OpenBSD: Difference between revisions
Tags: Mobile edit Mobile web edit |
|||
Line 1: | Line 1: | ||
{{Short description|Operating system}} |
|||
{{featured article}} |
|||
{{Distinguish|FreeBSD}} |
|||
{{Infobox OS| |
|||
{{Use dmy dates|date=October 2021}} |
|||
|name = OpenBSD |
|||
{{Use American English|date=June 2016}} |
|||
|screenshot = [[Image:Openbsd.png|200px|OpenBSD Logo with [[Puffy (mascot)|Puffy]], the [[pufferfish]].]] |
|||
{{Infobox OS |
|||
|caption = "Free, Functional & Secure" |
|||
| |
| name = OpenBSD |
||
| logo = OpenBSD Logo - Cartoon Puffy with textual logo below.svg |
|||
|developer = The OpenBSD Project |
|||
| logo caption = ''Free, Functional, and Secure'' |
|||
|family = [[Berkeley Software Distribution|BSD]] |
|||
| logo size = 200px |
|||
|source_model = [[Open source]] |
|||
| logo alt = Puffy, the pufferfish mascot of OpenBSD posing in the official logo. |
|||
|latest_release_version = 3.9 |
|||
| screenshot = OpenBSD 7.0 fvwm screenshot.png |
|||
|latest_release_date = May 1, 2006 |
|||
| caption = OpenBSD 7.0 default desktop with various utilities: [[Top (software)|top]], [[xterm]], [[xcalc]], and [[glxgears]] |
|||
|kernel_type = [[Monolithic kernel|Monolithic]] |
|||
| collapsible = |
|||
|ui = modified [[korn shell|pdksh]], [[FVWM]] for [[X Window System|X11]] |
|||
| developer = [[Theo de Raadt]] et al. |
|||
|licence = Mostly [[BSD license|BSD]] |
|||
| family = [[Unix-like]] ([[Berkeley Software Distribution|BSD]]) |
|||
|working_state = Current |
|||
| working state = Current |
|||
|supported_platforms = [[AMD64]], [[DEC Alpha|Alpha]], [[i386]], [[MIPS architecture|MIPS]], [[Motorola 68000|68000]], [[PowerPC]], [[Sparc]], [[Sparc64]], [[VAX]], [[Sharp Zaurus|Zaurus]] and others<ref>[http://www.openbsd.org/plat.html List of supported platforms on the OpenBSD website.]</ref> |
|||
| source model = [[Free software]] |
|||
|updatemodel = |
|||
| released = {{Start date and age|df=yes|1996|07}} |
|||
|package_manager = OpenBSD package tools and [[ports collection]] |
|||
| programmed in = [[C (programming language)|C]], [[assembly language|assembly]], [[Perl]], [[Unix shell]] |
|||
|website = [http://www.openbsd.org www.openbsd.org] |
|||
| package manager = OpenBSD package tools<ref name="faq15-pkgs" /> |
|||
}}{{Prerequisites header}} |
|||
| supported platforms = [[DEC Alpha|Alpha]], [[x86-64]], [[ARMv7]], [[ARMv8|ARMv8 (64-bit)]], [[PA-RISC]], [[IA-32]], [[:ja:LANDISK|LANDISK]], [[Loongson]], [[LUNA|Omron LUNA-88K]], [[MIPS architecture|MIPS64]], macppc, [[PowerPC]], 64-bit [[RISC-V]], [[SPARC|SPARC64]]<ref name="plat" /> |
|||
! [[Computer]] and [[operating system]] |
|||
| kernel type = [[Monolithic kernel|Monolithic]] |
|||
| userland = [[BSD]] |
|||
| ui = Modified [[KornShell|pdksh]], [[X Window System|X11]] ([[FVWM]]) |
|||
| license = [[BSD licenses|BSD]], [[ISC license|ISC]], other [[permissive software license|permissive licenses]]<ref name="policy"/> |
|||
}} |
|||
'''OpenBSD''' is a [[security-focused operating system|security-focused]], [[free software]], [[Unix-like]] [[operating system]] based on the [[Berkeley Software Distribution]] (BSD). [[Theo de Raadt]] created OpenBSD in 1995 by [[fork (software development)|forking]] [[NetBSD]] 1.0.<ref name="coremail" /> The OpenBSD project emphasizes [[software portability|portability]], [[software standard|standardization]], [[software bug|correctness]], proactive [[computer security|security]], and integrated [[cryptography]].<ref>{{cite web|url=https://www.openbsd.org/|title=OpenBSD|author=OpenBSD Project|date=19 May 2020|website=OpenBSD.org|access-date=12 October 2020}}</ref> |
|||
The OpenBSD project maintains portable versions of many subsystems as [[package manager|packages]] for other operating systems. Because of the project's preferred BSD license, which allows binary redistributions without the source code, many components are reused in proprietary and corporate-sponsored software projects. The [[firewall (computing)|firewall]] code in [[Apple Inc.|Apple]]'s [[macOS]] is based on OpenBSD's [[PF (firewall)|PF]] firewall code,<ref>{{cite web|title=Murus App, Apple PF for macOS from OpenBSD|url=https://murusfirewall.com/murus/}}</ref> [[Android (operating system)|Android]]'s [[Bionic (software)|Bionic]] [[C standard library]] is based on OpenBSD code,<ref>{{cite web|title=Android's C Library Has 173 Files of Unchanged OpenBSD Code|url=http://undeadly.org/cgi?action=article&sid=20140506132000|access-date=8 October 2018}}</ref> [[LLVM]] uses OpenBSD's [[regular expression]] library,<ref>{{cite web|title=LLVM Release License|url=http://releases.llvm.org/7.0.0/LICENSE.TXT|access-date=8 October 2018}}</ref> and [[Windows 10]] uses [[OpenSSH]] (OpenBSD Secure Shell) with [[LibreSSL]].<ref>{{cite web|title=OpenSSH for Windows|url=https://twitter.com/nocentino/status/996843655112613888|access-date=8 October 2018}}</ref> |
|||
The word "open" in the name OpenBSD refers to the availability of the operating system [[source code]] on the [[Internet]], although the word "open" in the name OpenSSH means "OpenBSD". It also refers to the wide range of [[computer architecture|hardware platforms]] the system supports.<ref name="infoworld_new_years_resolution" /> OpenBSD supports a variety of system architectures including [[x86-64]], [[IA-32]], [[ARM architecture family|ARM]], [[PowerPC]], and 64-bit [[RISC-V]]. |
|||
== History == |
|||
In December 1994, [[Theo de Raadt]], a founding member of the [[NetBSD]] project, was asked to resign from the NetBSD core team over disagreements and conflicts with the other members of the NetBSD team.<ref name="glass"/><ref name="coremail">{{cite web|url=http://www.theos.com/deraadt/coremail.html|first=Theo|last=de Raadt|author-link=Theo de Raadt|title=Archive of the mail conversation leading to Theo de Raadt's departure|date=29 March 2009|access-date=15 January 2010}}</ref> In October 1995, De Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed by OpenBSD 2.0 in October of the same year.<ref name="2.0-release" /> Since then, the project has issued a release every six months, each of which is supported for one year. |
|||
On 25 July 2007, OpenBSD developer Bob Beck announced the formation of the [[OpenBSD Foundation]], a Canadian non-profit organization formed to "act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."<ref name="announcing-openbsd-foundation" /> |
|||
In 2024, it announced that the project has modified all files since the original import.<ref>{{Cite web |title='CVS: cvs.openbsd.org: src' - MARC |url=https://marc.info/?l=openbsd-cvs&m=172443408727088&w=2 |access-date=2024-11-01 |website=marc.info}}</ref> |
|||
== Usage statistics == |
|||
[[File:Bsd distributions usage.svg|left|thumb|upright|[[Bar chart]] showing the proportion of users of each [[Berkeley Software Distribution|BSD]] variant from a 2005 BSD usage survey of 4330 users.<ref name="survey" />{{notetag|name=survey_nuance|Multiple selections were permitted as users may use multiple BSD variants side by side.}}]] |
|||
It is hard to determine how widely OpenBSD is used, because the developers do not publish or collect usage statistics. |
|||
In September 2005, the BSD Certification Group surveyed 4330 individual BSD users, showing that 32.8% used OpenBSD,<ref name="survey" /> behind [[FreeBSD]] with 77%, ahead of NetBSD with 16.3% and [[DragonFly BSD]] with 2.6%{{notetag|name=survey_nuance}}. However, the authors of this survey clarified that it is neither "exhaustive" nor "completely accurate", since the survey was spread mainly through mailing lists, forums and word of mouth. This combined with other factors, like the lack of a control group, a pre-screening process or significant outreach outside of the BSD community, makes the survey unreliable for judging BSD usage globally. |
|||
== Uses == |
|||
=== Network appliances === |
|||
OpenBSD features a robust [[TCP/IP]] [[computer network|networking]] stack, and can be used as a [[router (computing)|router]]<ref>{{cite web|title=OpenBSD PF - Building a Router|url=https://www.openbsd.org/faq/pf/example1.html|access-date=8 August 2019}}</ref> or [[wireless access point]].<ref>{{cite web|title=Building an OpenBSD wireless access point|url=https://ctors.net/2013/12/30/openbsd_wireless_access_point|access-date=8 August 2019}}</ref> OpenBSD's [[OpenBSD security features|security enhancements]], built-in [[cryptography]], and [[PF (firewall)|packet filter]] make it suitable for security purposes such as [[firewall (computing)|firewalls]],<ref name="closer-look-openbsd" /> [[intrusion-detection system]]s, and [[virtual private network|VPN]] [[gateway (computer networking)|gateways]]. |
|||
Several [[proprietary software|proprietary]] systems are based on OpenBSD, including devices from [[Armorlogic]] (Profense web application firewall), Calyptix Security,<ref name="calyptix" /> GeNUA,<ref name="genua" /> RTMX,<ref name="rtmx" /> and .vantronix.<ref name="vantronix" /> |
|||
=== Other operating systems === |
|||
Some versions of [[Microsoft]]'s [[Windows Services for UNIX|Services for UNIX]], an extension to the [[Microsoft Windows|Windows]] operating system to provide Unix-like functionality, use much of the OpenBSD code base that is included in the [[Interix]] interoperability suite,<ref name="wsu35_review">{{citation |
|||
|url = http://www.osnews.com/story/5751 |
|||
|archive-url = https://web.archive.org/web/20080211164430/http://www.osnews.com/story/5751 |
|||
|url-status = dead |
|||
|archive-date = 11 February 2008 |
|||
|last = Dohnert |
|||
|first = Roberto J. |
|||
|title = Review of Windows Services for UNIX 3.5 |
|||
|work = [[OSNews]] |
|||
|publisher = [[David Adams (businessman)|David Adams]] |
|||
|date = 21 January 2004 |
|||
}}</ref><ref name=wontfix>{{cite web |url=https://brianreiter.org/2010/01/26/wontfix-select2-in-sua-5-2-ignores-timeout/ |title=WONTFIX: select(2) in SUA 5.2 ignores timeout |first=Brian |last=Reiter |publisher=brianreiter.org |date=26 January 2010 }}</ref> developed by Softway Systems Inc., which Microsoft acquired in 1999.<ref name="softway">{{citation |
|||
|url = http://www.microsoft.com/en-us/news/press/1999/sept99/softwaypr.aspx |
|||
|title = Microsoft Acquires Softway Systems To Strengthen Future Customer Interoperability Solutions |
|||
|work = Microsoft News Center |
|||
|publisher = [[Microsoft]] |
|||
|date = 17 September 1999 |
|||
}}</ref><ref name="interix">{{cite web |url=https://www.milltech.com/about |title=Milltech Consulting Inc. |date=2019 |access-date=23 June 2020 |archive-date=18 September 2020 |archive-url=https://web.archive.org/web/20200918125111/https://www.milltech.com/about |url-status=dead }}</ref> Core Force, a security product for Windows, is based on OpenBSD's [[PF (firewall)|pf firewall]].<ref name="core-force">{{citation |
|||
|url = http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=project&name=Core_Force |
|||
|title = Core Force |
|||
|work = Core Labs |
|||
|access-date = 13 December 2011 |
|||
|quote = CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation. |
|||
|archive-date = 28 November 2011 |
|||
|archive-url = https://web.archive.org/web/20111128042152/http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=project&name=Core_Force |
|||
|url-status = dead |
|||
}}</ref> The [[PF (firewall)|pf firewall]] is also found in other operating systems: including [[FreeBSD]],<ref>{{Cite web|title=Chapter 31. Firewalls|url=https://docs.freebsd.org/en/books/handbook/firewalls/|access-date=2021-12-03|website=The FreeBSD Project|language=en}}</ref> and [[macOS]].<ref>{{Cite web|title=pf.c|url=https://opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/net/pf.c.auto.html|access-date=2021-12-03|website=opensource.apple.com}}</ref> |
|||
=== Personal computers === |
|||
OpenBSD ships with [[Xenocara]],<ref name="xenocara" /> an implementation of the [[X Window System]], and is suitable as a desktop operating system for [[personal computer]]s, including laptops.<ref name="openbsd-desktop" /><ref name="absolute_openbsd" />{{rp|xl}} {{As of|2018|09}}, OpenBSD includes approximately 8000 packages in its [[software repository]],<ref name="openports" /> including desktop environments such as [[Lumina (desktop environment)|Lumina]], [[GNOME]], [[KDE Plasma]], and [[Xfce]], and web browsers such as [[Firefox]] and [[Chromium (web browser)|Chromium]].<ref name="6.0-release" /> The project also includes three window managers in the main distribution: [[cwm (window manager)|cwm]], [[FVWM]] (part of the default configuration for Xenocara), and [[twm]].<ref name="faq11" /> |
|||
=== Servers === |
|||
OpenBSD features a full [[server (computing)|server]] suite and can be configured as a [[mail server]], [[web server]], [[FTP server]], [[DNS server]], [[router (computing)|router]], [[firewall (computing)|firewall]], [[Network File System|NFS]] [[file server]], or any combination of these. Since version 6.8, OpenBSD has also shipped with native in-kernel [[WireGuard]] support.<ref>{{Cite web|title=OpenBSD 6.8|url=https://www.openbsd.org/68.html|access-date=2021-12-03|website=www.openbsd.org}}</ref><ref>{{Cite web|title=WireGuard imported into OpenBSD|url=https://undeadly.org/cgi?action=article;sid=20200622052207|access-date=2021-12-03|website=undeadly.org}}</ref> |
|||
== Security == |
|||
{{See also|OpenBSD security features}} |
|||
[[File:OpenBSD 7.0 console screenshot.png|thumb|OpenBSD console login and its messages]] |
|||
Shortly after OpenBSD was created, De Raadt was contacted by a local security software company named Secure Networks (later acquired by [[McAfee]]).<ref name="staying-cutting-edge" /><ref name="onlamp-interview" /> The company was developing a [[network security]] auditing tool called Ballista,{{notetag|name=ballista|Later renamed to Cybercop Scanner after SNI was purchased by [[McAfee|Network Associates]].}} which was intended to find and [[exploit (computer security)|exploit]] software security flaws. This coincided with De Raadt's interest in security, so the two cooperated leading up to the release of OpenBSD 2.3.<ref name="2.3-announcement" /> This collaboration helped to define security as the focus of the OpenBSD project.<ref name="free-for-all" /> |
|||
OpenBSD includes numerous features designed to improve security, such as: |
|||
* Secure alternatives to [[POSIX]] functions in the C standard library, such as <code>[[strlcat]]</code> for <code>[[strcat]]</code> and <code>[[strlcpy]]</code> for <code>[[strcpy]]</code><ref name="strlcpy-strlcat-paper" /> |
|||
* Toolchain alterations, including a [[static code analysis|static bounds checker]]<ref name="man_gcc-local" /> |
|||
* Memory protection techniques to guard against invalid accesses, such as [[stack-smashing protection#GCC Stack-Smashing Protector (ProPolice)|ProPolice]] and the [[W^X]] [[paging|page]] protection feature |
|||
* Strong [[cryptography]] and [[randomization]]<ref name="crypto-openbsd-overview" /> |
|||
* [[System call]] and [[filesystem]] access restrictions to limit process capabilities<ref>{{cite web|title=Pledge() - A New Mitigation Mechanism|url=https://www.openbsd.org/papers/hackfest2015-pledge/mgp00002.html|access-date=8 October 2018}}</ref> |
|||
To reduce the risk of a vulnerability or misconfiguration allowing [[privilege escalation]], many programs have been written or adapted to make use of [[privilege separation]], [[privilege revocation (computing)|privilege revocation]] and [[chroot]]ing. Privilege separation is a technique, pioneered on OpenBSD and inspired by the [[principle of least privilege]], where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.<ref name="privilege-separated-openssh" /> Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of the [[file system]], prohibiting it from accessing areas that contain private or system files. Developers have applied these enhancements to OpenBSD versions of many common applications, such as [[tcpdump]], [[File (command)|file]], [[tmux]], [[OpenSMTPD|smtpd]], and [[syslogd]].<ref name="openbsd_innovations_privsep" /> |
|||
OpenBSD developers were instrumental in the creation and development of [[OpenSSH]] (aka OpenBSD Secure Shell), which is developed in the OpenBSD CVS repositories. OpenBSD Secure Shell is based on the original [[Secure Shell|SSH]].<ref name="openssh-history" /> It first appeared in OpenBSD 2.6 and is now by far the most popular SSH client and server, available on many operating systems.<ref name="openssh-usage" /> |
|||
The project has a policy of continually auditing source code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted." He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment the [[compiler]] to warn against this specific problem."<ref name="interview-espie" /> |
|||
=== Security record === |
|||
The OpenBSD website features a prominent reference to the system's security record. Until June 2002, it read: |
|||
{{cquote|Five years without a remote hole in the default install!}} |
|||
In June 2002, Mark Dowd of [[Internet Security Systems]] disclosed a bug in the OpenSSH code implementing [[challenge–response authentication]].<ref>{{cite web|website=Internet Security Systems|url=http://www.iss.net/threats/advise123.html|title=OpenSSH Remote Challenge Vulnerability|date=26 June 2002|access-date=17 December 2005|archive-url=https://archive.today/20120908042011/http://www.iss.net/threats/advise123.html|archive-date=8 September 2012}}</ref> This [[vulnerability (computer science)|vulnerability]] in the OpenBSD default installation allowed an attacker remote access to the [[superuser|root]] account, which was extremely serious not only to OpenBSD, but also to the large number of other operating systems that were using OpenSSH by that time.<ref>{{cite web|url=http://xforce.iss.net/xforce/xfdb/9169|title=A partial list of affected operating systems|archive-url=https://web.archive.org/web/20120106002606/http://xforce.iss.net/xforce/xfdb/9169|archive-date=6 January 2012}}</ref> This problem necessitated the adjustment of the slogan on the OpenBSD website to: |
|||
{{cquote|One remote hole in the default install, in nearly 6 years!}} |
|||
The quote remained unchanged as time passed, until on 13 March 2007, when Alfredo Ortega of Core Security Technologies disclosed a network-related remote vulnerability.<ref>{{cite web|website=Core Security Technologies|url=http://www.coresecurity.com/content/open-bsd-advisorie|title=OpenBSD's IPv6 mbufs remote kernel buffer overflow.|date=13 March 2007}}</ref> The quote was subsequently changed to: |
|||
{{cquote|Only two remote holes in the default install, in a heck of a long time!}} |
|||
This statement has been criticized because the default install contains few running services, and many use cases require additional services.<ref>{{citation |
|||
|url = http://securityblog.org/brindle/2008/03/30/secure-doesnt-mean-anything/ |
|||
|title = Secure doesn't mean anything |
|||
|last = Brindle |
|||
|first = Joshua |
|||
|work = Security Blog |
|||
|date = 30 March 2008 |
|||
|access-date = 13 December 2011}}</ref> Also, because the ports tree contains unaudited [[third-party software]], it is easy for users to compromise security by installing or improperly configuring packages. However, the project maintains that the slogan is ''intended'' to refer to a default install and that it is correct by that measure. |
|||
One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean, and secure by default. The default install is quite minimal, which the project states is to ensure novice users "do not need to become security experts overnight",<ref name="security" /> which fits with open-source and [[code audit]]ing practices considered important elements of a security system.<ref name="oss-good-for-security" /> Additional services are to be enabled manually to make users think of the security implications first. |
|||
=== Alleged backdoor === |
|||
On 11 December 2010, Gregory Perry, a former technical consultant for the [[Federal Bureau of Investigation]] (FBI), emailed De Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years prior to insert backdoors into the [[OpenBSD Cryptographic Framework]]. De Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the [[IPsec]] codebase.<ref name="allegations-ipsec" /><ref name="osnews-ipsec" /> De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors was found.<ref name="no-ipsec-backdoor" /> De Raadt stated "I believe that NetSec was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product."<ref name="informationweek_ipsec" /> |
|||
=== Criticisms === |
|||
In December 2017, Ilja van Sprundel, director at [[IOActive]], gave a talk at the [[Chaos Communication Congress|CCC]]<ref>{{Cite web|url=https://media.ccc.de/v/34c3-8968-are_all_bsds_created_equally|title=Are all BSDs created equally? — A survey of BSD kernel vulnerabilities|last=Van Sprundel|first=Ilja|date=December 2017}}</ref> as well as [[DEF CON]],<ref>{{Cite web|url=https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEF%20CON%2025%20-%20Ilja-van-Sprundel-BSD-Kern-Vulns.pdf|title=Are all BSDs created equally? — A survey of BSD kernel vulnerabilities|last=Van Sprundel|first=Ilja|date=July 2017}}</ref> entitled "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities", in which he stated that although OpenBSD was the clear winner of the BSDs in terms of security, "Bugs are still easy to find in those kernels, even in OpenBSD". |
|||
Two years later, in 2019, a talk named "A systematic evaluation of OpenBSD's mitigations" was given<ref>{{Cite web|url=https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10519.html|title=Lecture: A systematic evaluation of OpenBSD's mitigations|date=December 2019}}</ref> at the CCC, arguing that while OpenBSD has some effective mitigations, a significant part of them are "useless at best and based on pure luck and superstition", arguing for a more rational approach when it comes to designing them.<ref>{{cite web|url=https://isopenbsdsecu.re/|title=Is OpenBSD secure?|date=29 December 2019}}</ref> |
|||
== Subprojects == |
|||
Many open source projects started as components of OpenBSD, including: |
|||
{{div col}} |
|||
* [[bioctl]], a generic [[RAID]] management interface similar to [[ifconfig]] |
|||
* [[Common Address Redundancy Protocol|CARP]], a free alternative to [[Cisco Systems|Cisco]]'s patented [[Hot Standby Router Protocol|HSRP]]/[[Virtual Router Redundancy Protocol|VRRP]] redundancy protocols |
|||
* [[Cwm (window manager)|cwm]], a stacking window manager |
|||
* [[doas]], a safer replacement for [[sudo]] |
|||
* [[OpenBSD httpd]],<ref>{{cite web|url=https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/|title=src/usr.sbin/httpd/|website=OpenBSD CVSWeb}}</ref><ref>{{cite web|url=https://www.freshports.org/www/obhttpd/|title=web/obhttpd: OpenBSD http server|website=[[Freshports]]}}</ref> an implementation of [[httpd]] |
|||
* [[hw.sensors]], a sensors framework used by over 100 drivers |
|||
* [[LibreSSL]], an implementation of the [[Secure Sockets Layer|SSL]] and [[Transport Layer Security|TLS]] protocols, forked from [[OpenSSL]] 1.0.1g<ref>{{cite web|title=LibreSSL|url=https://www.libressl.org|access-date=8 August 2019}}</ref> |
|||
* [[OpenBGPD]], an implementation of [[Border Gateway Protocol|BGP-4]]<ref name="openbgpd">{{cite web|title=OpenBGPD|url=http://www.openbgpd.org|access-date=8 August 2019}}</ref> |
|||
* [[OpenIKED]], an implementation of [[IKEv2]]<ref>{{cite web|title=OpenIKED|url=https://www.openiked.org|access-date=8 August 2019|archive-url=https://web.archive.org/web/20170514230834/http://www.openiked.org/|archive-date=14 May 2017|url-status=dead}}</ref> |
|||
* [[OpenNTPD]], a simpler alternative to ntp.org's [[Network Time Protocol|NTP]] daemon<ref>{{cite web|title=OpenNTPD|url=http://www.openntpd.org|access-date=8 August 2019}}</ref> |
|||
* [[OpenOSPFD]], an implementation of [[Open Shortest Path First|OSPF]]<ref name="openbgpd" /> |
|||
* [[OpenSMTPD]], an [[Simple Mail Transfer Protocol|SMTP]] daemon with [[IPv4]]/[[IPv6]], [[Pluggable Authentication Modules|PAM]], [[Maildir]], and virtual domains support<ref>{{cite web|title=OpenSMTPD|url=https://www.opensmtpd.org|access-date=8 August 2019}}</ref> |
|||
* [[OpenSSH]], an implementation of [[Secure Shell|SSH]]<ref>{{cite web|title=OpenSSH|url=https://www.openssh.com|access-date=8 August 2019}}</ref> |
|||
* [[PF (firewall)|PF]], an [[IPv4]]/[[IPv6]] stateful firewall with [[Network address translation|NAT]], [[Port address translation|PAT]], [[Quality of service|QoS]] and traffic normalization support |
|||
* [[pfsync]], a firewall state synchronization protocol for [[PF (firewall)|PF]] with [[high availability]] support using [[Common Address Redundancy Protocol|CARP]] |
