[$] PostgreSQL 9.3 beta: Federated databases and more
[Development] Posted May 14, 2013 20:04 UTC (Tue) by jake
In Berkeley, California — the birthplace of PostgreSQL — it's spring: plum
and cherry blossoms, courting finches and college students, new plans for
the summer, and the first beta release of the database
system. Every year, the first beta of the next PostgreSQL version comes out
in April or May, for a final release in September. PostgreSQL
9.3 beta 1 was released to the public on May 13th, and contains a
couple dozen new features both for database administrators and application
developers. Subscribers can click below for a look at some of the new
features by guest author Josh Berkus.
Full Story (comments: 29)
Extended stable support for the 3.8 kernel
[Kernel] Posted May 14, 2013 19:46 UTC (Tue) by corbet
Canonical has announced that the Ubuntu kernel team will be providing
stable updates for the 3.8 kernel now that Greg Kroah-Hartman has moved
on. This support will last as long as support for the Ubuntu 13.04
release: through August 2014. "We welcome any feedback and contribution to this effort. We will be
posting the first review cycle patch set in a week or two."
Full Story (comments: 21)
Stable kernel 3.2.45
[Kernel] Posted May 14, 2013 18:30 UTC (Tue) by ris
Ben Hutchings has released stable kernel 3.2.45 with lots of important fixes throughout
the tree.
Comments (none posted)
Tuesday's security updates
[Security] Posted May 14, 2013 18:27 UTC (Tue) by ris
CentOS has updated httpd (C6;
C5: multiple vulnerabilities).
Fedora has updated php-geshi (F18; F17: multiple vulnerabilities)
and libtiff (F18: multiple vulnerabilities).
Oracle has updated httpd (OL6; OL5:
multiple vulnerabilities).
Red Hat has updated httpd (multiple
vulnerabilities).
Scientific Linux has updated httpd
(multiple vulnerabilities).
SUSE has updated kernel (multiple vulnerabilities).
Comments (none posted)
Go language 1.1 released
[Development] Posted May 13, 2013 23:19 UTC (Mon) by corbet
Version 1.1 of the "Go" programming language has been released.
The bulk of the work seems to be in performance improvements, but there's a
number of new features as well, including a race detector and an expanded
library. See the release notes
for details.
Comments (16 posted)
Security advisories for Monday
[Security] Posted May 13, 2013 18:22 UTC (Mon) by ris
CentOS has updated hypervkvpd (C5:
denial of service).
Debian has updated xen (multiple
vulnerabilities) and mysql (multiple
vulnerabilities).
Fedora has updated plexus-archiver (F18; F17:
denial of service) and php-sabredav-Sabre_DAV (F18; F17:
local file exposure).
Mageia has updated telepathy-idle
(certificate validation error) and kdelibs
(username and password disclosure).
Mandriva has updated mesa (code
execution).
openSUSE has updated strongswan (12.2; 12.1:
authentication bypass), xorg-x11-server
(information disclosure), java-1_6_0-openjdk (multiple vulnerabilities),
and python-httplib2 (SSL certificate
verification failure).
Oracle has updated enterprise kernel (OL6; OL5:
multiple vulnerabilities).
Comments (1 posted)
PostgreSQL 9.3 Beta 1 released
[Development] Posted May 13, 2013 16:36 UTC (Mon) by corbet
The first PostgreSQL 9.3 beta is out for testing. There are plenty of new
features in this release, including writable foreign tables, automatically
updatable VIEWs, lateral joins, indexed regular expression searches,
checksums to detect filesystem-induced data corruption, and more. "In 9.3, PostgreSQL has greatly reduced its requirement for SysV shared
memory, changing to mmap(). This allows easier installation and
configuration of PostgreSQL, but means that we need our users to
rigorously test and ensure that no memory management issues have been
introduced by the change."
