fbpx
Wikipedia

OpenBSD

February 16, 2024

Not to be confused with FreeBSD.

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0.[4] The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.[5]

OpenBSD
Free, Functional, and Secure
OpenBSD 7.0 default desktop with various utilities: top, xterm, xcalc, and glxgears
DeveloperTheo de Raadt et al.
Written inC, assembly, Perl, Unix shell
OS familyUnix-like (BSD)
Working stateCurrent
Source modelOpen source
Initial releaseJuly 1996; 27 years ago (1996-07)
Latest release7.4 (16 October 2023; 3 months ago (2023-10-16)) [±]
Repository
  • cvsweb.openbsd.org/cgi-bin/cvsweb/
Package managerOpenBSD package tools[1]
PlatformsAlpha, x86-64, ARMv7, ARMv8 (64-bit), PA-RISC, IA-32, LANDISK, Loongson, Omron LUNA-88K, MIPS64, macppc, PowerPC, 64-bit RISC-V, SPARC64[2]
Kernel typeMonolithic
UserlandBSD
Default
user interface		Modified pdksh, X11 (FVWM)
LicenseBSD, ISC, other permissive licenses[3]
Official websitewww.openbsd.org

The OpenBSD project maintains portable versions of many subsystems as packages for other operating systems. Because of the project's preferred BSD license, which allows binary redistributions without the source code, many components are reused in proprietary and corporate-sponsored software projects. The firewall code in Apple's macOS is based on OpenBSD's PF firewall code,[6] Android's Bionic C standard library is based on OpenBSD code,[7] LLVM uses OpenBSD's regular expression library,[8] and Windows 10 uses OpenSSH (OpenBSD Secure Shell) with LibreSSL.[9]

The word "open" in the name OpenBSD refers to the availability of the operating system source code on the Internet, although the word "open" in the name OpenSSH means "OpenBSD". It also refers to the wide range of hardware platforms the system supports.[10] OpenBSD supports a variety of system architectures including x86-64, IA-32, ARM, PowerPC, and 64-bit RISC-V.

History

In December 1994, Theo de Raadt, a founding member of the NetBSD project, was asked to resign from the NetBSD core team over disagreements and conflicts with the other members of the NetBSD team.[11][4] In October 1995, De Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed by OpenBSD 2.0 in October of the same year.[12] Since then, the project has issued a release every six months, each of which is supported for one year.

On 25 July 2007, OpenBSD developer Bob Beck announced the formation of the OpenBSD Foundation, a Canadian non-profit organization formed to "act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."[13]

Usage statistics

 
Bar chart showing the proportion of users of each BSD variant from a 2005 BSD usage survey of 4330 users.[14][note 1]

It is hard to determine how widely OpenBSD is used, because the developers do not publish or collect usage statistics.

In September 2005, the BSD Certification Group surveyed 4330 individual BSD users, showing that 32.8% used OpenBSD,[14] behind FreeBSD with 77%, ahead of NetBSD with 16.3% and DragonFly BSD with 2.6%[note 1]. However, the authors of this survey clarified that it is neither "exhaustive" nor "completely accurate", since the survey was spread mainly through mailing lists, forums and word of mouth. This combined with other factors, like the lack of a control group, a pre-screening process or significant outreach outside of the BSD community, makes the survey unreliable for judging BSD usage globally.

Uses

Network appliances

OpenBSD features a robust TCP/IP networking stack, and can be used as a router[15] or wireless access point.[16] OpenBSD's security enhancements, built-in cryptography, and packet filter make it suitable for security purposes such as firewalls,[17] intrusion-detection systems, and VPN gateways.

Several proprietary systems are based on OpenBSD, including devices from Armorlogic (Profense web application firewall), Calyptix Security,[18] GeNUA,[19] RTMX,[20] and .vantronix.[21]

Other operating systems

Some versions of Microsoft's Services for UNIX, an extension to the Windows operating system to provide Unix-like functionality, use much of the OpenBSD code base that is included in the Interix interoperability suite,[22][23] developed by Softway Systems Inc., which Microsoft acquired in 1999.[24][25] Core Force, a security product for Windows, is based on OpenBSD's pf firewall.[26] The pf firewall is also found in other operating systems: including FreeBSD,[27] and macOS.[28]

Personal computers

OpenBSD ships with Xenocara,[29] an implementation of the X Window System, and is suitable as a desktop operating system for personal computers, including laptops.[30][31]: xl  As of September 2018, OpenBSD includes approximately 8000 packages in its software repository,[32] including desktop environments such as Lumina, GNOME, Plasma, and Xfce, and web browsers such as Firefox and Chromium.[33] The project also includes three window managers in the main distribution: cwm, FVWM (part of the default configuration for Xenocara), and twm.[34]

Servers

OpenBSD features a full server suite and can be configured as a mail server, web server, FTP server, DNS server, router, firewall, NFS file server, or any combination of these. Since version 6.8, OpenBSD has also shipped with native in-kernel WireGuard support.[35][36]

Security

See also: OpenBSD security features
 
OpenBSD console login and its messages

Shortly after OpenBSD was created, De Raadt was contacted by a local security software company named Secure Networks (later acquired by McAfee).[37][38] They were developing a network security auditing tool called Ballista,[note 2] which was intended to find and exploit software security flaws. This coincided with De Raadt's interest in security, so the two cooperated leading up to the release of OpenBSD 2.3.[39] This collaboration helped to define security as the focus of the OpenBSD project.[40]

OpenBSD includes numerous features designed to improve security, such as:

To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation, many programs have been written or adapted to make use of privilege separation, privilege revocation and chrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by the principle of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.[45] Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of the file system, prohibiting it from accessing areas that contain private or system files. Developers have applied these enhancements to OpenBSD versions of many common applications, such as tcpdump, file, tmux, smtpd, and syslogd.[46]

OpenBSD developers were instrumental in the creation and development of OpenSSH (aka OpenBSD Secure Shell), which is developed in the OpenBSD CVS repositories. OpenBSD Secure Shell is based on the original SSH.[47] It first appeared in OpenBSD 2.6 and is now by far the most popular SSH client and server, available on many operating systems.[48]

The project has a policy of continually auditing source code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted." He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment the compiler to warn against this specific problem."[49]

Security record

The OpenBSD website features a prominent reference to the system's security record. Until June 2002, it read:

Five years without a remote hole in the default install!

In June 2002, Mark Dowd of Internet Security Systems disclosed a bug in the OpenSSH code implementing challenge–response authentication.[50] This vulnerability in the OpenBSD default installation allowed an attacker remote access to the root account, which was extremely serious not only to OpenBSD, but also to the large number of other operating systems that were using OpenSSH by that time.[51] This problem necessitated the adjustment of the slogan on the OpenBSD website to:

One remote hole in the default install, in nearly 6 years!

The quote remained unchanged as time passed, until on 13 March 2007, when Alfredo Ortega of Core Security Technologies disclosed a network-related remote vulnerability.[52] The quote was subsequently changed to:

Only two remote holes in the default install, in a heck of a long time!

This statement has been criticized because the default install contains few running services, and many use cases require additional services.[53] Also, because the ports tree contains unaudited third-party software, it is easy for users to compromise security by installing or improperly configuring packages. However, the project maintains that the slogan is intended to refer to a default install and that it is correct by that measure.

One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean, and secure by default. The default install is quite minimal, which the project states is to ensure novice users "do not need to become security experts overnight",[54] which fits with open-source and code auditing practices considered important elements of a security system.[55] Additional services are to be enabled manually to make users think of the security implications first.

Alleged backdoor

On 11 December 2010, Gregory Perry, a former technical consultant for the Federal Bureau of Investigation (FBI), emailed De Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years prior to insert backdoors into the OpenBSD Cryptographic Framework. De Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase.[56][57] De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors was found.[58] De Raadt stated "I believe that NetSec was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product."[59]

Criticisms

In December 2017, Ilja van Sprundel, director at IOActive, gave a talk at the CCC[60] as well as DEF CON,[61] entitled "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities", in which he stated that although OpenBSD was the clear winner of the BSDs in terms of security, "Bugs are still easy to find in those kernels, even in OpenBSD".

Two years later, in 2019, a talk named "A systematic evaluation of OpenBSD's mitigations" was given[62] at the CCC, arguing that while OpenBSD has some effective mitigations, a significant part of them are "useless at best and based on pure luck and superstition", arguing for a more rational approach when it comes to designing them.[63]

Subprojects

Many open source projects started as components of OpenBSD, including:

Some subsystems have been integrated into other BSD operating systems,[72][73][74] and many are available as packages for use in other Unix-like systems.[75][76][77]

Linux administrator Carlos Fenollosa commented on moving from Linux to OpenBSD that the system is faithful to the Unix philosophy of small, simple tools that work together well: "Some base components are not as feature-rich, on purpose. Since 99% of the servers don't need the flexibility of Apache, OpenBSD's httpd will work fine, be more secure, and probably faster".[78] He characterized the developer community's attitude to components as: "When the community decides that some module sucks, they develop a new one from scratch. OpenBSD has its own NTPd, SMTPd and, more recently, HTTPd. They work great".[78] As a result, OpenBSD is relatively prolific in creating components that become widely reused by other systems.

OpenBSD runs nearly all of its standard daemons within chroot and privsep security structures by default, as part of hardening the base system.[78]

The Calgary Internet Exchange was formed in 2012, in part to serve the needs of the OpenBSD project.[79]

In 2017, Isotop,[80] a French project aiming to adapt OpenBSD to desktops and laptops, using xfce then dwm, started to be developed.[81]

Third-party components

OpenBSD includes a number of third-party components, many with OpenBSD-specific patches,[33] such as X.Org, Clang[82] (the default compiler on several architectures), GCC,[42][note 3] Perl, NSD, Unbound, ncurses, GNU binutils, GDB, and AWK.

Development

 
OpenBSD developers at c2k1 hackathon at MIT, June 2001
 
OpenBSD hackathon s2k17

Development is continuous, and team management is open and tiered. Anyone with appropriate skills may contribute, with commit rights being awarded on merit and De Raadt acting as coordinator.[31]: xxxv  Two official releases are made per year, with the version number incremented by 0.1,[83] and these are each supported for twelve months (two release cycles).[84] Snapshot releases are also available at frequent intervals.

Maintenance patches for supported releases may be applied using syspatch, manually or by updating the system against the patch branch of the CVS source repository for that release.[85] Alternatively, a system administrator may opt to upgrade to the next snapshot release using sysupgrade, or by using the -current branch of the CVS repository, in order to gain pre-release access to recently added features. The sysupgrade tool can also upgrade to the latest stable release version.

The generic OpenBSD kernel provided by default is strongly recommended for end users, in contrast to operating systems that recommend user kernel customization.[86]

Packages outside the base system are maintained by CVS through a ports tree and are the responsibility of the individual maintainers, known as porters. As well as keeping the current branch up to date, porters are expected to apply appropriate bug-fixes and maintenance fixes to branches of their package for OpenBSD's supported releases. Ports are generally not subject to the same continuous auditing as the base system due to lack of manpower.

Binary packages are built centrally from the ports tree for each architecture. This process is applied for the current version, for each supported release, and for each snapshot. Administrators are recommended to use the package mechanism rather than build the package from the ports tree, unless they need to perform their own source changes.

OpenBSD's developers regularly meet at special events called hackathons,[87] where they "sit down and code", emphasizing productivity.[88]

Most new releases include a song.[89]

Open source and open documentation

OpenBSD is known for its high-quality documentation.[90][91]

When OpenBSD was created, De Raadt decided that the source code should be available for anyone to read. At the time, a small team of developers generally had access to a project's source code.[92] Chuck Cranor[93] and De Raadt concluded this practice was "counter to the open source philosophy" and inconvenient to potential contributors. Together, Cranor and De Raadt set up the first public, anonymous revision control system server. De Raadt's decision allowed users to "take a more active role", and established the project's commitment to open access.[92] OpenBSD is notable for its continued use of CVS (more precisely an unreleased, OpenBSD-managed fork named OpenCVS), when most other projects that used it have migrated to other systems.[94]

OpenBSD does not include closed source binary drivers in the source tree, nor do they include code requiring the signing of non-disclosure agreements.[95] According to the GNU Project, OpenBSD includes small "blobs" of proprietary object code as device firmware.[96]

Since OpenBSD is based in Canada, no United States export restrictions on cryptography apply, allowing the distribution to make full use of modern algorithms for encryption. For example, the swap space is divided into small sections and each section is encrypted with its own key, ensuring that sensitive data does not leak into an insecure part of the system.[17]

OpenBSD randomizes various behaviors of applications, making them less predictable and thus more difficult to attack. For example, PIDs are created and associated randomly to processes; the bind system call uses random port numbers; files are created with random inode numbers; and IP datagrams have random identifiers.[97] This approach also helps expose bugs in the kernel and in user space programs.

