To be released somewhere around May 1, 2017 plus or minus a couple months
Copyright 1997-2017, Theo de Raadt.
6.1 Song:
"xxx".
- See the information on the FTP page for
a list of mirror machines.
- Go to the pub/OpenBSD/6.1/ directory on
one of the mirror sites.
- Have a look at the 6.1 errata page for a list
of bugs and workarounds.
- See a detailed log of changes between the
6.0 and 6.1 releases.
- signify(1)
pubkeys for this release:
base: RWQEQa33SgQSEsMwwVV1+GjzdcQfRNV2Bgo48Ztd2KiZ9bAodz9c+Maa
fw: RWS91POk0QZXfsqi4aI7MotYz8CPzoHjYg4a1IDi56cftacjsq+ZL/KY
pkg: RWQbTjGFHEvnOckqY7u9iABhXAkEpF/6TQ3Mr6bMrWbT1wOM/HnbV9ov
All applicable copyrights and credits are in the src.tar.gz,
sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
files fetched via ports.tar.gz.
What's New
This is a partial list of new features and systems included in OpenBSD 6.1.
For a comprehensive list, see the changelog leading
to 6.1.
- New/extended platforms:
- New arm64 platform,
using clang(1)
as the base system compiler.
- The loongson
platform now supports systems with Loongson 3A CPU and RS780E chipset.
- ...
- The following platforms were retired:
armish,
sparc,
zaurus
- ...
- Improved hardware support, including:
- New acpials(4)
driver for ACPI ambient light sensor devices.
- New acpihve(4)
driver for feeding Hyper-V entropy into the kernel pool.
- New dwge(4)
driver for Designware GMAC 10/100/Gigabit Ethernet devices.
- New htb(4)
driver for Loongson 3A PCI host bridges.
- New hvn(4)
driver for Hyper-V networking interfaces.
- New hyperv(4)
driver for the Hyper-V guest nexus device.
- New iatp(4)
driver for the Atmel maXTouch touchpad and touchscreen.
- New imxtemp(4)
driver for Freescale i.MX6 temperature sensors.
- New leioc(4)
driver for the Loongson 3A low-end IO controller.
- New octmmc(4)
driver for the OCTEON MMC host controller.
- New ompinmux(4)
driver for OMAP pin multiplexing.
- New omwugen(4)
driver for OMAP wake-up generators.
- New psci(4)
driver for the ARM Power State Coordination Interface.
- New simplefb(4)
driver for the simple frame buffer on systems
using a device tree.
- New sximmc(4)
driver for Allwinner A1X/A20 MMC/SD/SDIO controllers.
- New tpm(4)
driver for Trusted Platform Module devices.
- New uwacom(4)
driver for Wacom USB tablets.
- New vmmci(4)
VMM control interface.
- New xbf(4)
driver for Xen Blkfront virtual disks.
- New xp(4)
driver for the LUNA-88K HD647180X I/O processor.
- ...
- IEEE 802.11 wireless stack improvements:
- The ral(4) driver
now supports Ralink RT3900E (RT5390, RT3292) devices.
- The iwm(4) and
iwn(4) drivers
now support the short guard interval (SGI) in 11n mode.
- Added a new implementation of MiRa, a rate adapation algorithm
designed for 802.11n.
- The iwm(4) driver
now supports 802.11n MIMO (MCS 0-15).
- The athn(4) driver
now supports 802.11n, featuring MIMO (MCS 0-15) and hostap mode.
- The iwn(4) driver
now receives MIMO frames in monitor mode.
- The rtwn(4) and
urtwn(4) drivers
now use AMRR rate adaptation (8188EU and 8188CE devices only).
- TKIP/WPA1 was disabled by default because of inherent weaknesses
in this protocol.
- Generic network stack improvements:
- New switch(4)
pseudo-device together with new
switchd(8) and
switchctl(8)
programs.
- New mobileip(4)
operation mode for the
gre(4)
pseudo-device.
- Multipoint-to-multipoint mode in
vxlan(4).
- route(8)
and netstat -r display all routing flags correctly and they
are completely documented in the
netstat(1)
man page.
- When sending TCP streams they are locally stored in large
mbuf clusters to improve memory management.
The maximum TCP send and receive buffer size has been
increased from 256MB to 2GB.
Note that this results in a different
pf(4)
OS fingerprint for OpenBSD.
The default limit for mbuf clusters has been increased.
You can check the values with
netstat(1)
-m and adjust them with
sysctl(8)
kern.maxclusters.
- Make the TCP_NOPUSH flag work for
listen(2)
sockets.
