Larry McVoy [earlier interview] describes a few changes to the BitKeeper license in a recent posting to the lkml, "No, we're not GPLing it but we are making a few adjustments and wanted to make sure that it was an improvement, not a regression, in the eyes of the free users." This includes, among other things, a "clause which says that we reserve the right to insist that you make your repositories available on a public port within 15 days of the request." The license change is in response to some users deliberately using BK for non-open-source purposes without paying the required fees.
Larry also details giving Linus Torvalds $25,000 in "BK bucks", credit Linus can apply towards whatever features he wants BK to have; and a possible deal to have bkbits.net and openlogging.org hosted by a hosting company, instead of Larry's office.
GCC 3.2 is out. The focus for this release is the C++ ABI and some small bugfixes for the C++ standard library. No significant changes have been made to the other compilers (C, Objective-C, Java, Ada and Fortran) since the 3.1.1 release a few weeks ago. You might want to read this warning about C++ ABI compatability, if you plan on installing GCC 3.2 (mirrors).
Everyone's favorite Compiler Collection, GCC, has been upgraded to version 3.1.1. GCC 3.1.1 is a bugfix release, no new features have been introduced.
According to Mark Mitchell (the Release Manager), GCC 3.2 "will be available very soon (within days or a week). The only changes in GCC 3.2 relative to GCC 3.1.1 will be changes to the C++ ABI."
Major fixes include (taken from the Changes page):
OpenSSH 3.4 was released today, resolving an input validation error that affects versions of sshd from 2.3.1 through 3.3. According to the 3.4 release announcement, the input validation error "can result in an integer overflow and privilege escalation." 3.4 follows the release of OpenSSH 3.3 by five days, and according to OpenBSD creator Theo de Raadt [earlier interview], "while dealing with this hole, Markus Niels and I found and fixed a wide variety of other issues. 3.4 contains changes which we think will matter significantly for security."
The 3.4 release was made earlier than planned to make the fix available prior to ISS disclosing the actual vulnerability. It is recommended you upgrade to this latest release.
Update: (06/26) An updated advisory has been added to the end of this story. Included are patches that can be applied to older versions of OpenSSH. An upgrade is still advised "because OpenSSH 3.4 adds checks for a class of potential bugs."
OpenSSH 3.3 was released today. This release includes improved support for privilege seperation (now enabled by default), and removal of the need for the sshd binary to be setuid root for protocol 2 hostbased authentication. (however the requirement was not removed for protocol 1 rhosts/rsa authentication) It can be downloaded from one of the many mirrors. The complete release announcement follows.
GCC 3.1 has been officially released. Mark Mitchell sent out the announcement, in which he says,
"In this release, we focused more on quality than new features; many bugs were fixed. We worked very hard to fix bugs that were introduced in GCC 3.0, but that were not present in previous releases of the compiler. We also worked hard to eliminate new bugs."
Mark Mitchell has annouced he is planning to make the GCC 3.1 RC1 yesterday and that it should be out soon after. I have been trying to move my distribution to gcc 3.04, and I hope this fix the few remaining issues. Mark's email follows:
A buffer overlow has been discovered in OpenSSH by which in a worse case scenario remote users can gain privileged access to a server. Fortunately the bug is not present in a default install, and therefore it likely does not affect the vast majority of users. According to the OpenSSH security advisory: "All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow. Ticket/Token passing is disabled by default and available only in protocol version 1."
If you have compiled in AFS/Kerberos support and have ticket/token passing enabled:
Updated: Updated advisory follows.