The OpenBSD policy on openness extends to hardware documentation: in the slides for a December 2006 presentation, De Raadt explained that without it "developers often make mistakes writing drivers", and pointed out that "the [oh my god, I got it to work] rush is harder to achieve, and some developers just give up."[98] He went on to say that vendor-supplied binary drivers are unacceptable for inclusion in OpenBSD, that they have "no trust of vendor binaries running in our kernel" and that there is "no way to fix [them] ... when they break."[98]

Licensing

See also: Comparison of free and open-source software licenses and Free software license

OpenBSD maintains a strict license policy,[3] preferring the ISC license and other variants of the BSD license. The project attempts to "maintain the spirit of the original Berkeley Unix copyrights," which permitted a "relatively un-encumbered Unix source distribution."[3] The widely used Apache License and GNU General Public License are considered overly restrictive.[99]

In June 2001, triggered by concerns over Darren Reed's modification of IPFilter's license wording, a systematic license audit of the OpenBSD ports and source trees was undertaken.[100] Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the license. To ensure that all licenses were properly adhered to, an attempt was made to contact all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, such as the multicast routing tools mrinfo and map-mbone, were relicensed so that OpenBSD could continue to use them.[101][102] Also removed during this audit was all software produced by Daniel J. Bernstein. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort.[103][104][105]

Because of licensing concerns, the OpenBSD team has reimplemented software from scratch or adopted suitable existing software. For example, OpenBSD developers created the PF packet filter after unacceptable restrictions were imposed on IPFilter. PF first appeared in OpenBSD 3.0[106] and is now available in many other operating systems.[107] OpenBSD developers have also replaced GPL-licensed tools (such as CVS and pkg-config) with permissively licensed equivalents.[108][109]

Funding

Although the operating system and its portable components are used in commercial products, De Raadt says that little of the funding for the project comes from the industry: "traditionally all our funding has come from user donations and users buying our CDs (our other products don't really make us much money). Obviously, that has not been a lot of money."[83]

For a two-year period in the early 2000s, the project received funding from DARPA, which "paid the salaries of 5 people to work completely full-time, bought about $30k in hardware, and paid for 3 hackathons", from the POSSE project.[83]

In 2006, the OpenBSD project experienced financial difficulties.[110] The Mozilla Foundation[111] and GoDaddy[112] are among the organizations that helped OpenBSD to survive. However, De Raadt expressed concern about the asymmetry of funding: "I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15-to-1 dollar ratio in favor of the little people. Thanks a lot, little people!"[83]

On 14 January 2014, Bob Beck issued a request for funding to cover electrical costs. If sustainable funding was not found, Beck suggested the OpenBSD project would shut down.[113] The project soon received a US$20,000 donation from Mircea Popescu, the Romanian creator of the MPEx bitcoin stock exchange, paid in bitcoins.[114] The project raised US$150,000[115] in response to the appeal, enabling it to pay its bills and securing its short-term future.[114]

OpenBSD Foundation

OpenBSD Foundation
FormationJuly 25, 2007; 16 years ago (2007-07-25)
FounderOpenBSD developers
Legal statusNonprofit organization
Location
Websitewww.openbsdfoundation.org
ASN
  • 22512

The OpenBSD Foundation is a Canadian federal non-profit organization founded by the OpenBSD project as a "single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."[116] It was announced to the public by OpenBSD developer Bob Beck on 25 July 2007. It also serves as a legal safeguard over other projects which are affiliated with OpenBSD, including OpenSSH, OpenBGPD, OpenNTPD, OpenCVS, OpenSMTPD and LibreSSL.[117]

Since 2014, several large contributions to the OpenBSD Foundation have come from corporations such as Microsoft,[118] Facebook, and Google as well as the Core Infrastructure Initiative.[119]

In 2015, Microsoft became the foundation's first gold level contributor[120] donating between $25,000-50,000 to support development of OpenSSH, which had been integrated into PowerShell in July, and later into Windows Server in 2018.[121] Other contributors include Google, Facebook and DuckDuckGo.[122]

During the 2016 and 2017 fundraising campaigns, Smartisan, a Chinese company, was the leading financial contributor to the OpenBSD Foundation.[123][124]

Distribution

OpenBSD is freely available in various ways: the source can be retrieved by anonymous CVS,[125] and binary releases and development snapshots can be downloaded by FTP, HTTP, and rsync.[126] Prepackaged CD-ROM sets through version 6.0 can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, have been one of the project's few sources of income, funding hardware, Internet service, and other expenses.[127] Beginning with version 6.1, CD-ROM sets are no longer released.

OpenBSD provides a package management system for easy installation and management of programs which are not part of the base operating system.[128] Packages are binary files which are extracted, managed and removed using the package tools. On OpenBSD, the source of packages is the ports system, a collection of Makefiles and other infrastructure required to create packages. In OpenBSD, the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 4.6 are not suitable for use with 4.5 and vice versa.[128]

Songs and artwork

 
3D-rendered, animated OpenBSD mascot Puffy
 
OpenBSD 2.3 cover

Initially, OpenBSD used a haloed version of the BSD daemon mascot drawn by Erick Green, who was asked by De Raadt to create the logo for the 2.3 and 2.4 versions of OpenBSD. Green planned to create a full daemon, including head and body, but only the head was completed in time for OpenBSD 2.3. The body as well as pitchfork and tail was completed for OpenBSD 2.4.[129]

Subsequent releases used variations such as a police daemon by Ty Semaka,[130] but eventually settled on a pufferfish named Puffy.[131] Since then, Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork.

The promotional material of early OpenBSD releases did not have a cohesive theme or design, but later the CD-ROMs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the Plaid Tongued Devils.[89] These have become a part of OpenBSD advocacy, with each release expounding a moral or political point important to the project, often through parody.[132]

Themes have included Puff the Barbarian in OpenBSD 3.3, which included an 80s rock song and parody of Conan the Barbarian alluding to open documentation,[89] The Wizard of OS in OpenBSD 3.7, related to the project's work on wireless drivers, and Hackers of the Lost RAID, a parody of Indiana Jones referencing the new RAID tools in OpenBSD 3.8.

Releases

The following table summarizes the version history of the OpenBSD operating system.

Legend: Old version, not maintained Older version, still maintained Current stable version Latest preview version Future release
Version Release date Supported until Significant changes
Old version, no longer maintained: 1.1 18 October 1995
  • OpenBSD CVS repository created by Theo de Raadt.[133]
  • While the version number used at this stage was 1.1,[note 4] OpenBSD 1.1 was not an official OpenBSD release in the sense which this term subsequently came to be used.
Old version, no longer maintained: 1.2 1 July 1996
  • Creation of the intro(9) man page, for documenting kernel internals.
  • Integration of the update(8) command into the kernel.
  • As before, while this version number was used in the early development of the OS, OpenBSD 1.2 was not an official release in the subsequently applicable sense.
Old version, no longer maintained: 2.0 1 October 1996
Old version, no longer maintained: 2.1 1 June 1997 Replacement of the older sh with pdksh.[136]
Old version, no longer maintained: 2.2 1 December 1997 Addition of the afterboot(8) man page.[137]
Old version, no longer maintained: 2.3 19 May 1998 Introduced the haloed daemon, or aureola beastie, in head-only form created by Erick Green.[138]
Old version, no longer maintained: 2.4 1 December 1998 Featured the complete haloed daemon, with trident and a finished body.[139]
Old version, no longer maintained: 2.5 19 May 1999 Introduced the Cop daemon image done by Ty Semaka.[140]
Old version, no longer maintained: 2.6 1 December 1999 Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite.[141]
Old version, no longer maintained: 2.7 15 June 2000 Support for SSH2 added to OpenSSH.[142]
Old version, no longer maintained: 2.8 1 December 2000 isakmpd(8)[143]
Old version, no longer maintained: 2.9 1 June 2001

Filesystem performance increases from softupdates and dirpref code.[144]

Old version, no longer maintained: 3.0 1 December 2001

E-Railed (OpenBSD Mix),[145] a techno track performed by the release mascot Puff Daddy, the famed rapper and political icon.

Old version, no longer maintained: 3.1 19 May 2002 Systemagic,[146] where Puffy, the Kitten Slayer, battles evil script kitties. Inspired by the works of Rammstein and a parody of Buffy the Vampire Slayer.
  • First official remote security hole - OpenSSH integer overflow[147]
Old version, no longer maintained: 3.2 1 November 2002 Goldflipper,[148] a tale in which James Pond, agent 077, super spy and suave lady's man, deals with the dangers of a hostile internet. Styled after the orchestral introductory ballads of James Bond films.
Old version, no longer maintained: 3.3 1 May 2003

Puff the Barbarian,[149] born in a tiny bowl; Puff was a slave, now he hacks through the C, searching for the Hammer. It is an 80s rock-style song and parody of Conan the Barbarian dealing with open documentation.

  • In 2003, code from ALTQ, which had a license disallowing the sale of derivatives, was relicensed, integrated into pf and made available in OpenBSD 3.3.
  • First release adding the W^X feature, a fine-grained memory permissions layout, ensuring that memory which can be written to by application programs can not be executable at the same time and vice versa.
Old version, no longer maintained: 3.4 1 November 2003

The Legend of Puffy Hood where Sir Puffy of Ramsay,[150] a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all. Tells of the POSSE project's cancellation. An unusual blend of both hip-hop and medieval-style music, a parody of the tale of Robin Hood intended to express OpenBSD's attitude to free speech.

Old version, no longer maintained: 3.5 1 May 2004

CARP License and Redundancy must be free,[154] where a fish seeking to license his free redundancy protocol, CARP, finds trouble with the red tape. A parody of the Fish License skit and Eric the Half-a-Bee Song by Monty Python, with an anti-software patents message.

  • CARP, an open alternative to the HSRP and VRRP redundancy systems available from commercial vendors.[155][156]
  • GPL licensed parts of the GNU tool-set, bc,[157] dc,[158] nm[159] and size,[160] were all replaced with BSD licensed equivalents.
  • AMD64 platform becomes stable enough for release and is included for the first time as part of a release.
Old version, no longer maintained: 3.6 1 November 2004

Pond-erosa Puff (live) was the tale of Pond-erosa Puff,[161] a no-guff freedom fighter from the wild west, set to hang a lickin' on no-good bureaucratic nerds who encumber software with needless words and restrictions. The song was styled after the works of Johnny Cash, a parody of the Spaghetti Western and Clint Eastwood and inspired by liberal license enforcement.

  • OpenNTPD, a compatible alternative to the reference NTP daemon, was developed within the OpenBSD project. The goal of OpenNTPD was not solely a compatible license. It also aims to be a simple, secure NTP implementation providing acceptable accuracy for most cases, without requiring detailed configuration.[162][163]
  • Because of its questionable security record and doubts of developers for better future development, OpenBSD removed Ethereal from its ports tree prior to its 3.6 release.
  • Added support for I2C master/slave devices[163]
Old version, no longer maintained: 3.7 19 May 2005 The Wizard of OS,[164] where Puffathy, a little Alberta girl, must work with Taiwan to save the day by getting unencumbered wireless. This release was styled after the works of Pink Floyd and a parody of The Wizard of Oz; this dealt with wireless hacking.[165]
Old version, no longer maintained: 3.8 1 November 2005 1 November 2006 Hackers of the Lost RAID,[166] which detailed the exploits of Puffiana Jones, famed hackologist and adventurer, seeking out the Lost RAID, Styled after the radio serials of the 1930s and 40s, this was a parody of Indiana Jones and was linked to the new RAID tools featured as part of this release. This is the first version released without the telnet daemon which was completely removed from the source tree by Theo de Raadt in May 2005.[167]
Old version, no longer maintained: 3.9 1 May 2006 1 May 2007

Attack of the Binary BLOB,[169] which chronicles the developer's fight against binary blobs and vendor lock-in,[170] a parody of the 1958 film The Blob and the pop-rock music of the era.

  • Enhanced OpenBGPD feature-set.
  • Improved hardware sensors support, including a new IPMI subsystem and a new I2C scan subsystem; number of drivers using the sensors framework increased to a total of 33 drivers (compared to 9 in the prior 3.8 release 6 months ago).[153][170]
Old version, no longer maintained: 4.0 1 November 2006 1 November 2007 Humppa Negala,[171] a Hava Nagilah parody with a portion of Entrance of the Gladiators and Humppa music fused together, with no story behind it, simply a homage to one of the OpenBSD developers' favorite genres of music.[172]
  • Second official remote security hole - buffer overflow by malformed ICMPv6 packets [173]
Old version, no longer maintained: 4.1 1 May 2007 1 May 2008 Puffy Baba and the 40 Vendors,[174] a parody of the Arabic fable Ali Baba and the Forty Thieves, part of the book of One Thousand and One Nights, in which Linux developers are mocked over their allowance of non-disclosure agreements when developing software while at the same time implying hardware vendors are criminals for not releasing documentation required to make reliable device drivers.[175]
  • Redesigned sysctl hw.sensors into a two-level sensor API;[176][177] a total of 46 device drivers exporting sensors through the framework with this release.[153]
Old version, no longer maintained: 4.2 1 November 2007 1 November 2008 100001 1010101,[178] the Linux kernel developers gets a knock for violating the ISC-style license of OpenBSD's open hardware abstraction layer for Atheros wireless cards.
  • Usability of sensorsd improved, allowing zero-configuration monitoring of smart sensors from the hw.sensors framework (e.g., IPMI or bio(4)-based), and easier configuration for monitoring of non-smart sensors.[179]
Old version, no longer maintained: 4.3 1 May 2008 1 May 2009 Home to Hypocrisy[180][181]
Old version, no longer maintained: 4.4 1 November 2008 18 October 2009

Trial of the BSD Knights,[182] summarizes the history of BSD including the USL v. BSDi lawsuit. The song was styled after the works of Star Wars.

Old version, no longer maintained: 4.5 1 May 2009 19 May 2010 Games. It was styled after the works of Tron.[185]
Old version, no longer maintained: 4.6 18 October 2009 1 November 2010 Planet of the Users.[188] In the style of Planet of the Apes, Puffy travels in time to find a dumbed-down dystopia, where "one very rich man runs the earth with one multinational". Open-source software has since been replaced by one-button computers, one-channel televisions, and closed-source software which, after you purchase it, becomes obsolete before you have a chance to use it. People subsist on soylent green. The theme song is performed in the reggae rock style of The Police.
  • smtpd(8), privilege-separated SMTP server
  • tmux(1) terminal multiplexer
  • The hw.sensors framework is used by 75 device drivers.[187]
Old version, no longer maintained: 4.7 19 May 2010 1 May 2011 I'm Still Here [189]
Old version, no longer maintained: 4.8 1 November 2010 1 November 2011 El Puffiachi.[190][191]
  • iked(8) IKEv2 daemon
  • ldapd(8) LDAP daemon
Old version, no longer maintained: 4.9 1 May 2011 1 May 2012 The Answer.[192]
  • rc.d(8) daemon control
Old version, no longer maintained: 5.0 1 November 2011 1 November 2012 What Me Worry?.[193]
Old version, no longer maintained: 5.1 1 May 2012 1 May 2014 Bug Busters. The song was styled after the works of Ghostbusters.[194]
Old version, no longer maintained: 5.2 1 November 2012 1 November 2013 Aquarela do Linux.[195]
Old version, no longer maintained: 5.3 1 May 2013 1 May 2014 Blade Swimmer. The song was styled after the works of Roy Lee, a parody of Blade Runner.[196]
Old version, no longer maintained: 5.4 1 November 2013 1 November 2014 Our favorite hacks, a parody of My Favorite Things.[197]
Old version, no longer maintained: 5.5 1 May 2014 1 May 2015 Wrap in Time.[198]
  • signify(1) cryptographic signatures of release and packages
  • 64bit time_t on all platforms (Y2K38 ready)
Old version, no longer maintained: 5.6 1 November 2014 18 October 2015 Ride of the Valkyries.[199]
Old version, no longer maintained: 5.7 1 May 2015 29 March 2016 Source Fish.[200]
  • rcctl(8) utility to control daemons
  • nginx(8) removed from base
  • procfs has been removed
Old version, no longer maintained: 5.8 18 October 2015 1 September 2016 20 years ago today, Fanza, So much better, A Year in the Life.[201]