It is inherited by the socket returned from
accept(2).
- A lot of code has been removed or simplified to make the
transition to multi-processor easier.
Redesign the interrupt and multi-processor locks in the
network stack.
- When passing packets from the network stack to the
interface layer, make sure that they have no pointers to
pf(4)
which could result in a memory free operation at the wrong
protection level.
- Fix checksum calculation in
pf(4)
af-to ICMP packet conversions.
Simplify af-to processing in and fix path MTU discovery in
some corner cases.
- Improve IPv6 fragment processing.
Drop empty atomic fragments early.
Be more paranoid when IPv6 hop-by-hop headers appear after
fragment headers.
Follow RFC 5722 "Handling of Overlapping IPv6 Fragments"
more strictly in
pf(4).
RFC 8021 "IPv6 Atomic Fragments Considered Harmful" deprecates
generating atomic fragments, so do not send them anymore.
- Depending on the addresses,
ipsecctl(8)
may automatically group SA bundles together.
To make clear what is going on, the kernel provides this
information and ipsecctl -s sa prints IPsec SA bundles.
- A new routing socket message type, RTM_PROPOSAL, was added to
facilitate future improvements to the network configuration process.
- ...
- Installer improvements:
- The installer now uses privilege separation for fetching and
verifying the install sets.
- Install sets are now fetched over an HTTPS connection by default
when using a mirror that supports it.
- The installer now considers all of the DHCP information in filename,
bootfile-name, server-name, tftp-server-name, and next-server when
attempting to do automatic installs or upgrades.
- The installer no longer adds a route to an alias IP via 127.0.0.1, due
to improvements in the kernel routing components.
- ...
- Routing daemons and other userland network improvements:
- ping(8) and
ping6(8) are now the same
binary and share the engine.
- ripd(8) now supports
p2p links with addresses in different subnets.
- UDP speakers can specify an IPv4 source address using
IP_SENDSRCADDR.
iked(8)
and snmpd(8) now
use the proper source address when sending replies.
- snmpd(8) now
supports multiple listening sockets.
- ospfd(8) and
ospf6d(8) now cope
with interface MTU change at runtime.
- bgpd(8) now supports
BGP Large Communities
(RFC 8092).
- bgpd(8) now supports
BGP Administrative Shutdown Communication
(draft-ietf-idr-shutdown).
- ...
- Security improvements:
- Enforcement of userland W^X on OCTEON Plus and later.
- All shared libraries, all dynamic and static-PIE executables, and
ld.so(1) itself use
the RELRO ("read-only after relocation") design such that
more of the initial data is protected as read-only.
- The size of user virtual address space has been increased
from 2GB to 1TB on mips64.
- PIE and -static -pie on arm (XXX someone please explain this better).
- route6d(8) now
runs with fewer privileges.
- For incoming TLS connections
syslogd(8)
can validate client certificates with a given CA file.
- The privileged parent process of
syslogd(8)
calls
exec(2)
to reshuffle its random memory layout.
- New function
recallocarray(3)
to reduce the risk of incorrect clearing of memory before and after
reallocarray(3).
- SHA512_256 family
of functions added to libc.
- arm added to the list of archs where the
setjmp(3)
family of functions apply XOR cookies to stack and return-address
values in the jmpbuf.
- printf(3) family
of formatting functions now report to syslog when the %s
format is used with a NULL pointer.
- Heap buffer overflow detection has been improved when the C
malloc(3) option is used.
The existing S option now includes C.
- Support for permitting non-root users to
mount(8) filesystems
has been removed.
- ...
- dhclient(8)/
dhcpd(8)/
dhcrelay(8) improvements:
- Add DHO_BOOTFILE_NAME and DHO_TFTP_SERVER to the options requested by default.
- Add support for RFC 6842 (Client Identifier Option in DHCP Server Replies).
- Stop leaking option data received on the udp socket.
- Stop pretending we use RFC 3046/Option 82/Relay Agent Information.
- Stop recording ignored DHO_ROUTERS and DHO_STATIC_ROUTES options in the effective lease.
- Use only leases from no SSID or the current SSID when restarting.
- Reduce default values for various timeouts to something more
appropriate to modern networks.
- Fix issues with redundant dhcpd servers and CARP'd interfaces.
- Switch to standard logging functions
- vmm(4)/
vmd(8) improvements:
- Support for i386 hosts
- Support for AMD SVM hosts (i386/amd64)
- Better interrupt handling and legacy device emulation
- vmm(4) no longer
requires VMX unrestricted guest capability (Nehalem and later CPUs
are sufficient)
- Removed bounce buffers prevoiusly used by
vmd(8) for
vio(4) and
vioblk(4) devices.
