Language Selection

English French German Italian Portuguese Spanish


Debian and Ubuntu Touch Leftovers

Filed under
  • CVE-2018-15587 : Debian has Released Security Update for evolution

    Debian has released security update for evolution package.

    This release fixes vulnerability against evolution package.

  • CVE-2019-10149 : Debian has Released Critical Security Update for Exim

    Debian has released security update for exim4 package.

    This release fixes vulnerability against exim4 package.

  • Debian has Released Critical Security Update for qemu

    Debian has released security update for qemu package.

    This release fixes 12 vulnerabilities against qemu package.

  • Debian has Released Security Updates for openjdk 7 and openjdk 8

    Debian has released security update for openjdk-7 and openjdk-8 packages.

    This release fixes three vulnerabilities against openjdk-7 and openjdk-8 packages.

  • Thorsten Alteholz: My Debian Activities in May 2019

    Nothing changed compared to last month, so this was again a quiet month. I only accepted 126 packages and rejected 15 uploads. The overall number of packages that got accepted was 156.

  • Ubuntu Touch Nearing Updated Unity 8 + Mir, But Not Yet Full Wayland

    Those at UBports continuing to independently advance Ubuntu Touch have put out a fresh status update on their work, including the long-awaited Unity 8 and Mir upgrade.

    An updated Unity 8 and Mir are inching closer to Ubuntu Touch users, including a Unity 8 that can work together with XWayland. These long-awaited updates are finally moving closer and the version of Mir they are targeting is the latest Mir 1.2 upstream release. They are also switching out their Xmir code for XWayland for the handling of running legacy applications.

    While progress is being made on running Wayland applications, there won't be a near-term or immediate switchover to a complete Wayland experience. By the time they are done with the prep work and other changes for the full Wayland integration on Unity 8, they are likely looking at "some time next year".

  • Ubuntu Touch Q&A 51

    Alan Griffiths – who by the way is the project lead for Mir - replied to another question, concerning Unity8 and Mir, in their new versions. We get lots of questions about all of that and we have never really explained it properly or said why it is so important.

    This is a good time to explain how some of these things fit together. A new Mir version; a new version of Unity 8 which will work together with Xwayland (which will replace Xmir); enabling apps with a toolkit that supports Wayland; migrating existing apps to Wayland; migrating compositor components to Wayland. This is by no means a complete list of all the things that need to be done but those are the core things.

    Marius explained that these things have to be done in in a set order and Alan has very helpfully listed them in that order.

    Marius is actually using Unity 8 on his daily driver device, which is a pain still but nevertheless does work. It is already fairly stable (not as in stable release!) and it is fast. The keyboard crashes though and memory is messed up.

    Unity 8 has to be developed in tandem with Mir. They are dependent on each other and have evolved together. Canonical did some work with the new version of Unity, so of course they did work on Mir to match that. Together, they bring performance improvements, such as with events. They also bring stability improvements.

    Having said all that, the new Unity 8 was being developed mostly for desktop, early on. So it is actually more stable on desktop than on phone at the moment because that is where it started. Rotation issues are an example of issues that really only affect phones.

    The development work then was around the time of 16.04 and 17.04.

    Canonical’s main focus was to deliver new things. Our focus is different because for us, stability is absolutely central. We need to make it usable for everyday users, not just on the desktop but of course most importantly on phones.

Improving .deb and Debian Social Status

Filed under
  • Improving .deb

    Debian Linux and its family of derivatives (such as Ubuntu) are partly characterized by their use of .deb as the packaging format. Packages in this format are produced not only by the distributions themselves, but also by independent software vendors. The last major change of the format internals happened back in 1995. However, a discussion of possible changes has been brought up recently on the debian-devel mailing list by Adam Borowski.

