*BSD news from the past

Bron: [url=http://www.webwereld.nl]Webwereld.nl[/url]

In Europa zijn er voor het eerst meer mensen die gebruikmaken van dsl dan van de kabel voor internet. Ook het totaal aantal breedbandabonnees blijft stijgen.
Volgens recent onderzoek van de Nationale Telecom Monitor zijn er in Nederland ongeveer 900.000 huishoudens die gebruik maken van dsl of kabel.

[url=http://www.webwereld.nl/nieuws/12598.phtml]Het hele artikel[/url]

Een paar dagen terug deelde Bruce A. Mak mede dat RC 1 beschikbaar is.
Dit is de laatste release voor de final die gepland staat voor 1 oktober

De mail van Bruce
[quote]From: Bruce A. Mah
To: freebsd-stable‚ freebsd-qa
Subject: FreeBSD 4.7-RC1
Date: Thu‚ 19 Sep 2002 10:03:29 -0700

FreeBSD 4.7-RC1 (the first release candidate for FreeBSD 4.7) is now
available for the i386 architecture from the usual FTP sites. Both an
FTP site and a “miniinst” ISO image are available‚ respectively from:

ftp:///pub/FreeBSD/releases/i386/4.7-RC1/
ftp:///pub/FreeBSD/releases/i386/ISO-IMAGES/4.7/

No packages are available for this snapshot‚ due to some
recently-discovered problems with our package support. These will be
resolved in time for the 4.7-RC2 snapshot.

We invite interested users to try out the release candidates and
provide feedback (via the qa@ list) on issues to be fixed before
4.7-RELEASE‚ currently scheduled for 1 October 2002. At least one
(possibly two) more release candidate snapshots will be uploaded
before the final release.

Before reporting problems‚ please check the QA page for this
release-in-progress‚ to make sure that a problem has not already been
encountered:

http://www.freebsd.org/releases/4.7R/qa.html

FreeBSD 4.7-RC1 for the alpha architecture is currently being uploaded
and should be available shortly.

Thanks in advance for your feedback!

Bruce A. Mah
(for the Release Engineering team)[/quote]

Bron: [url=http://www.webwereld.nl/]Webwereld[/url]

De smiley is twintig jaar oud. Het teken : – ) wordt inmiddels door vele internetters en mobiele bellers in hun berichten gebruikt.
Volgens een onderzoeker van Microsoft is de eerste smiley op 19 september 1982 gebruikt door ene Scott Fahlman. De onderzoeker kwam tot deze conclusie na uitgebreid onderzoek in de digitale archieven van de Carnegie Mellon universiteit.

[url=http://www.webwereld.nl/nieuws/12485.phtml]Lees het artikel[/url]

Het NetBSD project heeft een aantal security advisories gepubliceerd‚ waarvan sommige alleen updates zijn.
[quote]With the release of NetBSD 1.6‚ the NetBSD project is publishing a batch of Security Advisories (some of which are updates)‚ as follows:

* 2002-006 buffer overrun in libc/libresolv DNS resolver
x 2002-007 Repeated TIOCSCTTY ioctl can corrupt session hold counts
*x 2002-009 Multiple vulnerabilities in OpenSSL code
*x 2002-010 symlink race in pppd
*x 2002-011 Sun RPC XDR decoder contains buffer overflow
x 2002-012 buffer overrun in setlocale
x 2002-013 Bug in NFS server code allows remote denial of service
x 2002-014 fd_set overrun in mbone tools and pppd
x 2002-017 shutdown(s‚ SHUT_RD) on TCP socket does not work as intended
x+ 2002-018 Multiple security isses with kfd daemon

(*) reissue (x) affects 1.5.3 (+) affects 1.6

These advisories involve bugs in libc (affecting static binaries)‚ as well as the kernel. A full system rebuild is recommended to collectively address all of these issues‚ but please make sure to read through all of the advisories in case specific issues affect your system.

Because of the extensive rebuild required‚ the NetBSD 1.6 release was delayed in order to include fixes for as many of these issues as possible‚ so as to provide binary release users with an easy upgrade path.

Readers will note that there are some gaps in the above numbering. These pending advisories involve third parties‚ and are awaiting disclosure co-ordination‚ so we cannot publish them at this time. However‚ they are fixed in NetBSD 1.6.

Unfortunately‚ the recent 1.5.3 release was affected by most of these issues. Unlike NetBSD 1.6‚ the 1.5 branch cannot be automatically cross-built to release‚ and so any updated binary release from the 1.5 tree will take considerable time and developer effort.

Therefore:

* The recommended cumulative fix for pre-1.6 systems is to upgrade to NetBSD 1.6.
* Users who cannot upgrade to 1.6 are recommended to update to the most recent sources on the NetBSD-1.5 branch‚ via anoncvs‚ and rebuild from there.
* Users of NetBSD-current should upgrade to source more recent than September 11‚ 2002‚ and rebuild the kernel and all userland.