- Support VMs with > 2GB RAM
- vmd(8) now uses
fork+exec model
- More
pledge(2) usage across
vmd(8)
- vm.conf(5)
expanded to include VM ownership rules (uid/gid)
- vmd(8) support for
basic boot> options (eg, "-s" for single user mode)
- vmd(8)/
vm.conf(5) now
supports automatic
bridge(4) and
switch(4) configuration
for VM network interfaces
- vmctl(8) supports
graceful VM shutdown via
vmmci(4)
- Assorted improvements:
- New syspatch(8)
utility for security and reliability binary updates to the base
system.
- acme-client(1), a
privilege separated Automatic Certificate Management Environment
(ACME) client written by Kristaps Dzonsons has been imported.
- New, simplified
xenodm(1)
X11 display manager forked from
xdm(1).
- Unicode version 8 character properties in the C library.
- Partial UTF-8 line editing support for
ksh(1) Vi input mode.
- UTF-8 support in
column(1).
- The performance and concurrency of the
malloc(3) family
in multi-threaded processes has been improved.
- Estonian keyboard support.
- read(2) on
directories now fails instead of returning 0.
- Support for the RES_USE_EDNS0 and RES_USE_DNSSEC
flags has been added to the
resolver(3)
implementation.
- syslogd(8)
limits the socket buffer for TCP an TLS connections to 64K
to avoid wasting kernel memory.
- syslogd(8)
supports the option -Z to print the timestamp in RFC 5424
ISO format.
This logs everything in UTC including the year, timezone
and fractions of seconds.
The default is still RFC 3164 BSD syslog time format.
- The
syslogd(8)
options -a, -T, and -U can be given more than once to specify
multiple input sources.
- Improve the
syslogd(8)
output and diagnostics in case the klog buffer
overflows.
- Make SIGHUP handling in
syslogd(8)
more reliable.
- An NMI sends the amd64 kernel into
ddb(4)
more reliably.
- ld.so(1) now
supports the DT_PREINITARRAY, DT_INITARRAY, DT_FINIARRAY, DT_FLAGS,
and DT_RUNPATH dynamic tags.
- kdump(1)
now dumps the fds returned by
pipe(2) and
socketpair(2).
- Added support to doas(1)
for session-locked persistent authentication.
- Use a hardware register for the thread pointer on arm for improved
performance in multi-threaded processes.
- SGI boot blocks now consult the OpenBSD
disklabel(5)
to locate the root filesystem.
This reduces constraints on disk partitioning.
- iec(4)
no longer hangs when its transmit ring gets full.
- sq(4)
has been fixed to accept broadcast frames in non-promiscuous mode
when no IP address is configured.
This lets the interface work with DHCP.
- Multiprocessor-safe PCI interrupt handlers are run
without the kernel lock on OpenBSD/sgi.
- fdisk(8) now unconditionally
sets the size of the protective MBR's EFI GPT partition to UINT32_MAX.
- fdisk(8) now respects the
current MBR or GPT format when initializing a disk.
- softraid(4) now uses
sufficient parallel i/o's to efficiently rebuild RAID5 volumes.
- asr now accepts UDP
packets of up to 4096 bytes to account for broken DNS servers.
- umass(4) no longer assumes
that ATAPI or UFI devices have only 1 LUN.
- scsi(4) now correctly
detects end of tape on LTO5 devices.
- ...
- OpenSMTPD 6.0.0
- OpenSSH 7.4
- LibreSSL 2.5.1
- mandoc 1.14.1
- Ports and packages:
- ...