    As documented in the deb(5) manual page, modern Debian packages are ar archives containing three members in a particular order. The first file is named debian-binary and has the format version number, currently "2.0", as one line of text. The second archive member is control.tar.xz, containing the package metadata files and scripts that are executed before and after package installation or removal. Then comes the data.tar.xz file, the archive with the actual files installed by the package. For both the control and data archives, gzip, not xz, was used for compression historically and is still a valid option. The Debian tool for dealing with package files, dpkg, has gained support for other decompressors over time. At present, xz is the most popular one both for Debian and Ubuntu.

  • Bits from the Debian Anti-harassment team
    Bits from Debian AH (June 2019)
    Welcome to another edition of Bits from the Debian Anti-harassment
    team. 2019 started on a busy note for the team, but settled down over
    February and March. We had several incidents reported, and have been
    following discussions. Details below.
    * Added a new member (thanks Sledge!);
    * Follow up around community discussions;
    * Followed discussions on mailing lists and responded officially to
    several messages, but generally took no action;
    * Responded to one incident of inappropriate language;
    * Received several reports we have not yet closed;
    * Worked with several community members to help them proactively be
    more inclusive in their communications;
    * Handled one ongoing discussion around behavior of an individual; and
    We'd like to thank everyone who reported an incident, and especially
    thank those with whom we spoke, who have taken positive actions for
    the future.
    On the other hand, we can also report on work done on the team itself.
    * We have discussed, but did not settle, on a new name for our team.
    * There is going to be a sprint between AH, DAM, and the DPL later
    this month. This will hopefully help these three groups work together
    better and better define responsibilities.
    * We have been testing a web-based system to handle reports is a more
    structured and streamlined way.
    * After our last call for volunteers, we got a few submissions, and
    following a training period we now welcome Steve McIntyre to the team!
    * Laura Arjona Reina stepped down from the team, after years of hard
    work and dedication. Thank you Laura!
    We'd also like to let the community know a bit about how the team
    works.  We meet every two weeks on IRC and discuss issues that have
    been sent in to us.  Because of the nature of our work, these meetings
    are private.  Also, because of the sensitive nature of issues we
    handle, we prefer to get consensus within the team for responses
    before sending them.  That means in most cases, unless an issue is
    urgent, it will take until the next meeting for us to be able to
    respond to an issue.
  • Debian's Anti-Harassment Team Continues Battling Community Issues In 2019

    The team meanwhile has been working on alternative names to the "Debian Anti-Harassment Team", they are doing a sprint this month, they are testing a new web-based system for reporting harassment issues, and they have a few new submissions for volunteers to join their team.

Sparky 5.8 RC

Filed under

New live/install iso images of Sparky 5.8 RC are out. Sparky 5.8 RC is a release candidate of the next stable line and is based on upcoming Debian stable Buster.

Read more

Debian and Ubuntu Leftovers

Filed under
  • Jonas Meurer: debian lts report 2019.05

    OpenPGP signature spoofing in evolution. On this issue I actually spent way more time than expected during April. I took over some of the remaining hours to May.

  • Ubuntu 19.10's ZFS TODO List Goes Public - A Lot To Of Work Left

    We've been quite eager to see what happens around Ubuntu 19.10's ZFS support with their plumbing this out-of-tree file-system into their new desktop installer and a lot of other Ubuntu happenings around ZFS. There is now at least a public TODO list/board outlining some of their ZFS work for the Ubuntu 19.10 Eoan Ermine cycle. 

Debian and Events: LTS, Arduino, GSoC, DebConf and Texas Linux Fest 2019

Filed under
  • Ben Hutchings: Debian LTS work, May 2019

    I was assigned 18 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.

    I released Linux 3.16.66, and then prepared and released Linux 3.16.67 with a small number of fixes. I backported the updated Linux 4.9 packages from Debian 9.9, uploaded them and issued DLA-1771.

    I had a little advance notice of the MDS speculative execution flaws, and started backporting the mitigations for these to older stable branches, starting with a version for Linux 4.14. I backported to 4.9 (Debian stretch/jessie) first, then to 4.4 (CIP) and 3.16 (Debian jessie). The charge for this time was accordingly split between CIP and Freexian.

