Date: 11/04/2006 20:36:55 From: Geert Hendrickx To: netbsd-announce@NetBSD.org Subject: Announcing the release of NetBSD 3.1 and NetBSD 3.0.2 The NetBSD Project is pleased to announce that versions 3.0.2 and 3.1 of the NetBSD operating system are now available in both source and binary form. About NetBSD 3.0.2 and 3.1 -------------------------- NetBSD 3.0.2 is the second security/critical update of the NetBSD 3.0 release branch. This represents a selected subset of fixes deemed critical in nature for stability or security reasons. NetBSD 3.1 includes the same fixes but also provides new features like general bug fixes, new drivers and other enhancements. Complete source and binaries for NetBSD 3.0.2 and 3.1 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services is provided at the end of this announcement; the latest list of available download sites may also be found at: http://www.NetBSD.org/mirrors/ We encourage users who wish to install via a CD-ROM ISO image to download via BitTorrent by using the torrent files supplied in the ISO image area. BitTorrent has recently been added to the list of distribution mechanisms and its use is strongly encouraged to help keep bandwidth available. Major Changes Between 3.0.1 and 3.0.2 ------------------------------------- The complete list of changes can be found in the CHANGES-3.0.2 file in the top level directory of the NetBSD 3.0.2 release tree. A summary list of changes is as follows: Kernel o Avoid a panic in page fault handling that could occur under low-memory conditions. Networking o Changed the default sshd_config(5) to enable SSH version 2 only. o Don't accept TCP connections to broadcast addresses. File system o Fixed race condition in NFS renaming that could cause the renamed file to be deleted. Libraries o When a user is created, initialize the string of secondary groups to avoid it containing garbage when none is added. Security o Fixed a buffer overflow in the in-kernel PPP code share by ISDN PPP interfaces ippp(4) and pppoe(4) (SA2006-019). o X11: fixed an integer overflow in FreeType (SA2006-020). o Fixed a potential DoS attack with sendmail(8) (SA2006-017). o Fixed a DoS vulnerability in BIND (SA2006-022). o Fixed a RSA signature forgery in openssl(1) (SA2006-023). o X11: fixed a vulnerability in Adobe Type 1 font handling (SA2006-021). o Fixed a number of DoS vulnerabilities in openssl(1) (SA in prepara- tion, CVE entries: 2006-2937, 2940, 3738 and 4343). o Fixed a number of DoS vulnerabilities in sshd(8) (SA in preparation, CVE entries: 2006-4924 and 5051). Miscellaneous o Fixed cross-building from hosts using GCC 4.x. amd64 specific o Make sure that the system reboots after a panic instead of halting. sparc specific o Disabled threading in named(8) on sparc and sparc64 to avoid a crash. mac68k specific o sysinst now newfs'es and mounts the target filesystem(s). Major Changes Between 3.0 and 3.1 --------------------------------- The complete list of changes can be found in the CHANGES-3.1 file in the top level directory of the NetBSD 3.1 release tree. A summary list of changes is as follows: Supported devices o brgphy(4): added support for BCM5714 and BCM5780 PHY's. o Added iteide(4): driver for ITE 8212 IDE controller. o Added SpeedStep support for the Pentium M 710, 730, 740, 750, 760 and 770 CPU's. o Added support for nForce430 ATA133 and SATA controllers. o pdcsata(4): Added support for Promise PDC2057x, PDC20771, PDC20775, PDC40518 and PDC40718 SATA Controllers. o ums(4): Added support for Apple's "Mighty Mouse", and USB mice with more than 7 buttons o agp(4): Added support for Intel i915 chipset integrated graphics. o pchb(4): Added support for Intel i925X, i945G/P and i955X hardware RNG's. o Added ciss(4): driver for the Command Interface SCSI-3 Support implemented by recent HP/Compaq Smart Array RAID controllers. o Added nfe(4): driver for NVIDIA nForce MCP Ethernet. o Added svwsata(4): driver for Serverworks K2, Frodo4, Frodo8 and HT-1000 SATA controllers. o sk(4): added support for the DLink DGE-530T and DGE-560T Gigabit Ethernet adapters. o bge(4): added support for BCM5714, BCM5715, BCM5780/HT-2000 and BCM5752 chip variants. o wi(4): added support for Siemens SS1021 WLAN. o Added twa(4): driver for the 3ware Apache RAID controllers. o viaide(4): added support for nForce3 250 SATA controllers. o hptide(4): added support for HPT368 IDE controller. Networking o Enabled SSL support in BIND. o A second dhclient(8) instance now exists gracefully instead of leaving the system in a broken state. o Removed the date from the dhclient(8) generated resolv.conf(5) file, since changes to this file are tracked by /etc/security. o Changed the default sshd_config(5) to enable SSH version 2 only. o Don't accept TCP connections to broadcast addresses. File system o The stability of the LFS file system has been vastly improved. o Added scan_ffs(8) from OpenBSD (modified to also support FFSv2 and LFS), a utility to recover lost disklabels. o Write performance of large files to msdos filesystems has been improved. o We now drop into single-user mode when /etc/rc.d/fsck is interrupted by ^C at boot-time. Libraries o Password aging works again. Security o Fixed a denial of service vulnerability in sendmail when