|||
* [[sndio]], a compact audio and MIDI framework |
|||
* [[spamd]], a spam filter with [[Greylisting (email)|greylisting]] support designed to inter-operate with [[PF (firewall)|PF]] |
|||
* [[Xenocara]], a customized [[X.Org Server|X.Org]] build infrastructure<ref name="xenocara" /> |
|||
{{div col end}} |
|||
Some subsystems have been integrated into other BSD operating systems,{{r|freebsd_openssh-base|netbsd_openssh-base|dragonflybsd_openssh-base}} and many are available as packages for use in other Unix-like systems.{{r|archlinux_openssh-portable|opensuse_openssh-portable|debian_openssh-portable}} |
|||
Linux administrator Carlos Fenollosa commented on moving from Linux to OpenBSD that the system is faithful to the [[Unix philosophy]] of small, simple tools that work together well: "Some base components are not as feature-rich, on purpose. Since 99% of the servers don't need the flexibility of Apache, OpenBSD's httpd will work fine, be more secure, and probably faster".<ref name="Fenollosa">{{Cite web|url=https://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html|title=OpenBSD from a veteran Linux user perspective}}</ref> He characterized the developer community's attitude to components as: "When the community decides that some module sucks, they develop a new one from scratch. OpenBSD has its own NTPd, SMTPd and, more recently, HTTPd. They work great".<ref name="Fenollosa"/> As a result, OpenBSD is relatively prolific in creating components that become widely reused by other systems. |
|||
OpenBSD runs nearly all of its standard [[Daemon (computing)|daemon]]s within [[chroot]] and [[Privilege separation|privsep]] security structures by default, as part of hardening the base system.<ref name="Fenollosa"/> |
|||
The [[Calgary Internet Exchange]] was formed in 2012, in part to serve the needs of the OpenBSD project.<ref name="cuug">{{cite web |
|||
| title = An Internet Exchange for Calgary |
|||
| url = http://www.yycix.ca/talks/cuug-2013-06-18/an-internet-exchange-for-Calgary.pdf |
|||
| archive-url = https://web.archive.org/web/20131005010536/http://www.yycix.ca/talks/cuug-2013-06-18/an-internet-exchange-for-Calgary.pdf |
|||
| url-status = dead |
|||
| archive-date = 5 October 2013 |
|||
| last = De Raadt |
|||
| first = Theo |
|||
| date = 18 June 2013 |
|||
| access-date = 9 October 2018 |
|||
}}</ref> |
|||
In 2017, Isotop,<ref>{{Cite web |title=3hg {{!}} isotop - index |url=https://www.3hg.fr/Isos/isotop/ |access-date=2022-05-06 |website=www.3hg.fr}}</ref> a French project aiming to adapt OpenBSD to desktops and laptops, using [[xfce]] then [[dwm]], started to be developed.<ref>{{Cite web |last=pavroo |title=Isotop |url=https://archiveos.org/isotop/ |access-date=2022-05-06 |website=ArchiveOS |date=17 May 2021 |language=en-US}}</ref> |
|||
== Third-party components == |
|||
OpenBSD includes a number of [[third-party software component|third-party components]], many with OpenBSD-specific patches,<ref name="6.0-release" /> such as [[X.Org Server|X.Org]], [[Clang]]<ref name="man_clang-local" /> (the default [[compiler]] on several [[computer architecture|architectures]]), [[GNU Compiler Collection|GCC]],<ref name="man_gcc-local" />{{notetag|name=compiler-version|{{As of|2018|April|alt=As of OpenBSD 6.3}}, either Clang 5.0.1, GCC 4.2.1 or GCC 3.3.6 is shipped, depending on the platform.<ref name=man_clang-local /><ref name=man_gcc-local />}} [[Perl]], [[NSD]], [[Unbound (DNS server)|Unbound]], [[ncurses]], [[GNU binutils]], [[GNU Debugger|GDB]], and [[AWK]]. |
|||
== Development == |
|||
[[File:OpenBSD hackers at c2k++ at MIT.jpg|thumb|right|OpenBSD developers at c2k1 [[hackathon]] at [[Massachusetts Institute of Technology|MIT]], June 2001]] |
|||
[[File:S2k17.gif|thumb|OpenBSD hackathon s2k17]] |
|||
Development is continuous, and team management is open and tiered. Anyone with appropriate skills may contribute, with commit rights being awarded on merit and De Raadt acting as coordinator.{{r|absolute_openbsd|page=xxxv}} Two official releases are made per year, with the version number incremented by 0.1,<ref name="deraadt_interview_200605" /> and these are each supported for twelve months (two release cycles).<ref name="openbsd_faq_building_system_source" /> Snapshot releases are also available at frequent intervals. |
|||
Maintenance patches for supported releases may be applied using [[syspatch]], manually or by updating the system against the patch branch of the [[Concurrent Versions System|CVS]] source repository for that release.<ref name="openbsd_faq_system_management" /> Alternatively, a system administrator may opt to upgrade to the next snapshot release using [[sysupgrade]], or by using the {{mono|-current}} branch of the CVS repository, in order to gain pre-release access to recently added features. The sysupgrade tool can also upgrade to the latest stable release version. |
|||
The generic OpenBSD kernel provided by default is strongly recommended for end users, in contrast to operating systems that recommend user kernel customization.<ref name="faq9" /> |
|||
Packages outside the base system are maintained by CVS through a [[ports collection|ports tree]] and are the responsibility of the individual maintainers, known as porters. As well as keeping the current branch up to date, porters are expected to apply appropriate bug-fixes and maintenance fixes to branches of their package for OpenBSD's supported releases. Ports are generally not subject to the same continuous auditing as the base system due to lack of manpower. |
|||
Binary packages are built centrally from the ports tree for each architecture. This process is applied for the current version, for each supported release, and for each snapshot. Administrators are recommended to use the package mechanism rather than build the package from the ports tree, unless they need to perform their own source changes. |
|||
OpenBSD's developers regularly meet at special events called [[hackathon]]s,<ref name="openbsd-hackathons" /> where they "sit down and code", emphasizing productivity.<ref name="deraadt_interview_200603" /> |
|||
Most new releases include a song.<ref name=lyrics /> |
|||
== Open source and open documentation == |
|||
OpenBSD is known for its high-quality documentation.<ref name="chisnall2006"/><ref name="smith2013"/> |
|||
When OpenBSD was created, De Raadt decided that the [[source code]] should be available for anyone to read. At the time, a small team of developers generally had access to a project's source code.<ref name="cvs" /> Chuck Cranor<ref name="cranor" /> and De Raadt concluded this practice was "counter to the open source philosophy" and inconvenient to potential contributors. Together, Cranor and De Raadt set up the first public, anonymous [[revision control system]] server. De Raadt's decision allowed users to "take a more active role", and established the project's commitment to open access.<ref name="cvs"/> OpenBSD is notable for its continued use of [[Concurrent Versions System|CVS]] (more precisely an unreleased, OpenBSD-managed fork named OpenCVS), when most other projects that used it have migrated to other systems.<ref>{{cite web |url=https://cvs.afresh1.com/~andrew/o/why-cvs.html |last=Fresh |first=Andrew |title=Why OpenBSD Developers Use CVS |access-date=30 August 2021}}</ref> |
|||
OpenBSD does not include [[closed source]] binary drivers in the source tree, nor does it include code requiring the signing of [[non-disclosure agreement]]s.<ref name="openbsd_goals_code" /> According to the [[GNU Project]], OpenBSD includes small "blobs" of proprietary object code as device firmware.<ref>{{Cite web |date=2023-12-10 |title=Explaining Why We Don't Endorse Other Systems |url=https://www.gnu.org/distros/common-distros.html |access-date=2023-12-10 |archive-url=https://web.archive.org/web/20231123122237/https://www.gnu.org/distros/common-distros.html |archive-date=23 November 2023 }}</ref> |
|||
Since OpenBSD is based in Canada, no United States export restrictions on cryptography apply, allowing the distribution to make full use of modern algorithms for encryption. For example, the swap space is divided into small sections and each section is encrypted with its own key, ensuring that sensitive data does not leak into an insecure part of the system.<ref name="closer-look-openbsd" /> |
|||
OpenBSD randomizes various behaviors of applications, making them less predictable and thus more difficult to attack. For example, PIDs are created and associated randomly to processes; the <code>bind</code> [[system call]] uses random [[port (computer networking)|port numbers]]; files are created with random [[inode]] numbers; and IP datagrams have random identifiers.<ref name="crypto-openbsd-overview_randomness" /> This approach also helps expose bugs in the kernel and in user space programs. |
|||
The OpenBSD policy on openness extends to hardware documentation: in the slides for a December 2006 presentation, De Raadt explained that without it "developers often make mistakes writing drivers", and pointed out that "the [oh my god, I got it to work] rush is harder to achieve, and some developers just give up."<ref name="deraadtopencon06"/> He went on to say that vendor-supplied binary drivers are unacceptable for inclusion in OpenBSD, that they have "no trust of vendor binaries running in our kernel" and that there is "no way to fix [them] ... when they break."<ref name="deraadtopencon06"/> |
|||
== Licensing == |
|||
{{See also|Comparison of free and open-source software licenses|Free software license}} |
|||
OpenBSD maintains a strict [[software licensing|license]] policy,<ref name="policy"/> preferring the [[ISC license]] and other variants of the [[Simplified BSD License|BSD license]]. The project attempts to "maintain the spirit of the original Berkeley Unix [[copyright]]s," which permitted a "relatively un-encumbered Unix source distribution."<ref name="policy" /> The widely used [[Apache License]] and [[GNU General Public License]] are considered overly restrictive.<ref name="bsd-cognoscenti-on-linux" /> |
|||
In June 2001, triggered by concerns over Darren Reed's modification of IPFilter's license wording, a systematic license audit of the OpenBSD ports and source trees was undertaken.<ref name="license-disagreement" /> Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the license. To ensure that all licenses were properly adhered to, an attempt was made to contact all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, such as the [[multicast]] [[routing]] tools {{mono|mrinfo}} and {{mono|map-mbone}}, were [[Software relicensing|relicensed]] so that OpenBSD could continue to use them.<ref name="cvsweb_mrinfo_xerox" /><ref name="cvsweb_map-mbone_xerox" /> Also removed during this audit was all software produced by [[Daniel J. Bernstein]]. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort.{{r|djb-ports-removed-1|djb-ports-removed-2|djb-ports-removed-3}} |
|||
Because of licensing concerns, the OpenBSD team has reimplemented software from scratch or adopted suitable existing software. For example, OpenBSD developers created the [[PF (firewall)|PF]] [[packet filter]] after unacceptable restrictions were imposed on [[IPFilter]]. PF first appeared in OpenBSD 3.0<ref name="pf-design-paper" /> and is now available in many other operating systems.<ref name="pf-book" /> OpenBSD developers have also replaced GPL-licensed tools (such as [[Concurrent Versions System|CVS]] and [[pkg-config]]) with [[permissive software license|permissively licensed]] equivalents.<ref>{{cite web|title=New BSD licensed CVS replacement for OpenBSD|date=6 December 2004 |url=https://slashdot.org/story/52396|access-date=9 October 2018}}</ref><ref>{{cite web|title=pkg-config(1)|url=https://man.openbsd.org/pkg-config.1|access-date=9 October 2018}}</ref> |
|||
== Funding == |
|||
Although the operating system and its portable components are used in commercial products, De Raadt says that little of the funding for the project comes from the industry: "traditionally all our funding has come from user donations and users buying our CDs (our other products don't really make us much money). Obviously, that has not been a lot of money."<ref name="deraadt_interview_200605" /> |
|||
For a two-year period in the early 2000s, the project received funding from [[DARPA]], which "paid the salaries of 5 people to work completely full-time, bought about $30k in hardware, and paid for 3 hackathons", from the [[POSSE project]].<ref name="deraadt_interview_200605" /> |
|||
In 2006, the OpenBSD project experienced financial difficulties.<ref name="slashdot_financial_danger" /> The [[Mozilla Foundation]]<ref name="slashdot_mozilla_donate" /> and [[GoDaddy]]<ref name="thehostingnews_godaddy_donate" /> are among the organizations that helped OpenBSD to survive. However, De Raadt expressed concern about the asymmetry of funding: "I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15-to-1 dollar ratio in favor of the little people. Thanks a lot, little people!"<ref name="deraadt_interview_200605" /> |
|||
On 14 January 2014, Bob Beck issued a request for funding to cover electrical costs. If sustainable funding was not found, Beck suggested the OpenBSD project would shut down.<ref name="funding-2014" /> The project soon received a US$20,000 donation from Mircea Popescu, the Romanian creator of the MPEx bitcoin stock exchange, paid in [[bitcoin]]s.<ref name="Bright" /> The project raised US$150,000<ref name="2014_fundraising_campaign" /> in response to the appeal, enabling it to pay its bills and securing its short-term future.<ref name="Bright" /> |
|||
===OpenBSD Foundation=== |
|||
{{Infobox organization |
|||
| name = OpenBSD Foundation |
|||
| formation = {{Start date and age|2007|07|25}} |
|||
| founder = OpenBSD developers |
|||
| status = [[Nonprofit organization]] |
|||
| location = [[Canada]] |
|||
| website = {{URL|https://www.openbsdfoundation.org}} |
|||
| module = {{Infobox network service provider|child=yes|asn=22512}} |
|||
}} |
|||
The OpenBSD Foundation is a Canadian federal [[non-profit organization]] founded by the OpenBSD project as a "[[single point of contact]] for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."<ref>{{Cite web |url=http://undeadly.org/cgi?action=article&sid=20070726015128 |title=Announcing - The OpenBSD Foundation |access-date=8 May 2014 |date=26 July 2007 |work=[[OpenBSD Journal]]}}</ref> It was announced to the public by OpenBSD developer Bob Beck on 25 July 2007. It also serves as a legal safeguard over other projects which are affiliated with OpenBSD, including [[OpenSSH]], [[OpenBGPD]], [[OpenNTPD]], [[OpenCVS]], [[OpenSMTPD]] and [[LibreSSL]].<ref>{{Cite web|last=Brodkin|first=Jon|date=22 April 2014|title=OpenSSL code beyond repair, claims creator of "LibreSSL" fork|url=https://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/|access-date=18 August 2021|website=Ars Technica|language=en-us}}</ref> |
|||
Since 2014, several large contributions to the OpenBSD Foundation have come from corporations such as Microsoft,<ref name="register_rain_cash" /> Facebook, and Google as well as the [[Core Infrastructure Initiative]].<ref name="foundation_contributors" /> |
|||
In 2015, [[Microsoft]] became the foundation's first gold level contributor<ref>{{Cite web|last=Vaughan-Nichols|first=Steven J.|title=Microsoft becomes OpenBSD's first gold contributor|url=https://www.zdnet.com/article/microsoft-becomes-openbsds-first-gold-contributor/ |access-date=18 August 2021|website=ZDNet|language=en}}</ref> donating between $25,000-50,000 to support development of OpenSSH, which had been integrated into [[PowerShell]] in July, and later into Windows Server in 2018.<ref>{{Cite web|last1=Mackie|first1=Kurt|last2=12 November 2018|title=Microsoft Now Supports OpenSSH in Windows Server 2019 -- Redmondmag.com|url=https://redmondmag.com/articles/2018/12/11/microsoft-now-supports-openssh-in-windows-server-2019.aspx|access-date=18 August 2021|website=Redmondmag|language=en-US}}</ref> Other contributors include Google, Facebook and [[DuckDuckGo]].<ref>{{Cite web|title=Donate to the OpenBSD Foundation|url=https://www.openbsdfoundation.org/contributors.html|access-date=18 August 2021|website=www.openbsdfoundation.org}}</ref> |
|||
During the 2016 and 2017 fundraising campaigns, [[Smartisan]], a Chinese company, was the leading financial contributor to the OpenBSD Foundation.<ref>{{cite web|title=OpenBSD Donors|url=http://www.openbsdfoundation.org/contributors.html}}</ref><ref>{{cite web|title=Smartisan Makes Another Iridium Donation to the OpenBSD Foundation|url=http://undeadly.org/cgi?action=article&sid=20170817195416|website=[[OpenBSD Journal]]}}</ref> |
|||
== Distribution == |
|||
OpenBSD is freely available in various ways: the source can be retrieved by anonymous [[Concurrent Versions System|CVS]],<ref name="anoncvs" /> and binary releases and development snapshots can be downloaded by FTP, HTTP, and rsync.<ref name="ftp" /> Prepackaged CD-ROM sets through version 6.0 can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, have been one of the project's few sources of income, funding hardware, Internet service, and other expenses.<ref name="orders" /> Beginning with version 6.1, CD-ROM sets are no longer released. |
|||
OpenBSD provides a [[package manager|package management system]] for easy installation and management of programs which are not part of the base operating system.<ref name="faq15" /> Packages are binary files which are extracted, managed and removed using the package tools. On OpenBSD, the source of packages is the ports system, a collection of [[Makefile]]s and other infrastructure required to create packages. In OpenBSD, the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 4.6 are not suitable for use with 4.5 and vice versa.<ref name="faq15" /> |
|||
== Songs and artwork == |
|||
{{Multiple image |
|||
| align = center |
|||
| total_width = 600 |
|||
| image1 = |
|||
| caption1 = Puffy, the [[mascot]] of OpenBSD |
|||
| image2 = Puffyanim.gif |
|||
| caption2 = 3D-rendered, animated OpenBSD mascot ''Puffy'' |
|||
| image3 = Openbsd23cover.gif |
|||
| caption3 = OpenBSD 2.3 cover |
|||
}} |
|||
Initially, OpenBSD used a haloed version of the [[BSD daemon]] mascot drawn by Erick Green, who was asked by De Raadt to create the logo for the 2.3 and 2.4 versions of OpenBSD. Green planned to create a full daemon, including head and body, but only the head was completed in time for OpenBSD 2.3. The body as well as pitchfork and tail was completed for OpenBSD 2.4.<ref name="mckusick_openbsd_shirt" /> |
|||
Subsequent releases used variations such as a police daemon by Ty Semaka,<ref name="openbsd_2.5_release" /> but eventually settled on a [[pufferfish]] named Puffy.<ref name="2.7-release" /> Since then, Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork. |
|||
The promotional material of early OpenBSD releases did not have a cohesive theme or design, but later the CD-ROMs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the [[Plaid Tongued Devils]].<ref name="lyrics" /> These have become a part of OpenBSD advocacy, with each release expounding a moral or political point important to the project, often through parody.<ref name="4.0-review" /> |
|||
Themes have included ''Puff the Barbarian'' in OpenBSD 3.3, which included an 80s [[rock music|rock song]] and parody of [[Conan the Barbarian]] alluding to open documentation,<ref name="lyrics" /> [[The Wizard of OS (song)|''The Wizard of OS'']] in OpenBSD 3.7, related to the project's work on wireless drivers, and ''Hackers of the Lost RAID'', a parody of [[Indiana Jones]] referencing the new RAID tools in OpenBSD 3.8. |
|||
== Releases == |
|||
The following table summarizes the version history of the OpenBSD [[operating system]]. |
|||
{{Version |t |show=11101}} |
|||
{| class="wikitable" |
|||
|- |
|- |
||
! Version |
|||
! [[Unix]] and [[Unix-like]] |
|||
! Release date |
|||
! Supported until |
|||
! Significant changes |
|||
|- |
|- |
||
| {{Version |o |1.1}} |
|||
! [[Software licensing]] |
|||
| 18 October 1995 |
|||
| |
|||
| |
|||
* OpenBSD [[Concurrent Versions System|CVS]] repository created by [[Theo de Raadt]].<ref>{{cite web|title=Undeadly|url=http://undeadly.org/cgi?action=article&sid=20061019013207|access-date=9 October 2018}}</ref> |
|||
* While the version number used at this stage was 1.1,{{notetag|Compare [[NetBSD#Releases|release history of NetBSD]], which OpenBSD branched from}} OpenBSD 1.1 was not an official OpenBSD release in the sense which this term subsequently came to be used. |
|||
|- |
|- |
||
| {{Version |o |1.2}} |
|||
! [[Computer insecurity]] |
|||
| 1 July 1996 |
|||
{{Prerequisites footer}} |
|||
| |
|||
'''OpenBSD''' is a freely available [[Unix-like]] [[computer]] [[operating system]] descended from [[Berkeley Software Distribution]] (BSD), a [[Unix]] derivative created at the [[University of California, Berkeley]]. It was [[Fork (software development)|forked]] from [[NetBSD]], the oldest of the three most popular BSD-based operating systems still active today (the third being [[FreeBSD]]), by project leader [[Theo de Raadt]] in 1995, and is widely known for its developers' insistence on open source and documentation, uncompromising position on [[software licensing]], and focus on [[Computer insecurity|security]] and code correctness. The project is coordinated from de Raadt's home in [[Calgary, Alberta]], [[Canada]]. Its [[logo]] and [[mascot]] is [[Puffy (mascot)|Puffy]], a [[pufferfish]]. |
|||
| |
|||
* Creation of the <code>intro(9)</code> man page, for documenting kernel internals. |
|||
* Integration of the <code>update(8)</code> command into the kernel. |
|||
* As before, while this version number was used in the early development of the OS, OpenBSD 1.2 was not an official release in the subsequently applicable sense. |
|||
|- |
|||
OpenBSD includes a number of security features absent or optional in other operating systems and has a tradition of developers [[code audit|auditing]] the [[source code]] for [[software bug]]s and security problems. The project maintains strict policies on licensing and prefers the open source [[BSD license|BSD licence]] and its variants—in the past this has led to a comprehensive licence audit and moves to remove or replace code under licences found less acceptable. |
|||
| {{Version |o |2.0}} |
|||
| 1 October 1996 |
|||
| |
|||
| |
|||
* The first official release of OpenBSD,<ref>{{cite web|title=Changes|url=http://www.openbsd.org/plus.html|archive-url=https://web.archive.org/web/19971018165539/http://www.openbsd.org/plus.html|archive-date=18 October 1997}}</ref><ref>{{cite web|title=OpenBSD 2.0|url=http://wolfram.schneider.org/bsd/ftp/releases/OpenBSD-2.0|access-date=9 October 2018}}</ref> and also the point at which [[XFree86]] first recognized OpenBSD as separate from [[NetBSD]]. |
|||
* Initial integration of the [[FreeBSD ports]] system. |
|||
* Replacement of [[Gawk (GNU package)|gawk]] with the [[AT&T]] [[awk]]. |
|||
* Integration of [[zlib]]. |
|||
* Added [[sudo]]. |
|||
|- |
|||
In common with most other BSD-based operating systems, the OpenBSD [[kernel (computer science)|kernel]] and [[userland]] programs, such as the [[Unix shell|shell]] and common tools like [[cat (Unix)|cat]] and [[ps (Unix)|ps]], are developed together in a single source repository. Third-party software is available as binary packages or may be built from source using the [[ports collection]]. |
|||
| {{Version |o |2.1}} |
|||
| 1 June 1997 |
|||
| |
|||
| Replacement of the older sh with [[pdksh]].<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/21.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
OpenBSD currently runs on 16 different hardware [[Platform (computing)|platforms]], including the [[DEC Alpha]], [[Intel]] [[Intel 80386|i386]], [[Hewlett-Packard]] [[PA-RISC]], [[AMD]] [[AMD64]] and [[Motorola 68000]] processors, [[Apple Computer|Apple]]'s [[PowerPC]] machines, [[Sun Microsystems|Sun]] [[SPARC]] and SPARC64-based computers, the [[VAX]] and the [[Sharp Zaurus]]. |
|||
| {{Version |o |2.2}} |
|||
| 1 December 1997 |
|||
| |
|||
| Addition of the <code>afterboot(8)</code> man page.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/22.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
==History and popularity== |
|||
| {{Version |o |2.3}} |
|||
{{see_also|OpenBSD timeline}} |
|||
| 19 May 1998 |
|||
| |
|||
| Introduced the ''haloed daemon'', or [[BSD Daemon|aureola beastie]], in head-only form created by Erick Green.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/23.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