  • The space rover coquine, or how I ended up on the dark side of the moon

    Once the robot arrived, we needed to track down batteries and figure out how to build custom firmware for it with the appropriate wifi settings. I asked a friend if I could get two 18650 batteries from his pile of Tesla batteries (he had then from the wrack of a crashed Tesla), so now the rover is running on Tesla batteries.

    Building the rover firmware proved a bit harder, as the code did not work out of the box with the Arduino IDE package in Debian Buster. I suspect this is due to a unsolved license problem with arduino blocking Debian from upgrading to the latest version. In the end we gave up debugging why the IDE failed to find the required libraries, and ended up using the Arduino Makefile from the arduino-mk Debian package instead. Unfortunately the camera library is missing from the Arduino environment in Debian, so we disabled the camera support for the first firmware build, to get something up and running. With this reduced firmware, the robot could be controlled via the controller server, driving around and measuring distance using its internal acoustic sensor.

  • GSoC Project Overview & Week 1

    Here’s a quick rundown on my project for this summer:

    The Debian Patch Porting System aims to systematize and partially automate the security patch porting process.

    The number of security vulnerability identifiers is quite large- these are relevant to specific distributions, organizations and applications. Each organization handles security vulnerabilities that are relevant to them in their own way. MITRE’s vulnerability identifier called Common Vulnerabilities and Exposures (CVE) is global, and most advisories are somehow related to a CVE.

    The purpose of the system is to unify all these algorithmically for easy patch finding, management and application. The system would be able to take any vulnerability as input and extract patches w/r/t that vulnerability. Patches can be collected by employing certain patch finding methods. Some of these methods are to crawl sites, trackers, and various distributions’ respositories. Along with that, general purpose information about that vulnerability and its equivalent identifiers for other organizations could also be collected to get the vulnerability’s complete profile. This profile could then be stored in a NoSQL database.

    Following this, the system would then test whether the patches are applicable for the upstream source that they are for. Patching heuristics can be employed to test the patch’s applicability in the source package. Some of these heuristics are fuzzing, patching w/r/t offsets, etc.

    The nature of the system is to be generic enough so that it can fit in with Debian (maybe allow use with the Debian Security Tracker), or act independently as well.

  • Utkarsh Gupta: Becoming a Debian Maintainer in 90 days!

    I started contributing to open source around an year back and on 1st January 2019 to Debian, specifically (wasn’t really a new year resolution, though Tongue).

    I’ll be honest here. The reason behind taking the “Debian road” was solely to distract myself from the mental abuse I was going through.


    Since I wanted to distract myself from various stuff, I learnt things quickly and kept working, consistently.
    I turned up on IRC every single day since then. Praveen became both, my guru and my package sponsorer. He kept uploading and I kept packaging. This went on for a month until my dificulty level was bumped. From basic Ruby gems and Node libraries, I was given gems and modules that had a test failures to debug and had a weirdly different build system. This made me uncomfortable. I complained. To which, Praveen said and I quote,
    "If you want to keep working on a simple stuff, then it's not gonna help you move forward. And it's your loss. No one else would care. So it's your call."

    There was probably no option there, was it? Tongue
    I took it on. Struggled for a few days but it became normal and I made it through. Like they say, “It gets better :)”, it did!
    I took a little more challenging stuff, understood more concepts. Fixed test failures, RC bugs and learned a lot of stuff (still a lot, lot more to learn, though) in the process, like understanding about the Debian release cycle, how the migration of package takes place, setting up your own repositories, et al.

    In this process, I also met another JS guru, Xavier. He did not only corrected my mistakes and sponsored my packages, but also helped me in actually understanding a lot of things. From the mailing list, we started conversing over private mail threads and soon, in a span of 3 months, the thread stretched over to 300 mails!