Having updated the base NetBSD distribution via one of the above‚ the following steps are necessary for all users:

* Recompile statically-linked binaries from pkgsrc‚ or custom builds (for 2002-006)
* Remove any shared libraries with older major numbers. (2002-006)
* Remove any shared libraries for OS emulation under /emul‚ unless you are sure it has no security vulnerabilities. (2002-006)
* Follow instructions in 2002-018
[/quote]

Bron: [url=http://bsd.slashdot.org/bsd/02/09/16/1855253.shtml?tid=152]Slashdot[/url]

NVIDIA komt met officiele FreeBSD drivers !!
Lees de post [url=http://bsd.slashdot.org/bsd/02/09/16/1855253.shtml?tid=152]slashdot[/url] en de [url=http://nvidia.netexplorer.org/news.html]announcement[/url] van [url=http://nvidia.netexplorer.org/]The FreeBSD NVIDIA Driver Initiative[/url].

Quote uit de announcement:
[quote]
We’re once again waiting for NVIDIA. There really isn’t anything we can do‚ and there will be no further non-official driver releases (in other words‚ the next driver you will see will come straight from NVIDIA).
[/quote]

Er is een security lek gevonden in libkvm.
[quote]
[b]FreeBSD-SA-02:39.libkvm: “Applications using libkvm may leak sensitive descriptors”[/b]

FreeBSD-SA-02:39.libkvm Security Advisory
The FreeBSD Project

Topic: Applications using libkvm may leak sensitive descriptors

Category: core
Module: libkvm
Announced: 2002-09-16
Credits: David Endler ‚

Affects: All releases prior to and including 4.6.2-RELEASE.
Security branch releases prior to 4.4-RELEASE-p27‚
4.5-RELEASE-p20‚ and 4.6.2-RELEASE-p2.
Corrected: 2002-09-13 14:53:43 UTC (RELENG_4)
2002-09-13 15:04:22 UTC (RELENG_4_6)
2002-09-13 15:07:26 UTC (RELENG_4_5)
2002-09-13 15:09:07 UTC (RELENG_4_4)
FreeBSD only: NO

I. Background

The kvm(3) library provides a uniform interface for accessing kernel
virtual memory images‚ including live systems and crash dumps. Access
to live systems is via /dev/ mem and /dev/ kmem. Memory can be read and written‚ kernel symbol addresses can be looked up efficiently‚ and
information about user processes can be gathered.

The kvm_openfiles(3) function opens the special device files /dev/ mem
and /dev/ kmem‚ and returns an opaque handle that must be passed
to the other library functions.

II. Problem Description

Applications that wish to present system information such as swap
utilization‚ virtual memory utilization‚ CPU utilization‚ and
so on may use the kvm(3) library to read kernel memory directly
and gather this information. Such applications typically must
be run set-group-ID kmem so that the call to kvm_openfiles(3)
can access /dev/ mem and /dev/kmem.
If the application then uses exec(2) to start another application‚
the new application will continue to have open file descriptors to
/dev/ mem and /dev/kmem. This is usually avoided by marking file
descriptors as close-on-exec‚ but since the handle returned by
kvm_openfiles(3) is opaque‚ there is no direct way for the application
to determine what file descriptors have been opened by the library.
As a result‚ application writers may neglect to take these file
descriptors into account.

III. Impact

Set-group-ID kmem applications which use kvm(3) and start other
applications may leak /dev/ mem and /dev/kmem file descriptors. If
those applications can be specified by a local user‚ they may be
used to read kernel memory‚ resulting in disclosure of sensitive
information such as file‚ network‚ and tty buffers‚ authentication
tokens‚ and so on.

Several applications in the FreeBSD Ports Collection were identified
that are affected: asmon‚ ascpu‚ bubblemon‚ wmmon‚ and wmnet2. There
may be other applications as well.

IV. Workaround

Remove the set-group-ID bit on affected applications. This will
result in the applications losing some functionality.

V. Solution

Do one of the following:

1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6‚
RELENG_4_5‚ or RELENG_4_4 security branch dated after the correction
date (4.6.2-RELEASE-p2‚ 4.5-RELEASE-p20‚ or 4.4-RELEASE-p27).

