• Security: prevent kernel panics via userland requests from kqueue, a random number generator update to prevent weak cryptographic keys and a vulnerability in grep.
• Networking: many updates to NetBSD's new packet filter npf, and improved SMP operations.
• Embedded: Raspberry Pi now has working USB and ethernet, support for the watchdog timer in some Marvell SoCs, fixes to the Kirkwood IRQ code
• Platforms: device driver for Hydra and ASDG Zorro2 bus network cards on Amiga, x68k's bootloader can now boot from CD and network, and dtrace support on amd64.
• Drivers: add LSI Thunderbolt (SAS2208) controllers, Apple's Thunderbolt to Gigabit Ethernet adapter, and improve stability with multiple concurrent file system snapshots.

• Improving network stack concurrency and performance.
• Development of modern file systems and improvement of existing ones.
• Features which are useful in embedded environments, such as high resolution timers and execute in place (XIP) support.
• Automatic testing and quality assurance.

Please help us test this release candidate as much as possible. Remember, any feedback is good feedback. We'd love to hear from you, whether you've got a complaint or a compliment. That said, we hope your feedback is positive, as we would like this to be the final release candidate before 5.1. ''

[Tags: releases]

Please help us test this and any upcoming release candidates as much as possible. Remember, any feedback is good feedback. We'd love to hear from you, whether you've got a complaint or a compliment. ''

[Tags: releases]

Some details on the benchmarks:

• hackbench IRC server simulation:
  

• sysbench: MySQL OLTP simluation:
  

• build.sh: Compile benchmark:
  

In addition to scalability and performance improvements, a significant number of major features have been added. Some highlights are: a preview of metadata journaling for FFS file systems (known as WAPBL), the jemalloc memory allocator, X.Org instead of XFree86 on a number of ports, the Power Management Framework, ACPI suspend/resume support on many laptops, write support for UDF file systems, the Automated Testing Framework, the Runnable Userspace Meta Program framework, Xen 3.3 support for both i386 and amd64, POSIX message queues and asynchronous I/O, and many new hardware device drivers. For all the details, see the full release notes. ''

Citing from the release announcement, ``ISO images can be downloaded using BitTorrent, and we encourage users who wish to install via ISO images to take advantage of this, as the images are very well seeded at http://www.NetBSD.org/mirrors/torrents/

Complete source and binaries for NetBSD 5.0 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at: http://www.NetBSD.org/mirrors/

We are very grateful to all of those who donated during the 2007 fund drive, which brought us many of the great advances found in 5.0. For more information on how you can help NetBSD, see http://www.NetBSD.org/donations/'' See the NetBSD 5.0 release announcement for more details.

[Tags: releases]

As always, we want your feedback. This time, we are especially interested in hearing from people who are using NFS.''

[Tags: releases]

Thanks for all the help and feedback so far. Please keep it up! ''

Happy Birthday, NetBSD!

[Tags: releases]

Probably the two most significant improvements in NetBSD 5.0 will be journalling for UFS (nore more fsck, yai!) and the move from XFree to X.org. Download now, or have a look at the changes in 5.0 if you need more reasons to check it out.

While talking about NetBSD 5, Izumi Tsutsui has updated his Restore CD for MIPS based Cobalt machines, see his email to the port-cobalt@ list for more details.

[Tags: cobalt, journaling, mips, releases, ufs, xfree, xorg]

• Jared McNeill has introduced pulseaudio to pkgsrc, which is a huge boost, giving pkgsrc the benefits of one of the best audio systems
• our GNOME packages have been updated by Thomas Klausner, and much work has been done on the HAL layer within GNOME by Jared McNeill. We also now have improved zeroconf support through the avahi package - our thanks to Adam Hoka for that.
• more packages have been moved to install into a staging directory, thanks to Joerg Sonnenberger
• improved support for AIX, again, from Joerg Sonnenberger
• many, many packages have been updated to newer versions, to take advantage of fixes and improved functionality. [...]
• other notable changes include
  • Kouichirou Hiratsuka has added Openoffice 3 to pkgsrc
  • Stoned Elipot and Havard Eidnes have made it their personal goal to incorporate all the CPAN packages into pkgsrc. They have recently been joined in their quest by Ulrich Habel.
  • the vlc package continues to be updated, again by Jared McNeill - it is now at version 0.9.8a
  • we bid a fond thanks, and farewell, to some old favourites, such as python 1.5, nail, bidwatcher, jssi, jsdk20, grail, and zope-2.5
  • the perl package has been upgraded to version 5.10 - a side effect of this is that binary packages of perl modules made with perl-5.8 and earlier versions are incompatible with perl-5.10
  • the addition of some interesting, pertinent, and shiny packages such as parpd, openoffice3, twitux, consolekit, policykit, hal, sslproxy, diffuse, gstfs, openresolv, and pulseaudio and related packages. ''

