Share on Twitter.
Get the most dependable SMTP service for your business. You wished you got it sooner!
September 8, 2015
Earlier this morning, Debian said it has published over the weekend the second update to its Jessie stable
release and the 9th update for its older Wheezy flavor.
Debian Jessie version 8.2 mainly adds corrections for security issues to the stable release,
along with a few adjustments for serious problems, according to Debian's announcement of its new
So far, we have counted no less than 60 security fixes and 68 updated packages in the new release.
By our estimate, Wheezy 7.9, also revealed over the weekend, updated 60 packages and offers no less than
184 security patches.
Many of the bugs have already been addressed, so Debian advises that “Those who frequently install updates
from security.debian.org won't have to update many packages and most patches are already included in this update.”
Upgrading to the new releases doesn't need much more than a quick bit of sudo action to get things
Overall, the Wheezy release is arguably more serious because Debian's releases policy states that
“When a new stable version is released, the security team will usually cover the previous version
for a year or so.”
The last Wheezy update came out in January of this year, a rather slower release cadence than Jessie
which has had two updates since its April 2015 release.
The big new Wheezy update therefore represents one of the few remaining occasions on which
Debian's volunteer developers will give the OS their full attention.
In other Linux and open source news
After seeing several years of a constant drop in popularity, the Debian GNU/Linux Project has nixed its
support for the Sparc architecture, effective immediately.
"As Sparc isn't exactly the most 'alive' architecture anymore," Debian maintainer Joerg
Jaspert wrote in a mailing list last week, "not in Debian 8.x jessie and unlikely to be in Debian 9
stretch, I am going to remove it from the master archive this weekend."
To be sure, Japsert has scrubbed the Sparc code from the Debian "unstable," "experimental," and "jesse-upgrades" source
code trees for some time already, in addition to a couple of other trees that are used for internal
"The relevant parts of the distribution tree have been cleaned out already, removing the actual
files from the pool hierarchy will happen using the usual automated stuff, so starting in about
1 day and then spread out a bit over the following archive-update runs," Jaspert wrote.
Before the code's removal, Debian could be built to run on Sun-4u (UltraSparc) and Sun-4v (Niagara
processor) machines, using a 64-bit kernel with most userland applications running as 32-bit.
The decision puts lovers of aging Sun Microsystems hardware in a bit of a lurch, as Debian was
one of the few remaining Linux distributions to still support the older Sparc architecture.
Red Hat dropped Sparc support in version 7 of distributions in 2000 – back in the days before
it was calling it Red Hat Enterprise Linux.
For its part, Suse dropped support around 2002, and while Ubuntu had a Sparc version as recently
as 2010, it hasn't been actively maintained since.
The Sparc code won't be removed from already-released versions of Debian however, so those
versions should continue to power aging Sun servers, even as the code gathers dust.
Jaspert added that removing the old Sparc code "does not block it coming back as Sparc64," meaning
only the newer Sparc processors would be supported.
For that to happen, someone would have to step up to maintain it, and there doesn't seem to
be anyone who's interested for now.
In other Linux and open source news
Suse Linux has made a version of its enterprise Linux distribution available for hardware
vendors who want to deliver products to markets based on 64-bit ARM processors, in a new expansion
of its reseller program.
As a whole, Suse Linux Enterprise 12 now ships for the x86-64 platform, IBM's Power 8 and IBM System
z architectures, and more could be joining the bandwagon soon.
Yesterday saw the arrival of a new version of the operating system for ARM's Arch64 architecture,
albeit only for development and testing, for now anyway.
Suse engineering vice president Ralf Flaxa said in a statement-- "Suse's ARM partner program will provide ARM ecosystem partners access to Arch64-supported
Suse Linux Enterprise 12 software and expertise, establishing relationships that will result in
supported enterprise solutions on different hardware platforms to meet a variety of customer needs."
Suse's ARM partner program originally launched with seven members, including chipmakers AMD,
Applied Micro and Cavium, along with server vendors Dell, HP and Supermicro.
It's a small group, but it's not as if vendors are stampeding into the ARM server market,
as it's still relatively new.
Of the chipmakers, only Applied Micro has ARM server chips in production in the form of X-Gene.
Its products have popped up in low-volume server designs from HP and Mitac, albeit with limited sales
As for Cavium, it's been working with Gigabyte to get its ARM chips into actual servers, but
it's not clear when we can expect them to hit the market.
