Contributed by tj on from the puff-floyd dept.
We are pleased to announce the official release of OpenBSD 6.0. This is our 40th release on CD-ROM (and 41st via FTP/HTTP). We remain proud of OpenBSD's record of more than twenty years with only two remote holes in the default install. As in our previous releases, 6.0 provides significant improvements, including new features, in nearly all areas of the system:
W^X enforcement. In their latest attempt to push better security practices to the software ecosystem, OpenBSD has turned W^X on by default for the base system. Binaries can only violate W^X if they're marked with PT_OPENBSD_WXNEEDED and their filesystem is mounted with the new wxallowed option. The installer will set this flag on the /usr/local partition (where third party packages go) by default now, but users may need to manually add it if you're upgrading. More details can be found in this email. If you don't use any W^X-violating applications, you don't need the flag at all.
ARMv7 improvements. Much work has been going into the ARM area since 5.9 came out, and those changes are finally trickling down to the -release branch. All newer arm platforms have been switched to an EFI + bootloader mechanism that works just like amd64. A Flattened Device Tree (FDT) is now used for device discovery, resulting in many arm boards being supported rapidly. Development of this platform is ongoing even now, so if you're an ARM fan, be sure to watch this space closely.
Continuing SMP work. The network stack has undergone more renovation, and the most important parts are that much closer to being unlocked. For desktop users, web browser responsiveness should also be better, thanks to some fixes in the scheduler.
OpenSSH, OpenSMTPD, OpenNTPD, OpenBGPD, LibreSSL updates. Each sub-project has a long list of improvements of their own, so check the release page for all the bugfixes and new features. A few specific additions of interest are IETF ChaCha20-Poly1305 in LibreSSL, the new ProxyJump feature in OpenSSH, fork+exec patterns in OpenSMTPD, and hardened TLS constraints in OpenNTPD.
VAX support, Linux emulation, kern.usermount removed. As with every OpenBSD release, some of the older and unmaintained bits get removed. Support for VAX hardware is no more. Support for running Linux-only binaries was also removed, having been unmaintained and likely used by hardly anyone. Finally, the kern.usermount sysctl is also no more. Administrators who want to let users mount devices will need to configure doas(1) for that task.
A much more detailed list of changes between 5.9 and 6.0 can be found here.
This release also includes six original songs, one being sung by project leader Theo de Raadt himself! If you haven't kept up to date with OpenBSD songs lately, there's a new CD containing all the 5.2 - 6.0 tracks.
Speaking of CDs, you can also get the 6.0 CD set at the usual place. One thing to note: this will be the last version of OpenBSD to be pressed on CD. The project will now focus on internet-only distribution, giving much more flexibility in the release schedule. If you've been collecting the sets over the years, this is definitely one you'll want to have on your shelf.
(Comments are closed)