Project Release Information
Relevant updates recently tested in Owl-current have now been merged into 3.0-stable, including rebasing of the kernel on OpenVZ/RHEL 5.7, an RPM security fix, and a timezone data update (critical for Russia and certain other countries, and now updated for the latest reconsideration by Ukraine). Security fixes have been made to pam_env (not used on default installs of Owl, but available for use). The hardlink(1) program has been added. New ISO images and OpenVZ container templates have been generated for i686 and x86_64.
The Linux kernel has been rebased on OpenVZ's latest stable from their RHEL5.7 branch. A tzdata package with up-to-date timezone data has been included. A security issue in RPM has been fixed, and certain minor and development-focused changes have been made, including changes in preparation for a GCC update to 4.6.x.
The 3.0-stable branch has been updated to include almost all changes made and tested in Owl-current in recent months, including new package additions, and excluding only changes that would break binary compatibility with the 3.0 release (specifically, Owl-current's OpenSSL update and related changes are excluded from 3.0-stable). New ISO images and OpenVZ container templates have been generated for i686 and x86_64.
The Linux kernel has been rebased on OpenVZ's latest stable from their RHEL5-based branch, and support for LSISAS8208ELP disk controllers has been added. strace, Nmap, John the Ripper, iputils, iproute2, and LILO have been updated to new versions. Security fixes and security-relevant enhancements to Owl's packages of the kernel, iptables, RPM, and glibc have been made. New ISO images and OpenVZ container templates have been generated for i686 and x86_64.
OpenSSL, vsftpd, and patchutils have been updated to the latest stable versions. The kernel has been updated to OpenVZ's latest from their "RHEL5 testing" branch (-238.5.1.el5.028stab085.2), with the usual changes. A bug in checksum calculation of fragmented ICMP echo requests has been fixed. The eepro100 driver has been disabled in favor of e100. New ISO images and OpenVZ container templates have been generated.
Owl (Openwall GNU/*/Linux) is a small security-enhanced Linux distribution for servers. Owl also makes a good base system for customized virtual machine images and embedded systems, and Owl live CDs with remote SSH access are good for recovering or installing systems (whether with Owl or not). A single Owl CD includes the full live system, installable packages, the installer program, as well as full source code and the build environment capable of rebuilding the entire system from source. Owl supports multiple architectures (x86, x86-64, SPARC, and Alpha) and offers some compatibility for packages developed for other Linux distributions. The primary approaches to security are proactive source code review, privilege reduction, privilege separation, careful selection of third-party software, safe defaults, and "hardening" to reduce the likelihood of successful exploitation of security flaws.