From owner-freebsd-announce Wed Sep 15 20:47:17 1999 Delivered-To: freebsd-announce@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id DE70A152B5; Wed, 15 Sep 1999 20:47:05 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA75578; Wed, 15 Sep 1999 21:47:04 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: (from root@localhost) by harmony.village.org (8.9.3/8.8.3) id VAA18397; Wed, 15 Sep 1999 21:46:28 -0600 (MDT) Date: Wed, 15 Sep 1999 21:46:28 -0600 (MDT) Message-Id: <199909160346.VAA18397@harmony.village.org> From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-99:03.ftpd REISSUED Reply-To: security-officer@freebsd.org Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:03 Security Advisory FreeBSD, Inc. Topic: Three ftp daemons in ports vulnerable to attack. Category: ports Module: wu-ftpd and proftpd Announced: 1999-09-05 Reissued: 1999-09-15 Affects: FreeBSD 3.2 (and earlier) FreeBSD-current and -stable before the correction date. Corrected: FreeBSD-3.3 RELEASE FreeBSD as of 1999/08/30 for wuftpd only (Note: there is only one ports tree which is shared with all FreeBSD branches, so if you are running a -stable version of FreeBSD you will also be impacted.) FreeBSD only: NO Bugtraq Id: proftpd: 612 Patches: NONE I. Background wuftpd, beroftpd and proftpd are all optional portions of the system designed to replace the stock ftpd on a FreeBSD system. They are written and maintained by third parties and are included in the FreeBSD ports collection. II. Problem Description There are different security problems which can lead to remote root access in these ports or packages. The standard ftp daemon which ships with FreeBSD is not impacted by either of these problems. III. Impact Remote users can gain root. IV. Workaround Disable the ftp daemon until you can upgrade your system, or use the stock ftpd that comes with FreeBSD. V. Solution Upgrade your wu-ftpd port to the version in the cvs repository after August 30, 1999. If you are not using the wu-ftpd port, then you should visit their web site and follow instructions there to patch your existing version. beroftpd, which was listed in the original wu-ftpd group's advisory as having a similar problem, has not been corrected as of September 15, 1999. It will not be in the 3.3 release. The port has been marked forbidden and will remain so until the security problems have been corrected. If you are running beroftpd you are encouraged to find if patches are available for it which corrects these problems before enabling it on your system. proftpd, which had different security problems, has not been updated to a safe version as of September 15, 1999. It will not be in the 3.3 release. It will not be in the 3.3 release. The port has been marked forbidden and will remain so until the security problems have been corrected. If you are running proftpd, you are encouraged to find out if there are patches which correct these problems before reenabling it on your system. The previous advisory suggested that any FreeBSD ports version of proftpd after August 30 had the security problems corrected. This has proven to not be the case and was the primary reason for reissuing this advisory. While reissuing the advisory, we added beroftpd since it shares a code history with wu-ftpd. The original advisory mistakenly asserted that proftpd also shared a code history with wuftpd, which is not the case. VI. Credits and Pointers The wu-ftpd advisory can be found at ftp://ftp.wu-ftpd.org/pub/wu-ftpd/2.5.0.Security.Update.asc ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org Security notifications: security-notifications@freebsd.org Security public discussion: freebsd-security@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBN+BmhFUuHi5z0oilAQFlOAQAiU3kAPurRruiFGfG33OsM3ni86HFpKPZ Hb9pINkP9Fu8qdKD/JKYYSxCLRhJLoqojSHXXpVvhJUOQx+1RVaiVCVNvZhV0ypx 0M/+VEg1IpusbxkTRbNFE6cUrMwAiHvbZepYp41slTiA2MwDV7cqX1yvv1InGU1z HSfQSOB/Kfs= =NPAs -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Sep 15 22:26: 8 1999 Delivered-To: freebsd-announce@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E9BF514C88; Wed, 15 Sep 1999 22:25:39 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id XAA75926; Wed, 15 Sep 1999 23:25:38 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: (from root@localhost) by harmony.village.org (8.9.3/8.8.3) id XAA19375; Wed, 15 Sep 1999 23:25:03 -0600 (MDT) Date: Wed, 15 Sep 1999 23:25:03 -0600 (MDT) Message-Id: <199909160525.XAA19375@harmony.village.org> From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-99:04.core Reply-To: security-officer@freebsd.org Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:04 Security Advisory FreeBSD, Inc. Topic: Coredumps and symbolic links Category: core Module: kernel Announced: 1999-09-15 Affects: FreeBSD 3.2 (and earlier) FreeBSD-current before the correction date. FreeBSD 3.2-stable before the correction date. FreeBSD 2.2.8-stable before the correction date. Corrected: FreeBSD-3.3 RELEASE FreeBSD-current as of 1999/08/26 FreeBSD-3.2-stable as of 1999/08/26 FreeBSD-2.2.8-stable as of 1999/08/29 The FreeBSD-3.3-RC series of releases are not affected. FreeBSD only: NO Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:04/ I. Background As a diagnostic aid to help programmers find bugs in their programs, the system creates core files when an illegal instruction or other fatal error happens. A flaw in the kernel allowed it to follow symbolic links when creating core files. II. Problem Description The fts library functions had a flaw in them where which would lead to a core dump when periodic ran the security checking scripts (or other scripts which traverse trees that can be controlled by users). periodic(3) should limit core size to zero to disable core dumps while it is executing commands, but does not do so. In addition, the kernel should not follow symbolic links. All three of these problems caused a situation where it was possible for an attacker could create or overwrite an arbitrary file on the system with a moderate degree of controll of its contents to cause a problem. III. Impact Local users could gain root access. IV. Workaround One can workaround this problem by preventing core dumps for periodic. This solution is less than completely satisfying, since it only plugs the known exploit hole. None the less, this may provide a short term stopgap solution until a new kernel and/or userland can be installed. # mv /usr/sbin/periodic /usr/sbin/periodic.bin # cat > /usr/sbin/periodic #!/bin/sh ulimit -c 0 /usr/sbin/periodic.bin $* ^D # chmod 555 /usr/sbin/periodic Another alternative would be to update the fts routines to a version newer than 1999/09/02 (for -current or 3.3-stable) or 1999/09/04 (for 2.2.8-stable). However, this requires that you rebuild via "make world" to take effect. V. Solution Please note: there is a separate advisory describing the fts problem and solution. Please see FreeBSD-SA-99:05.fts.asc in the advisories directory for additional information about the fts patch. Apply the following patches to your kernel. They will disallow following symbolic links when creating core files. This will stop this attack, and all similar such attacks. Here's the patch for freebsd-current: *** kern/imgact_elf.c 1999/07/09 19:10:14 1.61 --- kern/imgact_elf.c 1999/08/26 17:32:48 1.62 *************** *** 722,729 **** if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 722,729 ---- if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); *** kern/imgact_aout.c 1999/05/17 00:53:36 1.52 --- kern/imgact_aout.c 1999/08/26 17:32:48 1.53 *************** *** 264,271 **** name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 264,271 ---- name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); Here's the patch for freebsd-3.2-stable: *** kern/imgact_elf.c 1999/07/15 13:01:54 1.44.2.4 --- kern/imgact_elf.c 1999/08/26 17:35:03 1.44.2.5 *************** *** 