ProHoster > Blog > internet news > Release of OpenBSD 6.6

Release of OpenBSD 6.6

Took place release of a free cross-platform UNIX-like operating system OpenBSD 6.6. The OpenBSD project was founded by Theo de Raadt in 1995 after conflict with the NetBSD developers, as a result of which Teo was denied access to the NetBSD CVS repository. After that, Theo de Raadt and a group of like-minded people created a new open operating system based on the NetBSD source tree, the main development goals of which were portability (supported by 13 hardware platforms), standardization, correct operation, active security and integrated cryptographic tools. Full installation size ISO image base system OpenBSD 6.6 is 460 MB.

In addition to the operating system itself, the OpenBSD project is known for its components, which have become widespread in other systems and have proven to be one of the most secure and high-quality solutions. Among them: FreeSSL (fork openSSL), OpenSSH, packet filter PF, routing daemons OpenBGPD and OpenOSPFD, NTP server OpenNTPD, mail server OpenSMTPD, a text terminal multiplexer (similar to GNU screen) tmux, daemon identd with an implementation of the IDENT protocol, a BSDL alternative to the GNU groff package - mandoc, protocol for organizing fault-tolerant systems CARP (Common Address Redundancy Protocol), lightweight http server, file synchronization utility OpenRSYNC.

All improvements:

  • The utility is included sysupgrade, intended to automatically update the system to a new release. Sysupgrade downloads the files necessary for the upgrade, checks them with mean, copies ramdisk bsd.rd to bsd.upgrade and initiates a system reboot. The loader, having detected the presence of bsd.upgrade, starts its automatic loading and automatic system upgrade. For the previous branch of OpenBSD 6.5, a syspatch has been prepared that adds sysupgrade and allows you to use this utility to upgrade your system to OpenBSD 6.6 on amd64, arm64 and i386 architectures by executing "syspatch && sysupgrade";
  • For Cavium OCTEON (mips64) processors, Clang is used as the main compiler of the base system. Added optional support for building with Clang for powerpc architecture. For armv7 and i386 architectures, the GCC compiler is disabled by default (only Clang is left);
  • Driver included amdgpu for AMD GPUs. Updated driver drm (Direct Rendering Manager). Added the ability for unprivileged users to access the drm device by changing the owner of the device on first access. The inteldrm and radeondrm driver code is synchronized with Linux kernel 4.19.78. Added support for GPUs used in Intel Broxton/Apollo Lake, Amber Lake, Gemini Lake, Coffee Lake, Whiskey Lake and Comet Lake chips.
  • Implemented Linux compatible interface acpi and added ACPI support in radeon and amdgpu drivers;
  • Driver added aplgpio for GPIO controllers used in Intel Apollo Lake SoCs;
  • Improved support for SAS3 controllers, increased reliability of drive detection at boot time, and added support for 64-bit DMA in the mpii driver;
  • For PCI devices, the specification is supported virtio 1.0;
  • Added support for cryptographic coprocessors used in AMD Ryzen CPU/APUs. Added ksmn driver for thermal sensors used in the 17th generation of AMD processors;
  • Improved support for ARM64 architecture. Added support for systems based on CPU Ampere eMAG. Added new drivers for SoC Amlogic, Allwinner A64, i.MX8M, Armada 3700. Added support for CPU Cortex-A65;
  • All wireless drivers now have the ability to transfer received packets to the network stack in batch mode, processing multiple packets at once within a single interrupt;
  • Improved file system cache performance on computers with AMD64 architecture;
  • Improved startx and xinit to work on modern systems using inteldrm, radeondrm and amdgpu graphics drivers;
  • The unveil system call has been improved to provide file system access isolation. The number of applications from the base system for which protection using unveil is implemented has been increased to 77;
  • The getrlimit, setrlimit, read and write system calls, as well as the code for accessing resource limits and changing positions in files, are released from global blocking;
  • Improved method for blocking Specter vulnerabilities in Intel CPUs. Added protection from attacks MDS class (Microarchitectural Data Sampling) in Intel processors;
  • ntpd now has a safe mode for setting and getting the system clock at boot time, even if there is no self-powered clock;
  • The ability to use regular expressions in the search, match and substitute commands has been added to the tmux terminal multiplexer. Added a simple menu system with mouse or keyboard control. The "display-menu" command is proposed to show the menu in the status bar. Implemented automatic scrolling when moving the mouse cursor beyond the top or bottom edges of the screen during the selection of areas;
  • Improved bgpd performance. The code for community matching has been rewritten, the work of configurations with several communities and a large number of peers has been significantly accelerated. Added 'show mrt neighbors' command to bgpctl;
  • In DNS resolver unwind added support for block lists;
  • Added utility snmp with the implementation of a new SNMP client that replaced snmpctl;
  • Updated version of OpenSMTPD mail server. Added an API for writing external filters that can be distributed separately via ports. Support has also been added for built-in filters that provide simple functions to screen out incoming sessions. Added an option to deliver filtered mail to the Junk directory in mail.maildir. Implemented support for the proxy-v2 protocol, which allows placing an SMTP server behind a proxy. Implemented support for ECDSA certificates.
  • The OpenSSH 8.1 package has been updated, a detailed overview of the improvements can be viewed here;
  • The LibreSSL package has been updated, in which porting from OpenSSL 1.1 of the RSA_METHOD structure has been completed, which allows using various implementations of functions for working with RSA;
  • The number of ports for AMD64 architecture was 10736, for aarch64 - 10075, for i386 - 10682. Updated components from third-party developers included in OpenBSD 6.6:
    • Xenocara graphics stack based on X.Org 7.7 with xserver 1.20.5 + patches, freetype 2.10.1, fontconfig 2.12.4, Mesa 19.0.8, xterm 344, xkeyboard-config 2.20;
    • LLVM/Clang 8.0.1 (with patches)
    • GCC 4.2.1 (with patches) and 3.3.6 (with patches)
    • Perl 5.28.2 (with patches)
    • NSD 4.2.2
    • Unbound 1.9.4
    • Ncurses 5.7
    • Binutils 2.17 (with patches)
    • Gdb 6.3 (with patches)
    • Awk Aug 10, 2011
    • Expat 2.2.8

    Source: opennet.ru

Add a comment