(20th anniversary release[202])

  • doas(1) replacement of sudo
Old version, no longer maintained: 5.9 29 March 2016 11 April 2017 Doctor W^X, Systemagic (Anniversary Edition).[203]
  • W^X enforced in i386 kernel
  • pledge(2) process restriction
Old version, no longer maintained: 6.0 1 September 2016 9 October 2017 Another Smash of the Stack, Black Hat, Money, Comfortably Dumb (the misc song), Mother, Goodbye and Wish you were Secure, Release songs parodies of Pink Floyd's The Wall, Comfortably Numb and Wish You Were Here.[204]
  • vmm(4) virtualization (disabled by default)
  • Removed vax[205] and 32-bit SPARC[206] support
Old version, no longer maintained: 6.1 11 April 2017 15 April 2018 Winter of 95, a parody of Summer of '69.[207]
  • syspatch(8) utility for binary base system updates
  • new arm64 platform
Old version, no longer maintained: 6.2 9 October 2017 18 October 2018 A three-line diff[208]
  • inteldrm(4) Skylake/Kaby Lake/Cherryview devices
  • clang(1) base system compiler on i386 and amd64 platforms
Old version, no longer maintained: 6.3 2 April 2018 3 May 2019
  • SMP is supported on arm64 platforms.
  • Several parts of the network stack now run without KERNEL_LOCK().
  • Multiple security improvements have been made, including Meltdown/Spectre (variant 2) mitigations. Intel CPU microcode is loaded on boot on amd64.
  • pledge() has been modified to support "execpromises" (as the second argument).
Old version, no longer maintained: 6.4 18 October 2018 17 October 2019
  • unveil(2) filesystem visibility restriction.[209]
Old version, no longer maintained: 6.5 24 April 2019 19 May 2020
Old version, no longer maintained: 6.6 17 October 2019 18 October 2020
  • sysupgrade(8) automates upgrades to new releases or snapshots.[210]
  • amdgpu(4) AMD RADEON GPU video driver.
Old version, no longer maintained: 6.7 19 May 2020 1 May 2021
  • Made ffs2 the default filesystem type on installs except for landisk, luna88k and sgi.[211]
Old version, no longer maintained: 6.8 18 October 2020 14 October 2021
  • 25th anniversary release.
  • New powerpc64 platform.[212]
Old version, no longer maintained: 6.9 1 May 2021 21 April 2022[note 5]
Old version, no longer maintained: 7.0 14 October 2021 20 October 2022[note 5]
Old version, no longer maintained: 7.1 21 April 2022 10 April 2023[note 5]
  • 52nd release.[216]
  • loongson support was temporarily discontinued for this release.[217]
Old version, no longer maintained: 7.2 20 October 2022 16 October 2023[note 5]
Older version, yet still maintained: 7.3 10 April 2023 May 2024[note 5]
  • 54th release.[219]
  • Immutable permissions on address space regions.
  • "xonly" support on many architectures.
  • Support for full-disk encryption in the installer (via softraid driver)
Current stable version: 7.4 16 October 2023 November 2024[note 5]

See also

Notes

  1. ^ a b Multiple selections were permitted as users may use multiple BSD variants side by side.
  2. ^ Later renamed to Cybercop Scanner after SNI was purchased by Network Associates.
  3. ^ As of OpenBSD 6.3, either Clang 5.0.1, GCC 4.2.1 or GCC 3.3.6 is shipped, depending on the platform.[82][42]
  4. ^ Compare release history of NetBSD, which OpenBSD branched from
  5. ^ a b c d e f OpenBSD is released roughly every 6 months targeting May and November and only the latest two releases receive security and reliability fixes for the base system.[213]