Read the full text with many more details and data in the release announcement!

[Tags: pkgsrc, releases]

• release engineering would really like to hear the results of your testing. It's you that can help us make 5.0 even better than it is right now. Even something simple like "Installed on $X computer and is currently running great!". We can't track everything ourselves, and direct reports from individuals are very helpful in assessing the state of the tree.

  No official way on reporting has been proposed (yet), but we're looking forward to involve our community into the release process. YOU can make a difference! (And we're a volunteer project, too, after all ;-)

• progress in the last week has been good - some great pullups to the branch have been made, including pullups to improve FP stability on amd64, and to point to binary packages on the project ftp server, amongst many, many others. Please see the source-changes mailing list for a more detailed list of these pullups.

• We still need to knock some critical PRs on the head - if you could help out with any of those, please see the PR list; if you could, we'd be very grateful (see community involvement, above :)

• The latest binary snapshots are available from the releng build status page

Upgrading my laptop from 4.99.73 to 5.0_BETA was pretty painless, following the usual procedure:

1. boot new kernel and see if it works - GENERIC does the job for me!
2. extract all userland sets, except etc.tgz and xetc.tgz
3. upgrade etc files: etcupdate -s etc.tgz -s xetc.tgz
4. remove old files (as suggested at the end of 'etcupdate'): postinstall -s 'etc.tgz' -s 'xetc.tgz' -d / fix obsolete

Now's your turn to go and help make NetBSD 5.0 the best release ever. Get going! :)

[Tags: releases]

People who want to help testing can fetch the sources from the "netbsd-5" CVS branch (for src and xsrc), precompiled binaries will be available on a daily base soon, too.

Some of the news in NetBSD 5.0 are:

• a new kernel threading model which has better performance than the previous implementation
• file system journalling (WAPBL)
• the Xen port has updated to Xen 3.3, and has support for PAE domains and amd64 domains (both dom0 and domU)
• Xorg is now a part of our base system
• our contributed external software has moved to a new framework, so as to make license issues clearer
• all security-critical software is now compiled by default with stack protection; this makes stack overflow and stack smashing attacks more difficult to exploit

NetBSD 4.0.1 is available from a NetBSD mirror near you. Enjoy!

[Tags: releases]

Major achievements in NetBSD 4.0 include support for version 3 of the Xen virtual machine monitor, Bluetooth, many new device drivers and embedded platforms based on ARM, PowerPC and MIPS CPUs. New network services include iSCSI target (server) code and an implementation of the Common Address Redundancy Protocol. Also, system security was further enhanced with restrictions of mprotect(2) to enforce W^X policies, the Kernel Authorization framework, and improvements of the Veriexec file integrity subsystem, which can be used to harden the system against trojan horses and virus attacks.''

See the release announcement to learn more about the list of supported platforms, and a detailed list of changes between NetBSD 3.0 and 4.0 regarding drivers, networking, file systems, the kernel, security, the NetBSD userland and specific platforms. It also contains a list of software components that were removed from NetBSD' base system and which can be found in pkgsrc now, and how to get the NetBSD 4.0 release.

Please note that the NetBSD 4.0 release is dedicated to the late Jun-Ichiro "itojun" Hagino: ``Itojun was a member of the KAME project, which provided IPv6 and IPsec support; he was also a member of the NetBSD core team (the technical management for the project), and one of the Security Officers. Due to Itojun's efforts, NetBSD was the first open source operating system with a production ready IPv6 networking stack, which was included in the base system before many people knew what IPv6 was. We are grateful to have known and worked with Itojun, and we know that he will be missed. This release is therefore dedicated, with thanks, to his memory.''