- Many pre-built packages for each architecture:
- alpha: XXXX
- amd64: XXXX
- arm: XXXX
|
- hppa: XXXX
- i386: XXXX
- mips64: XXXX
|
- mips64el: XXXX
- powerpc: XXXX
- sparc64: XXXX
|
- Some highlights:
- AFL 2.39b
- Chromium 57.0.2987.110
- Emacs 21.4 and 25.1
- GCC 4.9.4
- GHC 7.10.3
- Gimp 2.8.18
- GNOME 3.22.2
- Go 1.8
- Groff 1.22.3
- JDK 7u80 and 8u121
- KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
- LLVM/Clang 4.0.0
- LibreOffice 5.2.4.2
- Lua 5.1.5, 5.2.4, and 5.3.4
- MariaDB 10.0.30
- Mono 4.6.2.6
- Mozilla Firefox 52.0esr and 52.0
- Mozilla Thunderbird 45.8.0
|
- Mutt 1.8.0
- Node.js 6.10.0
- Ocaml 4.03.0
- OpenLDAP 2.3.43 and 2.4.44
- PHP 5.5.38, 5.6.30, and 7.0.16
- Postfix 3.2.0 and 3.3-20170218
- PostgreSQL 9.6.2
- Python 2.7.13, 3.4.5, 3.5.2 and 3.6.0
- R 3.3.3
- Ruby 1.8.7.374, 2.1.9, 2.2.6, 2.3.3 and 2.4.0
- Rust 1.16.0
- Sendmail 8.15.2
- SQLite3 3.17.0
- Sudo 1.8.19.2
- Tcl/Tk 8.5.18 and 8.6.4
- TeX Live 2015
- Vim 8.0.0388
- Xfce 4.12
|
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.7 with xserver 1.18.3 + patches,
freetype 2.7.1, fontconfig 2.12.1, Mesa 13.0.6, xterm 327,
xkeyboard-config 2.20 and more)
- GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.24.1 (+ patches)
- NSD 4.1.15
- Unbound 1.6.1
- Ncurses 5.7
- Binutils 2.17 (+ patches)
- Gdb 6.3 (+ patches)
- Awk Aug 10, 2011 version
- Expat 2.1.1
How to install
Please refer to the following files on the mirror site for
extensive details on how to install OpenBSD 6.1 on your machine:
Quick installer information for people familiar with OpenBSD, and the use of
the "disklabel -E" command.
If you are at all confused when installing OpenBSD, read the relevant
INSTALL.* file as listed above!
OpenBSD/alpha:
-
Write floppy61.fs or floppyB61.fs (depending on your machine)
to a diskette and enter boot dva0.
Refer to INSTALL.alpha for more details.
-
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
OpenBSD/amd64:
-
If your machine can boot from CD, you can write install61.iso or
cd61.iso to a CD and boot from it.
You may need to adjust your BIOS options first.
-
If your machine can boot from USB, you can write install61.fs or
miniroot61.fs to a USB stick and boot from it.
-
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
-
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
OpenBSD/armv7:
-
Write a system specific miniroot to an SD card and boot from it after connecting
to the serial console. Refer to INSTALL.armv7 for more details.
OpenBSD/hppa:
-
Boot over the network by following the instructions in INSTALL.hppa or the
hppa platform page.
OpenBSD/i386:
-
If your machine can boot from CD, you can write install61.iso or
cd61.iso to a CD and boot from it.
You may need to adjust your BIOS options first.
-
If your machine can boot from USB, you can write install61.fs or
miniroot61.fs to a USB stick and boot from it.
-
If you can't boot from a CD, floppy disk, or USB,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
-
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
OpenBSD/landisk:
-
Write miniroot61.fs to the start of the CF
or disk, and boot normally.
OpenBSD/loongson:
-
Write miniroot61.fs to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
OpenBSD/luna88k:
-
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and then bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
OpenBSD/macppc:
-
Burn the image from a mirror site to a CDROM, and power on your machine
while holding down the C key until the display turns on and
shows OpenBSD/macppc boot.
-
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
/6.1/macppc/bsd.rd
OpenBSD/octeon:
-
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
OpenBSD/sgi:
-
To install, burn cd61.iso on a CD-R, put it in the CD drive of your
machine and select Install System Software from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
-
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
OpenBSD/sparc64:
-
Burn the image from a mirror site to a CDROM, boot from it, and type
boot cdrom.
-
If this doesn't work, or if you don't have a CDROM drive, you can write
floppy61.fs or floppyB61.fs
(depending on your machine) to a floppy and boot it with boot
floppy. Refer to INSTALL.sparc64 for details.
-
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
-
You can also write miniroot61.fs to the swap partition on
the disk and boot with boot disk:b.
-
If nothing works, you can boot over the network as described in INSTALL.sparc64.
How to upgrade
If you already have an OpenBSD 6.0 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
Notes about the source code
src.tar.gz contains a source archive starting at /usr/src.
This file contains everything you need except for the kernel sources,
which are in a separate archive.
To extract:
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
Ports Tree
A ports tree archive is also provided. To extract:
# cd /usr
# tar xvfz /tmp/ports.tar.gz
Go read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
The ports/ directory represents a CVS checkout of our ports.
As with our complete source tree, our ports tree is available via
AnonCVS.
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree
with a command like:
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_6_1
[Of course, you must replace the server name here with a nearby anoncvs
server.]
Note that most ports are available as packages on our mirrors. Updated
ports for the 6.1 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
ports@openbsd.org is a good place to know.