    In the early March, I was told that I could apply for the position of the Debian Maintainer, if only I understood the process of when to upload a package to experimental and when to unstable. I was given a few packages as a test by Praveen for the same.
    And luckily, I passed. This meant that the only part remaining was to fulfil the initial keysigning requirement. For which, there was a Mini DebConf, Delhi around the corner.

    As it happened, Praveen, Abhijith, and Sruthi came to the Mini DebConf from Kerala and I got my keys signed by them! Big Grin
    Soon after, I applied for becoming a DM.


    Lastly, thanks to the Debian community. Debian has really been an amazing journey, an amazing place, and an amazing family. I am just hoping to make it to DebConf and meet all the people I adore \o/

  • mini-DebConf Marseille 2019

    I was in Marseille last week for the mini-DebConf the fine folks at Debian France organised and it was great! It was my first time there and I really enjoyed the city.

    The venue was lovely and perfectly adapted to the size of the conference. The main auditorium was joy to work in: blinds on the windows to minimize the sun glare, a complete set of stage lighting and plenty of space to set up our gear.

    If you couldn't attend the conference, you can always watch the talks on our video archive.

    The highlight of my trip was the daytrip to the nearby Frioul archipelago. Although we repeatedly got attacked by angry seagulls (they were protecting their chicks), the view from the south shore of the Pomègues Island was amazing. It was also the first time I went on a daytrip during a mini-DebConf and I think it should happen more often!

  • Texas Linux Fest 2019 Recap

    Another Texas Linux Fest has come and gone! The 2019 Texas Linux Fest was held in Irving at the Irving Convention Center. It was a great venue surrounded by lots of shops and restaurants.

    If you haven’t attended one of these events before, you really should! Attendees have varying levels of experience with Linux and the conference organizers (volunteers) work really hard to ensure everyone feels included.

    The event usually falls on a Friday and Saturday. Fridays consist of longer, deeper dive talks on various topics – technical and non-technical. Saturdays are more of a typical conference format with a keynote in the morning and 45-minute talks through the day. Saturday nights have lightning talks as well as “Birds of a Feather” events for people with similar interests.

Debian Developer Reports and Stretch-Based Sparky

Filed under

antiX MX Linux 18.3 Released with Latest Debian GNU/Linux 9.9 "Stretch" Updates

Filed under

MX Linux 18.3 is now available and ships with Linux kernel 4.19.37-2 and it's fully synced with the software repositories of the latest Debian GNU/Linux 9.9 "Stretch" operating system release, which means that it is fully patched against the recently disclosed Intel MDS (Microarchitectural Data Sampling) security vulnerabilities found in Intel microprocessors.

This release also includes an updated installer (mx-installer) that now lets users input system configuration selections during installation while the installer copies the system files to speed up the installation process. The UEFI boot installation was improved as well in MX Linux 18.3, which should now be compatible with more UEFI systems.

Read more

Debian: Outreachy interns and Free software activities in OSI Etc.

Filed under

Skolelinux and Ubuntu News

Filed under
  • Ask anything you ever wanted to know about Debian Edu!

    You have heard about Debian Edu or Skolelinux, but do you know exactly what we are doing?

    Join us on the #debian-meeting channel on the OFTC IRC network on 03 June 2019 at 12:00 UTC for an introduction to Debian Edu, a Debian pure blend created to fit the requirements of schools and similar institutions.

    You will meet Holger Levsen, contributing to Debian Edu since 2005 and member of development team. Ask him anything you ever wanted to know about Debian Edu!

  • Snapception: The Snap Store is Now Available as a Snap App

    If, like me, you didn’t, you most certainly do now!

    The ‘Snap Store’ app is a fork of GNOME Software dedicated to Snap apps, and Snap apps exclusively. When installed, it can be used to browse, search, install and manage Snap apps on any Linux distribution.

    It does not support installing, searching or managing regular repo apps, AppImages, Flatpak apps or anything else.