Full Story (comments: 4)
Kernel prepatch 3.10-rc1
[Kernel] Posted May 12, 2013 1:09 UTC (Sun) by corbet
Linus has announced the 3.10-rc1 kernel
prepatch and the closure of the merge window for this development cycle.
All told, nearly 12,000 changesets were pulled into the mainline during the
merge window, making it the busiest such ever. See
this article (subscribers only)
for a summary
of changes merged since
last week's merge window update.
Comments (16 posted)
A new set of stable kernel updates
[Kernel] Posted May 11, 2013 22:57 UTC (Sat) by corbet
The 3.9.2, 3.8.13, 3.4.45, and 3.0.78 stable updates are out with the usual
collection of important fixes. Greg says: "NOTE, this is the LAST
3.8.y kernel release, please move to the 3.9.y kernel series at this time.
It is end-of-life, dead, gone, buried, and put way behind us never to be
spoken of again. Seriously, move on, it's just not worth it
anymore."
Comments (2 posted)
Gawk 4.1.0 released
[Development] Posted May 11, 2013 16:41 UTC (Sat) by corbet
Version 4.1.0 of Gawk (the GNU Awk interpreter) is out. There's lots of
new features, including high-precision arithmetic, a completely reworked
dynamic extension interface, and more.
Full Story (comments: 21)
Results of the Apache OpenOffice 4.0 Logo Survey
[Development] Posted May 10, 2013 18:30 UTC (Fri) by n8willis
Rob Weir has posted an analysis of the logo contest recently held for Apache OpenOffice. The main blog post showcases the leading vote-getters, but the real meat comes in the detailed report, which breaks down the survey by demographics and examines various ways of interpreting what boils down to a set of individual personal preferences. "With an ordinal interpretation we can look at histograms (counts of scores), at the mode (most frequent response), median (the middle value) and the variation ratio (fraction of scores not in the mode). With an interval interpretation we would assign each point on the scale a numeric value, e.g., 1 for Strongly Dislike to 5 for Strongly Like. Then we could take these scores and calculate means and standard deviations." The logo-selection process now moves to revisions by the leading candidates, aiming for the upcoming 4.0 release.
Comments (115 posted)
A proposal for an always-releasable Debian
[Distributions] Posted May 10, 2013 14:33 UTC (Fri) by corbet
Lars Wirzenius and Russ Allbery have posted an essay calling for changes in
how the Debian release cycle works; it is mostly aimed at reducing the
length of freezes to something close to zero. "The fundamental change is to start keeping our "testing" branch
as close to releasable as possible, at all times. For individual
projects, this corresponds to keeping the master or trunk branch
in version control ready to be released. Practitioners of agile
development models, for example, do this quite successfully, by
applying continuous integration, automatic testing, and by having
a development culture that if there's a severe bug in master,
fixing that gets highest priority."
Full Story (comments: 45)
Friday's security updates
[Security] Posted May 10, 2013 14:29 UTC (Fri) by n8willis
Fedora has updated owncloud
(multiple vulnerabilities).
Mageia has updated mesa (code execution).
Oracle has updated hypervkvpd
(denial of service).
Red Hat has updated hypervkvpd
(denial of service) and openstack-keystone (password disclosure).
Scientific Linux has updated hypervkvpd (denial of service).
Ubuntu has updated gpsd (code
execution).
Comments (none posted)
PacketFence 4.0 released
[Development] Posted May 10, 2013 13:36 UTC (Fri) by corbet
PacketFence is a free
network access control system — the system that decides whether you get to
use the local WiFi network, for example. Version
4.0 is now available. "Packet Fence 4.0 introduces a brand new
modern, fast and responsive web administrative interface. It also
simplifies the definition of authentication sources in one place and allows
dynamic computation of roles. The portal profiles can now be entirely
managed from the web interface, simplifying their definitions and
eliminating possible configuration mistakes."
