OpenBSD Journal

OpenBSD Journal

OpenBSD 6.7 and ffs2 FAQs

Contributed by rueda on from the filesystem-asked-questions dept.

Otto Moerbeek (otto@) posted to misc@ a useful summary of the state of play of FFS2 in the 6.7 release (and, to some extent, -current).

In his mail, Otto clarifies some things about the latest release:

  • In OpenBSD 6.7, ffs2 is the default for new filesystems during install (with some exceptions).
  • In OpenBSD 6.7, if you create a new filesystem manually (using newfs(8)) you will still get an FFS1 filesystem unless you force -O2 or if the filesystem will be larger than 1 TB.

Read more…

Installation images renamed from .fs to .img

Contributed by Paul 'WEiRD' de Weerd on from the imagine an image dept.

In a commit touching quite a few files, Theo recently renamed the installation images from installXX.fs to installXX.img:

Date: Sun, 17 May 2020 11:04:29 -0600 (MDT)
From: Theo de Raadt <>
Subject: CVS: src

CVSROOT:        /cvs
Module name:    src
Changes by: 2020/05/17 11:04:29

Modified files:
        distrib/alpha/miniroot: Makefile
        distrib/amd64/iso: Makefile
        bin/dd         : dd.1
        usr.sbin/ldomctl: ldomctl.8

Log message:
Change install images called *.fs to *.img.  These are UFS filesystem images,
but additionally have a bootblock in the first 8K (since UFS does not use that
space).  There are some UEFI direct-from-internet bootloaders that require
the name *.img.  So this makes things more convenient for those, while keeping
it consistant in all architectures.
ok kettenis beck kn

This means that with recent snapshots, you should use the .img file to prepare your installation medium, where you were previously using the .fs file. It also means that you can install 'direct-from-internet' on these fancy UEFI machines! Note that if you want to install the OpenBSD 6.7 release, you still need to use install67.fs.

OpenBSD 6.7 Released

Contributed by Peter N. M. Hansteen on from the eternal springtime for Puffy dept.

The OpenBSD project has released OpenBSD 6.7, marking the 48th release of our favorite operating system. The announcement message and the release page both have detailed information.

These are some highlights of the improvements in the present release:

  • For new installs on nearly all architectures the default file system is now FFS2, sporting 64-bit timestamps and block counters
  • There are numerous SMP improvements, including unlocking of several system calls
  • Hardware support in all architectures is much improved and expanded, with a number of new drivers including the iwx(4) driver for new Intel WiFi devices as well as significant expansion of arm64 and armv7 hardware support.
  • Enabled rpki-client(8), to support Origin Validation in BGP-speaking routers in the base install.
  • New versions of programs and subsystems maintained as part of OpenBSD but widely reused elsewhere:

See the release page and the daily changelog for a full list of changes since the previous release. Those upgrading from version 6.6 should read the Upgrade Guide.

Thanks to the developers for all the good work that goes into each release! To support further work on OpenBSD, please see the donations page for ways to contribute even if you can not offer up code yourself.

First seed for OpenBSD/powerpc64 planted by kettenis@

Contributed by Paul 'WEiRD' de Weerd on from the double power dept.

In a set of commits to the tree on Saturday, Mark Kettenis (kettenis@) added the early beginnings of support for the 64-bit PowerPC platform:

Date: Sat, 16 May 2020 11:11:14 -0600 (MDT)
From: Mark Kettenis <>
Subject: CVS: src

CVSROOT:        /cvs
Module name:    src
Changes by:        2020/05/16 11:11:14

Added files:
        sys/arch/powerpc64/compile: Makefile
        sys/arch/powerpc64/compile/GENERIC: Makefile
        sys/arch/powerpc64/conf: GENERIC Makefile.powerpc64
                                 files.powerpc64 ld.script
        sys/arch/powerpc64/include: _types.h atomic.h bus.h cdefs.h
                                    conf.h cpu.h db_machdep.h
                                    disklabel.h endian.h exec.h fpu.h
                                    frame.h intr.h limits.h mutex.h
                                    param.h pcb.h pmap.h proc.h psl.h
                                    ptrace.h reg.h signal.h softintr.h
                                    spinlock.h tcb.h vmparam.h
        sys/arch/powerpc64/powerpc64: autoconf.c conf.c cpu.c disksubr.c
                             locore.S locore0.S
                                      machdep.c pmap.c process_machdep.c
                                      softintr.c sys_machdep.c syscall.c

Log message:
Planting the first seed for OpenBSD/powerpc64.

As support for additional hardware platforms brings opportunities to find (and fix) bugs on other, more established environments, this is definitely an interesting development. Of course it is still currently very much in its infancy, so don't drag out your POWER9 systems just yet, unless you're ready to roll up your sleeves and get some diffs submitted. Thanks to Mark for working on this port!

WireGuard patchset for OpenBSD

Contributed by rueda on from the Puffy on the wire dept.

In a post to tech@, Matt Dunwoodie announced the availability of a WireGuard [VPN] patchset for OpenBSD:

A while ago I wanted to learn more about OpenBSD development. So I
picked a project, in this case WireGuard, to develop a native client
for. Over the last two years, with many different iterations, and
working closely with the WireGuard's creator (Jason [Jason A. Donenfeld - Ed.], CC'd), it started
to become a serious project eventually reaching parity with other
official implementations. Finally, we are here and I think it is time
for any further development to happen inside the src tree.

From the WireGuard point-of-view, this is an official patchset.

See the full thread on tech@ for more detail.

TLSv1.3 server code enabled in LibreSSL in -current

Contributed by rueda on from the TLS, freshly served dept.

With the following commit, Joel Sing (jsing@) enabled the TLSv1.3 server code (in LibreSSL) in -current:

Module name:	src
Changes by:	2020/05/11 12:19:19

Modified files:
	lib/libssl     : ssl_locl.h 

Log message:
Enable the TLSv1.3 server.

ok beck@ tb@

The client code was already enabled in -current (and will be in the 6.7 release).

Thanks to Joel, Bob Beck (beck@), Theo Buehler (tb@), and others for the hard work!

Catch up 2020-04-30

Contributed by rueda on from the puffy-as-ppe dept.

While many of us have been busy social distancing, OpenBSD development work has continued. Noteworthy things not previously reported here include:

  • The OpenBSD version has moved to 6.7-beta
  • Some 11 syscalls have been unlocked since the 6.6 release.
  • FFS2 has been made the default filesystem for new installs on most platforms.
  • The rpki-client web site has been launched.
  • Supported hardware on the arm64 platform has widened further, including support for Pine64 Pinebook Pro and Rasperry Pi 4.
  • The default compiler on the macppc platform has been switched to clang(1).
  • Ports work has entered slowdown in the move towards release.


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.7

0062020-05-25 SECURITY Incorrect use of getpeername(2) storage for outgoing IPv6 connections corrupts stack memory. The nature of the corruption and existing mitigations appear to make this difficult to effectively target.
0052020-05-22 SECURITY Specially crafted queries may crash unbound and unwind. Both can be tricked into amplifying an incoming query.
0042020-05-22 RELIABILITY A TLS client with peer verification disabled may crash when contacting a server that sends an empty certificate list.
0032020-05-22 SECURITY When attempting to download resident keys from a FIDO token that does not require a password/PIN, ssh-keygen would crash with a NULL dereference.
0022020-05-22 RELIABILITY rpki-client could hang because of an improper waitpid idiom for rsync processes.
0012020-05-19 SECURITY An out-of-bounds index access in wscons(4) can cause a kernel crash.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]