References

  1. ^ "Package Management". OpenBSD Frequently Asked Questions. Retrieved 1 June 2016.
  2. ^ "Platforms". OpenBSD. Retrieved 3 September 2016.
  3. ^ a b c "Copyright Policy". OpenBSD. Retrieved 13 December 2011.
  4. ^ a b de Raadt, Theo (29 March 2009). "Archive of the mail conversation leading to Theo de Raadt's departure". Retrieved 15 January 2010.
  5. ^ OpenBSD Project (19 May 2020). "OpenBSD". OpenBSD.org. Retrieved 12 October 2020.
  6. ^ "Murus App, Apple PF for macOS from OpenBSD".
  7. ^ "Android's C Library Has 173 Files of Unchanged OpenBSD Code". Retrieved 8 October 2018.
  8. ^ "LLVM Release License". Retrieved 8 October 2018.
  9. ^ "OpenSSH for Windows". Retrieved 8 October 2018.
  10. ^ Grimes, Roger A. (29 December 2006). "New year's resolution No. 1: Get OpenBSD". InfoWorld.
  11. ^ Glass, Adam (23 December 1994). "Theo De Raadt". netbsd-users (Mailing list).
  12. ^ De Raadt, Theo (18 October 1996). "The OpenBSD 2.0 release". openbsd-announce (Mailing list).
  13. ^ "Announcing – The OpenBSD Foundation". OpenBSD Journal. 26 July 2007.
  14. ^ a b BSD Usage Survey (PDF) (Report). The BSD Certification Group. 31 October 2005. p. 9. Retrieved 16 September 2012.
  15. ^ "OpenBSD PF - Building a Router". Retrieved 8 August 2019.
  16. ^ "Building an OpenBSD wireless access point". Retrieved 8 August 2019.
  17. ^ a b McIntire, Tim (8 August 2006). "Take a closer look at OpenBSD". Developerworks. IBM. Retrieved 13 December 2011.
  18. ^ . Calyptix Security. Archived from the original on 2 December 2020. Retrieved 28 May 2016.
  19. ^ . GeNUA. Archived from the original on 19 September 2020. Retrieved 29 May 2016.
  20. ^ "RTMX O/S IEEE Real Time POSIX Operating Systems". RTMX. Retrieved 13 December 2011. RTMX O/S is a product extension to OpenBSD Unix-like operating system with emphasis on embedded, dedicated applications.
  21. ^ . Compumatica secure networks. Archived from the original on 1 January 2012. Retrieved 13 December 2011. The Next Generation Firewall is not a standalone device, it is a Router for operation in security critical environments with high requirements for availability, comprehensive support as well as reliable and trusted systems powered by OpenBSD.
  22. ^ Dohnert, Roberto J. (21 January 2004), , OSNews, David Adams, archived from the original on 11 February 2008
  23. ^ Reiter, Brian (26 January 2010). "WONTFIX: select(2) in SUA 5.2 ignores timeout". brianreiter.org.
  24. ^ "Microsoft Acquires Softway Systems To Strengthen Future Customer Interoperability Solutions", Microsoft News Center, Microsoft, 17 September 1999
  25. ^ . 2019. Archived from the original on 18 September 2020. Retrieved 23 June 2020.
  26. ^ , Core Labs, archived from the original on 28 November 2011, retrieved 13 December 2011, CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation.
  27. ^ "Chapter 31. Firewalls". The FreeBSD Project. Retrieved 3 December 2021.
  28. ^ "pf.c". opensource.apple.com. Retrieved 3 December 2021.
  29. ^ a b "About Xenocara". Xenocara. Retrieved 13 December 2011.
  30. ^ Tzanidakis, Manolis (21 April 2006). . Linux.com. Archived from the original on 5 May 2012. Retrieved 9 March 2012.
  31. ^ a b Lucas, Michael W. (April 2013). Absolute OpenBSD: Unix for the Practical Paranoid (2nd ed.). San Francisco, California: No Starch Press. ISBN 978-1-59327-476-4.
  32. ^ . OpenPorts.se. Archived from the original on 28 September 2020. Retrieved 8 February 2018.
  33. ^ a b "OpenBSD 6.0". OpenBSD. Retrieved 1 November 2016.
  34. ^ "The X Windows System". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016. OpenBSD ships with the cwm(1), fvwm(1) and twm(1) window managers, [...]
  35. ^ "OpenBSD 6.8". www.openbsd.org. Retrieved 3 December 2021.
  36. ^ "WireGuard imported into OpenBSD". undeadly.org. Retrieved 3 December 2021.
  37. ^ Varghese, Sam (8 October 2004). "Staying on the cutting edge". The Age. Retrieved 13 December 2011.
  38. ^ Laird, Cameron; Staplin, George Peter (17 July 2003). . ONLamp. Archived from the original on 22 October 2017. Retrieved 13 December 2011.
  39. ^ De Raadt, Theo (19 December 2005). "2.3 release announcement". openbsd-misc (Mailing list). Without [SNI's] support at the right time, this release probably would not have happened.
  40. ^ Wayner, Peter (13 July 2000). "18.3 Flames, Fights, and the Birth of OpenBSD". (1st ed.). HarperBusiness. ISBN 978-0-06-662050-3. Archived from the original on 22 January 2012. Retrieved 13 December 2011.
  41. ^ Miller, Todd C.; De Raadt, Theo (6 June 1999). strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
  42. ^ a b c "gcc-local – local modifications to gcc". OpenBSD manual pages. Retrieved 1 November 2016.
  43. ^ De Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D.; Provos, Niels (6 June 1999). Cryptography in OpenBSD: An Overview. USENIX Annual Technical Conference. Monterey, California. Retrieved 27 May 2016.
  44. ^ "Pledge() - A New Mitigation Mechanism". Retrieved 8 October 2018.
  45. ^ Provos, Niels (9 August 2003). . Archived from the original on 2 January 2012. Retrieved 13 December 2011.
  46. ^ "Innovations". OpenBSD. Retrieved 18 May 2016. Privilege separation: [...] The concept is now used in many OpenBSD programs, for example [...] etc.
  47. ^ "Project History and Credits". OpenSSH. Retrieved 13 December 2011.
  48. ^ "SSH usage profiling". OpenSSH. Retrieved 13 December 2011.
  49. ^ Biancuzzi, Federico (18 March 2004). . ONLamp. Archived from the original on 4 May 2018. Retrieved 13 December 2011.
  50. ^ "OpenSSH Remote Challenge Vulnerability". Internet Security Systems. 26 June 2002. Archived from the original on 8 September 2012. Retrieved 17 December 2005.
  51. ^ . Archived from the original on 6 January 2012.
  52. ^ "OpenBSD's IPv6 mbufs remote kernel buffer overflow". Core Security Technologies. 13 March 2007.
  53. ^ Brindle, Joshua (30 March 2008), "Secure doesn't mean anything", Security Blog, retrieved 13 December 2011
  54. ^ "Security". OpenBSD. Retrieved 13 December 2011. Secure by Default.
  55. ^ Wheeler, David A. (3 March 2003). "2.4. Is Open Source Good for Security?". Secure Programming for Linux and Unix HOWTO. Retrieved 13 December 2011.
  56. ^ De Raadt, Theo (14 December 2010). "Allegations regarding OpenBSD IPSEC". openbsd-tech (Mailing list). Retrieved 28 May 2016.
  57. ^ Holwerda, Thom (14 December 2010). "FBI Added Secret Backdoors to OpenBSD IPSEC". OSNews. Retrieved 13 December 2011.
  58. ^ Ryan, Paul (23 December 2010). "OpenBSD code audit uncovers bugs, but no evidence of backdoor". Ars Technica. Retrieved 9 January 2011.
  59. ^ Schwartz, Mathew J. (22 December 2010). . InformationWeek: DARKreading. Archived from the original on 11 July 2017.
  60. ^ Van Sprundel, Ilja (December 2017). "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities".
  61. ^ Van Sprundel, Ilja (July 2017). "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities" (PDF).
  62. ^ "Lecture: A systematic evaluation of OpenBSD's mitigations". December 2019.
  63. ^ "Is OpenBSD secure?". 29 December 2019.
  64. ^ "src/usr.sbin/httpd/". OpenBSD CVSWeb.
  65. ^ "web/obhttpd: OpenBSD http server". Freshports.
  66. ^ "LibreSSL". Retrieved 8 August 2019.
  67. ^ a b "OpenBGPD". Retrieved 8 August 2019.
  68. ^ . Archived from the original on 14 May 2017. Retrieved 8 August 2019.
  69. ^ "OpenNTPD". Retrieved 8 August 2019.
  70. ^ "OpenSMTPD". Retrieved 8 August 2019.
  71. ^ "OpenSSH". Retrieved 8 August 2019.
  72. ^ "Contents of /stable/10/crypto/openssh/README". svnweb.freebsd.org. Retrieved 19 May 2016. This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
  73. ^ "src/crypto/external/bsd/openssh/dist/README – view – 1.4". NetBSD CVS Repositories. Retrieved 19 May 2016.
  74. ^ "dragonfly.git/blob – crypto/openssh/README". gitweb.dragonflybsd.org. Retrieved 19 May 2016. This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
  75. ^ "Arch Linux – openssh 7.2p2-1 (x86_64)". Arch Linux. Retrieved 17 May 2016.
  76. ^ "openssh". OpenSUSE. Retrieved 17 May 2016.
  77. ^ "Debian – Details of package openssh-client in jessie". Debian. Retrieved 17 May 2016.
  78. ^ a b c "OpenBSD from a veteran Linux user perspective".
  79. ^ De Raadt, Theo (18 June 2013). "An Internet Exchange for Calgary" (PDF). Retrieved 9 October 2018.[permanent dead link]
  80. ^ "3hg | isotop - index". www.3hg.fr. Retrieved 6 May 2022.
  81. ^ pavroo. "Isotop". ArchiveOS. Retrieved 6 May 2022.
  82. ^ a b "clang-local – OpenBSD-specific behavior of LLVM/clang". OpenBSD manual pages. Retrieved 2 February 2018.
  83. ^ a b c d Andrews, Jeremy (2 May 2006). . KernelTrap. Archived from the original on 24 April 2013.
  84. ^ "OpenBSD's flavors". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
  85. ^ "Applying patches in OpenBSD". OpenBSD Frequently Asked Questions. Retrieved 15 May 2016.
  86. ^ "Migrating to OpenBSD". OpenBSD Frequently Asked Questions. Retrieved 4 January 2017.
  87. ^ "Hackathons". OpenBSD. Retrieved 18 May 2016.
  88. ^ "Interview: Theo de Raadt of OpenBSD". NewsForge. 28 March 2006. Retrieved 31 March 2016.
  89. ^ a b c "Release Songs". OpenBSD. Retrieved 22 May 2016.
  90. ^ Chisnall, David (20 January 2006). "BSD: The Other Free UNIX Family". InformIT. from the original on 4 April 2014.
  91. ^ Smith, Jesse (18 November 2013). "OpenBSD 5.4: Puffy on the Desktop". from the original on 29 April 2014.
  92. ^ a b Cranor, Chuck D.; De Raadt, Theo (6 June 1999). Opening the Source Repository with Anonymous CVS. USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
  93. ^ Cranor, Chuck D. "Chuck Cranor's Home Page". Retrieved 13 December 2011. I also hosted and helped create the first Anonymous CVS server on the Internet (the original anoncvs.openbsd.org [...]
  94. ^ Fresh, Andrew. "Why OpenBSD Developers Use CVS". Retrieved 30 August 2021.
  95. ^ "Project Goals". OpenBSD. Retrieved 18 May 2016. Integrate good code from any source with acceptable licenses. [...], NDAs are never acceptable.
  96. ^ . 10 December 2023. Archived from the original on 23 November 2023. Retrieved 10 December 2023.
  97. ^ De Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D.; Provos, Niels (6 June 1999). "Randomness Used Inside the Kernel". Cryptography in OpenBSD: An Overview. USENIX Annual Technical Conference. Monterey, California. Retrieved 1 February 2014.
  98. ^ a b De Raadt, Theo (5 December 2006). "Presentation at OpenCON". OpenBSD. Retrieved 13 December 2011.
  99. ^ Matzan, Jem (15 June 2005). "BSD cognoscenti on Linux". NewsForge. Linux.com. Retrieved 28 May 2016.
  100. ^ Gasperson, Tina (6 June 2001). . Linux.com. Archived from the original on 26 June 2008.
  101. ^ "src/usr.sbin/mrinfo/mrinfo.c – view – 1.7". cvsweb.openbsd.org. 31 July 2001. Retrieved 24 May 2016. New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
  102. ^ "src/usr.sbin/map-mbone/mapper.c – view – 1.5". cvsweb.openbsd.org. 31 July 2001. Retrieved 24 May 2016. New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
  103. ^ De Raadt, Theo (24 August 2001). . openbsd-misc (Mailing list). Archived from the original on 19 April 2016.
  104. ^ Bernstein, Daniel J. (27 August 2001). . openbsd-misc (Mailing list). Archived from the original on 4 February 2012.
  105. ^ Espie, Marc (28 August 2001). . openbsd-misc (Mailing list). Archived from the original on 19 April 2016.
  106. ^ Hartmeier, Daniel (10 June 2002). Design and Performance of the OpenBSD Stateful Packet Filter (pf). USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
  107. ^ The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly and OpenBSD. Reed Media Services. 2006. ISBN 0-9790342-0-5. Retrieved 19 May 2016.
  108. ^ "New BSD licensed CVS replacement for OpenBSD". 6 December 2004. Retrieved 9 October 2018.
  109. ^ "pkg-config(1)". Retrieved 9 October 2018.
  110. ^ "OpenBSD Project in Financial Danger". Slashdot. 21 March 2006. Retrieved 12 December 2014.
  111. ^ "Mozilla Foundation Donates $10K to OpenSSH". Slashdot. 4 April 2006. Retrieved 12 December 2014.
  112. ^ . The Hosting News. 19 April 2006. Archived from the original on 11 November 2006.
  113. ^ Beck, Bob (14 January 2014). "Request for Funding our Electricity". openbsd-misc (Mailing list). Retrieved 17 May 2016.
  114. ^ a b Bright, Peter (20 January 2014). "OpenBSD rescued from unpowered oblivion by $20K bitcoin donation". Ars Technica. Retrieved 20 January 2014.
  115. ^ "The OpenBSD Foundation 2014 Fundraising Campaign". OpenBSD Foundation. Retrieved 24 May 2014.
  116. ^ "Announcing - The OpenBSD Foundation". OpenBSD Journal. 26 July 2007. Retrieved 8 May 2014.
  117. ^ Brodkin, Jon (22 April 2014). "OpenSSL code beyond repair, claims creator of "LibreSSL" fork". Ars Technica. Retrieved 18 August 2021.
  118. ^ McAllister, Neil (8 July 2015). "Microsoft rains cash on OpenBSD Foundation, becomes top 2015 donor". The Register. Retrieved 27 May 2016.
  119. ^ "Contributors". OpenBSD Foundation. Retrieved 27 May 2016.
  120. ^ Vaughan-Nichols, Steven J. "Microsoft becomes OpenBSD's first gold contributor". ZDNet. Retrieved 18 August 2021.
  121. ^ Mackie, Kurt; 12 November 2018. "Microsoft Now Supports OpenSSH in Windows Server 2019 -- Redmondmag.com". Redmondmag. Retrieved 18 August 2021.{{cite web}}: CS1 maint: numeric names: authors list (link)
  122. ^ "Donate to the OpenBSD Foundation". www.openbsdfoundation.org. Retrieved 18 August 2021.
  123. ^ "OpenBSD Donors".
  124. ^ "Smartisan Makes Another Iridium Donation to the OpenBSD Foundation". OpenBSD Journal.
  125. ^ "Anonymous CVS". OpenBSD. Retrieved 13 December 2011.
  126. ^ "Mirrors". OpenBSD. Retrieved 22 May 2016.
  127. ^ . OpenBSD. Archived from the original on 19 December 2011. Retrieved 20 May 2016.
  128. ^ a b "Packages and Ports". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
  129. ^ "OpenBSD". mckusick.com. Retrieved 12 December 2014.
  130. ^ De Raadt, Theo (19 May 1999). . openbsd-announce (Mailing list). Archived from the original on 2 February 2014. OpenBSD 2.5 introduces the new Cop daemon image done by cartoonist Ty Semeka.
  131. ^ "OpenBSD 2.7". OpenBSD. Retrieved 22 May 2016.
  132. ^ Matzan, Jem (1 December 2006). . Software in Review. Archived from the original on 11 January 2012. Retrieved 13 December 2011. Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light.
  133. ^ "Undeadly". Retrieved 9 October 2018.
  134. ^ . Archived from the original on 18 October 1997.
  135. ^ "OpenBSD 2.0". Retrieved 9 October 2018.
  136. ^ "Release Notes". Retrieved 9 October 2018.
  137. ^ "Release Notes". Retrieved 9 October 2018.
  138. ^ "Release Notes". Retrieved 9 October 2018.
  139. ^ "Release Notes". Retrieved 9 October 2018.
  140. ^ "Release Notes". Retrieved 9 October 2018.
  141. ^ "Release Notes". Retrieved 9 October 2018.
  142. ^ "Release Notes". Retrieved 9 October 2018.
  143. ^ "OpenBSD 2.8 Changelog". Retrieved 10 August 2021.
  144. ^ "Release Notes". Retrieved 9 October 2018.
  145. ^ "Release Notes". Retrieved 9 October 2018.
  146. ^ "Release Notes". Retrieved 9 October 2018.
  147. ^ "Errata". Retrieved 9 October 2018.
  148. ^ "Release Notes". Retrieved 9 October 2018.
  149. ^ "Release Notes". Retrieved 9 October 2018.
  150. ^ "Release Notes". Retrieved 9 October 2018.
  151. ^ "p0f". Retrieved 9 October 2018.[permanent dead link]
  152. ^ a b c "OpenBSD Innovations". The OpenBSD project. Retrieved 12 September 2016.
  153. ^ a b c Constantine A. Murenin; Raouf Boutaba (17 March 2009). "6. Evolution of the framework". OpenBSD Hardware Sensors Framework (PDF). AsiaBSDCon 2009 Proceedings, 12–15 March 2009. Tokyo University of Science, Tokyo, Japan (published 14 March 2009). (PDF) from the original on 20 June 2010. Retrieved 4 March 2019. Alt URL
  154. ^ "Release Notes". Retrieved 9 October 2018.
  155. ^ Federico Biancuzzi (15 April 2004). . ONLamp. O'Reilly Media. Archived from the original on 8 May 2004. Retrieved 20 March 2019.
  156. ^ Federico Biancuzzi (6 May 2004). . ONLamp. O'Reilly Media. Archived from the original on 19 June 2004. Retrieved 20 March 2019.
  157. ^ "bc(1)". Retrieved 9 October 2018.
  158. ^ "dc(1)". Retrieved 9 October 2018.
  159. ^ "nm(1)". Retrieved 9 October 2018.
  160. ^ "size(1)". Retrieved 9 October 2018.
  161. ^ "Release Notes". Retrieved 9 October 2018.
  162. ^ "Release Notes". Retrieved 9 October 2018.
  163. ^ a b Federico Biancuzzi (28 October 2004). . ONLamp. O'Reilly Media. Archived from the original on 29 October 2004. Retrieved 20 March 2019.
  164. ^ "Release Notes". Retrieved 9 October 2018.
  165. ^ Federico Biancuzzi (19 May 2005). . ONLamp. O'Reilly Media. Archived from the original on 21 May 2005. Retrieved 20 March 2019.
  166. ^ "Release Notes". Retrieved 9 October 2018.
  167. ^ de Raadt, Theo. "CVS: cvs.openbsd.org: src". OpenBSD-CVS mailing list. Removed files: libexec/telnetd
  168. ^ Federico Biancuzzi (20 October 2005). . ONLamp. O'Reilly Media. Archived from the original on 27 December 2005. Retrieved 20 March 2019.
  169. ^ "Release Notes". Retrieved 9 October 2018.
  170. ^ a b Federico Biancuzzi (27 April 2006). . ONLamp. O'Reilly Media. Archived from the original on 12 May 2006. Retrieved 19 March 2019.
  171. ^ "Release Notes". Retrieved 9 October 2018.
  172. ^ Federico Biancuzzi (26 October 2006). . ONLamp. O'Reilly Media. Archived from the original on 10 March 2007. Retrieved 19 March 2019.
  173. ^ "Errata". Retrieved 9 October 2018.
  174. ^ "Release Notes". Retrieved 9 October 2018.
  175. ^ Federico Biancuzzi (3 May 2007). . ONLamp. O'Reilly Media. Archived from the original on 18 May 2008. Retrieved 19 March 2019.
  176. ^ Constantine A. Murenin (30 December 2006). Marco Peereboom (ed.). "New two-level sensor API". OpenBSD Journal. Retrieved 4 March 2019.
  177. ^ Constantine A. Murenin (17 April 2007). "4.3. What we have proposed and implemented". Generalised Interfacing with Microprocessor System Hardware Monitors. Proceedings of 2007 IEEE International Conference on Networking, Sensing and Control, 15–17 April 2007. London, United Kingdom: IEEE. pp. 901–906. doi:10.1109/ICNSC.2007.372901. ISBN 978-1-4244-1076-7. IEEE ICNSC 2007, pp. 901–906.
  178. ^ "Release Notes". Retrieved 9 October 2018.
  179. ^ Federico Biancuzzi (1 November 2007). . ONLamp. O'Reilly Media. Archived from the original on 13 October 2011. Retrieved 3 March 2019.
    • "Puffy's Marathon: What's New in OpenBSD 4.2 - ONLamp.com". OpenBSD Journal.
  180. ^ "Release Notes". Retrieved 9 October 2018.
  181. ^ Federico Biancuzzi (29 April 2008). . ONLamp. O'Reilly Media. Archived from the original on 6 May 2008. Retrieved 20 March 2019.
  182. ^ "Release Notes". Retrieved 9 October 2018.
  183. ^ Kurt Miller (2008). "OpenBSD's Position Independent Executable (PIE) Implementation". from the original on 12 June 2011. Retrieved 22 July 2011.
  184. ^ a b Federico Biancuzzi (3 November 2008). . O'Reilly Media. Archived from the original on 24 May 2012. Retrieved 3 March 2019.
  185. ^ "Release Notes". Retrieved 9 October 2018.
  186. ^ Federico Biancuzzi (15 June 2009). . O'Reilly Media. Archived from the original on 19 June 2009. Retrieved 19 March 2019.
  187. ^ a b Constantine A. Murenin (21 May 2010). "6.2. Evolution of drivers; Chart VII. Number of drivers using the sensors framework from OpenBSD 3.4 to 4.6.". OpenBSD Hardware Sensors — Environmental Monitoring and Fan Control (MMath thesis). University of Waterloo: UWSpace. hdl:10012/5234. Document ID: ab71498b6b1a60ff817b29d56997a418.
  188. ^ "Release Notes". Retrieved 9 October 2018.
  189. ^ "Release Notes". Retrieved 9 October 2018.
  190. ^ "Release Notes". Retrieved 9 October 2018.
  191. ^ "MARC". Retrieved 9 October 2018.
  192. ^ "Release Notes". Retrieved 9 October 2018.
  193. ^ "Release Notes". Retrieved 9 October 2018.
  194. ^ "Release Notes". Retrieved 9 October 2018.
  195. ^ "Release Notes". Retrieved 9 October 2018.
  196. ^ "Release Notes". Retrieved 9 October 2018.
  197. ^ "Release Notes". Retrieved 9 October 2018.
  198. ^ "Release Notes". Retrieved 9 October 2018.
  199. ^ "Release Notes". Retrieved 9 October 2018.
  200. ^ "Release Notes". Retrieved 9 October 2018.
  201. ^ "Release Notes". Retrieved 9 October 2018.
  202. ^ "MARC". Retrieved 9 October 2018.
  203. ^ "Release Notes". Retrieved 9 October 2018.
  204. ^ OpenBSD 6.0. ISBN 978-0-9881561-8-0. Retrieved 24 July 2016. {{cite book}}: |website= ignored (help)
  205. ^ "OpenBSD vax". OpenBSD. Retrieved 2 September 2016.
  206. ^ "OpenBSD sparc". OpenBSD. Retrieved 2 September 2016.
  207. ^ "OpenBSD 6.1". OpenBSD. Retrieved 11 April 2017.
  208. ^ "OpenBSD 6.2". OpenBSD.
  209. ^ "unveil(2)". OpenBSD. Retrieved 19 October 2018.
  210. ^ "OpenBSD 6.6". OpenBSD. Retrieved 17 January 2020.
  211. ^ "OpenBSD 6.7". OpenBSD. Retrieved 21 May 2020.
  212. ^ "OpenBSD 6.8". OpenBSD. Retrieved 18 October 2020.
  213. ^ "OpenBSD FAQ". OpenBSD. Retrieved 5 May 2021.
  214. ^ "OpenBSD 6.9". OpenBSD. Retrieved 2 May 2021.
  215. ^ a b "OpenBSD 7.0". OpenBSD. Retrieved 15 October 2021.
  216. ^ "OpenBSD 7.1". OpenBSD. Retrieved 21 April 2022.
  217. ^ . Archived from the original on 22 August 2022.
  218. ^ "OpenBSD 7.2". OpenBSD. Retrieved 20 October 2022.
  219. ^ "OpenBSD 7.3". OpenBSD. Retrieved 10 April 2023.
  220. ^ "OpenBSD 7.4". OpenBSD. Retrieved 16 October 2023.