[[Image:Openbsd23cover.gif|thumb|225px|The OpenBSD 2.3 CD cover with the original mascot, before Puffy appeared with release 2.7]] |
|||
| {{Version |o |2.4}} |
|||
| 1 December 1998 |
|||
| |
|||
| Featured the complete ''haloed daemon'', with [[trident]] and a finished body.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/24.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
In December 1994, NetBSD co-founder [[Theo de Raadt]] was asked to resign his position as a senior developer and member of the NetBSD core team, and his access to the source code repository was revoked. The reason for this is not wholly clear, although there are claims that it was due to personality clashes within the NetBSD project and on its [[Electronic mailing list|mailing lists]].<ref>Glass, Adam. Message to netbsd-users: ''[http://mail-index.netbsd.org/netbsd-users/1994/12/23/0000.html Theo De Raadt(sic)],'' December 23, 1994. Visited January 8, 2006.</ref> De Raadt has been criticized for having a sometimes abrasive personality: in his book, ''Free For All'', Peter Wayner claims that de Raadt "began to rub some people the wrong way" before the split from NetBSD;<ref>Wayner, Peter. ''Free For All: How Linux and the Free Software Movement Undercut the High Tech Titans,'' [http://www.jus.uio.no/sisu/free.for.all.peter.wayner/18.html#987 18.3 Flames, Fights, and the Birth of OpenBSD], 2000. Visited January 6, 2006.</ref> [[Linus Torvalds]] has described him as "difficult;"<ref>Forbes. ''[http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bsd-unix-cz_dl_0616theo.html Is Linux For Losers?]'' June 16, 2005. Visited January 8, 2006.</ref> and an interviewer admits to being "apprehensive" before meeting him.<ref>NewsForge. ''[http://www.newsforge.com/article.pl?sid=01/01/29/1718219 Theo de Raadt gives it all to OpenBSD],'' January 30, 2001. Visited January 8, 2006.</ref> Many have different feelings: the same interviewer describes de Raadt's "transformation" on founding OpenBSD and his "desire to take care of his team," some find his straightforwardness refreshing, and few deny he is a talented [[programmer|coder]]<ref>In [http://mail-index.netbsd.org/netbsd-users/1994/12/23/0000.html this message] the NetBSD core team acknowledge de Raadt's "positive contributions" to the project despite their problems with him.</ref> and security "guru."<ref>Tux Journal. ''[http://www.tuxjournal.net/intervista3-en.html A good morning with: Theo de Raadt],'' June 2, 2005. Visited April 21, 2006</ref> |
|||
| {{Version |o |2.5}} |
|||
| 19 May 1999 |
|||
| |
|||
| Introduced the Cop daemon image done by Ty Semaka.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/25.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
[[Image:Smallbsdusage.gif|left|thumb|175px|Proportion of users of each BSD variant from a BSD usage survey. Each participant was permitted to indicate multiple BSD variants]] |
|||
| {{Version |o |2.6}} |
|||
In October 1995, de Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial [[Software release|release]], OpenBSD 1.2, was made in July 1996, followed in October of the same year by OpenBSD 2.0.<ref>de Raadt, Theo. Mail to openbsd-announce: ''[http://www.monkey.org/openbsd/archive2/announce/199610/msg00001.html The OpenBSD 2.0 release],'' October 18, 1996. Visited December 10, 2005.</ref> Since then, the project has followed a schedule of a release every six months, each of which is maintained and supported for one year. The latest release, OpenBSD 3.9, appeared<ref>Beck, Bob. Mail to openbsd-announce: ''[http://groups.google.co.uk/group/fa.openbsd.announce/msg/1f535e8c74415068 3.9 Release Available].'' Visited May 1, 2006.</ref> on May 1, 2006. |
|||
| 1 December 1999 |
|||
| |
|||
| Based on the original [[Secure Shell|SSH]] suite and developed further by the OpenBSD team, 2.6 saw the first release of [[OpenSSH]], which is now available standard on most Unix-like operating systems and is the most widely used SSH suite.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/26.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
Just how widely OpenBSD is used is hard to ascertain: the developers do not collect and publish usage statistics and there are few other sources of information. The nascent BSD Certification project performed a usage survey which revealed that 32.8% of BSD users (1420 of 4330 respondents) were using OpenBSD,<ref>[http://www.bsdcertification.org/ BSD Certification site]; [[PDF]] of [http://www.bsdcertification.org/downloads/pr_20051031_usage_survey_en_en.pdf usage survey results].</ref> placing it second of the four major BSD variants, behind FreeBSD with 77.0% and ahead of NetBSD with 16.3%.<ref>Multiple selections were permitted as a user may use multiple BSD variants side by side.</ref> The Distrowatch<ref>[http://www.distrowatch.com Distrowatch].</ref> [[website]], well-known in the [[Linux]] community and often used as a reference for popularity, publishes page hits for each of the [[Linux distribution|Linux distributions]] and other operating systems it covers. [[As of 2006|As of August 13, 2006]] it places OpenBSD in 48th place, but fairly close to the average with 114 hits per day. FreeBSD is in 12th place with 532 hits per day and a number of Linux distributions range between them. From these statistics, it is possible to conclude that OpenBSD is a substantial presence in the BSD world, with somewhere around a third of the userbase of FreeBSD, and is not unnoticed in the wider open source and [[free software]] operating system community. |
|||
| {{Version |o |2.7}} |
|||
| 15 June 2000 |
|||
| |
|||
| Support for SSH2 added to OpenSSH.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/27.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
==Open source and open documentation== |
|||
| {{Version |o |2.8}} |
|||
When OpenBSD was created, Theo de Raadt decided that the source should be available for anyone to read at any time, so, with the assistance of [[Chuck Cranor]],<ref>[http://chuck.cranor.org/ Chuck Cranor's site].</ref> he set up a public, anonymous [[Concurrent Versions System|CVS]] server. This was the first of its kind in the software development world: at the time, the practice was for only a small team of developers to have access to the CVS repository, a practice which had some flaws, notably that as outside contributors had no way to know what had been done, contributed patches would often be duplicates of already completed work. This decision led to the name ''OpenBSD'' and marked the start of the project's insistence on open and public access to source and documentation. |
|||
| 1 December 2000 |
|||
| |
|||
| <code>isakmpd(8)</code><ref>{{cite web|title=OpenBSD 2.8 Changelog|url=https://www.openbsd.org/plus28.html|access-date=10 August 2021}}</ref> |
|||
|- |
|||
A revealing incident regarding open documentation occurred in March 2005, when de Raadt made a post<ref>de Raadt, Theo. Mail to openbsd-misc: ''[http://marc.theaimsgroup.com/?l=openbsd-misc&m=111118558813932 Adaptec AAC raid support],'' March 18, 2005. Visited December 9, 2005.</ref> to the ''openbsd-misc'' [[mailing list]] asserting that after four months of discussion, [[Adaptec]] had yet to disclose documentation needed to improve the OpenBSD [[Device driver|drivers]] for their AAC [[Redundant array of independent disks|RAID]] controllers. As in similar circumstances in the past, he encouraged the OpenBSD community to become involved and express their opinion to Adaptec. Shortly after this, FreeBSD committer, former Adaptec employee and author of the FreeBSD AAC RAID support Scott Long<ref>[http://people.freebsd.org/~scottl/ Scott Long's site].</ref> made a comment<ref>Long, Scott. Post to OSNews: ''[http://osnews.com/comment.php?news_id=10032&offset=15&rows=28#350222 From a BSD and former Adaptec person...],'' March 19, 2005. Visited December 9, 2005.</ref> on the [[OSNews]] website castigating de Raadt for not making contact with him regarding the issues with Adaptec. This caused the discussion to spill over onto the ''freebsd-questions'' mailing list, where the OpenBSD project leader countered<ref>de Raadt, Theo. Mail to freebsd-questions: ''[http://lists.freebsd.org/pipermail/freebsd-questions/2005-March/081294.html aac support],'' March 19, 2005. Visited December 9, 2005.</ref> by claiming that he had received no previous offer of help from Scott Long, nor had Adaptec informed him that this was who he should contact. The debate was amplified<ref>de Raadt, Theo. Mail to freebsd-questions: ''[http://lists.freebsd.org/pipermail/freebsd-questions/2005-March/081313.html aac support],'' March 19, 2005. Visited December 9, 2005.</ref> by disagreements between members of the two camps regarding the use of [[binary blob]] drivers and [[non-disclosure agreement]]s (NDAs): OpenBSD developers do not permit the inclusion of [[closed source]] binary drivers in the source tree and are reluctant to sign NDAs. However, the policy of the FreeBSD project has been less strict and much of the Adaptec RAID management code Scott Long proposed as assistance for OpenBSD was in closed source form or written under an NDA. As no documentation was forthcoming before the deadline for release of OpenBSD 3.7, support for Adaptec AAC RAID controllers was removed from the standard OpenBSD kernel. |
|||
| {{Version |o |2.9}} |
|||
| 1 June 2001 |
|||
| |
|||
| |
|||
Filesystem performance increases from softupdates and dirpref code.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/29.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
| {{Version |o |3.0}} |
|||
| 1 December 2001 |
|||
| |
|||
| |
|||
''E-Railed (OpenBSD Mix)'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/30.html|access-date=9 October 2018}}</ref> a [[Techno music|techno]] track performed by the release mascot ''Puff Daddy'', the famed rapper and political icon. |
|||
* After license restrictions were imposed on [[IPFilter]], the [[PF (firewall)|pf]] packet filter was developed. pf is now available in [[DragonFly BSD]], [[NetBSD]] and [[FreeBSD]]. |
|||
|- |
|||
==Licensing== |
|||
| {{Version |o |3.1}} |
|||
[[Image:Openbsd37withjwm.png|thumb|250px|right|OpenBSD 3.7 running [[X.Org Server|X.Org]] with the [[JWM]] window manager]] |
|||
| 19 May 2002 |
|||
A goal of the OpenBSD project is to "maintain the spirit of the original Berkeley Unix copyrights," which permitted a "relatively un-encumbered Unix source distribution."<ref>OpenBSD.org. ''[http://www.openbsd.org/policy.html Copyright Policy].'' Visited January 7, 2006.</ref> To this end, the [[Internet Systems Consortium]] (ISC) licence, a simplified version of the BSD licence with wording removed that is unnecessary under the [[Berne Convention for the Protection of Literary and Artistic Works|Berne convention]], is preferred for new code, but the [[MIT License|MIT]] or BSD licences are accepted. The widely used [[GNU General Public License]] is considered overly restrictive in comparison with these:<ref>NewsForge. ''[http://os.newsforge.com/article.pl?sid=05/06/09/2132233 BSD cognoscenti on Linux],'' June 15, 2005. Visited January 7, 2006.</ref> code licensed under it, and other licences the project sees as undesirable, is no longer accepted for addition to the base system. In addition, existing code under such licences is actively replaced or relicensed when possible, except in some cases, such as the [[GNU Compiler Collection]] (GCC), where there is no suitable replacement and creating one would be time-consuming and impractical. Despite this, OpenBSD has made some significant strides in this area: of particular note is the development of [[OpenSSH]], based on the original [[Secure Shell|SSH]] suite and developed further by the OpenBSD team. It first appeared in OpenBSD 2.6 and is now the single most popular SSH implementation, available as standard or as a package on many operating systems. Also worth mentioning is the development, after licence restrictions were imposed on [[IPFilter]], of the [[PF (firewall)|PF]] packet filter, which first appeared<ref>Hartmeier, Daniel. [http://www.benzedrine.cx/pf-paper.html Design and Performance of the OpenBSD Stateful Packet Filter (pf)]. Visited December 9, 2005.</ref> in OpenBSD 3.0 and is now available in [[DragonFly BSD]], NetBSD and FreeBSD; more recently, OpenBSD releases have seen the GPL licensed tools [[diff]], [[grep]], [[gzip]], [[Bc programming language|bc]], [[Dc (Unix)|dc]], [[Nm (Unix)|nm]] and [[Size (Unix)|size]] replaced with BSD licensed equivalents. OpenBSD developers are also behind [[OpenBGPD]], [[OpenOSPFD]], [[OpenNTPD]] and [[OpenCVS]], BSD licensed alternatives to existing software. |
|||
| |
|||
| ''Systemagic'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/31.html|access-date=9 October 2018}}</ref> where ''Puffy, the Kitten Slayer'', battles evil [[script kitties]]. Inspired by the works of [[Rammstein]] and a parody of [[Buffy the Vampire Slayer (TV series)|Buffy the Vampire Slayer]]. |
|||
* First official remote security hole - OpenSSH integer overflow<ref>{{cite web|title=Errata|url=https://www.openbsd.org/errata31.html#sshderrata31 006|access-date=9 October 2018}}</ref> |
|||
|- |
|||
In June of 2001, triggered by concerns over [[Darren Reed]]'s modification of IPFilter's licence wording, a systematic licence audit of the OpenBSD ports and source trees was undertaken.<ref>NewsForge. ''[http://www.newsforge.com/article.pl?sid=01/06/06/169245 OpenBSD and ipfilter still fighting over license disagreement],'' June 06, 2001. Visited November 23, 2005.</ref> Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the licence. To ensure that all licences were properly adhered to, an attempt was made to contact all the relevant [[copyright]] holders: some pieces of code were removed, many were replaced, and others, including the [[multicast]] routing tools, mrinfo and map-mbone,<ref>Man pages: [http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo mrinfo] and [http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone map-mbone].</ref> which were licensed by [[Xerox]] for research only, were relicensed so that OpenBSD could continue to use them. Also of note during this audit was the removal of all software produced by [[Daniel J. Bernstein]] from the OpenBSD ports tree. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort.<ref>de Raadt, Theo. Mail to openbsd-misc: ''[http://archives.neohapsis.com/archives/openbsd/2001-08/2544.html Re: Why were all DJB's ports removed? No more qmail?],'' August 24, 2001. Visited December 9, 2005.</ref> The removal led to a clash with Bernstein, who felt it to be uncalled for, cited the [[Netscape]] [[web browser]] as much less free and accused developers of hypocrisy for permitting it to remain while removing his software.<ref>Bernstein, DJ. Mail to openbsd-misc: ''[http://archives.neohapsis.com/archives/openbsd/2001-08/2812.html Re: Why were all DJB's ports removed? No more qmail?],'' August 27, 2001. Visited December 9, 2005.</ref> The OpenBSD project's stance was that Netscape, although not open source, had licence conditions that were much easier to meet;<ref>Espie, Marc. Mail to openbsd-misc: ''[http://archives.neohapsis.com/archives/openbsd/2001-08/2864.html Re: Why were all DJB's ports removed? No more qmail?],'' August 28, 2001. Visited December 9, 2005.</ref> they asserted that Bernstein's demand for control of derivatives would lead to a great deal of additional work and that removal was the most appropriate way to comply with his requirements. At present, Daniel J. Bernstein's software is still absent from the ports tree. |
|||
| {{Version |o |3.2}} |
|||
| 1 November 2002 |
|||
| |
|||
| ''Goldflipper'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/32.html|access-date=9 October 2018}}</ref> a tale in which ''James Pond, agent 077'', super spy and suave lady's man, deals with the dangers of a hostile internet. Styled after the orchestral introductory ballads of [[James Bond]] films. |
|||
|- |
|||
==Security and code auditing== |
|||
| {{Version |o |3.3}} |
|||
{{details|OpenBSD security features}} |
|||
| 1 May 2003 |
|||
Shortly after OpenBSD's creation, Theo de Raadt was contacted by a local security software company named Secure Networks, Inc. or SNI.<ref>The Age. ''[http://www.theage.com.au/articles/2004/10/07/1097089476287.html Staying on the cutting edge],'' October 8, 2004. Visited January 8, 2006.</ref><ref>ONLamp.com. Interview with OpenBSD developers: ''[http://www.onlamp.com/pub/a/bsd/2003/07/17/openbsd_core_team.html The Essence of OpenBSD],'' July 17, 2003. Visited December 18, 2005.</ref> They were developing a "network security auditing tool" called Ballista (later renamed to Cybercop Scanner after SNI was purchased by [[McAfee|Network Associates]]) which was intended to find and attempt to [[Exploit (computer security)|exploit]] possible software security flaws. This coincided well with de Raadt's own interest in security, so the two agreed to cooperate, a relationship that was of particular use leading up to the release of OpenBSD 2.3<ref>Theo de Raadt on SNI: "Without their support at the right time, this release probably would not have happened." From the [http://www.monkey.org/openbsd/archive/misc/9805/msg00308.html 2.3 release announcement]. Visited December 19, 2005.</ref> and helped to form the focal point of the project: OpenBSD developers would attempt to do what was right, proper or secure, even at the cost of ease, speed or functionality. As bugs within OpenBSD became harder to find and exploit, the security company found that it was too difficult, or not cost effective, to handle such obscure problems. After years of cooperation, the two parties decided that their goals together had been met and parted ways. |
|||
| |
|||
| |
|||
''Puff the Barbarian'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/33.html|access-date=9 October 2018}}</ref> born in a tiny bowl; Puff was a slave, now he hacks through the C, searching for the [[AMD64|Hammer]]. It is an 80s rock-style song and parody of [[Conan the Barbarian]] dealing with open documentation. |
|||
* In 2003, code from [[ALTQ]], which had a license disallowing the sale of derivatives, was [[Software relicensing|relicensed]], integrated into pf and made available in OpenBSD 3.3. |
|||
* First release adding the [[W^X]] feature, a fine-grained memory permissions layout, ensuring that memory which can be written to by application programs can not be executable at the same time and vice versa. |
|||
|- |
|||
Until June 2002, the OpenBSD website featured the slogan: |
|||
| {{Version |o |3.4}} |
|||
| 1 November 2003 |
|||
| |
|||
| |
|||
''The Legend of Puffy Hood'' where ''Sir Puffy of Ramsay'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/34.html|access-date=9 October 2018}}</ref> a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all. Tells of the [[POSSE project]]'s cancellation. An unusual blend of both [[Hip hop music|hip-hop]] and medieval-style music, a parody of the tale of [[Robin Hood]] intended to express OpenBSD's attitude to free speech. |
|||
* i386 platform switched executable format from [[a.out]] to [[Executable and Linkable Format]] |
|||
* The GPL licensed [[gzip]] was replaced by retooling the existing [[compress]] tool to include its functionality. |
|||
* The GPL licensed [[grep]] was replaced with [[JamesHoward:FreeGrep|FreeGrep]], an updated BSD licensed grep. This new grep is now also available in NetBSD. |
|||
* A public domain [[diff]] was updated and used to replace the GPL licensed diff previously included. |
|||
* Code from the [[GNU Lesser General Public License|LGPL]] licensed <ref>{{cite web|title=p0f|url=http://www.stearns.org/p0f/p0f|access-date=9 October 2018}}{{Dead link|date=March 2023 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> was relicensed to allow pf to feature passive operating system detection. |
|||
* [[Address space layout randomization]] (ASLR) by default<ref name="OpenBSD_Innovations-ASLR-PIE">{{cite web|title=OpenBSD Innovations|url=https://www.openbsd.org/innovations.html|publisher=The OpenBSD project|access-date=12 September 2016}}</ref> |
|||
* Basic sysctl [[hw.sensors]] API introduced for [[hardware monitoring]].<ref name=sensors-abc2009/> |
|||
|- |
|||
{{cquote|No remote computer hole in the default install, in nearly 6 years.}} |
|||
| {{Version |o |3.5}} |
|||
| 1 May 2004 |
|||
| |
|||
| |
|||
''CARP License'' and ''Redundancy must be free'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/35.html|access-date=9 October 2018}}</ref> where a fish seeking to license his free redundancy protocol, CARP, finds trouble with the red tape. A parody of the [[Fish Licence]] skit and [[Eric the Half-a-Bee Song]] by [[Monty Python]], with an anti-software patents message. |
|||
* [[Common Address Redundancy Protocol|CARP]], an open alternative to the [[Hot Standby Router Protocol|HSRP]] and [[Virtual Router Redundancy Protocol|VRRP]] redundancy systems available from commercial vendors.<ref name=onlamp-35-1>{{cite web |
|||
|url= http://www.onlamp.com/lpt/a/4767 |
|||
|title= OpenBSD PF Developer Interview |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 15 April 2004 |archive-url= https://web.archive.org/web/20040508140530/http://www.onlamp.com/lpt/a/4767 |
|||
|access-date=20 March 2019 |
|||
|archive-date= 8 May 2004 |
|||
}}</ref><ref name=onlamp-35-2>{{cite web |
|||
|url= http://www.onlamp.com/lpt/a/4839 |
|||
|title= OpenBSD PF Developer Interview, Part 2 |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 6 May 2004 |archive-url= https://web.archive.org/web/20040619005622/http://www.onlamp.com/lpt/a/4839 |
|||
|access-date=20 March 2019 |
|||
|archive-date= 19 June 2004 |
|||
}}</ref> |
|||
* GPL licensed parts of the GNU tool-set, [[Bc programming language|bc]],<ref>{{cite web|title=bc(1)|url=https://man.openbsd.org/bc.1|access-date=9 October 2018}}</ref> [[Dc (Unix)|dc]],<ref>{{cite web|title=dc(1)|url=https://man.openbsd.org/OpenBSD-5.9/man1/dc.1|access-date=9 October 2018}}</ref> [[Nm (Unix)|nm]]<ref>{{cite web|title=nm(1)|url=https://man.openbsd.org/nm.1|access-date=9 October 2018}}</ref> and size,<ref>{{cite web|title=size(1)|url=https://man.openbsd.org/size.1|access-date=9 October 2018}}</ref> were all replaced with BSD licensed equivalents. |
|||
* [[AMD64]] platform becomes stable enough for release and is included for the first time as part of a release. |
|||
|- |
|||
In June 2002, Mark Dowd of [[Internet Security Systems]] disclosed a bug in the OpenSSH code implementing [[Challenge-response authentication|challenge-response]] [[authentication]].<ref>Internet Security Systems. [http://xforce.iss.net/xforce/alerts/id/advise123 OpenSSH Remote Challenge Vulnerability], June 26, 2002. Visited December 17, 2005.</ref> This was the first and, so far, only [[Vulnerability (computer science)|vulnerability]] discovered in the OpenBSD default installation allowing an attacker remote access to the [[superuser|root]] account—it was extremely serious, partly due to the widespread use of OpenSSH by that time: the bug affected a considerable number of other operating systems.<ref>[http://xforce.iss.net/xforce/xfdb/9169 A partial list of affected operating systems].</ref> This problem necessitated the adjustment of the slogan on the OpenBSD website to: |
|||
| {{Version |o |3.6}} |
|||
| 1 November 2004 |
|||
| |
|||
| |
|||
''Pond-erosa Puff (live)'' was the tale of ''Pond-erosa Puff'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/36.html|access-date=9 October 2018}}</ref> a no-guff freedom fighter from the wild west, set to hang a lickin' on no-good bureaucratic nerds who encumber software with needless words and restrictions. The song was styled after the works of [[Johnny Cash]], a parody of the [[Spaghetti Western]] and [[Clint Eastwood]] and inspired by liberal license enforcement. |
|||
* [[OpenNTPD]], a compatible alternative to the reference NTP daemon, was developed within the OpenBSD project. The goal of OpenNTPD was not solely a compatible license. It also aims to be a simple, secure NTP implementation providing acceptable accuracy for most cases, without requiring detailed configuration.<ref>{{cite web|title=Release Notes|url=https://www.openntpd.org/goals.html|access-date=9 October 2018}}</ref><ref name=onlamp-36/> |
|||
* Because of its questionable security record and doubts of developers for better future development, OpenBSD removed [[Wireshark|Ethereal]] from its ports tree prior to its 3.6 release. |
|||
* Added support for [[I2C|I<sup>2</sup>C]] master/slave devices<ref name=onlamp-36>{{cite web |
|||
|url= http://www.onlamp.com/lpt/a/5302 |
|||
|title= OpenBSD 3.6 Live |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 28 October 2004 |archive-url= https://web.archive.org/web/20041029232336/http://www.onlamp.com/lpt/a/5302 |
