2 min read

Yesterday, the team behind OpenBSD, a Unix-like operating system, announced the release of OpenBSD 6.6. This release has GNU Compiler Collection (GCC) disabled in its base packages for i386 and ARMv7 and expanded LLVM Clang platform support.

OpenBSD 6.6 also features various SMP improvements, improved Linux compatibility with ACPI interfaces, a number of new hardware drivers, and more. It ships with OpenSSH 8.1, LibreSSL 3.0.2, OpenSMTPD 6.6, and other updated packages.

Read also: OpenSSH code gets an update to protect against side-channel attacks

Key updates in OpenBSD 6.6

Unlocked system calls

OpenBSD 6.6 comes with unlocked ‘getrlimit’ and ‘setrlimit’ system calls. These are used for controlling the maximum system resource consumption. There are also unlocked read and write system calls for reading input and writing output respectively.

Improved hardware support

  • OpenBSD 6.6 comes with Linux compatible ACPI interfaces. Also, the ACPI support is enabled in ‘radeon’ and ‘amdgpu’.
  • Time Stamp Counter (TSC) is re-enabled as the default AMD64 time source and TSC synchronization is added for multiprocessor machines.
  • This release supports the cryptographic coprocessor found on newer AMD Ryzen CPUs/APUs.

IEEE 802.11 wireless stack improvements

  • The ifconfig ‘nwflag’ is now repaired. A new stayauth ‘nwflag’ is added, which you can set to ignore deauth frames to prevent your system from a spoofing attack.
  • Support for 802.11n Tx aggregation is added to net80211 and the ‘iwn’ driver.
  • Starting with OpenBSD 6.6, all wireless drives submit a batch of received packets to the network stack during one interrupt, instead of submitting them individually.

Security improvements

  • The unveil command is updated to improve application behavior when encountering hidden filesystem paths.
  • OpenBSD 6.6 has improved mitigations against a number of vulnerabilities including Spectre side-channel vulnerability in Intel CPUs and Intel’s Microarchitectural Data Sampling vulnerability.
  • This release introduces ‘malloc_conceal’ and ‘calloc_conceal’, which return the memory in pages marked ‘MAP_CONCEAL’ and call ‘freezero’ on ‘free’.

Read also: Seven new Spectre and Meltdown attacks found

In a discussion on Hacker News, many users expressed their excitement. A user commented, “Just keeps getting better and better every release. I wish they would add an easy encryption option in the installer. You can enable full-disk encryption, but you have to mess with the bioctl settings, which potentially scares off new users.

A few users also had some doubt that why this release has U2F support and Bluetooth disabled for security. A user explained, “I’m not sure why U2F would be “disabled for security”. I guess it’s just that nobody has implemented all the required things. For the USB tokens, you need userspace USB HID access and hotplug notifications. I did that in Firefox for FreeBSD.

These were some of the updates in OpenBSD 6.6. Check out the official announcement to know more.

Read Next

OpenBSD 6.4 released

OpenSSH code gets an update to protect against side-channel attacks

OpenSSH 8.0 released; addresses SCP vulnerability and new SSH additions