External links

  • Official website  
  • GitHub mirror
  • OpenBSD manual pages
  • OpenBSD ports & packages (latest)
  • OpenBSD source code search

February 16, 2024
openbsd, confused, with, freebsd, security, focused, free, open, source, unix, like, operating, system, based, berkeley, software, distribution, theo, raadt, created, 1995, forking, netbsd, project, emphasizes, portability, standardization, correctness, proact. Not to be confused with FreeBSD OpenBSD is a security focused free and open source Unix like operating system based on the Berkeley Software Distribution BSD Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1 0 4 The OpenBSD project emphasizes portability standardization correctness proactive security and integrated cryptography 5 OpenBSDFree Functional and SecureOpenBSD 7 0 default desktop with various utilities top xterm xcalc and glxgearsDeveloperTheo de Raadt et al Written inC assembly Perl Unix shellOS familyUnix like BSD Working stateCurrentSource modelOpen sourceInitial releaseJuly 1996 27 years ago 1996 07 Latest release7 4 16 October 2023 3 months ago 2023 10 16 Repositorycvsweb wbr openbsd wbr org wbr cgi bin wbr cvsweb wbr Package managerOpenBSD package tools 1 PlatformsAlpha x86 64 ARMv7 ARMv8 64 bit PA RISC IA 32 LANDISK Loongson Omron LUNA 88K MIPS64 macppc PowerPC 64 bit RISC V SPARC64 2 Kernel typeMonolithicUserlandBSDDefaultuser interfaceModified pdksh X11 FVWM LicenseBSD ISC other permissive licenses 3 Official websitewww wbr openbsd wbr orgThe OpenBSD project maintains portable versions of many subsystems as packages for other operating systems Because of the project s preferred BSD license which allows binary redistributions without the source code many components are reused in proprietary and corporate sponsored software projects The firewall code in Apple s macOS is based on OpenBSD s PF firewall code 6 Android s Bionic C standard library is based on OpenBSD code 7 LLVM uses OpenBSD s regular expression library 8 and Windows 10 uses OpenSSH OpenBSD Secure Shell with LibreSSL 9 The word open in the name OpenBSD refers to the availability of the operating system source code on the Internet although the word open in the name OpenSSH means OpenBSD It also refers to the wide range of hardware platforms the system supports 10 OpenBSD supports a variety of system architectures including x86 64 IA 32 ARM PowerPC and 64 bit RISC V Contents 1 History 2 Usage statistics 3 Uses 3 1 Network appliances 3 2 Other operating systems 3 3 Personal computers 3 4 Servers 4 Security 4 1 Security record 4 2 Alleged backdoor 4 3 Criticisms 5 Subprojects 6 Third party components 7 Development 8 Open source and open documentation 9 Licensing 10 Funding 10 1 OpenBSD Foundation 11 Distribution 12 Songs and artwork 13 Releases 14 See also 15 Notes 16 References 17 External linksHistoryIn December 1994 Theo de Raadt a founding member of the NetBSD project was asked to resign from the NetBSD core team over disagreements and conflicts with the other members of the NetBSD team 11 4 In October 1995 De Raadt founded OpenBSD a new project forked from NetBSD 1 0 The initial release OpenBSD 1 2 was made in July 1996 followed by OpenBSD 2 0 in October of the same year 12 Since then the project has issued a release every six months each of which is supported for one year On 25 July 2007 OpenBSD developer Bob Beck announced the formation of the OpenBSD Foundation a Canadian non profit organization formed to act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD 13 Usage statistics nbsp Bar chart showing the proportion of users of each BSD variant from a 2005 BSD usage survey of 4330 users 14 note 1 It is hard to determine how widely OpenBSD is used because the developers do not publish or collect usage statistics In September 2005 the BSD Certification Group surveyed 4330 individual BSD users showing that 32 8 used OpenBSD 14 behind FreeBSD with 77 ahead of NetBSD with 16 3 and DragonFly BSD with 2 6 note 1 However the authors of this survey clarified that it is neither exhaustive nor completely accurate since the survey was spread mainly through mailing lists forums and word of mouth This combined with other factors like the lack of a control group a pre screening process or significant outreach outside of the BSD community makes the survey unreliable for judging BSD usage globally UsesNetwork appliances OpenBSD features a robust TCP IP networking stack and can be used as a router 15 or wireless access point 16 OpenBSD s security enhancements built in cryptography and packet filter make it suitable for security purposes such as firewalls 17 intrusion detection systems and VPN gateways Several proprietary systems are based on OpenBSD including devices from Armorlogic Profense web application firewall Calyptix Security 18 GeNUA 19 RTMX 20 and vantronix 21 Other operating systems Some versions of Microsoft s Services for UNIX an extension to the Windows operating system to provide Unix like functionality use much of the OpenBSD code base that is included in the Interix interoperability suite 22 23 developed by Softway Systems Inc which Microsoft acquired in 1999 24 25 Core Force a security product for Windows is based on OpenBSD s pf firewall 26 The pf firewall is also found in other operating systems including FreeBSD 27 and macOS 28 Personal computers OpenBSD ships with Xenocara 29 an implementation of the X Window System and is suitable as a desktop operating system for personal computers including laptops 30 31 xl As of September 2018 update OpenBSD includes approximately 8000 packages in its software repository 32 including desktop environments such as Lumina GNOME Plasma and Xfce and web browsers such as Firefox and Chromium 33 The project also includes three window managers in the main distribution cwm FVWM part of the default configuration for Xenocara and twm 34 Servers OpenBSD features a full server suite and can be configured as a mail server web server FTP server DNS server router firewall NFS file server or any combination of these Since version 6 8 OpenBSD has also shipped with native in kernel WireGuard support 35 36 SecuritySee also OpenBSD security features nbsp OpenBSD console login and its messagesShortly after OpenBSD was created De Raadt was contacted by a local security software company named Secure Networks later acquired by McAfee 37 38 They were developing a network security auditing tool called Ballista note 2 which was intended to find and exploit software security flaws This coincided with De Raadt s interest in security so the two cooperated leading up to the release of OpenBSD 2 3 39 This collaboration helped to define security as the focus of the OpenBSD project 40 OpenBSD includes numerous features designed to improve security such as Secure alternatives to POSIX functions in the C standard library such as a href Strlcat html class mw redirect title Strlcat strlcat a for a href Strcat html class mw redirect title Strcat strcat a and a href Strlcpy html class mw redirect title Strlcpy strlcpy a for a href Strcpy html class mw redirect title Strcpy strcpy a 41 Toolchain alterations including a static bounds checker 42 Memory protection techniques to guard against invalid accesses such as ProPolice and the W X page protection feature Strong cryptography and randomization 43 System call and filesystem access restrictions to limit process capabilities 44 To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation many programs have been written or adapted to make use of privilege separation privilege revocation and chrooting Privilege separation is a technique pioneered on OpenBSD and inspired by the principle of least privilege where a program is split into two or more parts one of which performs privileged operations and the other almost always the bulk of the code runs without privilege 45 Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them Chrooting involves restricting an application to one section of the file system prohibiting it from accessing areas that contain private or system files Developers have applied these enhancements to OpenBSD versions of many common applications such as tcpdump file tmux smtpd and syslogd 46 OpenBSD developers were instrumental in the creation and development of OpenSSH aka OpenBSD Secure Shell which is developed in the OpenBSD CVS repositories OpenBSD Secure Shell is based on the original SSH 47 It first appeared in OpenBSD 2 6 and is now by far the most popular SSH client and server available on many operating systems 48 The project has a policy of continually auditing source code for problems work that developer Marc Espie has described as never finished more a question of process than of a specific bug being hunted He went on to list several typical steps once a bug is found including examining the entire source tree for the same and similar issues try ing to find out whether the documentation ought to be amended and investigating whether it s possible to augment the compiler to warn against this specific problem 49 Security record The OpenBSD website features a prominent reference to the system s security record Until June 2002 it read Five years without a remote hole in the default install In June 2002 Mark Dowd of Internet Security Systems disclosed a bug in the OpenSSH code implementing challenge response authentication 50 This vulnerability in the OpenBSD default installation allowed an attacker remote access to the root account which was extremely serious not only to OpenBSD but also to the large number of other operating systems that were using OpenSSH by that time 51 This problem necessitated the adjustment of the slogan on the OpenBSD website to One remote hole in the default install in nearly 6 years The quote remained unchanged as time passed until on 13 March 2007 when Alfredo Ortega of Core Security Technologies disclosed a network related remote vulnerability 52 The quote was subsequently changed to Only two remote holes in the default install in a heck of a long time This statement has been criticized because the default install contains few running services and many use cases require additional services 53 Also because the ports tree contains unaudited third party software it is easy for users to compromise security by installing or improperly configuring packages However the project maintains that the slogan is intended to refer to a default install and that it is correct by that measure One of the fundamental ideas behind OpenBSD is a drive for systems to be simple clean and secure by default The default install is quite minimal which the project states is to ensure novice users do not need to become security experts overnight 54 which fits with open source and code auditing practices considered important elements of a security system 55 Additional services are to be enabled manually to make users think of the security implications first Alleged backdoor On 11 December 2010 Gregory Perry a former technical consultant for the Federal Bureau of Investigation FBI emailed De Raadt alleging that the FBI had paid some OpenBSD ex developers 10 years prior to insert backdoors into the OpenBSD Cryptographic Framework De Raadt made the email public on 14 December by forwarding it to the openbsd tech mailing list and suggested an audit of the IPsec codebase 56 57 De Raadt s response was skeptical of the report and he invited all developers to independently review the relevant code In the weeks that followed bugs were fixed but no evidence of backdoors was found 58 De Raadt stated I believe that NetSec was probably contracted to write backdoors as alleged If those were written I don t believe they made it into our tree They might have been deployed as their own product 59 Criticisms In December 2017 Ilja van Sprundel director at IOActive gave a talk at the CCC 60 as well as DEF CON 61 entitled Are all BSDs created equally A survey of BSD kernel vulnerabilities in which he stated that although OpenBSD was the clear winner of the BSDs in terms of security Bugs are still easy to find in those kernels even in OpenBSD Two years later in 2019 a talk named A systematic evaluation of OpenBSD s mitigations was given 62 at the CCC arguing that while OpenBSD has some effective mitigations a significant part of them are useless at best and based on pure luck and superstition arguing for a more rational approach when it comes to designing them 63 SubprojectsMany open source projects started as components of OpenBSD including bioctl a generic RAID management interface similar to ifconfig CARP a free alternative to Cisco s patented HSRP VRRP redundancy protocols cwm a stacking window manager doas a safer replacement for sudo OpenBSD httpd 64 65 an implementation of httpd hw sensors a sensors framework used by over 100 drivers LibreSSL an implementation of the SSL and TLS protocols forked from OpenSSL 1 0 1g 66 OpenBGPD an implementation of BGP 4 67 OpenIKED an implementation of IKEv2 68 OpenNTPD a simpler alternative to ntp org s NTP daemon 69 OpenOSPFD an implementation of OSPF 67 OpenSMTPD an SMTP daemon with IPv4 IPv6 PAM Maildir and virtual domains support 70 OpenSSH an implementation of SSH 71 PF an IPv4 IPv6 stateful firewall with NAT PAT QoS and traffic normalization support pfsync a firewall state synchronization protocol for PF with high availability support using CARP sndio a compact audio and MIDI framework spamd a spam filter with greylisting support designed to inter operate with PF Xenocara a customized X Org build infrastructure 29 Some subsystems have been integrated into other BSD operating systems 72 73 74 and many are available as packages for use in other Unix like systems 75 76 77 Linux administrator Carlos Fenollosa commented on moving from Linux to OpenBSD that the system is faithful to the Unix philosophy of small simple tools that work together well Some base components are not as feature rich on purpose Since 99 of the servers don t need the flexibility of Apache OpenBSD s httpd will work fine be more secure and probably faster 78 He characterized the developer community s attitude to components as When the community decides that some module sucks they develop a new one from scratch OpenBSD has its own NTPd SMTPd and more recently HTTPd They work great 78 As a result OpenBSD is relatively prolific in creating components that become widely reused by other systems OpenBSD runs nearly all of its standard daemons within chroot and privsep security structures by default as part of hardening the base system 78 The Calgary Internet Exchange was formed in 2012 in part to serve the needs of the OpenBSD project 79 In 2017 Isotop 80 a French project aiming to adapt OpenBSD to desktops and laptops using xfce then dwm started to be developed 81 Third party componentsOpenBSD includes a number of third party components many with OpenBSD specific patches 33 such as X Org Clang 82 the default compiler on several architectures GCC 42 note 3 Perl NSD Unbound ncurses GNU binutils GDB and AWK Development nbsp OpenBSD developers at c2k1 hackathon at MIT June 2001 nbsp OpenBSD hackathon s2k17Development is continuous and team management is open and tiered Anyone with appropriate skills may contribute with commit rights being awarded on merit and De Raadt acting as coordinator 31 xxxv Two official releases are made per year with the version number incremented by 0 1 83 and these are each supported for twelve months two release cycles 84 Snapshot