![[NetBSD Logo]](/tnf/resource/NetBSD-headerlogo.png)
New Security Advisories: NetBSD-SA2009-005 through NetBSD-2009-007
Three new security advisories were published, covering OpenSSH, ntpd, ntpq and hack:
- NetBSD-SA2009-005 Plaintext Recovery Attack Against SSH
- NetBSD-SA2009-006 Buffer overflows in ntp
- NetBSD-SA2009-007 Buffer overflows in hack(6)
You can find more information about them on the Security and NetBSD page.
[0 comments]
Google Summer of Code: Improve and Extend resize_ffs
The utility resize_ffs is a program intended to resize Berkeley Fast File Systems (FFS) by either growing or shrinking them. This filesystem is the standard filesystem for the NetBSD operating system -- a free, fast, secure, and highly portable Unix-like Open Source operating system.
[Read More] [0 comments]
USENIX 2009 - Rump File Systems: Kernel Code Reborn
At USENIX 2009 I talked about rump file systems. The paper (html) and slides are available. Additionally, USENIX members can view a video of the presentation.
[Read More] [0 comments]
Google Summer of Code: Efficient wide character regular expressions
During this year’s Google Summer of Code I’m improving the performance of NetBSD’s regular expression library and add support to it for wide characters.
We made good progress and I’m glad that I can announce that tre is very likely to replace the regular expression code in libc
[Read More] [0 comments]
Postfix 2.6.2 imported into NetBSD-current
Postfix 2.6.2, the latest stable version of the popular mail transport agent, was imported into NetBSD-current recently. The following features have been added since version 2.5.4:
- Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details.
- Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are
postfix-script,postfix-filesandpost-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details.
- The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details.
- Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header.
- Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details.
Enjoy!
[0 comments]
wake(8), a New Wake-on-LAN Command
wake is a new command to send Wake-on-LAN frames over an ethernet to Wake-on-LAN capable machines, remote powering them up. This functionality is generally enabled in a machine's BIOS and can be used to power on machines from a remote system without having physical access to them.
wake is available in NetBSD-current. See the wake(8) manual page for details.
[0 comments]
Interview with Soren Jacobsen
A couple of weeks ago, Guillaume Lasmayous and I threw the idea of interviewing NetBSD developers through our website, NetBSDfr, to promote the NetBSD Project, and to make their work known to the widest possible audience.
Today, we are discussing with Soren Jacobsen, snj@, NetBSD 5.0 release engineer.
Google Summer of Code: PXE Bulk Install Update
The PXE Bulk Install system is essentially an NFS mounted root directory that, when mounted at boot time, installs various configurations of NetBSD on client machines through its /etc/rc file. A "configuration" or "class" of machine can include essentially anything imaginable, from custom kernels to configuration files, SSH keys and packages installed. Once a class is created and a MAC address assigned to that class, a machine that NFS mounts the directory will have its chosen class applied to it.
[Read More] [0 comments]
New Security Advisories: NetBSD-SA2009-001 through NetBSD-2009-004
Four new security advisories were published, covering pf, tcpdump, proplib and PAM.
[Read More] [0 comments]
Google Summer of Code: Improving RAIDframe parity handling
A NetBSD system, in order to tolerate disk failures, can use the software RAID driver raid(4). Currently, if that system is shut down uncleanly (e.g., loses power or crashes), then when it comes back up it will have to check the entire RAID set's redundancy information. This process can take many hours, during which it imposes a substantial load on the system. It is also a distinct disadvantage to using NetBSD in server applications, and the inclusion of a journaling filesystem in NetBSD 5 makes it all the more prominent.
The goal of my Summer of Code project is to shorten that check from hours to minutes.
[Read More] [0 comments]
Google Summer of Code Generic file system mounting project
Progress report of the generic file system mounting GSoC project. This project aims to remove the struct <fs>_args opaque container (the data argument in the mount(2) system call) so as to get a generic way to mount a file system whatever its type is.
[Read More] [0 comments]
XML tools update
My Google Summer of Code student, Nhat Minh Le, is working on a suite of simple, efficient, stream-oriented tools for processing XML on UNIX systems. Nhat Minh is making good progress on xmlgrep, a grep-alike program that understands XML syntax.
Read about Nhat Minh's progress on his blog.
Keep reading for my explanation of the niche where Nhat Minh's tools fit.
[Read More] [1 comment]