|||
|access-date=20 March 2019 |
|||
|archive-date= 29 October 2004 |
|||
}}</ref> |
|||
|- |
|||
{{cquote|Only one remote hole in the default install, in more than 8 years.}} |
|||
| {{Version |o |3.7}} |
|||
| 19 May 2005 |
|||
| |
|||
| ''[[Wizard of OS (song)|The Wizard of OS]]'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/37.html|access-date=9 October 2018}}</ref> where ''Puffathy'', a little [[Alberta]] girl, must work with [[Taiwan]] to save the day by getting unencumbered [[wireless]]. This release was styled after the works of [[Pink Floyd]] and a parody of The [[The Wizard of Oz (1939 film)|Wizard of Oz]]; this dealt with wireless hacking.<ref name=onlamp-37>{{cite web |
|||
|url= http://www.onlamp.com/pub/a/bsd/2005/05/19/openbsd_3_7.html |
|||
|title= OpenBSD 3.7: The Wizard of OS |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 19 May 2005 |archive-url= https://web.archive.org/web/20050521234307/http://www.onlamp.com/pub/a/bsd/2005/05/19/openbsd_3_7.html |
|||
|access-date=20 March 2019 |
|||
|archive-date= 21 May 2005 |
|||
}}</ref> |
|||
|- |
|||
This statement has been criticized because little is enabled in a default install of OpenBSD and releases have included software that was later found to have remote holes; however, the project maintains that the slogan is ''intended'' to refer to a default install and that it is correct by that measure. One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean and [[secure by default]]. For example, OpenBSD's minimal defaults fit in with standard computer security practice of enabling as few services as possible on production machines, and the project uses open source and code auditing practices argued to be important elements of a security system.<ref>Wheeler, David A. Secure Programming for Linux and Unix HOWTO, [http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/open-source-security.html 2.4. Is Open Source Good for Security?], March 3, 2003. Visited December 10, 2005.</ref> |
|||
| {{Version |o |3.8}} |
|||
| 1 November 2005 |
|||
| 1 November 2006 |
|||
| ''Hackers of the Lost RAID'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/38.html|access-date=9 October 2018}}</ref> which detailed the exploits of ''Puffiana Jones'', famed hackologist and adventurer, seeking out the Lost RAID, Styled after the radio [[Serial (radio and television)|serials]] of the 1930s and 40s, this was a [[parody]] of [[Indiana Jones]] and was linked to the new RAID tools featured as part of this release. This is the first version released without the [[telnet]] daemon which was completely removed from the source tree by Theo de Raadt in May 2005.<ref>{{cite web |url=http://marc.info/?l=openbsd-cvs&m=111700017509177&w=2 |quote=Removed files: libexec/telnetd |title=CVS: cvs.openbsd.org: src |first1=Theo |last1=de Raadt |author-link1= Theo de Raadt |website=OpenBSD-CVS mailing list}}</ref> |
|||
* [[bioctl]] introduced as a new universal [[RAID]] management tool (similar to [[ifconfig]])<ref name=onlamp-38>{{cite web |
|||
|url= http://www.onlamp.com/lpt/a/6270 |
|||
|title= OpenBSD 3.8: Hackers of the Lost RAID |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 20 October 2005 |archive-url= https://web.archive.org/web/20051227050708/http://www.onlamp.com/lpt/a/6270 |
|||
|access-date=20 March 2019 |
|||
|archive-date= 27 December 2005 |
|||
}}</ref> |
|||
|- |
|||
| {{Version |o |3.9}} |
|||
| 1 May 2006 |
|||
| 1 May 2007 |
|||
| |
|||
''Attack of the Binary BLOB'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/39.html|access-date=9 October 2018}}</ref> which chronicles the developer's fight against [[binary blobs]] and [[vendor lock-in]],<ref name=onlamp-39/> a parody of the 1958 film [[The Blob]] and the pop-rock music of the era. |
|||
* Enhanced [[OpenBGPD]] feature-set. |
|||
* Improved [[hw.sensors|hardware sensors]] support, including a new [[Intelligent Platform Management Interface|IPMI]] subsystem and a new [[I2C|I<sup>2</sup>C]] scan subsystem; number of drivers using the sensors framework increased to a total of 33 drivers (compared to 9 in the prior 3.8 release 6 months ago).<ref name=sensors-abc2009/><ref name=onlamp-39>{{cite web |
|||
|url= http://www.onlamp.com/lpt/a/6557 |
|||
|title= OpenBSD 3.9: Blob-Busters Interviewed |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 27 April 2006 |archive-url= https://web.archive.org/web/20060512051701/http://www.onlamp.com/lpt/a/6557 |
|||
|access-date=19 March 2019 |
|||
|archive-date= 12 May 2006 |
|||
}}</ref> |
|||
|- |
|||
[[Image:Openbsd38boot.png|thumb|250px|right|OpenBSD 3.8-current booting. 3.8 saw security changes to the ''[[malloc]]'' function]] |
|||
| {{Version |o |4.0}} |
|||
| 1 November 2006 |
|||
| 1 November 2007 |
|||
| ''Humppa Negala'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/40.html|access-date=9 October 2018}}</ref> a [[Hava Nagilah]] parody with a portion of [[Entrance of the Gladiators]] and [[Humppa]] music fused together, with no story behind it, simply a [[Homage (arts)|homage]] to one of the OpenBSD developers' favorite genres of music.<ref name=onlamp-40>{{cite web |
|||
|url= http://www.oreillynet.com/lpt/a/6769 |
|||
|title= OpenBSD 4.0: Pufferix's Adventures |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 26 October 2006 |archive-url= https://web.archive.org/web/20070310145538/http://www.oreillynet.com/lpt/a/6769 |
|||
|access-date=19 March 2019 |
|||
|archive-date= 10 March 2007 |
|||
}}</ref> |
|||
* Second official remote security hole - buffer overflow by malformed [[ICMPv6]] packets <ref>{{cite web|title=Errata|url=https://www.openbsd.org/errata40.html#m_dup1errata40 010|access-date=9 October 2018}}</ref> |
|||
|- |
|||
OpenBSD includes a large number of specific features designed to improve security, including [[Application programming interface|API]] and [[toolchain]] alterations, such as the ''[[strlcpy]]'' and ''strlcat'' functions and a [[Static code analysis|static bounds checker]]; memory protection techniques to guard against invalid accesses, such as [[Stack-smashing protection#GCC Stack-Smashing Protector (ProPolice)|ProPolice]], [[Stack-smashing protection#StackGhost (hardware-based)|StackGhost]], the [[W^X]] (W [[Exclusive or|xor]] X) page protection features, as well as alterations to ''[[malloc]]''; and [[cryptography]] and [[randomization]] features, including [[Protocol stack|network stack]] enhancements and the addition of the [[Blowfish (cipher)|Blowfish]] cipher for [[password]] [[encryption]]. To reduce the risk of a vulnerability or misconfiguration allowing [[privilege escalation]], some programs have been written or adapted to make use of [[privilege separation]], [[privilege revocation]] and [[chroot]]ing. Privilege separation is a technique, pioneered on OpenBSD and inspired by the [[principle of least privilege]], where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.<ref>Provos, Niels. [http://www.citi.umich.edu/u/provos/ssh/privsep.html Privilege Separated OpenSSH]. Visited January 30, 2006.</ref> Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them, and chrooting involves restricting an application to one section of the [[file system]], prohibiting it from accessing areas that contain private or system files. Developers have applied these features to OpenBSD versions of common applications, including [[tcpdump]] and the [[Apache (webserver)|Apache]] [[web server]], which, due to licensing issues with the later Apache 2 series, is a heavily patched 1.3 release. |
|||
| {{Version |o |4.1}} |
|||
| 1 May 2007 |
|||
| 1 May 2008 |
|||
| ''Puffy Baba and the 40 Vendors'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/41.html|access-date=9 October 2018}}</ref> a parody of the [[Arabic]] [[fable]] [[Ali Baba]] and the Forty Thieves, part of the book of [[One Thousand and One Nights]], in which [[Linux]] developers are mocked over their allowance of [[non-disclosure agreement]]s when developing software while at the same time implying hardware vendors are [[criminals]] for not releasing documentation required to make reliable device drivers.<ref name=onlamp-41>{{cite web |
|||
|url= http://www.onlamp.com/lpt/a/7008 |
|||
|title= OpenBSD 4.1: Puffy Strikes Again |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 3 May 2007 |archive-url= https://web.archive.org/web/20080518094717/http://www.onlamp.com/lpt/a/7008 |
|||
|access-date=19 March 2019 |
|||
|archive-date= 18 May 2008 |
|||
}}</ref> |
|||
* Redesigned sysctl [[hw.sensors]] into a two-level sensor API;<ref name=sensors-undeadly06>{{Cite web |
|||
|author= Constantine A. Murenin |
|||
|editor = Marco Peereboom |
|||
|date= 30 December 2006 |
|||
|url= http://undeadly.org/cgi?action=article&sid=20061230235005 |
|||
|title= New two-level sensor API |
|||
|website = [[OpenBSD Journal]] |
|||
|access-date= 4 March 2019 |
|||
}}</ref><ref name=sensors-ieee07>{{Cite conference |
|||
|author= Constantine A. Murenin |date= 17 April 2007 |
|||
|url = http://sensors.cnst.su/IEEE_ICNSC_2007 |
|||
|section = 4.3. What we have proposed and implemented |
|||
|title= Generalised Interfacing with Microprocessor System Hardware Monitors |
|||
|conference= Proceedings of 2007 IEEE International Conference on Networking, Sensing and Control, 15–17 April 2007. |
|||
|location= London, United Kingdom |
|||
|publisher=[[Institute of Electrical and Electronics Engineers|IEEE]] |
|||
|pages = 901–906 |doi = 10.1109/ICNSC.2007.372901 |isbn = 978-1-4244-1076-7 |
|||
|id = IEEE ICNSC 2007, pp. 901–906. |
|||
}}</ref> a total of 46 device drivers exporting sensors through the framework with this release.<ref name=sensors-abc2009>{{Cite conference |
|||
|author1= Constantine A. Murenin |
|||
|author2= Raouf Boutaba |
|||
|author2-link = Raouf Boutaba |
|||
|date= 17 March 2009 |
|||
|url= http://www.openbsd.org/papers/asiabsdcon2009-sensors-paper.pdf |
|||
|section= 6. Evolution of the framework |
|||
|title= OpenBSD Hardware Sensors Framework. |
|||
|conference= AsiaBSDCon 2009 Proceedings, 12–15 March 2009 |
|||
|location= Tokyo University of Science, Tokyo, Japan |
|||
|publication-date= 14 March 2009 |
|||
|archive-url= https://web.archive.org/web/20100620015220/http://openbsd.org/papers/asiabsdcon2009-sensors-paper.pdf |
|||
|archive-date= 20 June 2010 |
|||
|url-status= live |
|||
|access-date= 4 March 2019 |
|||
}} [https://2009.asiabsdcon.org/papers/abc2009-P3B-paper.pdf Alt URL]</ref> |
|||
|- |
|||
The project has a policy of continually [[Computer security audit|auditing]] code for security problems, work developer Marc Espie has described as "never finished … more a question of process than of a specific bug being hunted."<ref>O'Reilly Network. ''[http://www.onlamp.com/pub/a/bsd/2004/03/18/marc_espie.html An Interview with OpenBSD's Marc Espie],'' March 18, 2004. Visited January 24, 2006.</ref> He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended," and investigating whether "it's possible to augment the compiler to warn against this specific problem." Along with DragonFly BSD, OpenBSD is one of the two open source operating systems with a policy of seeking out examples of classic, [[C programming language#K&R C|K&R C]] code and converting it to the more modern [[ANSI C|ANSI]] equivalent—this involves no functional change and is purely for readability and consistency reasons. A standard code style, the [[Kernel Normal Form]], which dictates how code must look in order to be easily maintained and understood, must be applied to all code before it is considered for inclusion in the base operating system; existing code is actively updated to meet the style requirements. |
|||
| {{Version |o |4.2}} |
|||
| 1 November 2007 |
|||
| 1 November 2008 |
|||
| ''100001 1010101'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/42.html|access-date=9 October 2018}}</ref> the Linux kernel developers gets a knock for violating the ISC-style license of OpenBSD's open hardware abstraction layer for Atheros wireless cards. |
|||
* Usability of sensorsd improved, allowing zero-configuration monitoring of smart sensors from the [[hw.sensors]] framework (e.g., [[Intelligent Platform Management Interface|IPMI]] or [[bio(4)]]-based), and easier configuration for monitoring of non-smart sensors.<ref name=onlamp-42>{{cite web |
|||
|url= http://onlamp.com/lpt/a/7155 |
|||
|title= Puffy's Marathon: What's New in OpenBSD 4.2 |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 1 November 2007 |archive-url= https://web.archive.org/web/20111013021755/http://onlamp.com/lpt/a/7155 |
|||
|access-date=3 March 2019 |
|||
|archive-date= 13 October 2011 |
|||
}} |
|||
*{{cite web |title=Puffy's Marathon: What's New in OpenBSD 4.2 - ONLamp.com |url=http://undeadly.org/cgi?action=article&sid=20071102080000 |website=OpenBSD Journal}}</ref> |
|||
|- |
|||
| {{Version |o |4.3}} |
|||
| 1 May 2008 |
|||
| 1 May 2009 |
|||
| ''Home to Hypocrisy''<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/43.html|access-date=9 October 2018}}</ref><ref name=onlamp-43>{{cite web |
|||
|url= http://www.onlamp.com/lpt/a/7290 |
|||
|title= Puffy and the Cryptonauts: What's New in OpenBSD 4.3 |
|||
|author= Federico Biancuzzi |
|||
|website= ONLamp |publisher= [[O'Reilly Media]] |
|||
|date= 29 April 2008 |archive-url= https://web.archive.org/web/20080506054059/http://www.onlamp.com/lpt/a/7290 |
|||
|access-date=20 March 2019 |
|||
|archive-date= 6 May 2008 |
|||
}}</ref> |
|||
|- |
|||
==Uses== |
|||
| {{Version |o |4.4}} |
|||
OpenBSD's security enhancements, built-in cryptography and the [[PF (firewall)|PF]] firewall suit it for use in the security industry, particularly for [[Firewall (networking)|firewalls]], [[intrusion-detection system]]s and [[Virtual private network|VPN]] gateways. It is also commonly used for servers which need to be resistant against [[Black hat|cracking]] attempts and [[Denial-of-service attack|DoS]] attacks, and due to the inclusion of the [[spamd]] daemon, it occasionally sees use in [[email filtering|mail filtering]] applications. |
|||
| 1 November 2008 |
|||
| 18 October 2009 |
|||
| |
|||
''Trial of the BSD Knights'',<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/44.html|access-date=9 October 2018}}</ref> summarizes the history of [[Berkeley Software Distribution|BSD]] including the [[USL v. BSDi]] lawsuit. The song was styled after the works of [[Star Wars]]. |
|||
* sparc64 port now supports many recent processors: [[Sun Microsystems|Sun]] [[UltraSPARC IV]], [[UltraSPARC T1|T1]], and [[UltraSPARC T2|T2]]; [[Fujitsu]] [[SPARC64 V]], [[SPARC64 VI|VI]], and [[SPARC64 VII|VII]]. |
|||
* New System-on-a-Chip PowerPC port for Freescale devices |
|||
* [[C dynamic memory allocation#OpenBSD.27s malloc|malloc(3)]] [[Address space layout randomization#OpenBSD|randomization]], guard pages, and randomized (delayed) free<ref name="OpenBSD-PIE">{{cite web|url=https://www.openbsd.org/papers/nycbsdcon08-pie/|title=OpenBSD's Position Independent Executable (PIE) Implementation|author=Kurt Miller|year=2008|access-date=22 July 2011| archive-url= https://web.archive.org/web/20110612150147/http://openbsd.org/papers/nycbsdcon08-pie/| archive-date= 12 June 2011 | url-status= live}}</ref><ref name="OpenBSD_Innovations-ASLR-PIE"/><ref name=onlamp-44/> |
|||
* The [[hw.sensors]] framework is used by 68 device drivers, after 7 new drivers were added as of this release.<ref name=onlamp-44>{{cite web |
|||
|url= http://broadcast.oreilly.com/2008/11/source-wars---return-of-the-pu.html |
|||
|title= Source Wars - Return of the Puffy: What's New in OpenBSD 4.4 |
|||
|author= Federico Biancuzzi |
|||
|publisher= [[O'Reilly Media]] |
|||
|date= 3 November 2008 |archive-url= https://web.archive.org/web/20120524040127/http://broadcast.oreilly.com/2008/11/source-wars---return-of-the-pu.html |
|||
|access-date=3 March 2019 |
|||
|archive-date= 24 May 2012 |
|||
}}</ref> |
|||
|- |
|||
There are several proprietary systems which are based on OpenBSD, including Profense from Armorlogic ApS, syswall from Syscall Network Solutions AG, GeNUGate and GeNUBox from GeNUA mbH, HIOBMessenger from topX<ref>[http://www.hiobmessenger.org/en/license.html HIOBMessenger licence page].</ref> and RTMX O/S from RTMX Inc. Of these, both RTMX and GeNUA have contributed back to OpenBSD: RTMX have sent patches to add further [[POSIX]] compliance to the system and GeNUA funded the development of [[Symmetric multiprocessing|SMP]] on the i386 platform. Several open source operating systems have also been derived from OpenBSD, notably [[Anonym.OS]] and [[MirOS BSD]], as well as the now defunct [[ekkoBSD]], [[MicroBSD]] and [[Gentoo/ALT|Gentoo/OpenBSD]]. In addition, code from many of the OpenBSD system tools has been used in recent versions of Microsoft's [[Microsoft Windows Services for UNIX|Services for UNIX]], an extension to the [[Microsoft Windows|Windows]] operating system which provides some Unix-like functionality, originally based on [[Berkeley Software Distribution|4.4BSD-Lite]]. There have also been projects which use OpenBSD as part of images for embedded systems, including [[OpenSoekris]] and [[flashdist]]; together with tools like [[nsh (shell)|nsh]], these allow [[Cisco Systems|Cisco]]-like [[Embedded system|embedded]] devices to be created.<ref>[http://opensoekris.sourceforge.net/ OpenSoekris], [http://www.nmedia.net/~chris/soekris/ flashdist] and [http://www.nmedia.net/~chris/nsh/ nsh].</ref> |
|||
| {{Version |o |4.5}} |
|||
| 1 May 2009 |
|||
| 19 May 2010 |
|||
| ''Games''. It was styled after the works of [[Tron]].<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/45.html|access-date=9 October 2018}}</ref> |
|||
* The [[hw.sensors]] framework is used by 72 device drivers.<ref name=onlamp-45>{{cite web |
|||
|url= http://broadcast.oreilly.com/2009/06/openbsd-45.html |
|||
|title= PuffyTron recommends OpenBSD 4.5 |
|||
|author= Federico Biancuzzi |
|||
|publisher= [[O'Reilly Media]] |
|||
|date= 15 June 2009 |archive-url= https://web.archive.org/web/20090619235238/http://broadcast.oreilly.com/2009/06/openbsd-45.html |
|||
|access-date=19 March 2019 |
|||
|archive-date= 19 June 2009 |
|||
}}</ref><ref name=sensors-mmath/> |
|||
|- |
|||
[[Image:Openbsd38defaultwm.png|thumb|250px|right|OpenBSD 3.8 running [[X.Org Server|X.Org]] with the default [[FVWM]] window manager]] |
|||
| {{Version |o |4.6}} |
|||
| 18 October 2009 |
|||
| 1 November 2010 |
|||
| ''Planet of the Users''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/46.html|access-date=9 October 2018}}</ref> In the style of ''[[Planet of the Apes]]'', Puffy travels in time to find a dumbed-down [[dystopia]], where "[[Bill Gates|one very rich man]] runs the earth with [[Microsoft|one multinational]]". Open-source software has since been replaced by one-button computers, one-channel televisions, and closed-source software which, after you purchase it, becomes obsolete before you have a chance to use it. People subsist on [[soylent green]]. The theme song is performed in the [[reggae rock]] style of [[The Police]]. |
|||
* <code>smtpd(8)</code>, privilege-separated SMTP server |
|||
* <code>tmux(1)</code> terminal multiplexer |
|||
* The [[hw.sensors]] framework is used by 75 device drivers.<ref name=sensors-mmath>{{cite thesis |
|||
|degree= [[Master of Mathematics#Canada|MMath]] |
|||
|author= Constantine A. Murenin |date= 21 May 2010 |
|||
|section = 6.2. Evolution of drivers; Chart VII. Number of drivers using the sensors framework from OpenBSD 3.4 to 4.6. |
|||
|title= OpenBSD Hardware Sensors — Environmental Monitoring and Fan Control. |
|||
|location= [[University of Waterloo]] |publisher= UWSpace |
|||
|url = http://cnst.su/MMathCS |hdl = 10012/5234 |
|||
|id = Document ID: ab71498b6b1a60ff817b29d56997a418. |
|||
}}</ref> |
|||
|- |
|||
OpenBSD ships with the [[X Window System|X window system]]. Following the [[XFree86]] licence change, it includes a recent [[X.Org Server|X.Org]] release; an older XFree86 3.3 release is also available for legacy video cards. With these, it is possible to use OpenBSD as a desktop or workstation, making use of a [[desktop environment]], [[X window manager|window manager]] or both to give the X desktop a wide range of appearances. The OpenBSD ports tree contains many of the most popular tools for desktop use, including desktop environments [[GNOME]], [[KDE]], and [[Xfce]]; web browsers [[Mozilla Firefox]] and [[Opera (web browser)|Opera]]; and [[multimedia]] programs. In addition, graphical software for many uses is available from both the ports tree and by compiling POSIX compliant software. Also available are [[compatibility layer]]s, which allow binary code compiled for other operating systems, including Linux, FreeBSD, [[SunOS]] and [[HP-UX]], to be run. However, since hardware providers such as graphics card manufacturers [[ATI Technologies|ATI]] and [[NVIDIA]] refuse to release open source drivers or documentation for the 3D capabilities of their hardware, OpenBSD lacks accelerated 3D graphics support. |
|||
| {{Version |o |4.7}} |
|||
| 19 May 2010 |
|||
| 1 May 2011 |
|||
| ''I'm Still Here'' <ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/47.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
OpenBSD's performance and usability is occasionally criticized. Performance and scalability tests, most famously Felix von Leitner's tests,<ref>[http://bulk.fefe.de/scalability/ Scalability test results and conclusions].</ref> often show OpenBSD to lag behind other operating systems. OpenBSD users and developers have countered this by asserting that although performance is certainly given consideration, security, reliability and correctness are seen as more important.<ref>Holland, Nick. Mail to openbsd-misc: ''[http://groups.google.co.uk/group/lucky.openbsd.misc/msg/2b6f9d5bf42b712a Re: OpenBSD Benchmarked... results: poor!],'' October 19, 2003. Visited January 8, 2006.</ref> OpenBSD is also a relatively small project, particularly when compared with FreeBSD and Linux, and developer time is sometimes seen as better spent on security enhancements than performance optimisations. Critics of usability often point out the lack of user-friendly configuration tools, the bare default installation,<ref>NewsForge. ''[http://os.newsforge.com/article.pl?sid=05/11/01/1710223 Trying out the new OpenBSD 3.8],'' November 02, 2005. Visited January 8, 2006.</ref> and "spartan" and "intimidating" installer.<ref>NewsForge. ''[http://os.newsforge.com/article.pl?sid=04/07/20/180234 Review: OpenBSD 3.5],'' July 22, 2004. Visited January 8, 2006.</ref> These see much the same rebuttals as performance: a preference for simplicity, reliability and security; as one reviewer admits, "running an ultra-secure operating system can be a bit of work."<ref>Distrowatch. ''[http://distrowatch.com/dwres.php?resource=review-openbsd OpenBSD - For Your Eyes Only],'' 2004. Visited January 8, 2006.</ref> |
|||
| {{Version |o |4.8}} |
|||
| 1 November 2010 |
|||
| 1 November 2011 |
|||
| ''El Puffiachi''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/48.html|access-date=9 October 2018}}</ref><ref>{{cite web|title=MARC|url=http://marc.info/?l=openbsd-misc&m=128397592926217&w=2|access-date=9 October 2018}}</ref> |
|||
* <code>iked(8)</code> [[IKEv2]] daemon |
|||
* <code>ldapd(8)</code> LDAP daemon |
|||
|- |
|||
== Distribution and marketing == |
|||
| {{Version |o |4.9}} |
|||
| 1 May 2011 |
|||
| 1 May 2012 |
|||
| ''The Answer''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/49.html|access-date=9 October 2018}}</ref> |
|||
* <code>rc.d(8)</code> daemon control |
|||
|- |
|||
OpenBSD is available freely in various ways: the source can be retrieved by anonymous [[Concurrent Versions System|CVS]] or [[CVSup]], and binary releases and development snapshots can be downloaded either by [[File Transfer Protocol|FTP]] or [[Hypertext Transfer Protocol|HTTP]]. Prepackaged CD sets can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, are one of the project's few sources of income, funding hardware, bandwidth and other expenses. To encourage the sale of the official CDs, OpenBSD makes only a small install [[ISO image]] available for download rather than provide full release ISOs. |
|||
| {{Version |o |5.0}} |
|||
| 1 November 2011 |
|||
| 1 November 2012 |
|||
| ''What Me Worry?''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/50.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
