OpenBSD 5.7 Released

The start of May is the release time for yet another edition of OpenBSD and 2015 brings the release of OpenBSD 5.7.  This edition brings some excellent hardware support that will improve the users experience with the operating system, a range of installer improvements, removal of Nginx and Sendmail from the base, IPv6 has been further integrated into the kernel and a large range of security improvements.

Some highlights that interest me are:

  • New xhci(4) driver for USB 3.0 host controllers.
  • New iwm(4) driver for Intel 7260, 7265, and 3160 wifi cards.
  • The etc and xetc sets are now part of base and xbase and are not distributed separately anymore. They are extracted from base and xbase during installation and upgrades.  Note that this includes the rc and rc.conf files!
  • fdisk(8) now zeros out GPT signatures found when writing out an MBR that has been re-initialized and has no EFI or EFISYS partition.
  • nginx has been removed from base — use the package if you need it.
  • Sendmail has been removed from base — use the package if you need it.
  • IPv6 router solicitations are now sent by the kernel (“inet6 autoconf”); rtsol(8) and rtsold(8) are no longer necessary and have been removed.
  • Stricter enforcement of W^X in the kernel address space, especially on architectures with the right featureset (amd64, in particular, has seen substantial improvements).
  • /var/tmp is now a symbolic link to /tmp, as a first step towards reducing the “fill it up” attack surface against the /var partition.
  • Sync kernel AES code and ssh(1) AES code to the one shipped with OpenSSL/LibreSSL.
  • Removed passwd(1) support for all password ciphers except blowfish(3).
  • Use sha512 instead of md5 for tcp(4) initial sequence number.
  • Use sha512 instead of md5 in the random number generator.
  • New rcctl(8) utility to control daemons.
  • BIND has been retired, encouraging use of nsd(8) and unbound(8).
  • OpenBSD httpd(8)
  • OpenSMTPD 5.4.4
  • OpenSSH 6.8
  • MariaDB 10.0.16 replacing MySQL 5 in ports

Please support the project and purchase the CD set or make a donation.  Once you have done that and you want to get to work while you are waiting for your sets to arrive, simply choose your favorite mirror and get downloading – don’t download it from as it will be under extreme load updating mirrors.  For those in Australia, the mirror that is probably the best for all ISPs would be Aarnet.  You can directly go to your architecture of choice via this link.