Last but not least, NetBSD's fund raising campaign is still running -- if you enjoy NetBSD 4.0, feel free to give back! See the NetBSD donations page for more information. Thanks!

[Tags: releases]

Available files:

• netbsd-i386pkg-3.1.iso
• netbsd-i386pkg-3.1.md5
• netbsd-i386pkg-3.1.README

• CDROM ISOs:
  Compressed -> http://www.feyrer.de/g4u/g4u-2.3.iso.zip
  Uncompressed -> http://www.feyrer.de/g4u/g4u-2.3.iso

• Floppies:
  All of them -> http://www.feyrer.de/g4u/g4u-2.3.fs.zip
  First one -> http://www.feyrer.de/g4u/g4u-2.3-1.fs
  Second one -> http://www.feyrer.de/g4u/g4u-2.3-2.fs

• Source -> http://www.feyrer.de/g4u/g4u-2.3.tgz

Geert Hendrickx has sent a notice of this to the netbsd-announce list now, with a request for a bit more patience before the re-branching will happen.

In the mean time, people interested in helping with NetBSD 4 preparations are welcome to get NetBSD-current into shape: test, send patches, update documentation, and always remember: ``it's ready when it's ready''. ;-)

[Tags: releases]

The release announcement was handed to me in ASCII, and formatting all the lists into DocBook/XML was not so nice. For that job, I've used MoinMoinWiki, importing the ASCII text, fixing up the (wiki) markup and then doing the DocBook export that MoinMoin can do. Tidying up the output with "xmllint --format" and replacing manpage references with appropriate XML entities with sed(1) mostly finished the contents enough for cut & paste into the NetBSD XML release files.

Besides playing secretary, I've also fixed the "About NetBSD" paragraph to make it a bit(?) clearer that NetBSD is not only good for vintage hardware: ``NetBSD is a general-purpose Open Source operating system that provides interfaces for running a wide range of applications on a large number of different hardware platforms, all from one source tree. Applications can range from proprietary closed source applications to Open Source software, covering desktop environments, database servers, firewalls, routers, embedded appliances and many more, all made available easily through pkgsrc, the NetBSD Packages Collection, which currently contains over 6,300 packages. Picking up its ancestry from the Berkeley Networking Release 2 (Net/2) and the 4.4BSD-lite and 4.4BSD-Lite2 releases, the NetBSD project continues to provide its application platform on a wide range of hardware platforms - not only vintage hardware, but also modern desktop and server hardware with Intel and AMD Opteron CPUs as well as embedded systems with MIPS, PowerPC, Super-H, ARM and Xscale CPUs. More recently, NetBSD was also ported to "virtual" hardware provided by the Xen machine monitor ''

FWIW, I've played a bit with Sodipodi to illustrate the situation (click to enlarge):

Enjoy!

Update: I've applied some grammar and language updates sent in for the "About NetBSD" text.

[Tags: releases]

RC4 was tagged yesterday and is queued on the auto-build cluster, it should be available tomorrow. RC4 was necessary because of OpenSSL issues, and while there other interesting changes were pulled up onto the netbsd-3 branch, e.g. being able to build on GCC 4.x platforms again. The current plan is that the NetBSD 3.1 release, together with 3.0.2, will hopefully be released next week.

[Tags: releases]

• The Newsforge article "Which distro should I choose?" refers us to a Comparison between NetBSD and OpenBSD, the website apparently allows other comparisons.

• Parallels is a ``powerful, easy to use, cost effective desktop virtualization solution that empowers PC users with the ability to create completely networked, fully portable, entirely independent virtual machines on a single physical machine.'' In other words "something like VMware". In contrast to the leading(?) product in that area, Parallels supports NetBSD as guest OS officially.

• PC-98 is a PC-like computer from NEC that has a Intel CPU and that was only sold in Japan. Due to some subtle differences from the "original" (IBMesque) PC architecture, it can't run NetBSD/i386 and was so far supported e.g. by FreeBSD/PC98. Now, Kiyohara Takashi has made patches and a floppy image available for a NetBSD/pc98 port - see Kiyohara's mail to tech-kern for more details, and also some discussion about further abstraction of the current x86 architecture to support machines with Intel CPUs that can't run NetBSD/i386.