handling malformed multipart MIME messages (SA2006-017). o Fixed a buffer overflow in the in-kernel PPP code share by ISDN PPP interfaces ippp(4) and pppoe(4) (SA2006-019). o X11: fixed an integer overflow in FreeType (SA2006-020). o Fixed a potential DoS attack with sendmail(8) (SA2006-017). o Fixed a DoS vulnerability in BIND (SA2006-022). o Fixed a RSA signature forgery in openssl(1) (SA2006-023). o X11: fixed a vulnerability in Adobe Type 1 font handling (SA2006-021). o Fixed a number of DoS vulnerabilities in openssl(1) (SA in prepara- tion, CVE entries: 2006-2937, 2940, 3738 and 4343). o Fixed a number of DoS vulnerabilities in sshd(8) (SA in preparation, CVE entries: 2006-4924 and 5051). Miscellaneous o Various RAIDframe bugfixes. o Updated Postfix to 2.2.11. o Updated BIND to 9.3.2. o Added ex(1) to /rescue. o Fixed some special case expansions in sh(1). o Fixed cross-building from hosts using GCC 4.x. o Many, many more additions, improvements and bug fixes. alpha specific o Support booting from FFSv2 filesystems. amd64 specific o Make sure that the system reboots after a panic instead of halting. mac68k specific o sysinst now newfs'es and mounts the target filesystem(s). sparc specific o Disabled threading in named(8) on sparc and sparc64 to avoid a crash. xen specific o Added Xen-3 domU support. o Renamed XEN kernel config files to be more consistent: XEN2_DOM0, XEN2_DOMU, XEN3_DOMU, INSTALL_XEN2_DOMU and INSTALL_XEN3_DOMU. Please note that at the moment, sysinst will not assist you in installing pre-built third-party binary packages or the pkgsrc system itself. See the NetBSD packages collection documentation: http://www.NetBSD.org/Documentation/software/packages.html About NetBSD ------------ NetBSD is a general-purpose Open Source operating system that provides interfaces for running a wide range of applications on a big number of different hardware platforms, all from one source tree. Applications can range from proprietary closed source applications to Open Source software, covering desktop environments, database servers, firewalls, routers, embedded appliances and many more, all made available easily through pkgsrc, the NetBSD Packages Collection, which currently contains over 6.300 packages. Picking up its ancestry from the Berkeley Networking Release 2 (Net/2), 4.4BSD-lite and 4.4BSD-Lite2, the NetBSD project continues to provide its application platform on a wide range of hardware platforms - not only vintage hardware, but also modern desktop and server hardware with Intel and AMD Opteron CPUs as well as embedded systems with MIPS, PowerPC, Super-H, ARM and Xscale CPUs. More recently, NetBSD was also ported to "virtual" hardware provided by the Xen machine monitor. Today, NetBSD runs on 54 different system architectures featuring 17 machine architectures across 17 distinct CPU families, all from a single source tree. In addition, the system offers cross compiling for the kernel, userland and the X Window system. More information on the goals of the NetBSD Project can be procured from the NetBSD web site at: http://www.NetBSD.org/Goals/ NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and web site. Commercial support is available from a variety of sources; some are listed at: http://www.NetBSD.org/gallery/consultants.html More extensive information on NetBSD is available from the NetBSD web site: http://www.NetBSD.org/ NetBSD is the work of a diverse group of people spread around the world. The `Net' in our name is a tribute to the Internet, which enables us to communicate and share code, and without which the project would not exist. Acknowledgments --------------- The NetBSD Foundation would like to thank all those who have contributed code, hardware, documentation, funds, colocation for our servers, web pages and other documentation, release engineering, and other resources over the years. More information on the people who make NetBSD happen is available at: http://www.NetBSD.org/People/ We would like to especially thank the University of California at Berkeley and the GNU Project for particularly large subsets of code that we use. We would also like to thank the Internet Software Consortium and the Helsinki University of Technology for current colocation services. About the NetBSD Foundation --------------------------- The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers. As a non-profit organisation with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Donations can be done via PayPal (paypal@NetBSD.org) and are fully tax- deductible in the US. If you would prefer not to use PayPal, or would like to make other arrangements, please contact . NetBSD mirror sites ------------------- Please use a mirror site close to you. * FTP - http://www.NetBSD.org/mirrors/#ftp * ISO images - http://www.NetBSD.org/mirrors/#iso * Anonymous CVS - http://www.NetBSD.org/mirrors/#anoncvs * BitTorrent - http://www.NetBSD.org/mirrors/#bittorrent * SUP - http://www.NetBSD.org/mirrors/#sup * CVSup - http://www.NetBSD.org/mirrors/#cvsup * rsync - http://www.NetBSD.org/mirrors/#rsync * AFS - http://www.NetBSD.org/mirrors/#afs * NFS - http://www.NetBSD.org/mirrors/#nfs Please also note our list of CD-ROM vendors. http://www.NetBSD.org/Sites/cdroms.html