2) To patch your present system:

The following patch has been verified to apply to FreeBSD 4.4‚ FreeBSD
4.5‚ FreeBSD 4.6‚ and FreeBSD 4.6.2 systems.

a) Download the relevant patch from the location below‚ and verify the
detached PGP signature using your PGP utility.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch # cd /usr/src/lib/libkvm # make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- src/lib/libkvm/kvm.c RELENG_4 1.12.2.3 RELENG_4_6 1.12.2.2.8.1 RELENG_4_5 1.12.2.2.6.1 RELENG_4_4 1.12.2.2.4.1 src/sys/conf/newvers.sh RELENG_4_6 1.44.2.23.2.19 RELENG_4_5 1.44.2.20.2.21 RELENG_4_4 1.44.2.17.2.26 - ------------------------------------------------------------------------- [/quote]

Na een aantal RC’s is hij er dan eindelijk de nieuwe versie van NetBSD.

Hieronder de belangrijkste veranderingen sinds 1.5
[quote]
Major Changes Between 1.5 and 1.6
It is difficult to completely summarize the extensive development between the 1.5 and 1.6 releases. Some highlights include:

Kernel

* Ports to new platforms including: algor‚ dreamcast‚ evbarm‚ hpcarm‚ hpcsh‚ newsmips‚ sandpoint‚ sgimips‚ sun2‚ and walnut.
* Unified Buffer Cache (UBC) removes size restriction of the file system’s buffer cache to use all available RAM (if not otherwise used!) and improves overall system performance.
* Round-robin page colouring implemented for various ports for better cache utilisation‚ more deterministic run-time behaviour‚ and faster program execution.
* A rewritten SCSI middle layer to provide a cleaner interface between the different kernel layers‚ including a kernel thread to handle error recovery outside of the interrupt context. See scsipi(9).
* A new pipe implementation with significantly higher performance due to lower overheads‚ which uses the UVM Page Loan facility.
* Linux binary emulation has been greatly improved with the addition of arm‚ alpha‚ m68k and powerpc support‚ and now supports kernel version 2.4.18.
* Booting from RAIDframe devices is now supported on some ports.
* New boot loader flags -v (bootverbose) and -q (bootquiet)‚ to be used by kernel code to optionally print information during boot.
* An in-kernel boot time device configuration manager userconf(4)‚ activated with the -c boot loader flag.
* A work-in-progress snapshot of ACPI support‚ based on the 20010831 snapshot of the Intel ACPICA reference implementation.
* USB 2.0 support‚ in the form of a preliminary driver for the ehci(4) host controller.
* Basic kernel support for IrDA in the form of the irframe(4) IrDA frame level driver. Serial dongles and the oboe(4) driver are currently supported.
* Kernel configuration files can be embedded into the kernel for later retrieval. Refer to INCLUDE_CONFIG_FILE in options(4) for more information.
* Many more kernel tunable variables added to sysctl(8).

Networking

* Hardware assisted IPv4 TCP and UDP checksumming and caching of the IPv6 TCP pseudo header. Support for checksum offloading on the DP83820 Gigabit Ethernet‚ 3Com 3c90xB‚ 3Com 3c90xC‚ and Alteon Tigon/Tigon2 Gigabit Ethernet cards.
* Zero-Copy for TCP and UDP transmit path achieved through page loaning code for sosend().
* In-kernel ISDN support‚ from the ISDN4BSD project.
* 802.1Q VLAN (virtual LAN) support. See vlan(4).
* IPFilter now supports IPv6 filtering.
* ndbootd(8) added; used to netboot NetBSD/sun2 machines.
* racoon(8) added; IKE key management daemon for IPsec key negotiation‚ from the KAME project.
* WEP encryption supported in ifconfig(8) and awi(4) driver.
* wi(4) and wiconfig(8) now support scanning for access points‚ and defaults to BSS instead of ad-hoc mode.
* Bridging support; currently only for ethernet. See bridge(4).
* In-kernel PPP over Ethernet (PPPoE) – RFC 2516‚ with much lower overhead than user-land PPPoE clients. See pppoe(4).
* ifwatchd(8) added; invokes up-script and down-script when a network interface goes up and down. Used by pppoe(4).

File Systems

* Enhanced stability of LFS version 2‚ the BSD log-structured file system.
* dump(8)‚ dumpfs(8)‚ fsck_ffs(8)‚ fsirand(8)‚ newfs(8)‚ and tunefs(8) support a -F option to manipulate file system images in regular files.
* makefs(8) added; creates file system images from a directory tree. (Currently ffs only.)
* Enhanced ffs_dirpref() by Grigoriy Orlov‚ which noticeably improves performance on FFS file systems when creating directories‚ and subsequently manipulating them.
* Fixes for free block tracking and directory block allocation in FFS softdeps.
* Correctly support FFS file systems with a large number of cylinder groups.
* Fix the endian independant FFS (FFS_EI) support.
* newfs(8) calculates default block size from the file system size‚ and uses the largest possible cylinders/group (cpg) value if -c isn’t given.
* dpti(4) driver added; an implementation of the DPT/Adaptec SCSI/I2O RAID management interface. Allows the use of the Linux versions of dptmgr‚ raidutil‚ dptelog‚ (etc).
* Support for Windows 2000 ‘NTFS’ (NTFS5‚ read-only).
* Tagged queueing support for SCSI drivers based on the ncr53c9x controller.