releases are also available at frequent intervals Maintenance patches for supported releases may be applied using syspatch manually or by updating the system against the patch branch of the CVS source repository for that release 85 Alternatively a system administrator may opt to upgrade to the next snapshot release using sysupgrade or by using the current branch of the CVS repository in order to gain pre release access to recently added features The sysupgrade tool can also upgrade to the latest stable release version The generic OpenBSD kernel provided by default is strongly recommended for end users in contrast to operating systems that recommend user kernel customization 86 Packages outside the base system are maintained by CVS through a ports tree and are the responsibility of the individual maintainers known as porters As well as keeping the current branch up to date porters are expected to apply appropriate bug fixes and maintenance fixes to branches of their package for OpenBSD s supported releases Ports are generally not subject to the same continuous auditing as the base system due to lack of manpower Binary packages are built centrally from the ports tree for each architecture This process is applied for the current version for each supported release and for each snapshot Administrators are recommended to use the package mechanism rather than build the package from the ports tree unless they need to perform their own source changes OpenBSD s developers regularly meet at special events called hackathons 87 where they sit down and code emphasizing productivity 88 Most new releases include a song 89 Open source and open documentationOpenBSD is known for its high quality documentation 90 91 When OpenBSD was created De Raadt decided that the source code should be available for anyone to read At the time a small team of developers generally had access to a project s source code 92 Chuck Cranor 93 and De Raadt concluded this practice was counter to the open source philosophy and inconvenient to potential contributors Together Cranor and De Raadt set up the first public anonymous revision control system server De Raadt s decision allowed users to take a more active role and established the project s commitment to open access 92 OpenBSD is notable for its continued use of CVS more precisely an unreleased OpenBSD managed fork named OpenCVS when most other projects that used it have migrated to other systems 94 OpenBSD does not include closed source binary drivers in the source tree nor do they include code requiring the signing of non disclosure agreements 95 According to the GNU Project OpenBSD includes small blobs of proprietary object code as device firmware 96 Since OpenBSD is based in Canada no United States export restrictions on cryptography apply allowing the distribution to make full use of modern algorithms for encryption For example the swap space is divided into small sections and each section is encrypted with its own key ensuring that sensitive data does not leak into an insecure part of the system 17 OpenBSD randomizes various behaviors of applications making them less predictable and thus more difficult to attack For example PIDs are created and associated randomly to processes the bind system call uses random port numbers files are created with random inode numbers and IP datagrams have random identifiers 97 This approach also helps expose bugs in the kernel and in user space programs The OpenBSD policy on openness extends to hardware documentation in the slides for a December 2006 presentation De Raadt explained that without it developers often make mistakes writing drivers and pointed out that the oh my god I got it to work rush is harder to achieve and some developers just give up 98 He went on to say that vendor supplied binary drivers are unacceptable for inclusion in OpenBSD that they have no trust of vendor binaries running in our kernel and that there is no way to fix them when they break 98 LicensingSee also Comparison of free and open source software licenses and Free software license OpenBSD maintains a strict license policy 3 preferring the ISC license and other variants of the BSD license The project attempts to maintain the spirit of the original Berkeley Unix copyrights which permitted a relatively un encumbered Unix source distribution 3 The widely used Apache License and GNU General Public License are considered overly restrictive 99 In June 2001 triggered by concerns over Darren Reed s modification of IPFilter s license wording a systematic license audit of the OpenBSD ports and source trees was undertaken 100 Code in more than a hundred files throughout the system was found to be unlicensed ambiguously licensed or in use against the terms of the license To ensure that all licenses were properly adhered to an attempt was made to contact all the relevant copyright holders some pieces of code were removed many were replaced and others such as the multicast routing tools mrinfo and map mbone were relicensed so that OpenBSD could continue to use them 101 102 Also removed during this audit was all software produced by Daniel J Bernstein At the time Bernstein requested that all modified versions of his code be approved by him prior to redistribution a requirement to which OpenBSD developers were unwilling to devote time or effort 103 104 105 Because of licensing concerns the OpenBSD team has reimplemented software from scratch or adopted suitable existing software For example OpenBSD developers created the PF packet filter after unacceptable restrictions were imposed on IPFilter PF first appeared in OpenBSD 3 0 106 and is now available in many other operating systems 107 OpenBSD developers have also replaced GPL licensed tools such as CVS and pkg config with permissively licensed equivalents 108 109 FundingAlthough the operating system and its portable components are used in commercial products De Raadt says that little of the funding for the project comes from the industry traditionally all our funding has come from user donations and users buying our CDs our other products don t really make us much money Obviously that has not been a lot of money 83 For a two year period in the early 2000s the project received funding from DARPA which paid the salaries of 5 people to work completely full time bought about 30k in hardware and paid for 3 hackathons from the POSSE project 83 In 2006 the OpenBSD project experienced financial difficulties 110 The Mozilla Foundation 111 and GoDaddy 112 are among the organizations that helped OpenBSD to survive However De Raadt expressed concern about the asymmetry of funding I think that contributions should have come first from the vendors secondly from the corporate users and thirdly from individual users But the response has been almost entirely the opposite with almost a 15 to 1 dollar ratio in favor of the little people Thanks a lot little people 83 On 14 January 2014 Bob Beck issued a request for funding to cover electrical costs If sustainable funding was not found Beck suggested the OpenBSD project would shut down 113 The project soon received a US 20 000 donation from Mircea Popescu the Romanian creator of the MPEx bitcoin stock exchange paid in bitcoins 114 The project raised US 150 000 115 in response to the appeal enabling it to pay its bills and securing its short term future 114 OpenBSD Foundation OpenBSD FoundationFormationJuly 25 2007 16 years ago 2007 07 25 FounderOpenBSD developersLegal statusNonprofit organizationLocationCanadaWebsitewww wbr openbsdfoundation wbr orgASN22512The OpenBSD Foundation is a Canadian federal non profit organization founded by the OpenBSD project as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD 116 It was announced to the public by OpenBSD developer Bob Beck on 25 July 2007 It also serves as a legal safeguard over other projects which are affiliated with OpenBSD including OpenSSH OpenBGPD OpenNTPD OpenCVS OpenSMTPD and LibreSSL 117 Since 2014 several large contributions to the OpenBSD Foundation have come from corporations such as Microsoft 118 Facebook and Google as well as the Core Infrastructure Initiative 119 In 2015 Microsoft became the foundation s first gold level contributor 120 donating between 25 000 50 000 to support development of OpenSSH which had been integrated into PowerShell in July and later into Windows Server in 2018 121 Other contributors include Google Facebook and DuckDuckGo 122 During the 2016 and 2017 fundraising campaigns Smartisan a Chinese company was the leading financial contributor to the OpenBSD Foundation 123 124 DistributionOpenBSD is freely available in various ways the source can be retrieved by anonymous CVS 125 and binary releases and development snapshots can be downloaded by FTP HTTP and rsync 126 Prepackaged CD ROM sets through version 6 0 can be ordered online for a small fee complete with an assortment of stickers and a copy of the release s theme song These with their artwork and other bonuses have been one of the project s few sources of income funding hardware Internet service and other expenses 127 Beginning with version 6 1 CD ROM sets are no longer released OpenBSD provides a package management system for easy installation and management of programs which are not part of the base operating system 128 Packages are binary files which are extracted managed and removed using the package tools On OpenBSD the source of packages is the ports system a collection of Makefiles and other infrastructure required to create packages In OpenBSD the ports and base operating system are developed and released together for each version this means that the ports or packages released with for example 4 6 are not suitable for use with 4 5 and vice versa 128 Songs and artwork nbsp 3D rendered animated OpenBSD mascot Puffy nbsp OpenBSD 2 3 cover Initially OpenBSD used a haloed version of the BSD daemon mascot drawn by Erick Green who was asked by De Raadt to create the logo for the 2 3 and 2 4 versions of OpenBSD Green planned to create a full daemon including head and body but only the head was completed in time for OpenBSD 2 3 The body as well as pitchfork and tail was completed for OpenBSD 2 4 129 Subsequent releases used variations such as a police daemon by Ty Semaka 130 but eventually settled on a pufferfish named Puffy 131 Since then Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork The promotional material of early OpenBSD releases did not have a cohesive theme or design but later the CD ROMs release songs posters and tee shirts for each release have been produced with a single style and theme sometimes contributed to by Ty Semaka of the Plaid Tongued Devils 89 These have become a part of OpenBSD advocacy with each release expounding a moral or political point important to the project often through parody 132 Themes have included Puff the Barbarian in OpenBSD 3 3 which included an 80s rock song and parody of Conan the Barbarian alluding to open documentation 89 The Wizard of OS in OpenBSD 3 7 related to the project s work on wireless drivers and Hackers of the Lost RAID a parody of Indiana Jones referencing the new RAID tools in OpenBSD 3 8 ReleasesThe following table summarizes the version history of the OpenBSD operating system Legend Old version not maintained Older version still maintained Current stable version Latest preview version Future releaseVersion Release date Supported until Significant changesOld version no longer maintained 1 1 18 October 1995 OpenBSD CVS repository created by Theo de Raadt 133 While the version number used at this stage was 1 1 note 4 OpenBSD 1 1 was not an official OpenBSD release in the sense which this term subsequently came to be used Old version no longer maintained 1 2 1 July 1996 Creation of the intro 9 man page for documenting kernel internals Integration of the update 8 command into the kernel As before while this version number was used in the early development of the OS OpenBSD 1 2 was not an official release in the subsequently applicable sense Old version no longer maintained 2 0 1 October 1996 The first official release of OpenBSD 134 135 and also the point at which XFree86 first recognized OpenBSD as separate from NetBSD Initial integration of the FreeBSD ports system Replacement of gawk with the AT amp T awk Integration of zlib Added sudo Old version no longer maintained 2 1 1 June 1997 Replacement of the older sh with pdksh 136 Old version no longer maintained 2 2 1 December 1997 Addition of the afterboot 8 man page 137 Old version no longer maintained 2 3 19 May 1998 Introduced the haloed daemon or aureola beastie in head only form created by Erick Green 138 Old version no longer maintained 2 4 1 December 1998 Featured the complete haloed daemon with trident and a finished body 139 Old version no longer maintained 2 5 19 May 1999 Introduced the Cop daemon image done by Ty Semaka 140 Old version no longer maintained 2 6 1 December 1999 Based on the original SSH suite and developed further by the OpenBSD team 2 6 saw the first release of OpenSSH which is now available standard on most Unix like operating systems and is the most widely used SSH suite 141 Old version no longer maintained 2 7 15 June 2000 Support for SSH2 added to OpenSSH 142 Old version no longer maintained 2 8 1 December 2000 isakmpd 8 143 Old version no longer maintained 2 9 1 June 2001 Filesystem performance increases from softupdates and dirpref code 144 Old version no longer maintained 3 0 1 December 2001 E Railed OpenBSD Mix 145 a techno track performed by the release mascot Puff Daddy the famed rapper and political icon After license restrictions were imposed on IPFilter the pf packet filter was developed pf is now available in DragonFly BSD NetBSD and FreeBSD Old version no longer maintained 3 1 19 May 2002 Systemagic 146 where Puffy the Kitten Slayer battles evil script kitties Inspired by the works of Rammstein and a parody of Buffy the Vampire Slayer First official remote security hole OpenSSH integer overflow 147 Old version no longer maintained 3 2 1 November 2002 Goldflipper 148 a tale in which James Pond agent 077 super spy and suave lady s man deals with the dangers of a hostile internet Styled after the orchestral introductory ballads of James Bond films Old version no longer maintained 3 3 1 May 2003 Puff the Barbarian 149 born in a tiny bowl Puff was a slave now he hacks through the C searching for the Hammer It is an 80s rock style song and parody of Conan the Barbarian dealing with open documentation In 2003 code from ALTQ which had a license disallowing the sale of derivatives was relicensed integrated into pf and made available in OpenBSD 3 3 First release adding the W X feature a fine grained memory permissions layout ensuring that memory which can be written to by application programs can not be executable at the same time and vice versa Old version no longer maintained 3 4 1 November 2003 The Legend of Puffy Hood where Sir Puffy of Ramsay 150 a freedom fighter who with Little Bob of Beckley took from the rich and gave to all Tells of the POSSE project s cancellation An unusual blend of both hip hop and medieval style music a parody of the tale of Robin Hood intended to express OpenBSD s attitude to free speech i386 platform switched executable format from a out to Executable and Linkable Format The GPL licensed gzip was replaced by retooling the existing compress tool to include its functionality The GPL licensed grep was replaced