Contributed by Peter N. M. Hansteen on from the hacker people, fun and friends dept.
On its 25th birthday, the OpenBSD project has released OpenBSD 6.8, the 49th release.
The new release comes with a large number of improvements and debuts a new architecture, OpenBSD/powerpc64, running on the POWER9 family of processors. The full list of changes can be found in the announcement and on the release page. Some highlights:
- As already mentioned, this release debuts the OpenBSD/powerpc64 architecture, supporting the POWER9 [and POWER8] family of processors.
- Numerous kernel improvements such as better time measurements across several architectures, (see eg this article), updated graphics support, and of course numerous improvements in hardware support with updated drivers across several platforms.
- Numerous network stack improvements, including those
described by
kn@
in his k2k20 hackathon report. - wg(4), an in-kernel driver for WireGuard VPN [reported previously]
- login_ldap added to base [reported previously]
- FFS2 improvements [some of which were reported earlier]
- LibreSSL 3.2.2 with TLSv1.3 enabled for both
client and server,
and a new-and-improved X509 certificate chain validator
(see
beck@
's k2k20 hackathon report).
Those upgrading from 6.7 should consult the Upgrade Guide.
Thanks to the developers for all the good work that went into this excellent new release!
While your install sets download or when your packages update, please take the time to look at and use one or more of the recommended ways to support the project, such as making a donation, buying T-shirts. Corporate entities may prefer sending some money in the direction of the OpenBSD Foundation, which is a Canadian non-profit corporation.
(Comments are closed)
By Noryungi (noryungi) noryungi@yahoo.com on
Happy 25th Birthday OpenBSD!
Thanks to everyone for a great release -- I'll make sure to send some money to the OpenBSD Foundation.
By Andrey Ponomarenko (aponomarenko) andrewponomarenko@yandex.ru on https://github.com/bsdhw/Trends/tree/master/Dist/OpenBSD
Comments
By Tristan (tristan) td@delsolit.nl on
Cool, I missed that part, so thanks for pointing that out. Nice.
Comments
By Tristan (tristan) td@delsolit.nl on
Thought it was part of OpenBSD :), but still cool to keep a track, seeing if support is good for certain hardware.
By Adam P (adamrt) adam@adamrt.com on
I've seen you mention this on other websites.
You present it like its officially supported or related to the OpenBSD project (both people I've seen respond to your comments were confused by this), which I don't believe it is.
Can you be more clear about the "new hardware database introduced in OpenBSD 6.8". I don't see anything about that in the release notes and hadn't heard about it yet. I might have just missed it.
Comments
By Andrey Ponomarenko (aponomarenko) andrewponomarenko@yandex.ru on
> You present it like its officially supported or related to the OpenBSD project
It was not intentional.
By some body (someboooody88) tapol93552@mailreds.com on
Can someone tell, why is the:
ChallengeResponseAuthentication
YES by default?
https://man.openbsd.org/sshd_config
ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed. All authentication styles from login.conf(5) are supported. The default is yes.
->
it is not even used by default, but set on YES.
So if it would be by default NO, attack surface would be smaller!!
See the https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt for a recent example, what could be avoided..