  • Announcing the Multipass 0.7.0 beta release

    We would like to announce version 0.7.0 beta release of Multipass! The big part is that we added a preview of VirtualBox support for Windows and macOS!

  • Canonical Releases Multipass 0.7 With VirtualBox Windows/macOS Support

    One of the projects in development the past two years that's been less trumpeted by Ubuntu maker Canonical has been Multipass, but this utility has reached a new milestone today with new capabilities. 

    Multipass is an open-source project by Canonical that makes it easy to spin up virtual Ubuntu instances on Ubuntu/Linux itself as well as other operating systems. Multipass aims to orchestrate the creation/management/maintenance of Ubuntu VMs/images. 

  • Ubuntu Server development summary – 28 May 2019

Tails 3.14 is out

Filed under

This release fixes many security vulnerabilities. You should upgrade as soon as possible.

Read more

Syndicate content

More in Tux Machines

Open Source Initiative and Linux Foundation

  • Brandeis University and Open Source Initiative to Launch New Educational Partnership.

    Brandeis University’s Graduate Professional Studies division (GPS) will partner with The Open Source Initiative® (OSI) to provide new educational offerings for the open source community, the university announced at OSCON 2019. As more companies start leveraging Open Source Software to reduce costs, decrease time to deployment and foster innovation, the organizations that have realized success as open source consumers are now extending their participation within open source communities as collaborators and contributors. This shift can create new challenges to traditional business processes and models, requiring dedicated policies, programs and personnel to ensure that the investments in open source projects produce the desired benefits while still aligning with the values of the open source communities. The Brandeis GPS-OSI partnership will help address the growing demand for expertise within organizations seeking to authentically collaborate with, and productively manage, open source resources. “Understanding how to assess, engage, and contribute to open source communities while also delivering value to your company is the next generation skill set employers are looking for,” said Patrick Masson, general manager of the Open Source Initiative. “We're thrilled to work with Brandeis to help continue the incredible growth of open source software and projects.”

  • New EvilGnome Backdoor Spies on Linux Users, Steals Their Files [Ed: “swapnilbhartiya” keeps pushing this Linux FUD and Microsoft promotion into the front page of LINUX dot com (byline "The source for Linux information"). You can write malware for just about any platform, but the hard part is actually getting users to install it, or to find open ports with ridiculous passwords. This is not a "Linux" issue, but FUD sites like Bleeping Computer are worse than tabloids. What you nowadays find in the front page of LINUX dot com: no negative stories about Microsoft, just Microsoft marketing and overt openwashing. But you find negative FUD about Linux and nothing about GNU/Linux desktop. How revealing? The Linux Foundation serves not Linux. LINUX dot com, a 'Linux' Foundation site, now acts exactly how you'd expect a site to behave when its sponsors are proprietary software companies looking to advertise themselves and push their lies (e.g. Microsoft as "open") while 'hiding' GNU/Linux as potent anywhere outside servers. The way things are going this past week, LINUX dot com can be deemed almost an anti-Linux site, run by people who don't even use Linux and instead serve sponsors who engage in entryism.]
  • Fujitsu and GE Research Join LF Edge as Premier Members to Propel Open Source Innovation at the Edge

    LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced Fujitsu, a leading Japanese information and communication technology (ICT) company, and GE Research, GE’s innovation powerhouse where research meets reality, have joined LF Edge as Premier members. “We are pleased to welcome Fujitsu and GE Research as the newest Premier members of LF Edge,” said Arpit Joshipura, general manager, Networking, Automation, Edge & IoT, the Linux Foundation. “Their expertise across technology sectors and experience in delivering leading products, solutions, and research at the forefront of the industry will be instrumental in helping the LF Edge community establish a common platform for edge computing.” Launched in January of this year, LF Edge is initially comprised of five projects – including Akraino Edge Stack, EdgeX Foundry, Home Edge, Open Glossary of Edge Computing, and Project EVE – that will support emerging edge applications across areas such as non-traditional video and connected things that require lower latency, and faster processing and mobility. By forming a software stack that brings the best of cloud, enterprise and telecom, LF Edge is helping to unify a fragmented edge market around a common, open vision for the future of the industry.