In common with several other operating systems, OpenBSD uses ports and packages systems to allow for easy installation and management of programs which are not part of the base operating system. Originally based on the FreeBSD ports tree, the system is now quite distinct. Additionally, major changes have been made since the 3.6 release, including the replacement of the package tools, the tools available to the user to manipulate packages, by more capable versions, written in [[Perl]] by [[Marc Espie]]. In contrast to FreeBSD, the OpenBSD ports system is intended as a source used to create the end product, the packages: installing a port first creates a package and then installs it using the package tools. Packages are built in bulk by the OpenBSD team and provided for download with each release. OpenBSD is also unique among the BSDs in that the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 3.7 are not suitable for use with 3.6 and vice versa, a policy which lends a great deal of stability to the development process, but means that the software in ports for the latest OpenBSD release can lag somewhat from the latest version available from the author. |
|||
| {{Version |o |5.1}} |
|||
| 1 May 2012 |
|||
| 1 May 2014 |
|||
| ''Bug Busters''. The song was styled after the works of [[Ghostbusters]].<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/51.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
[[Image:Paintedpuffy1000X907px.gif|thumb|left|150px|[[Puffy (mascot)|Puffy]], painted]]Around the time of the OpenBSD 2.7 release, the original mascot, a [[BSD daemon]] with a [[trident]] and [[aureola]], was replaced by [[Puffy (mascot)|Puffy]], traditionally said to be a [[pufferfish]]. In fact pufferfish do not possess spikes and images of Puffy are closer to a similar species, the [[porcupinefish]]. Puffy was selected because of the [[Blowfish]] encryption algorithm used in [[OpenSSH]] and the strongly defensive image of the porcupinefish with its spikes to deter predators. He quickly became very popular, mainly because of the appealing image of the fish and his distinction from the BSD daemon, also used by FreeBSD, and the horde of daemons then used by NetBSD. Puffy made his first public appearance in OpenBSD 2.6 and, since then, has appeared in a number of guises on [[t-shirt|tee-shirts]] and [[posters]]. These have included ''Puffiana Jones'', the famed [[hacker|hackologist]] and adventurer, seeking out the Lost RAID; ''Puffathy'', a little Alberta girl, who must work with Taiwan to save the day; ''Sir Puffy of Ramsay'', a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all; and ''Puff Daddy'', famed rapper and political icon. |
|||
| {{Version |o |5.2}} |
|||
| 1 November 2012 |
|||
| 1 November 2013 |
|||
| ''Aquarela do Linux''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/52.html|access-date=9 October 2018}}</ref> |
|||
* [[Nginx|<code>nginx(8)</code>]] HTTP server |
|||
* SSLv2 disabled |
|||
|- |
|||
After a number of releases, OpenBSD has become notorious for its catchy songs and interesting and often comical artwork. The promotional material of early OpenBSD releases did not have a cohesive theme or design but, starting with OpenBSD 3.0, the CDs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the [[Plaid Tongued Devils]]. At first they were done lightly and only intended to add humour but, as the concept has evolved, they have become a part of OpenBSD [[operating system advocacy|advocacy]], with each release expanding a moral or political point important to the project, often through [[parody]]. Past themes have included: in OpenBSD 3.8, the ''Hackers of the Lost RAID'', a parody of [[Indiana Jones]] linked to the new [[RAID]] tools featured as part of the release; ''The Wizard of OS'', making its debut in OpenBSD 3.7, based on the work of [[Pink Floyd]] and a parody of [[The Wizard of Oz (1939 film)|The Wizard of Oz]] related to the project's recent wireless hacking; and OpenBSD 3.3's ''Puff the Barbarian'', including an 80s rock-style song and parody of [[Conan the Barbarian]], alluding to open documentation. |
|||
| {{Version |o |5.3}} |
|||
| 1 May 2013 |
|||
| 1 May 2014 |
|||
| ''Blade Swimmer''. The song was styled after the works of [[Roy Lee]], a parody of [[Blade Runner]].<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/53.html|access-date=9 October 2018}}</ref> |
|||
* [[Position-independent code#PIE|Position-independent executables]] (PIE) by default for seven hardware platforms<ref name="OpenBSD_Innovations-ASLR-PIE"/> |
|||
|- |
|||
In addition to the slogans used on tee-shirts and posters for releases, the project occasionally produces other material: over the years, [[catch phrase|catchphrases]] have included "Sending [[script kiddie]]s to [[/dev/null]] since 1995," "Functional, secure, free – choose 3," "Secure by default," and a few insider slogans, only available on tee-shirts made for developer gatherings, such as "World class security for much less than the price of a [[cruise missile]]" and a crufty old octopus proclaiming "Shut up and hack!" |
|||
| {{Version |o |5.4}} |
|||
| 1 November 2013 |
|||
| 1 November 2014 |
|||
| ''Our favorite hacks'', a parody of [[My Favorite Things (song)|My Favorite Things]].<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/54.html|access-date=9 October 2018}}</ref> |
|||
|- |
|||
==Books== |
|||
| {{Version |o |5.5}} |
|||
A number of books on OpenBSD have been published, including: |
|||
| 1 May 2014 |
|||
| 1 May 2015 |
|||
| ''Wrap in Time''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/55.html|access-date=9 October 2018}}</ref> |
|||
* <code>signify(1)</code> cryptographic signatures of release and packages |
|||
* 64bit <code>time_t</code> on all platforms ([[Year 2038 problem|Y2K38]] ready) |
|||
|- |
|||
*''[http://www.oreilly.com/catalog/mfreeopenbsd/ Mastering FreeBSD and OpenBSD Security]'' by Yanek Korff, Paco Hope and Bruce Potter. ISBN 0-596-00626-8. |
|||
| {{Version |o |5.6}} |
|||
*''[http://www.devguide.net/books/openbsdfw-02-ed/ Building Firewalls with OpenBSD and PF: Second Edition]'' by Jacek Artymiak. ISBN 83-916651-1-9. |
|||
| 1 November 2014 |
|||
*''[http://www.aw-bc.com/catalog/academic/product/0,1144,0321193660,00.html Secure Architectures with OpenBSD]'' by Brandon Palmer and Jose Nazario. ISBN 03-21193-66-0. |
|||
| 18 October 2015 |
|||
*''[[Absolute OpenBSD|Absolute OpenBSD, Unix for the Practical Paranoid]]'' by Michael W. Lucas. ISBN 1-886411-99-9. |
|||
| ''Ride of the Valkyries''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/56.html|access-date=9 October 2018}}</ref> |
|||
*''[http://www.wiley.com/legacy/compbooks/catalog/35366-3.htm Building Linux and OpenBSD Firewalls]'' by Wes Sonnenreich and Tom Yates. ISBN 0-471-35366-3. |
|||
* [[LibreSSL]] fork of [[OpenSSL]] |
|||
* [[Apache HTTP Server|Apache HTTPD]] removed from base |
|||
|- |
|||
==See also== |
|||
| {{Version |o |5.7}} |
|||
{{Portalpar|Cryptography|Key-crypto-sideways.png}} |
|||
| 1 May 2015 |
|||
{{Portalpar|Free software|Cartoonpuffy800X689px.gif}} |
|||
| 29 March 2016 |
|||
{{Portalpar|Computer science|Computer-aj aj ashton 01.svg}} |
|||
| ''Source Fish''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/57.html|access-date=9 October 2018}}</ref> |
|||
* <code>rcctl(8)</code> utility to control daemons |
|||
* <code>nginx(8)</code> removed from base |
|||
* [[procfs]] has been removed |
|||
|- |
|||
| {{Version |o |5.8}} |
|||
| 18 October 2015 |
|||
| 1 September 2016 |
|||
| ''20 years ago today'', ''Fanza'', ''So much better'', ''A Year in the Life''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/58.html|access-date=9 October 2018}}</ref><br /> |
|||
(20th anniversary release<ref>{{cite web|title=MARC|url=http://marc.info/?l=openbsd-announce&m=144515087006176|access-date=9 October 2018}}</ref>) |
|||
* <code>doas(1)</code> replacement of [[sudo]] |
|||
|- |
|||
| {{Version |o |5.9}} |
|||
| 29 March 2016 |
|||
| 11 April 2017 |
|||
| ''Doctor W^X'', ''Systemagic (Anniversary Edition)''.<ref>{{cite web|title=Release Notes|url=https://www.openbsd.org/59.html|access-date=9 October 2018}}</ref> |
|||
* [[W^X]] enforced in i386 kernel |
|||
* <code>pledge(2)</code> process restriction |
|||
|- |
|||
| {{Version |o |6.0}} |
|||
| 1 September 2016 |
|||
| 9 October 2017 |
|||
| ''Another Smash of the Stack'', ''Black Hat'', ''Money'', ''Comfortably Dumb (the misc song)'', ''Mother'', ''Goodbye'' and ''Wish you were Secure'', Release songs parodies of Pink Floyd's [[The Wall]], [[Comfortably Numb]] and [[Wish You Were Here (Pink Floyd song)|Wish You Were Here]].<ref>{{cite book|title=OpenBSD 6.0|url=https://www.openbsd.org/60.html|website=OpenBSD|access-date=24 July 2016|isbn=978-0-9881561-8-0}}</ref> |
|||
* <code>vmm(4)</code> virtualization (disabled by default) |
|||
* Removed vax<ref>{{cite web|title=OpenBSD vax|url=https://www.openbsd.org/vax.html|website=OpenBSD|access-date=2 September 2016}}</ref> and 32-bit SPARC<ref>{{cite web|title=OpenBSD sparc|url=https://www.openbsd.org/sparc.html|website=OpenBSD|access-date=2 September 2016}}</ref> support |
|||
|- |
|||
| {{Version |o |6.1}} |
|||
| 11 April 2017 |
|||
| 15 April 2018 |
|||
| ''Winter of 95'', a parody of [[Summer of '69]].<ref>{{cite web|title=OpenBSD 6.1|url=https://www.openbsd.org/61.html|website=OpenBSD|access-date=11 April 2017}}</ref> |
|||
* <code>syspatch(8)</code> utility for binary base system updates |
|||
* new <code>arm64</code> platform |
|||
|- |
|||
| {{Version |o |6.2}} |
|||
| 9 October 2017 |
|||
| 18 October 2018 |
|||
| ''A three-line diff''<ref>{{cite web|title=OpenBSD 6.2|url=https://www.openbsd.org/62.html|website=OpenBSD}}</ref> |
|||
* <code>inteldrm(4)</code> Skylake/Kaby Lake/Cherryview devices |
|||
* <code>clang(1)</code> base system compiler on <code>i386</code> and <code>amd64</code> platforms |
|||
|- |
|||
| {{Version |o |6.3}} |
|||
| 2 April 2018 |
|||
| 3 May 2019 |
|||
| |
|||
* SMP is supported on <code>arm64</code> platforms. |
|||
* Several parts of the network stack now run without KERNEL_LOCK(). |
|||
* Multiple security improvements have been made, including Meltdown/Spectre (variant 2) mitigations. Intel CPU microcode is loaded on boot on <code>amd64</code>. |
|||
* pledge() has been modified to support "execpromises" (as the second argument). |
|||
|- |
|||
| {{Version |o |6.4}} |
|||
| 18 October 2018 |
|||
| 17 October 2019 |
|||
| |
|||
* <code>unveil(2)</code> filesystem visibility restriction.<ref>{{cite web|title=unveil(2)|url=https://man.openbsd.org/unveil|website=OpenBSD|access-date=19 October 2018}}</ref> |
|||
|- |
|||
| {{Version |o |6.5}} |
|||
| 24 April 2019 |
|||
| 19 May 2020 |
|||
| |
|||
* Support for parsing [[NMEA 0183]] altitude and ground speed [[hw.sensors]]. |
|||
* [[Xenocara]]: [[Xorg]] (X Window Server) is no longer [[setuid]]. |
|||
|- |
|||
| {{Version |o |6.6}} |
|||
| 17 October 2019 |
|||
| 18 October 2020 |
|||
| |
|||
* <code>sysupgrade(8)</code> automates upgrades to new releases or snapshots.<ref>{{cite web|title=OpenBSD 6.6|url=https://www.openbsd.org/66.html|website=OpenBSD|access-date=17 January 2020}}</ref> |
|||
* <code>amdgpu(4)</code> AMD RADEON GPU video driver. |
|||
|- |
|||
| {{Version |o |6.7}} |
|||
| 19 May 2020 |
|||
| 1 May 2021 |
|||
| |
|||
* Made ffs2 the default filesystem type on installs except for landisk, luna88k and sgi.<ref>{{cite web|title=OpenBSD 6.7|url=https://www.openbsd.org/67.html|website=OpenBSD|access-date=21 May 2020}}</ref> |
|||
|- |
|||
| {{Version |o |6.8}} |
|||
| 18 October 2020 |
|||
| 14 October 2021 |
|||
| |
|||
* 25th anniversary release. |
|||
* New powerpc64 platform.<ref>{{cite web|title=OpenBSD 6.8|url=https://www.openbsd.org/68.html|website=OpenBSD|access-date=18 October 2020}}</ref> |
|||
|- |
|||
| {{Version |o |6.9}} |
|||
| 1 May 2021 |
|||
| 21 April 2022{{notetag|name=release|OpenBSD is released roughly every 6 months targeting May and November and only the latest two releases receive security and reliability fixes for the base system.<ref name="OpenBSD FAQ">{{cite web|title=OpenBSD FAQ|url=https://www.openbsd.org/faq/faq5.html#Flavors|website=OpenBSD|access-date=5 May 2021}}</ref>}} |
|||
| |
|||
* 50th release.<ref>{{cite web|title=OpenBSD 6.9|url=https://www.openbsd.org/69.html|website=OpenBSD|access-date=2 May 2021}}</ref> |
|||
|- |
|||
| {{Version |o |7.0}} |
|||
| 14 October 2021 |
|||
| 20 October 2022{{notetag|name=release}} |
|||
| |
|||
* 51st release.<ref name=":0">{{cite web|title=OpenBSD 7.0|url=https://www.openbsd.org/70.html|website=OpenBSD|access-date=15 October 2021}}</ref> |
|||
*New riscv64 platform.<ref name=":0" /> |
|||
|- |
|||
| {{Version |o |7.1}} |
|||
| 21 April 2022 |
|||
| 10 April 2023{{notetag|name=release}} |
|||
| |
|||
* 52nd release.<ref>{{cite web|title=OpenBSD 7.1|url=https://www.openbsd.org/71.html|website=OpenBSD|access-date=21 April 2022}}</ref> |
|||
* loongson support was temporarily discontinued for this release.<ref>{{cite web|title=OpenBSD loongson|url=http://www.openbsd.org/loongson.html|archive-url=https://web.archive.org/web/20220822025445/http://www.openbsd.org/loongson.html|archive-date=22 August 2022|url-status=deviated}}</ref> |
|||
|- |
|||
| {{Version |o |7.2}} |
|||
| 20 October 2022 |
|||
| 16 October 2023{{notetag|name=release}} |
|||
| |
|||
* 53rd release.<ref>{{cite web|title=OpenBSD 7.2|url=https://www.openbsd.org/72.html|website=OpenBSD|access-date=20 October 2022}}</ref> |
|||
|- |
|||
| {{Version |o |7.3}} |
|||
| 10 April 2023 |
|||
| 5 April 2024{{notetag|name=release}} |
|||
| |
|||
* 54th release.<ref>{{cite web|title=OpenBSD 7.3|url=https://www.openbsd.org/73.html|website=OpenBSD|access-date=10 April 2023}}</ref> |
|||
* Immutable permissions on address space regions. |
|||
* "xonly" support on many architectures. |
|||
* Support for full-disk encryption in the installer (via softraid driver) |
|||
|- |
|||
| {{Version |o |7.4}} |
|||
| 16 October 2023 |
|||
| 8 October 2024{{notetag|name=release}} |
|||
| |
|||
* 55th release.<ref>{{cite web|title=OpenBSD 7.4|url=https://www.openbsd.org/74.html|website=OpenBSD|access-date=16 October 2023}}</ref> |
|||
|- |
|||
| {{Version |co |7.5}} |
|||
| 5 April 2024 |
|||
| May 2025{{notetag|name=release}} |
|||
| |
|||
* 56th release.<ref>{{cite web|title=OpenBSD 7.5|url=https://www.openbsd.org/75.html|website=OpenBSD|access-date=9 April 2024}}</ref> |
|||
|- |
|||
| {{Version |c |7.6}} |
|||
| 8 October 2024 |
|||
| Oct 2025{{notetag|name=release}} |
|||
| |
|||
* 57th release.<ref>{{cite web|title=OpenBSD 7.6|url=https://www.openbsd.org/76.html|website=OpenBSD|access-date=8 October 2024}}</ref> |
|||
|- |
|||
|} |
|||
== See also == |
|||
*[[BSD and GPL licensing]] |
|||
{{Portal|Free and open-source software}} |
|||
*[[BSD Authentication]] |
|||
*[[Comparison of BSD operating systems]] |
*[[Comparison of BSD operating systems]] |
||
*[[Comparison of operating systems]] |
*[[Comparison of open-source operating systems]] |
||
*[[KAME project]], responsible for OpenBSD's IPv6 support |
|||
*[[Hackathon]] |
|||
*[[Lumina (desktop environment)]] |
|||
*[[KAME project]] |
|||
*[[ |
*[[OpenBSD Journal]] |
||
*[[OpenBSD security features]] |
|||
*[[POSSE project]] |
|||
*[[Security |
*[[Security-focused operating system]] |
||
*[[Unix security]] |
|||
== |
== Notes == |
||
{{notefoot}} |
|||
<div class="references-small"> |
|||
<references /> |
|||
</div> |
|||
== |
== References == |
||
{{Reflist|refs= |
|||
{{commonscat|OpenBSD}} |
|||
<ref name="2014_fundraising_campaign">{{cite web |
|||
* [http://www.openbsd.org/ OpenBSD homepage] |
|||
|url = http://www.openbsdfoundation.org/campaign2014.html |
|||
|title = The OpenBSD Foundation 2014 Fundraising Campaign |
|||
* [http://www.openntpd.org/ OpenNTPD homepage] |
|||
|work = [[OpenBSD Foundation]] |
|||
* [http://www.openbgpd.org/ OpenBGPD homepage] |
|||
|access-date = 24 May 2014 |
|||
* [http://www.opencvs.org/ OpenCVS homepage] |
|||
}}</ref> |
|||
* [http://www.undeadly.org/ OpenBSD journal] |
|||
* [http://ports.openbsd.nu/ OpenBSD ports tracker] |
|||
* [http://www.jus.uio.no/sisu/free.for.all.peter.wayner ''Free For All'' by Pete Wayner] |
|||
* [http://www.openfaqs.org/ Daniel Ouellet's OpenBSD HOWTO site] |
|||
* [http://marc.theaimsgroup.com/?l=openbsd-misc&r=1&w=2 MARC: ''openbsd-misc'' mailing list archive] |
|||
* [http://www.openbsd101.com/ OpenBSD 101] |
|||
<ref name="2.0-release">{{cite mailing list |
|||
{{unix-like}} |
|||
|url = http://wolfram.schneider.org/bsd/ftp/releases/OpenBSD-2.0 |
|||
|title = The OpenBSD 2.0 release |
|||
|first = Theo |
|||
|last = De Raadt |
|||
|author-link = Theo de Raadt |
|||
|date = 18 October 1996 |
|||
|mailing-list = openbsd-announce |
|||
}}</ref> |
|||
<ref name="2.3-announcement">{{cite mailing list |
|||
[[Category:OpenBSD|*]] |
|||
|url = http://wolfram.schneider.org/bsd/ftp/releases/OpenBSD-2.3 |
|||
[[Category:Operating system security]] |
|||
|title = 2.3 release announcement |
|||
[[Category:Cryptographic software]] |
|||
|first = Theo |
|||
[[Category:Embedded operating systems]] |
|||
|last = De Raadt |
|||
[[Category:Free software operating systems]] |
|||
|author-link = Theo de Raadt |
|||
|date = 19 December 2005 |
|||
|mailing-list = openbsd-misc |
|||
|quote = Without [SNI's] support at the right time, this release probably would not have happened. |
|||
}}</ref> |
|||
<ref name="2.7-release">{{cite web |
|||
[[bs:OpenBSD]] |
|||
|url = http://www.openbsd.org/27.html |
|||
[[ca:OpenBSD]] |
|||
|title = OpenBSD 2.7 |
|||
|work = OpenBSD |
|||
|access-date = 22 May 2016 |
|||
[[el:OpenBSD]] |
|||
}}</ref> |
|||
[[es:OpenBSD]] |
|||
[[eu:OpenBSD]] |
|||
<ref name="4.0-review">{{cite web |
|||
[[fi:OpenBSD]] |
|||
|last = Matzan |
|||
[[fr:OpenBSD]] |
|||
|first = Jem |
|||
[[gl:OpenBSD]] |
|||
|url = http://www.softwareinreview.com/bsd/openbsd_4.0_review.html |
|||
[[hu:OpenBSD]] |
|||
|title = OpenBSD 4.0 review |
|||
|work = Software in Review |
|||
[[it:OpenBSD]] |
|||
|date = 1 December 2006 |
|||
[[ja:OpenBSD]] |
|||
|access-date = 13 December 2011 |
|||
[[ko:OpenBSD]] |
|||
|url-status = dead |
|||
[[lt:OpenBSD]] |
|||
|archive-url = https://web.archive.org/web/20120111112331/http://www.softwareinreview.com/bsd/openbsd_4.0_review.html |
|||
[[lv:OpenBSD]] |
|||
|archive-date = 11 January 2012 |
|||
[[ms:OpenBSD]] |
|||
|quote = Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light. |
|||
[[nl:OpenBSD]] |
|||
}}</ref> |
|||
[[no:OpenBSD]] |
|||
[[pl:OpenBSD]] |
|||
<ref name="6.0-release">{{cite web |
|||
[[pt:OpenBSD]] |
|||
|url = https://www.openbsd.org/59.html |
|||
[[ro:OpenBSD]] |
|||
|title = OpenBSD 6.0 |
|||
|work = OpenBSD |
|||
|access-date = 1 November 2016 |
|||
[[sl:OpenBSD]] |
|||
}}</ref> |
|||
[[sr:OpenBSD]] |
|||
[[sv:OpenBSD]] |
|||
<ref name="absolute_openbsd">{{cite book |
|||
[[th:OpenBSD]] |
|||
| last = Lucas |
|||
[[tr:OpenBSD]] |
|||
| first = Michael W. |
|||
[[zh:OpenBSD]] |
|||
| title = Absolute OpenBSD: Unix for the Practical Paranoid |
|||
|url = https://www.nostarch.com/obenbsd2e |
|||
| edition = 2nd |
|||
| date = April 2013 |
|||
| publisher = [[No Starch Press]] |
|||
|location = San Francisco, California |
|||
| isbn = 978-1-59327-476-4 |
|||
}}</ref> |
|||
<ref name="allegations-ipsec">{{cite mailing list |
|||
|url = http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 |
|||
|title = Allegations regarding OpenBSD IPSEC |
|||
|first = Theo |
|||
|last = De Raadt |
|||
|author-link = Theo de Raadt |
|||
|date = 14 December 2010 |
|||
|access-date = 28 May 2016 |
|||
|mailing-list = openbsd-tech |
|||
}}</ref> |
|||
<ref name="announcing-openbsd-foundation">{{cite web |
|||
|url = http://undeadly.org/cgi?action=article&sid=20070726015128 |
|||
|title = Announcing – The OpenBSD Foundation |
|||
|author = <!--Not stated--> |
|||
|work = [[OpenBSD Journal]] |
|||
|date = 26 July 2007 |
|||
}}</ref> |
|||
<ref name="anoncvs">{{cite web |
|||
|url = http://www.openbsd.org/anoncvs.html |
|||
|title = Anonymous CVS |
|||
|work = OpenBSD |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="archlinux_openssh-portable">{{cite web |
|||
|url = https://www.archlinux.org/packages/core/x86_64/openssh/ |
|||
|title = Arch Linux – openssh 7.2p2-1 (x86_64) |
|||
|work = [[Arch Linux]] |
|||
|access-date = 17 May 2016 |
|||
}}</ref> |
|||
<ref name="Bright">{{cite web |
|||
|last = Bright |
|||
|first = Peter |
|||
|url = https://arstechnica.com/information-technology/2014/01/openbsd-rescued-from-unpowered-oblivion-by-20k-bitcoin-donation/ |
|||
|title = OpenBSD rescued from unpowered oblivion by $20K bitcoin donation |
|||
|work = [[Ars Technica]] |
|||
|date = 20 January 2014 |
|||
|access-date = 20 January 2014 |
|||
}}</ref> |
|||
<ref name="calyptix">{{cite web |
|||
|url = http://www.calyptix.com/products/models/ae800/ |
|||
|title = AccessEnforcer Model AE800 |
|||
|work = Calyptix Security |
|||
|access-date = 28 May 2016 |
|||
|archive-date = 2 December 2020 |
|||
|archive-url = https://web.archive.org/web/20201202054857/https://www.calyptix.com/products/models/ae800/ |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="bsd-cognoscenti-on-linux">{{cite web |
|||
|url = https://www.linux.com/news/bsd-cognoscenti-linux |
|||
|title = BSD cognoscenti on Linux |
|||
|first = Jem |
|||
|last = Matzan |
|||
|work = NewsForge |
|||
|publisher = [[Linux.com]] |
|||
|date = 15 June 2005 |
|||
|access-date = 28 May 2016 |
|||
}}</ref> |
|||
<ref name="chisnall2006">{{cite web |
|||
|url = http://www.informit.com/articles/article.aspx?p=439601&seqNum=3 |
|||
|title = BSD: The Other Free UNIX Family |
|||
|last = Chisnall |
|||
|first = David |
|||
|work = [[InformIT (publisher)|InformIT]] |
|||
|date = 20 January 2006 |
|||
|archive-url = https://web.archive.org/web/20140404235931/http://www.informit.com/articles/article.aspx?p=439601&seqNum=3 |
|||
|archive-date = 4 April 2014 |
|||
|url-status = live |
|||
}}</ref> |
|||
<ref name="closer-look-openbsd">{{cite web |
|||
|first = Tim |
|||
|last = McIntire |
|||
|url = http://www.ibm.com/developerworks/aix/library/au-openbsd.html |
|||
|title = Take a closer look at OpenBSD |
|||
|work = Developerworks |
|||
|publisher = [[IBM]] |
|||
|date = 8 August 2006 |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="cranor">{{cite web |
|||
|url = http://chuck.cranor.org/ |
|||
|title = Chuck Cranor's Home Page |
|||
|first = Chuck D. |
|||
|last = Cranor |
|||
|access-date = 13 December 2011 |
|||
|quote = I also hosted and helped create the first Anonymous CVS server on the Internet (the original anoncvs.openbsd.org [...] |
|||
}}</ref> |
|||
<ref name="crypto-openbsd-overview">{{cite conference |
|||
|url = https://www.usenix.org/legacy/publications/library/proceedings/usenix99/deraadt.html |
|||
|title = Cryptography in OpenBSD: An Overview |
|||
|first1 = Theo |
|||
|last1 = De Raadt |
|||
|author-link1 = Theo de Raadt |
|||
|first2 = Niklas |
|||
|last2 = Hallqvist |
|||
|first3 = Artur |
|||
|last3 = Grabowski |
|||
|first4 = Angelos D. |
|||
|last4 = Keromytis |
|||
|first5 = Niels |
|||
|last5 = Provos |
|||
|author-link5 = Niels Provos |
|||
|date = 6 June 1999 |
|||
|conference = [[USENIX]] Annual Technical Conference |
|||
|location = Monterey, California |
|||
|access-date = 27 May 2016 |
|||
}}</ref> |
|||
<ref name="crypto-openbsd-overview_randomness">{{cite conference |
|||
|title = Cryptography in OpenBSD: An Overview |
|||
|url = https://www.usenix.org/legacy/publications/library/proceedings/usenix99/deraadt.html |
|||
|chapter-url = https://www.usenix.org/legacy/publications/library/proceedings/usenix99/full_papers/deraadt/deraadt_html/node18.html |
|||
|chapter = Randomness Used Inside the Kernel |
|||
|first1 = Theo |
|||
|last1 = De Raadt |
|||
|author-link1 = Theo de Raadt |
|||
|first2 = Niklas |
|||
|last2 = Hallqvist |
|||
|first3 = Artur |
|||
|last3 = Grabowski |
|||
|first4 = Angelos D. |
|||
|last4 = Keromytis |
|||
|first5 = Niels |
|||
|last5 = Provos |
|||
|author-link5 = Niels Provos |
|||
|date = 6 June 1999 |
|||
|conference = [[USENIX]] Annual Technical Conference |
|||
|location = Monterey, California |
|||
|access-date = 1 February 2014 |
|||
}}</ref> |
|||
<ref name="cvs">{{cite conference |
|||
|url = https://www.usenix.org/legacy/event/usenix99/cranor_f.html |
|||
|title = Opening the Source Repository with Anonymous CVS |
|||
|first1 = Chuck D. |
|||
|last1 = Cranor |
|||
|first2 = Theo |
|||
|last2 = De Raadt |
|||
|author-link2 = Theo de Raadt |
|||
|date = 6 June 1999 |
|||
|access-date = 13 December 2011 |
|||
|conference = [[USENIX]] Annual Technical Conference |
|||
|location = Monterey, California |
|||
}}</ref> |
|||
<ref name="cvsweb_map-mbone_xerox">{{cite web |
|||
|url = http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/map-mbone/mapper.c?rev=1.5&content-type=text/x-cvsweb-markup |
|||
|title = src/usr.sbin/map-mbone/mapper.c – view – 1.5 |
|||
|work = cvsweb.openbsd.org |
|||
|date = 31 July 2001 <!-- date from CVS log --> |