Comments (3 posted)
Fedora account system (FAS) potential information disclosure
[Distributions] Posted May 9, 2013 22:51 UTC (Thu) by jake
Fedora project leader Robyn Bergeron has announced an information disclosure bug in the Fedora account system that may have exposed certain types of information (hashed passwords, security questions and encrypted answers, etc.) from unapproved members. It has been present since 2008, but could only be exploited by authenticated users, furthermore:
Review of logs has shown no cases where this bug was used in our
production account system, however our staging version was also
vulnerable and we are unable to confirm the information was not
accessed there. Moving forward, additional logging will be added to our
staging infrastructure.
We recommend (but do not require) that all users take this time to
change their passwords, update their security questions/answers and
review their other account information.
Full Story (comments: 17)
Three Ubuntu releases reach end of life
[Distributions] Posted May 9, 2013 22:32 UTC (Thu) by jake
Three releases of Ubuntu reached their end of life on May 9, 2013, which
means they
will no longer receive updates of any kind. Users of Ubuntu 8.04 LTS ("Hardy Heron"), Ubuntu 10.04 LTS Desktop ("Lucid Lynx"), and Ubuntu 11.10 ("Oneiric Ocelot") should upgrade.
Comments (8 posted)
New Zealand Government Announces That Software Will No Longer Be Patentable (Forbes)
[Announcements] Posted May 9, 2013 21:04 UTC (Thu) by jake
Forbes is reporting that the New Zealand government has banned patents on software.
"In doing this, New Zealand is essentially taking the position that existing laws provides enough protection to software as it is; patents only serve to stifle innovation because of the ever-looming threat of being sued by so-called patent troll companies.
[...]
During its consideration of the bill, the committee received many submissions opposing the granting of patents for computer programs on the grounds it would stifle innovation and restrict competition. Internet New Zealand said [Commerce Minister Craig] Foss' decision to amend the Patents Bill drew to a close 'years of wrangling between software developers, ICT players and multinational heavyweights over the vexed issue of patentability of software'."
Comments (48 posted)
PyPy 2.0 released
[Development] Posted May 9, 2013 20:04 UTC (Thu) by corbet
The PyPy
2.0 release is available; PyPy is a performance-oriented
reimplementation of the Python 2 interpreter. "This is a stable
release that brings a swath of bugfixes, small performance improvements and
compatibility fixes. PyPy 2.0 is a big step for us and we hope in the
future we'll be able to provide stable releases more often."
Headline features include stackless and greenlet support, a new interface
to C modules, and more.
Comments (8 posted)
Raspberry Pi operating systems: 5 reviewed and rated (Techradar)
[Distributions] Posted May 9, 2013 17:56 UTC (Thu) by jake
Those looking for alternative distributions (or even operating systems) for their Raspberry Pi may want to take a peek at Techradar's review of five choices for the diminutive ARM-based computer. The article looks at Raspbian,
Risc OS,
Plan 9,
Android, and
Arch; it evaluates and rates each one on a variety of criteria:
The areas we're looking at are installation, default software, media playback (out-of-the-box), looks and usability, the community behind the OS and their respective attitudes toward software freedom. Basically, the very stuff that makes a Linux user decide on what system to use.
We also want to gauge this from the point of view of someone who's not as familiar with Linux as others are, so they can jump into the project without too much hassle, and not end up leaving it feeling disheartened.
Comments (3 posted)
Security updates for Thursday
[Security] Posted May 9, 2013 15:36 UTC (Thu) by jake
Fedora has updated phpmyadmin (F17; F18: two
remote code execution flaws).
Mageia has updated ffmpeg (multiple
vulnerabilities), wordpress (three
vulnerabilities), ekiga, opal3, ptlib (denial of
service), nrpe (code execution), x11-server (keystroke capture), glibc (two denial of service flaws), and libtiff (two vulnerabilities).
Ubuntu has updated telepathy-idle
(13.04, 12.10, 12.04: certificate validation botch).
Comments (none posted)