Even Qualcomm has said it wants part of the action. Some of the problem has been that subtle differences
in the various chip vendors' products have made it difficult for software developers to get their code
running on everyone's hardware, something that partner programs like Suse's can help with.
Suse isn't the first to jump into the fray, though. Its rival Red Hat launched its own ARM partner
program in June 2014.
In February of this year, Red Hat announced that it had signed up more than 35 participating
organizations, and the list includes most of those who are working with Suse today.
In addition to making Suse Linux Enterprise available to its ARM partners, Suse said it has also
integrated support for Arch 64 into its OpenSuse Build Service, which will allow the development
community to build software against real 64-bit ARM hardware, even if they don't have direct access
to any themselves.
But if you're anticipating big data centers switching from x86-64 to Arch64, our advice is to
not hold your breath just yet. It might take more time. Stay tuned.
In other Linux and open source news
The Linux Foundation's Core Infrastructure Initiative has completed its first-pass survey
of the Linux toolset, and is underscoring which OS tools are initially most at risk.
While there's still lots of attention on higher-profile packages like crypto tools, web
servers and mail transfer agents, there's also quite a few packages that everyone uses and
that nobody cares about such as compression and image libraries appearing high on the list
of security vulnerabilities.
The foundation's Census Project has released the final version of a survey by David Wheeler
and Samir Khakimov, from the Open Source Software Projects Needing Security Investments.
While Wheeler and Khakimov write that their work was somewhat constrained by time, and to
this date concentrated mainly on tools associated with Debian, it's still worrying.
The list of most exposed packages is drawn from a range of metrics-– how much maintenance it
actually receives, how popular it is, and how important it is: that is, can you live without it?
After their automated assessment of more than 350 projects, the pair then ran human eyeballs
to identify what they believe to be the most exposed to security vulnerabilities in the Linux
While the list includes more than twenty utilities, some of which are highly exposed to internet
risks (mail transfer agents, DHCP, BIND tools, SMTP and so on), the survey is measuring not the “level
of bugginess” per se, but rather how much damage a bug could possibly do, and therefore how much TLC
a particular tool or project needs to run smoothly.
So while OpenSSL and OpenSSH are rated as critically important, those two projects are already
operating under the CII's wing.
But of course, that's not true of tools like the widespread Bzip2 compression tool, which hasn't
changed at all in the past five years and doesn't operate a source code repository.
Likewise, reports that BIND 9 has a huge backlog of security issues is equally worrying. Additionally, 'wget'
has a fair number of hacks.
And while the vital gzip tool has many contributors, the last formal release was in 2013.
For its part, libxpat1 is also singled out-- maintenance was effectively halted in 2012, and its bug
reports link produces an error page. And keyutils (used to manage security keys) has no bug tracker at all
and no mailing list.
We will keep you posted on these and other Linux and open source news developments.
In other Linux community news
The United States National Security Agency's X-KEY SCORE software, revealed by Edward Snowden as
capable of sniffing and analysing just about any data from anywhere, runs on Red Hat Enterprise Linux.
This is according to NSA's Glenn Greenwald, who last week wrote that XKEYSCORE “is a piece of Linux
software that is typically deployed on Red Hat servers.”
“It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster
are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by
the cron scheduling service.”
The NSA is a known contributor to some specific open source projects, although there aren't
that many considering the secret nature of the federal agency.
To be sure, the Xen Project admitted as much when it launched its Xen 4.5 solution in 2014. There's no
reason it shouldn't also be a user as it operates under the same constraints as plenty of other organizations
who feel that open source solutions best meets their specific needs.
However, news that the NSA uses open source software could dismay those who feel that such
efforts promote greater openness, as the NSA promotes rather different values.
On the upside, XKEYSCORE appears to operate at enormous scale, so Linux system admins have
proof of concept of open source software's impressive scalability.
Greenwald doesn't say if the NSA uses the free version of MySQL or Oracle's fee-for-licence
version, however. We'll keep you posted on these and other developments.
In other Linux and open source news
The new Linux 4.2-rc1 kernel features an incredible one million lines of extra code, and
Linus Torvalds rates it the biggest release candidate ever in terms of the volume of new code
Torvalds, the original Linux creator back in 1991, writes that “if you count the size in pure
number of lines changed, this really seems to be the biggest release candidate we've ever had,
with over a million lines added, and about a quarter million lines removed.”