|||
|access-date = 24 May 2016 |
|||
|quote = New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it. |
|||
}}</ref> |
|||
<ref name="cvsweb_mrinfo_xerox">{{cite web |
|||
|url = http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/mrinfo/mrinfo.c?rev=1.7&content-type=text/x-cvsweb-markup |
|||
|title = src/usr.sbin/mrinfo/mrinfo.c – view – 1.7 |
|||
|work = cvsweb.openbsd.org |
|||
|date = 31 July 2001 <!-- date from CVS log --> |
|||
|access-date = 24 May 2016 |
|||
|quote = New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it. |
|||
}}</ref> |
|||
<ref name="debian_openssh-portable">{{cite web |
|||
|url = https://packages.debian.org/jessie/openssh-client |
|||
|title = Debian – Details of package openssh-client in jessie |
|||
|work = [[Debian]] |
|||
|access-date = 17 May 2016 |
|||
}}</ref> |
|||
<ref name="deraadt_interview_200603">{{cite web |
|||
|url = https://www.linux.com/news/interview-theo-de-raadt-openbsd/ |
|||
|title = Interview: Theo de Raadt of OpenBSD |
|||
|work = NewsForge |
|||
|date = 28 March 2006 |
|||
|access-date = 31 March 2016 |
|||
}}</ref> |
|||
<ref name="deraadt_interview_200605">{{cite web |
|||
|url = http://kerneltrap.org/node/6550 |
|||
|title = Interview: Theo de Raadt |
|||
|first = Jeremy |
|||
|last = Andrews |
|||
|work = [[KernelTrap]] |
|||
|date = 2 May 2006 |
|||
|archive-url = https://web.archive.org/web/20130424125958/http://kerneltrap.org/node/6550 |
|||
|archive-date = 24 April 2013 |
|||
}}</ref> |
|||
<ref name="deraadtopencon06">{{cite web |
|||
|url = http://www.openbsd.org/papers/opencon06-docs/index.html |
|||
|title = Presentation at OpenCON |
|||
|last = De Raadt |
|||
|first = Theo |
|||
|author-link= Theo de Raadt |
|||
|website = OpenBSD |
|||
|date = 5 December 2006 <!-- date from CVS log --> |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="djb-ports-removed-1">{{cite mailing list |
|||
|url = http://archives.neohapsis.com/archives/openbsd/2001-08/2544.html |
|||
|title = Re: Why were all DJB's ports removed? No more qmail? |
|||
|first = Theo |
|||
|last = De Raadt |
|||
|author-link = Theo de Raadt |
|||
|date = 24 August 2001 |
|||
|mailing-list = openbsd-misc |
|||
|archive-url = https://web.archive.org/web/20160419110701/http://archives.neohapsis.com/archives/openbsd/2001-08/2544.html |
|||
|archive-date = 19 April 2016 |
|||
}}</ref> |
|||
<ref name="djb-ports-removed-2">{{cite mailing list |
|||
|url = http://archives.neohapsis.com/archives/openbsd/2001-08/2812.html |
|||
|title = Re: Why were all DJB's ports removed? No more qmail? |
|||
|first = Daniel J. |
|||
|last = Bernstein |
|||
|author-link = Daniel J. Bernstein |
|||
|date = 27 August 2001 |
|||
|mailing-list = openbsd-misc |
|||
|archive-url = https://web.archive.org/web/20120204203539/http://archives.neohapsis.com/archives/openbsd/2001-08/2812.html |
|||
|archive-date=4 February 2012 |
|||
}}</ref> |
|||
<ref name="djb-ports-removed-3">{{cite mailing list |
|||
|url = http://archives.neohapsis.com/archives/openbsd/2001-08/2864.html |
|||
|title = Re: Why were all DJB's ports removed? No more qmail? |
|||
|first = Marc |
|||
|last = Espie |
|||
|date = 28 August 2001 |
|||
|mailing-list = openbsd-misc |
|||
|archive-url = https://web.archive.org/web/20160419080907/http://archives.neohapsis.com/archives/openbsd/2001-08/2864.html |
|||
|archive-date = 19 April 2016 |
|||
}}</ref> |
|||
<ref name="dragonflybsd_openssh-base">{{cite web |
|||
|title = dragonfly.git/blob – crypto/openssh/README |
|||
|url = https://gitweb.dragonflybsd.org/dragonfly.git/blob/HEAD:/crypto/openssh/README |
|||
|website = gitweb.dragonflybsd.org |
|||
|access-date = 19 May 2016 |
|||
|quote = This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices. |
|||
}}</ref> |
|||
<ref name="faq9">{{cite web |
|||
|url = http://www.openbsd.org/faq/faq1.html#OtherUnixes |
|||
|title = Migrating to OpenBSD |
|||
|work = OpenBSD Frequently Asked Questions |
|||
|access-date = 4 January 2017 |
|||
}}</ref> |
|||
<ref name="faq11">{{cite web |
|||
|url = http://www.openbsd.org/faq/faq11.html |
|||
|title = The X Windows System |
|||
|work = OpenBSD Frequently Asked Questions |
|||
|access-date = 22 May 2016 |
|||
|quote = OpenBSD ships with the cwm(1), fvwm(1) and twm(1) window managers, [...] |
|||
}}</ref> |
|||
<ref name="faq15">{{cite web |
|||
|url = http://www.openbsd.org/faq/faq15.html |
|||
|title = Packages and Ports |
|||
|work = OpenBSD Frequently Asked Questions |
|||
|access-date = 22 May 2016 |
|||
}}</ref> |
|||
<ref name="faq15-pkgs">{{cite web |
|||
|url = https://www.openbsd.org/faq/faq15.html#PkgMgmt |
|||
|title = Package Management |
|||
|work = OpenBSD Frequently Asked Questions |
|||
|access-date = 1 June 2016 |
|||
}}</ref> |
|||
<ref name="foundation_contributors">{{cite web |
|||
|title = Contributors |
|||
|url = http://www.openbsdfoundation.org/contributors.html |
|||
|work = [[OpenBSD Foundation]] |
|||
|access-date = 27 May 2016 |
|||
}}</ref> |
|||
<ref name="free-for-all">{{cite book |
|||
|url = http://www.jus.uio.no/sisu/free_for_all.peter_wayner/index.html |
|||
|title = Free For All: How Linux and the Free Software Movement Undercut the High Tech Titans |
|||
|chapter = 18.3 Flames, Fights, and the Birth of OpenBSD |
|||
|first = Peter |
|||
|last = Wayner |
|||
|edition = 1st |
|||
|publisher = [[HarperBusiness]] |
|||
|isbn = 978-0-06-662050-3 |
|||
|date = 13 July 2000 |
|||
|access-date = 13 December 2011 |
|||
|url-status = dead |
|||
|archive-url = https://web.archive.org/web/20120122011859/http://www.jus.uio.no/sisu/free_for_all.peter_wayner/index.html |
|||
|archive-date = 22 January 2012 |
|||
|df = dmy-all |
|||
}}</ref> |
|||
<ref name="freebsd_openssh-base">{{cite web |
|||
|url = https://svnweb.freebsd.org/base/stable/10/crypto/openssh/README?view=markup |
|||
|title = Contents of /stable/10/crypto/openssh/README |
|||
|website = svnweb.freebsd.org |
|||
|access-date = 19 May 2016 |
|||
|quote = This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices. |
|||
}}</ref> |
|||
<ref name="ftp">{{cite web |
|||
|url = http://www.openbsd.org/ftp.html |
|||
|title = Mirrors |
|||
|work = OpenBSD |
|||
|access-date = 22 May 2016 |
|||
}}</ref> |
|||
<ref name="funding-2014">{{cite mailing list |
|||
|url = http://marc.info/?l=openbsd-misc&m=138972987203440&w=2 |
|||
|title = Request for Funding our Electricity |
|||
|mailing-list = openbsd-misc |
|||
|last = Beck |
|||
|first = Bob |
|||
|date = 14 January 2014 |
|||
|access-date = 17 May 2016 |
|||
}}</ref> |
|||
<ref name="genua">{{cite web |
|||
|url = https://www.genua.de/en/products/high-resistance-firewall-genugate.html |
|||
|title = High Resistance Firewall genugate |
|||
|work = GeNUA |
|||
|access-date = 29 May 2016 |
|||
|archive-date = 19 September 2020 |
|||
|archive-url = https://web.archive.org/web/20200919032649/https://www.genua.de/en/products/high-resistance-firewall-genugate.html |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="glass">{{cite mailing list |
|||
|url = http://mail-index.netbsd.org/netbsd-users/1994/12/23/0000.html |
|||
|title = Theo De Raadt |
|||
|first = Adam |
|||
|last = Glass |
|||
|date = 23 December 1994 |
|||
|mailing-list = netbsd-users |
|||
}}</ref> |
|||
<ref name="informationweek_ipsec">{{cite web |
|||
|title = OpenBSD Founder Believes FBI Built IPsec Backdoor |
|||
|url = http://www.darkreading.com/vulnerabilities-and-threats/openbsd-founder-believes-fbi-built-ipsec-backdoor/d/d-id/1095055 |
|||
|work = InformationWeek: DARKreading |
|||
|date = 22 December 2010 |
|||
|first = Mathew J. |
|||
|last = Schwartz |
|||
|url-status = dead |
|||
|archive-url = https://web.archive.org/web/20170711004138/http://www.darkreading.com/vulnerabilities-and-threats/openbsd-founder-believes-fbi-built-ipsec-backdoor/d/d-id/1095055 |
|||
|archive-date = 11 July 2017 |
|||
}}</ref> |
|||
<ref name="infoworld_new_years_resolution">{{cite web |
|||
|title=New year's resolution No. 1: Get OpenBSD |
|||
|url=http://www.infoworld.com/article/2659465/security/new-year-s-resolution-no--1--get-openbsd.html |
|||
|last=Grimes |
|||
|first=Roger A. |
|||
|work=[[InfoWorld]] |
|||
|date=29 December 2006 |
|||
}}</ref> |
|||
<ref name="interview-espie">{{cite web |
|||
|url = http://www.onlamp.com/pub/a/bsd/2004/03/18/marc_espie.html |
|||
|title = An Interview with OpenBSD's Marc Espie |
|||
|first = Federico |
|||
|last = Biancuzzi |
|||
|work = [[O'Reilly Media|ONLamp]] |
|||
|date = 18 March 2004 |
|||
|access-date = 13 December 2011 |
|||
|archive-date = 4 May 2018 |
|||
|archive-url = https://web.archive.org/web/20180504070533/http://www.onlamp.com/pub/a/bsd/2004/03/18/marc_espie.html |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="license-disagreement">{{cite web |
|||
|url = http://www.linux.com/feature/12774 |
|||
|title = OpenBSD and ipfilter still fighting over license disagreement |
|||
|first = Tina |
|||
|last = Gasperson |
|||
|date = 6 June 2001 |
|||
|work = [[Linux.com]] |
|||
|archive-url = https://web.archive.org/web/20080626101129/http://www.linux.com/feature/12774 |
|||
|archive-date = 26 June 2008 |
|||
}}</ref> |
|||
<ref name="lyrics">{{cite web |
|||
|url = http://www.openbsd.org/lyrics.html |
|||
|title = Release Songs |
|||
|work = OpenBSD |
|||
|access-date = 22 May 2016 |
|||
}}</ref> |
|||
<ref name="man_clang-local">{{cite web |
|||
|url = http://man.openbsd.org/OpenBSD-6.2/man1/clang-local.1 |
|||
|title = clang-local – OpenBSD-specific behavior of LLVM/clang |
|||
|work = OpenBSD manual pages |
|||
|access-date = 2 February 2018 |
|||
}}</ref> |
|||
<ref name="man_gcc-local">{{cite web |
|||
|url = http://man.openbsd.org/OpenBSD-6.0/man1/gcc-local.1 |
|||
|title = gcc-local – local modifications to gcc |
|||
|work = OpenBSD manual pages |
|||
|access-date = 1 November 2016 |
|||
}}</ref> |
|||
<ref name="mckusick_openbsd_shirt">{{cite web |
|||
|title = OpenBSD |
|||
|url = http://www.mckusick.com/beastie/shirts/openbsd.html |
|||
|website = mckusick.com |
|||
|access-date = 12 December 2014 |
|||
}}</ref> |
|||
<ref name="netbsd_openssh-base">{{cite web |
|||
|title = src/crypto/external/bsd/openssh/dist/README – view – 1.4 |
|||
|url = http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/external/bsd/openssh/dist/README?rev=1.4&content-type=text/x-cvsweb-markup&only_with_tag=MAIN |
|||
|website = NetBSD CVS Repositories |
|||
|access-date = 19 May 2016 |
|||
}}</ref> |
|||
<ref name="no-ipsec-backdoor">{{cite web |
|||
|url = https://arstechnica.com/open-source/news/2010/12/openbsd-code-audit-uncovers-bugs-but-no-evidence-of-backdoor.ars |
|||
|title = OpenBSD code audit uncovers bugs, but no evidence of backdoor |
|||
|first = Paul |
|||
|last = Ryan |
|||
|work = [[Ars Technica]] |
|||
|date = 23 December 2010 |
|||
|access-date = 9 January 2011 |
|||
}}</ref> |
|||
<ref name="onlamp-interview">{{cite web |
|||
|url = http://www.onlamp.com/pub/a/bsd/2003/07/17/openbsd_core_team.html |
|||
|title = The Essence of OpenBSD |
|||
|first1 = Cameron |
|||
|last1 = Laird |
|||
|first2 = George Peter |
|||
|last2 = Staplin |
|||
|work = [[O'Reilly Media|ONLamp]] |
|||
|date = 17 July 2003 |
|||
|access-date = 13 December 2011 |
|||
|archive-date = 22 October 2017 |
|||
|archive-url = https://web.archive.org/web/20171022004013/http://www.onlamp.com/pub/a/bsd/2003/07/17/openbsd_core_team.html |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="openbsd_2.5_release">{{cite mailing list |
|||
|title=OpenBSD 2.5 Release Announcement |
|||
|url=http://www.monkey.org/openbsd/archive/announce/9905/msg00002.html |
|||
|mailing-list=openbsd-announce |
|||
|last=De Raadt |
|||
|first=Theo |
|||
|author-link=Theo de Raadt |
|||
|date=19 May 1999 |
|||
|archive-url=https://web.archive.org/web/20140202092721/http://www.monkey.org/openbsd/archive/announce/9905/msg00002.html |
|||
|archive-date=2 February 2014 |
|||
|quote=OpenBSD 2.5 introduces the new Cop daemon image done by cartoonist Ty Semeka. |
|||
|url-status=dead |
|||
}}</ref> |
|||
<ref name="openbsd-desktop">{{cite web |
|||
|url = http://archive09.linux.com/articles/52930 |
|||
|title = Using OpenBSD on the desktop |
|||
|first = Manolis |
|||
|last = Tzanidakis |
|||
|work = [[Linux.com]] |
|||
|date = 21 April 2006 |
|||
|access-date = 9 March 2012 |
|||
|archive-url = https://web.archive.org/web/20120505103419/http://archive09.linux.com/articles/52930 |
|||
|archive-date = 5 May 2012 |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="openbsd_faq_building_system_source">{{cite web |
|||
|url = https://www.openbsd.org/faq/faq5.html#Flavors |
|||
|title = OpenBSD's flavors |
|||
|work = OpenBSD Frequently Asked Questions |
|||
|access-date = 22 May 2016 |
|||
}}</ref> |
|||
<ref name="openbsd_faq_system_management">{{cite web |
|||
|title = Applying patches in OpenBSD |
|||
|url = https://www.openbsd.org/faq/faq10.html#Patches |
|||
|work = OpenBSD Frequently Asked Questions |
|||
|access-date = 15 May 2016 |
|||
}}</ref> |
|||
<ref name="openbsd_goals_code">{{cite web |
|||
|url = http://www.openbsd.org/goals.html |
|||
|title = Project Goals |
|||
|website = OpenBSD |
|||
|access-date = 18 May 2016 |
|||
|quote = Integrate good code from any source with acceptable licenses. [...], NDAs are never acceptable. |
|||
}}</ref> |
|||
<ref name="openbsd-hackathons">{{cite web |
|||
|url = https://www.openbsd.org/hackathons.html |
|||
|title = Hackathons |
|||
|work = OpenBSD |
|||
|access-date = 18 May 2016 |
|||
}}</ref> |
|||
<ref name="openbsd_innovations_privsep">{{cite web |
|||
|title = Innovations |
|||
|url = https://www.openbsd.org/innovations.html |
|||
|website = OpenBSD |
|||
|access-date = 18 May 2016 |
|||
|quote = Privilege separation: [...] The concept is now used in many OpenBSD programs, for example [...] etc. |
|||
}}</ref> |
|||
<ref name="openports">{{cite web |
|||
|url = http://openports.se/statistics.php |
|||
|title = OpenPorts.se Statistics |
|||
|work = OpenPorts.se |
|||
|access-date = 8 February 2018 |
|||
|archive-date = 28 September 2020 |
|||
|archive-url = https://web.archive.org/web/20200928185241/https://openports.se/statistics.php |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="openssh-history">{{cite web |
|||
|url = http://www.openssh.com/history.html |
|||
|title = Project History and Credits |
|||
|work = [[OpenSSH]] |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="openssh-usage">{{cite web |
|||
|url = http://www.openssh.com/usage/ |
|||
|title = SSH usage profiling |
|||
|work = [[OpenSSH]] |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="opensuse_openssh-portable">{{cite web |
|||
|url = https://software.opensuse.org/package/openssh |
|||
|title = openssh |
|||
|work = [[OpenSUSE]] |
|||
|access-date = 17 May 2016 |
|||
}}</ref> |
|||
<ref name="orders">{{cite web |
|||
|url = http://www.openbsd.org/orders.html |
|||
|title = Orders |
|||
|work = OpenBSD |
|||
|access-date = 20 May 2016 |
|||
|archive-url = https://web.archive.org/web/20111219075939/http://openbsd.org/orders.html |
|||
|archive-date = 19 December 2011 |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="osnews-ipsec">{{cite web |
|||
|url = http://www.osnews.com/story/24136/_FBI_Added_Secret_Backdoors_to_OpenBSD_IPSEC_ |
|||
|title = FBI Added Secret Backdoors to OpenBSD IPSEC |
|||
|first = Thom |
|||
|last = Holwerda |
|||
|work = [[OSNews]] |
|||
|date = 14 December 2010 |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="oss-good-for-security">{{cite book |
|||
|url = http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html |
|||
|title = Secure Programming for Linux and Unix HOWTO |
|||
|chapter-url = http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/open-source-security.html |
|||
|chapter = 2.4. Is Open Source Good for Security? |
|||
|first = David A. |
|||
|last = Wheeler |
|||
|date = 3 March 2003 |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="pf-book">{{cite book |
|||
|title = The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly and OpenBSD |
|||
|year = 2006 |
|||
|publisher = Reed Media Services |
|||
|isbn = 0-9790342-0-5 |
|||
|url = http://www.reedmedia.net/books/pf-book/ |
|||
|access-date = 19 May 2016 |
|||
}}</ref> |
|||
<ref name="pf-design-paper">{{cite conference |
|||
|url = https://www.usenix.org/legacy/event/usenix02/tech/freenix/hartmeier.html |
|||
|title = Design and Performance of the OpenBSD Stateful Packet Filter (pf) |
|||
|first = Daniel |
|||
|last = Hartmeier |
|||
|conference = [[USENIX]] Annual Technical Conference |
|||
|location = Monterey, California |
|||
|date = 10 June 2002 |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="plat">{{cite web |
|||
|url = http://www.openbsd.org/plat.html |
|||
|title = Platforms |
|||
|work = OpenBSD |
|||
|access-date = 3 September 2016 |
|||
}}</ref> |
|||
<ref name="policy">{{cite web |
|||
|url = http://www.openbsd.org/policy.html |
|||
|title = Copyright Policy |
|||
|work = OpenBSD |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="privilege-separated-openssh">{{cite web |
|||
|first = Niels |
|||
|last = Provos |
|||
|author-link = Niels Provos |
|||
|url = http://www.citi.umich.edu/u/provos/ssh/privsep.html |
|||
|title = Privilege Separated OpenSSH |
|||
|date = 9 August 2003 |
|||
|access-date = 13 December 2011 |
|||
|archive-url = https://web.archive.org/web/20120102075206/http://www.citi.umich.edu/u/provos/ssh/privsep.html |
|||
|archive-date = 2 January 2012 |
|||
|url-status = dead |
|||
}}</ref> |
|||
<ref name="register_rain_cash">{{cite web |
|||
|last1=McAllister |
|||
|first1=Neil |
|||
|title=Microsoft rains cash on OpenBSD Foundation, becomes top 2015 donor |
|||
|url=https://www.theregister.co.uk/2015/07/08/microsoft_donates_to_openbsd_foundation/ |
|||
|website=The Register |
|||
|access-date=27 May 2016 |
|||
|date=8 July 2015 |
|||
}}</ref> |
|||
<ref name="rtmx">{{cite web |
|||
|url = http://www.rtmx.com/ |
|||
|title = RTMX O/S IEEE Real Time POSIX Operating Systems |
|||
|work = RTMX |
|||
|access-date = 13 December 2011 |
|||
|quote = RTMX O/S is a product extension to OpenBSD Unix-like operating system with emphasis on embedded, dedicated applications. |
|||
}}</ref> |
|||
<ref name="security">{{cite web |
|||
|url = http://www.openbsd.org/security.html |
|||
|title = Security |
|||
|work = OpenBSD |
|||
|access-date = 13 December 2011 |
|||
|quote = Secure by Default. |
|||
}}</ref> |
|||
<ref name="slashdot_financial_danger">{{cite web |
|||
|title = OpenBSD Project in Financial Danger |
|||
|url = http://slashdot.org/story/06/03/21/1555243/openbsd-project-in-financial-danger |
|||
|work = [[Slashdot]] |
|||
|date = 21 March 2006 |
|||
|access-date = 12 December 2014 |
|||
}}</ref> |
|||
<ref name="slashdot_mozilla_donate">{{cite web |
|||
|title = Mozilla Foundation Donates $10K to OpenSSH |
|||
|url = http://slashdot.org/story/06/04/04/1820228/mozilla-foundation-donates-10k-to-openssh |
|||
|publisher = [[Slashdot]] |
|||
|date = 4 April 2006 |
|||
|access-date = 12 December 2014 |
|||
}}</ref> |
|||
<ref name="smith2013">{{cite web |
|||
|url=http://distrowatch.com/weekly.php?issue=20131118#feature |
|||
|title=OpenBSD 5.4: Puffy on the Desktop |
|||
|last=Smith |
|||
|first=Jesse |
|||
|date=18 November 2013 |
|||
|archive-url=https://web.archive.org/web/20140429012159/http://distrowatch.com/weekly.php?issue=20131118#feature |
|||
|archive-date=29 April 2014 |
|||
|url-status=live |
|||
}}</ref> |
|||
<ref name="staying-cutting-edge">{{cite web |
|||
|url = http://www.theage.com.au/articles/2004/10/07/1097089476287.html |
|||
|title = Staying on the cutting edge |
|||
|first = Sam |
|||
|last = Varghese |
|||
|work = [[The Age]] |
|||
|date = 8 October 2004 |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="strlcpy-strlcat-paper">{{cite conference |
|||
|first1 = Todd C. |
|||
|last1 = Miller |
|||
|first2 = Theo |
|||
|last2 = De Raadt |
|||
|author-link2 = Theo de Raadt |
|||
|url = http://www.usenix.org/events/usenix99/millert.html |
|||
|title = strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation |
|||
|conference = [[USENIX]] Annual Technical Conference |
|||
|location = Monterey, California |
|||
|date = 6 June 1999 |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
<ref name="survey">{{cite report |
|||
|url = http://www.bsdcertification.org/downloads/pr-20051031-usage-survey-en-en.pdf |
|||
|title = BSD Usage Survey |
|||
|publisher = The BSD Certification Group |
|||
|date = 31 October 2005 |
|||
|access-date = 16 September 2012 |
|||
|page = 9 |
|||
}}</ref> |
|||
<ref name="thehostingnews_godaddy_donate">{{cite web |
|||
|title = GoDaddy.com Donates $10K to Open Source Development Project |
|||
|url = http://www.thehostingnews.com/article2217.html |
|||
|work = The Hosting News |
|||
|date = 19 April 2006 |
|||
|url-status = dead |
|||
|archive-url = https://web.archive.org/web/20061111090358/http://www.thehostingnews.com/article2217.html |
|||
|archive-date = 11 November 2006 |
|||
}}</ref> |
|||
<ref name="vantronix">{{cite web |
|||
|url = http://www.vantronix.com/ |
|||
|title = .vantronix secure system |
|||
|work = Compumatica secure networks |
|||
|access-date = 13 December 2011 |
|||
|quote = The Next Generation Firewall is not a standalone device, it is a Router for operation in security critical environments with high requirements for availability, comprehensive support as well as reliable and trusted systems powered by OpenBSD. |
|||
|url-status = dead |
|||
|archive-url = https://web.archive.org/web/20120101215138/http://www.vantronix.com/ |
|||
|archive-date = 1 January 2012 |
|||
|df = dmy-all |
|||
}}</ref> |
|||
<ref name="xenocara">{{cite web |
|||
|url = https://xenocara.org/ |
|||
|title = About Xenocara |
|||
|work = Xenocara |
|||
|access-date = 13 December 2011 |
|||
}}</ref> |
|||
}} |
|||
== External links == |
|||
* {{Official website}} |
|||
* [https://github.com/openbsd GitHub mirror] |
|||
* [https://man.openbsd.org OpenBSD manual pages] |
|||
* [http://ports.su/ OpenBSD ports & packages] ([http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/ latest]) |
|||
* [http://BXR.SU/OpenBSD/ OpenBSD source code search] |
|||
{{OpenBSD |state=expanded}} |
|||
{{Berkeley Software Distribution}} |
|||
{{Unix-like}} |
|||
{{Authority control}} |
|||
[[Category:OpenBSD]] |
|||
[[Category:Cryptographic software]] |
|||
[[Category:Free software programmed in C]] |
|||
[[Category:Lightweight Unix-like systems]] |
|||
[[Category:OpenBSD software using the ISC license]] |
|||
[[Category:PowerPC operating systems]] |
|||
[[Category:Software forks]] |
|||
[[Category:Software using the BSD license]] |
|||
[[Category:1996 software]] |
|||
[[Category:ARM operating systems]] |
|||
[[Category:IA-32 operating systems]] |
|||
[[Category:X86-64 operating systems]] |
|||
[[Category:Non-profit organizations based in Alberta|Foundation]] |
|||
[[Category:Free software project foundations|Foundation]] |
|||
[[Category:Monolithic kernels]] |
Latest revision as of 15:26, 20 November 2024
Developer | Theo de Raadt et al. |
---|---|
Written in | C, assembly, Perl, Unix shell |
OS family | Unix-like (BSD) |
Working state | Current |
Source model | Free software |
Initial release | July 1996 |
Latest release | 7.6 (8 October 2024[±] | )
Repository | |
Package manager | OpenBSD package tools[1] |
Platforms | Alpha, x86-64, ARMv7, ARMv8 (64-bit), PA-RISC, IA-32, LANDISK, Loongson, Omron LUNA-88K, MIPS64, macppc, PowerPC, 64-bit RISC-V, SPARC64[2] |
Kernel type | Monolithic |
Userland | BSD |
Default user interface | Modified pdksh, X11 (FVWM) |
License | BSD, ISC, other permissive licenses[3] |
Official website | www |
OpenBSD is a security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0.[4] The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.[5]
The OpenBSD project maintains portable versions of many subsystems as packages for other operating systems. Because of the project's preferred BSD license, which allows binary redistributions without the source code, many components are reused in proprietary and corporate-sponsored software projects. The firewall code in Apple's macOS is based on OpenBSD's PF firewall code,[6] Android's Bionic C standard library is based on OpenBSD code,[7] LLVM uses OpenBSD's regular expression library,[8] and Windows 10 uses OpenSSH (OpenBSD Secure Shell) with LibreSSL.[9]
The word "open" in the name OpenBSD refers to the availability of the operating system source code on the Internet, although the word "open" in the name OpenSSH means "OpenBSD". It also refers to the wide range of hardware platforms the system supports.[10] OpenBSD supports a variety of system architectures including x86-64, IA-32, ARM, PowerPC, and 64-bit RISC-V.