with FreeGrep an updated BSD licensed grep This new grep is now also available in NetBSD A public domain diff was updated and used to replace the GPL licensed diff previously included Code from the LGPL licensed 151 was relicensed to allow pf to feature passive operating system detection Address space layout randomization ASLR by default 152 Basic sysctl hw sensors API introduced for hardware monitoring 153 Old version no longer maintained 3 5 1 May 2004 CARP License and Redundancy must be free 154 where a fish seeking to license his free redundancy protocol CARP finds trouble with the red tape A parody of the Fish License skit and Eric the Half a Bee Song by Monty Python with an anti software patents message CARP an open alternative to the HSRP and VRRP redundancy systems available from commercial vendors 155 156 GPL licensed parts of the GNU tool set bc 157 dc 158 nm 159 and size 160 were all replaced with BSD licensed equivalents AMD64 platform becomes stable enough for release and is included for the first time as part of a release Old version no longer maintained 3 6 1 November 2004 Pond erosa Puff live was the tale of Pond erosa Puff 161 a no guff freedom fighter from the wild west set to hang a lickin on no good bureaucratic nerds who encumber software with needless words and restrictions The song was styled after the works of Johnny Cash a parody of the Spaghetti Western and Clint Eastwood and inspired by liberal license enforcement OpenNTPD a compatible alternative to the reference NTP daemon was developed within the OpenBSD project The goal of OpenNTPD was not solely a compatible license It also aims to be a simple secure NTP implementation providing acceptable accuracy for most cases without requiring detailed configuration 162 163 Because of its questionable security record and doubts of developers for better future development OpenBSD removed Ethereal from its ports tree prior to its 3 6 release Added support for I2C master slave devices 163 Old version no longer maintained 3 7 19 May 2005 The Wizard of OS 164 where Puffathy a little Alberta girl must work with Taiwan to save the day by getting unencumbered wireless This release was styled after the works of Pink Floyd and a parody of The Wizard of Oz this dealt with wireless hacking 165 Old version no longer maintained 3 8 1 November 2005 1 November 2006 Hackers of the Lost RAID 166 which detailed the exploits of Puffiana Jones famed hackologist and adventurer seeking out the Lost RAID Styled after the radio serials of the 1930s and 40s this was a parody of Indiana Jones and was linked to the new RAID tools featured as part of this release This is the first version released without the telnet daemon which was completely removed from the source tree by Theo de Raadt in May 2005 167 bioctl introduced as a new universal RAID management tool similar to ifconfig 168 Old version no longer maintained 3 9 1 May 2006 1 May 2007 Attack of the Binary BLOB 169 which chronicles the developer s fight against binary blobs and vendor lock in 170 a parody of the 1958 film The Blob and the pop rock music of the era Enhanced OpenBGPD feature set Improved hardware sensors support including a new IPMI subsystem and a new I2C scan subsystem number of drivers using the sensors framework increased to a total of 33 drivers compared to 9 in the prior 3 8 release 6 months ago 153 170 Old version no longer maintained 4 0 1 November 2006 1 November 2007 Humppa Negala 171 a Hava Nagilah parody with a portion of Entrance of the Gladiators and Humppa music fused together with no story behind it simply a homage to one of the OpenBSD developers favorite genres of music 172 Second official remote security hole buffer overflow by malformed ICMPv6 packets 173 Old version no longer maintained 4 1 1 May 2007 1 May 2008 Puffy Baba and the 40 Vendors 174 a parody of the Arabic fable Ali Baba and the Forty Thieves part of the book of One Thousand and One Nights in which Linux developers are mocked over their allowance of non disclosure agreements when developing software while at the same time implying hardware vendors are criminals for not releasing documentation required to make reliable device drivers 175 Redesigned sysctl hw sensors into a two level sensor API 176 177 a total of 46 device drivers exporting sensors through the framework with this release 153 Old version no longer maintained 4 2 1 November 2007 1 November 2008 100001 1010101 178 the Linux kernel developers gets a knock for violating the ISC style license of OpenBSD s open hardware abstraction layer for Atheros wireless cards Usability of sensorsd improved allowing zero configuration monitoring of smart sensors from the hw sensors framework e g IPMI or bio 4 based and easier configuration for monitoring of non smart sensors 179 Old version no longer maintained 4 3 1 May 2008 1 May 2009 Home to Hypocrisy 180 181 Old version no longer maintained 4 4 1 November 2008 18 October 2009 Trial of the BSD Knights 182 summarizes the history of BSD including the USL v BSDi lawsuit The song was styled after the works of Star Wars sparc64 port now supports many recent processors Sun UltraSPARC IV T1 and T2 Fujitsu SPARC64 V VI and VII New System on a Chip PowerPC port for Freescale devices malloc 3 randomization guard pages and randomized delayed free 183 152 184 The hw sensors framework is used by 68 device drivers after 7 new drivers were added as of this release 184 Old version no longer maintained 4 5 1 May 2009 19 May 2010 Games It was styled after the works of Tron 185 The hw sensors framework is used by 72 device drivers 186 187 Old version no longer maintained 4 6 18 October 2009 1 November 2010 Planet of the Users 188 In the style of Planet of the Apes Puffy travels in time to find a dumbed down dystopia where one very rich man runs the earth with one multinational Open source software has since been replaced by one button computers one channel televisions and closed source software which after you purchase it becomes obsolete before you have a chance to use it People subsist on soylent green The theme song is performed in the reggae rock style of The Police smtpd 8 privilege separated SMTP server tmux 1 terminal multiplexer The hw sensors framework is used by 75 device drivers 187 Old version no longer maintained 4 7 19 May 2010 1 May 2011 I m Still Here 189 Old version no longer maintained 4 8 1 November 2010 1 November 2011 El Puffiachi 190 191 iked 8 IKEv2 daemon ldapd 8 LDAP daemonOld version no longer maintained 4 9 1 May 2011 1 May 2012 The Answer 192 rc d 8 daemon controlOld version no longer maintained 5 0 1 November 2011 1 November 2012 What Me Worry 193 Old version no longer maintained 5 1 1 May 2012 1 May 2014 Bug Busters The song was styled after the works of Ghostbusters 194 Old version no longer maintained 5 2 1 November 2012 1 November 2013 Aquarela do Linux 195 nginx 8 HTTP server SSLv2 disabledOld version no longer maintained 5 3 1 May 2013 1 May 2014 Blade Swimmer The song was styled after the works of Roy Lee a parody of Blade Runner 196 Position independent executables PIE by default for seven hardware platforms 152 Old version no longer maintained 5 4 1 November 2013 1 November 2014 Our favorite hacks a parody of My Favorite Things 197 Old version no longer maintained 5 5 1 May 2014 1 May 2015 Wrap in Time 198 signify 1 cryptographic signatures of release and packages 64bit time t on all platforms Y2K38 ready Old version no longer maintained 5 6 1 November 2014 18 October 2015 Ride of the Valkyries 199 LibreSSL fork of OpenSSL Apache HTTPD removed from baseOld version no longer maintained 5 7 1 May 2015 29 March 2016 Source Fish 200 rcctl 8 utility to control daemons nginx 8 removed from base procfs has been removedOld version no longer maintained 5 8 18 October 2015 1 September 2016 20 years ago today Fanza So much better A Year in the Life 201 20th anniversary release 202 doas 1 replacement of sudoOld version no longer maintained 5 9 29 March 2016 11 April 2017 Doctor W X Systemagic Anniversary Edition 203 W X enforced in i386 kernel pledge 2 process restrictionOld version no longer maintained 6 0 1 September 2016 9 October 2017 Another Smash of the Stack Black Hat Money Comfortably Dumb the misc song Mother Goodbye and Wish you were Secure Release songs parodies of Pink Floyd s The Wall Comfortably Numb and Wish You Were Here 204 vmm 4 virtualization disabled by default Removed vax 205 and 32 bit SPARC 206 supportOld version no longer maintained 6 1 11 April 2017 15 April 2018 Winter of 95 a parody of Summer of 69 207 syspatch 8 utility for binary base system updates new arm64 platformOld version no longer maintained 6 2 9 October 2017 18 October 2018 A three line diff 208 inteldrm 4 Skylake Kaby Lake Cherryview devices clang 1 base system compiler on i386 and amd64 platformsOld version no longer maintained 6 3 2 April 2018 3 May 2019 SMP is supported on arm64 platforms Several parts of the network stack now run without KERNEL LOCK Multiple security improvements have been made including Meltdown Spectre variant 2 mitigations Intel CPU microcode is loaded on boot on amd64 pledge has been modified to support execpromises as the second argument Old version no longer maintained 6 4 18 October 2018 17 October 2019 unveil 2 filesystem visibility restriction 209 Old version no longer maintained 6 5 24 April 2019 19 May 2020 Support for parsing NMEA 0183 altitude and ground speed hw sensors Xenocara Xorg X Window Server is no longer setuid Old version no longer maintained 6 6 17 October 2019 18 October 2020 sysupgrade 8 automates upgrades to new releases or snapshots 210 amdgpu 4 AMD RADEON GPU video driver Old version no longer maintained 6 7 19 May 2020 1 May 2021 Made ffs2 the default filesystem type on installs except for landisk luna88k and sgi 211 Old version no longer maintained 6 8 18 October 2020 14 October 2021 25th anniversary release New powerpc64 platform 212 Old version no longer maintained 6 9 1 May 2021 21 April 2022 note 5 50th release 214 Old version no longer maintained 7 0 14 October 2021 20 October 2022 note 5 51st release 215 New riscv64 platform 215 Old version no longer maintained 7 1 21 April 2022 10 April 2023 note 5 52nd release 216 loongson support was temporarily discontinued for this release 217 Old version no longer maintained 7 2 20 October 2022 16 October 2023 note 5 53rd release 218 Older version yet still maintained 7 3 10 April 2023 May 2024 note 5 54th release 219 Immutable permissions on address space regions xonly support on many architectures Support for full disk encryption in the installer via softraid driver Current stable version 7 4 16 October 2023 November 2024 note 5 55th release 220 See also nbsp Free and open source software portalComparison of BSD operating systems Comparison of open source operating systems KAME project responsible for OpenBSD s IPv6 support Lumina desktop environment OpenBSD Journal OpenBSD security features Security focused operating system Unix securityNotes a b Multiple selections were permitted as users may use multiple BSD variants side by side Later renamed to Cybercop Scanner after SNI was purchased by Network Associates As of OpenBSD 6 3 update either Clang 5 0 1 GCC 4 2 1 or GCC 3 3 6 is shipped depending on the platform 82 42 Compare release history of NetBSD which OpenBSD branched from a b c d e f OpenBSD is released roughly every 6 months targeting May and November and only the latest two releases receive security and reliability fixes for the base system 213 References Package Management OpenBSD Frequently Asked Questions Retrieved 1 June 2016 Platforms OpenBSD Retrieved 3 September 2016 a b c Copyright Policy OpenBSD Retrieved 13 December 2011 a b de Raadt Theo 29 March 2009 Archive of the mail conversation leading to Theo de Raadt s departure Retrieved 15 January 2010 OpenBSD Project 19 May 2020 OpenBSD OpenBSD org Retrieved 12 October 2020 Murus App Apple PF for macOS from OpenBSD Android s C Library Has 173 Files of Unchanged OpenBSD Code Retrieved 8 October 2018 LLVM Release License Retrieved 8 October 2018 OpenSSH for Windows Retrieved 8 October 2018 Grimes Roger A 29 December 2006 New year s resolution No 1 Get OpenBSD InfoWorld Glass Adam 23 December 1994 Theo De Raadt netbsd users Mailing list De Raadt Theo 18 October 1996 The OpenBSD 2 0 release openbsd announce Mailing list Announcing The OpenBSD Foundation OpenBSD Journal 26 July 2007 a b BSD Usage Survey PDF Report The BSD Certification Group 31 October 2005 p 9 Retrieved 16 September 2012 OpenBSD PF Building a Router Retrieved 8 August 2019 Building an OpenBSD wireless access point Retrieved 8 August 2019 a b McIntire Tim 8 August 2006 Take a closer look at OpenBSD Developerworks IBM Retrieved 13 December 2011 AccessEnforcer Model AE800 Calyptix Security Archived from the original on 2 December 2020 Retrieved 28 May 2016 High Resistance Firewall genugate GeNUA Archived from the original on 19 September 2020 Retrieved 29 May 2016 RTMX O S IEEE Real Time POSIX Operating Systems RTMX Retrieved 13 December 2011 RTMX O S is a product extension to OpenBSD Unix like operating system with emphasis on embedded dedicated applications vantronix secure system Compumatica secure networks Archived from the original on 1 January 2012 Retrieved 13 December 2011 The Next Generation Firewall is not a standalone device it is a Router for operation in security critical environments with high requirements for availability comprehensive support as well as reliable and trusted systems powered by OpenBSD Dohnert Roberto J 21 January 2004 Review of Windows Services for UNIX 3 5 OSNews David Adams archived from the original on 11 February 2008 Reiter Brian 26 January 2010 WONTFIX select 2 in SUA 5 2 ignores timeout brianreiter org Microsoft Acquires Softway Systems To Strengthen Future Customer Interoperability Solutions Microsoft News Center Microsoft 17 September 1999 Milltech Consulting Inc 2019 Archived from the original on 18 September 2020 Retrieved 23 June 2020 Core Force Core Labs archived from the original on 28 November 2011 retrieved 13 December 2011 CORE FORCE provides inbound and outbound stateful packet filtering for TCP IP protocols using a Windows port of OpenBSD s PF firewall granular file system and registry access control and programs integrity validation Chapter 31 Firewalls The FreeBSD Project Retrieved 3 December 2021 pf c opensource apple com Retrieved 3 December 2021 a b About Xenocara Xenocara Retrieved 13 December 2011 Tzanidakis Manolis 21 April 2006 Using OpenBSD on the desktop Linux com Archived from the original on 5 May 2012 Retrieved 9 March 2012 a b Lucas Michael W April 2013 Absolute OpenBSD Unix for the Practical Paranoid 2nd ed San Francisco California No Starch Press ISBN 978 1 59327 476 4 OpenPorts se Statistics OpenPorts se Archived from the original on 28 September 2020 Retrieved 8 February 2018 a b OpenBSD 6 0 OpenBSD Retrieved 1 November 2016 The X Windows System OpenBSD Frequently Asked Questions Retrieved 22 May 2016 OpenBSD ships with the cwm 1 fvwm 1 and twm 1 window managers OpenBSD 6 8 www openbsd org Retrieved 3 December 2021 WireGuard imported into OpenBSD undeadly org Retrieved 3 December 2021 Varghese Sam 8 October 2004 Staying on the cutting edge The Age Retrieved 13 December 2011 Laird Cameron Staplin George Peter 17 July 2003 The Essence of OpenBSD ONLamp Archived from the original on 22 October 2017 Retrieved 13 December 2011 De Raadt Theo 19 