Kernel: GuC/HuC, ZFS, X.Org and Mesa

  • Intel's Linux Driver To Load HuC Firmware By Default For Icelake+

    For several generations now of Intel graphics there have been the GuC/HuC firmware binaries while beginning with Icelake "Gen 11" graphics those binary blobs will be loaded by default.  Intel's GuC has been used for graphics workload scheduling while the HuC firmware provides some "media functions from the CPU to GPU" for different video codec functions and CPU-GPU synchronization among other abilities. 

  • ZFS On Linux Has Figured Out A Way To Restore SIMD Support On Linux 5.0+

    Those running ZFS On Linux (ZoL) on post-5.0 (and pre-5.0 supported LTS releases) have seen big performance hits to the ZFS encryption performance in particular. That came due to upstream breaking an interface used by ZFS On Linux and admittedly not caring about ZoL due to it being an out-of-tree user. But now several kernel releases later, a workaround has been devised.  Some Linux distributions have resorted to reverting the kernel patch that stopped exporting the kernel FPU begin/restore functions used by ZoL for tapping vector-based (SSE/AVX) algorithms. But now ZFS On Linux itself has figured out a solution to restore said SIMD support on these recent kernel releases. 

  • Many Vintage X.Org Modules Could Use Some Help If Wanting New Releases

    Longtime X.Org developer Alan Coopersmith who also maintains the X.Org stack for Oracle's Solaris has been trying to get out some updated X.Org modules with different code-bases having collected enough changes over the years to warrant new versions. While he has been releasing a number of X.Org module updates recently, he's left out many for varying reasons. Even for these modules accumulating enough changes, among those he has left out for releasing new versions include TWM, XKBCOMP, XKBUTILS, XRandR, Xrestop, XScope, xf86-input-keyboard, and xf86-video-dummy.

  • Mesa 19.2 Is Just Six Patches Away From Seeing OpenGL 4.6 Support

    Later this month marks two years since the release of OpenGL 4.6 and just ahead of that date it looks like Mesa could finally land its complete GL 4.6 implementation, at least as far as the Intel open-source graphics driver support is concerned. Mesa is now just six patches away from OpenGL 4.6! Following recent SPIR-V patches being merged, there are just five patches left plus the sixth that updates the documentation and flips on OpenGL 4.6 for the i915 Mesa driver. The remaining patches are in regards to base vertex work.

New Arch Linux-Based Endeavour OS Launches To Keep Spirit Of Antergos Alive

Endeavour OS uses the familiar Calamares installer to automate the normally complex and command line-based Arch installation process. I gave it a quick spin inside a Virtual Machine and it couldn't be simpler, although the team does warn of some early issues with manual partitioning. Give that a read before you proceed! Read more

Productivity Software/LibreOffice

  • My todo list for LibreOffice 6.4

    LibreOffice 6.3 isn’t release but I have already plans for the 6.4 winter release.

  • LibreWaterloo: Building the LibreOffice community in Canada

    If you’ve seen our LibreOffice contributor map, you’ll note that we have a few community members in north America. (Of course, the map doesn’t show absolutely everyone in the LibreOffice project – just people we’ve interviewed recently.) So we want to grow this community! 

  • OnlyOffice, an Open Source Office Suite for Windows, MacOS & Linux, Gets Updated

    A veritable surfeit of office suites have seen updates this past month, including WPS Office, SoftMaker Office 2018 and FreeOffice. Clearly not wanting to be left out, OnlyOffice has issued a new update too. OnlyOffice – which is supposed to be styled ONLYOFFICE, but I find that a bit too shouty – is a free, open-source office suite for Windows, macOS and (of course) Linux.