History
[edit]In December 1994, Theo de Raadt, a founding member of the NetBSD project, was asked to resign from the NetBSD core team over disagreements and conflicts with the other members of the NetBSD team.[11][4] In October 1995, De Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed by OpenBSD 2.0 in October of the same year.[12] Since then, the project has issued a release every six months, each of which is supported for one year.
On 25 July 2007, OpenBSD developer Bob Beck announced the formation of the OpenBSD Foundation, a Canadian non-profit organization formed to "act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."[13]
In 2024, it announced that the project has modified all files since the original import.[14]
Usage statistics
[edit]It is hard to determine how widely OpenBSD is used, because the developers do not publish or collect usage statistics.
In September 2005, the BSD Certification Group surveyed 4330 individual BSD users, showing that 32.8% used OpenBSD,[15] behind FreeBSD with 77%, ahead of NetBSD with 16.3% and DragonFly BSD with 2.6%[note 1]. However, the authors of this survey clarified that it is neither "exhaustive" nor "completely accurate", since the survey was spread mainly through mailing lists, forums and word of mouth. This combined with other factors, like the lack of a control group, a pre-screening process or significant outreach outside of the BSD community, makes the survey unreliable for judging BSD usage globally.
Uses
[edit]Network appliances
[edit]OpenBSD features a robust TCP/IP networking stack, and can be used as a router[16] or wireless access point.[17] OpenBSD's security enhancements, built-in cryptography, and packet filter make it suitable for security purposes such as firewalls,[18] intrusion-detection systems, and VPN gateways.
Several proprietary systems are based on OpenBSD, including devices from Armorlogic (Profense web application firewall), Calyptix Security,[19] GeNUA,[20] RTMX,[21] and .vantronix.[22]
Other operating systems
[edit]Some versions of Microsoft's Services for UNIX, an extension to the Windows operating system to provide Unix-like functionality, use much of the OpenBSD code base that is included in the Interix interoperability suite,[23][24] developed by Softway Systems Inc., which Microsoft acquired in 1999.[25][26] Core Force, a security product for Windows, is based on OpenBSD's pf firewall.[27] The pf firewall is also found in other operating systems: including FreeBSD,[28] and macOS.[29]
Personal computers
[edit]OpenBSD ships with Xenocara,[30] an implementation of the X Window System, and is suitable as a desktop operating system for personal computers, including laptops.[31][32]: xl As of September 2018[update], OpenBSD includes approximately 8000 packages in its software repository,[33] including desktop environments such as Lumina, GNOME, KDE Plasma, and Xfce, and web browsers such as Firefox and Chromium.[34] The project also includes three window managers in the main distribution: cwm, FVWM (part of the default configuration for Xenocara), and twm.[35]
Servers
[edit]OpenBSD features a full server suite and can be configured as a mail server, web server, FTP server, DNS server, router, firewall, NFS file server, or any combination of these. Since version 6.8, OpenBSD has also shipped with native in-kernel WireGuard support.[36][37]
Security
[edit]Shortly after OpenBSD was created, De Raadt was contacted by a local security software company named Secure Networks (later acquired by McAfee).[38][39] The company was developing a network security auditing tool called Ballista,[note 2] which was intended to find and exploit software security flaws. This coincided with De Raadt's interest in security, so the two cooperated leading up to the release of OpenBSD 2.3.[40] This collaboration helped to define security as the focus of the OpenBSD project.[41]
OpenBSD includes numerous features designed to improve security, such as:
- Secure alternatives to POSIX functions in the C standard library, such as
strlcat
forstrcat
andstrlcpy
forstrcpy
[42] - Toolchain alterations, including a static bounds checker[43]
- Memory protection techniques to guard against invalid accesses, such as ProPolice and the W^X page protection feature
- Strong cryptography and randomization[44]
- System call and filesystem access restrictions to limit process capabilities[45]
To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation, many programs have been written or adapted to make use of privilege separation, privilege revocation and chrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by the principle of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.[46] Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of the file system, prohibiting it from accessing areas that contain private or system files. Developers have applied these enhancements to OpenBSD versions of many common applications, such as tcpdump, file, tmux, smtpd, and syslogd.[47]
OpenBSD developers were instrumental in the creation and development of OpenSSH (aka OpenBSD Secure Shell), which is developed in the OpenBSD CVS repositories. OpenBSD Secure Shell is based on the original SSH.[48] It first appeared in OpenBSD 2.6 and is now by far the most popular SSH client and server, available on many operating systems.[49]
The project has a policy of continually auditing source code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted." He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment the compiler to warn against this specific problem."[50]
Security record
[edit]The OpenBSD website features a prominent reference to the system's security record. Until June 2002, it read:
Five years without a remote hole in the default install!
In June 2002, Mark Dowd of Internet Security Systems disclosed a bug in the OpenSSH code implementing challenge–response authentication.[51] This vulnerability in the OpenBSD default installation allowed an attacker remote access to the root account, which was extremely serious not only to OpenBSD, but also to the large number of other operating systems that were using OpenSSH by that time.[52] This problem necessitated the adjustment of the slogan on the OpenBSD website to:
One remote hole in the default install, in nearly 6 years!
The quote remained unchanged as time passed, until on 13 March 2007, when Alfredo Ortega of Core Security Technologies disclosed a network-related remote vulnerability.[53] The quote was subsequently changed to:
Only two remote holes in the default install, in a heck of a long time!
This statement has been criticized because the default install contains few running services, and many use cases require additional services.[54] Also, because the ports tree contains unaudited third-party software, it is easy for users to compromise security by installing or improperly configuring packages. However, the project maintains that the slogan is intended to refer to a default install and that it is correct by that measure.
One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean, and secure by default. The default install is quite minimal, which the project states is to ensure novice users "do not need to become security experts overnight",[55] which fits with open-source and code auditing practices considered important elements of a security system.[56] Additional services are to be enabled manually to make users think of the security implications first.
Alleged backdoor
[edit]On 11 December 2010, Gregory Perry, a former technical consultant for the Federal Bureau of Investigation (FBI), emailed De Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years prior to insert backdoors into the OpenBSD Cryptographic Framework. De Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase.[57][58] De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors was found.[59] De Raadt stated "I believe that NetSec was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product."[60]
Criticisms
[edit]In December 2017, Ilja van Sprundel, director at IOActive, gave a talk at the CCC[61] as well as DEF CON,[62] entitled "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities", in which he stated that although OpenBSD was the clear winner of the BSDs in terms of security, "Bugs are still easy to find in those kernels, even in OpenBSD".
Two years later, in 2019, a talk named "A systematic evaluation of OpenBSD's mitigations" was given[63] at the CCC, arguing that while OpenBSD has some effective mitigations, a significant part of them are "useless at best and based on pure luck and superstition", arguing for a more rational approach when it comes to designing them.[64]
Subprojects
[edit]Many open source projects started as components of OpenBSD, including:
- bioctl, a generic RAID management interface similar to ifconfig
- CARP, a free alternative to Cisco's patented HSRP/VRRP redundancy protocols
- cwm, a stacking window manager
- doas, a safer replacement for sudo
- OpenBSD httpd,[65][66] an implementation of httpd
- hw.sensors, a sensors framework used by over 100 drivers
- LibreSSL, an implementation of the SSL and TLS protocols, forked from OpenSSL 1.0.1g[67]
- OpenBGPD, an implementation of BGP-4[68]
- OpenIKED, an implementation of IKEv2[69]
- OpenNTPD, a simpler alternative to ntp.org's NTP daemon[70]
- OpenOSPFD, an implementation of OSPF[68]
- OpenSMTPD, an SMTP daemon with IPv4/IPv6, PAM, Maildir, and virtual domains support[71]
- OpenSSH, an implementation of SSH[72]
- PF, an IPv4/IPv6 stateful firewall with NAT, PAT, QoS and traffic normalization support
- pfsync, a firewall state synchronization protocol for PF with high availability support using CARP
- sndio, a compact audio and MIDI framework
- spamd, a spam filter with greylisting support designed to inter-operate with PF
- Xenocara, a customized X.Org build infrastructure[30]
Some subsystems have been integrated into other BSD operating systems,[73][74][75] and many are available as packages for use in other Unix-like systems.[76][77][78]
Linux administrator Carlos Fenollosa commented on moving from Linux to OpenBSD that the system is faithful to the Unix philosophy of small, simple tools that work together well: "Some base components are not as feature-rich, on purpose. Since 99% of the servers don't need the flexibility of Apache, OpenBSD's httpd will work fine, be more secure, and probably faster".[79] He characterized the developer community's attitude to components as: "When the community decides that some module sucks, they develop a new one from scratch. OpenBSD has its own NTPd, SMTPd and, more recently, HTTPd. They work great".[79] As a result, OpenBSD is relatively prolific in creating components that become widely reused by other systems.
OpenBSD runs nearly all of its standard daemons within chroot and privsep security structures by default, as part of hardening the base system.[79]
The Calgary Internet Exchange was formed in 2012, in part to serve the needs of the OpenBSD project.[80]
In 2017, Isotop,[81] a French project aiming to adapt OpenBSD to desktops and laptops, using xfce then dwm, started to be developed.[82]
Third-party components
[edit]OpenBSD includes a number of third-party components, many with OpenBSD-specific patches,[34] such as X.Org, Clang[83] (the default compiler on several architectures), GCC,[43][note 3] Perl, NSD, Unbound, ncurses, GNU binutils, GDB, and AWK.
Development
[edit]Development is continuous, and team management is open and tiered. Anyone with appropriate skills may contribute, with commit rights being awarded on merit and De Raadt acting as coordinator.[32]: xxxv Two official releases are made per year, with the version number incremented by 0.1,[84] and these are each supported for twelve months (two release cycles).[85] Snapshot releases are also available at frequent intervals.
Maintenance patches for supported releases may be applied using syspatch, manually or by updating the system against the patch branch of the CVS source repository for that release.[86] Alternatively, a system administrator may opt to upgrade to the next snapshot release using sysupgrade, or by using the -current branch of the CVS repository, in order to gain pre-release access to recently added features. The sysupgrade tool can also upgrade to the latest stable release version.
The generic OpenBSD kernel provided by default is strongly recommended for end users, in contrast to operating systems that recommend user kernel customization.[87]
Packages outside the base system are maintained by CVS through a ports tree and are the responsibility of the individual maintainers, known as porters. As well as keeping the current branch up to date, porters are expected to apply appropriate bug-fixes and maintenance fixes to branches of their package for OpenBSD's supported releases. Ports are generally not subject to the same continuous auditing as the base system due to lack of manpower.
Binary packages are built centrally from the ports tree for each architecture. This process is applied for the current version, for each supported release, and for each snapshot. Administrators are recommended to use the package mechanism rather than build the package from the ports tree, unless they need to perform their own source changes.
OpenBSD's developers regularly meet at special events called hackathons,[88] where they "sit down and code", emphasizing productivity.[89]
Most new releases include a song.[90]
Open source and open documentation
[edit]OpenBSD is known for its high-quality documentation.[91][92]
When OpenBSD was created, De Raadt decided that the source code should be available for anyone to read. At the time, a small team of developers generally had access to a project's source code.[93] Chuck Cranor[94] and De Raadt concluded this practice was "counter to the open source philosophy" and inconvenient to potential contributors. Together, Cranor and De Raadt set up the first public, anonymous revision control system server. De Raadt's decision allowed users to "take a more active role", and established the project's commitment to open access.[93] OpenBSD is notable for its continued use of CVS (more precisely an unreleased, OpenBSD-managed fork named OpenCVS), when most other projects that used it have migrated to other systems.[95]
OpenBSD does not include closed source binary drivers in the source tree, nor does it include code requiring the signing of non-disclosure agreements.[96] According to the GNU Project, OpenBSD includes small "blobs" of proprietary object code as device firmware.[97]
Since OpenBSD is based in Canada, no United States export restrictions on cryptography apply, allowing the distribution to make full use of modern algorithms for encryption. For example, the swap space is divided into small sections and each section is encrypted with its own key, ensuring that sensitive data does not leak into an insecure part of the system.[18]
OpenBSD randomizes various behaviors of applications, making them less predictable and thus more difficult to attack. For example, PIDs are created and associated randomly to processes; the bind
system call uses random port numbers; files are created with random inode numbers; and IP datagrams have random identifiers.[98] This approach also helps expose bugs in the kernel and in user space programs.
The OpenBSD policy on openness extends to hardware documentation: in the slides for a December 2006 presentation, De Raadt explained that without it "developers often make mistakes writing drivers", and pointed out that "the [oh my god, I got it to work] rush is harder to achieve, and some developers just give up."[99] He went on to say that vendor-supplied binary drivers are unacceptable for inclusion in OpenBSD, that they have "no trust of vendor binaries running in our kernel" and that there is "no way to fix [them] ... when they break."[99]
Licensing
[edit]OpenBSD maintains a strict license policy,[3] preferring the ISC license and other variants of the BSD license. The project attempts to "maintain the spirit of the original Berkeley Unix copyrights," which permitted a "relatively un-encumbered Unix source distribution."[3] The widely used Apache License and GNU General Public License are considered overly restrictive.[100]
In June 2001, triggered by concerns over Darren Reed's modification of IPFilter's license wording, a systematic license audit of the OpenBSD ports and source trees was undertaken.[101] Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the license. To ensure that all licenses were properly adhered to, an attempt was made to contact all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, such as the multicast routing tools mrinfo and map-mbone, were relicensed so that OpenBSD could continue to use them.[102][103] Also removed during this audit was all software produced by Daniel J. Bernstein. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort.[104][105][106]
Because of licensing concerns, the OpenBSD team has reimplemented software from scratch or adopted suitable existing software. For example, OpenBSD developers created the PF packet filter after unacceptable restrictions were imposed on IPFilter. PF first appeared in OpenBSD 3.0[107] and is now available in many other operating systems.[108] OpenBSD developers have also replaced GPL-licensed tools (such as CVS and pkg-config) with permissively licensed equivalents.[109][110]
Funding
[edit]Although the operating system and its portable components are used in commercial products, De Raadt says that little of the funding for the project comes from the industry: "traditionally all our funding has come from user donations and users buying our CDs (our other products don't really make us much money). Obviously, that has not been a lot of money."[84]
For a two-year period in the early 2000s, the project received funding from DARPA, which "paid the salaries of 5 people to work completely full-time, bought about $30k in hardware, and paid for 3 hackathons", from the POSSE project.[84]
In 2006, the OpenBSD project experienced financial difficulties.[111] The Mozilla Foundation[112] and GoDaddy[113] are among the organizations that helped OpenBSD to survive. However, De Raadt expressed concern about the asymmetry of funding: "I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15-to-1 dollar ratio in favor of the little people. Thanks a lot, little people!"[84]
On 14 January 2014, Bob Beck issued a request for funding to cover electrical costs. If sustainable funding was not found, Beck suggested the OpenBSD project would shut down.[114] The project soon received a US$20,000 donation from Mircea Popescu, the Romanian creator of the MPEx bitcoin stock exchange, paid in bitcoins.[115] The project raised US$150,000[116] in response to the appeal, enabling it to pay its bills and securing its short-term future.[115]
OpenBSD Foundation
[edit]Formation | July 25, 2007 |
---|---|
Founder | OpenBSD developers |
Legal status | Nonprofit organization |
Location | |
Website | www |
ASN |
The OpenBSD Foundation is a Canadian federal non-profit organization founded by the OpenBSD project as a "single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."[117] It was announced to the public by OpenBSD developer Bob Beck on 25 July 2007. It also serves as a legal safeguard over other projects which are affiliated with OpenBSD, including OpenSSH, OpenBGPD, OpenNTPD, OpenCVS, OpenSMTPD and LibreSSL.[118]
Since 2014, several large contributions to the OpenBSD Foundation have come from corporations such as Microsoft,[119] Facebook, and Google as well as the Core Infrastructure Initiative.[120]
In 2015, Microsoft became the foundation's first gold level contributor[121] donating between $25,000-50,000 to support development of OpenSSH, which had been integrated into PowerShell in July, and later into Windows Server in 2018.[122] Other contributors include Google, Facebook and DuckDuckGo.[123]
During the 2016 and 2017 fundraising campaigns, Smartisan, a Chinese company, was the leading financial contributor to the OpenBSD Foundation.[124][125]
Distribution
[edit]OpenBSD is freely available in various ways: the source can be retrieved by anonymous CVS,[126] and binary releases and development snapshots can be downloaded by FTP, HTTP, and rsync.[127] Prepackaged CD-ROM sets through version 6.0 can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, have been one of the project's few sources of income, funding hardware, Internet service, and other expenses.[128] Beginning with version 6.1, CD-ROM sets are no longer released.
OpenBSD provides a package management system for easy installation and management of programs which are not part of the base operating system.[129] Packages are binary files which are extracted, managed and removed using the package tools. On OpenBSD, the source of packages is the ports system, a collection of Makefiles and other infrastructure required to create packages. In OpenBSD, the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 4.6 are not suitable for use with 4.5 and vice versa.[129]
Songs and artwork
[edit]Initially, OpenBSD used a haloed version of the BSD daemon mascot drawn by Erick Green, who was asked by De Raadt to create the logo for the 2.3 and 2.4 versions of OpenBSD. Green planned to create a full daemon, including head and body, but only the head was completed in time for OpenBSD 2.3. The body as well as pitchfork and tail was completed for OpenBSD 2.4.[130]
Subsequent releases used variations such as a police daemon by Ty Semaka,[131] but eventually settled on a pufferfish named Puffy.[132] Since then, Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork.
The promotional material of early OpenBSD releases did not have a cohesive theme or design, but later the CD-ROMs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the Plaid Tongued Devils.[90] These have become a part of OpenBSD advocacy, with each release expounding a moral or political point important to the project, often through parody.[133]
Themes have included Puff the Barbarian in OpenBSD 3.3, which included an 80s rock song and parody of Conan the Barbarian alluding to open documentation,[90] The Wizard of OS in OpenBSD 3.7, related to the project's work on wireless drivers, and Hackers of the Lost RAID, a parody of Indiana Jones referencing the new RAID tools in OpenBSD 3.8.
Releases
[edit]The following table summarizes the version history of the OpenBSD operating system.
Legend: | Old version, not maintained | Old version, still maintained | Current stable version | Future release |
---|
Version | Release date | Supported until | Significant changes |
---|---|---|---|
1.1 | 18 October 1995 |
| |
1.2 | 1 July 1996 |
| |
2.0 | 1 October 1996 | ||
2.1 | 1 June 1997 | Replacement of the older sh with pdksh.[137] | |
2.2 | 1 December 1997 | Addition of the afterboot(8) man page.[138]
| |
2.3 | 19 May 1998 | Introduced the haloed daemon, or aureola beastie, in head-only form created by Erick Green.[139] | |
2.4 | 1 December 1998 | Featured the complete haloed daemon, with trident and a finished body.[140] | |
2.5 | 19 May 1999 | Introduced the Cop daemon image done by Ty Semaka.[141] | |
2.6 | 1 December 1999 | Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite.[142] | |
2.7 | 15 June 2000 | Support for SSH2 added to OpenSSH.[143] | |
2.8 | 1 December 2000 | isakmpd(8) [144]
| |
2.9 | 1 June 2001 |
Filesystem performance increases from softupdates and dirpref code.[145] | |
3.0 | 1 December 2001 |
E-Railed (OpenBSD Mix),[146] a techno track performed by the release mascot Puff Daddy, the famed rapper and political icon.
| |
3.1 | 19 May 2002 | Systemagic,[147] where Puffy, the Kitten Slayer, battles evil script kitties. Inspired by the works of Rammstein and a parody of Buffy the Vampire Slayer.
| |
3.2 | 1 November 2002 | Goldflipper,[149] a tale in which James Pond, agent 077, super spy and suave lady's man, deals with the dangers of a hostile internet. Styled after the orchestral introductory ballads of James Bond films. | |
3.3 | 1 May 2003 |
Puff the Barbarian,[150] born in a tiny bowl; Puff was a slave, now he hacks through the C, searching for the Hammer. It is an 80s rock-style song and parody of Conan the Barbarian dealing with open documentation.
| |
3.4 | 1 November 2003 |
The Legend of Puffy Hood where Sir Puffy of Ramsay,[151] a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all. Tells of the POSSE project's cancellation. An unusual blend of both hip-hop and medieval-style music, a parody of the tale of Robin Hood intended to express OpenBSD's attitude to free speech.
| |
3.5 | 1 May 2004 |
CARP License and Redundancy must be free,[155] where a fish seeking to license his free redundancy protocol, CARP, finds trouble with the red tape. A parody of the Fish Licence skit and Eric the Half-a-Bee Song by Monty Python, with an anti-software patents message.
| |
3.6 | 1 November 2004 |
Pond-erosa Puff (live) was the tale of Pond-erosa Puff,[162] a no-guff freedom fighter from the wild west, set to hang a lickin' on no-good bureaucratic nerds who encumber software with needless words and restrictions. The song was styled after the works of Johnny Cash, a parody of the Spaghetti Western and Clint Eastwood and inspired by liberal license enforcement.
| |
3.7 | 19 May 2005 | The Wizard of OS,[165] where Puffathy, a little Alberta girl, must work with Taiwan to save the day by getting unencumbered wireless. This release was styled after the works of Pink Floyd and a parody of The Wizard of Oz; this dealt with wireless hacking.[166] | |
3.8 | 1 November 2005 | 1 November 2006 | Hackers of the Lost RAID,[167] which detailed the exploits of Puffiana Jones, famed hackologist and adventurer, seeking out the Lost RAID, Styled after the radio serials of the 1930s and 40s, this was a parody of Indiana Jones and was linked to the new RAID tools featured as part of this release. This is the first version released without the telnet daemon which was completely removed from the source tree by Theo de Raadt in May 2005.[168] |
3.9 | 1 May 2006 | 1 May 2007 |
Attack of the Binary BLOB,[170] which chronicles the developer's fight against binary blobs and vendor lock-in,[171] a parody of the 1958 film The Blob and the pop-rock music of the era. |
4.0 | 1 November 2006 | 1 November 2007 | Humppa Negala,[172] a Hava Nagilah parody with a portion of Entrance of the Gladiators and Humppa music fused together, with no story behind it, simply a homage to one of the OpenBSD developers' favorite genres of music.[173] |
4.1 | 1 May 2007 | 1 May 2008 | Puffy Baba and the 40 Vendors,[175] a parody of the Arabic fable Ali Baba and the Forty Thieves, part of the book of One Thousand and One Nights, in which Linux developers are mocked over their allowance of non-disclosure agreements when developing software while at the same time implying hardware vendors are criminals for not releasing documentation required to make reliable device drivers.[176]
|
4.2 | 1 November 2007 | 1 November 2008 | 100001 1010101,[179] the Linux kernel developers gets a knock for violating the ISC-style license of OpenBSD's open hardware abstraction layer for Atheros wireless cards.
|
4.3 | 1 May 2008 | 1 May 2009 | Home to Hypocrisy[181][182] |
4.4 | 1 November 2008 | 18 October 2009 |
Trial of the BSD Knights,[183] summarizes the history of BSD including the USL v. BSDi lawsuit. The song was styled after the works of Star Wars.
|
4.5 | 1 May 2009 | 19 May 2010 | Games. It was styled after the works of Tron.[186]
|
4.6 | 18 October 2009 | 1 November 2010 | Planet of the Users.[189] In the style of Planet of the Apes, Puffy travels in time to find a dumbed-down dystopia, where "one very rich man runs the earth with one multinational". Open-source software has since been replaced by one-button computers, one-channel televisions, and closed-source software which, after you purchase it, becomes obsolete before you have a chance to use it. People subsist on soylent green. The theme song is performed in the reggae rock style of The Police.
|
4.7 | 19 May 2010 | 1 May 2011 | I'm Still Here [190] |
4.8 | 1 November 2010 | 1 November 2011 | El Puffiachi.[191][192]
|
4.9 | 1 May 2011 | 1 May 2012 | The Answer.[193]
|
5.0 | 1 November 2011 | 1 November 2012 | What Me Worry?.[194] |
5.1 | 1 May 2012 | 1 May 2014 | Bug Busters. The song was styled after the works of Ghostbusters.[195] |
5.2 | 1 November 2012 | 1 November 2013 | Aquarela do Linux.[196]
|
5.3 | 1 May 2013 | 1 May 2014 | Blade Swimmer. The song was styled after the works of Roy Lee, a parody of Blade Runner.[197]
|
5.4 | 1 November 2013 | 1 November 2014 | Our favorite hacks, a parody of My Favorite Things.[198] |
5.5 | 1 May 2014 | 1 May 2015 | Wrap in Time.[199]
|
5.6 | 1 November 2014 | 18 October 2015 | Ride of the Valkyries.[200]
|
5.7 | 1 May 2015 | 29 March 2016 | Source Fish.[201]
|
5.8 | 18 October 2015 | 1 September 2016 | 20 years ago today, Fanza, So much better, A Year in the Life.[202] (20th anniversary release[203])
|
5.9 | 29 March 2016 | 11 April 2017 | Doctor W^X, Systemagic (Anniversary Edition).[204]
|
6.0 | 1 September 2016 | 9 October 2017 | Another Smash of the Stack, Black Hat, Money, Comfortably Dumb (the misc song), Mother, Goodbye and Wish you were Secure, Release songs parodies of Pink Floyd's The Wall, Comfortably Numb and Wish You Were Here.[205] |
6.1 | 11 April 2017 | 15 April 2018 | Winter of 95, a parody of Summer of '69.[208]
|
6.2 | 9 October 2017 | 18 October 2018 | A three-line diff[209]
|
6.3 | 2 April 2018 | 3 May 2019 |
|
6.4 | 18 October 2018 | 17 October 2019 |
|
6.5 | 24 April 2019 | 19 May 2020 |
|
6.6 | 17 October 2019 | 18 October 2020 |
|
6.7 | 19 May 2020 | 1 May 2021 |
|
6.8 | 18 October 2020 | 14 October 2021 |
|
6.9 | 1 May 2021 | 21 April 2022[note 5] |
|
7.0 | 14 October 2021 | 20 October 2022[note 5] | |
7.1 | 21 April 2022 | 10 April 2023[note 5] | |
7.2 | 20 October 2022 | 16 October 2023[note 5] |
|
7.3 | 10 April 2023 | 5 April 2024[note 5] |
|
7.4 | 16 October 2023 | 8 October 2024[note 5] |
|
7.5 | 5 April 2024 | May 2025[note 5] |
|
7.6 | 8 October 2024 | Oct 2025[note 5] |
|
See also
[edit]- Comparison of BSD operating systems
- Comparison of open-source operating systems
- KAME project, responsible for OpenBSD's IPv6 support
- Lumina (desktop environment)
- OpenBSD Journal
- OpenBSD security features
- Security-focused operating system
- Unix security
Notes
[edit]- ^ a b Multiple selections were permitted as users may use multiple BSD variants side by side.
- ^ Later renamed to Cybercop Scanner after SNI was purchased by Network Associates.
- ^ As of OpenBSD 6.3[update], either Clang 5.0.1, GCC 4.2.1 or GCC 3.3.6 is shipped, depending on the platform.[83][43]
- ^ Compare release history of NetBSD, which OpenBSD branched from
- ^ a b c d e f g h OpenBSD is released roughly every 6 months targeting May and November and only the latest two releases receive security and reliability fixes for the base system.[214]
References
[edit]- ^ "Package Management". OpenBSD Frequently Asked Questions. Retrieved 1 June 2016.
- ^ "Platforms". OpenBSD. Retrieved 3 September 2016.
- ^ a b c "Copyright Policy". OpenBSD. Retrieved 13 December 2011.
- ^ a b de Raadt, Theo (29 March 2009). "Archive of the mail conversation leading to Theo de Raadt's departure". Retrieved 15 January 2010.
- ^ OpenBSD Project (19 May 2020). "OpenBSD". OpenBSD.org. Retrieved 12 October 2020.
- ^ "Murus App, Apple PF for macOS from OpenBSD".
- ^ "Android's C Library Has 173 Files of Unchanged OpenBSD Code". Retrieved 8 October 2018.
- ^ "LLVM Release License". Retrieved 8 October 2018.
- ^ "OpenSSH for Windows". Retrieved 8 October 2018.
- ^ Grimes, Roger A. (29 December 2006). "New year's resolution No. 1: Get OpenBSD". InfoWorld.
- ^ Glass, Adam (23 December 1994). "Theo De Raadt". netbsd-users (Mailing list).
- ^ De Raadt, Theo (18 October 1996). "The OpenBSD 2.0 release". openbsd-announce (Mailing list).
- ^ "Announcing – The OpenBSD Foundation". OpenBSD Journal. 26 July 2007.
- ^ "'CVS: cvs.openbsd.org: src' - MARC". marc.info. Retrieved 1 November 2024.
- ^ a b BSD Usage Survey (PDF) (Report). The BSD Certification Group. 31 October 2005. p. 9. Retrieved 16 September 2012.
- ^ "OpenBSD PF - Building a Router". Retrieved 8 August 2019.
- ^ "Building an OpenBSD wireless access point". Retrieved 8 August 2019.
- ^ a b McIntire, Tim (8 August 2006). "Take a closer look at OpenBSD". Developerworks. IBM. Retrieved 13 December 2011.
- ^ "AccessEnforcer Model AE800". Calyptix Security. Archived from the original on 2 December 2020. Retrieved 28 May 2016.
- ^ "High Resistance Firewall genugate". GeNUA. Archived from the original on 19 September 2020. Retrieved 29 May 2016.
- ^ "RTMX O/S IEEE Real Time POSIX Operating Systems". RTMX. Retrieved 13 December 2011.
RTMX O/S is a product extension to OpenBSD Unix-like operating system with emphasis on embedded, dedicated applications.
- ^ ".vantronix secure system". Compumatica secure networks. Archived from the original on 1 January 2012. Retrieved 13 December 2011.
The Next Generation Firewall is not a standalone device, it is a Router for operation in security critical environments with high requirements for availability, comprehensive support as well as reliable and trusted systems powered by OpenBSD.
- ^ Dohnert, Roberto J. (21 January 2004), "Review of Windows Services for UNIX 3.5", OSNews, David Adams, archived from the original on 11 February 2008
- ^ Reiter, Brian (26 January 2010). "WONTFIX: select(2) in SUA 5.2 ignores timeout". brianreiter.org.
- ^ "Microsoft Acquires Softway Systems To Strengthen Future Customer Interoperability Solutions", Microsoft News Center, Microsoft, 17 September 1999
- ^ "Milltech Consulting Inc". 2019. Archived from the original on 18 September 2020. Retrieved 23 June 2020.
- ^ "Core Force", Core Labs, archived from the original on 28 November 2011, retrieved 13 December 2011,
CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation.
- ^ "Chapter 31. Firewalls". The FreeBSD Project. Retrieved 3 December 2021.
- ^ "pf.c". opensource.apple.com. Retrieved 3 December 2021.
- ^ a b "About Xenocara". Xenocara. Retrieved 13 December 2011.
- ^ Tzanidakis, Manolis (21 April 2006). "Using OpenBSD on the desktop". Linux.com. Archived from the original on 5 May 2012. Retrieved 9 March 2012.
- ^ a b Lucas, Michael W. (April 2013). Absolute OpenBSD: Unix for the Practical Paranoid (2nd ed.). San Francisco, California: No Starch Press. ISBN 978-1-59327-476-4.
- ^ "OpenPorts.se Statistics". OpenPorts.se. Archived from the original on 28 September 2020. Retrieved 8 February 2018.
- ^ a b "OpenBSD 6.0". OpenBSD. Retrieved 1 November 2016.
- ^ "The X Windows System". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
OpenBSD ships with the cwm(1), fvwm(1) and twm(1) window managers, [...]
- ^ "OpenBSD 6.8". www.openbsd.org. Retrieved 3 December 2021.
- ^ "WireGuard imported into OpenBSD". undeadly.org. Retrieved 3 December 2021.
- ^ Varghese, Sam (8 October 2004). "Staying on the cutting edge". The Age. Retrieved 13 December 2011.
- ^ Laird, Cameron; Staplin, George Peter (17 July 2003). "The Essence of OpenBSD". ONLamp. Archived from the original on 22 October 2017. Retrieved 13 December 2011.
- ^ De Raadt, Theo (19 December 2005). "2.3 release announcement". openbsd-misc (Mailing list).
Without [SNI's] support at the right time, this release probably would not have happened.
- ^ Wayner, Peter (13 July 2000). "18.3 Flames, Fights, and the Birth of OpenBSD". Free For All: How Linux and the Free Software Movement Undercut the High Tech Titans (1st ed.). HarperBusiness. ISBN 978-0-06-662050-3. Archived from the original on 22 January 2012. Retrieved 13 December 2011.
- ^ Miller, Todd C.; De Raadt, Theo (6 June 1999). strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
- ^ a b c "gcc-local – local modifications to gcc". OpenBSD manual pages. Retrieved 1 November 2016.
- ^ De Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D.; Provos, Niels (6 June 1999). Cryptography in OpenBSD: An Overview. USENIX Annual Technical Conference. Monterey, California. Retrieved 27 May 2016.
- ^ "Pledge() - A New Mitigation Mechanism". Retrieved 8 October 2018.
- ^ Provos, Niels (9 August 2003). "Privilege Separated OpenSSH". Archived from the original on 2 January 2012. Retrieved 13 December 2011.
- ^ "Innovations". OpenBSD. Retrieved 18 May 2016.
Privilege separation: [...] The concept is now used in many OpenBSD programs, for example [...] etc.
- ^ "Project History and Credits". OpenSSH. Retrieved 13 December 2011.
- ^ "SSH usage profiling". OpenSSH. Retrieved 13 December 2011.
- ^ Biancuzzi, Federico (18 March 2004). "An Interview with OpenBSD's Marc Espie". ONLamp. Archived from the original on 4 May 2018. Retrieved 13 December 2011.
- ^ "OpenSSH Remote Challenge Vulnerability". Internet Security Systems. 26 June 2002. Archived from the original on 8 September 2012. Retrieved 17 December 2005.
- ^ "A partial list of affected operating systems". Archived from the original on 6 January 2012.
- ^ "OpenBSD's IPv6 mbufs remote kernel buffer overflow". Core Security Technologies. 13 March 2007.
- ^ Brindle, Joshua (30 March 2008), "Secure doesn't mean anything", Security Blog, retrieved 13 December 2011
- ^ "Security". OpenBSD. Retrieved 13 December 2011.
Secure by Default.
- ^ Wheeler, David A. (3 March 2003). "2.4. Is Open Source Good for Security?". Secure Programming for Linux and Unix HOWTO. Retrieved 13 December 2011.
- ^ De Raadt, Theo (14 December 2010). "Allegations regarding OpenBSD IPSEC". openbsd-tech (Mailing list). Retrieved 28 May 2016.
- ^ Holwerda, Thom (14 December 2010). "FBI Added Secret Backdoors to OpenBSD IPSEC". OSNews. Retrieved 13 December 2011.
- ^ Ryan, Paul (23 December 2010). "OpenBSD code audit uncovers bugs, but no evidence of backdoor". Ars Technica. Retrieved 9 January 2011.
- ^ Schwartz, Mathew J. (22 December 2010). "OpenBSD Founder Believes FBI Built IPsec Backdoor". InformationWeek: DARKreading. Archived from the original on 11 July 2017.
- ^ Van Sprundel, Ilja (December 2017). "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities".
- ^ Van Sprundel, Ilja (July 2017). "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities" (PDF).
- ^ "Lecture: A systematic evaluation of OpenBSD's mitigations". December 2019.
- ^ "Is OpenBSD secure?". 29 December 2019.
- ^ "src/usr.sbin/httpd/". OpenBSD CVSWeb.
- ^ "web/obhttpd: OpenBSD http server". Freshports.
- ^ "LibreSSL". Retrieved 8 August 2019.
- ^ a b "OpenBGPD". Retrieved 8 August 2019.
- ^ "OpenIKED". Archived from the original on 14 May 2017. Retrieved 8 August 2019.
- ^ "OpenNTPD". Retrieved 8 August 2019.
- ^ "OpenSMTPD". Retrieved 8 August 2019.
- ^ "OpenSSH". Retrieved 8 August 2019.
- ^ "Contents of /stable/10/crypto/openssh/README". svnweb.freebsd.org. Retrieved 19 May 2016.
This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
- ^ "src/crypto/external/bsd/openssh/dist/README – view – 1.4". NetBSD CVS Repositories. Retrieved 19 May 2016.
- ^ "dragonfly.git/blob – crypto/openssh/README". gitweb.dragonflybsd.org. Retrieved 19 May 2016.
This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
- ^ "Arch Linux – openssh 7.2p2-1 (x86_64)". Arch Linux. Retrieved 17 May 2016.
- ^ "openssh". OpenSUSE. Retrieved 17 May 2016.
- ^ "Debian – Details of package openssh-client in jessie". Debian. Retrieved 17 May 2016.
- ^ a b c "OpenBSD from a veteran Linux user perspective".
- ^ De Raadt, Theo (18 June 2013). "An Internet Exchange for Calgary" (PDF). Archived from the original (PDF) on 5 October 2013. Retrieved 9 October 2018.
- ^ "3hg | isotop - index". www.3hg.fr. Retrieved 6 May 2022.
- ^ pavroo (17 May 2021). "Isotop". ArchiveOS. Retrieved 6 May 2022.
- ^ a b "clang-local – OpenBSD-specific behavior of LLVM/clang". OpenBSD manual pages. Retrieved 2 February 2018.
- ^ a b c d Andrews, Jeremy (2 May 2006). "Interview: Theo de Raadt". KernelTrap. Archived from the original on 24 April 2013.
- ^ "OpenBSD's flavors". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
- ^ "Applying patches in OpenBSD". OpenBSD Frequently Asked Questions. Retrieved 15 May 2016.
- ^ "Migrating to OpenBSD". OpenBSD Frequently Asked Questions. Retrieved 4 January 2017.
- ^ "Hackathons". OpenBSD. Retrieved 18 May 2016.
- ^ "Interview: Theo de Raadt of OpenBSD". NewsForge. 28 March 2006. Retrieved 31 March 2016.
- ^ a b c "Release Songs". OpenBSD. Retrieved 22 May 2016.
- ^ Chisnall, David (20 January 2006). "BSD: The Other Free UNIX Family". InformIT. Archived from the original on 4 April 2014.
- ^ Smith, Jesse (18 November 2013). "OpenBSD 5.4: Puffy on the Desktop". Archived from the original on 29 April 2014.
- ^ a b Cranor, Chuck D.; De Raadt, Theo (6 June 1999). Opening the Source Repository with Anonymous CVS. USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
- ^ Cranor, Chuck D. "Chuck Cranor's Home Page". Retrieved 13 December 2011.
I also hosted and helped create the first Anonymous CVS server on the Internet (the original anoncvs.openbsd.org [...]
- ^ Fresh, Andrew. "Why OpenBSD Developers Use CVS". Retrieved 30 August 2021.
- ^ "Project Goals". OpenBSD. Retrieved 18 May 2016.
Integrate good code from any source with acceptable licenses. [...], NDAs are never acceptable.
- ^ "Explaining Why We Don't Endorse Other Systems". 10 December 2023. Archived from the original on 23 November 2023. Retrieved 10 December 2023.
- ^ De Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D.; Provos, Niels (6 June 1999). "Randomness Used Inside the Kernel". Cryptography in OpenBSD: An Overview. USENIX Annual Technical Conference. Monterey, California. Retrieved 1 February 2014.
- ^ a b De Raadt, Theo (5 December 2006). "Presentation at OpenCON". OpenBSD. Retrieved 13 December 2011.
- ^ Matzan, Jem (15 June 2005). "BSD cognoscenti on Linux". NewsForge. Linux.com. Retrieved 28 May 2016.
- ^ Gasperson, Tina (6 June 2001). "OpenBSD and ipfilter still fighting over license disagreement". Linux.com. Archived from the original on 26 June 2008.
- ^ "src/usr.sbin/mrinfo/mrinfo.c – view – 1.7". cvsweb.openbsd.org. 31 July 2001. Retrieved 24 May 2016.
New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
- ^ "src/usr.sbin/map-mbone/mapper.c – view – 1.5". cvsweb.openbsd.org. 31 July 2001. Retrieved 24 May 2016.
New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
- ^ De Raadt, Theo (24 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc (Mailing list). Archived from the original on 19 April 2016.
- ^ Bernstein, Daniel J. (27 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc (Mailing list). Archived from the original on 4 February 2012.
- ^ Espie, Marc (28 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc (Mailing list). Archived from the original on 19 April 2016.
- ^ Hartmeier, Daniel (10 June 2002). Design and Performance of the OpenBSD Stateful Packet Filter (pf). USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
- ^ The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly and OpenBSD. Reed Media Services. 2006. ISBN 0-9790342-0-5. Retrieved 19 May 2016.
- ^ "New BSD licensed CVS replacement for OpenBSD". 6 December 2004. Retrieved 9 October 2018.
- ^ "pkg-config(1)". Retrieved 9 October 2018.
- ^ "OpenBSD Project in Financial Danger". Slashdot. 21 March 2006. Retrieved 12 December 2014.
- ^ "Mozilla Foundation Donates $10K to OpenSSH". Slashdot. 4 April 2006. Retrieved 12 December 2014.
- ^ "GoDaddy.com Donates $10K to Open Source Development Project". The Hosting News. 19 April 2006. Archived from the original on 11 November 2006.
- ^ Beck, Bob (14 January 2014). "Request for Funding our Electricity". openbsd-misc (Mailing list). Retrieved 17 May 2016.
- ^ a b Bright, Peter (20 January 2014). "OpenBSD rescued from unpowered oblivion by $20K bitcoin donation". Ars Technica. Retrieved 20 January 2014.
- ^ "The OpenBSD Foundation 2014 Fundraising Campaign". OpenBSD Foundation. Retrieved 24 May 2014.
- ^ "Announcing - The OpenBSD Foundation". OpenBSD Journal. 26 July 2007. Retrieved 8 May 2014.
- ^ Brodkin, Jon (22 April 2014). "OpenSSL code beyond repair, claims creator of "LibreSSL" fork". Ars Technica. Retrieved 18 August 2021.
- ^ McAllister, Neil (8 July 2015). "Microsoft rains cash on OpenBSD Foundation, becomes top 2015 donor". The Register. Retrieved 27 May 2016.
- ^ "Contributors". OpenBSD Foundation. Retrieved 27 May 2016.
- ^ Vaughan-Nichols, Steven J. "Microsoft becomes OpenBSD's first gold contributor". ZDNet. Retrieved 18 August 2021.
- ^ Mackie, Kurt; 12 November 2018. "Microsoft Now Supports OpenSSH in Windows Server 2019 -- Redmondmag.com". Redmondmag. Retrieved 18 August 2021.
{{cite web}}
: CS1 maint: numeric names: authors list (link) - ^ "Donate to the OpenBSD Foundation". www.openbsdfoundation.org. Retrieved 18 August 2021.
- ^ "OpenBSD Donors".
- ^ "Smartisan Makes Another Iridium Donation to the OpenBSD Foundation". OpenBSD Journal.
- ^ "Anonymous CVS". OpenBSD. Retrieved 13 December 2011.
- ^ "Mirrors". OpenBSD. Retrieved 22 May 2016.
- ^ "Orders". OpenBSD. Archived from the original on 19 December 2011. Retrieved 20 May 2016.
- ^ a b "Packages and Ports". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
- ^ "OpenBSD". mckusick.com. Retrieved 12 December 2014.
- ^ De Raadt, Theo (19 May 1999). "OpenBSD 2.5 Release Announcement". openbsd-announce (Mailing list). Archived from the original on 2 February 2014.
OpenBSD 2.5 introduces the new Cop daemon image done by cartoonist Ty Semeka.
- ^ "OpenBSD 2.7". OpenBSD. Retrieved 22 May 2016.
- ^ Matzan, Jem (1 December 2006). "OpenBSD 4.0 review". Software in Review. Archived from the original on 11 January 2012. Retrieved 13 December 2011.
Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light.
- ^ "Undeadly". Retrieved 9 October 2018.
- ^ "Changes". Archived from the original on 18 October 1997.
- ^ "OpenBSD 2.0". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "OpenBSD 2.8 Changelog". Retrieved 10 August 2021.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Errata". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "p0f". Retrieved 9 October 2018.[permanent dead link ]
- ^ a b c "OpenBSD Innovations". The OpenBSD project. Retrieved 12 September 2016.
- ^ a b c Constantine A. Murenin; Raouf Boutaba (17 March 2009). "6. Evolution of the framework". OpenBSD Hardware Sensors Framework (PDF). AsiaBSDCon 2009 Proceedings, 12–15 March 2009. Tokyo University of Science, Tokyo, Japan (published 14 March 2009). Archived (PDF) from the original on 20 June 2010. Retrieved 4 March 2019. Alt URL
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Federico Biancuzzi (15 April 2004). "OpenBSD PF Developer Interview". ONLamp. O'Reilly Media. Archived from the original on 8 May 2004. Retrieved 20 March 2019.
- ^ Federico Biancuzzi (6 May 2004). "OpenBSD PF Developer Interview, Part 2". ONLamp. O'Reilly Media. Archived from the original on 19 June 2004. Retrieved 20 March 2019.
- ^ "bc(1)". Retrieved 9 October 2018.
- ^ "dc(1)". Retrieved 9 October 2018.
- ^ "nm(1)". Retrieved 9 October 2018.
- ^ "size(1)". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ a b Federico Biancuzzi (28 October 2004). "OpenBSD 3.6 Live". ONLamp. O'Reilly Media. Archived from the original on 29 October 2004. Retrieved 20 March 2019.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Federico Biancuzzi (19 May 2005). "OpenBSD 3.7: The Wizard of OS". ONLamp. O'Reilly Media. Archived from the original on 21 May 2005. Retrieved 20 March 2019.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ de Raadt, Theo. "CVS: cvs.openbsd.org: src". OpenBSD-CVS mailing list.
Removed files: libexec/telnetd
- ^ Federico Biancuzzi (20 October 2005). "OpenBSD 3.8: Hackers of the Lost RAID". ONLamp. O'Reilly Media. Archived from the original on 27 December 2005. Retrieved 20 March 2019.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ a b Federico Biancuzzi (27 April 2006). "OpenBSD 3.9: Blob-Busters Interviewed". ONLamp. O'Reilly Media. Archived from the original on 12 May 2006. Retrieved 19 March 2019.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Federico Biancuzzi (26 October 2006). "OpenBSD 4.0: Pufferix's Adventures". ONLamp. O'Reilly Media. Archived from the original on 10 March 2007. Retrieved 19 March 2019.
- ^ "Errata". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Federico Biancuzzi (3 May 2007). "OpenBSD 4.1: Puffy Strikes Again". ONLamp. O'Reilly Media. Archived from the original on 18 May 2008. Retrieved 19 March 2019.
- ^ Constantine A. Murenin (30 December 2006). Marco Peereboom (ed.). "New two-level sensor API". OpenBSD Journal. Retrieved 4 March 2019.
- ^ Constantine A. Murenin (17 April 2007). "4.3. What we have proposed and implemented". Generalised Interfacing with Microprocessor System Hardware Monitors. Proceedings of 2007 IEEE International Conference on Networking, Sensing and Control, 15–17 April 2007. London, United Kingdom: IEEE. pp. 901–906. doi:10.1109/ICNSC.2007.372901. ISBN 978-1-4244-1076-7. IEEE ICNSC 2007, pp. 901–906.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Federico Biancuzzi (1 November 2007). "Puffy's Marathon: What's New in OpenBSD 4.2". ONLamp. O'Reilly Media. Archived from the original on 13 October 2011. Retrieved 3 March 2019.
- "Puffy's Marathon: What's New in OpenBSD 4.2 - ONLamp.com". OpenBSD Journal.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Federico Biancuzzi (29 April 2008). "Puffy and the Cryptonauts: What's New in OpenBSD 4.3". ONLamp. O'Reilly Media. Archived from the original on 6 May 2008. Retrieved 20 March 2019.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Kurt Miller (2008). "OpenBSD's Position Independent Executable (PIE) Implementation". Archived from the original on 12 June 2011. Retrieved 22 July 2011.
- ^ a b Federico Biancuzzi (3 November 2008). "Source Wars - Return of the Puffy: What's New in OpenBSD 4.4". O'Reilly Media. Archived from the original on 24 May 2012. Retrieved 3 March 2019.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ Federico Biancuzzi (15 June 2009). "PuffyTron recommends OpenBSD 4.5". O'Reilly Media. Archived from the original on 19 June 2009. Retrieved 19 March 2019.
- ^ a b Constantine A. Murenin (21 May 2010). "6.2. Evolution of drivers; Chart VII. Number of drivers using the sensors framework from OpenBSD 3.4 to 4.6.". OpenBSD Hardware Sensors — Environmental Monitoring and Fan Control (MMath thesis). University of Waterloo: UWSpace. hdl:10012/5234. Document ID: ab71498b6b1a60ff817b29d56997a418.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "MARC". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ "MARC". Retrieved 9 October 2018.
- ^ "Release Notes". Retrieved 9 October 2018.
- ^ OpenBSD 6.0. ISBN 978-0-9881561-8-0. Retrieved 24 July 2016.
{{cite book}}
:|website=
ignored (help) - ^ "OpenBSD vax". OpenBSD. Retrieved 2 September 2016.
- ^ "OpenBSD sparc". OpenBSD. Retrieved 2 September 2016.
- ^ "OpenBSD 6.1". OpenBSD. Retrieved 11 April 2017.
- ^ "OpenBSD 6.2". OpenBSD.
- ^ "unveil(2)". OpenBSD. Retrieved 19 October 2018.
- ^ "OpenBSD 6.6". OpenBSD. Retrieved 17 January 2020.
- ^ "OpenBSD 6.7". OpenBSD. Retrieved 21 May 2020.
- ^ "OpenBSD 6.8". OpenBSD. Retrieved 18 October 2020.
- ^ "OpenBSD FAQ". OpenBSD. Retrieved 5 May 2021.
- ^ "OpenBSD 6.9". OpenBSD. Retrieved 2 May 2021.
- ^ a b "OpenBSD 7.0". OpenBSD. Retrieved 15 October 2021.
- ^ "OpenBSD 7.1". OpenBSD. Retrieved 21 April 2022.
- ^ "OpenBSD loongson". Archived from the original on 22 August 2022.
- ^ "OpenBSD 7.2". OpenBSD. Retrieved 20 October 2022.
- ^ "OpenBSD 7.3". OpenBSD. Retrieved 10 April 2023.
- ^ "OpenBSD 7.4". OpenBSD. Retrieved 16 October 2023.
- ^ "OpenBSD 7.5". OpenBSD. Retrieved 9 April 2024.
- ^ "OpenBSD 7.6". OpenBSD. Retrieved 8 October 2024.
External links
[edit]- OpenBSD
- Cryptographic software
- Free software programmed in C
- Lightweight Unix-like systems
- OpenBSD software using the ISC license
- PowerPC operating systems
- Software forks
- Software using the BSD license
- 1996 software
- ARM operating systems
- IA-32 operating systems
- X86-64 operating systems
- Non-profit organizations based in Alberta
- Free software project foundations
- Monolithic kernels