Antti Kantee | 6 Sep 22:14 2010
Picon

new core team policies

	Dear Users and Developers,

The core team has established two new policies.

Executive summary:
1) new tests must be written using the Automated Testing Framework (ATF)
2) core will no longer ok changes without prior public discussion

Extended versions:

1)
NetBSD has always been known for its high quality.  To take quality
to the ultimate level, we are actively pushing for automated testing
with regularly run tests and uniform test reports.  To this end,
we now require that all new tests are written using the ATF tool.
All exceptions for tests committed to the old src/regress framework
must be ok'd by core prior to commit.

You can find information about ATF from http://www.NetBSD.org/~jmmv/atf/
and help on writing tests at http://wiki.NetBSD.org/tutorials/atf/

Please test responsibly.

2)
In the past the core team has given an ok/no decision for changes
directly upon private request.  To make NetBSD's review process
more transparent for developers and non-developers alike, core will
no longer bless a change without peer review on a public technical
list.  The only exceptions are cases requiring confidentiality,
such as security vulnerabilities.
(Continue reading)

David Young | 12 Sep 21:09 2010
Picon

Introducing NPF, NetBSD's new packet filter

The NetBSD Foundation is pleased to announce NPF, a new packet filter
by Mindaugas Rasiukevicius.  NPF is designed for high performance on
multiprocessor machines, and for easy extensibility.

Highlights of NPF features include

* MP-safety and locklessness for scalable MP performance: no longer is
  the packet filter the bottleneck in your multicore router

* Fast hash-table and red-black tree lookups

* Stateful packet filtering, Network Address Port Translation (NAPT),
  and Application-Level Gateways (ALGs) for, e.g., traceroute

* The N-Code processor, a packet-inspection engine inspired by BPF:
  the N-Code processor is programmed to match packets using generic,
  RISC-like instructions and a few CISC-like instructions for common
  patterns such as IPv4 addresses

* Familiar configuration syntax and utilities

* Modularity and extensibility: users extend NPF by loading a kernel
  module.  NPF provides developers with an extensions API.  NPF rules
  can embed a hook that invokes an extension

By the end of January, NPF should have all of the capabilities that
NetBSD users have come to expect by using the other filters in the
kernel:

        * IPv4 reassembly support
(Continue reading)

Soren Jacobsen | 27 Sep 10:34 2010
Picon

NetBSD 5.1_RC4 binaries available for download

The fourth (failing further faults, final) release candidate of NetBSD
5.1 is now available for download at:

http://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.1_RC4/

Those of you who prefer to build from source can continue to follow the
netbsd-5 branch, but the netbsd-5-1-RC4 tag is available as well.

See src/doc/CHANGES-5.1 for the list of changes from RC3 to RC4.

Please help us test this release candidate as much as possible.
Remember, any feedback is good feedback.  We'd love to hear from you,
whether you've got a complaint or a compliment.  That said, we hope your
feedback is positive, as we would like this to be the final release
candidate before 5.1.

Enjoy,
Soren

NetBSD Security Officer | 29 Sep 02:04 2010
Picon

NetBSD Security Advisory 2010-007: Integer overflow in libbz2 decompression code


		 NetBSD Security Advisory 2010-007
		 =================================

Topic:		Integer overflow in libbz2 decompression code

Version:	NetBSD-current:	source prior to September 21, 2010
		NetBSD 5.0:		affected
		NetBSD 4.0.1:		affected
		pkgsrc:			bzip2 package prior to 1.0.6

Severity:	potential remote DoS or code-injection attack

Fixed:		NetBSD-current:		Sep 20, 2010
		NetBSD-5 branch		Sep 23, 2010
		NetBSD-5-0 branch	Sep 23, 2010
		NetBSD-4 branch		Sep 23, 2010
		NetBSD-4-0 branch	Sep 23, 2010
		pkgsrc 2010Q2:		bzip2-1.0.6 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

The bzip2/bunzip2 functions and the libbz2 library provide compression
and decompression functionality similar to gzip/gunzip and libgzip but
with better compression ratio and worse compression performance.

(Continue reading)


Gmane