Larry McVoy [earlier interview] describes a few changes to the BitKeeper license in a recent posting to the lkml, "No, we're not GPLing it but we are making a few adjustments and wanted to make sure that it was an improvement, not a regression, in the eyes of the free users." This includes, among other things, a "clause which says that we reserve the right to insist that you make your repositories available on a public port within 15 days of the request." The license change is in response to some users deliberately using BK for non-open-source purposes without paying the required fees.

Larry also details giving Linus Torvalds $25,000 in "BK bucks", credit Linus can apply towards whatever features he wants BK to have; and a possible deal to have bkbits.net and openlogging.org hosted by a hosting company, instead of Larry's office.

GCC 3.2 is out. The focus for this release is the C++ ABI and some small bugfixes for the C++ standard library. No significant changes have been made to the other compilers (C, Objective-C, Java, Ada and Fortran) since the 3.1.1 release a few weeks ago. You might want to read this warning about C++ ABI compatability, if you plan on installing GCC 3.2 (mirrors).

Everyone's favorite Compiler Collection, GCC, has been upgraded to version 3.1.1. GCC 3.1.1 is a bugfix release, no new features have been introduced.

According to Mark Mitchell (the Release Manager), GCC 3.2 "will be available very soon (within days or a week). The only changes in GCC 3.2 relative to GCC 3.1.1 will be changes to the C++ ABI."

Major fixes include (taken from the Changes page):

• A bug related to how structures and unions are returned has been fixed for powerpc-*-netbsd*.
• An important bug in the implementation of -fprefetch-loop-arrays has been fixed.
  Previously the optimization prefetched random blocks of memory for most targets except for i386.
• The Java compiler now compiles Java programs much faster and also works with parallel make.
  
• Nested functions have been fixed for mips*-*-netbsd*.
  
• Some missing floating point support routines have beed added for mips*-*-netbsd*.
  
• This message gives additional information about the bugs fixed in this release.

OpenSSH 3.4 was released today, resolving an input validation error that affects versions of sshd from 2.3.1 through 3.3. According to the 3.4 release announcement, the input validation error "can result in an integer overflow and privilege escalation." 3.4 follows the release of OpenSSH 3.3 by five days, and according to OpenBSD creator Theo de Raadt [earlier interview], "while dealing with this hole, Markus Niels and I found and fixed a wide variety of other issues. 3.4 contains changes which we think will matter significantly for security."

The 3.4 release was made earlier than planned to make the fix available prior to ISS disclosing the actual vulnerability. It is recommended you upgrade to this latest release.

Update: (06/26) An updated advisory has been added to the end of this story. Included are patches that can be applied to older versions of OpenSSH. An upgrade is still advised "because OpenSSH 3.4 adds checks for a class of potential bugs."

OpenSSH 3.3 was released today. This release includes improved support for privilege seperation (now enabled by default), and removal of the need for the sshd binary to be setuid root for protocol 2 hostbased authentication. (however the requirement was not removed for protocol 1 rhosts/rsa authentication) It can be downloaded from one of the many mirrors. The complete release announcement follows.

Markus Friedl announced the release of OpenSSH 3.2.3 today. It can be downloaded from one of the many mirrors.

Markus Friedl announced the release of OpenSSH 3.2.2 today. It can be downloaded from one of the many mirrors.

GCC 3.1 has been officially released. Mark Mitchell sent out the announcement, in which he says,

"In this release, we focused more on quality than new features; many bugs were fixed. We worked very hard to fix bugs that were introduced in GCC 3.0, but that were not present in previous releases of the compiler. We also worked hard to eliminate new bugs."

Find a mirror to download the release from here. A summary of changes, new features, and fixes and can be found here. The full announcement email follows.

Mark Mitchell has annouced he is planning to make the GCC 3.1 RC1 yesterday and that it should be out soon after. I have been trying to move my distribution to gcc 3.04, and I hope this fix the few remaining issues. Mark's email follows:

Marcel Gagn

A buffer overlow has been discovered in OpenSSH by which in a worse case scenario remote users can gain privileged access to a server. Fortunately the bug is not present in a default install, and therefore it likely does not affect the vast majority of users. According to the OpenSSH security advisory: "All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow. Ticket/Token passing is disabled by default and available only in protocol version 1."

If you have compiled in AFS/Kerberos support and have ticket/token passing enabled:

• Remote users may gain privileged access for OpenSSH < 2.9.9