• Staying on the technical side, David Young has a need to tunnel packets through consumer-grade (and consumer-intelligence) devices, which are unlikely to cope with anything outside of the IP protocol. As such, he has posted patches to tunnel gre(4) over UDP.

  Now let's hope this works as a foundation for Teredo (tunneling IPv6 over UDP)... :-)

• Verified Exec is a security subsystem inside NetBSD that verified fingerprints of binaries before loading them. This prevents binaries from being changed unnoticed, e.g. by trojan horses. Now when NetBSD runs such a system and memory becomes tight, only the process' data is paged to disk, the executables text is simply discarded with the assumption that it can be paged in from the disk again when needed. Of course this assumes that the binary won't change, which may not be true in a networked scenario with NFS or a disk on a fiber channel SAN that may be beyond control of the local system administrator. To prevent attacks of this kind, Brett Lymn has worked to generate per-page fingerprints that are kept in memory even when the executable pages are freed, for later verification when they are paged in from storage again.

  The code is currently under review and available as a patch set - see Brett's mail to tech-kern for all the details!

• While talking about security subsystems, Elad Efrat, who also worked on veriexec previously continued his work to factor out authentication inside the kernel: After introducing the kauth(9) framework and replacing all manual checks for "am I running as root" or "does the current secure level allow this operating" with calls to it, the next step is to seperate the the place where those calls are made from a back-end implementation that will determine what is allowed and what is not, who is privileged and what is not, etc. While these questions are traditionally answered via special user ids (0, root), group membership or secure levels, other methods like capability databases could be imagined.

  Elad has been working along these lines, and he has posted the next step in his work, outlining the upcoming security model abstraction - see Elad's mail to tech-security for details & code references.

• NetBSD 3.1 is around the corner, which will be an update to NetBSD 3.0 with lots of bugfixes and some minor feature enhancements like new drivers and also support for Xen 3 DomainU. There's a NetBSD 3.1 Release Candidate 1 available - be sure to have a look!

• FWIW, I've also updated the overview of NetBSD release branches a few days ago, as I still see a lot of people that are confused over NetBSD's three lines of release branches (well, counting the development branch NetBSD-current as release branch :), and the differences between what a branch and what a release is. With NetBSD 3.0, 3.0.1 and 3.1 this sure makes my little head spin...

• But there's more than NetBSD 3.x! If you've watched the above link, you will understand that the next release after the NetBSD 3.x set of releases is NetBSD 4.x. The release cycle for NetBSD 4.0 has started a few days ago, and there's also an announcement about the start of the NetBSD 4.0 release process by the NetBSD 4.0 release engineer Jef Rizzo which has information on schedule, how YOU can help and getting beta binaries and sources.

• The working period of the Google Summer of Code is over, and while mentors are still evaluating the code submitted by students, there are some public status reports: Alwe MainD'argent about the status of the 'ipsec6' project and Sumantra Kundu about the 'congest' project

• Sysjail 1.0 has been released! Includes some interesting overhead benchmarks.

• As reported in the #NetBSD Community Blog, an alpha version of sBSD was released: It's a NetBSD-based system for easy installation on USB sticks and CF cards.

Geert Hendrickx will lead the NetBSD 3.1 release cycle, and he has announced the timeline for the NetBSD 3.1 release: If all goes well, you can expect it in early september.

[Tags: releases]

For the full release announcement text see either Matthias' mail to netbsd-announce or the release's web page for all the details. And if you want ISOs, you're most welcome to download ISOs via BitTorrent, see Matthias' instructions.

Enjoy!

[Tags: releases]

These security releases are intended to provide upto-date binaries for people who run production systems and depend on fixed problems but who do not intend to deal with the source updating, building and possible troubles arising from using the stable branch.

(Please note that I just hear this, I'm not one of the people deciding these things!)

[Tags: releases, Security]

• updated the stats of NetBSD mailing list subscribers
• updated the Problem Report (PR) statistics for both all of NetBSD and pkgsrc related PRs.
• uploaded ~5.000 binary packages for 2.0/i386, from the pkgsrc-2004Q3 branch
• finally made the NetBSD 2.0 Live CD by Jörg Braun public. See the README file, then download the ISO (725MB).