OpenBSD 6.0 is now available

Share this on:
Written by david on 02 september 2016.
Tech-news --> Comment in Forum


OpenBSD is a fully functional, multi-platform UN*X-like Operating System based on Berkeley Networking Release 2 (Net/2) and 4.4BSD-Lite Only two remote holes in the default install, in a heck of a long time! In ver 6.0 there are many ARMv7 platform improvements.A complete list of supported armv7 hardware can be found here . Linux-only binary emulation being removed.Updates to all the Open*/Libre packages like LibreSSL and OpenSSH.


  • New/extended platforms:
    • armv7
      • EFI bootloader added, kernels are now loaded from FFS instead of FAT or EXT filesystems, without U-Boot headers.
      • A single kernel and ramdisk are now used for all SoCs.
      • Hardware is dynamically enumerated via Flattened Device Tree (FDT) instead of via static tables based on board id numbers.
      • Miniroot installer images include U-Boot 2016.07 with support for EFI payloads.
    • vax
      • Removed.
  • LibreSSL 2.4.2
    • User-visible features:
      • Fixed some broken manpage links in the install target.
      • cert.pem has been reorganized and synced with Mozilla's certificate store.
      • Reliability fix, correcting an error when parsing certain ASN.1 elements over 16k in size.
      • Implemented the IETF ChaCha20-Poly1305 cipher suites.
      • Fixed password prompts from openssl(1) to properly handle ^C.
    • Code improvements:
      • Fixed an nginx compatibility issue by adding an 'install_sw' build target.
      • Changed default EVP_aead_chacha20_poly1305(3) implementation to the IETF version, which is now the default.
      • Reworked error handling in libtls so that configuration errors are more visible.
      • Added missing error handling around bn_wexpand(3) calls.
      • Added explicit_bzero(3) calls for freed ASN.1 objects.
      • Fixed X509_*set_object functions to return 0 on allocation failure.
      • Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
      • Fixed a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.
      • Fixed several issues in the OCSP code that could result in the incorrect generation and parsing of OCSP requests. This remediates a lack of error checking on time parsing in these functions, and ensures that only GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960.
    • The following CVEs have been fixed:
      • CVE-2016-2105—EVP_EncodeUpdate overflow.
      • CVE-2016-2106—EVP_EncryptUpdate overflow.
      • CVE-2016-2107—padding oracle in AES-NI CBC MAC check.
      • CVE-2016-2108—memory corruption in the ASN.1 encoder.
      • CVE-2016-2109—ASN.1 BIO excessive memory allocation.
Tech-news --> Comment in Forum
Share this on: