Published : 2014-05-02

OpenBSD 5.5

A new OpenBSD release is published every six months.

OpenBSD focuses on security and networking; its main strengths include stability (thanks to source audits) and a broad set of networking features.

Highlights

Installer improvements

The installer now supports automated installation (autoinstall), which allows network-based unattended installs or upgrades using an answer file served via HTTP (specified via DHCP next-server). This works for netboot and CD-based installs.

64-bit time_t

The traditional time_t 32-bit limitation will overflow on 2038-01-19. The OpenBSD team has undertaken an extensive effort to convert time_t to 64 bits, update included programs, and audit/patch ports.

Packet Filter

  • pf gains a new queueing system for QoS.
  • The received-on parameter accepts any to match all non-loopback interfaces.
  • The default block policy in the base pf.conf is now block return.

Security

  • Packages and the release are now cryptographically signed using signify.
  • relayd supports Perfect Forward Secrecy with ECDHE by default.
  • The random number generator is initialized by the bootloader.
  • The kernel stack protector is also initialized by the bootloader.

Networking

  • VxLAN support added
  • Improved checksum offload handling (TCP/UDP/ICMP)
  • IPv6 routing domain support enabled (ping6, traceroute6, etc.)
  • tcpdump can now detect incorrect checksums for ICMP and ICMPv6
  • Various dhclient and dhcpd improvements

Performance

  • Improvements were made in the interaction between buffer cache and the swap daemon.

Packages

The release includes many updated packages; see the full changelog for details.

Some notable versions shipped with OpenBSD 5.5 included:

  • GNOME 3.10.2
  • KDE 4.11.5
  • PostgreSQL 9.3.2
  • Postfix 2.11
  • PHP 5.4.24
  • Firefox 26
  • OpenSSH 6.6
  • OpenSMTPd 5.4.2

Drivers

  • VMware VMXNET3 virtual NIC support
  • VMware Paravirtual SCSI controller support
  • virtio SCSI controller support
  • virtio random device support
  • Support for Broadcom trackpads found in recent MacBooks
  • KMS now supports DisplayPort outputs
  • Added the tmpfs filesystem
  • Multiple improvements landed in the FUSE layer

Hardware platforms

  • alpha: multiprocessor support
  • aviion: AViiON processor support
  • armv7: replaces Beagle platform support

LibreSSL and Heartbleed

Although OpenBSD 5.5 shipped during the LibreSSL fork period, the release itself was finalized before the OpenSSL flaw was patched in the distributed tree. After upgrading or installing, you should therefore apply the OpenBSD libssl patch for 5.5.

Upgrading to OpenBSD 5.5

To upgrade to 5.5, you should already be running OpenBSD 5.4. Then perform the following steps:

  • Boot from the OpenBSD 5.5 installation CD or PXE image and choose upgrade
  • Reboot
  • Mount the installation media on the upgraded system
  • Merge configuration files with sysmerge
sysmerge -Ss /mnt/5.5/amd64/etc55.tar.gz

Then clean obsolete files from the system:

rm -f /usr/libexec/identd
rm -f /usr/lib/libcompat.a /usr/lib/libcompat_p.a
rm -f /usr/include/{re_comp,regexp,sgtty,sys/timeb}.h
rm -f /usr/share/man/man3/{re_comp,re_exec,rexec,regexp}.3
rm -f /usr/share/man/man3/{cuserid,ftime,gtty,setrgid,setruid,stty}.3
rm -f /etc/rc.d/popa3d
rm -f /usr/bin/{crunchgen,nawk}
rm -f /usr/sbin/{iopctl,popa3d}
rm -f /usr/share/man/man8/{iopctl,popa3d}.8
rm -rf /usr/X11R6/include/freetype2/freetype
rm -f /usr/X11R6/include/ft2build.h
rm -f /usr/mdec/installboot
rm -f /usr/share/man/man8/{amd64,i386}/installboot.8
rm -f /var/account/acct
rm -f /var/games/tetris.scores

mv /etc/nsd.conf /var/nsd/etc/nsd.conf
cd /usr/sbin && rm nsd-notify nsd-patch nsd-xfer nsd-zonec nsdc
cd /usr/share/man/man8 && rm nsd-notify.8 nsd-patch.8 nsd-xfer.8 \
  nsd-zonec.8 nsdc.8
chown _nsd /var/nsd/db/nsd.db
printf '\nremote-control:\n\tcontrol-enable: yes\n' >> /var/nsd/etc/nsd.conf

Login problems after upgrade

After upgrading, if your shell is zsh you may be disconnected immediately after authentication. To fix that, boot into single-user mode (boot -s from the bootloader), remount / read-write, start networking, and update zsh:

mount -rw /
sh /etc/netstart
export PKG_PATH="http://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64/"
pkg_add -u zsh