699,706 **** if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 699,706 ---- if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); *** kern/imgact_aout.c 1999/04/14 04:55:22 1.44.2.1 --- kern/imgact_aout.c 1999/08/26 17:35:02 1.44.2.2 *************** *** 259,266 **** name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 259,266 ---- name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); Here's the patch for FreeBSD-2.2.8-stable *** sys/LINK/fcntl.h Wed Dec 18 05:08:08 1996 --- sys/fcntl.h Fri Aug 27 14:39:26 1999 *************** *** 84,89 **** --- 84,90 ---- #define O_EXLOCK 0x0020 /* open with exclusive file lock */ #define O_ASYNC 0x0040 /* signal pgrp when data ready */ #define O_FSYNC 0x0080 /* synchronous writes */ + #define O_NOFOLLOW 0x0100 /* don't follow symlinks */ #endif #define O_CREAT 0x0200 /* create if nonexistent */ #define O_TRUNC 0x0400 /* truncate to zero length */ *** kern/LINK/kern_sig.c Sat Dec 21 10:57:24 1996 --- kern/kern_sig.c Fri Aug 27 14:38:25 1999 *************** *** 1241,1249 **** p->p_rlimit[RLIMIT_CORE].rlim_cur) return (EFAULT); sprintf(name, "%s.core", p->p_comm); ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); if ((error = vn_open(&nd, ! O_CREAT | FWRITE, S_IRUSR | S_IWUSR))) return (error); vp = nd.ni_vp; --- 1241,1249 ---- p->p_rlimit[RLIMIT_CORE].rlim_cur) return (EFAULT); sprintf(name, "%s.core", p->p_comm); ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); if ((error = vn_open(&nd, ! O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR))) return (error); vp = nd.ni_vp; *** kern/LINK/vfs_vnops.c Sat Mar 8 07:16:18 1997 --- kern/vfs_vnops.c Fri Aug 27 14:37:01 1999 *************** *** 87,93 **** if (fmode & O_CREAT) { ndp->ni_cnd.cn_nameiop = CREATE; ndp->ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF; ! if ((fmode & O_EXCL) == 0) ndp->ni_cnd.cn_flags |= FOLLOW; error = namei(ndp); if (error) --- 87,93 ---- if (fmode & O_CREAT) { ndp->ni_cnd.cn_nameiop = CREATE; ndp->ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF; ! if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0) ndp->ni_cnd.cn_flags |= FOLLOW; error = namei(ndp); if (error) *************** *** 119,125 **** } } else { ndp->ni_cnd.cn_nameiop = LOOKUP; ! ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF; error = namei(ndp); if (error) return (error); --- 119,126 ---- } } else { ndp->ni_cnd.cn_nameiop = LOOKUP; ! ndp->ni_cnd.cn_flags = ! ((fmode & O_NOFOLLOW) ? NOFOLLOW : FOLLOW) | LOCKLEAF; error = namei(ndp); if (error) return (error); *** kern/LINK/vfs_syscalls.c Wed Aug 4 12:44:30 1999 --- kern/vfs_syscalls.c Sat Aug 28 10:48:51 1999 *************** *** 694,699 **** --- 694,701 ---- flags = FFLAGS(uap->flags); if ((flags & FREAD + FWRITE) == 0) return (EINVAL); + if (flags & O_NOFOLLOW) + flags &= ~O_NOFOLLOW; error = falloc(p, &nfp, &indx); if (error) return (error); ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org Security notifications: security-notifications@freebsd.org Security public discussion: freebsd-security@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBN+B44VUuHi5z0oilAQHkwwP9HeLkRJY/iXIYXUx8/A38EAxM/TAqxoiI ym7ZyktNtuCbum8ovCIfmkpnafaFyXmVSDhCX77LbIy+1clEBnelyueJ9TbKpBgU KWjTWmfj/7QsU2Ya/f7FK80ee8y7GjTTYxilnxxzTmM8ihHzFXrPHudoO4lTR7Op 2VII3pQVxOM= =bJXX -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Sep 15 22:26:24 1999 Delivered-To: freebsd-announce@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id AB24314D04; Wed, 15 Sep 1999 22:25:57 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id XAA75930; Wed, 15 Sep 1999 23:25:56 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: (from root@localhost) by harmony.village.org (8.9.3/8.8.3) id XAA19379; Wed, 15 Sep 1999 23:25:21 -0600 (MDT) Date: Wed, 15 Sep 1999 23:25:21 -0600 (MDT) Message-Id: <199909160525.XAA19379@harmony.village.org> From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-99:05.fts Reply-To: security-officer@freebsd.org Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:05 Security Advisory FreeBSD, Inc. Topic: fts library routine vulnerability Category: core Module: kernel Announced: 1999-09-15 Affects: FreeBSD 3.2 (and earlier) FreeBSD-current before the correction date. FreeBSD 3.2-stable before the correction date. Corrected: FreeBSD-3.3 RELEASE FreeBSD-current as of 1999/08/26 FreeBSD-3.2-stable as of 1999/08/26 The FreeBSD-3.3-RC series of releases are not affected. FreeBSD only: NO Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:05/ I. Background The fts library routines provide a convenient way for a program to walk a hierarchy of files. II. Problem Description The fts library functions had a buffer overflow in them where which would lead to a core dump when periodic ran the security checking scripts (or other scripts which traverse trees that can be controlled by users). periodic(3) should limit core size to zero to disable core dumps while it is executing commands, but does not do so. In addition, the kernel should not follow symbolic links. All three of these problems caused a situation where it was possible for an attacker could create or overwrite an arbitrary file on the system with a moderate degree of controll of its contents to cause a problem. III. Impact Local users could gain root access. IV. Workaround One can workaround this problem by preventing core dumps for periodic. This solution is less than completely satisfying, since it only plugs the known exploit hole. None the less, this may provide a short term stopgap solution until a new kernel and userland can be installed. # mv /usr/sbin/periodic /usr/sbin/periodic.bin # cat > /usr/sbin/periodic #!/bin/sh ulimit -c 0 /usr/sbin/periodic.bin $* ^D # chmod 555 /usr/sbin/periodic V. Solution Apply the following patches to libc and do a make world. Please also see the companion advisory FreeBSD-SA-99:04.core.asc in the advisories directory of our ftp site for details on the kernel portions of this fix. Index: lib/libc/gen/fts.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/gen/fts.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- fts.c 1999/08/15 19:21:29 1.10 +++ fts.c 1999/09/02 07:45:07 1.11 @@ -963,6 +963,24 @@ return (sp->fts_path == NULL); } +static void +ADJUST(p, addr) + FTSENT *p; + void *addr; +{ + if ((p)->fts_accpath >= (p)->fts_path && + (p)->fts_accpath < (p)->fts_path + (p)->fts_pathlen) { + if (p->fts_accpath != p->fts_path) + errx(1, "fts ADJUST: accpath %p path %p", + p->fts_accpath, p->fts_path); + if (p->fts_level != 0) + errx(1, "fts ADJUST: level %d not 0", p->fts_level); + (p)->fts_accpath = + (char *)addr + ((p)->fts_accpath - (p)->fts_path); + } + (p)->fts_path = addr; +} + /* * When the path is realloc'd, have to fix all of the pointers in structures * already returned. @@ -974,18 +992,18 @@ { FTSENT *p; -#define ADJUST(p) { \ - (p)->fts_accpath = \ - (char *)addr + ((p)->fts_accpath - (p)->fts_path); \ +#define ADJUST1(p) { \ + if ((p)->fts_accpath == (p)->fts_path) \ + (p)->fts_accpath = (addr); \ (p)->fts_path = addr; \ } /* Adjust the current set of children. */ for (p = sp->fts_child; p; p = p->fts_link) - ADJUST(p); + ADJUST(p, addr); /* Adjust the rest of the tree. */ for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { - ADJUST(p); + ADJUST(p, addr); p = p->fts_link ? p->fts_link : p->fts_parent; } } ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org Security notifications: security-notifications@freebsd.org Security public discussion: freebsd-security@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBN+B9rFUuHi5z0oilAQHGYgP+IwrmdUBtCw1r8J/lt/wBrxH5wug70K1V t2graun2wIWvtkh+kmwKJP4tonzlxi/YhyqqATh4pFIZb5CUEtCR2/gcpHPwB4NX oNuIGGBtKftrrFnPf9aArFu/XFjrxyUPetYoXtfgGc5y6VlI6mupDnwt9oj34EeY VIb92qSfH+c= =tPng -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Fri Sep 17 5: 6:48 1999 Delivered-To: freebsd-announce@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 1632C14E97 for ; Fri, 17 Sep 1999 05:06:44 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id FAA98123 for ; Fri, 17 Sep 1999 05:06:44 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: announce@freebsd.org Subject: FreeBSD 3.3-RELEASE is now available. Date: Fri, 17 Sep 1999 05:06:44 -0700 Message-ID: <98119.937570004@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes, it's that time again! I'm very happy to announce the availability of FreeBSD 3.3-RELEASE, the latest in our line of releases from the 3.x-STABLE branch. The follow-on to FreeBSD 3.2 (released in May, 1999), a lot of new drivers have been added, many bugs were fixed and several important security issues where dealt with. Please see the release notes for more information. FreeBSD 3.3-RELEASE is available at ftp.freebsd.org and various FTP mirror sites throughout the world. It can also be ordered on CD from The FreeBSD Mall, from where it will be shipping soon on a 4 CD set containing installation bits for x86 architecture, as well a lot of other material of general interest to programmers and end-users alike (3.3-RELEASE for the Alpha architecture is available from the FTP site). NOTE: All of the profits from the sales of this CD set go to support the FreeBSD Project! We are also trying something new with 3.3-RELEASE in making disc #1 from Walnut Creek CDROM's official distribution available via anonymous FTP. This is the most important CD of their 4 set, one which will allow users to install the base system and all of its most important add-ons from a single ISO 9660 image. We are doing this because the ISO image is rapidly becoming the preferred format for distributing operating system releases and we're certainly not going to go out of our way to make FreeBSD harder to "test drive" if providing the standard NFS/FTP network installation methods is no longer enough. We can't promise that all the mirror sites will carry the rather large installation (660MB) image, but it will at least be available from: ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/ISO-IMAGES/3.3-install.cd0 along with the more traditional 3.3-RELEASE bits. If you can't afford the CDs, are impatient, or just want to use it for evangelism purposes, then by all means download the ISO, otherwise please do continue to support the FreeBSD project by purchasing one of its official CD releases from Walnut Creek CDROM. The official FTP distribution site for FreeBSD is: ftp://ftp.FreeBSD.org/pub/FreeBSD Or via the WEB pages at: http://www.freebsdmall.com and http://www.cdrom.com And directly from Walnut Creek CDROM: Walnut Creek CDROM 4041 Pike Lane, #F Concord CA, 94520 USA Phone: +1 925 674-0783 Fax: +1 925 674-0821 Tech Support: +1 925 603-1234 Email: info@cdrom.com WWW: http://www.cdrom.com/ Additionally, FreeBSD is available via anonymous FTP from mirror sites in the following countries: Argentina, Australia, Brazil, Bulgaria, Canada, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Hong Kong, Hungary, Iceland, Ireland, Israel, Japan, Korea, Latvia, Malaysia, the Netherlands, Poland, Portugal, Rumania, Russia, Slovenia, South Africa, Spain, Sweden, Taiwan, Thailand, the Ukraine and the United Kingdom (and quite possibly several others which I've never even heard of :). Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..freebsd.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. The latest versions of export-restricted code for FreeBSD (2.0C or later) (eBones and secure) are also being made available at the following locations. If you are outside the U.S. or Canada, please get secure (DES) and eBones (Kerberos) from one of the following foreign distribution sites: South Africa ftp://ftp.internat.FreeBSD.ORG/pub/FreeBSD ftp://ftp2.internat.FreeBSD.ORG/pub/FreeBSD Brazil ftp://ftp.br.FreeBSD.ORG/pub/FreeBSD Finland ftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt Thanks! - Jordan This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message