Security

* Addition of a chroot(8) hierarchy for services including named(8)‚ ntpd(8)‚ and sshd(8).
* Additional passwd(5) ciphers: MD5‚ and DES with more encryption rounds. See passwd.conf(5).
* Several more code audits were performed.
* /etc/security performs many more checks and is far more flexible in how it monitors changes. See security.conf(5).

System administration and user tools

* sushi(8) added; a menu based system administration tool.
* pgrep(1) and pkill(1) added; find or signal processes by name or other attributes.
* System upgrades are made easier through the etcupdate(8) script which helps updating the /etc config files interactively‚ and the /etc/postinstall script which is provided to check for or fix configuration changes that have occurred in NetBSD.
* stat(1) added; a user interface to the information returned by the stat(2) system call.
* BSD sort(1) replaces GNU sort(1).
* The “stop” operation for rc.d(8) scripts waits until the service terminates before returning. This improves the reliability of “restart” operations as well.
* Swap devices can be removed at system shutdown by enabling swapoff in rc.conf(5).
* An optional watchdog timer which will terminate rc.shutdown(8) after the number of seconds provided in rcshutdown_timeout from rc.conf(5).

Miscellaneous

* Support for multibyte LC_CTYPE locales has been integrated from the Citrus project. Many Chinese‚ Japanese‚ Korean‚ and other encodings are now available.
* Full support for cross-compilation of the base system‚ even as a non-root user! src/build.sh is available for doing arbitrary cross-builds; see src/BUILDING for more information. At least 38 ports for the NetBSD 1.6 release were cross-built on a NetBSD/i386 system using this mechanism.
* Migrated the following CPU platforms to ELF: arm‚ and m68k (including amiga‚ hp300‚ mac68k‚ mvme68k‚ sun2‚ and x68k).
* Updates of most third party packages that are shipped in the base system to the following latest stable releases:

– amd 6.0.6 – BIND 8.3.3 – binutils 2.11.2 – bzip2 1.0.2 – cvs 1.11 – dhcp 3.0.1rc9 – file 3.38 – gcc 2.95.3 – groff 1.16.1 – Heimdal 0.4e – IPfilter 3.4.27 – kerberos4 1.1 – ksh from pdksh 5.2.14p2 – less 374 – nvi 1.79 – OpenSSH 3.4 – OpenSSL 0.9.6g – Postfix 1.1.11 – ppp 2.4.0 – routed 2.24 – sendmail 8.11.6 – tcpdump 3.7.1 – XFree86 4.2.0 (i386 only)
* Many new packages in The NetBSD packages collection‚ including the latest open source desktop KDE3‚ OpenOffice.org‚ as well as the latest Perl‚ Apache and many more. At the time of writing‚ there are over 3000 third party packages available in pkgsrc.
* Added AGP GART driver agp(4) for faster access to graphics boards.
* init(8) will create an mfs (memory based file system) /dev if /dev/console is missing.
* vmstat(8) displays kernel hash statistics with -H and -h hash.
* wscons(4) supports blanking of VGA consoles.[/quote]

Bron: [url=http://www.webwereld.nl]Webwereld[/url]

Kabelbedrijven als UPC en Essent hebben afspraken gemaakt over de openstelling van hun netwerken voor concurrerende internetaanbieders.
De overeenstemming – die behalve voor internet ook gevolgen heeft voor televisie – zou betekenen dat toegang tot de kabel goedkoper wordt voor internetaanbieders. Casema en vooral Essent pleiten al tijden voor concurrentie op de kabel.

[url=http://www.webwereld.nl/nieuws/12372.phtml]Lees het hele artikel[/url]

Bron: [url=http://www.trojanproof.org/]Trojanproof.org[/url]

Deze [url=http://www.trojanproof.org]site[/url] bevat een aantal patches voor de FreeBSD 4.6‚ FreeBSD 4.6.2 en de OpenBSD 3.1 kernel. De TrojanXproof Anti-Trojan en de Trojan Detection kernel patch zijn vrij verkrijgbaar‚ ze zijn worden niet officieel ondersteund door FreeBSD of OpenBSD dus let daar op!

Sinds gisteravond zijn we van de webis server verhuist naar de server van [url=http://www.sebatech.net]Sebatech[/url]. Dit brengt met zich mee dat de site een stukje sneller is geworden voor de breedbanders onder ons
Dank u Sebatech!!

We wensen jullie nog veel *BSD plezier!!