'll be $120...$180 and so on. Come on! The production costs to make that cases and shiny discs are less than "retail price" when you make them in bulk.

                            Wow -- the "me me me" in this and some other postings is just outrageous.

                            20 years ago, I did not set out to be a CD production & sales businessman.

                            I set out to write and improve software, and soon found myself in a big collaboration.

                            I am not here to satisfy your needs & wants for shiny things. I made CDs because I had to. After sales people took their part, a fraction of the CD sales revenue came to ME as income. In the last 20 years, none of it came to "OpenBSD". As a result, I did not require a real/seperate job; I have been able to focus. If I did not, would there be an OpenBSD?

                            OpenBSD Foundation is a not-for-profit, they act different and help when I ask. But OpenBSD Project is "no profit". Your interpretation of how it fits together is highly incorrect.

                            Some of you are being incredibly rude! There is no way I will follow your instructions. I have hundreds of things I would like to achieve in OpenBSD, but making another CD release is not on that list.

                            Purchases did not earn any of you the right to be bossy.

                            I know this is the internet, but show some grace for god's sake.

                          2. By Anonymous Coward (94.227.16.168) on

                            i always bought releases for the stickers - well worth the money. never had a need for the cd's that came along with them. i'd happily pay the same amount for a bunch of stickers, to support a system i like a lot.

                            1. By d.c. (d.c.) on

                              > i always bought releases for the stickers - well worth the money. never had a need for the cd's that came along with them. i'd happily pay the same amount for a bunch of stickers, to support a system i like a lot.

                              I guess, we don't want to hear it, but there is no handover of CD preparation planned nor seemed possible, and the same goes for stickers (and other merchandising).

    2. By Anonymous Coward (160.83.30.193) on

      > So no more CD's. Will we be able to buy something every release? For example, I love the stickers.

      so, besides the Stickers - would you trust whats on the Internet after the discovery that Major Players mess with every single bit of it ?

      time to buy a typewriter again... less parts to secretly tamper with.

  5. By Anonymous Coward (185.129.62.63) on

    Six _original_ songs? Is it a joke? Unfortunately, the original artist isn't mentioned on lyrics page either. Trust me, not everyone has grown on classic rock, as you might think.

    1. By Philipp (pb) on

      > Six _original_ songs? Is it a joke? Unfortunately, the original artist isn't mentioned on lyrics page either. Trust me, not everyone has grown on classic rock, as you might think.

      Does it matter? Not everyone has grown up as a hipster, too ;-)
      If you recognize the song, fine. Same goes with Humppa.
      If you dont, does it matter? The important part are the lyrics.

      1. By Anonymous Coward (185.80.222.78) on

        > > Six _original_ songs? Is it a joke? Unfortunately, the original artist isn't mentioned on lyrics page either. Trust me, not everyone has grown on classic rock, as you might think.
        >
        > Does it matter? Not everyone has grown up as a hipster, too ;-)
        > If you recognize the song, fine. Same goes with Humppa.
        > If you dont, does it matter? The important part are the lyrics.

        so why don't credit the british guys?

        "The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system" - no problem mentioning the original system here

  6. By Billy Larlad (69.178.115.138) larladtech@gmail.com on

    It'll be interesting to see if the release schedule changes going forward. The very regular twice-yearly releases seem to have served the project well, what with providing predictable periods to add new features, then to polish everything before a release.

    Looking forward to 6.1!

  7. By tsarkon (tsarkon) tsarkon@sharklasers.com on

    No, by far the best feature is that there is NO way to patch the system unless you build and distribute those patches yourself.

    What a great, great fucking way to keep an OS secure. Dont have an inbox way of updating the fucking thing when there is errata.

    AND BOY, there is errata. Every fucking release has mountains of errors flaws holes and bugs.

    https://www.openbsd.org/errata59.html

    All of this shit is fixed with source patches. Imagine this, Theo de Fucking Ass Rat, if your compiler has a bug and there is no way to get a patched compiler you have to go through an entire compiler bootstrap to be sure the patch for the compiler works.

    Fuck you Theo The Rat. Secure by default? My ass! You had two remote holes so far. Good job. If your software was in control of nuclear missles you would have killed everyone twice.

    Yes, shitstemD is a fucking stain. Yes Lennart Poettering is a god damned faggot father fucking piece of low life scum dog shit puke. Anyone who thinks ShitStemD isnt shit is a fucking asshole.

    But OpenBSD, fuck you for no binary patches, fuck you, LIAR, LIAR, LIAR. You fucking dicklicking puke fucks should have offered a for-pay service to get binary patches but instead you just offer to give your users a prostate milking by putting your spiky puffer fish in our assholes and smashing it around.

    1. By Anonymous Coward (72.95.152.107) on

      > You fucking dicklicking puke fucks should have offered a for-pay 
      > service to get binary patches but instead you just offer to give your
      > users a prostate milking by putting your spiky puffer fish in our
      > assholes and smashing it around.
      

      Actually, there are binary patches for the OpenBSD release (and for the packages, too). See

      
      https://stable.mtier.org/updates?release=59
      

      1. By Anonymous Coward (64.113.32.29) on

        >
        > > You fucking dicklicking puke fucks should have offered a for-pay
        > > service to get binary patches but instead you just offer to give your
        > > users a prostate milking by putting your spiky puffer fish in our
        > > assholes and smashing it around.
        >
        >
        > Actually, there are binary patches for the OpenBSD release (and for the packages, too). See
        >
        >
        >
        > https://stable.mtier.org/updates?release=59
        >
        >

        mtyer, nyce, wyll yt have tipos yn patches themselves too?

        http://archive.is/2N25x (see perl --->)

    2. By Anonymous Coward (2601:186:4400:2045:c50a:ac60:b305:4d6) on



      Get up on the wrong side of the bed this morning?

    3. By corey (73.76.138.10) on

      Damn, dude. No one is forcing you to use OpenBSD. If you don't like it, there are numerous other options.

      1. By Anonymous Coward (31.185.104.19) on

        HardenedBSD

    4. By Marc Espie (espie) on

      [queue lord of the rings movie]

      They brought a Cave Troll !

      1. By Anonymous Coward (192.42.116.16) on

        > [queue lord of the rings movie]
        >
        > They brought a Cave Troll !

        i thought they just did M-x theo-mode

      2. By Anonymous Coward (192.42.116.16) on

        > [queue lord of the rings movie]
        >
        > They brought a Cave Troll !

        i thought they just did M-x theo

    5. By Anonymous Coward (192.80.65.171) on

      Who told 4chan's technology board about this site? Now we got The Hacker Anonymous on our trail and we'll all get pwned :(

    6. By Edward Ahlsen-Girard (Ed) on

      > No, by far the best feature is that there is NO way to patch the system unless you build and distribute those patches yourself.
      >
      .........

      Thanks for your test of my filter for bad comments by people uninterested in truth, beauty, or goodness. Apparently it needs more work.

    7. By Anonymous Coward (166.137.136.90) on

      You need to go back to trolling school, son. Mixing references to nuclear war with homophobia and personal attacks on Theo is a violation of the 56th syllogism. I recommend reading all of the original Usenet posts from the Meow Wars circa 1994-95 to get an idea of how to do it right.

      And after you've done that, please, show us your operating system that's better.

    8. By Anonymous Coward (192.35.17.16) on

      There are rumours about syspatch(8), which does just that. Hoepfully it will land in 6.1.

  8. By rehcla (89.144.202.165) on

    Thank you for your great work

    1. By Edward Ahlsen-Girard (Ed) on

      > Thank you for your great work

      Ditto.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]