December 2005 2 3 release announcement openbsd misc Mailing list Without SNI s support at the right time this release probably would not have happened Wayner Peter 13 July 2000 18 3 Flames Fights and the Birth of OpenBSD Free For All How Linux and the Free Software Movement Undercut the High Tech Titans 1st ed HarperBusiness ISBN 978 0 06 662050 3 Archived from the original on 22 January 2012 Retrieved 13 December 2011 Miller Todd C De Raadt Theo 6 June 1999 strlcpy and strlcat Consistent Safe String Copy and Concatenation USENIX Annual Technical Conference Monterey California Retrieved 13 December 2011 a b c gcc local local modifications to gcc OpenBSD manual pages Retrieved 1 November 2016 De Raadt Theo Hallqvist Niklas Grabowski Artur Keromytis Angelos D Provos Niels 6 June 1999 Cryptography in OpenBSD An Overview USENIX Annual Technical Conference Monterey California Retrieved 27 May 2016 Pledge A New Mitigation Mechanism Retrieved 8 October 2018 Provos Niels 9 August 2003 Privilege Separated OpenSSH Archived from the original on 2 January 2012 Retrieved 13 December 2011 Innovations OpenBSD Retrieved 18 May 2016 Privilege separation The concept is now used in many OpenBSD programs for example etc Project History and Credits OpenSSH Retrieved 13 December 2011 SSH usage profiling OpenSSH Retrieved 13 December 2011 Biancuzzi Federico 18 March 2004 An Interview with OpenBSD s Marc Espie ONLamp Archived from the original on 4 May 2018 Retrieved 13 December 2011 OpenSSH Remote Challenge Vulnerability Internet Security Systems 26 June 2002 Archived from the original on 8 September 2012 Retrieved 17 December 2005 A partial list of affected operating systems Archived from the original on 6 January 2012 OpenBSD s IPv6 mbufs remote kernel buffer overflow Core Security Technologies 13 March 2007 Brindle Joshua 30 March 2008 Secure doesn t mean anything Security Blog retrieved 13 December 2011 Security OpenBSD Retrieved 13 December 2011 Secure by Default Wheeler David A 3 March 2003 2 4 Is Open Source Good for Security Secure Programming for Linux and Unix HOWTO Retrieved 13 December 2011 De Raadt Theo 14 December 2010 Allegations regarding OpenBSD IPSEC openbsd tech Mailing list Retrieved 28 May 2016 Holwerda Thom 14 December 2010 FBI Added Secret Backdoors to OpenBSD IPSEC OSNews Retrieved 13 December 2011 Ryan Paul 23 December 2010 OpenBSD code audit uncovers bugs but no evidence of backdoor Ars Technica Retrieved 9 January 2011 Schwartz Mathew J 22 December 2010 OpenBSD Founder Believes FBI Built IPsec Backdoor InformationWeek DARKreading Archived from the original on 11 July 2017 Van Sprundel Ilja December 2017 Are all BSDs created equally A survey of BSD kernel vulnerabilities Van Sprundel Ilja July 2017 Are all BSDs created equally A survey of BSD kernel vulnerabilities PDF Lecture A systematic evaluation of OpenBSD s mitigations December 2019 Is OpenBSD secure 29 December 2019 src usr sbin httpd OpenBSD CVSWeb web obhttpd OpenBSD http server Freshports LibreSSL Retrieved 8 August 2019 a b OpenBGPD Retrieved 8 August 2019 OpenIKED Archived from the original on 14 May 2017 Retrieved 8 August 2019 OpenNTPD Retrieved 8 August 2019 OpenSMTPD Retrieved 8 August 2019 OpenSSH Retrieved 8 August 2019 Contents of stable 10 crypto openssh README svnweb freebsd org Retrieved 19 May 2016 This is the port of OpenBSD s excellent OpenSSH to Linux and other Unices src crypto external bsd openssh dist README view 1 4 NetBSD CVS Repositories Retrieved 19 May 2016 dragonfly git blob crypto openssh README gitweb dragonflybsd org Retrieved 19 May 2016 This is the port of OpenBSD s excellent OpenSSH to Linux and other Unices Arch Linux openssh 7 2p2 1 x86 64 Arch Linux Retrieved 17 May 2016 openssh OpenSUSE Retrieved 17 May 2016 Debian Details of package openssh client in jessie Debian Retrieved 17 May 2016 a b c OpenBSD from a veteran Linux user perspective De Raadt Theo 18 June 2013 An Internet Exchange for Calgary PDF Retrieved 9 October 2018 permanent dead link 3hg isotop index www 3hg fr Retrieved 6 May 2022 pavroo Isotop ArchiveOS Retrieved 6 May 2022 a b clang local OpenBSD specific behavior of LLVM clang OpenBSD manual pages Retrieved 2 February 2018 a b c d Andrews Jeremy 2 May 2006 Interview Theo de Raadt KernelTrap Archived from the original on 24 April 2013 OpenBSD s flavors OpenBSD Frequently Asked Questions Retrieved 22 May 2016 Applying patches in OpenBSD OpenBSD Frequently Asked Questions Retrieved 15 May 2016 Migrating to OpenBSD OpenBSD Frequently Asked Questions Retrieved 4 January 2017 Hackathons OpenBSD Retrieved 18 May 2016 Interview Theo de Raadt of OpenBSD NewsForge 28 March 2006 Retrieved 31 March 2016 a b c Release Songs OpenBSD Retrieved 22 May 2016 Chisnall David 20 January 2006 BSD The Other Free UNIX Family InformIT Archived from the original on 4 April 2014 Smith Jesse 18 November 2013 OpenBSD 5 4 Puffy on the Desktop Archived from the original on 29 April 2014 a b Cranor Chuck D De Raadt Theo 6 June 1999 Opening the Source Repository with Anonymous CVS USENIX Annual Technical Conference Monterey California Retrieved 13 December 2011 Cranor Chuck D Chuck Cranor s Home Page Retrieved 13 December 2011 I also hosted and helped create the first Anonymous CVS server on the Internet the original anoncvs openbsd org Fresh Andrew Why OpenBSD Developers Use CVS Retrieved 30 August 2021 Project Goals OpenBSD Retrieved 18 May 2016 Integrate good code from any source with acceptable licenses NDAs are never acceptable Explaining Why We Don t Endorse Other Systems 10 December 2023 Archived from the original on 23 November 2023 Retrieved 10 December 2023 De Raadt Theo Hallqvist Niklas Grabowski Artur Keromytis Angelos D Provos Niels 6 June 1999 Randomness Used Inside the Kernel Cryptography in OpenBSD An Overview USENIX Annual Technical Conference Monterey California Retrieved 1 February 2014 a b De Raadt Theo 5 December 2006 Presentation at OpenCON OpenBSD Retrieved 13 December 2011 Matzan Jem 15 June 2005 BSD cognoscenti on Linux NewsForge Linux com Retrieved 28 May 2016 Gasperson Tina 6 June 2001 OpenBSD and ipfilter still fighting over license disagreement Linux com Archived from the original on 26 June 2008 src usr sbin mrinfo mrinfo c view 1 7 cvsweb openbsd org 31 July 2001 Retrieved 24 May 2016 New license from Xerox This code is now FREE Took a while and a lot of mails but it is worth it src usr sbin map mbone mapper c view 1 5 cvsweb openbsd org 31 July 2001 Retrieved 24 May 2016 New license from Xerox This code is now FREE Took a while and a lot of mails but it is worth it De Raadt Theo 24 August 2001 Re Why were all DJB s ports removed No more qmail openbsd misc Mailing list Archived from the original on 19 April 2016 Bernstein Daniel J 27 August 2001 Re Why were all DJB s ports removed No more qmail openbsd misc Mailing list Archived from the original on 4 February 2012 Espie Marc 28 August 2001 Re Why were all DJB s ports removed No more qmail openbsd misc Mailing list Archived from the original on 19 April 2016 Hartmeier Daniel 10 June 2002 Design and Performance of the OpenBSD Stateful Packet Filter pf USENIX Annual Technical Conference Monterey California Retrieved 13 December 2011 The OpenBSD PF Packet Filter Book PF for NetBSD FreeBSD DragonFly and OpenBSD Reed Media Services 2006 ISBN 0 9790342 0 5 Retrieved 19 May 2016 New BSD licensed CVS replacement for OpenBSD 6 December 2004 Retrieved 9 October 2018 pkg config 1 Retrieved 9 October 2018 OpenBSD Project in Financial Danger Slashdot 21 March 2006 Retrieved 12 December 2014 Mozilla Foundation Donates 10K to OpenSSH Slashdot 4 April 2006 Retrieved 12 December 2014 GoDaddy com Donates 10K to Open Source Development Project The Hosting News 19 April 2006 Archived from the original on 11 November 2006 Beck Bob 14 January 2014 Request for Funding our Electricity openbsd misc Mailing list Retrieved 17 May 2016 a b Bright Peter 20 January 2014 OpenBSD rescued from unpowered oblivion by 20K bitcoin donation Ars Technica Retrieved 20 January 2014 The OpenBSD Foundation 2014 Fundraising Campaign OpenBSD Foundation Retrieved 24 May 2014 Announcing The OpenBSD Foundation OpenBSD Journal 26 July 2007 Retrieved 8 May 2014 Brodkin Jon 22 April 2014 OpenSSL code beyond repair claims creator of LibreSSL fork Ars Technica Retrieved 18 August 2021 McAllister Neil 8 July 2015 Microsoft rains cash on OpenBSD Foundation becomes top 2015 donor The Register Retrieved 27 May 2016 Contributors OpenBSD Foundation Retrieved 27 May 2016 Vaughan Nichols Steven J Microsoft becomes OpenBSD s first gold contributor ZDNet Retrieved 18 August 2021 Mackie Kurt 12 November 2018 Microsoft Now Supports OpenSSH in Windows Server 2019 Redmondmag com Redmondmag Retrieved 18 August 2021 a href Template Cite web html title Template Cite web cite web a CS1 maint numeric names authors list link Donate to the OpenBSD Foundation www openbsdfoundation org Retrieved 18 August 2021 OpenBSD Donors Smartisan Makes Another Iridium Donation to the OpenBSD Foundation OpenBSD Journal Anonymous CVS OpenBSD Retrieved 13 December 2011 Mirrors OpenBSD Retrieved 22 May 2016 Orders OpenBSD Archived from the original on 19 December 2011 Retrieved 20 May 2016 a b Packages and Ports OpenBSD Frequently Asked Questions Retrieved 22 May 2016 OpenBSD mckusick com Retrieved 12 December 2014 De Raadt Theo 19 May 1999 OpenBSD 2 5 Release Announcement openbsd announce Mailing list Archived from the original on 2 February 2014 OpenBSD 2 5 introduces the new Cop daemon image done by cartoonist Ty Semeka OpenBSD 2 7 OpenBSD Retrieved 22 May 2016 Matzan Jem 1 December 2006 OpenBSD 4 0 review Software in Review Archived from the original on 11 January 2012 Retrieved 13 December 2011 Each OpenBSD release has a graphical theme and a song that goes with it The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light Undeadly Retrieved 9 October 2018 Changes Archived from the original on 18 October 1997 OpenBSD 2 0 Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 OpenBSD 2 8 Changelog Retrieved 10 August 2021 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Errata Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 p0f Retrieved 9 October 2018 permanent dead link a b c OpenBSD Innovations The OpenBSD project Retrieved 12 September 2016 a b c Constantine A Murenin Raouf Boutaba 17 March 2009 6 Evolution of the framework OpenBSD Hardware Sensors Framework PDF AsiaBSDCon 2009 Proceedings 12 15 March 2009 Tokyo University of Science Tokyo Japan published 14 March 2009 Archived PDF from the original on 20 June 2010 Retrieved 4 March 2019 Alt URL Release Notes Retrieved 9 October 2018 Federico Biancuzzi 15 April 2004 OpenBSD PF Developer Interview ONLamp O Reilly Media Archived from the original on 8 May 2004 Retrieved 20 March 2019 Federico Biancuzzi 6 May 2004 OpenBSD PF Developer Interview Part 2 ONLamp O Reilly Media Archived from the original on 19 June 2004 Retrieved 20 March 2019 bc 1 Retrieved 9 October 2018 dc 1 Retrieved 9 October 2018 nm 1 Retrieved 9 October 2018 size 1 Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 a b Federico Biancuzzi 28 October 2004 OpenBSD 3 6 Live ONLamp O Reilly Media Archived from the original on 29 October 2004 Retrieved 20 March 2019 Release Notes Retrieved 9 October 2018 Federico Biancuzzi 19 May 2005 OpenBSD 3 7 The Wizard of OS ONLamp O Reilly Media Archived from the original on 21 May 2005 Retrieved 20 March 2019 Release Notes Retrieved 9 October 2018 de Raadt Theo CVS cvs openbsd org src OpenBSD CVS mailing list Removed files libexec telnetd Federico Biancuzzi 20 October 2005 OpenBSD 3 8 Hackers of the Lost RAID ONLamp O Reilly Media Archived from the original on 27 December 2005 Retrieved 20 March 2019 Release Notes Retrieved 9 October 2018 a b Federico Biancuzzi 27 April 2006 OpenBSD 3 9 Blob Busters Interviewed ONLamp O Reilly Media Archived from the original on 12 May 2006 Retrieved 19 March 2019 Release Notes Retrieved 9 October 2018 Federico Biancuzzi 26 October 2006 OpenBSD 4 0 Pufferix s Adventures ONLamp O Reilly Media Archived from the original on 10 March 2007 Retrieved 19 March 2019 Errata Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Federico Biancuzzi 3 May 2007 OpenBSD 4 1 Puffy Strikes Again ONLamp O Reilly Media Archived from the original on 18 May 2008 Retrieved 19 March 2019 Constantine A Murenin 30 December 2006 Marco Peereboom ed New two level sensor API OpenBSD Journal Retrieved 4 March 2019 Constantine A Murenin 17 April 2007 4 3 What we have proposed and implemented Generalised Interfacing with Microprocessor System Hardware Monitors Proceedings of 2007 IEEE International Conference on Networking Sensing and Control 15 17 April 2007 London United Kingdom IEEE pp 901 906 doi 10 1109 ICNSC 2007 372901 ISBN 978 1 4244 1076 7 IEEE ICNSC 2007 pp 901 906 Release Notes Retrieved 9 October 2018 Federico Biancuzzi 1 November 2007 Puffy s Marathon What s New in OpenBSD 4 2 ONLamp O Reilly Media Archived from the original on 13 October 2011 Retrieved 3 March 2019 Puffy s Marathon What s New in OpenBSD 4 2 ONLamp com OpenBSD Journal Release Notes Retrieved 9 October 2018 Federico Biancuzzi 29 April 2008 Puffy and the Cryptonauts What s New in OpenBSD 4 3 ONLamp O Reilly Media Archived from the original on 6 May 2008 Retrieved 20 March 2019 Release Notes Retrieved 9 October 2018 Kurt Miller 2008 OpenBSD s Position Independent Executable PIE Implementation Archived from the original on 12 June 2011 Retrieved 22 July 2011 a b Federico Biancuzzi 3 November 2008 Source Wars Return of the Puffy What s New in OpenBSD 4 4 O Reilly Media Archived from the original on 24 May 2012 Retrieved 3 March 2019 Release Notes Retrieved 9 October 2018 Federico Biancuzzi 15 June 2009 PuffyTron recommends OpenBSD 4 5 O Reilly Media Archived from the original on 19 June 2009 Retrieved 19 March 2019 a b Constantine A Murenin 21 May 2010 6 2 Evolution of drivers Chart VII Number of drivers using the sensors framework from OpenBSD 3 4 to 4 6 OpenBSD Hardware Sensors Environmental Monitoring and Fan Control MMath thesis University of Waterloo UWSpace hdl 10012 5234 Document ID ab71498b6b1a60ff817b29d56997a418 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 MARC Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 MARC Retrieved 9 October 2018 Release Notes Retrieved 9 October 2018 OpenBSD 6 0 ISBN 978 0 9881561 8 0 Retrieved 24 July 2016 a href Template Cite book html title Template Cite book cite book a website ignored help OpenBSD vax OpenBSD Retrieved 2 September 2016 OpenBSD sparc OpenBSD Retrieved 2 September 2016 OpenBSD 6 1 OpenBSD Retrieved 11 April 2017 OpenBSD 6 2 OpenBSD unveil 2 OpenBSD Retrieved 19 October 2018 OpenBSD 6 6 OpenBSD Retrieved 17 January 2020 OpenBSD 6 7 OpenBSD Retrieved 21 May 2020 OpenBSD 6 8 OpenBSD Retrieved 18 October 2020 OpenBSD FAQ OpenBSD Retrieved 5 May 2021 OpenBSD 6 9 OpenBSD Retrieved 2 May 2021 a b OpenBSD 7 0 OpenBSD Retrieved 15 October 2021 OpenBSD 7 1 OpenBSD Retrieved 21 April 2022 OpenBSD loongson Archived from the original on 22 August 2022 OpenBSD 7 2 OpenBSD Retrieved 20 October 2022 OpenBSD 7 3 OpenBSD Retrieved 10 April 2023 OpenBSD 7 4 OpenBSD Retrieved 16 October 2023 External linksOfficial website nbsp GitHub mirror OpenBSD manual pages OpenBSD ports amp packages latest OpenBSD source code search Retrieved from https en wikipedia org w index php title OpenBSD amp oldid 1200663657, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.