OpenBSD Archive

Theo de Raadt has announced the release of OpenBSD 5.1. The OpenBSD 5.1 release page has a detailed list of all changes and improvements. As always, I would love for someone to write proper items about OpenBSD releases - it's outside my interests and cursory glances don't do it justice.

"OpenBSD 5.0 has been published, six months after the release of version 4.9. The OpenBSD project's newest release of the free BSD based UNIX-like operating system includes a number new and updated drivers, performance improvements and new features. OpenBSD 5.0 includes the GNOME 2.32.2, KDE 3.5.10 and Xfce 4.8.0 desktop environments. It also contains a number of new and updated packages including versions 3.5.19, 3.6.18 and 5.0 of the Firefox web browser, PHP 5.2.17 and 5.3.6, LibreOffice 3.4.1, and Chromium 12. The release includes September's release of OpenSSH 5.9." GNOME 2 you say? Huh. Interesting.

Yesterday, we reported on the allegations made by Gregory Perry. He claims that 10 years ago, several developers were paid by the FBI to implement hidden backdoors into OpenBSD's IPSEC stack. This has prompted a lot of speculation about the allegations' validity, and less than 24 hours later, it has descended into one person's word against that of others. Update: Jason Wright, too, denies all the allegations. "I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). It is a baseless accusation the reason for which I cannot understand."

Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.

OpenBSD 4.7 is the newest installment in the proactively secure UNIX-like operating system. With 4.7 comes a range of new features including support for the Loongson 2E and 2F MIPS-compatible processors. See the release page for a complete list of new features.

"OpenBSD is widely touted as being 'secure by default', something often mentioned by OpenBSD advocates as an example of the security focused approach the OpenBSD project takes. Secure by default refers to the fact that the base system has been audited and considered to be free of vulnerabilities, and that only the minimal services are running by default. This approach has worked well; indeed, leading to 'Only two remote holes in the default install, in a heck of a long time!'. This is a common sense approach, and a secure default configuration should be expected of all operating systems upon an initial install. An argument often made by proponents of OpenBSD is the extensive code auditing performed on the base system to make sure no vulnerabilities are present. The goal is to produce quality code as most vulnerabilities are caused by errors in the source code. This a noble approach, and it has worked well for the OpenBSD project, with the base system having considerably less vulnerabilities than many other operating systems. Used as an indicator to gauge the security of OpenBSD however, it is worthless."

"As seen here, PF is now enabled by default. The default pf.conf will now pass in all traffic, except for TCP port 6000 normally used by remote-X11. By having the X server still listen on port 6000 but let PF block incoming packets that aren't coming from localhost you can still use local X sessions that needs to talk to the TCP port or runs through a port forward from remote, but at the same time don't expose your machine on the network. Recent changes to PF, like having packet reassembly enabled on all packets by default, will now help clean incoming traffic."

The OpenBSD team has released OpenBSD 4.5. There have been lots of changes and bug fixes, but it's a rather daunting list that doesn't really lend itself towards a summary (hint), but I guess if you use OpenBSD you are perfectly capable of figuring this out yourself. You can get the new release from the download page.

The OpenBSD team has released OpenBSD 4.4. "As in our previous releases, 4.4 provides significant improvements, including new features, in nearly all areas of the system." Information on how you can obtain OpenBSD can be found on the OpenBSD website.

Theo de Raadt has lifted the veil off OpenBSD 4.3. "We are pleased to announce the official release of OpenBSD 4.3. This is our 23nd release on CD-ROM (and 24rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." Boasting as always, but when it's justified, arrogance is a virtue.

"After seeing Miod Vallat's commit to source-changes@ today, I thought it'd be nice to ask Miod a few questions about mvme88k and the work he did to enable multiprocessor support for the architecture (more information about this hardware platform is available the OpenBSD mvme88k page)."

OpenBSD 4.2 has been released. "We are pleased to announce the official release of OpenBSD 4.2. This is our 22nd release on CD-ROM (and 23rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." Update: A what's new article at ONLamp.

"A few weeks ago, the OpenBSD Project announced that the Portable C Compiler had been added to the OpenBSD source tree. There has already been some explanation of why the traditional GNU Compiler Collection is troublesome and why a new compiler is needed, but there are still some details left uncovered. In this interview, Theo de Raadt and Otto Moerbeek of the OpenBSD Project offer more information about PCC and GCC and where they are headed within the project."

"Yesterday the OpenBSD Foundation announced its inception as a legal entity in charge of donations of money and equipment for the OpenBSD operating system and its associated projects. Today we have an interview with Ken Westerback, one of the foundation's founding members."