Most of those new lines of code come from the new AMD GPU register description header-- new code
that Torvalds says comprises “41 percent of the entire patch” and has created a “somewhat odd
situation where a single driver is about half of the whole rc1 in number of lines.”
Torvalds added that the new 4.2rc1 kernel knocks off the previous champion, 3.11rc1, which grew
because it added the 'Lustre' filesystem.
Also new to version 4.2 are the Renesas H8/300 architecture, “in a newly cleaned-up form” and
“quite a bit of low-level x86 changes-- both source code re-organization for x86 entry code and lots
of FPU handling cleanups.”
Torvalds rates the x86 injections as fairly unusual because low-level x86 code being fairly stable
and seldom seeing those kinds of big changes.
“Outside of the drivers and architectures, there's a fair amount of filesystem elements, including
some fundamental changes and cleanups to symlink handling,” Torvalds concludes.
“And all the usual updates to various filesystems, networking, cryptography, tools, testing, you
name it,” he added.
In other Linux and open source news
It was long in the tooth, but Linux kernel 3.14.40 LTS has finally arrived, as announced by
Greg Hartman on the kernel mailinglist. The new kernel brings with it a number of important new improvements to the ARM and PowerPC
architectures, as well as several updated drivers.
According to the attached shortlog, Linux kernel 3.14.40, which is an LTS (Long Term Support)
release, brings improvements to many hardware architectures, including ARM, Alpha, AVR32, FRV,
CRIS, IA64, M32R, m68k, MicroBlaze, MIPS, mn10300, OpenRISC, PA-RISC, PowerPC, s390, SPARC, Xtensa,
and of course, last but not least, the x86 platform.
"I'm announcing the release of the 3.14.40 LTS (long term support) kernel. All users of the 3.14
kernel series must upgrade," says Greg Hartman.
The updated 3.14.y git tree can be browsed at the normal kernel.org site.
The new Linux kernel 3.14.40 LTS also updates various Ethernet drivers, for Broadcom, Intel,
Mellanox, Freescale, Emulex and Realtek hardware manufacturers.
Some Acer Bluetooth drivers have been updated as well, along with some networking fixes for
both the IPv4 and IPv6 network protocols.
Several file systems received important updates in Linux kernel 3.14.40 LTS. Among these, we
can mention Amiga Fast File System (AFFS), autofs4, Ceph, CIFS, Coda (Constant Data Availability),
Debugfs, Exportfs, ncpfs, OCFS2, and NFS.
Naturally, many other internal components of the Linux kernel have been improved in this release.
Users who utilize the Linux 3.14 series are urged to upgrade as soon as the new 3.14.40 LTS
packages arrives in the official software repositories of their GNU/Linux operating systems.
You can also download Linux kernel 3.14.40 LTS from the kernel.org website and compile it yourself,
if you prefer.
The Debian project is touting new ports for ARM and POWER architectures, a new list of software
updates, an upgraded Gnome desktop and improved security in its just-released Jessie newest version.
But we expect that the switch to System D as the default init system will divert at least
some attention from the new release. Time will tell anyway.
Promising that System D provides “advanced monitoring, logging, and service management capabilities”,
Jessie – the upgrade to Wheezy – still lets old timers' favourites, sysvinit and co-exist with
the new init system.
After a brief trial with Xfce, Jessie sees Debian return to the Gnome fold, using version 3.14
of the venerable desktop as its default.
The MATE and Cinnamon desktops are also available, or users can opt for Xcfe (version 4.10)
if they prefer.
As well as abandoning SSLv3 in Jessie, Debian's system admins have put hardened compiler
flags in more packages, and switched the stack protector flag to stack-protector-strong.
However, there's a new package-- needrestart, also to help security along. “If any services
running on the system require a restart to take advantage of some changes in the upgraded packages,
then it offers to perform these restarts”, the release notes say.
Overall, the Gnome desktop has been made workmate-friendly-- if someone leaves music playing when
they leave the machine, workmates can press pause without knowing the password.
The new release announcement simply points to upgraded versions of everything from Apache
and Asterisk to Tomcat and Xen, adding that a full install includes “43,000 other ready-to-use
software packages built from nearly 20,100 source packages.”
Get the most reliable SMTP service for your business. You wished you got it sooner!
All logos, trade marks or service marks on this website are the property of their respective
companies or owners.
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development,
professional Web hosting services, Linux
security, Linux Web development, etc.
Inquire about our reasonable advertising rates
on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn
about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.